evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: headscale acl, chore: upgrade pi coding agent

Browse Source
This commit is contained in:
Evan Reichard
2026-06-19 21:42:18 -04:00
parent edc68d4660
commit cfe0975055
4 changed files with 49 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
systems/aarch64-linux/lin-o1-headscale/acl.hujson Normal file
View File

@@ -0,0 +1,35 @@
{
"tagOwners": {
"tag:mobile": ["evan@"],
},
"hosts": {
"lan-route": "10.0.0.0/16",
},
"acls": [
// 10.0.0.0/16
{
"action": "accept",
"src": ["tag:mobile"],
"dst": ["lan-route:*"],
},
// Main Net
{
"action": "accept",
"src": ["*"],
"dst": [
"100.64.0.0/10:*",
"fd7a:115c:a1e0::/48:*",
],
},
// Exit Nodes
{
"action": "accept",
"src": ["*"],
"dst": ["autogroup:internet:*"],
},
],
}

7
systems/aarch64-linux/lin-o1-headscale/default.nix
View File

@@ -1,5 +1,4 @@
{ namespace
, config
, pkgs
, lib
, modulesPath
@@ -7,8 +6,6 @@
}:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
@@ -23,6 +20,9 @@ in
efiInstallAsRemovable = true;
};
# Legacy Partion Name
fileSystems."/boot".device = lib.mkForce "/dev/disk/by-partlabel/disk-main-ESP";
reichard = {
nix = enabled;
@@ -39,6 +39,7 @@ in
headscale = {
enable = true;
openFirewall = true;
policy = ./acl.hujson;
};
tailscale = {
enable = true;