From eb0a31cce6d5475e5c61893d3cf944acedc22df0 Mon Sep 17 00:00:00 2001 From: Sascha Koenig Date: Mon, 5 May 2025 09:11:47 +0200 Subject: [PATCH] Headscale and Tailscale config modules --- home/features/cli/default.nix | 3 +-- home/m3tam3re/m3-atlas.nix | 4 ++-- home/m3tam3re/m3-kratos.nix | 4 ++-- hosts/common/extraServices/ollama.nix | 4 ---- hosts/m3-atlas/secrets.nix | 3 +++ hosts/m3-atlas/services/tailscale.nix | 26 +++++++++++++++----------- secrets/tailscale-key.age | Bin 1152 -> 1130 bytes 7 files changed, 23 insertions(+), 21 deletions(-) diff --git a/home/features/cli/default.nix b/home/features/cli/default.nix index c8c624b..0cee4d2 100644 --- a/home/features/cli/default.nix +++ b/home/features/cli/default.nix @@ -67,7 +67,6 @@ comma coreutils devenv - fabric-ai fd gcc go @@ -79,7 +78,7 @@ llm lf nix-index - procs + nushellPlugins.skim progress ripgrep rocmPackages.rocm-smi diff --git a/home/m3tam3re/m3-atlas.nix b/home/m3tam3re/m3-atlas.nix index 0f6c41d..cfb6428 100644 --- a/home/m3tam3re/m3-atlas.nix +++ b/home/m3tam3re/m3-atlas.nix @@ -7,8 +7,8 @@ features = { cli = { - fish.enable = true; - fzf.enable = true; + nushell.enable = true; + skim.enable = true; nitch.enable = true; secrets.enable = false; starship.enable = true; diff --git a/home/m3tam3re/m3-kratos.nix b/home/m3tam3re/m3-kratos.nix index 008bca2..c906d28 100644 --- a/home/m3tam3re/m3-kratos.nix +++ b/home/m3tam3re/m3-kratos.nix @@ -48,8 +48,8 @@ in { }; features = { cli = { - fish.enable = true; - fzf.enable = true; + nushell.enable = true; + skim.enable = true; nitch.enable = true; secrets.enable = true; starship.enable = true; diff --git a/hosts/common/extraServices/ollama.nix b/hosts/common/extraServices/ollama.nix index 436cf5f..6552f23 100644 --- a/hosts/common/extraServices/ollama.nix +++ b/hosts/common/extraServices/ollama.nix @@ -12,10 +12,6 @@ in { config = mkIf cfg.enable { services.ollama = { enable = true; - package = - if config.services.xserver.videoDrivers == ["amdgpu"] # rocblas-6.0.2 broken - then pkgs.pinned.ollama - else pkgs.ollama; acceleration = if config.services.xserver.videoDrivers == ["amdgpu"] then "rocm" diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index d607c11..e37bac0 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -22,6 +22,9 @@ searx = { file = ../../secrets/searx.age; }; + tailscale-key = { + file = ../../secrets/tailscale-key.age; + }; traefik = { file = ../../secrets/traefik.age; owner = "traefik"; diff --git a/hosts/m3-atlas/services/tailscale.nix b/hosts/m3-atlas/services/tailscale.nix index c170f1d..a8ef6d0 100644 --- a/hosts/m3-atlas/services/tailscale.nix +++ b/hosts/m3-atlas/services/tailscale.nix @@ -1,23 +1,26 @@ -{pkgs, ...