From 96b6d93dc5c2bd3a83cbc73816d1adfda99acece Mon Sep 17 00:00:00 2001 From: Mat Jones Date: Thu, 4 Jul 2024 12:57:55 -0400 Subject: [PATCH] fix(nixos): Connect home server via tailscale --- hosts/pc/default.nix | 2 +- hosts/server/default.nix | 17 ++++------------- hosts/server/secrets.nix | 1 + secrets.nix | 1 + tailscale.age | 7 +++++++ 5 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 tailscale.age diff --git a/hosts/pc/default.nix b/hosts/pc/default.nix index c0ded980..a16c2e88 100644 --- a/hosts/pc/default.nix +++ b/hosts/pc/default.nix @@ -13,7 +13,7 @@ powerManagement.cpuFreqGovernor = "performance"; hardware = { # use proprietary nvidia drivers - opengl.enable = true; + graphics.enable = true; nvidia = { # workaround for Steam new UI bug, change this back to `config.boot.kernelPackages.nvidiaPackages.stable` in the future. # see: https://wiki.archlinux.org/title/Steam/Troubleshooting#Steam_window_does_not_show_on_Nvidia_GPUs_after_the_June_14,_2023_update diff --git a/hosts/server/default.nix b/hosts/server/default.nix index e1acc051..a03afc69 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ config, ... }: { # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # @@ -21,7 +21,6 @@ ./hardware-configuration.nix ./secrets.nix ./ollama.nix - ./nginx.nix ./content.nix ./nas.nix ./containers.nix @@ -36,7 +35,9 @@ efi.efiSysMountPoint = "/boot"; }; }; - services = { # Did you read the comment? + services = { + tailscale.enable = true; + tailscale.authKeyFile = config.age.secrets.tailscale.path; fail2ban.enable = true; openssh = { enable = true; @@ -56,15 +57,5 @@ vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) - ]; - }; programs.fish.enable = true; } diff --git a/hosts/server/secrets.nix b/hosts/server/secrets.nix index 77fea5a0..6cf94e74 100644 --- a/hosts/server/secrets.nix +++ b/hosts/server/secrets.nix @@ -3,6 +3,7 @@ secrets = { mullvad_wireguard.file = ../../mullvad_wireguard.age; homepage.file = ../../homepage.age; + tailscale.file = ../../tailscale.age; }; }; } diff --git a/secrets.nix b/secrets.nix index cd79114f..67cf4b2b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,4 +13,5 @@ let in { "mullvad_wireguard.age".publicKeys = users ++ systems; "homepage.age".publicKeys = users ++ systems; + "tailscale.age".publicKeys = users ++ systems; } diff --git a/tailscale.age b/tailscale.age new file mode 100644 index 00000000..44afe7d6 --- /dev/null +++ b/tailscale.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 FeK1Dw U61KUkmc8LZ3H5jIyn0WW4b7XM+uZqP1Aj3CMvNbWwQ +iyQnbUDVk7E0apGa80qMRGT6mCAl8LGzGjyrM7I6768 +-> ssh-ed25519 kfVkkw YWc4Us4soHllJY3d8uoA6VrKOZ34ihJV4rtBIvLKXy8 +bn8SafQr7h02BJFdMblc7Kxczcud6LyQ10f/looBVtA +--- 1HRqwZlF3VLZDAbdr1YUmCAdu2xh8+l7yS+nrP52DY0 +!94fz\Zo XGX|ědkJəZhS]2}KK'm'0g$<g]}PNcdd" \ No newline at end of file