From 3cf75dc7e156eec6983655f7954943574f91a8fc Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sun, 11 Jan 2026 00:17:51 +0100 Subject: [PATCH] Remove all traces of tailscale --- hosts/desktop/secrets.json | 7 ++-- hosts/laptop/secrets.json | 7 ++-- hosts/vps-monitor/secrets.json | 8 ++--- hosts/vps-private/secrets.json | 8 ++--- hosts/vps-public/secrets.json | 8 ++--- lib/default.nix | 5 +-- modules/home/services/tailscale.nix | 16 --------- modules/system/services/caddy.nix | 28 +--------------- modules/system/services/nebula/default.nix | 1 - modules/system/services/nebula/dns.nix | 19 ++++------- modules/system/services/tailscale.nix | 39 ---------------------- 11 files changed, 19 insertions(+), 127 deletions(-) delete mode 100644 modules/home/services/tailscale.nix delete mode 100644 modules/system/services/tailscale.nix diff --git a/hosts/desktop/secrets.json b/hosts/desktop/secrets.json index 31957b1..e2fc9db 100644 --- a/hosts/desktop/secrets.json +++ b/hosts/desktop/secrets.json @@ -1,8 +1,5 @@ { "seb-password": "ENC[AES256_GCM,data:dFdYolLTXrxAT8ybVAq3+8eKxO5x2qB810o9FSpUAtfjgYr9DFFVvi06Ut+14ukGcfulXLOixyf0pM/3n9/jeNghnsD14hoGxw==,iv:vORmRgBgZvdafRa8vFF4LL3fw44yZV3yNq3L8eOcQRI=,tag:kr7ZUJpJUhzPJwCCezWCRA==,type:str]", - "tailscale": { - "auth-key": "ENC[AES256_GCM,data:nbc5TURKW/d81lJ5LjJmEykGe6Cz7hnl42BgJdma4S0O92t9EtHCapjujlSSivqO9vjUWUtkJ9JMn5SQOw==,iv:SeVyuQpObjTG/FvBaUn5yv6ktVIXCXWoHv1eLlymnrI=,tag:gKOSviNCzCoRx6zsJ/MzqA==,type:str]" - }, "syncthing": { "cert": "ENC[AES256_GCM,data:Rf6Pgni4jkcFC0pYC+CBJnCRfsNqSBR2yStaFngefb2/rQd3za2h7o7fp2IPVLs9fYmUG5r8/mP9K0m46xA/2wVLp+ddyNA2wndSwk7ZqNEs2BA/GAdelX8gtcPV74CkB/NJa4E42qH7aTVcgrBZVIM27RxO6e/8r8JSXb/HOczYpLAVdW2DHXjGrzi43cjEcn8UK+dNeNsp0AlEZqN9eRRbqh3JQr7+WOYKkk0R0VP3SLH4O9ROLzSJ4Pw4BoLArR3lvp7pOLOrmXvazToKkMInnLZsH0oV7Zvpu1kTz2KrvhIZdNoUZOV2L/laoS7nc/MFixEwpMy4gqszhiADXlNEbslZyZPcq9KxLgIH0W3xKuQDwrC/RWfjMAwnpucByKy9dR4+9C7maVYp5rvBdRbhNM/Yp6U465d8qJVG5YmURG5NBudAsXkfkp8/AqGSK8RQk/F2b28SfqVCfd/Kga1SINcbdEY7P9nNxx3sbVhncQ3pZXY2tZhYJiSuZ/hGMuPa3yMJPgDPJV8tPIUASCNxbeLOKp7HVghb9IIHSDhhiZmFTFB9xT8X9w05w0afLgQQCybG81YGXvXTiA/xLriA2AzQqg4KzdjUgs+lv7rPL9fsP5V7LAoBZamTirsOCoApMrP7L+QP0OTFyHBakf+GBEREwn5dygos+/vBXne4RtDmji/+zh9U1CqwwCIbx/rdVODzYusYV0lvDjYPyVnTWjEGQN5uGCgEBozQWUkaR1KlmamzcXS9ihPsIa1VNu/aLRrb66hS99wuALFdHJPg5XgHNKEA+Re/lXqUwups/A1RQ9bymqXUj8lIK1hDWsC3DCqDsL54x2BIodyvBBB8hyHFnBC3xg+W8yC0SQLivkFLdNMTRdAgyREFEZp3Nvi19B9+njnciFjcbRj+sG1L9X2OSvDZ2e7273