}: { +{ + config, + pkgs, + ... +}: { services.tailscale = { enable = true; useRoutingFeatures = "both"; + authKeyFile = config.age.secrets.tailscale-key.path; extraUpFlags = [ - "--login-server https://va.m3tam3re.com" + "--login-server=${config.services.headscale.settings.server_url}" "--advertise-exit-node" "--accept-routes" ]; }; - # Persistent systemd service for network settings - systemd.services.configure-network-offload = { - description = "Configure network offload settings"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.ethtool}/bin/ethtool -K ens3 rx-udp-gro-forwarding on rx-gro-list off"; + services.networkd-dispatcher = { + enable = true; + rules."50-tailscale" = { + onState = ["routable"]; + script = '' + "${pkgs.ethtool} NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") | -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off + ''; }; }; @@ -37,5 +40,6 @@ environment.systemPackages = with pkgs; [ ethtool tailscale + networkd-dispatcher ]; } diff --git a/secrets/tailscale-key.age b/secrets/tailscale-key.age index cd6764c677e55beb194b0518766445e4a70461c6..0f1b32aed40e91a4cfeaac041a0e4afd91548ab9 100644 GIT binary patch delta 1062 zcmZqRe8n+Ar#{2HG9b9fE6KymxFE5pJjF!c&&)40-M1>&%RewOygV<$&(t(3!=lP5 zlFQBA)v3}v$jihiUt3$-Ki4;_BtYLZAfP-r-7LVPG{D@*H6zl@yv!pjnM>DBp}06h zH#Nn`)YQ;Y!8E%(x!6%5J;cr1JK3wqu{_Bw-K8kIz|A?Jz}dIZD8)Q8+0e(xE4Q%H z#LLe#Db%Q(%e6>5$SG1o6Mr!uoDz&Fo0r!v=I z;z#lD;QR{D3d@ob$GmWtbPw-zeRn^nWd9Pg^t38pcMo4rzp_*_^WusOvx-QrV&fDK zx8lU&q#~zaV}qc8!jyu@aNm-$h%|4n)DX|C{1C^8^yGA3Ls!?y@r>g2!NvLpE&(pi zZYhabrY^-HF8M~DDM@KT#ihYvCYF}^&W52;sU{VUkzuY}9ywv9=8i_?RnBFFiM}CK z;jR_FC8mK9hF-~8-X@``PRWj?S&oK9L4lF5P%0`;RB#E*aWyaJN=kC~DfO*#bo2`k z$jMF%&@S^TcC9Zj2y->840X$NN)LC*b9N03&JK0<3@S@^cTEZ~^Yzd0PIB~&GAIjj zP3AIoHjfOA2+t{VuFBAMaW}IJ@b@t;G<32oE{k$0EOqoOtO&RCaZ4)-NGUb;&Gbt2 zb+;%lHZlw}aV*TPC=TPQG)*onb#}I>%1sF?cCFBN%Bs&Z^2jXCDk@6NEekcv%Jg*g zG%Lz<@z4*?3(3w3_cV47h)6a_&W=cP4-WRI;&L`EFE#Z{O^dQDsW3~n4A;*uNHHt* zPID>FGW1Ul^A7M#@-%ZROsNd1NC`Bk@(#{PGB2sD3`#Rjjq**^4&o{e4X7;2&kW4< zHHivxNvbcYOwZ3suX2eBDmDr9@H2JJ^YSRJNYPHzPjYq53JGyFE=l(*Fg9=wHu5(P zbICE`@-5OYjErzME(`T>&Gxbk%}+Kj42g2j$@bF@F*d34w{%S@&2;n5_sMs5&B=)H zakWUyHb_ZMGfzn?kJJweGNt1QYlcP?|%_b<>7h~#>0RJnJ-hbIkf zfzREy-EG*ccjeTq0ge@K_djerjdZ{F5e3o@MB4gmQAaW4P> delta 1085 zcmaFG(ZD%Dr@q3|si-8R+#n+=G(5??BCIMjG}Fw{&DqkW(k-N*D6BBQyuc(^KRZ0z zfXm0&&?O+x-z_QAEx05rslud4Kg+eUtk57gyezY{Lfh3O-8i$%)89ZlkW1H2p}06h zH#Nn`)YQ;Y!8E%(x!6&ms3bQhq|)2cEuh>l&(t}<$1TLtGAcVPG9WF(Io-{y*ey9Y z(y=1bN8izeE6_8gG_0~RD=^EoqQuC+B|J3PSvx#EFC?#0yDZ8%tvItdtHOnvXLT=(qB@r>g2S>a`=+Li?d zY1$^v0X|tCg~i!9-j${v!LDXGu4VczhGi)M1p&^PXHVyXDPVtON;_~!Q&vGqJ4|g&N2{o#!$SKXpNy;{I z%t_77j3_BF^2!Je)b|J|weTwp);0=pD)CLp3eL_?_HuX4Hw-Gv4&h1(bF1?4s&F-N zPcbn|&8shUG0xOCvCK%!N-8aiDlzl*t_XEYE)U7iEYHub@^g<4P{@PYus?E-dj*$*VWd&!`Lw_wmy=4YDxHbMvz>iZD$o z&n%B9&Z`Q`Nc0KtO06u-Ec6Vp2(0pR^e7H?3^U;}smL%3El!Ox^(ZRQ_bSWHcFRoj ztkSN^u*lU9boR`4cdy7ZaLEraGz-c#bxo@b2(-w_&8SGRsPxP)&&l=W;?mXCRq*i9 zHmmo@P4unI%J2#;O!hG@ax2SlGKz9^cZ|p?wJc8wPD*ymOGyt84&_>#Ig6j!q-^5u z`sC5;cw`iWH+g{`_U06BhaP`Of3GcRqAALUi!1VoEyBW6ZjB8i; z@>QO3_2W9#EvN09XDyL^Uu7rbpWVDsXX|5Y^B4gIHixXF)b`>se~(w~)3#g$0LY7Z A761SM