diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2025-01-26 23:12:07 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2025-01-26 23:13:57 +0100 |
| commit | 092f79fdd6d26df2c5e9be3a790f7709889bf71c (patch) | |
| tree | 3cefbe03f8c2fa9132dc8b5c32cbdb618221261a | |
| parent | 44bb33baf4d193445950d133652463dd5491c77c (diff) | |
networking: wireguard -> tailscale
| -rw-r--r-- | config/networking.nix | 20 | ||||
| -rw-r--r-- | config/nix/remote-builds.nix | 7 | ||||
| -rw-r--r-- | config/services/mesh/default.nix | 6 |
3 files changed, 8 insertions, 25 deletions
diff --git a/config/networking.nix b/config/networking.nix index 14333fe..970e2b1 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -18,21 +18,11 @@ ]; defaultGateway = "93.95.228.1"; nameservers = ["93.95.224.28" "93.95.224.29"]; + }; - firewall.allowedUDPPorts = [51820]; - wireguard = { - enable = true; - interfaces.talaria = { - ips = ["10.13.42.1/24"]; - listenPort = 51820; - privateKeyFile = "/etc/wireguard/talaria.key"; - peers = [ - { - publicKey = "RrRb7eFxyfOOM99pJyBJ9fOIaZeEllHa8kQheN99dFE="; - allowedIPs = ["10.13.42.2"]; - } - ]; - }; - }; + services.tailscale = { + enable = true; + openFirewall = true; + disableTaildrop = true; }; } diff --git a/config/nix/remote-builds.nix b/config/nix/remote-builds.nix index 5f23108..d252af2 100644 --- a/config/nix/remote-builds.nix +++ b/config/nix/remote-builds.nix @@ -1,22 +1,21 @@ {...}: { - networking.hosts."10.13.42.2" = ["hephaistos.local"]; programs.ssh = { extraConfig = '' - Host hephaistos.local + Host hephaistos.aristote.mesh # Prevent using ssh-agent or another keyfile, useful for testing IdentitiesOnly yes IdentityFile /etc/ssh/nixremote # The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail User nixremote ''; - knownHosts."hephaistos.local".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq"; + knownHosts."hephaistos.aristote.mesh".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq"; }; nix = { distributedBuilds = true; buildMachines = [ { - hostName = "hephaistos.local"; + hostName = "hephaistos.aristote.mesh"; system = "x86_64-linux"; # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain protocol = "ssh-ng"; diff --git a/config/services/mesh/default.nix b/config/services/mesh/default.nix index c090721..791a5a6 100644 --- a/config/services/mesh/default.nix +++ b/config/services/mesh/default.nix @@ -42,10 +42,4 @@ in { ''; }; }; - - services.tailscale = { - enable = true; - openFirewall = true; - disableTaildrop = true; - }; } |