nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

treewide: move tailscale to separate module

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-07-19 21:24:42 +02:00 committed by Nikodem Rabuliński
parent 05300b82cf
commit 6d8c8a8f52
9 changed files with 102 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/kazuki/default.nix
View file

@ -23,6 +23,11 @@
# Not intended for interactive use
settei.user.enable = false;
settei.tailscale = {
ipv4 = "100.88.21.71";
ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:1547";
};
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;

5
hosts/kogata/default.nix
View file

@ -10,6 +10,11 @@
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "teams" ];
environment.systemPackages = with pkgs; [ teams ];
settei.tailscale = {
ipv4 = "100.102.13.61";
ipv6 = "fd7a:115c:a1e0::e126:d3d";
};
common.hercules.enable = true;
common.github-runner = {
enable = true;

5
hosts/legion/default.nix
View file

@ -26,6 +26,11 @@
loader.efi.canTouchEfiVariables = true;
};
settei.tailscale = {
ipv4 = "100.84.112.35";
ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023";
};
networking = {
hostName = "legion";
hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);

4
hosts/miyagi/default.nix
View file

@ -40,6 +40,10 @@
];
};
settei.tailscale = {
ipv4 = "100.103.204.32";
ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6267:cc20";
};
settei.user.config = {
common.desktop.enable = true;
home.packages = [ pkgs.slack ];

5
hosts/ude/default.nix
View file

@ -20,6 +20,11 @@
loader.efi.canTouchEfiVariables = true;
};
settei.tailscale = {
ipv4 = "100.118.42.139";
ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6276:2a8b";
};
common.hercules.enable = true;
services.hercules-ci-agent.settings.concurrentTasks = 6;
common.github-runner = {

5
modules/system/common/default.nix
View file

@ -15,9 +15,12 @@ let
username = lib.mkDefault "niko";
sane-defaults = {
enable = lib.mkDefault true;
tailnet = "discus-macaroni.ts.net";
};
flake-qol.enable = true;
tailscale = {
enable = true;
tailnet = "discus-macaroni.ts.net";
};
user = {
enable = lib.mkDefault true;
# TODO: Move to settei or leave here?

1
modules/system/settei/default.nix
View file

@ -18,6 +18,7 @@
(import ./flake-qol.nix { inherit perInput; })
./user.nix
(import ./programs { inherit isLinux; })
(import ./tailscale.nix { inherit isLinux; })
];
options.settei = with lib; {

71
modules/system/settei/sane-defaults.nix
View file

@ -11,10 +11,6 @@ let
type = types.attrsOf types.singleLineStr;
default = { };
};
tailnet = mkOption {
type = types.nullOr types.str;
default = null;
};
};
};
@ -27,9 +23,6 @@ let
username = lib.mkDefault username;
};
# FIXME: Move to common
services.tailscale.enable = true;
networking.hostName = lib.mkDefault (
args.configurationName
or (throw "pass configurationName to module arguments or set networking.hostName yourself")
@ -79,54 +72,28 @@ let
};
};
linuxConfig = lib.optionalAttrs isLinux (
let
nmEnabled = config.networking.networkmanager.enable;
tlEnabled = config.services.tailscale.enable;
in
lib.mkMerge [
{
hardware.enableRedistributableFirmware = true;
linuxConfig = lib.optionalAttrs isLinux {
hardware.enableRedistributableFirmware = true;
# FIXME: Move to common
networking.firewall.trustedInterfaces = lib.mkIf tlEnabled [ "tailscale0" ];
services.openssh.enable = true;
programs.mosh.enable = lib.mkDefault true;
programs.git.enable = lib.mkDefault true;
services.openssh.enable = true;
programs.mosh.enable = lib.mkDefault true;
programs.git.enable = lib.mkDefault true;
users = {
mutableUsers = false;
users.${username} = {
isNormalUser = true;
home = "/home/${username}";
group = username;
extraGroups = [ "wheel" ];
};
groups.${username} = { };
};
users = {
mutableUsers = false;
users.${username} = {
isNormalUser = true;
home = "/home/${username}";
group = username;
extraGroups = [ "wheel" ];
};
groups.${username} = { };
};
# TODO: Actually this should be extraRules which makes wheel users without any password set
# be able to use sudo with no password
security.sudo.wheelNeedsPassword = false;
}
{
# When NetworkManager isn't in use, add tailscale DNS address manually
# FIXME: Move to common
networking = lib.mkIf (!nmEnabled && tlEnabled && cfg.tailnet != null) {
nameservers = [
"100.100.100.100"
"1.1.1.1"
"1.0.0.1"
];
search = [ cfg.tailnet ];
};
# NetworkManager probably means desktop system so we don't want to slow down boot times
systemd.services = lib.mkIf nmEnabled { NetworkManager-wait-online.enable = false; };
}
]
);
# TODO: Actually this should be extraRules which makes wheel users without any password set
# be able to use sudo with no password
security.sudo.wheelNeedsPassword = false;
};
darwinConfig = lib.optionalAttrs (!isLinux) {
services.nix-daemon.enable = true;

54
modules/system/settei/tailscale.nix Normal file
View file

@ -0,0 +1,54 @@
{ isLinux }:
{ config, lib, ... }:
let
inherit (lib)
types
mkEnableOption
mkIf
mkOption
;
cfg = config.settei.tailscale;
options.settei.tailscale = {
enable = mkEnableOption "Tailscale configuration";
tailnet = mkOption { type = types.str; };
ipv4 = mkOption { type = types.str; };
ipv6 = mkOption { type = types.str; };
};
sharedConfig = {
services.tailscale.enable = true;
};
nmEnabled = config.networking.networkmanager.enable;
linuxConfig = lib.optionalAttrs isLinux (
lib.mkMerge [
{
networking.firewall.trustedInterfaces = [ "tailscale0" ];
}
(mkIf (!nmEnabled) {
# When NetworkManager isn't in use, add tailscale DNS address manually
networking.nameservers = [
"100.100.100.100"
"1.1.1.1"
"1.0.0.1"
];
networking.search = [ cfg.tailnet ];
})
]
);
in
{
_file = ./tailscale.nix;
inherit options;
config = mkIf cfg.enable (
lib.mkMerge [
sharedConfig
linuxConfig
]
);
}