From 6cc4c3fc679c843561664dc2b2bf25b86f892ef9 Mon Sep 17 00:00:00 2001 From: Skyler Grey Date: Fri, 9 Aug 2024 20:28:14 +0000 Subject: [PATCH] feat(axol, baxter): Enable tailscale (#14) Previously, we set up headscale We need to enable tailscale on baxter, as we intend to use tailscale to connect builders to its buildbot instance As the headscale server doesn't automatically put the server running it into the tailscale network, we also need to set up the tailscale daemon on axol Reviewed-on: https://git.auxolotl.org/auxolotl/infra/pulls/14 Co-authored-by: Skyler Grey Co-committed-by: Skyler Grey --- ...d084eeae6761008fddebed6b75f9a013d122a25030.age | 8 ++++++++ ...d084eeae6761008fddebed6b75f9a013d122a25030.age | 8 ++++++++ .../clicks.networking.tailscale.authKeyFile.age | Bin 0 -> 584 bytes systems/x86_64-linux/axol/default.nix | 11 +++++++++++ .../clicks.networking.tailscale.authKeyFile.age | Bin 0 -> 584 bytes systems/x86_64-linux/baxter/default.nix | 11 +++++++++++ 6 files changed, 38 insertions(+) create mode 100644 secrets/rekeyed/axol/1ee57cb56c17a905d8f6d68eb574db79-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age create mode 100644 secrets/rekeyed/baxter/5b9aeed25aabf9b5f06ec083278ad21c-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age create mode 100644 systems/x86_64-linux/axol/clicks.networking.tailscale.authKeyFile.age create mode 100644 systems/x86_64-linux/baxter/clicks.networking.tailscale.authKeyFile.age diff --git a/secrets/rekeyed/axol/1ee57cb56c17a905d8f6d68eb574db79-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age b/secrets/rekeyed/axol/1ee57cb56c17a905d8f6d68eb574db79-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age new file mode 100644 index 0000000..9391cb8 --- /dev/null +++ b/secrets/rekeyed/axol/1ee57cb56c17a905d8f6d68eb574db79-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 JMblKQ /KeQPyNmEYg1qHq5M4z3aQ7Jt4dwozMQMhmb1wzdDDw +kS77B2HAZxnhMzcD9bTkcyhGiRrkzEv6+UDcE0lonJU +-> BVh{PUl}-grease K D$G T_Ov7Cb +vmCUTiAi81FTpapoJgHlCO9e6ZXzUW5QfuclIZbG2gqoL6XKSvED84gdZeIeZ3TA +tSFu/4eADDeqoGKiFQSt/Ji+qy2XDmIVJh400QwcUsjZasRXMquGPn6jDxo +--- +5WuWL/wQ0EH3xpoQ3f5mLiHZNsXO8wGpsNBh+PfTkA +AߘTflZdW4N$[P#ZÒAF rbd-`,@ \ No newline at end of file diff --git a/secrets/rekeyed/baxter/5b9aeed25aabf9b5f06ec083278ad21c-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age b/secrets/rekeyed/baxter/5b9aeed25aabf9b5f06ec083278ad21c-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age new file mode 100644 index 0000000..0682c67 --- /dev/null +++ b/secrets/rekeyed/baxter/5b9aeed25aabf9b5f06ec083278ad21c-02cace87552ceb629ab03cd084eeae6761008fddebed6b75f9a013d122a25030.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 Z9MeFA 2SrMV2OMZdsZPSaxzxfgQF2ukrzRme+Vt4eAcT7dkAs +QpHJD8cT6DMR1FP1ft57hRCYjZW6aw16cEv61mBqADg +-> v.