From f58dd6da01cf1f873bf66deb8d9d164308306ea7 Mon Sep 17 00:00:00 2001 From: Jacob Hinkle Date: Tue, 23 Jan 2024 12:51:40 -0500 Subject: [PATCH] Switch to tailscale --- machines/cj/configuration.nix | 3 ++- machines/cj/firewall.nix | 10 +++++++--- machines/cj/syncthing.nix | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix index 0e466f1..dd074d1 100644 --- a/machines/cj/configuration.nix +++ b/machines/cj/configuration.nix @@ -153,6 +153,7 @@ "127.0.0.0/8" # localhost "192.168.0.0/16" # LAN "160.91.241.229" # lucky + "100.64.0.0" # tailscale ]; }; @@ -191,7 +192,7 @@ vaultwarden = { enable = true; config = { # https://github.com/dani-garcia/vaultwarden/blob/1.25.2/.env.template - DOMAIN = "https://vault.jhink.org"; + DOMAIN = "http://100.64.0.2:8081"; ROCKET_ADDRESS = "0.0.0.0"; ROCKET_PORT = 8222; SIGNUPS_ALLOWED = false; diff --git a/machines/cj/firewall.nix b/machines/cj/firewall.nix index e01061a..1b92c1e 100644 --- a/machines/cj/firewall.nix +++ b/machines/cj/firewall.nix @@ -4,13 +4,13 @@ 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference 8585 # pihole web 53 # pihole - #8123 # home-assistant - #3000 # gitea + 8123 # home-assistant + 3000 # gitea 8081 # vaultwarden 80 443 # reverse proxy ]; allowedUDPPorts = [ - 22000 21027 # syncthing + #22000 21027 # syncthing 3478 5514 10001 1900 123 # unifi 53 # pihole 80 443 # reverse proxy @@ -18,4 +18,8 @@ allowedUDPPortRanges = [ { from = 5656; to = 5699; } # unifi ]; + + # This should not really be necessary unless we use an exit node or subnet + # with tailscale I think. + checkReversePath = "loose"; } diff --git a/machines/cj/syncthing.nix b/machines/cj/syncthing.nix index 57f2e64..6d34cf9 100644 --- a/machines/cj/syncthing.nix +++ b/machines/cj/syncthing.nix @@ -1,5 +1,5 @@ { - enable = true; + enable = false; dataDir = "/serverdata/syncthing/"; user = "jacob"; group = "users";