mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 11:41:34 +01:00
Remove all traces of tailscale
This commit is contained in:
parent
ccac4395a2
commit
3cf75dc7e1
SSH key fingerprint:
SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
11 changed files with 19 additions and 127 deletions
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"seb-password": "ENC[AES256_GCM,data:dFdYolLTXrxAT8ybVAq3+8eKxO5x2qB810o9FSpUAtfjgYr9DFFVvi06Ut+14ukGcfulXLOixyf0pM/3n9/jeNghnsD14hoGxw==,iv:vORmRgBgZvdafRa8vFF4LL3fw44yZV3yNq3L8eOcQRI=,tag:kr7ZUJpJUhzPJwCCezWCRA==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:nbc5TURKW/d81lJ5LjJmEykGe6Cz7hnl42BgJdma4S0O92t9EtHCapjujlSSivqO9vjUWUtkJ9JMn5SQOw==,iv:SeVyuQpObjTG/FvBaUn5yv6ktVIXCXWoHv1eLlymnrI=,tag:gKOSviNCzCoRx6zsJ/MzqA==,type:str]"
|
||||
},
|
||||
"syncthing": {
|
||||
"cert": "ENC[AES256_GCM,data:Rf6Pgni4jkcFC0pYC+CBJnCRfsNqSBR2yStaFngefb2/rQd3za2h7o7fp2IPVLs9fYmUG5r8/mP9K0m46xA/2wVLp+ddyNA2wndSwk7ZqNEs2BA/GAdelX8gtcPV74CkB/NJa4E42qH7aTVcgrBZVIM27RxO6e/8r8JSXb/HOczYpLAVdW2DHXjGrzi43cjEcn8UK+dNeNsp0AlEZqN9eRRbqh3JQr7+WOYKkk0R0VP3SLH4O9ROLzSJ4Pw4BoLArR3lvp7pOLOrmXvazToKkMInnLZsH0oV7Zvpu1kTz2KrvhIZdNoUZOV2L/laoS7nc/MFixEwpMy4gqszhiADXlNEbslZyZPcq9KxLgIH0W3xKuQDwrC/RWfjMAwnpucByKy9dR4+9C7maVYp5rvBdRbhNM/Yp6U465d8qJVG5YmURG5NBudAsXkfkp8/AqGSK8RQk/F2b28SfqVCfd/Kga1SINcbdEY7P9nNxx3sbVhncQ3pZXY2tZhYJiSuZ/hGMuPa3yMJPgDPJV8tPIUASCNxbeLOKp7HVghb9IIHSDhhiZmFTFB9xT8X9w05w0afLgQQCybG81YGXvXTiA/xLriA2AzQqg4KzdjUgs+lv7rPL9fsP5V7LAoBZamTirsOCoApMrP7L+QP0OTFyHBakf+GBEREwn5dygos+/vBXne4RtDmji/+zh9U1CqwwCIbx/rdVODzYusYV0lvDjYPyVnTWjEGQN5uGCgEBozQWUkaR1KlmamzcXS9ihPsIa1VNu/aLRrb66hS99wuALFdHJPg5XgHNKEA+Re/lXqUwups/A1RQ9bymqXUj8lIK1hDWsC3DCqDsL54x2BIodyvBBB8hyHFnBC3xg+W8yC0SQLivkFLdNMTRdAgyREFEZp3Nvi19B9+njnciFjcbRj+sG1L9X2OSvDZ2e7273DYtXAVsI9977VBtQYHmjXeyDVBnK53sri/8P2ofniPmBM/ZQ9X1UtMI+vrKIj/o4jcTaEcAmqA9bI2YbG5p84rIH6mBA4SvPCHGz6s48XhaYLzCJbOIR+eqwjbvBA=,iv:72+0+hlBxKtuhjhrLD1EMlx8LcJtskxO+MCpYj7rpes=,tag:qnQlahuimpMoVY1hbTGI6g==,type:str]",
|
||||
"key": "ENC[AES256_GCM,data:A/Am53gADkKNOn1kAgNoJmirRhIDtysyX8+ubtpyKTQKhTzEJfEKFrVw5BjJ8rYRS31DgMYV20FQs7HOfoRsR3MFdSGDFUgePnbIcNGpHD6EY8GJ9TblT+NyPsYsKG4WgFZElOjQYT3X9Rr0IWoNnDJoOaaI5sCpOumfLKWrekWvYfTUT+SiFfkCebeEQs7ZF7G6ZQJF73upaeKdbd8/uBdcfVc/c6PdjGvY1xnCOAqW39S9K2fK0RibqHs8BiuzPBTCYjBg6euYXi+XGrZjmHLFnj/ZflroiPJr/qFhMDVnmiaW7M3sWYDQYYPd6rk6Adam+ylEAU8BXwIjmdHNkR48WbdIDYWCHHdv4iZ8MLTj6MaX/ksIZvev2M19Eiyi,iv:lkGS4uR0Xd7FnahXLjVc8g0PiRPxyUS6YQY3EM3B5G0=,tag:NZYybe/MgP+LNlJ09AiV6g==,type:str]"
