feat(tailscale): tailscale added

flake.lock

@@ -109,11 +109,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756101922,
-        "narHash": "sha256-nSh29WdFRE9YbjMySZz2fzR3gHEJNHYTZBie3yZ4pJg=",
+        "lastModified": 1756415044,
+        "narHash": "sha256-Oj4Tvk1Za5CqGxZ43IoGWBySgfN0/JK+rfb1Tmk59QQ=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "372c975fd0d5b7fc1ffbb15c75a21d7f9ea97603",
+        "rev": "c570189b38b549141179647da3ddde249ac50fec",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756261190,
-        "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=",
+        "lastModified": 1756496801,
+        "narHash": "sha256-IYIsnPy+cJxe8RbDHBrCtfJY0ry2bG2H7WvMcewiGS8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "77f348da3176dc68b20a73dab94852a417daf361",
+        "rev": "77a71380c38fb2a440b4b5881bbc839f6230e1cb",
         "type": "github"
       },
       "original": {
@@ -391,11 +391,11 @@
     },
     "nixos-facter-modules": {
       "locked": {
-        "lastModified": 1756291602,
-        "narHash": "sha256-FYhiArSzcx60OwoH3JBp5Ho1D5HEwmZx6WoquauDv3g=",
+        "lastModified": 1756491981,
+        "narHash": "sha256-lXyDAWPw/UngVtQfgQ8/nrubs2r+waGEYIba5UX62+k=",
         "owner": "nix-community",
         "repo": "nixos-facter-modules",
-        "rev": "5c37cee817c94f50710ab11c25de572bc3604bd5",
+        "rev": "c1b29520945d3e148cd96618c8a0d1f850965d8c",
         "type": "github"
       },
       "original": {
@@ -406,11 +406,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756217674,
-        "narHash": "sha256-TH1SfSP523QI7kcPiNtMAEuwZR3Jdz0MCDXPs7TS8uo=",
+        "lastModified": 1756469547,
+        "narHash": "sha256-YvtD2E7MYsQ3r7K9K2G7nCslCKMPShoSEAtbjHLtH0k=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4e7667a90c167f7a81d906e5a75cba4ad8bee620",
+        "rev": "41d292bfc37309790f70f4c120b79280ce40af16",
         "type": "github"
       },
       "original": {
@@ -422,11 +422,11 @@
     },
     "nixpkgs-darwin": {
       "locked": {
-        "lastModified": 1756066709,
-        "narHash": "sha256-QVrVyrYIJ4zItbTivorEKJEiQjkudTO3dSo1KQHml7Q=",
+        "lastModified": 1756324718,
+        "narHash": "sha256-1v9qKqIaEneUpWpiSQadysvc3/OfotQbXW6vyayFUd4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7083431e0cbce10cb531e8cbea9659d475665034",
+        "rev": "79576dca25d0e862f24c0aa467ad14c09196bfa7",
         "type": "github"
       },
       "original": {
@@ -438,11 +438,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1756227515,
-        "narHash": "sha256-+LmvnoJI6MrsvVmZ/e3rrBaMRD5EsHJFzSkOcZCQjg8=",
+        "lastModified": 1756381814,
+        "narHash": "sha256-tzo7YvAsGlzo4WiIHT0ooR59VHu+aKRQdHk7sIyoia4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "61308fbb163ae7045c9b3004a0d067822984df33",
+        "rev": "aca2499b79170038df0dbaec8bf2f689b506ad32",
         "type": "github"
       },
       "original": {
@@ -517,11 +517,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1756492215,
-        "narHash": "sha256-m1qcuCVWg7JTTvI/vZ3Z/6tq3fNxMyVvTikzDs3bW1M=",
+        "lastModified": 1756549585,
+        "narHash": "sha256-BB/yBjXVB/KCl3hH7p8gZ6WkV43oFjtuNf34uUakJpg=",
         "ref": "refs/heads/master",
-        "rev": "11cb4ec3ce820622ee30bd3b11d3e7f585426c63",
-        "revCount": 2,
+        "rev": "2e3ad4dfab062b27d01ce0e9348262fabc9e33d2",
+        "revCount": 6,
         "type": "git",
         "url": "ssh://[email protected]/control/secrets.git"
       },

