8cdad7d45c
This runs a headscale server on sanduny which lets users join their machines to the TVL tailscale network. This would theoretically let people communicate with each other on the internal network, but also more notably joined servers can advertise exit node capability so that we can have our own "VPN network", for starters with endpoints in Germany, UK and Russia (whitby, sanduny and koptevo respectively). This setup isn't fully stable yet, notably: * The IP range used by tailscale is just the default one right now, I'm not sure if that should be changed or what. * The system is stateful (on sanduny), but the state is not (yet) backed up anywhere. Use with caution. * Machine joining is a manual process requiring SSH & root access to sanduny. The process is to log in to sanduny, then get a headscale shell with `sudo -u headscale bash`, and to use the `headscale` CLI within there to administrate access. I've opted to create a user account `tvl` for TVL-owned machines, and a personal account for myself and my machines. Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI |
||
|---|---|---|
| .. | ||
| tvl-slapd | ||
| www | ||
| .skip-subtree | ||
| atward.nix | ||
| auto-deploy.nix | ||
| automatic-gc.nix | ||
| cgit.nix | ||
| clbot.nix | ||
| default-imports.nix | ||
| default.nix | ||
| depot-inbox.nix | ||
| depot-replica.nix | ||
| gerrit-queue.nix | ||
| irccat.nix | ||
| josh.nix | ||
| journaldriver.nix | ||
| known-hosts.nix | ||
| monorepo-gerrit.nix | ||
| nixery.nix | ||
| oauth2_proxy.nix | ||
| open_eid.nix | ||
| owothia.nix | ||
| panettone.nix | ||
| paroxysm.nix | ||
| prometheus-fail2ban-exporter.nix | ||
| quassel.nix | ||
| README.md | ||
| restic.nix | ||
| smtprelay.nix | ||
| sourcegraph.nix | ||
| tvl-buildkite.nix | ||
| tvl-cache.nix | ||
| tvl-headscale.nix | ||
| tvl-users.nix | ||
| v4l2loopback.nix | ||
NixOS modules
This folder contains various NixOS modules shared by our NixOS configurations.
It is not read by readTree.