From 7c4f625736d6f0ff4913b07a39c76461bfcb927e Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Thu, 25 Dec 2025 12:49:00 +0530 Subject: chore(flake/namescale): bump --- flake.lock | 85 +++++++++++++++++++++++++++++++++--- os/kay/modules/network/headscale.nix | 16 +++---- os/kay/secrets.yaml | 6 ++- 3 files changed, 91 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index bf001cc..0e557ea 100644 --- a/flake.lock +++ b/flake.lock @@ -114,6 +114,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -179,6 +195,28 @@ "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "namescale", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "headplane": { "inputs": { "devshell": "devshell", @@ -226,14 +264,15 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1760768972, - "narHash": "sha256-bNnfcWlRJ8HWxzyjMyFz0zb7RNyZ2NJdGPIu03Ds3lY=", + "lastModified": 1766292981, + "narHash": "sha256-9gI7101QbxiRRcnJX3qg4lCdLMfyWsHgnaF2sUiDUnA=", "owner": "sinanmohd", "repo": "namescale", - "rev": "12e26359e79cd3c88508b0f770d0e5136e53b176", + "rev": "4c261f660b5bd89b0864f997b2735971696e67a5", "type": "github" }, "original": { @@ -340,6 +379,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1764667669, "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", @@ -355,6 +410,26 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "alina": "alina", @@ -363,7 +438,7 @@ "home-manager": "home-manager", "namescale": "namescale", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "sops-nix": "sops-nix" } }, diff --git a/os/kay/modules/network/headscale.nix b/os/kay/modules/network/headscale.nix index 39007a4..077aa8b 100644 --- a/os/kay/modules/network/headscale.nix +++ b/os/kay/modules/network/headscale.nix @@ -29,7 +29,6 @@ let ]; }; tagOwners = { - "tag:namescale" = [ "group:owner" ]; "tag:internal" = [ "group:owner" ]; "tag:bud_clients" = [ "group:bud" ]; "tag:cusat" = [ "group:owner" ]; @@ -55,7 +54,7 @@ let { action = "accept"; src = [ "*" ]; - dst = [ "tag:namescale:${toString config.services.namescale.settings.port}" ]; + dst = [ "namescale@:53" ]; } { action = "accept"; @@ -100,6 +99,7 @@ in # server "headplane/cookie_secret".owner = config.services.headscale.user; "headplane/preauth_key".owner = config.services.headscale.user; + "namescale/preauth_key" = { }; "headscale/noise_private_key".owner = config.services.headscale.user; "headscale/derp_private_key".owner = config.services.headscale.user; # client @@ -134,7 +134,8 @@ in base_domain = "tsnet.${config.global.userdata.domain}"; override_local_dns = false; nameservers.split."${config.services.headscale.settings.dns.base_domain}" = [ - config.services.namescale.settings.host + "100.64.0.12" + "fd7a:115c:a1e0::c" ]; }; derp = { @@ -184,17 +185,14 @@ in "--login-server=${url}" "--advertise-exit-node" "--advertise-routes=192.168.43.0/24,192.168.38.0/24" - "--advertise-tags=tag:internal,tag:namescale" + "--advertise-tags=tag:internal" ]; }; namescale = { enable = true; - settings = { - host = "100.64.0.6"; - port = 53; - base_domain = config.services.headscale.settings.dns.base_domain; - }; + environmentFile = config.sops.secrets."namescale/preauth_key".path; + settings.tsnet.coordination_server_url = url; }; }; } diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml index e16e01f..52a081d 100644 --- a/os/kay/secrets.yaml +++ b/os/kay/secrets.yaml @@ -17,6 +17,8 @@ mail.sinanmohd.com: headplane: cookie_secret: ENC[AES256_GCM,data:ZhUYeusYNPSkuA+CEHHmeRlCB3Y030J+1EpPs88coFs=,iv:Ck3CfLtkwskkwo8Ind+CuLtVARjHI4y3mZITfzCKPso=,tag:yhupLPeAyfBF6LtNqbJs2g==,type:str] preauth_key: ENC[AES256_GCM,data:XBtitZ0fb8mU7Z7aSP+RxUSDvyxqcfKYiq4bLa9WnKef1xEnQK0+l7QfrQAVRyqI,iv:G82b9GcdTTLF/+jVh4nx6Fu7mnMmKarF6Rc+AabaLwE=,tag:x7HMaJknnrA/SjTfYu6B4w==,type:str] +namescale: + preauth_key: ENC[AES256_GCM,data:tnPC+1YyFnQYFU6cqRUz70HaaExIgzQ/t9qHdukAsMPgDlxihLMpeIQcTfhPJYnMOBi734/ao9JTdNACjA==,iv:H5kWlzbbCtvx4Bb13sYPhwdmKBfs2iznjwSbxYhW8ws=,tag:bT5qj1F3+hO+B4Qvb9n0ow==,type:str] headscale: noise_private_key: ENC[AES256_GCM,data:pqh0alokNqQsG9Ghi/qZl3lEi45om8GV4uron4a5JriLrR/QiRKcZQFbMK2u1m4wLwAw57ugN/jXynATlW15vUWw4SAU+PtC,iv:j74JLjGDGbmN65YfARYisSa20ExBXVPUm+QKU4qk4rw=,tag:UUgthumk2/a4xJ14Ucok+A==,type:str] derp_private_key: ENC[AES256_GCM,data:EMt3RtQzqIY4i5S2S1kK0kxu0wMt3/bBcpaEc3YP0Cmj8F4yZECOaDUYk4dM2QsfmoP84plktAqIrM4MSiY94lQpqRoCvTru,iv:NU/nVFQxBQTou0mf5xvLmlda8hzJfoCRiU1vCgJGyyc=,tag:IEDCDy6ifL+ulYzp7qr3vg==,type:str] @@ -45,7 +47,7 @@ sops: bGRaOE1Mc3VqVnYyd0xIVGl5ckpqRFkKpT2gTC4lf9HRQNJDykdGjPdfH+V8og7X XHq1XqIRoRbulZifuZlmzN/RWMPIoBYkXeHfqaMjmTz5HIBcnO/t9g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-14T07:00:06Z" - mac: ENC[AES256_GCM,data:HoxBmhIWBaapyqQfpmd1tAOJMxaLELzjFBjzlJPvMWXyioXiyPxHtb8lMEPgrlafeD5CLWi2MMw5NXElmtX4SZ8Ngh4cPhF00uQeXm9FqyTYSPPhakctg1ZxB+5h/++JywjOlbPooiP+3Iua0z8wQGWzVgSKj6DVeplDvqcNjHI=,iv:pQbNCOJUz9xtSGbdhS2ESkD6SkFUKfTRw15baTX7hAo=,tag:Y0JT6Q/FHHFYmp4gQ8krxQ==,type:str] + lastmodified: "2025-12-21T04:59:01Z" + mac: ENC[AES256_GCM,data:29NqEWR9XTcCxXSD46Gw7xNnvj0sF662vj594Ca4abMPxo+zKLSDXqQsg6KHv9Wgmj28TMvYlpivASbQxw6jvaX9cAvoJHAd7/nJCVnXaawgTJcuuGOUFIvSpdmN4JoamF9seUXkwTjMlCzvRArHhA0JwCcv98APUPRR2FNcw6g=,iv:A1r0/BgMAcue4ENtNMTsGL+Ovgox3XovzDrJaRngbJc=,tag:q11zVu6Lfneecv/fpQ+9sw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 -- cgit v1.2.3