hosts/odin/age.nix

@@ -4,10 +4,11 @@
 
   age.identityPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
   age.secrets = {
-    "odin/nullmailer/remotes" = {
-      file = inputs.secrets."odin/nullmailer/remotes";
+    "odin/services/nullmailer" = {
+      file = inputs.secrets."odin/services/nullmailer.age";
       owner = config.services.nullmailer.user;
     };
-    "odin/thomas".file = inputs.secrets."odin/thomas";
+    "odin/services/tailscale".file = inputs.secrets."odin/services/tailscale.age";
+    "odin/users/thomas".file = inputs.secrets."odin/users/thomas.age";
   };
 }

hosts/odin/default.nix

@@ -11,7 +11,7 @@
     ./disko.nix
     ./impermanence.nix
     ./system.nix
-    # ./services
+    ./services
   ];
 
   security.sudo.wheelNeedsPassword = false;
@@ -32,7 +32,6 @@
     smartd = {
       enable = true;
       autodetect = true;
-      notifications.test = true;
       notifications.mail.enable = true;
       notifications.mail.sender = "[email protected]";
       notifications.mail.recipient = "I <[email protected]>";
@@ -41,7 +40,7 @@
     nullmailer = {
       enable = true;
       setSendmail = true;
-      remotesFile = config.age.secrets."odin/nullmailer/remotes".path;
+      remotesFile = config.age.secrets."odin/services/nullmailer".path;
       config = {
         me = "odin.t5.st";
         defaulthost = "odin.t5.st";
@@ -136,7 +135,7 @@
   users.users.thomas = {
     isNormalUser = true;
     extraGroups = [ "wheel" "users" ];
-    hashedPasswordFile = config.age.secrets."odin/thomas".path;
+    hashedPasswordFile = config.age.secrets."odin/users/thomas".path;
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5o7LT5wPYWgI8Mvr6RKOv+BcsbQgU7PCw2hheVu17alwF1uFUsAYV5BVQu+uv9uEm/UDsCNhfM6TwI0A1prdmtBz4pKiwXbj7fcdp6DcVOgTsPfawbXEpivtJvlhEatyTsR26MjHKnqpT0BxPvj6Ug6pvRkCYW5d2bWXiY9murmAX6Q5kSyNunkB8PdRTH+S47f7eOdCJY63VBOkkiG8M7XyPwFCDTYiHhbMZcejIdY9mB6kYnMQVRHDznQWiQxrcaE1fD/TY3db9GDcOVoo2aDBOZX7WT2+me67sU8dEK9+nSyhWDzBbEs8knu87ZlKPFwhl4slenRniKhbf22OpicXArtEcjEj0GyDJH5e+ZCIQ4eSQanA7TxnKFlDuaf+Qqx55UT+ya4vJJeik7nkzbRHaE9IoWhhiOaOnaN6kHIxuxB6z7EL3Gk7f78+I/qBaj5df6fgnXM3JBXKa5bRH2wqoSetJAo6EGpEgmU2huB1ktiGlO7BlF5XwSw6cb/KT7NSIXhncgLkCzsDVXxecVQv1FnPISBcp3+ti01ADVf2trgpPDbNTWV40Rgiefie0o2fc6KWAFfum1j5N3WWU+XVVmRjDmKKHiEJBLNKDAe0rQf+tryPW4c5GIN7aFoB+8dYFAuUyLd7Fu3vhZdmcckN5ryHunEc0dKPIiuoVZw=="
     ];

hosts/odin/services/default.nix

@@ -2,6 +2,7 @@
 
 {
   imports = [
+    ./tailscale.nix
     # ./immich.nix
     # ./snapraid.nix
     # ./mergerfs.nix

hosts/odin/services/tailscale.nix

@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+{
+  services.tailscale = {
+    enable = true;
+    package = pkgs.unstable.tailscale;
+    disableTaildrop = true;
+    authKeyFile = config.age.secrets."odin/services/tailscale".path;
+    extraSetFlags = [ "--advertise-exit-node" ];
+  };
+}