DYtXAVsI9977VBtQYHmjXeyDVBnK53sri/8P2ofniPmBM/ZQ9X1UtMI+vrKIj/o4jcTaEcAmqA9bI2YbG5p84rIH6mBA4SvPCHGz6s48XhaYLzCJbOIR+eqwjbvBA=,iv:72+0+hlBxKtuhjhrLD1EMlx8LcJtskxO+MCpYj7rpes=,tag:qnQlahuimpMoVY1hbTGI6g==,type:str]", "key": "ENC[AES256_GCM,data:A/Am53gADkKNOn1kAgNoJmirRhIDtysyX8+ubtpyKTQKhTzEJfEKFrVw5BjJ8rYRS31DgMYV20FQs7HOfoRsR3MFdSGDFUgePnbIcNGpHD6EY8GJ9TblT+NyPsYsKG4WgFZElOjQYT3X9Rr0IWoNnDJoOaaI5sCpOumfLKWrekWvYfTUT+SiFfkCebeEQs7ZF7G6ZQJF73upaeKdbd8/uBdcfVc/c6PdjGvY1xnCOAqW39S9K2fK0RibqHs8BiuzPBTCYjBg6euYXi+XGrZjmHLFnj/ZflroiPJr/qFhMDVnmiaW7M3sWYDQYYPd6rk6Adam+ylEAU8BXwIjmdHNkR48WbdIDYWCHHdv4iZ8MLTj6MaX/ksIZvev2M19Eiyi,iv:lkGS4uR0Xd7FnahXLjVc8g0PiRPxyUS6YQY3EM3B5G0=,tag:NZYybe/MgP+LNlJ09AiV6g==,type:str]" @@ -21,8 +18,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Qmh4TnU2U0toYXZlaUpU\nZWdBVFMwRVpxelBTb3FvMHVDQkFMMkVlOEVjCjNaTEJDaGlkcUJtem43aDZ6Yk9j\nZGhmWFFvbm1HN0N1VkUyN1lQLzM2c0UKLS0tIHhEeFNyaXI0UDB0ZDBydW80djRX\nSmpyNDlLSFMvaXRsZGdWcS9nVTRzbk0KNryo5P1+bu9vntBafSgAAHxSsYXG2ELj\nQQM6kP+eaSoEFXfWxp7dhxHcjoTjQ9DmCgzVaDUD8nLzFsiJsgbjIg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-21T01:21:48Z", - "mac": "ENC[AES256_GCM,data:tn8lgEn8Sp2YYFUVRUa+yOND7oISGld22+otWBB9U1she28JZ+g+vvdpCPRPevkqWHA+BawKUKkaD8Iaoe732HQukpbIBrVgK+g6YpaSnakhSZPGV2oE3z7KdSDeYdBF/La0ml1OKs67hldFfN9D2Sl5RdTROwBWaVaJesNTFS4=,iv:BCbSXBAUqb/LoDfLXLi6UB+CRuJOKEXuHFjITAdaH+E=,tag:f570BuZv30rL45m4y1IwJg==,type:str]", + "lastmodified": "2026-01-10T23:13:24Z", + "mac": "ENC[AES256_GCM,data:5JwqpNoFY0lW59TKMu9v//HQPfsrf37CRZAPZpJarHAAcxvAQhm25i8wwlrjZesEWmiqv3lzEi/82XX86h0kqSaB/7dbX+LVISNLeHJhYvOK4/MW87AjBAI9X9FjEhF1UMlE6ku6m7iJr3Jw11ePK6nxy3X+CPodd0q6DvuQKB0=,iv:UT32qwh51s0qaqDk47ytuCj9m2EehzkQpgeCKdTxtc0=,tag:6uxCkvCJGc8kPvGyX4TkFQ==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/hosts/laptop/secrets.json b/hosts/laptop/secrets.json index 359a568..b9ca1d1 100644 --- a/hosts/laptop/secrets.json +++ b/hosts/laptop/secrets.json @@ -1,8 +1,5 @@ { "seb-password": "ENC[AES256_GCM,data:RoDF5G7xX1SEabK9/mzbM1nu7KWN9tZJh5GZuiwAOBcQPXLcFkPh+U/I/PlwpSqDT7aWULW+FFG5DzQkdWIKLojWatZrkIrYvw==,iv:oWQj47oxjxR3DBHhFwUD/Emj5ziZHwcbXzD69ChRmHU=,tag:EiPidd+ISk7e2ZMxgeLHNQ==,type:str]", - "tailscale": { - "auth-key": "ENC[AES256_GCM,data:bQtlPQiNwM1xP+6a1jRGeJFdsxxL87RK0jazIj0uoe/U7wwUSZsxpFHyi9AJzfZSLYiST3LkUBtd5EPVnpw=,iv:qzcRpnOqEQF7iWWA8FSXHSlbNIcNk88xgMOk55nY33c=,tag:ZLXi7FZAlrH+z7Q9EvAxdg==,type:str]" - }, "iwd": { "EW90N.psk": "ENC[AES256_GCM,data:n2sY4SrmLG+nfIRQC2KXXHlS/1pRyWYsObg5K8MhX83jJp8MYZfa4BEwBm77ae62,iv:RIh/45UhkyEtjh5Q0FOS63p1RRgLlrRF+QTiFozm4eU=,tag:rVnKVlp8qu3eUSdyZW0hmA==,type:str]", "Fairphone4.psk": "ENC[AES256_GCM,data:GGxrhfXB0vb+R87G4GgsAxqjh89g0gVJu3gTPXsBDDlUUz5xv9iS5UlHPaJD,iv:p80LlUGQkBdeEK63dBDWgWe0n6GtEC2rcn8fToOvD5I=,tag:XSh+FAxBzKs/LQyYM2mUUQ==,type:str]", @@ -28,8 +25,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPM1k5U2pCM0JkKytwSE16\nek1zdVVuQjdKS1MyZ29xSUZkK1FId2JVZ0dFCng5bjV3SGlGRHdvaHkvWnNQcWpk\ndGlMbWl6STdERmtHeXVMYTJ6NjQzSU0KLS0tIFBza3d4eVlsVHB3YS9ySUNFMjUx\neUkwQlExdGNwWU1hbHlzS0RkS3NLbFkKLiP/N/5jOnsQhRCOkZ/BieX3OLJOq82e\ngp57skqFeG0k22sPpbgOS0Uz7jckv7/C3kFpuwXQGpEHdzp3QZ+Owg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-23T23:35:27Z", - "mac": "ENC[AES256_GCM,data:+4U7yeb/0mDHuVz/DcGzg3whECVm3HJChE/T1NNJKCkbc1lkdIfLvI7p68IBe5QtkTsGtm2pGqJn8ztbOCAJJ1feoZyHMdcDqGbJG+IpDSrPRdmwqvey5CGtrGgIdgW0vZUMCCywmbASzEmsVoFvOzBp5GAxeJsJZRuPU8ditRc=,iv:dkqg3210wXfVAjXPmXYkerLJX14muxeKPMKU65PrKMc=,tag:TPbzWHamgoVBbAyshiRahg==,type:str]", + "lastmodified": "2026-01-10T23:13:41Z", + "mac": "ENC[AES256_GCM,data:HOucc0/UhQ46sbupGkOoID7vuiA99ObG9ZKZ2AD7dcb7wMN35d/Y//xCJFo3XPRw4nGT/tb87RIh6rOwmN37rYgP0eU/43Eyj66/bCAGfFyY/U3kATwII+GhfLCbHR7Fm4jcYS9UmfhCTydqLlunxsqhqqoZHGLpPm9B4KsVdoU=,iv:ns/HFeeF9TsmcINEOMUSW92lDLe3QCp+lwFYEJRZIdE=,tag:DQA790sM42Jbm0uXs9GQ3w==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/hosts/vps-monitor/secrets.json b/hosts/vps-monitor/secrets.json index 67c6123..fa99e10 100644 --- a/hosts/vps-monitor/secrets.json +++ b/hosts/vps-monitor/secrets.json @@ -1,9 +1,5 @@ { "seb-password": "ENC[AES256_GCM,data:BsVFQMY7q+RhByY3RTWwrwbdC4Pgb2kNVG8HXn+kmI2evAo8XmGbDHbr7mXnI2LA6E+iXm5bewfwwTnJWZjaup06/kr1bd8JDg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:ydQaXcLVYllSZYWNCtH7+A==,type:str]", - "tailscale": { - "auth-key": "ENC[AES256_GCM,data:b+m+4KGLeS7hYLSqYXxX5VhiA946b4SEp+OAQUkK6e6ShYe0RnC0VfnypHjqwrdOiGYAIxB4ggIjZ9F5lfw=,iv:o36k4vtsnSThDQNIMIPBQHJ92WodbIyVC42L1t8Fvzg=,tag:/9oYSFO3asAGmWiedNo+Bw==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:Z/u3GJr1J7rhn1k+Ul0SyHhWKIxpIKqqinGphdZ/BNFvBGCsU8xKKHz7c4B6O94Oe3tuUNGp+X285lSnpZg=,iv:ch6Mg8ki82pxlWFGlOGoJB7Mhn3tYPEcL6Z8/6bXzCQ=,tag:9sHLrQ8F/DzYvdtvUM7dYg==,type:str]" - }, "healthchecks": { "ping-key": "ENC[AES256_GCM,data:Zq71AU3oym7fC364YZNyRtx4N2G35Q==,iv:ibMBpcrSocLBhtumsSV00+KVN6Pi4SzE7soCkZcU4fY=,tag:Wv/Wr0wRZGXucMHZHgoNtg==,type:str]" }, @@ -28,8 +24,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-01-10T22:31:10Z", - "mac": "ENC[AES256_GCM,data:REnbW+tps2KV+VtPOHAJFVuYAs4lRAp/n/Vui7AYYv3KLux97bOCg/ltlxSL8bGGKrcHtlFqI1a7ZGe/bQaFCGxrg+iQahokR7c+Lfz+ffc5bXue1P00UXBi2O+eBlpVwZ5CeMh5TIYLAyxEXR88PVqSrhkhXAphDTP73leqsvA=,iv:1MMZwjg9zdLwKpn8JllURaodm8fSInNgwNty7DwGKq0=,tag:WmnMzR9MvGs2Odap8sXLgw==,type:str]", + "lastmodified": "2026-01-10T23:14:34Z", + "mac": "ENC[AES256_GCM,data:RpG1S1iuaHmBc9wT9Tau6dZHcFX9DwQA0kHcAuTZxbjopLfYJnVosvU9S9N+4tAZqwGLpKqVxX3UiUWLEIFwrcB3xM3/SdpKWD4CE/cyMbvwWCIN4RcHveFJ6py7ItXtipzLC0lZeRWDXP+IyREuKggAID50zXuSIPr6BDlnkYA=,iv:gWykL+vhNB3tLHtHlhbNd5iUPKjB5vDpx0nAf5j+F8Y=,tag:MAI8aaSR+g33IIYM4opqCw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/hosts/vps-private/secrets.json b/hosts/vps-private/secrets.json index 53c462f..3b8f722 100644 --- a/hosts/vps-private/secrets.json +++ b/hosts/vps-private/secrets.json @@ -1,9 +1,5 @@ { "seb-password": "ENC[AES256_GCM,data:Q+yRIOJCUzHmCZ5n0OAGyCkePVh0VJfeFYmgG2fh8Wwy6IKyG9c3/3qcMEIRSvG6Qm9KFGahuIR2md5bz7//pTRfPcu1GdIsMA==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:pOLRjWZKL2+GkMgV435FMw==,type:str]", - "tailscale": { - "auth-key": "ENC[AES256_GCM,data:qqJnjWR309LAuW49/7t2uZqWlAgPUvz8niLZuM2g8kJxaQmF0TEAWcBDpYridy9NLHnJ+xgA9g088t9dSg==,iv:imh6BrNPf2jVQ6eVaB9Mt+gX9zGq6mHX1+9yhY/KzrI=,tag:HPjhNE+vecDWwCAMC+nGfw==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:x69Z9Ac533qpKb9y/CQXJYvkw3G6OGyvoih9wABwlYO969+PvQssuNvciFGq8ZmqUXaGRcFsL45edegiKs0=,iv:0yO9RGbrBVfnQ7GR+3rdLBCk+UY9DQJk7NVGlUEBdNs=,tag:ISv0GFT9yinM2BAvvI3mvw==,type:str]" - }, "restic": { "password": "ENC[AES256_GCM,data:AERasH4M/uP3aUELnggUmH6NzAx6v4Uqjg+ymF5X,iv:q5qJkB3+feZyEm778hKI8ikNz9/9dj+Z1hda6M4eHfQ=,tag:adI4AwzXp63SRSA8uAjRZw==,type:str]" }, @@ -39,8 +35,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU01heng3NHdrYnZFZmZn\nZlJtUUIyd1ExTmhzeU5iZFZadFcwR25GOEVZCmxHOXNWQVh1ZlJSRHJtaDVHNVUv\nbTY0TlNmZ2hESDkzS2M3WHdlamxwclkKLS0tIEEvOFd3TDFkQmQwbjBodHhpb1BD\nZ2NvTnNqQmtrLy9aVDdGRGxZbVgrZG8KdnnjJWcjZFu3R8fVKToj6THHHRCFou9k\njQoedCZAML2A2FZIhHugH9wnDUPQQjG86WbcCBuFWcOTGiTF2gN+Qg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-01-10T17:15:33Z", - "mac": "ENC[AES256_GCM,data:laYkgmwyEQTqUPAI3VBKmhzewfcFAm4duM/s8wcrG1Vdlf+PR/LvSfstCJSEyNrfnPhZNYkDy3SX5qBJGbxjguJkYbeUDWXat78+qZElHtguitAsjclSCZMmizmICEyaFJYkNvad960Mm/CDTzyMQNG6whHdJTXQ309ve/OnKSQ=,iv:PtCxMjO0he3wTbP32sNZx82sik/JIZDIwuwivgGsDRw=,tag:U51Dwv1BmeQUiWoqcj+6SQ==,type:str]", + "lastmodified": "2026-01-10T23:14:08Z", + "mac": "ENC[AES256_GCM,data:ppj3M84MdH8awN6/r8b0DubMaQbqHpKpMfBJEb3TlbUJczE6kPmhuuX3Cx3FOsD+TJr0m8WRjCqb0Z844Z2oylaz7hmijYHLbByb+BY+dsSPU21zkvCli+KpzHkDY4+NcjhTN4MsopYSwVDegZoCb+qZ0nAqDKqLezUlNIKCUuI=,iv:xA1LzdkoEkiq2i5klIvojMIqvpIsuZeJTiKKOEBbR7k=,tag:o6eOKWKu216X+DnXRy6ARw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/hosts/vps-public/secrets.json b/hosts/vps-public/secrets.json index 3a609a7..c3019ae 100644 --- a/hosts/vps-public/secrets.json +++ b/hosts/vps-public/secrets.json @@ -1,9 +1,5 @@ { "seb-password": "ENC[AES256_GCM,data:znyHz9AhZipp2VNkXifU27IvEbPoKqLf4ibSkqfvkGGoX/jHnoJRYruWmwLnAaqTk6moHtew6HZq3xjvNgUf+qVgaleWQntrLg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:CKgqMm/mVae1i9He/ioMAg==,type:str]", - "tailscale": { - "auth-key": "ENC[AES256_GCM,data:tnmR93k4iPsojBZgwVmnSPJkNDOYiJt9lJ/IpoDR/TWCIbpBmbFq7xKSnyoCXBRKiEZ6hK0z3jezuQc9IgQ=,iv:/b3+yxEOuPaRrrmD3LSUeSiNv/1u4bMxrg4B+1SKb0o=,tag:9f6ZSgFjP4HAExWiaStr2g==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:xlXV01WcdLVm/vRw8Elb3iCId8LstKP0UWSXDXeOG10goKLoIMV4JmJ8a8OalE3s3pO3FSLYQFxjQNxQmhk=,iv:ikHW6XVow1NJZB0hUhKl5JsC9gEZtvXc4F9SlUycQlI=,tag:GgqQPIxOXkYhhqPcv2/k0A==,type:str]" - }, "restic": { "password": "ENC[AES256_GCM,data:IGV07og9eSoleJnZ2+/FFLph7TLNd80q+u6WNn+V,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:eA7CAtfQtodTCyOuEn4+ug==,type:str]" }, @@ -38,8 +34,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-01-10T22:23:51Z", - "mac": "ENC[AES256_GCM,data:P1Bm5F/DfImSoqvis69QW/9CCK6zwHOr+62LNIQtwV722KkdEnHfEPUhWI0lfwNd7BKSdrXB8jIbrgK1HoM1LUB1btG3WBNmyFwCyST31gLR2nzhCm4nDIupqffG754IVHp9CmHqs2O2G40iI92t9M4OEouJWjrPy0DFdrCuqcE=,iv:wCEPO+gKJ6cObkIYkMWuJTS4rYGSwc6d0TuBFT2gnrU=,tag:fYJl+IFK86fZfKjiajJDOQ==,type:str]", + "lastmodified": "2026-01-10T23:14:22Z", + "mac": "ENC[AES256_GCM,data:oQ8weypJMM2sm5XzRzn80IE6VQ7zKiJdkujLTfZbiUHXhPSpmNJqsXnAMREtKGAxxm6p9aTeZMbkX1xN1FGf38909/W0Bk/I0trpo1Q6bxLwlo/8eLvA5CAqrgQIgJz3jpIEDpXGsvTDVDxNQeFPH4HZHInwmF4Z6snVBuv8UZI=,iv:D3qt1rhAdMRRnBzlaKf8hGU+f7isjIKPyGM1MCnhoBs=,tag:6ihR9KXKsr8SVPceVlB1Cg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/lib/default.nix b/lib/default.nix index 1436610..49dc71f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -3,10 +3,7 @@ self, }: { - isTailscaleDomain = domain: domain |> lib.hasSuffix ".ts.net"; - - isPrivateDomain = - domain: domain |> lib.hasSuffix ".splitleaf.de"; + isPrivateDomain = domain: domain |> lib.hasSuffix ".splitleaf.de"; subdomainOf = domain: domain |> lib.splitString "." |> lib.head; diff --git a/modules/home/services/tailscale.nix b/modules/home/services/tailscale.nix deleted file mode 100644 index 121c2ca..0000000 --- a/modules/home/services/tailscale.