headscale ssh acl

2026-02-16 18:59:34 +01:00
parent 105e573c53
commit 7b9caedaa4
6 changed files with 36 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -245,14 +245,17 @@
        "opencode": "opencode"
      },
      "locked": {
-        "lastModified": 1770918709,
+        "lastModified": 1771121922,
-        "narHash": "sha256-X1vykZe7eFZHCPniWPTB4uWCl78BAx/vFZoK15gvSBY=",
+        "narHash": "sha256-WjlMXMFH5FvJzDiEkw5FnIL9pJ/qdY271hRPZ7nU24Q=",
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
+        "ref": "refs/heads/master",
-        "type": "path"
+        "rev": "6ebd7b94d50d1526a697f40ac0ebf44542b026fe",
        "revCount": 112,
        "type": "git",
        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
      },
      "original": {
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
+        "type": "git",
-        "type": "path"
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
      }
    },
    "nix-colors": {
@@ -544,16 +547,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1770875904,
+        "lastModified": 1771120533,
-        "narHash": "sha256-8ZEVlGe1saA/2KtDTKgkwWfpLCbxfwFip+m+3FlQQK0=",
+        "narHash": "sha256-FA9RRo4wH+FHXWIm3hm0oPouQ+VKral+Mqbk4g3dPfo=",
        "owner": "anomalyco",
        "repo": "opencode",
-        "rev": "03de51bd3cf9e05bd92c9f51763b74a3cdfbe61a",
+        "rev": "d1482e148399bfaf808674549199f5f4aa69a22d",
        "type": "github"
      },
      "original": {
        "owner": "anomalyco",
-        "ref": "v1.1.60",
+        "ref": "v1.2.4",
        "repo": "opencode",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -22,8 +22,8 @@
    nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
    nixpkgs-master.url = "github:nixos/nixpkgs/master";
-    # m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
+    m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
-    m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
+    # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
    #
    nur = {
      url = "github:nix-community/NUR";
--- a/home/m3tam3re/m3-atlas.nix
+++ b/home/m3tam3re/m3-atlas.nix
@@ -2,9 +2,10 @@
  imports = [
    ../common
    ../features/cli
    ../features/coding/opencode.nix
    ./home-server.nix
  ];
-
+  coding.editors.neovim.enable = true;
  features = {
    cli = {
      nushell.enable = true;
@@ -12,6 +13,7 @@
      nitch.enable = true;
      secrets.enable = false;
      starship.enable = true;
      zellij.enable = true;
    };
  };
 }
--- a/hosts/m3-ares/services/tailscale.nix
+++ b/hosts/m3-ares/services/tailscale.nix
@@ -6,6 +6,7 @@
    extraUpFlags = [
      "--login-server=https://va.m3tam3re.com"
      "--accept-routes"
      "--ssh"
    ];
  };
 }
--- a/hosts/m3-atlas/services/headscale.nix
+++ b/hosts/m3-atlas/services/headscale.nix
@@ -36,7 +36,21 @@
          dst = ["${adminUser}:*"];
        }
      ];
-
+      # Tailscale SSH rules
      ssh = [
        {
          action = "accept";
          src = ["${adminUser}"];
          dst = ["*"];
          users = ["*"];
        }
        {
          action = "accept";
          src = ["group:admins"];
          dst = ["*"];
          users = ["*"];
        }
      ];
      # Auto-approvers section for routes
      autoApprovers = {
        routes = {
@@ -60,7 +74,7 @@
    services = {
      headscale = {
        enable = true;
-        adminUser = "m3tam3re@m3ta.loc";
+        adminUser = "m3tam3re";
        port = 3009;
        settings = {
          server_url = "https://va.m3tam3re.com";
--- a/hosts/m3-atlas/services/tailscale.nix
+++ b/hosts/m3-atlas/services/tailscale.nix
@@ -12,6 +12,7 @@
      "--login-server=${config.services.headscale.settings.server_url}"
      "--advertise-exit-node"
      "--accept-routes"
      "--ssh"
    ];
  };
  services.networkd-dispatcher = lib.mkIf config.services.tailscale.enable {