|
||||
|
|
@ -21,8 +18,8 @@
|
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Qmh4TnU2U0toYXZlaUpU\nZWdBVFMwRVpxelBTb3FvMHVDQkFMMkVlOEVjCjNaTEJDaGlkcUJtem43aDZ6Yk9j\nZGhmWFFvbm1HN0N1VkUyN1lQLzM2c0UKLS0tIHhEeFNyaXI0UDB0ZDBydW80djRX\nSmpyNDlLSFMvaXRsZGdWcS9nVTRzbk0KNryo5P1+bu9vntBafSgAAHxSsYXG2ELj\nQQM6kP+eaSoEFXfWxp7dhxHcjoTjQ9DmCgzVaDUD8nLzFsiJsgbjIg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-12-21T01:21:48Z",
|
||||
"mac": "ENC[AES256_GCM,data:tn8lgEn8Sp2YYFUVRUa+yOND7oISGld22+otWBB9U1she28JZ+g+vvdpCPRPevkqWHA+BawKUKkaD8Iaoe732HQukpbIBrVgK+g6YpaSnakhSZPGV2oE3z7KdSDeYdBF/La0ml1OKs67hldFfN9D2Sl5RdTROwBWaVaJesNTFS4=,iv:BCbSXBAUqb/LoDfLXLi6UB+CRuJOKEXuHFjITAdaH+E=,tag:f570BuZv30rL45m4y1IwJg==,type:str]",
|
||||
"lastmodified": "2026-01-10T23:13:24Z",
|
||||
"mac": "ENC[AES256_GCM,data:5JwqpNoFY0lW59TKMu9v//HQPfsrf37CRZAPZpJarHAAcxvAQhm25i8wwlrjZesEWmiqv3lzEi/82XX86h0kqSaB/7dbX+LVISNLeHJhYvOK4/MW87AjBAI9X9FjEhF1UMlE6ku6m7iJr3Jw11ePK6nxy3X+CPodd0q6DvuQKB0=,iv:UT32qwh51s0qaqDk47ytuCj9m2EehzkQpgeCKdTxtc0=,tag:6uxCkvCJGc8kPvGyX4TkFQ==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
{
|
||||
"seb-password": "ENC[AES256_GCM,data:RoDF5G7xX1SEabK9/mzbM1nu7KWN9tZJh5GZuiwAOBcQPXLcFkPh+U/I/PlwpSqDT7aWULW+FFG5DzQkdWIKLojWatZrkIrYvw==,iv:oWQj47oxjxR3DBHhFwUD/Emj5ziZHwcbXzD69ChRmHU=,tag:EiPidd+ISk7e2ZMxgeLHNQ==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:bQtlPQiNwM1xP+6a1jRGeJFdsxxL87RK0jazIj0uoe/U7wwUSZsxpFHyi9AJzfZSLYiST3LkUBtd5EPVnpw=,iv:qzcRpnOqEQF7iWWA8FSXHSlbNIcNk88xgMOk55nY33c=,tag:ZLXi7FZAlrH+z7Q9EvAxdg==,type:str]"
|
||||
},
|
||||
"iwd": {
|
||||
"EW90N.psk": "ENC[AES256_GCM,data:n2sY4SrmLG+nfIRQC2KXXHlS/1pRyWYsObg5K8MhX83jJp8MYZfa4BEwBm77ae62,iv:RIh/45UhkyEtjh5Q0FOS63p1RRgLlrRF+QTiFozm4eU=,tag:rVnKVlp8qu3eUSdyZW0hmA==,type:str]",
|
||||
"Fairphone4.psk": "ENC[AES256_GCM,data:GGxrhfXB0vb+R87G4GgsAxqjh89g0gVJu3gTPXsBDDlUUz5xv9iS5UlHPaJD,iv:p80LlUGQkBdeEK63dBDWgWe0n6GtEC2rcn8fToOvD5I=,tag:XSh+FAxBzKs/LQyYM2mUUQ==,type:str]",
|
||||
|
|
@ -28,8 +25,8 @@
|
