qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

treewide: Remove birdsong in favour of Tailscale

Browse source
This commit is contained in:
Katherina Walshe-Grey 2025-06-09 16:58:28 +01:00
parent dbb7af7846
commit 41cc006b96
20 changed files with 4 additions and 157 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/elucredassa/networking.nix
View file

@ -33,16 +33,4 @@
networkConfig.Address = [ "2001:470:1f1c:3e::2/64" ];
routes = [{ Destination = [ "::/0" ]; }];
};
birdsong.peering = {
enable = true;
privateKeyFile = "/etc/wireguard/privatekey";
persistentKeepalive = 29;
};
# restricted to fit within the 6in4 tunnel
systemd.network.netdevs."30-birdsong".netdevConfig.MTUBytes = 1280;
# these two lines work around this bug: https://github.com/NixOS/nixpkgs/issues/375960
systemd.network.netdevs."30-birdsong".netdevConfig.Kind = "wireguard";
systemd.network.netdevs."30-birdsong".netdevConfig.Name = "wg-birdsong";
}

12
hosts/kalessin/networking.nix
View file

@ -3,16 +3,4 @@
{
networking.useNetworkd = true;
networking.interfaces.enp0s6.useDHCP = true;
age.secrets.wireguard-peer-kalessin = {
file = ../../secrets/wireguard-peer-kalessin.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-kalessin.path;
};
}

13
hosts/kilgharrah/networking.nix
View file

@ -12,17 +12,4 @@
};
linkConfig.RequiredForOnline = "routable";
};
age.secrets.wireguard-peer-kilgharrah = {
file = ../../secrets/wireguard-peer-kilgharrah.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-kilgharrah.path;
persistentKeepalive = 31;
};
}

10
hosts/orm/default.nix
View file

@ -44,17 +44,15 @@
# TODO: fix SSL
# ssl = true;
};
# only allow remote connections from within birdsong vpn
# TODO: don't hardcode the IP addresses
# TODO: move to tailscale
# only allow remote connections from within Tailscale
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust # used by nixos for local monitoring
host sameuser all 10.127.0.0/16 scram-sha-256
host sameuser all fd70:81ca:f8f::/48 scram-sha-256
host sameuser all 100.64.0.0/10 scram-sha-256
host sameuser all fd7a:115c:a1e0::/48 scram-sha-256
'';
};
networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ];
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 5432 ];
qenya.services.actual = {
enable = true;

12
hosts/orm/networking.nix
View file

@ -3,16 +3,4 @@
{
networking.useNetworkd = true;
networking.interfaces.ens3.useDHCP = true;
age.secrets.wireguard-peer-orm = {
file = ../../secrets/wireguard-peer-orm.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-orm.path;
};
}

13
hosts/tohru/networking.nix
View file

@ -5,17 +5,4 @@
systemd.network.wait-online.enable = false;
networking.networkmanager.enable = true;
age.secrets.wireguard-peer-tohru = {
file = ../../secrets/wireguard-peer-tohru.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-tohru.path;
persistentKeepalive = 23;
};
}

12
hosts/yevaud/networking.nix
View file

@ -3,16 +3,4 @@
{
networking.useNetworkd = true;
networking.interfaces.ens3.useDHCP = true;
age.secrets.wireguard-peer-yevaud = {
file = ../../secrets/wireguard-peer-yevaud.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path;
};
}