SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 17:31:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:ac3b43a952dc941b38b4a3ac17ad1efa5b98866d
Branches Tags
SebastianStork:main
SebastianStork:develop
..
compare: SebastianStork:653ebd2c8504170680dad35512fc5885077ae6f5
Branches Tags
SebastianStork:main
SebastianStork:develop

3 commits
ac3b43a952 ... 653ebd2c85

Author SHA1 Message Date
SebastianStork
653ebd2c85
syncthing: Connect devices over nebula instead of tailscale 2026-01-10 01:32:23 +01:00
SebastianStork
bd196f1f27
nebula/dns: Add forward-zone for tailscale domains 
I'm not sure if this is actually doing anything
 2026-01-10 01:31:09 +01:00
SebastianStork
df8682f4d0
tailscale: Fix interface by making it unmanaged again 2026-01-10 01:26:16 +01:00
3 changed files with 61 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/system/services/nebula/dns.nix
View file

@ -29,13 +29,18 @@ in
|> lib.map (node: "\"${node.name}.${nebulaCfg.network.domain}. A ${node.address}\""); |> lib.map (node: "\"${node.name}.${nebulaCfg.network.domain}. A ${node.address}\"");
}; };
forward-zone = lib.singleton { forward-zone =
name = "."; (lib.singleton {
forward-addr = [ name = ".";
"1.1.1.1" forward-addr = [
"8.8.8.8" "1.1.1.1"
]; "8.8.8.8"
}; ];
})
++ lib.optional config.custom.services.tailscale.enable {
name = "${config.custom.services.tailscale.domain}";
forward-addr = [ "100.100.100.100" ];
};
}; };
}; };

85
modules/system/services/syncthing.nix
View file

@ -51,8 +51,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = config.custom.services.tailscale.enable; assertion = config.custom.services.nebula.node.enable;
message = "Syncthing requires tailscale"; message = "Syncthing requires nebula";
} }
{ {
assertion = cfg.isServer -> (cfg.gui.domain != null); assertion = cfg.isServer -> (cfg.gui.domain != null);
@ -86,48 +86,61 @@ in
}; };
}; };
services.syncthing = { services = {
enable = true; syncthing = {
enable = true;
user = lib.mkIf (!cfg.isServer) "seb"; user = lib.mkIf (!cfg.isServer) "seb";
group = lib.mkIf (!cfg.isServer) "users"; group = lib.mkIf (!cfg.isServer) "users";
dataDir = lib.mkIf (!cfg.isServer) "/home/seb"; dataDir = lib.mkIf (!cfg.isServer) "/home/seb";
guiAddress = "localhost:${toString cfg.gui.port}"; guiAddress = "localhost:${toString cfg.gui.port}";
cert = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/cert".path; cert = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/cert".path;
key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path; key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path;
settings = { settings = {
# Get the devices and their ids from the configs of the other hosts # Get the devices and their ids from the configs of the other hosts
devices = devices =
self.nixosConfigurations self.nixosConfigurations
|> lib.filterAttrs (name: _: name != config.networking.hostName) |> lib.filterAttrs (name: _: name != config.networking.hostName)
|> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable) |> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable)
|> lib.mapAttrs ( |> lib.mapAttrs (
name: value: { _: value: {
id = value.config.custom.services.syncthing.deviceId; id = value.config.custom.services.syncthing.deviceId;
addresses = [ "tcp://${name}.${config.custom.services.tailscale.domain}:${toString cfg.syncPort}" ]; addresses = [
} "tcp://${value.config.custom.services.nebula.node.address}:${toString cfg.syncPort}"
); ];
}
);
folders = folders =
cfg.folders cfg.folders
|> lib'.genAttrs (name: { |> lib'.genAttrs (name: {
path = "${dataDir}/${name}"; path = "${dataDir}/${name}";
devices = config.services.syncthing.settings.devices |> lib.attrNames; devices = config.services.syncthing.settings.devices |> lib.attrNames;
}); });
options = { options = {
listenAddress = "tcp://0.0.0.0:${toString cfg.syncPort}"; listenAddress = "tcp://${config.custom.services.nebula.node.address}:${toString cfg.syncPort}";
globalAnnounceEnabled = false; globalAnnounceEnabled = false;
localAnnounceEnabled = false; localAnnounceEnabled = false;
relaysEnabled = false; relaysEnabled = false;
natEnabled = false; natEnabled = false;
urAccepted = -1; urAccepted = -1;
autoUpgradeIntervalH = 0; autoUpgradeIntervalH = 0;
};
}; };
}; };
nebula.networks.mesh.firewall.inbound =
config.services.syncthing.settings.devices
|> lib.attrNames
|> lib.map (name: {
port = cfg.syncPort;
proto = "tcp";
host = name;
});
}; };
custom = { custom = {

8
modules/system/services/tailscale.nix
View file

@ -35,13 +35,5 @@ in
systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ]; systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ];
custom.persistence.directories = [ "/var/lib/tailscale" ]; custom.persistence.directories = [ "/var/lib/tailscale" ];
# Disable search domain when nebula is in use
systemd.network.networks."50-tailscale" = lib.mkIf config.custom.services.nebula.node.enable {
matchConfig.Name = config.services.tailscale.interfaceName;
linkConfig.Unmanaged = lib.mkForce false;
dns = [ "100.100.100.100" ];
domains = [ ];
};
}; };
} }