fix: move tailscale relay to fs-work for now

2025-10-11 17:53:23 +02:00
parent 29e65c1598
commit e101653b7f
4 changed files with 58 additions and 39 deletions
--- a/install-anywhere/hardware-configuration.nix
+++ b/install-anywhere/hardware-configuration.nix
@@ -5,12 +5,12 @@

 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -18,12 +18,7 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp33s0np0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f2.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp65s0f3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/install-anywhere/install.sh
+++ b/install-anywhere/install.sh
@@ -1,7 +1,7 @@
-for i in $(cat hosts.lists); do IFS=","; set -- $i;
- sed "s/@iface@/$2/; s/@address@/$1/" configuration.templ.nix > configuration.nix
+# for i in $(cat hosts.lists); do IFS=","; set -- $i;
+#  sed "s/@iface@/$2/; s/@address@/$1/" configuration.templ.nix > configuration.nix
 nix run github:nix-community/nixos-anywhere -- --flake .#generic \
  --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
  --target-host root@$1
- rm configuration.nix
-done
+ # rm configuration.nix
+# done
--- a/rossby/fs-work/default.nix
+++ b/rossby/fs-work/default.nix
@@ -145,6 +145,33 @@ in {
    ];
    boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_16;

+    services.tailscale =  {
+      enable = true;
+      authKeyFile = "/var/lib/secrets/tailscale.key";
+      useRoutingFeatures = "both"; # for exit-node usage
+      extraUpFlags = [
+        "--login-server=https://headscale.svc.oceanbox.io"
+        "--accept-dns=true"
+        "--accept-routes=true"
+        "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
+        "--snat-subnet-routes=false"
+      ];
+    };
+
+    services.networkd-dispatcher = {
+      enable = true;
+      rules = {
+        "tailscale-router" = {
+          onState = [ "routable" ];
+          script = ''
+            #!${pkgs.runtimeShell}
+            ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on rx-gro-list off
+            exit 0
+          '';
+        };
+      };
+    };
+
    imports = [
        ./hardware-configuration.nix
        ../default.nix
--- a/rossby/manage/default.nix
+++ b/rossby/manage/default.nix
@@ -264,31 +264,28 @@ in {

    virtualisation.docker.enable = pkgs.lib.mkForce true;

-    services.tailscale =  {
-      enable = true;
-      authKeyFile = "/var/lib/secrets/tailscale.key";
-      useRoutingFeatures = "both"; # for exit-node usage
-      extraUpFlags = [
-        "--login-server=https://headscale.svc.oceanbox.io"
-        "--accept-dns=true"
-        "--accept-routes=true"
-        "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
-        "--snat-subnet-routes=false"
-      ];
-    };
-    services.networkd-dispatcher = {
-      enable = true;
-      rules = {
-        "tailscale-router" = {
-          onState = [ "routable" ];
-          script = ''
-          #!${pkgs.runtimeShell}
-          ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on
-          ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-gro-list off
-          ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 tx-udp-segmentation on
-          exit 0
-          '';
-        };
+  services.tailscale =  {
+    enable = true;
+    authKeyFile = "/var/lib/secrets/tailscale.key";
+    useRoutingFeatures = "both"; # for exit-node usage
+    extraUpFlags = [
+      "--login-server=https://headscale.svc.oceanbox.io"
+      "--accept-dns=true"
+      # "--accept-routes=true"
+      # "--advertise-routes=172.16.238.0/24,172.16.239.0/24"
+      # "--snat-subnet-routes=false"
+    ];
+  };
+  services.networkd-dispatcher = {
+    enable = true;
+    rules = {
+      "tailscale-router" = {
+        onState = [ "routable" ];
+        script = ''
+        #!${pkgs.runtimeShell}
+        ${pkgs.ethtool}/bin/ethtool -K enp65s0np0 rx-udp-gro-forwarding on rx-gro-list off
+        exit 0
+        '';
      };
    };