diff --git a/secrets/desktop/rootPassword.age b/secrets/desktop/rootPassword.age index 53f9aba..b22bbc0 100644 --- a/secrets/desktop/rootPassword.age +++ b/secrets/desktop/rootPassword.age @@ -1,14 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBHNXlJ -QjVZSDI5RVl0TWVDUFN4cnlZL1dvV0pmL01hR21UUktzK0cwQndJClBqc1N5Ujlw -UVVhWHJSYk13TjFlOUQzbmF5dkJFVGVjUmxXNFBQUnMwck0KLT4gc3NoLWVkMjU1 -MTkgVmIvYW1BIGlPL2FwQnB4ZVYvd2xEVFAyYlNxVW1jenU1Q28wU20wckQ2Y05q -bHlQRHMKZUxiN2xWd0s2RktTcXp4UXFTaCtQZHY0NTVjZ0FsQ2pITmxocE9sRXJW -RQotPiBQcUNLNDYtZ3JlYXNlICUuPHcqaSBkaHkjQyAnJ2taSCw5WyB0XHRldwph -SkIxdDFBdFZxdEZGTURHYzJoanVIVmxHQjBTN1ZrcFJlRXRCS3Q1Wkk4TS9FRmds -YjA4WnMzMFVKZDNSbW53CjlZSXJETWFuLzVuQwotLS0gcm1PaVB0eUxRQXJKQ0x5 -R2tPMllQbm93c2JSc3dTeDRBUWlqUDMwSHJQRQp8JF/S90jK26M/RUnYWRe8lP8P -ruZfFMnXP3cQcE9IBdoRWMzf1Uf3Aj3CNKDGRv6LHnapkWPGrxP0J32Q8/VLZQJn -/ibjcgya+6Tvzq/cY1iz+VhMw9bAXRwJC19cj9edl7ZlE254VdOvt2uK38aVh7lO -Y+hyLBd7TSH7XCajqtCwrXV6ZTIeGit1 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBsWEll +NkhsbzR0bkFHZ1pFaWZqTnA2MWNDUW84RjZuZFc4VStEdFRneTBZCkEzc1hYRmRo +VFNUaHpTcE9UY1BvMmhzL1lYNzUzOXdsRnBRbmxPSlJqNVkKLT4gc3NoLWVkMjU1 +MTkgVmIvYW1BIFpmL0FvWjNibkIzY3dOYzdhbG1qSmttenFPbkt2SnJtZCt1dGM3 +dksvVmsKSjlZNWFmcDVLTmJqVWRkeTZ5ZzVoUG4zN1dWcjRvVDZBSXBkUnZhbEpL +MAotPiA7RVtbRS1ncmVhc2UKcDVHVkdmaEtrNEF4UjNsR3pqNUUrRnA3VncKLS0t +IHloS2FmT3lzd0hYT3U4bTFtY2o5cXBWaSsxQUNSWUp3YUk5VUdiU25hQmMKGtZ1 +BdOOKKg94mA6tGutkcTTmu2UDCNr6ATRUkodyNEj0JPJG70OmVC0UoKU4cK0ZxI4 +6qr4xlJGPsD2BTa9KTPhb/Yd3968lz3+rgGHt9oWlWQxxdwZYhoLkY9F1sVRM/Ro +O9HTXx5UDKUZRJ44s8619B09o1p+A+7LBUwwjUU3tnSpHdJIPz+teQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/desktop/userPassword.age b/secrets/desktop/userPassword.age index b67b4ae..9b7a23b 100644 --- a/secrets/desktop/userPassword.age +++ b/secrets/desktop/userPassword.age @@ -1,14 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBjMXZY -d2w5ek1SbS9hNHpIN1JNajM4ZmFyZ1pLbExDSVdsM01PWkxZNUZnCmRaWWJKUVBt -SCtMbTZJOHN5TVRRNVFWYnBoTXpKYis5OWY1VWkvZVJINTgKLT4gc3NoLWVkMjU1 -MTkgVmIvYW1BIENtZW0wREpyM0VqeXdaM0FUcHQydXNuWUt1Snc4VTNlRFZDSFEz -T01ja3MKWXhmQk0zTzVpMTZlNTBFcGhrblNwS1I2N3NqSGliMWZYMnZCUGtUenpy -WQotPiBQLWdyZWFzZSBxeWtBInEpPSA9Zlt9KT4vICEsLlRLUjhHCnR0SURGbzVB -aDQ5UDhCeFVKNk1BUkJKVDg1NGx5a05XZkFUb3FOdUlLd0FrMjBUNVM3eGRSZjBw -UkFWODVHZWoKdWFQNWY4THhTNjBITHluT2RZNnBxaFYwRE5Ga0RmVkR1enNqOHZO -Umt0VFpoQ1dzaG1UVHFkdzBtQWxiZUxqcApIQmErCi0tLSBONVhSQjl5RmxNTml5 -ZGZ1MXQ1aFY2TEJPU1o5dFl3NXkrRy9ZRFQ3Ny84CvqQqRz3ALqi1zsAhikcH8vj -gLd9u064SGS5ZHSj52BhjYp3ss4f+qpWmWtMcqxf8YJizVR1Djv8/3MZZV67IuhW -YLuZe7k1Fh8NiZ+dJ9ViooBi2+5ebNsjHLu6n4hyM01V23YQAYMbczk= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBoVnJo +azN5ak5ObGpPeDcyWHpoOUJsekxkMmRraFNRV2EvUUdGejZaeVR3CjdRSVBuOTlB +SnlqdjA3NTdacEdURW1maHhUdmVaaURnMnlrdnM0SEFWYk0KLT4gc3NoLWVkMjU1 +MTkgVmIvYW1BIEYxUWZQQzh4MzM5NG43VkJtWkJQUEJhNDd2QUJncW1xVnZqMHVl +WHQxQXMKc2xsbkJjbml2QVFWS0FUSE1Mazh4NXplL0ZpUkhMWEw1cTRDa0p1b2lW +VQotPiBXWDstZ3JlYXNlIC0gQDRKZFBjPyBgVkd1b0BsCkY2Kzc1TTNJbUdTWlVm +WGdVNWkxa1F3YmFpR3lRdkNLTHBaZGd2MEQ3WU9wb25McVRzRGF6QUFjMzdqcnhl +Ui8KRjlTaHF5VW5WVjdMcEI3cGVRCi0tLSBGNHl5QWJqSlZJL3Vyd3hMd0YvcjdL +NXpUeVRPVWNQbjk5ZC80THFZeFFFCusEoCsLe1yC8S51XmFBVmO4pGV8nwm+DRta +92cgf751L2h7kyuY7ns0MrWVjfR0fWEh2ekd9Q2GmBKf4DLW/SBYbn3NzZKJY8Nb +vlazcItj9ztHf6f4/aR2OVmBsDbxoGUZLvO1y6Mvpto= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 83c8963..47989df 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,6 +9,7 @@ in { "desktop/rootPassword.age".publicKeys = main; "desktop/userPassword.age".publicKeys = main; + "tailscaleKey.age".publicKeys = server; "vesuvio/rootPassword.age".publicKeys = server; "vesuvio/userPassword.age".publicKeys = server; } diff --git a/secrets/tailscaleKey.age b/secrets/tailscaleKey.age new file mode 100644 index 0000000..e771603 --- /dev/null +++ b/secrets/tailscaleKey.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5ICsraU9FZyBTNnZC +NHRiQ3RnNUpYemhXUkZjVUdHRXUyY1EzazBJZklrd0EwczMyYkd3CkZJQ3pTWm83 +WktmRE96TzFkcDY0YmJxRlhmWVBHMDFuZk5MWSsyQ1FxVWsKLT4gc3NoLWVkMjU1 +MTkgV3lXcFF3IDhXSlc3OFJLVXlkaDl6NGVQNHphNG5XbSsxWFh2OVVzMldYajRG +dzRPMXMKRzNZcDFrRlpiQTZvR1VPdWw2Y05xb2YzejV5bStwVHVTZ0lFaXN3c2Ur +RQotPiBzc2gtZWQyNTUxOSBWYi9hbUEgcFhxbFNJcmo4NWpxME5GbFd1VEpRNFR4 +c2ZGMGQ0L21HWEJtZkpIelBtRQpyOThscG85MWtSZXVyRnY0cjlTcXZLMHZKb25s +VlllUEM0ZnVQUWVoYkJzCi0+IEZ6dFNkUmQtZ3JlYXNlCjNjb29LZUN4NEtqaVNP +TzZTcHZEUjZRbAotLS0gZTBPUmNBNVp5Zlhab3h2bXNUcS91OE5UR09NaFNPaHE4 +RnkvY1NXUzRNVQrvIkHSleeXAXwmLiEMULwHsZPhJ4nQufrqIf/hKLpeMl1/UYkN +hDOcFv/ycsIbBjpnbDc/63FzD4FHepIEUDX2PHM7K2GKxo8CyLQDKKNLVnvpUPyB +JbZgCaA= +-----END AGE ENCRYPTED FILE----- diff --git a/systems/common.nix b/systems/common.nix index 3afba5e..295789f 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -1,6 +1,7 @@ { lib, pkgs, + config, nixpkgs, ... }: { @@ -16,6 +17,10 @@ }; }; + age.secrets = { + tailscaleKey.file = ../secrets/tailscaleKey.age; + }; + programs = { ssh.startAgent = true; @@ -33,6 +38,13 @@ enable = true; openFirewall = lib.mkDefault false; }; + + tailscale = { + enable = true; + useRoutingFeatures = "both"; + extraUpFlags = ["--ssh"]; + authKeyFile = config.age.secrets.tailscaleKey.path; + }; }; nixpkgs.config.allowUnfree = true;