chore(flake/namescale): bump

author: sinanmohd <sinan@sinanmohd.com> 2025-12-25 12:49:00 +0530
committer: sinanmohd <sinan@sinanmohd.com> 2025-12-25 12:49:10 +0530
commit: 7c4f625736d6f0ff4913b07a39c76461bfcb927e (patch)
tree: fa9c845480c79c98ecb71e77b889f66f219509c2 /os
parent: cdca789f6d8a23dd1023599b15b6516085541183 (diff)
2 files changed, 11 insertions, 11 deletions
diff --git a/os/kay/modules/network/headscale.nix b/os/kay/modules/network/headscale.nix
index 39007a4..077aa8b 100644
--- a/os/kay/modules/network/headscale.nix
+++ b/os/kay/modules/network/headscale.nix
@@ -29,7 +29,6 @@ let
       ];
     };
     tagOwners = {
-      "tag:namescale" = [ "group:owner" ];
       "tag:internal" = [ "group:owner" ];
       "tag:bud_clients" = [ "group:bud" ];
       "tag:cusat" = [ "group:owner" ];
@@ -55,7 +54,7 @@ let
       {
         action = "accept";
         src = [ "*" ];
-        dst = [ "tag:namescale:${toString config.services.namescale.settings.port}" ];
+        dst = [ "namescale@:53" ];
       }
       {
         action = "accept";
@@ -100,6 +99,7 @@ in
     # server
     "headplane/cookie_secret".owner = config.services.headscale.user;
     "headplane/preauth_key".owner = config.services.headscale.user;
+    "namescale/preauth_key" = { };
     "headscale/noise_private_key".owner = config.services.headscale.user;
     "headscale/derp_private_key".owner = config.services.headscale.user;
     # client
@@ -134,7 +134,8 @@ in
           base_domain = "tsnet.${config.global.userdata.domain}";
           override_local_dns = false;
           nameservers.split."${config.services.headscale.settings.dns.base_domain}" = [
-            config.services.namescale.settings.host
+            "100.64.0.12"
+            "fd7a:115c:a1e0::c"
           ];
         };
         derp = {
@@ -184,17 +185,14 @@ in
         "--login-server=${url}"
         "--advertise-exit-node"
         "--advertise-routes=192.168.43.0/24,192.168.38.0/24"
-        "--advertise-tags=tag:internal,tag:namescale"
+        "--advertise-tags=tag:internal"
       ];
     };
 
     namescale = {
       enable = true;
-      settings = {
-        host = "100.64.0.6";
-        port = 53;
-        base_domain = config.services.headscale.settings.dns.base_domain;
-      };
+      environmentFile = config.sops.secrets."namescale/preauth_key".path;
+      settings.tsnet.coordination_server_url = url;
     };
   };
 }
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index e16e01f..52a081d 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -17,6 +17,8 @@ mail.sinanmohd.com:
 headplane:
     cookie_secret: ENC[AES256_GCM,data:ZhUYeusYNPSkuA+CEHHmeRlCB3Y030J+1EpPs88coFs=,iv:Ck3CfLtkwskkwo8Ind+CuLtVARjHI4y3mZITfzCKPso=,tag:yhupLPeAyfBF6LtNqbJs2g==,type:str]
     preauth_key: ENC[AES256_GCM,data:XBtitZ0fb8mU7Z7aSP+RxUSDvyxqcfKYiq4bLa9WnKef1xEnQK0+l7QfrQAVRyqI,iv:G82b9GcdTTLF/+jVh4nx6Fu7mnMmKarF6Rc+AabaLwE=,tag:x7HMaJknnrA/SjTfYu6B4w==,type:str]
+namescale:
+    preauth_key: ENC[AES256_GCM,data:tnPC+1YyFnQYFU6cqRUz70HaaExIgzQ/t9qHdukAsMPgDlxihLMpeIQcTfhPJYnMOBi734/ao9JTdNACjA==,iv:H5kWlzbbCtvx4Bb13sYPhwdmKBfs2iznjwSbxYhW8ws=,tag:bT5qj1F3+hO+B4Qvb9n0ow==,type:str]
 headscale:
     noise_private_key: ENC[AES256_GCM,data:pqh0alokNqQsG9Ghi/qZl3lEi45om8GV4uron4a5JriLrR/QiRKcZQFbMK2u1m4wLwAw57ugN/jXynATlW15vUWw4SAU+PtC,iv:j74JLjGDGbmN65YfARYisSa20ExBXVPUm+QKU4qk4rw=,tag:UUgthumk2/a4xJ14Ucok+A==,type:str]
     derp_private_key: ENC[AES256_GCM,data:EMt3RtQzqIY4i5S2S1kK0kxu0wMt3/bBcpaEc3YP0Cmj8F4yZECOaDUYk4dM2QsfmoP84plktAqIrM4MSiY94lQpqRoCvTru,iv:NU/nVFQxBQTou0mf5xvLmlda8hzJfoCRiU1vCgJGyyc=,tag:IEDCDy6ifL+ulYzp7qr3vg==,type:str]
@@ -45,7 +47,7 @@ sops:
             bGRaOE1Mc3VqVnYyd0xIVGl5ckpqRFkKpT2gTC4lf9HRQNJDykdGjPdfH+V8og7X
             XHq1XqIRoRbulZifuZlmzN/RWMPIoBYkXeHfqaMjmTz5HIBcnO/t9g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-14T07:00:06Z"
-    mac: ENC[AES256_GCM,data:HoxBmhIWBaapyqQfpmd1tAOJMxaLELzjFBjzlJPvMWXyioXiyPxHtb8lMEPgrlafeD5CLWi2MMw5NXElmtX4SZ8Ngh4cPhF00uQeXm9FqyTYSPPhakctg1ZxB+5h/++JywjOlbPooiP+3Iua0z8wQGWzVgSKj6DVeplDvqcNjHI=,iv:pQbNCOJUz9xtSGbdhS2ESkD6SkFUKfTRw15baTX7hAo=,tag:Y0JT6Q/FHHFYmp4gQ8krxQ==,type:str]
+    lastmodified: "2025-12-21T04:59:01Z"
+    mac: ENC[AES256_GCM,data:29NqEWR9XTcCxXSD46Gw7xNnvj0sF662vj594Ca4abMPxo+zKLSDXqQsg6KHv9Wgmj28TMvYlpivASbQxw6jvaX9cAvoJHAd7/nJCVnXaawgTJcuuGOUFIvSpdmN4JoamF9seUXkwTjMlCzvRArHhA0JwCcv98APUPRR2FNcw6g=,iv:A1r0/BgMAcue4ENtNMTsGL+Ovgox3XovzDrJaRngbJc=,tag:q11zVu6Lfneecv/fpQ+9sw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0
author	sinanmohd <sinan@sinanmohd.com>	2025-12-25 12:49:00 +0530
committer	sinanmohd <sinan@sinanmohd.com>	2025-12-25 12:49:10 +0530
commit	7c4f625736d6f0ff4913b07a39c76461bfcb927e (patch)
tree	fa9c845480c79c98ecb71e77b889f66f219509c2 /os
parent	cdca789f6d8a23dd1023599b15b6516085541183 (diff)