ptr.pet / ark
this repo has no description
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(dusk@devel.mobi): use tailscale client [skip ci]

dusk 7512a05e 3a9be920

+75 -8
secrets/develMobiTailscaleAuthKey.age

This is a binary file and will not be displayed.

+4
secrets/secrets.nix
··· 62 62 yusdacra 63 63 wolumonde 64 64 ]; 65 + "develMobiTailscaleAuthKey.age".publicKeys = [ 66 + yusdacra 67 + develMobi 68 + ]; 65 69 }
+7 -6
users/dusk@devel.mobi/default.nix
··· 23 23 "fzf" 24 24 "direnv" 25 25 "nushell" 26 - "netbird" 26 + "tailscale" 27 27 ] 28 28 # dev stuff 29 29 [ ··· 57 57 }; 58 58 }; 59 59 60 - age.secrets.netbirdClientKey = { 61 - file = ../../secrets/develMobiNetbirdClientKey.age; 60 + age.secrets.tailscaleAuthKey = { 61 + file = ../../secrets/develMobiTailscaleAuthKey.age; 62 62 mode = "600"; 63 63 }; 64 - services.netbird = { 64 + services.tailscale = { 65 65 enable = true; 66 - managementUrl = "https://bird.gaze.systems"; 67 - setupKeyFile = config.age.secrets.netbirdClientKey.path; 66 + controlServer = "https://vpn.gaze.systems"; 67 + authKeyFile = config.age.secrets.tailscaleAuthKey.path; 68 + extraUpFlags = ["--hostname=dusk-devel-mobi"]; 68 69 }; 69 70 70 71 programs = {
-2
users/dusk@devel.mobi/nsid-tracker.nix
··· 5 5 }: 6 6 let 7 7 server = terra.nsid-tracker-server; 8 - port = 6432; 9 8 in 10 9 { 11 10 systemd.user.services.nsid-tracker = { ··· 19 18 ExecStart = "${pkgs.dash}/bin/dash -c 'cd %D/nsid-tracker && ${server}/bin/server'"; 20 19 Restart = "on-failure"; 21 20 RestartSec = 5; 22 - Environment = ["PORT=${toString port};"]; 23 21 }; 24 22 25 23 Install.WantedBy = [ "multi-user.target" ];
+64
users/modules/tailscale/default.nix
··· 1 + {lib, config, pkgs, ...}: let 2 + l = lib; 3 + t = l.types; 4 + cfg = config.services.tailscale; 5 + proxychainsCfg = pkgs.writers.writeText "proxychains.conf" '' 6 + proxy_dns 7 + quiet_mode 8 + [ProxyList] 9 + socks5 127.0.0.1 1055 10 + http 127.0.0.1 1055 11 + ''; 12 + wrappedProxychains = pkgs.writers.writeBashBin "tailscale-proxychains" '' 13 + ${pkgs.proxychains-ng}/bin/proxychains4 -f "${proxychainsCfg}" $@ 14 + ''; 15 + wrapped = pkgs.writers.writeBashBin "tailscale" '' 16 + ${pkgs.tailscale}/bin/tailscale --socket $XDG_RUNTIME_DIR/tailscaled.sock $@ 17 + ''; 18 + in { 19 + options = { 20 + services.tailscale = { 21 + enable = l.mkEnableOption "tailscale client"; 22 + controlServer = l.mkOption { 23 + type = t.str; 24 + default = "https://controlplane.tailscale.com"; 25 + description = "tailscale control server URL"; 26 + }; 27 + authKeyFile = l.mkOption { 28 + type = t.nullOr t.str; 29 + default = null; 30 + description = "Path to the auth key file"; 31 + }; 32 + extraUpFlags = l.mkOption { 33 + type = t.listOf t.str; 34 + default = []; 35 + description = "Extra flags to pass to tailscale up"; 36 + }; 37 + proxyScript = l.mkOption { 38 + type = t.package; 39 + description = "path to a script that uses proxychains to proxy traffic"; 40 + readOnly = true; 41 + }; 42 + }; 43 + }; 44 + config = l.mkIf cfg.enable { 45 + home.packages = [ wrapped wrappedProxychains ]; 46 + services.tailscale.proxyScript = wrappedProxychains; 47 + systemd.user.services.tailscaled = { 48 + Unit = { 49 + Description = "tailscaled"; 50 + After = [ "network.target" ]; 51 + }; 52 + 53 + Service = { 54 + ExecStart = "${pkgs.tailscale}/bin/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket %t/tailscaled.sock"; 55 + Restart = "on-failure"; 56 + RestartSec = "5s"; 57 + } // l.optionalAttrs (cfg.authKeyFile != null) { 58 + ExecStartPost = "${wrapped}/bin/tailscale up --reset --login-server=${cfg.controlServer} --auth-key=file:${cfg.authKeyFile} ${l.concatStringsSep " " cfg.extraUpFlags}"; 59 + }; 60 + 61 + Install.WantedBy = [ "network.target" ]; 62 + }; 63 + }; 64 + }