installed tailscale on all machines

2025-02-23 11:10:16 -06:00 · 2025-02-23 11:10:16 -06:00 · 2e0f71a6fa
commit 2e0f71a6fa
parent 9bfa5c9e8d
7 changed files with 133 additions and 62 deletions
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@ -1,5 +1,16 @@
 # server nas
-{pkgs, ...}: {
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}: {
+  sops.secrets = {
+    "wireguard-keys/tailscale-authkey/defiant" = {
+      sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
+    };
+  };
+
  host = {
    users = {
      leyla = {
@ -136,6 +147,10 @@
        "deepseek-r1:70b"
      ];
    };
+    tailscale = {
+      enable = true;
+      authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path;
+    };
  };

  # disable computer sleeping
--- a/configurations/nixos/horizon/configuration.nix
+++ b/configurations/nixos/horizon/configuration.nix
@ -1,4 +1,5 @@
 {
+  config,
  inputs,
  pkgs,
  ...
@ -36,6 +37,15 @@

  programs.adb.enable = true;

+  sops.secrets = {
+    "wireguard-keys/tailscale-authkey/horizon" = {
+      sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
+    };
+    # "wireguard-keys/proton/horizon" = {
+    #   sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
+    # };
+  };
+
  services = {
    # sudo fprintd-enroll
    fprintd = {
@ -49,6 +59,42 @@
        "deepseek-r1:1.5b"
      ];
    };
+    tailscale = {
+      enable = true;
+      authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path;
+    };
+  };
+
+  networking = {
+    # wg-quick.interfaces = {
+    #   proton = {
+    #     # IP address of this machine in the *tunnel network*
+    #     address = ["10.2.0.1/32"];
+
+    #     listenPort = 51820;
+
+    #     privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path;
+
+    #     peers = [
+    #       {
+    #         publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q=";
+    #         allowedIPs = ["0.0.0.0/0"];
+    #         endpoint = "84.17.63.8:51820";
+    #         persistentKeepalive = 25;
+    #       }
+    #       {
+    #         publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y=";
+    #         allowedIPs = ["0.0.0.0/0"];
+    #         endpoint = "68.169.42.242:51820";
+    #         persistentKeepalive = 25;
+    #       }
+    #       {
+    #         publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs=";
+    #         allowedIPs = ["0.0.0.0/0"];
+    #       }
+    #     ];
+    #   };
+    # };
  };

  # networking.extraHosts = ''
--- a/configurations/nixos/horizon/hardware-configuration.nix
+++ b/configurations/nixos/horizon/hardware-configuration.nix
@ -6,19 +6,12 @@
  lib,
  pkgs,
  modulesPath,
-  inputs,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  sops.secrets = {
-    "wireguard-keys/proton/horizon" = {
-      sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
-    };
-  };
-
  boot = {
    initrd = {
      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
@ -96,36 +89,6 @@
    networkmanager.enable = true;
    useDHCP = lib.mkDefault true;
    hostName = "horizon"; # Define your hostname.
-
-    # wg-quick.interfaces = {
-    #   proton = {
-    #     # IP address of this machine in the *tunnel network*
-    #     address = ["10.2.0.1/32"];
-
-    #     listenPort = 51820;
-
-    #     privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path;
-
-    #     peers = [
-    #       {
-    #         publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q=";
-    #         allowedIPs = ["0.0.0.0/0"];
-    #         endpoint = "84.17.63.8:51820";
-    #         persistentKeepalive = 25;
-    #       }
-    #       {
-    #         publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y=";
-    #         allowedIPs = ["0.0.0.0/0"];
-    #         endpoint = "68.169.42.242:51820";
-    #         persistentKeepalive = 25;
-    #       }
-    #       {
-    #         publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs=";
-    #         allowedIPs = ["0.0.0.0/0"];
-    #       }
-    #     ];
-    #   };
-    # };
  };

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
--- a/configurations/nixos/twilight/configuration.nix
+++ b/configurations/nixos/twilight/configuration.nix
@ -1,10 +1,19 @@
-{...}: {
+{
+  inputs,
+  config,
+  ...
+}: {
  imports = [
    ./monitors.nix
  ];

  nixpkgs.config.allowUnfree = true;

+  sops.secrets = {
+    "wireguard-keys/tailscale-authkey/twilight" = {
+      sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
+    };
+  };
  host = {
    users = {
      leyla = {
@ -22,16 +31,22 @@
    };
  };

-  services.ollama = {
-    enable = true;
+  services = {
+    ollama = {
+      enable = true;

-    loadModels = [
-      "deepseek-coder:6.7b"
-      "deepseek-r1:8b"
-      "deepseek-r1:32b"
-    ];
+      loadModels = [
+        "deepseek-coder:6.7b"
+        "deepseek-r1:8b"
+        "deepseek-r1:32b"
+      ];
+    };
+
+    tailscale = {
+      enable = true;
+      authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path;
+    };
  };
-
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play