many updates, new linode server

2025-02-13 00:40:38 -06:00 · 2025-02-13 00:40:38 -06:00 · e27a4af6d2
commit e27a4af6d2
parent 343f5d7b52
20 changed files with 2528 additions and 137 deletions
--- a/components/containers/affine.nix
+++ b/components/containers/affine.nix
@ -53,7 +53,7 @@ in
        user = "root";
        image = "ghcr.io/toeverything/affine-graphql:stable";
        ports = [
-          "10.20.40.104:${toString cfg.port}:${toString cfg.port}"
+          "${toString cfg.port}:${toString cfg.port}"
        ];
        dependsOn = [
          "affine_redis"
--- a/components/containers/librechat.nix
+++ b/components/containers/librechat.nix
@ -50,7 +50,7 @@ in
        user = "root";
        image = "ghcr.io/danny-avila/librechat-dev:latest";
        ports = [
-          "10.20.40.104:${toString cfg.port}:${toString cfg.port}"
+          "${toString cfg.port}:${toString cfg.port}"
        ];
        dependsOn = [
          "librechat_mongodb"
@ -74,7 +74,7 @@ in
        ];
        extraOptions = [
          "--network=librechat-network"
-          "--add-host=azureproxy:10.20.40.180"
+          "--add-host=azureproxy:10.20.40.180" # TODO change to T
        ];
      };

--- a/components/containers/pgadmin.nix
+++ b/components/containers/pgadmin.nix
@ -34,7 +34,7 @@ in
        user = "root";
        image = "dpage/pgadmin4:latest";
        ports = [
-          "10.20.40.104:${toString cfg.port}:${toString cfg.port}"
+          "${toString cfg.port}:${toString cfg.port}"
        ];
        environment = {
          PGADMIN_LISTEN_PORT = toString cfg.port;
--- a/components/hm/ssh.nix
+++ b/components/hm/ssh.nix
@ -6,6 +6,10 @@ in
  # TODO can I put all IP's in the flake.nix top level settings and pull them in here instead?
  programs.ssh = {
    enable = true;
+    extraConfig = ''
+      Host *
+        SetEnv TERM=xterm-256color
+    '';
    matchBlocks = {
      # EXTERNAL
      "github.com" = {
@ -16,12 +20,11 @@ in
      };
      "git.joshuabell.xyz" = {
        identityFile = age.secrets.nix2gitjosh.path;
-        port = 3032;
+        user = "git";
      };
      # PERSONAL DEVICES
      "lio" = {
        identityFile = age.secrets.nix2lio.path;
-        hostname = "10.20.40.104";
        user = "josh";
      };
      "lio_" = {
@ -31,22 +34,18 @@ in
      };
      "oren" = {
        identityFile = age.secrets.nix2oren.path;
-        hostname = "10.20.40.105";
        user = "josh";
      };
      "joe" = {
        identityFile = age.secrets.nix2joe.path;
-        hostname = "10.20.40.102";
        user = "josh";
      };
      "gpdPocket3" = {
        identityFile = age.secrets.nix2gpdPocket3.path;
-        hostname = "10.20.40.103";
        user = "josh";
      };
      "t" = {
        identityFile = age.secrets.nix2t.path;
-        hostname = "10.20.40.180";
        user = "joshua.bell";
        localForwards = [
          # {
@ -66,7 +65,6 @@ in
      };
      "mbptv" = {
        identityFile = age.secrets.nix2gpdPocket3.path;
-        hostname = "10.20.40.109";
        user = "waka";
        setEnv = {
          TERM = "vt100";
@ -82,28 +80,23 @@ in
      };
      "nothing1" = {
        identityFile = age.secrets.nix2gpdPocket3.path;
-        hostname = "10.20.40.124";
        user = "TODO";
      };
      "ipad1" = {
        identityFile = age.secrets.nix2gpdPocket3.path;
-        hostname = "10.20.40.125";
        user = "TODO";
      };
      "tab1" = {
        identityFile = age.secrets.nix2gpdPocket3.path;
-        hostname = "10.20.40.120";
        user = "TODO";
      };
      "pixel6" = {
        identityFile = age.secrets.nix2gpdPocket3.path;
-        hostname = "10.20.40.126"; # TODO ON BOARD
        user = "TODO";
      };
      # HOME SERVERS
      "h001" = {
        identityFile = age.secrets.nix2h001.path;
-        hostname = "10.20.40.190";
        user = "root";
      };
      "h001_" = {
@ -113,10 +106,14 @@ in
      };
      "h002" = {
        identityFile = age.secrets.nix2h002.path;
-        hostname = "10.20.40.191";
        user = "luser";
      };
      # LINODE SERVERS
+      "l001" = {
+        identityFile = age.secrets.nix2linode.path;
+        hostname = "172.236.111.33";
+        user = "root";
+      };
      "l002_" = {
        identityFile = age.secrets.nix2linode.path;
        hostname = "172.234.26.141";
@ -124,8 +121,7 @@ in
      };
      "l002" = {
        identityFile = age.secrets.nix2linode.path;
-        hostname = "10.20.40.1";
-        user = "luser";
+        user = "root";
      };
    };
  };
--- a/components/hm/tmux/tmux-reset.conf
+++ b/components/hm/tmux/tmux-reset.conf
@ -55,7 +55,7 @@ bind C-d detach
 # ==========
 # My options
 set-option -g terminal-overrides ',xterm-256color:RGB'
-set-option -sa terminal-features ',kitty:LRGB'
+set-option -sa terminal-features ',xterm:LRGB'
 set -g detach-on-destroy off
 set -g renumber-windows on
 set -g status-position top
--- a/components/nix/tailscale.nix
+++ b/components/nix/tailscale.nix
@ -0,0 +1,36 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+{
+  options.components.tailscale = {
+    useSecretsAuth = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Whether to use secrets authentication for Tailscale";
+    };
+    useHeadscale = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Whether to use headscale login server.";
+    };
+  };
+
+  config = {
+    environment.systemPackages = with pkgs; [ tailscale ];
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "client";
+      authKeyFile = lib.mkIf config.components.tailscale.useSecretsAuth config.age.secrets.headscale_auth.path;
+      # https://tailscale.com/kb/1241/tailscale-up
+      extraUpFlags = lib.mkIf config.components.tailscale.useHeadscale [
+        "--login-server=https://headscale.joshuabell.xyz"
+      ];
+    };
+    networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
+    networking.firewall.checkReversePath = "loose";
+  };
+}