fix: reenable tailcale on colmena nodes
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
parent
16ffe4e125
commit
6340657086
GPG key ID:
0142722B4B0C536F
3 changed files with 80 additions and 0 deletions
|
|
@ -31,6 +31,15 @@ creation_rules:
|
||||||
- *mail-01
|
- *mail-01
|
||||||
pgp:
|
pgp:
|
||||||
- *lander
|
- *lander
|
||||||
|
- path_regex: hosts/servers/common.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *db-01
|
||||||
|
- *hosting-01
|
||||||
|
- *hosting-02
|
||||||
|
- *mail-01
|
||||||
|
pgp:
|
||||||
|
- *lander
|
||||||
- path_regex: hosts/db-01/secrets.yam?l$
|
- path_regex: hosts/db-01/secrets.yam?l$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
lib,
|
lib,
|
||||||
modulesPath,
|
modulesPath,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
|
@ -50,6 +51,21 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets.tailscale-authkey = {
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
sopsFile = ./common.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = false;
|
||||||
|
extraUpFlags = [
|
||||||
|
"--login-server=https://headscale.escapeangle.com"
|
||||||
|
];
|
||||||
|
authKeyFile = config.sops.secrets.tailscale-authkey.path;
|
||||||
|
};
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
environment.pathsToLink = [ "/share/zsh" ];
|
environment.pathsToLink = [ "/share/zsh" ];
|
||||||
environment.shells = [ pkgs.zsh ];
|
environment.shells = [ pkgs.zsh ];
|
||||||
|
|
|
||||||
55
hosts/servers/common.yaml
Normal file
55
hosts/servers/common.yaml
Normal file
|
|
@ -0,0 +1,55 @@
|
||||||
|
tailscale-authkey: ENC[AES256_GCM,data:5gGzPfdHWB8dYJ0/pyy1ZLXgpTy0Vb3J+RDcRnSPBp9aS11iZJHBp+drNmrKGIzM,iv:bvKua+uX8jbfPAD5LwcEX+lDmCQpKImK7bfw9kKeDt4=,tag:XSTe6iLDWwPQG7ohCTjHIQ==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1a5zz4cyda0aqh0hgf8svpyh9ktwy6z5x3gnnu5ysvpvek9rn03csx7dyqn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TUNKT0JtZEs3M0hEUjVt
|
||||||
|
WWJRUkFNSm9pVjRlVkk3RzVPeVZkNytUYVJRCnhzd0syd25HLzBTTFRBN3pXQUVW
|
||||||
|
VXJxakRZdzdGL3U0aFNrVEdTRVNBZUkKLS0tIDFrOC8ySVVYV3pLbDlDakpRZHhh
|
||||||
|
SzlLWGwrYjVNcGFLVGNTTmhleXNZMEEKabv69KbHpVEGpknnuEO+1OgdWCtvdkP6
|
||||||
|
fP55S4jIHjkONG1upwIxHj3YJO55nI5kA4XAx+5AOSntwN1iAXRciA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTGFJTE5oU2tUcU1XcTVy
|
||||||
|
ZDBiSTQ5bGppOGRjUEV4WG9lc2xFN1RIQTNzCmZuelNkUjhyZWtqSTNZWHhIRjhT
|
||||||
|
UEpyeE9wdC9wSVZLckVzMVdQSXlhOTAKLS0tIGRBeXlWNHRyQkFpS2l2WlJHTnBI
|
||||||
|
WVRHWmE0QU1qK0NpT1QyL1ZZWXpmc3cK4UKRpOatiXqt2DvJmMlB2D+En4ufBXhe
|
||||||
|
vdxhnMZgMlMhN0F+KkOEt8JD1jrbOQ0fn1KdDcsjqO4MBJJK1smB9Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZGNYQW9pbEVQdTl3WEo2
|
||||||
|
ZWtHOHZzRmRMNkZHS1FjN1UrN0VGc0swc0JZClN3ckNrcXZoWTBpRGpGa0NSMkVY
|
||||||
|
K2ZVSmhuaHlQWUtqakRNTGVacDhScUkKLS0tIDl3czNRYUpra3Y2enlkMkRxUzlN
|
||||||
|
cDdhVlUyZGhsdHMzZ0E5andLVHVoNkkKocZp5EicX0pu1xaX+wYFfLqMoXxn5KiL
|
||||||
|
DsNPjAG//EslXpYq2UxXnWYaUKBq8fUr4moMG8omaoZ6KWgG8u1PeQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u2a7wakgsyct6ed7ah2pksymh7jjl08ankedeyl5pa5jcs8r0uks02jpza
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdkpsYUlwVlFJVjBRQjJn
|
||||||
|
TWhpZlluTEYwV0I2cDVUYytUZisrL0lWWTBnCnc3THNqT1BzeGkraDUyV0dMWGFr
|
||||||
|
NEo0aEtkUGVxVmttc09RMXJjblRNQUUKLS0tIENIN0hFbVFsbnIwRnYxdmVqVHlN
|
||||||
|
ZWFpdkxVVFpOUzRnUUFYYkIvcG0xa00Ktrrn8R69OF8wwsz9RuvKAiVtS+thbbNp
|
||||||
|
5DnmezbVOr6g3bNLnRQ/GDfesHqvCWTQ+Lv2t8tnXXbjXrNWcxOTgw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-09-09T21:18:09Z"
|
||||||
|
mac: ENC[AES256_GCM,data:+GzVY/9R89YOL1dm0q1q3VSdsBa8krphFk8vOup+0XRn2BaLjwCIvOXQMBycVuRgMUHf77p1ETgpoj9quTDwJK8JDcP8pT6gfa/1mLuFz1I34cVk5f7Vx2BnX2Oh0LN+PXiMggbuySiNk3huOhgnrVCwwukT6PfvOXlYY5DVPPg=,iv:mp07YVgO0Xpp/XtOvD70hF+4ZGQJbn5EXxwPh2fXPMQ=,tag:dVwF6Y73DFeaNlYWLrqJWw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2025-09-09T21:20:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DARdpY4woM6wSAQdAqzNqNtPjbYWAx9XIB+bdZjhIIfCTOm1hUrpCu7emwgMw
|
||||||
|
WKfVFLeKJg+d/3PrR5hBoEfsj/IFUXiXDNrlpfr+VQCwd0XLMAM0WvFeod2gPe+1
|
||||||
|
0l4BXxWsyWzDdukiLzqtHelEvaJk8UU3LfhqsmdmQoApbx0AkLGUAQLgiHWtDkj6
|
||||||
|
w+QeYq0CJbO5kCLO+kNCVSNoWDyGOokKqcMxglyaIjlkjodf/Xw56HAeF1BuxPmV
|
||||||
|
=BwAM
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.10.2
|
||||||
Loading…
Add table
Add a link
Reference in a new issue