feat(tazjin/nixos): set up yggdrasil on all physical machines

Change-Id: I1d722c6d2e6192c445e77cb9b186a5320c2a60ec Reviewed-on: https://cl.tvl.fyi/c/depot/+/12485 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2024-09-15 00:00:51 +03:00 · 2024-09-15 00:00:51 +03:00 · 0022285600
commit 0022285600
parent c9eeb7da70
3 changed files with 12 additions and 1 deletions
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@ -218,6 +218,10 @@ in
        Listen = true;
        Port = 9443; # yggd
      }];
+
+      AllowedPublicKeys = [
+        "573fd89392e2741ead4edd85034c91c88f1e560d991bbdbf1fccb6233db4d325" # koptevo
+      ];
    };
  };

--- a/users/tazjin/nixos/modules/home-config.nix
+++ b/users/tazjin/nixos/modules/home-config.nix
@ -6,7 +6,7 @@
  users.users.tazjin = {
    isNormalUser = true;
    createHome = true;
-    extraGroups = [ "wheel" "networkmanager" "video" "adbusers" ];
+    extraGroups = [ "wheel" "networkmanager" "video" "adbusers" "yggdrasil" ];
    uid = 1000;
    shell = pkgs.fish;
    initialHashedPassword = "$2b$05$1eBPdoIgan/C/L8JFqIHBuVscQyTKw1L/4VBlzlLvLBEf6CXS3EW6";
--- a/users/tazjin/nixos/modules/physical.nix
+++ b/users/tazjin/nixos/modules/physical.nix
@ -102,6 +102,13 @@ in
    # run manually patchelfed binaries
    environment.stub-ld.enable = false;

+    # Enable yggdrasil network.
+    services.yggdrasil = {
+      enable = true;
+      persistentKeys = true;
+      settings.IfName = "ygg0";
+    };
+
    programs = {
      fish.enable = true;
      mosh.enable = true;