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPM1k5U2pCM0JkKytwSE16\nek1zdVVuQjdKS1MyZ29xSUZkK1FId2JVZ0dFCng5bjV3SGlGRHdvaHkvWnNQcWpk\ndGlMbWl6STdERmtHeXVMYTJ6NjQzSU0KLS0tIFBza3d4eVlsVHB3YS9ySUNFMjUx\neUkwQlExdGNwWU1hbHlzS0RkS3NLbFkKLiP/N/5jOnsQhRCOkZ/BieX3OLJOq82e\ngp57skqFeG0k22sPpbgOS0Uz7jckv7/C3kFpuwXQGpEHdzp3QZ+Owg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-12-23T23:35:27Z",
|
||||
"mac": "ENC[AES256_GCM,data:+4U7yeb/0mDHuVz/DcGzg3whECVm3HJChE/T1NNJKCkbc1lkdIfLvI7p68IBe5QtkTsGtm2pGqJn8ztbOCAJJ1feoZyHMdcDqGbJG+IpDSrPRdmwqvey5CGtrGgIdgW0vZUMCCywmbASzEmsVoFvOzBp5GAxeJsJZRuPU8ditRc=,iv:dkqg3210wXfVAjXPmXYkerLJX14muxeKPMKU65PrKMc=,tag:TPbzWHamgoVBbAyshiRahg==,type:str]",
|
||||
"lastmodified": "2026-01-10T23:13:41Z",
|
||||
"mac": "ENC[AES256_GCM,data:HOucc0/UhQ46sbupGkOoID7vuiA99ObG9ZKZ2AD7dcb7wMN35d/Y//xCJFo3XPRw4nGT/tb87RIh6rOwmN37rYgP0eU/43Eyj66/bCAGfFyY/U3kATwII+GhfLCbHR7Fm4jcYS9UmfhCTydqLlunxsqhqqoZHGLpPm9B4KsVdoU=,iv:ns/HFeeF9TsmcINEOMUSW92lDLe3QCp+lwFYEJRZIdE=,tag:DQA790sM42Jbm0uXs9GQ3w==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
{
|
||||
"seb-password": "ENC[AES256_GCM,data:BsVFQMY7q+RhByY3RTWwrwbdC4Pgb2kNVG8HXn+kmI2evAo8XmGbDHbr7mXnI2LA6E+iXm5bewfwwTnJWZjaup06/kr1bd8JDg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:ydQaXcLVYllSZYWNCtH7+A==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:b+m+4KGLeS7hYLSqYXxX5VhiA946b4SEp+OAQUkK6e6ShYe0RnC0VfnypHjqwrdOiGYAIxB4ggIjZ9F5lfw=,iv:o36k4vtsnSThDQNIMIPBQHJ92WodbIyVC42L1t8Fvzg=,tag:/9oYSFO3asAGmWiedNo+Bw==,type:str]",
|
||||
"service-auth-key": "ENC[AES256_GCM,data:Z/u3GJr1J7rhn1k+Ul0SyHhWKIxpIKqqinGphdZ/BNFvBGCsU8xKKHz7c4B6O94Oe3tuUNGp+X285lSnpZg=,iv:ch6Mg8ki82pxlWFGlOGoJB7Mhn3tYPEcL6Z8/6bXzCQ=,tag:9sHLrQ8F/DzYvdtvUM7dYg==,type:str]"
|
||||
},
|
||||
"healthchecks": {
|
||||
"ping-key": "ENC[AES256_GCM,data:Zq71AU3oym7fC364YZNyRtx4N2G35Q==,iv:ibMBpcrSocLBhtumsSV00+KVN6Pi4SzE7soCkZcU4fY=,tag:Wv/Wr0wRZGXucMHZHgoNtg==,type:str]"
|
||||
},
|
||||
|
|
@ -28,8 +24,8 @@
|
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-01-10T22:31:10Z",
|
||||
"mac": "ENC[AES256_GCM,data:REnbW+tps2KV+VtPOHAJFVuYAs4lRAp/n/Vui7AYYv3KLux97bOCg/ltlxSL8bGGKrcHtlFqI1a7ZGe/bQaFCGxrg+iQahokR7c+Lfz+ffc5bXue1P00UXBi2O+eBlpVwZ5CeMh5TIYLAyxEXR88PVqSrhkhXAphDTP73leqsvA=,iv:1MMZwjg9zdLwKpn8JllURaodm8fSInNgwNty7DwGKq0=,tag:WmnMzR9MvGs2Odap8sXLgw==,type:str]",
