Switch to tailscale

machines/cj/configuration.nix

@@ -153,6 +153,7 @@
         "127.0.0.0/8"     # localhost
         "192.168.0.0/16"  # LAN
         "160.91.241.229"  # lucky
+        "100.64.0.0"      # tailscale
       ];
     };
 
@@ -191,7 +192,7 @@
     vaultwarden = {
       enable = true;
       config = {  # https://github.com/dani-garcia/vaultwarden/blob/1.25.2/.env.template
-        DOMAIN = "https://vault.jhink.org";
+        DOMAIN = "http://100.64.0.2:8081";
         ROCKET_ADDRESS = "0.0.0.0";
         ROCKET_PORT = 8222;
         SIGNUPS_ALLOWED = false;

machines/cj/firewall.nix

@@ -4,13 +4,13 @@
     8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
     8585  # pihole web
     53 # pihole
-    #8123  # home-assistant
-    #3000  # gitea
+    8123  # home-assistant
+    3000  # gitea
     8081  # vaultwarden
     80 443  # reverse proxy
   ];
   allowedUDPPorts = [
-    22000 21027  # syncthing
+    #22000 21027  # syncthing
     3478 5514 10001 1900 123 # unifi
     53  # pihole
     80 443  # reverse proxy
@@ -18,4 +18,8 @@
   allowedUDPPortRanges = [
     { from = 5656; to = 5699; }  # unifi
   ];
+
+  # This should not really be necessary unless we use an exit node or subnet
+  # with tailscale I think.
+  checkReversePath = "loose";
 }

machines/cj/syncthing.nix

@@ -1,5 +1,5 @@
 {
-  enable = true;
+  enable = false;
   dataDir = "/serverdata/syncthing/";
   user = "jacob";
   group = "users";