fix: move tailscale relay to fs-work for now

install-anywhere/hardware-configuration.nix

@@ -5,12 +5,12 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/profiles/qemu-guest.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -18,12 +18,7 @@
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp33s0np0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f2.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f3.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

install-anywhere/install.sh

@@ -1,7 +1,7 @@
-for i in $(cat hosts.lists); do IFS=","; set -- $i;
+# for i in $(cat hosts.lists); do IFS=","; set -- $i;
- sed "s/@iface@/$2/; s/@address@/$1/" configuration.templ.nix > configuration.nix
+#  sed "s/@iface@/$2/; s/@address@/$1/" configuration.templ.nix > configuration.nix
  nix run github:nix-community/nixos-anywhere -- --flake .#generic \
   --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
   --target-host root@$1
- rm configuration.nix
+ # rm configuration.nix
-done
+# done

rossby/fs-work/default.nix

@@ -145,6 +145,33 @@ in {
     ];
     boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_16;
 
+    services.tailscale =  {
+      enable = true;
+      authKeyFile = "/var/lib/secrets/tailscale.key";
+      useRoutingFeatures = "both"; # for exit-node usage
+      extraUpFlags = [
+        "--login-server=https://headscale.svc.oceanbox.io"
+        "--accept-dns=true"
+        "--accept-routes=true"
+        "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
+        "--snat-subnet-routes=false"
+      ];
+    };
+
+    services.networkd-dispatcher = {
+      enable = true;
+      rules = {
+        "tailscale-router" = {
+          onState = [ "routable" ];
+          script = ''
+            #!${pkgs.runtimeShell}
+            ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on rx-gro-list off
+            exit 0
+          '';
+        };
+      };
+    };
+
     imports = [
         ./hardware-configuration.nix
         ../default.nix

rossby/manage/default.nix

@@ -271,9 +271,9 @@ in {
     extraUpFlags = [
       "--login-server=https://headscale.svc.oceanbox.io"
       "--accept-dns=true"
-        "--accept-routes=true"
+      # "--accept-routes=true"
-        "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
+      # "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
-        "--snat-subnet-routes=false"
+      # "--snat-subnet-routes=false"
     ];
   };
   services.networkd-dispatcher = {
@@ -283,14 +283,11 @@ in {
         onState = [ "routable" ];
         script = ''
         #!${pkgs.runtimeShell}
-          ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on
+        ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on rx-gro-list off
-          ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-gro-list off
-          ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 tx-udp-segmentation on
         exit 0
         '';
       };
     };
-    };
 
     imports = [
       ./hardware-configuration.nix