|
||||
"lastmodified": "2026-01-10T23:14:34Z",
|
||||
"mac": "ENC[AES256_GCM,data:RpG1S1iuaHmBc9wT9Tau6dZHcFX9DwQA0kHcAuTZxbjopLfYJnVosvU9S9N+4tAZqwGLpKqVxX3UiUWLEIFwrcB3xM3/SdpKWD4CE/cyMbvwWCIN4RcHveFJ6py7ItXtipzLC0lZeRWDXP+IyREuKggAID50zXuSIPr6BDlnkYA=,iv:gWykL+vhNB3tLHtHlhbNd5iUPKjB5vDpx0nAf5j+F8Y=,tag:MAI8aaSR+g33IIYM4opqCw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
{
|
||||
"seb-password": "ENC[AES256_GCM,data:Q+yRIOJCUzHmCZ5n0OAGyCkePVh0VJfeFYmgG2fh8Wwy6IKyG9c3/3qcMEIRSvG6Qm9KFGahuIR2md5bz7//pTRfPcu1GdIsMA==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:pOLRjWZKL2+GkMgV435FMw==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:qqJnjWR309LAuW49/7t2uZqWlAgPUvz8niLZuM2g8kJxaQmF0TEAWcBDpYridy9NLHnJ+xgA9g088t9dSg==,iv:imh6BrNPf2jVQ6eVaB9Mt+gX9zGq6mHX1+9yhY/KzrI=,tag:HPjhNE+vecDWwCAMC+nGfw==,type:str]",
|
||||
"service-auth-key": "ENC[AES256_GCM,data:x69Z9Ac533qpKb9y/CQXJYvkw3G6OGyvoih9wABwlYO969+PvQssuNvciFGq8ZmqUXaGRcFsL45edegiKs0=,iv:0yO9RGbrBVfnQ7GR+3rdLBCk+UY9DQJk7NVGlUEBdNs=,tag:ISv0GFT9yinM2BAvvI3mvw==,type:str]"
|
||||
},
|
||||
"restic": {
|
||||
"password": "ENC[AES256_GCM,data:AERasH4M/uP3aUELnggUmH6NzAx6v4Uqjg+ymF5X,iv:q5qJkB3+feZyEm778hKI8ikNz9/9dj+Z1hda6M4eHfQ=,tag:adI4AwzXp63SRSA8uAjRZw==,type:str]"
|
||||
},
|
||||
|
|
@ -39,8 +35,8 @@
|
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU01heng3NHdrYnZFZmZn\nZlJtUUIyd1ExTmhzeU5iZFZadFcwR25GOEVZCmxHOXNWQVh1ZlJSRHJtaDVHNVUv\nbTY0TlNmZ2hESDkzS2M3WHdlamxwclkKLS0tIEEvOFd3TDFkQmQwbjBodHhpb1BD\nZ2NvTnNqQmtrLy9aVDdGRGxZbVgrZG8KdnnjJWcjZFu3R8fVKToj6THHHRCFou9k\njQoedCZAML2A2FZIhHugH9wnDUPQQjG86WbcCBuFWcOTGiTF2gN+Qg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-01-10T17:15:33Z",
|
||||
"mac": "ENC[AES256_GCM,data:laYkgmwyEQTqUPAI3VBKmhzewfcFAm4duM/s8wcrG1Vdlf+PR/LvSfstCJSEyNrfnPhZNYkDy3SX5qBJGbxjguJkYbeUDWXat78+qZElHtguitAsjclSCZMmizmICEyaFJYkNvad960Mm/CDTzyMQNG6whHdJTXQ309ve/OnKSQ=,iv:PtCxMjO0he3wTbP32sNZx82sik/JIZDIwuwivgGsDRw=,tag:U51Dwv1BmeQUiWoqcj+6SQ==,type:str]",
|
||||
"lastmodified": "2026-01-10T23:14:08Z",
|
||||