`66g}-grease CAkD Ap?Hmb65;w)PXLP{tfbXh(2Os0>> zQ0-Dw(r)tPfiA;#eQ~&mT9w&86Sd4k6JaV!M2+ke+@c+f0KYKkkellT9T$en85q^S zWUYev^ytE(R-?n5&@lBr&cy-H^%zM+R~?yAmRklI(1og)BWa95yh8RU#4?egl?@lp z6u+}CiOH1HjB+}4LP#L>0IpKXvC{umbFT(6-=6!`hb^w6IAA}u3(Dc^JV6mU<7d4P ztfoprSc!n8%_W$Wg1E|&$OneVc-TMzIUY(weoiB-Ug`T~2KXSDX|lkglr@W^vf<@a z=OVFIt4eJ(FX0f`mfn{}sL$dsib!TP;b^Bp3FdM(H2EwPCW=_0uD|Ww9=^Ugx%K(^ zNq8>a`F7>q?_VcxUffuJwsm#=&sulm`{t|N-R9Zx#!L0@gO8sczdy21_r5$`+bq9s X{bWy{9Ov8I4*uxFwdVQRkGuZ>ACkuh literal 0 HcmV?d00001 diff --git a/systems/x86_64-linux/axol/default.nix b/systems/x86_64-linux/axol/default.nix index b777f12..282d327 100644 --- a/systems/x86_64-linux/axol/default.nix +++ b/systems/x86_64-linux/axol/default.nix @@ -57,6 +57,12 @@ database_password_path = config.age.secrets."clicks.services.headscale.database_password_path".path; }; + clicks.networking.tailscale = { + enable = true; + server = "vpn.auxolotl.org"; + authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path; + }; + age.secrets."clicks.services.headscale.database_password_path" = { generator.script = "alnum"; group = "headscale"; @@ -64,5 +70,10 @@ unstableName = true; # Clicks option to base the name on a hash of the contents ... helps with autorestarting services }; + age.secrets."clicks.networking.tailscale.authKeyFile" = { + rekeyFile = ./clicks.networking.tailscale.authKeyFile.age; + unstableName = true; + }; + system.stateVersion = "23.11"; } diff --git a/systems/x86_64-linux/baxter/clicks.networking.tailscale.authKeyFile.age b/systems/x86_64-linux/baxter/clicks.networking.tailscale.authKeyFile.age new file mode 100644 index 0000000000000000000000000000000000000000..e255bb5a6333e84c962e6d5db813028d4286be79 GIT binary patch literal 584 zcmY+=J&V&|003YGk+Y&WxE$Qj;ie0{q-olu9OsdEO_NL8wE1Y#3_?ENB)v=Dq)FeV z=P2TM;NozrIw?Hmb65;w)PXLP{tfbXh(2Os0>> zQ0-Dw(r)tPfiA;#eQ~&mT9w&86Sd4k6JaV!M2+ke+@c+f0KYKkkellT9T$en85q^S zWUYev^ytE(R-?n5&@lBr&cy-H^%zM+R~?yAmRklI(1og)BWa95yh8RU#4?egl?@lp z6u+}CiOH1HjB+}4LP#L>0IpKXvC{umbFT(6-=6!`hb^w6IAA}u3(Dc^JV6mU<7d4P ztfoprSc!n8%_W$Wg1E|&$OneVc-TMzIUY(weoiB-Ug`T~2KXSDX|lkglr@W^vf<@a z=OVFIt4eJ(FX0f`mfn{}sL$dsib!TP;b^Bp3FdM(H2EwPCW=_0uD|Ww9=^Ugx%K(^ zNq8>a`F7>q?_VcxUffuJwsm#=&sulm`{t|N-R9Zx#!L0@gO8sczdy21_r5$`+bq9s X{bWy{9Ov8I4*uxFwdVQRkGuZ>ACkuh literal 0 HcmV?d00001 diff --git a/systems/x86_64-linux/baxter/default.nix b/systems/x86_64-linux/baxter/default.nix index 5f754c8..834e294 100644 --- a/systems/x86_64-linux/baxter/default.nix +++ b/systems/x86_64-linux/baxter/default.nix @@ -68,6 +68,17 @@ }; }; + clicks.networking.tailscale = { + enable = true; + server = "vpn.auxolotl.org"; + authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path; + }; + + age.secrets."clicks.networking.tailscale.authKeyFile" = { + rekeyFile = ./clicks.networking.tailscale.authKeyFile.age; + unstableName = true; + }; + age.secrets."services.ci.master.tokenFile" = { rekeyFile = ./services.ci.master.tokenFile.age; group = "buildbot";