Headscale and Tailscale config modules

2025-05-05 11:44:32 +02:00 · 2025-05-05 11:44:32 +02:00 · ad87c67161
commit ad87c67161
parent 53ce9740bd
7 changed files with 23 additions and 21 deletions
--- a/home/features/cli/default.nix
+++ b/home/features/cli/default.nix
@ -67,7 +67,6 @@
    comma
    coreutils
    devenv
-    fabric-ai
    fd
    gcc
    go
@ -79,7 +78,7 @@
    llm
    lf
    nix-index
-    procs
+    nushellPlugins.skim
    progress
    ripgrep
    rocmPackages.rocm-smi
--- a/home/m3tam3re/m3-atlas.nix
+++ b/home/m3tam3re/m3-atlas.nix
@ -7,8 +7,8 @@

  features = {
    cli = {
-      fish.enable = true;
-      fzf.enable = true;
+      nushell.enable = true;
+      skim.enable = true;
      nitch.enable = true;
      secrets.enable = false;
      starship.enable = true;
--- a/home/m3tam3re/m3-kratos.nix
+++ b/home/m3tam3re/m3-kratos.nix
@ -48,8 +48,8 @@ in {
      };
      features = {
        cli = {
-          fish.enable = true;
-          fzf.enable = true;
+          nushell.enable = true;
+          skim.enable = true;
          nitch.enable = true;
          secrets.enable = true;
          starship.enable = true;
--- a/hosts/common/extraServices/ollama.nix
+++ b/hosts/common/extraServices/ollama.nix
@ -12,10 +12,6 @@ in {
  config = mkIf cfg.enable {
    services.ollama = {
      enable = true;
-      package =
-        if config.services.xserver.videoDrivers == ["amdgpu"] # rocblas-6.0.2 broken
-        then pkgs.pinned.ollama
-        else pkgs.ollama;
      acceleration =
        if config.services.xserver.videoDrivers == ["amdgpu"]
        then "rocm"
--- a/hosts/m3-atlas/secrets.nix
+++ b/hosts/m3-atlas/secrets.nix
@ -22,6 +22,9 @@
      searx = {
        file = ../../secrets/searx.age;
      };
+      tailscale-key = {
+        file = ../../secrets/tailscale-key.age;
+      };
      traefik = {
        file = ../../secrets/traefik.age;
        owner = "traefik";
--- a/hosts/m3-atlas/services/tailscale.nix
+++ b/hosts/m3-atlas/services/tailscale.nix
@ -1,23 +1,26 @@
-{pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
+    authKeyFile = config.age.secrets.tailscale-key.path;
    extraUpFlags = [
-      "--login-server https://va.m3tam3re.com"
+      "--login-server=${config.services.headscale.settings.server_url}"
      "--advertise-exit-node"
      "--accept-routes"
    ];
  };

-  # Persistent systemd service for network settings
-  systemd.services.configure-network-offload = {
-    description = "Configure network offload settings";
-    after = ["network.target"];
-    wantedBy = ["multi-user.target"];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-      ExecStart = "${pkgs.ethtool}/bin/ethtool -K ens3 rx-udp-gro-forwarding on rx-gro-list off";
+  services.networkd-dispatcher = {
+    enable = true;
+    rules."50-tailscale" = {
+      onState = ["routable"];
+      script = ''
+        "${pkgs.ethtool} NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") | -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off
+      '';
    };
  };

@ -37,5 +40,6 @@
  environment.systemPackages = with pkgs; [
    ethtool
    tailscale
+    networkd-dispatcher
  ];
 }
--- a/secrets/tailscale-key.age
+++ b/secrets/tailscale-key.age