"mac": "ENC[AES256_GCM,data:ppj3M84MdH8awN6/r8b0DubMaQbqHpKpMfBJEb3TlbUJczE6kPmhuuX3Cx3FOsD+TJr0m8WRjCqb0Z844Z2oylaz7hmijYHLbByb+BY+dsSPU21zkvCli+KpzHkDY4+NcjhTN4MsopYSwVDegZoCb+qZ0nAqDKqLezUlNIKCUuI=,iv:xA1LzdkoEkiq2i5klIvojMIqvpIsuZeJTiKKOEBbR7k=,tag:o6eOKWKu216X+DnXRy6ARw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
{
|
||||
"seb-password": "ENC[AES256_GCM,data:znyHz9AhZipp2VNkXifU27IvEbPoKqLf4ibSkqfvkGGoX/jHnoJRYruWmwLnAaqTk6moHtew6HZq3xjvNgUf+qVgaleWQntrLg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:CKgqMm/mVae1i9He/ioMAg==,type:str]",
|
||||
"tailscale": {
|
||||
"auth-key": "ENC[AES256_GCM,data:tnmR93k4iPsojBZgwVmnSPJkNDOYiJt9lJ/IpoDR/TWCIbpBmbFq7xKSnyoCXBRKiEZ6hK0z3jezuQc9IgQ=,iv:/b3+yxEOuPaRrrmD3LSUeSiNv/1u4bMxrg4B+1SKb0o=,tag:9f6ZSgFjP4HAExWiaStr2g==,type:str]",
|
||||
"service-auth-key": "ENC[AES256_GCM,data:xlXV01WcdLVm/vRw8Elb3iCId8LstKP0UWSXDXeOG10goKLoIMV4JmJ8a8OalE3s3pO3FSLYQFxjQNxQmhk=,iv:ikHW6XVow1NJZB0hUhKl5JsC9gEZtvXc4F9SlUycQlI=,tag:GgqQPIxOXkYhhqPcv2/k0A==,type:str]"
|
||||
},
|
||||
"restic": {
|
||||
"password": "ENC[AES256_GCM,data:IGV07og9eSoleJnZ2+/FFLph7TLNd80q+u6WNn+V,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:eA7CAtfQtodTCyOuEn4+ug==,type:str]"
|
||||
},
|
||||
|
|
@ -38,8 +34,8 @@
|
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2026-01-10T22:23:51Z",
|
||||
"mac": "ENC[AES256_GCM,data:P1Bm5F/DfImSoqvis69QW/9CCK6zwHOr+62LNIQtwV722KkdEnHfEPUhWI0lfwNd7BKSdrXB8jIbrgK1HoM1LUB1btG3WBNmyFwCyST31gLR2nzhCm4nDIupqffG754IVHp9CmHqs2O2G40iI92t9M4OEouJWjrPy0DFdrCuqcE=,iv:wCEPO+gKJ6cObkIYkMWuJTS4rYGSwc6d0TuBFT2gnrU=,tag:fYJl+IFK86fZfKjiajJDOQ==,type:str]",
|
||||
"lastmodified": "2026-01-10T23:14:22Z",
|
||||
"mac": "ENC[AES256_GCM,data:oQ8weypJMM2sm5XzRzn80IE6VQ7zKiJdkujLTfZbiUHXhPSpmNJqsXnAMREtKGAxxm6p9aTeZMbkX1xN1FGf38909/W0Bk/I0trpo1Q6bxLwlo/8eLvA5CAqrgQIgJz3jpIEDpXGsvTDVDxNQeFPH4HZHInwmF4Z6snVBuv8UZI=,iv:D3qt1rhAdMRRnBzlaKf8hGU+f7isjIKPyGM1MCnhoBs=,tag:6ihR9KXKsr8SVPceVlB1Cg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,10 +3,7 @@
|
|||
self,
|
||||
}:
|
||||
{
|
||||
isTailscaleDomain = domain: domain |> lib.hasSuffix ".ts.net";
|
||||
|
||||
isPrivateDomain =
|
||||
domain: domain |> lib.hasSuffix ".splitleaf.de";
|
||||
isPrivateDomain = domain: domain |> lib.hasSuffix ".splitleaf.de";
|
||||
|
||||
subdomainOf = domain: domain |> lib.splitString "." |> lib.head;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
