networking: wireguard -> tailscale

3 files changed, 8 insertions, 25 deletions

diff --git a/config/networking.nix b/config/networking.nix
index 14333fe..970e2b1 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -18,21 +18,11 @@
     ];
     defaultGateway = "93.95.228.1";
     nameservers = ["93.95.224.28" "93.95.224.29"];
+  };
 
-    firewall.allowedUDPPorts = [51820];
-    wireguard = {
-      enable = true;
-      interfaces.talaria = {
-        ips = ["10.13.42.1/24"];
-        listenPort = 51820;
-        privateKeyFile = "/etc/wireguard/talaria.key";
-        peers = [
-          {
-            publicKey = "RrRb7eFxyfOOM99pJyBJ9fOIaZeEllHa8kQheN99dFE=";
-            allowedIPs = ["10.13.42.2"];
-          }
-        ];
-      };
-    };
+  services.tailscale = {
+    enable = true;
+    openFirewall = true;
+    disableTaildrop = true;
   };
 }
diff --git a/config/nix/remote-builds.nix b/config/nix/remote-builds.nix
index 5f23108..d252af2 100644
--- a/config/nix/remote-builds.nix
+++ b/config/nix/remote-builds.nix
@@ -1,22 +1,21 @@
 {...}: {
-  networking.hosts."10.13.42.2" = ["hephaistos.local"];
   programs.ssh = {
     extraConfig = ''
-      Host hephaistos.local
+      Host hephaistos.aristote.mesh
         # Prevent using ssh-agent or another keyfile, useful for testing
         IdentitiesOnly yes
         IdentityFile /etc/ssh/nixremote
         # The weakly privileged user on the remote builder – if not set, 'root' is used – which will hopefully fail
         User nixremote
     '';
-    knownHosts."hephaistos.local".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq";
+    knownHosts."hephaistos.aristote.mesh".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtqi8tziBuviUV8LDK2ddQQUbHdJYB02dgWTK5Olxq";
   };
 
   nix = {
     distributedBuilds = true;
     buildMachines = [
       {
-        hostName = "hephaistos.local";
+        hostName = "hephaistos.aristote.mesh";
         system = "x86_64-linux";
         # Nix custom ssh-variant that avoids lots of "trusted-users" settings pain
         protocol = "ssh-ng";
diff --git a/config/services/mesh/default.nix b/config/services/mesh/default.nix
index c090721..791a5a6 100644
--- a/config/services/mesh/default.nix
+++ b/config/services/mesh/default.nix
@@ -42,10 +42,4 @@ in {
       '';
     };
   };
-
-  services.tailscale = {
-    enable = true;
-    openFirewall = true;
-    disableTaildrop = true;
-  };
 }