mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
mjallen18
2024-07-03 17:15:02 -05:00
parent d0f6ac567c
commit 69fcb52692
2 changed files with 58 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/nas/configuration.nix
View File

@@ -19,6 +19,8 @@ let
3493
61208
9090
# config.services.tailscale.port
# 22
];
enableDisplayManager = false;
# adding a flag cause nixos cant figure itself out and broke shit that cant be fixed
@@ -294,10 +296,44 @@ in
}
];
};
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [ "--advertise-exit-node" ];
};
};
systemd.services = {
tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey tskey-auth-kVqyntEixG11CNTRL-kKAYioBRVBHKa4rCqUmv9HVGMnvQiwBZh
'';
};
glances-server = {
path = [
pkgs.bash
@@ -344,6 +380,9 @@ in
extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
allowedTCPPorts = allowedPorts;
allowedUDPPorts = allowedPorts;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
};
};
@@ -399,6 +438,7 @@ in
unstable.gpt4all
lm_sensors
htop
tailscale
tpm2-tools
tpm2-tss
cryptsetup