{ config, lib, ... }@moduleArgs:
|
||||
{
|
||||
options.custom.services.tailscale.enable = lib.mkEnableOption "" // {
|
||||
default = moduleArgs.osConfig.custom.services.tailscale.enable or false;
|
||||
};
|
||||
|
||||
config = lib.mkIf config.custom.services.tailscale.enable {
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
matchBlocks.installer.extraOptions = {
|
||||
UserKnownHostsFile = "/dev/null";
|
||||
StrictHostKeyChecking = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,20 +1,15 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
lib',
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.custom.services.caddy;
|
||||
inherit (config.services.caddy) user;
|
||||
|
||||
virtualHosts = cfg.virtualHosts |> lib.attrValues |> lib.filter (value: value.enable);
|
||||
|
||||
publicHostsExist =
|
||||
virtualHosts
|
||||
|> lib.any (value: (!lib'.isPrivateDomain value.domain) && (!lib'.isTailscaleDomain value.domain));
|
||||
tailscaleHostsExist = virtualHosts |> lib.any (value: lib'.isTailscaleDomain value.domain);
|
||||
publicHostsExist = virtualHosts |> lib.any (value: (!lib'.isPrivateDomain value.domain));
|
||||
privateHostsExist = virtualHosts |> lib.any (value: lib'.isPrivateDomain value.domain);
|
||||
|
||||
webPorts = [
|
||||
|
|
@ -32,7 +27,6 @@ let
|
|||
lib.nameValuePair domain {
|
||||
logFormat = "output file ${config.services.caddy.logDir}/${domain}.log { mode 640 }";
|
||||
extraConfig = lib.concatLines [
|
||||
(lib.optionalString (lib'.isTailscaleDomain domain) "bind tailscale/${lib'.subdomainOf domain}")
|
||||
(lib.optionalString (lib'.isPrivateDomain domain) (
|
||||
let
|
||||
certDir = config.security.acme.certs.${domain}.directory;
|
||||
|
|
@ -115,26 +109,6 @@ in
|
|||
networking.firewall.allowedTCPPorts = webPorts;
|
||||
})
|
||||
|
||||
(lib.mkIf tailscaleHostsExist {
|
||||
sops.secrets."tailscale/service-auth-key" = {
|
||||
owner = user;
|
||||
restartUnits = [ "caddy.service" ];
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
package = pkgs.caddy.withPlugins {
|
||||
plugins = [ "github.com/tailscale/caddy-tailscale@v0.0.0-20251117033914-662ef34c64b1" ];
|
||||
hash = "sha256-3lc2oSLFIco5Pgz1QNH2hT5tDTPZ4wcbc+NKH9wLEfY=";
|
||||
};
|
||||
globalConfig = ''
|
||||
