headscale ssh acl

flake.lock

@@ -245,14 +245,17 @@
         "opencode": "opencode"
       },
       "locked": {
-        "lastModified": 1770918709,
-        "narHash": "sha256-X1vykZe7eFZHCPniWPTB4uWCl78BAx/vFZoK15gvSBY=",
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
-        "type": "path"
+        "lastModified": 1771121922,
+        "narHash": "sha256-WjlMXMFH5FvJzDiEkw5FnIL9pJ/qdY271hRPZ7nU24Q=",
+        "ref": "refs/heads/master",
+        "rev": "6ebd7b94d50d1526a697f40ac0ebf44542b026fe",
+        "revCount": 112,
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       },
       "original": {
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
-        "type": "path"
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       }
     },
     "nix-colors": {
@@ -544,16 +547,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1770875904,
-        "narHash": "sha256-8ZEVlGe1saA/2KtDTKgkwWfpLCbxfwFip+m+3FlQQK0=",
+        "lastModified": 1771120533,
+        "narHash": "sha256-FA9RRo4wH+FHXWIm3hm0oPouQ+VKral+Mqbk4g3dPfo=",
         "owner": "anomalyco",
         "repo": "opencode",
-        "rev": "03de51bd3cf9e05bd92c9f51763b74a3cdfbe61a",
+        "rev": "d1482e148399bfaf808674549199f5f4aa69a22d",
         "type": "github"
       },
       "original": {
         "owner": "anomalyco",
-        "ref": "v1.1.60",
+        "ref": "v1.2.4",
         "repo": "opencode",
         "type": "github"
       }

flake.nix

@@ -22,8 +22,8 @@
     nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
     nixpkgs-master.url = "github:nixos/nixpkgs/master";
 
-    # m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
-    m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
+    m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
+    # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
     #
     nur = {
       url = "github:nix-community/NUR";

home/m3tam3re/m3-atlas.nix

@@ -2,9 +2,10 @@
   imports = [
     ../common
     ../features/cli
+    ../features/coding/opencode.nix
     ./home-server.nix
   ];
-
+  coding.editors.neovim.enable = true;
   features = {
     cli = {
       nushell.enable = true;
@@ -12,6 +13,7 @@
       nitch.enable = true;
       secrets.enable = false;
       starship.enable = true;
+      zellij.enable = true;
     };
   };
 }

hosts/m3-ares/services/tailscale.nix

@@ -6,6 +6,7 @@
     extraUpFlags = [
       "--login-server=https://va.m3tam3re.com"
       "--accept-routes"
+      "--ssh"
     ];
   };
 }

hosts/m3-atlas/services/headscale.nix

@@ -36,7 +36,21 @@
           dst = ["${adminUser}:*"];
         }
       ];
-
+      # Tailscale SSH rules
+      ssh = [
+        {
+          action = "accept";
+          src = ["${adminUser}"];
+          dst = ["*"];
+          users = ["*"];
+        }
+        {
+          action = "accept";
+          src = ["group:admins"];
+          dst = ["*"];
+          users = ["*"];
+        }
+      ];
       # Auto-approvers section for routes
       autoApprovers = {
         routes = {
@@ -60,7 +74,7 @@
     services = {
       headscale = {
         enable = true;
-        adminUser = "m3tam3re@m3ta.loc";
+        adminUser = "m3tam3re";
         port = 3009;
         settings = {
           server_url = "https://va.m3tam3re.com";

hosts/m3-atlas/services/tailscale.nix

@@ -12,6 +12,7 @@
       "--login-server=${config.services.headscale.settings.server_url}"
       "--advertise-exit-node"
       "--accept-routes"
+      "--ssh"
     ];
   };
   services.networkd-dispatcher = lib.mkIf config.services.tailscale.enable {