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, ... }@moduleArgs: -{ - options.custom.services.tailscale.enable = lib.mkEnableOption "" // { - default = moduleArgs.osConfig.custom.services.tailscale.enable or false; - }; - - config = lib.mkIf config.custom.services.tailscale.enable { - programs.ssh = { - enable = true; - matchBlocks.installer.extraOptions = { - UserKnownHostsFile = "/dev/null"; - StrictHostKeyChecking = "no"; - }; - }; - }; -} diff --git a/modules/system/services/caddy.nix b/modules/system/services/caddy.nix index d137a40..90d242d 100644 --- a/modules/system/services/caddy.nix +++ b/modules/system/services/caddy.nix @@ -1,20 +1,15 @@ { config, - pkgs, lib, lib', ... }: let cfg = config.custom.services.caddy; - inherit (config.services.caddy) user; virtualHosts = cfg.virtualHosts |> lib.attrValues |> lib.filter (value: value.enable); - publicHostsExist = - virtualHosts - |> lib.any (value: (!lib'.isPrivateDomain value.domain) && (!lib'.isTailscaleDomain value.domain)); - tailscaleHostsExist = virtualHosts |> lib.any (value: lib'.isTailscaleDomain value.domain); + publicHostsExist = virtualHosts |> lib.any (value: (!lib'.isPrivateDomain value.domain)); privateHostsExist = virtualHosts |> lib.any (value: lib'.isPrivateDomain value.domain); webPorts = [ @@ -32,7 +27,6 @@ let lib.nameValuePair domain { logFormat = "output file ${config.services.caddy.logDir}/${domain}.log { mode 640 }"; extraConfig = lib.concatLines [ - (lib.optionalString (lib'.isTailscaleDomain domain) "bind tailscale/${lib'.subdomainOf domain}") (lib.optionalString (lib'.isPrivateDomain domain) ( let certDir = config.security.acme.certs.${domain}.directory; @@ -115,26 +109,6 @@ in networking.firewall.allowedTCPPorts = webPorts; }) - (lib.mkIf tailscaleHostsExist { - sops.secrets."tailscale/service-auth-key" = { - owner = user; - restartUnits = [ "caddy.service" ]; - }; - - services.caddy = { - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/tailscale/caddy-tailscale@v0.0.0-20251117033914-662ef34c64b1" ]; - hash = "sha256-3lc2oSLFIco5Pgz1QNH2hT5tDTPZ4wcbc+NKH9wLEfY="; - }; - globalConfig = '' - tailscale { - auth_key {file.