tailscale {
|
||||
auth_key {file.${config.sops.secrets."tailscale/service-auth-key".path}}
|
||||
ephemeral true
|
||||
}
|
||||
'';
|
||||
};
|
||||
})
|
||||
|
||||
(lib.mkIf privateHostsExist {
|
||||
sops.secrets = {
|
||||
"porkbun/api-key".owner = config.users.users.acme.name;
|
||||
|
|
|
|||
|
|
@ -135,7 +135,6 @@ in
|
|||
settings = {
|
||||
pki.disconnect_invalid = true;
|
||||
cipher = "aes";
|
||||
lighthouse.local_allow_list.interfaces.${config.services.tailscale.interfaceName} = false;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -48,17 +48,12 @@ in
|
|||
nodeRecords ++ serviceRecords;
|
||||
};
|
||||
|
||||
forward-zone =
|
||||
(lib.singleton {
|
||||
forward-zone = lib.singleton {
|
||||
name = ".";
|
||||
forward-addr = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
})
|
||||
++ lib.optional config.custom.services.tailscale.enable {
|
||||
name = "${config.custom.services.tailscale.domain}";
|
||||
forward-addr = [ "100.100.100.100" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,39 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.custom.services.tailscale;
|
||||
in
|
||||
{
|
||||
options.custom.services.tailscale = {
|
||||
enable = lib.mkEnableOption "";
|
||||
domain = lib.mkOption {
|
||||
type = lib.types.nonEmptyStr;
|
||||
default = "stork-atlas.ts.net";
|
||||
};
|
||||
ssh.enable = lib.mkEnableOption "";
|
||||
exitNode.enable = lib.mkEnableOption "";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
meta.ports.udp = lib.mkIf config.services.tailscale.openFirewall [
|
||||
config.services.tailscale.port
|
||||
];
|
||||
|
||||
sops.secrets."tailscale/auth-key".restartUnits = [ "tailscaled-autoconnect.service" ];
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.sops.secrets."tailscale/auth-key".path;
|
||||
openFirewall = true;
|
||||
useRoutingFeatures = if cfg.exitNode.enable then "server" else "client";
|
||||
extraUpFlags = [ "--reset=true" ];
|
||||
extraSetFlags = [
|
||||
"--ssh=${lib.boolToString cfg.ssh.enable}"
|
||||
"--advertise-exit-node=${lib.boolToString cfg.exitNode.enable}"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ];
|
||||
|
||||
custom.persistence.directories = [ "/var/lib/tailscale" ];
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue