Update setup script to remove comments, add tailscale authKeyFile (#57)

iancleary · Feb 18, 2024 · 03a5ca5 · 03a5ca5
1 parent 9c4ec76
commit 03a5ca5
Show file tree

Hide file tree

Showing 7 changed files with 84 additions and 124 deletions.
diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
@@ -1,6 +1,12 @@
 ---
 iancleary_odroid_user_password: "{{ vault_iancleary_odroid_user_password }}"
 odroid_nextcloud_pgsql_password: "{{ vault_odroid_nextcloud_pgsql_password }}"
+iancleary_tailscale_auth_key: "{{ vault_iancleary_tailscale_auth_key }}"
+
+nixos_modules:
+  - nextcloud.nix
+  - podman.nix
+  - tailscale.nix
 
 iancleary_dns_user_password: "{{ vault_iancleary_dns_user_password }}"
 iancleary_raspberrypi_user_password: "{{ vault_iancleary_raspberrypi_user_password }}"

diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml
@@ -1,45 +1,50 @@
 $ANSIBLE_VAULT;1.1;AES256
-66643736323264663038396534623866396663363837646332356430343933346338346138646637
-3364393636613033313934363064613431353632376638610a323762313630323661613130616665
-36326361373962396263363232303964333339616462653561353966613066386365333163306665
-3931346662653931340a323536316462303365636165663534613831383263373964366166353737
-63346539333665393930623061356162393264386162313634633233323037313333373737633164
-63623061613637376435666330633738313964366333663236356266333937323061633837353161
-33666133306662343937343937383335346237633338373637613463653138663839383437666635
-39613161363761306262346134616662306363653862366565386635396165353530393535613332
-65643162653337363365613033653136663837623465316330633536613037396436393336663238
-64343431353463336637336530653735373334343036623037663666386438613062306266343463
-65303665353338646462663135613236643064393933333131313636356530623434633235653136
-64303432343063643939353336663239666361636163623833323131623666616439303764613562
-30346233643234663532646139653934383339623165363565363734376535366532623236393165
-31663438623834323339373330336165333831626434646532666661383437363939613534353739
-61646239323130356136653963353333633763646531333066303235666664343139323664333732
-39633638653932373161386537363238616230623838353030373934383035653333336530323030
-61316665633162613062653265333732613134366133313135623535613431626635333130306130
-32303064316138616539393766353261396131353166623938386365653330663261303231386638
-64363166356532333430616264323766386466613262303033616664623638376366396333643639
-39363434303935393631316134356635623864613062623663346464303466343839613362323333
-37643864643737333066613139343439386634636562346362303764376535653234336364306338
-66653635353735333462363038306562373534383264663933633261396332313132646264323964
-66386439356237633066373636646666376437656534353630383932653332386236666263313735
-31626263623638356137613339303536656563323065613439353966653331336337613532653834
-32383234386664383462643866653461343865663432326565626562646136363335363238633133
-64663262326531653062373035356562343636343032303431373364643530323338386234376566
-32323362613432323862353163383730313166396266386561613764376561336239303837306135
-38366230663963623734303561333665323134643030323066333366353464653062396532366632
-33653265653136326136653633616263373230636435356663663066653663343864633965383433
-64663662656130333932666566386261653232393534346534353631383562396364643834326331
-36353663663136643337376330626332313762373735666662666334663463393862356138383335
-39336236396430363232623463623864336233313366316638373765666561366232643261313832
-33353963353834356463376434653065646162633664643338653461636539346331626431396564
-66623363393063373166363165613763323561373530646264656636373564316634333532303331
-34316466663331653338343866653832346438313830643961656239656536303730343330663733
-63656231653433326332323361303661623734313836396532353133303138626465376636653463
-33366566653535656436363964303139656265653964316666633735323063356634353061366436
-37333238313438363537383865353537336665336235353931363538303536326631326532373437
-66333935626362623834366364303562393235343430626336306530313463643730663266373765
-35613731666434306562343536616438343536356164616139363764373839633438303330326137
-34626236326634393166366331646238653134363036326432623839616630663261636536636637
-63326537363538316165313735326633653131653564656235333135376466623130356135313132
-34346232643633353433376166333038613138336362393631333634313137396334643666626335
-36656637356332613631
+38626361383839623738656337363862386433336437363739353635626536316236353031623566
+6239363564306234616664623736626639353265373738620a393633626230336435363465363331
+30393833326562636637396134333538613437663933363663636137323062313939313935643338
+3234666336323634330a333535373337376266646631616464326338346263343737616135626537
+37376135383065663961343437636163313865643233346635613235663936303665363436653463
+64396239653663316163396435396531656432643232323539363234343735393937316531353038
+35373931383135666433343938666230656266633764313138383233323533383736356631373662
+33396462336537333037646264306332313266346564313265373763323430643861323066346231
+62656162366533633362383763306566636430316635666637653632643662386464346537636332
+66343430306236313862393936626664626433323361383339363431633235353035393664666537
+61633633373638333762316666616533363165303635363830353631623635623331303263313935
+37346331316335393439623934303133616336356462303162653563396532653435613765663137
+61376531353863653734306631666139363363386166626661343538333632663730343636313431
+64343662376235623738323066376632326262643461626338646362393032323434663761363331
+32326161313336383966366236396437393039376633316162653831663663383633386562326565
+62653031353662376230333666346431623438343236613464373166656336613930643737343261
+66653535633832613137666637306131343164393363633336313261373431326431316137313830
+34623966343932373638663039306233326534653134323739313530363365633936376531353161
+34386466383333396562393066356239633136653734626633336562626232343637393237323164
+62386163616538346232636563656166623536623335636238323138383161316461333632613363
+61626534343930303237386165333366383466636362616332333331323131336466663739303063
+34363237646435373638386239643730616264663239306331326637663566333539396539393830
+64306166656336303837343531333332616139383535383037643333353866303864303762376162
+34616463303738303363393536333731313665316664653335646433323732383336663533613765
+31643437313438336430333662356634306363316265656237396565306664326138346333353530
+62663239623835306431383064663463366163373734393830663238326463646263363939666265
+62363262353163326666656230336362363639663230396132393133396362333439343536313637
+33633664393137646332393435373864373036316664383939626266666136356133383337656239
+30633162336332353064376666366434393565383938353539303030666530386464613365646237
+38343231396365343739623634653665343332613332333065333163353566376338333663653530
+66623838353664623731326165323764363534383830346366613236623539313764363764303035
+39383163633661396231353762616361663139316364666634333262326236633837303465383337
+61343838336562343234313537623739643436373237346636316536333464613334343836633534
+61366432633465663731303364663732353430613238356632396130633266373036356338393565
+37333334653034393433633333653132636234343831306461643539363438383665333038303136
+30353562306165653962353539316362316662363531363664376233643563373431356634663334
+30623363313861333462663866306137366532626366633533363533663930656235626436313564
+63613235303031353931336539343336653937636436663539366162323537363961303431626331
+61396338613631353837343534336230396330623330363039636265353465393961653861323661
+30643362313934323733353233623562393134656638663135626266326136636561656333656438
+61663133626139303766626562623966623133663465313536393965326539663731373962333638
+64393466346432313239366262353633316162316330613165626330393438376137393962333766
+36343764333831393938656435373361343138663033313364386530333734303732656361323661
+62653965393133383738653633653464396366323636356133363231333233663338646664653133
+37396236656666346266663266613038613762313533316133646537393038313462363033326363
+66303866366461356434646463303533393263613166323036366362663631346636663331333166
+36333137396462656262383963353637333239633231666163613131663231373363366139653365
+34666336663838366566303139643838346638313235613639343336653839666438393737373230
+3034
diff --git a/ansible/roles/setup-odroid/tasks/main.yml b/ansible/roles/setup-odroid/tasks/main.yml
@@ -25,15 +25,11 @@
 - name: Template nix modules
   become: true
   ansible.builtin.template:
-    src: "modules/{{ item.src }}"
-    dest: "/etc/nixos/modules/{{ item.dest }}"
+    src: "modules/{{ item }}"
+    dest: "/etc/nixos/modules/{{ item }}"
     owner: "root"
     group: "root"
-  with_items:
-    - src: "nextcloud.nix"
-      dest: "nextcloud.nix"
-    - src: "podman.nix"
-      dest: "podman.nix"
+  with_items: "{{ nixos_modules }}"
   register: modules
 
