update

2024-07-03 17:15:02 -05:00
parent d0f6ac567c
commit 69fcb52692
2 changed files with 58 additions and 18 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -11,11 +11,11 @@
        "yafas": "yafas"
      },
      "locked": {
-        "lastModified": 1719839252,
-        "narHash": "sha256-3kMhPtLsg+wi4A0Of0uWzqnI1n1FzNbrDUp1q/UlUc8=",
+        "lastModified": 1719992991,
+        "narHash": "sha256-X1WYxzXRB/KbYLML90AtMTE0mpLHtAe6avSDBh203bs=",
        "owner": "chaotic-cx",
        "repo": "nyx",
-        "rev": "0e99464b8956307678b60ec7540e6cad730ee825",
+        "rev": "378c12fede02f2cbdb14508af603cbefa334bcac",
        "type": "github"
      },
      "original": {
@@ -268,11 +268,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1719827439,
-        "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
+        "lastModified": 1719992360,
+        "narHash": "sha256-SRq0ZRkqagqpMGVf4z9q9CIWRbPYjO7FTqSJyWh7nes=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
+        "rev": "36e2f9da91ce8b63a549a47688ae60d47c50de4b",
        "type": "github"
      },
      "original": {
@@ -486,11 +486,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1719681865,
-        "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
+        "lastModified": 1719895800,
+        "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
+        "rev": "6e253f12b1009053eff5344be5e835f604bb64cd",
        "type": "github"
      },
      "original": {
@@ -502,11 +502,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1719690277,
-        "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
+        "lastModified": 1719848872,
+        "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
+        "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
        "type": "github"
      },
      "original": {
@@ -534,11 +534,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1719707984,
-        "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
+        "lastModified": 1719956923,
+        "narHash": "sha256-nNJHJ9kfPdzYsCOlHOnbiiyKjZUW5sWbwx3cakg3/C4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
+        "rev": "706eef542dec88cc0ed25b9075d3037564b2d164",
        "type": "github"
      },
      "original": {
@@ -550,11 +550,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1719690277,
-        "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
+        "lastModified": 1719848872,
+        "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
+        "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
        "type": "github"
      },
      "original": {
--- a/hosts/nas/configuration.nix
+++ b/hosts/nas/configuration.nix
@@ -19,6 +19,8 @@ let
    3493
    61208
    9090
+#    config.services.tailscale.port
+#    22
  ];
  enableDisplayManager = false;
  # adding a flag cause nixos cant figure itself out and broke shit that cant be fixed
@@ -294,10 +296,44 @@ in
        }
      ];
    };
+    
+    tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "client";
+      extraUpFlags = [ "--advertise-exit-node" ];
+    };
  };

  systemd.services = {

+    tailscale-autoconnect = {
+      description = "Automatic connection to Tailscale";
+
+      # make sure tailscale is running before trying to connect to tailscale
+      after = [ "network-pre.target" "tailscale.service" ];
+      wants = [ "network-pre.target" "tailscale.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      # set this service as a oneshot job
+      serviceConfig.Type = "oneshot";
+
+      # have the job run this shell script
+      script = with pkgs; ''
+        # wait for tailscaled to settle
+        sleep 2
+
+        # check if we are already authenticated to tailscale
+        status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+        if [ $status = "Running" ]; then # if so, then do nothing
+          exit 0
+        fi
+
+        # otherwise authenticate with tailscale
+        ${tailscale}/bin/tailscale up -authkey tskey-auth-kVqyntEixG11CNTRL-kKAYioBRVBHKa4rCqUmv9HVGMnvQiwBZh
+      '';
+    };
+
    glances-server = {
      path = [
        pkgs.bash
@@ -344,6 +380,9 @@ in
      extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
      allowedTCPPorts = allowedPorts;
      allowedUDPPorts = allowedPorts;
+      
+      # always allow traffic from your Tailscale network
+      trustedInterfaces = [ "tailscale0" ];
    };
  };

@@ -399,6 +438,7 @@ in
      unstable.gpt4all
      lm_sensors
      htop
+      tailscale
      tpm2-tools
      tpm2-tss
      cryptsetup