micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stage #20

Merged
micqdf merged 5 commits from stage into master 2026-02-28 01:01:31 +00:00
Conversation 0 Commits 5 Files Changed 4 +49
2 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 595df12b3e - Show all commits

21
.gitea/workflows/terraform-apply.yml
View File

@@ -37,3 +37,24 @@ jobs:
- name: Terraform Apply - name: Terraform Apply
working-directory: terraform working-directory: terraform
run: terraform apply -auto-approve run: terraform apply -auto-approve
- name: Enroll VMs in Tailscale
env:
TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
TAILSCALE_ENROLL_HOSTS: ${{ secrets.TAILSCALE_ENROLL_HOSTS }}
VM_SSH_PRIVATE_KEY: ${{ secrets.VM_SSH_PRIVATE_KEY }}
run: |
if [ -z "$TS_AUTHKEY" ] || [ -z "$TAILSCALE_ENROLL_HOSTS" ] || [ -z "$VM_SSH_PRIVATE_KEY" ]; then
echo "Skipping Tailscale enrollment (missing TS_AUTHKEY, TAILSCALE_ENROLL_HOSTS, or VM_SSH_PRIVATE_KEY)."
exit 0
fi
install -m 700 -d ~/.ssh
printf '%s\n' "$VM_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
for host in $(printf '%s' "$TAILSCALE_ENROLL_HOSTS" | tr ',' ' '); do
echo "Enrolling $host into Tailscale"
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
"echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null && sudo chmod 600 /etc/tailscale/authkey && sudo systemctl start tailscale-firstboot.service"
done

28
nixos/template-base/configuration.nix
View File

@@ -39,6 +39,33 @@
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
systemd.services.tailscale-firstboot = {
description = "One-time Tailscale enrollment";
after = [ "network-online.target" "tailscaled.service" ];
wants = [ "network-online.target" "tailscaled.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
if [ -f /var/lib/tailscale/.joined ]; then
exit 0
fi
if [ ! -s /etc/tailscale/authkey ]; then
exit 0
fi
key="$(cat /etc/tailscale/authkey)"
${pkgs.tailscale}/bin/tailscale up --auth-key="$key" --hostname="$(hostname)"
install -d -m 0700 /var/lib/tailscale
touch /var/lib/tailscale/.joined
rm -f /etc/tailscale/authkey
'';
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
btop btop
curl curl
@@ -50,6 +77,7 @@
htop htop
jq jq
ripgrep ripgrep
tailscale
tree tree
unzip unzip
vim vim