SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove all traces of tailscale

Browse source
This commit is contained in:
SebastianStork 2026-01-11 00:17:51 +01:00
parent ccac4395a2
commit 3cf75dc7e1
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
11 changed files with 19 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

28
modules/system/services/caddy.nix
View file

@ -1,20 +1,15 @@
{
config,
pkgs,
lib,
lib',
...
}:
let
cfg = config.custom.services.caddy;
inherit (config.services.caddy) user;
virtualHosts = cfg.virtualHosts |> lib.attrValues |> lib.filter (value: value.enable);
publicHostsExist =
virtualHosts
|> lib.any (value: (!lib'.isPrivateDomain value.domain) && (!lib'.isTailscaleDomain value.domain));
tailscaleHostsExist = virtualHosts |> lib.any (value: lib'.isTailscaleDomain value.domain);
publicHostsExist = virtualHosts |> lib.any (value: (!lib'.isPrivateDomain value.domain));
privateHostsExist = virtualHosts |> lib.any (value: lib'.isPrivateDomain value.domain);
webPorts = [
@ -32,7 +27,6 @@ let
lib.nameValuePair domain {
logFormat = "output file ${config.services.caddy.logDir}/${domain}.log { mode 640 }";
extraConfig = lib.concatLines [
(lib.optionalString (lib'.isTailscaleDomain domain) "bind tailscale/${lib'.subdomainOf domain}")
(lib.optionalString (lib'.isPrivateDomain domain) (
let
certDir = config.security.acme.certs.${domain}.directory;
@ -115,26 +109,6 @@ in
networking.firewall.allowedTCPPorts = webPorts;
})
(lib.mkIf tailscaleHostsExist {
sops.secrets."tailscale/service-auth-key" = {
owner = user;
restartUnits = [ "caddy.service" ];
};
services.caddy = {
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/tailscale/caddy-tailscale@v0.0.0-20251117033914-662ef34c64b1" ];
hash = "sha256-3lc2oSLFIco5Pgz1QNH2hT5tDTPZ4wcbc+NKH9wLEfY=";
};
globalConfig = ''
tailscale {
auth_key {file.${config.sops.secrets."tailscale/service-auth-key".path}}
ephemeral true
}
'';
};
})
(lib.mkIf privateHostsExist {
sops.secrets = {
"porkbun/api-key".owner = config.users.users.acme.name;