feat(axol, baxter): Enable tailscale (#14)

Previously, we set up headscale We need to enable tailscale on baxter, as we intend to use tailscale to connect builders to its buildbot instance As the headscale server doesn't automatically put the server running it into the tailscale network, we also need to set up the tailscale daemon on axol Reviewed-on: #14 Co-authored-by: Skyler Grey <sky@a.starrysky.fyi> Co-committed-by: Skyler Grey <sky@a.starrysky.fyi>
2024-08-09 20:28:14 +00:00 · 2024-08-09 20:28:14 +00:00 · 6cc4c3fc67
parent 740e35fb48
commit 6cc4c3fc67
6 changed files with 38 additions and 0 deletions
--- a/secrets/rekeyed/axol/1ee57cb56c17a905d8f6d68eb574db79-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age
+++ b/secrets/rekeyed/axol/1ee57cb56c17a905d8f6d68eb574db79-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 JMblKQ /KeQPyNmEYg1qHq5M4z3aQ7Jt4dwozMQMhmb1wzdDDw
+kS77B2HAZxnhMzcD9bTkcyhGiRrkzEv6+UDcE0lonJU
+-> BVh{PUl}-grease K D$G T_Ov7Cb
+vmCUTiAi81FTpapoJgHlCO9e6ZXzUW5QfuclIZbG2gqoL6XKSvED84gdZeIeZ3TA
+tSFu/4eADDeqoGKiFQSt/Ji+qy2XDmIVJh400QwcUsjZasRXMquGPn6jDxo
+--- +5WuWL/wQ0EH3xpoQ3f5mLiHZNsXO8wGpsNBh+PfTkA
+ËA©åß˜õTfl—àæ×±×ÆZôdW4‰ÝN–æ÷¤$[P#¡Z‚ÜÔÜ<18>×þƒÃ’æ£A¥ÙFÃr•bïd<C3AF>-`,@ÕµóÈÐäÕ
--- a/secrets/rekeyed/baxter/5b9aeed25aabf9b5f06ec083278ad21c-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age
+++ b/secrets/rekeyed/baxter/5b9aeed25aabf9b5f06ec083278ad21c-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 Z9MeFA 2SrMV2OMZdsZPSaxzxfgQF2ukrzRme+Vt4eAcT7dkAs
+QpHJD8cT6DMR1FP1ft57hRCYjZW6aw16cEv61mBqADg
+-> v.`66g}-grease CAkD Ap<g
+BQxsewykSzbTiU+pZmYdy4b0E2I225h0XVUFQ3mMMxHKTznsJhdon86DByrlPIK5
+S6W2AJ/wMHauk8EzHBTWsTiZnvmAk04OpLjxlgfl
+--- xQos1NCssn+gCQMs3fdLeOxgOeLRvsYZlCW9cYRsGFs
+/7}¨rÈÏÞÈ …ŠÄûk(-–N(®ßˆÄÿPfún†¸E›<45>3fLídÉ†{Az‚B³ÒÿyS
F³Œ”8X¹©¨Ty´Ó8¾9°Puèá
--- a/systems/x86_64-linux/axol/clicks.networking.tailscale.authKeyFile.age
+++ b/systems/x86_64-linux/axol/clicks.networking.tailscale.authKeyFile.age
--- a/systems/x86_64-linux/axol/default.nix
+++ b/systems/x86_64-linux/axol/default.nix
@ -57,6 +57,12 @@
    database_password_path = config.age.secrets."clicks.services.headscale.database_password_path".path;
  };

+  clicks.networking.tailscale = {
+    enable = true;
+    server = "vpn.auxolotl.org";
+    authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path;
+  };
+
  age.secrets."clicks.services.headscale.database_password_path" = {
    generator.script = "alnum";
    group = "headscale";
@ -64,5 +70,10 @@
    unstableName = true; # Clicks option to base the name on a hash of the contents ... helps with autorestarting services
  };

+  age.secrets."clicks.networking.tailscale.authKeyFile" = {
+    rekeyFile = ./clicks.networking.tailscale.authKeyFile.age;
+    unstableName = true;
+  };
+
  system.stateVersion = "23.11";
 }
--- a/systems/x86_64-linux/baxter/clicks.networking.tailscale.authKeyFile.age
+++ b/systems/x86_64-linux/baxter/clicks.networking.tailscale.authKeyFile.age
--- a/systems/x86_64-linux/baxter/default.nix
+++ b/systems/x86_64-linux/baxter/default.nix
@ -68,6 +68,17 @@
    };
  };

+  clicks.networking.tailscale = {
+    enable = true;
+    server = "vpn.auxolotl.org";
+    authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path;
+  };
+
+  age.secrets."clicks.networking.tailscale.authKeyFile" = {
+    rekeyFile = ./clicks.networking.tailscale.authKeyFile.age;
+    unstableName = true;
+  };
+
  age.secrets."services.ci.master.tokenFile" = {
    rekeyFile = ./services.ci.master.tokenFile.age;
    group = "buildbot";