 - name: Template nix secrets
@@ -46,10 +42,11 @@
   with_items:
     - src: "nextcloud-pgsql.secret.j2"
       dest: "nextcloud-pgsql.secret"
+    - src: "tailscale_key.j2"
+      dest: "tailscale_key"
   register: secrets
-
-- name: Run nixos-rebuild
-  become: true
-  ansible.builtin.command: nixos-rebuild switch
-  when: configuration.changed or modules.changed or secrets.changed
-  register: rebuild
+# - name: Run nixos-rebuild
+#   become: true
+#   ansible.builtin.command: nixos-rebuild switch
+#   when: configuration.changed or modules.changed or secrets.changed
+#   register: rebuild
diff --git a/ansible/roles/setup-odroid/templates/configuration.nix b/ansible/roles/setup-odroid/templates/configuration.nix
@@ -8,8 +8,9 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ./modules/nextcloud.nix
-      ./modules/podman.nix
+{% for module in nixos_modules %}
+      ./modules/{{module}}
+{% endfor %}
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -27,42 +28,7 @@
   networking.hostId = "8425e349";
 
   # Set your time zone.
-  # time.timeZone = "Europe/Amsterdam";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkb.options in tty.
-  # };
-
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-
-  # Enable the GNOME Desktop Environment.
-  # services.xserver.displayManager.gdm.enable = true;
-  # services.xserver.desktopManager.gnome.enable = true;
-
-
-  # Configure keymap in X11
-  # services.xserver.xkb.layout = "us";
-  # services.xserver.xkb.options = "eurosign:e,caps:escape";
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  # sound.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
+  # time.timeZone = "America/Phoenix";
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   # don't allow mutation of users outside of config
@@ -81,37 +47,9 @@
   # packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
-  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #   wget
-  # firefox
     python310 # for ansible configuration
   ];
 
-  services.tailscale.enable = true;
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

diff --git a/ansible/roles/setup-odroid/templates/modules/tailscale.nix b/ansible/roles/setup-odroid/templates/modules/tailscale.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+  services.tailscale = {
+    enable = true;
+    extraUpFlags = [
+      "--ssh"
+    ];
+    authKeyFile = "/etc/nixos/secrets/tailscale_key";
+  };
+}
diff --git a/ansible/roles/setup-odroid/templates/secrets/tailscale_key.j2 b/ansible/roles/setup-odroid/templates/secrets/tailscale_key.j2
@@ -0,0 +1 @@
+{{ iancleary_tailscale_auth_key }}
diff --git a/flake.nix b/flake.nix
@@ -21,7 +21,9 @@
         # Run python packages in a isolated environment
         pre-commit = pkgs.pre-commit;
 
-        repoTools = [ just pre-commit ];
+        nano = pkgs.nano;
+
+        repoTools = [ just pre-commit nano ];
       in {
         devShells = {
           default = pkgs.mkShell {