treewide: Partial migration from custom WireGuard to Headscale

2025-05-29 23:55:28 +01:00 · 2025-05-29 23:55:28 +01:00 · bf378949d2
commit bf378949d2
parent bd3c9bd5f2
5 changed files with 4 additions and 36 deletions
--- a/flake.nix
+++ b/flake.nix
@ -158,7 +158,7 @@

          kilgharrah.deployment.targetHost = null; # disable remote deployment
          tohru.deployment.targetHost = null; # disable remote deployment
-          elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet
+          elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet

          kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ];
          tohru.imports = [ ./hosts/tohru home-manager ];
--- a/hosts/orm/default.nix
+++ b/hosts/orm/default.nix
@ -47,6 +47,7 @@
    };
    # only allow remote connections from within birdsong vpn
    # TODO: don't hardcode the IP addresses
+    # TODO: move to tailscale
    authentication = pkgs.lib.mkOverride 10 ''
      #type database  DBuser  auth-method
      local all       all     trust   # used by nixos for local monitoring
--- a/hosts/yevaud/default.nix
+++ b/hosts/yevaud/default.nix
@ -5,7 +5,6 @@
    ./hardware-configuration.nix
    ./networking.nix

-    ./experiments/birdsong-dns.nix
    # TODO: this breaks external IPv6 somehow
    # ./experiments/pennykettle.nix
  ];
--- a/hosts/yevaud/experiments/birdsong-dns.nix
+++ b/hosts/yevaud/experiments/birdsong-dns.nix
@ -1,32 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.bind = {
-    # enable = true;
-    cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
-    forwarders = [ ];
-    listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
-    listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
-    zones = {
-      "birdsong.internal" = {
-        master = true;
-        file = pkgs.writeText "birdsong.internal.zone" ''
-          $TTL 60
-          $ORIGIN birdsong.internal.
-
-          birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 )
-          birdsong.internal. IN NS ns.birdsong.internal.
-
-          yevaud.c.birdsong.internal. IN A 10.127.1.1
-          yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
-
-          ns.birdsong.internal. IN A 10.127.1.1
-          ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
-        '';
-      };
-    };
-  };
-  networking.resolvconf.useLocalResolver = false;
-  networking.firewall.allowedTCPPorts = [ 53 ];
-  networking.firewall.allowedUDPPorts = [ 53 ];
-}
--- a/services/distributed-builds.nix
+++ b/services/distributed-builds.nix
@ -35,7 +35,7 @@ in

    nix.buildMachines =
      (optional (elem "kalessin" cfg.builders) {
-        hostName = config.birdsong.hosts."kalessin".ipv4;
+        hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up
        sshUser = "remotebuild";
        sshKey = cfg.keyFile;
        systems = [ "aarch64-linux" ];
@ -43,7 +43,7 @@ in
        supportedFeatures = [ "big-parallel" ];
      })
      ++ (optional (elem "kilgharrah" cfg.builders) {
-        hostName = config.birdsong.hosts."kilgharrah".ipv4;
+        hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up
        sshUser = "remotebuild";
        sshKey = cfg.keyFile;
        systems = [ "x86_64-linux" ];