${config.sops.secrets."tailscale/service-auth-key".path}} - ephemeral true - } - ''; - }; - }) - (lib.mkIf privateHostsExist { sops.secrets = { "porkbun/api-key".owner = config.users.users.acme.name; diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix index 20d4017..e6cb193 100644 --- a/modules/system/services/nebula/default.nix +++ b/modules/system/services/nebula/default.nix @@ -135,7 +135,6 @@ in settings = { pki.disconnect_invalid = true; cipher = "aes"; - lighthouse.local_allow_list.interfaces.${config.services.tailscale.interfaceName} = false; }; }; diff --git a/modules/system/services/nebula/dns.nix b/modules/system/services/nebula/dns.nix index 7d58b57..b2c77e6 100644 --- a/modules/system/services/nebula/dns.nix +++ b/modules/system/services/nebula/dns.nix @@ -48,18 +48,13 @@ in nodeRecords ++ serviceRecords; }; - forward-zone = - (lib.singleton { - name = "."; - forward-addr = [ - "1.1.1.1" - "8.8.8.8" - ]; - }) - ++ lib.optional config.custom.services.tailscale.enable { - name = "${config.custom.services.tailscale.domain}"; - forward-addr = [ "100.100.100.100" ]; - }; + forward-zone = lib.singleton { + name = "."; + forward-addr = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; }; }; diff --git a/modules/system/services/tailscale.nix b/modules/system/services/tailscale.nix deleted file mode 100644 index 28fc6e1..0000000 --- a/modules/system/services/tailscale.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.custom.services.tailscale; -in -{ - options.custom.services.tailscale = { - enable = lib.mkEnableOption ""; - domain = lib.mkOption { - type = lib.types.nonEmptyStr; - default = "stork-atlas.ts.net"; - }; - ssh.enable = lib.mkEnableOption ""; - exitNode.enable = lib.mkEnableOption ""; - }; - - config = lib.mkIf cfg.enable { - meta.ports.udp = lib.mkIf config.services.tailscale.openFirewall [ - config.services.tailscale.port - ]; - - sops.secrets."tailscale/auth-key".restartUnits = [ "tailscaled-autoconnect.service" ]; - - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/auth-key".path; - openFirewall = true; - useRoutingFeatures = if cfg.exitNode.enable then "server" else "client"; - extraUpFlags = [ "--reset=true" ]; - extraSetFlags = [ - "--ssh=${lib.boolToString cfg.ssh.enable}" - "--advertise-exit-node=${lib.boolToString cfg.exitNode.enable}" - ]; - }; - - systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ]; - - custom.persistence.directories = [ "/var/lib/tailscale" ]; - }; -}