jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: loosed tailscale requirements and update README

Browse source
This commit is contained in:
Jet Pham 2026-02-18 23:30:06 -08:00
parent cc2036d95e
commit 902a0c0f0e
No known key found for this signature in database
3 changed files with 35 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

37
README.md
View file

@ -10,12 +10,35 @@ services:
- caddy (reverse proxy) - caddy (reverse proxy)
- grafana/prometheus (status.extremist.software) - grafana/prometheus (status.extremist.software)
deploy: ## Deployment
`nix run github:nix-community/nixos-anywhere -- --flake .#extremist-software --impure root@<ip>`
secrets: This repository uses **untracked secrets**, so you must build the system locally before deploying.
1. copy `secrets.nix.example` to `secrets.nix`.
2. fill in values (generate random keys for searx/tailscale).
3. `tailscaleKey` must be a **reusable** key.
repo uses `impure` build to load `secrets.nix` directly. no encrypted secrets in git. ### 1. Setup Secrets
1. `cp secrets/secrets.nix.example secrets/secrets.nix`
2. Fill in the values (generate random keys, etc).
- `tailscaleKey` must be a **Reusable** key from the Tailscale admin console.
### 2. Initial Install (Wite & Install)
Run this command to build and deploy. **Warning: Wipes the server disk.**
```bash
# Replace <TARGET_IP> with your server's IP
nix run github:nix-community/nixos-anywhere -- --store-paths \
$(nix build path:.#nixosConfigurations.extremist-software.config.system.build.diskoScript --impure --print-out-paths --no-link) \
$(nix build path:.#nixosConfigurations.extremist-software.config.system.build.toplevel --impure --print-out-paths --no-link) \
root@<TARGET_IP> | tee install.log
```
### 3. Update Existing Server (No Wipe)
Once the server is running NixOS, use `nixos-rebuild` to push updates. This is faster and doesn't wipe data.
```bash
# Update via IP
nixos-rebuild switch --flake path:.#extremist-software --target-host root@<TARGET_IP> --impure
# Update via Tailscale (Once tailored up)
nixos-rebuild switch --flake path:.#extremist-software --target-host root@extremist-software --impure
```
repo uses `impure` build to load `secrets/secrets.nix` directly. no encrypted secrets in git.

5
configuration.nix
View file

@ -58,4 +58,9 @@
# Secrets handled via ./secrets.nix importing to config.mySecrets # Secrets handled via ./secrets.nix importing to config.mySecrets
environment.etc."secrets/tailscale-auth".text = config.mySecrets.tailscaleKey; environment.etc."secrets/tailscale-auth".text = config.mySecrets.tailscaleKey;
services.tailscale.authKeyFile = "/etc/secrets/tailscale-auth"; services.tailscale.authKeyFile = "/etc/secrets/tailscale-auth";
# Allow Tailscale traffic
networking.firewall.trustedInterfaces = [ "tailscale0" ];
# Required for Tailscale subnet routing and exit nodes, and often helpful for connectivity
networking.firewall.checkReversePath = "loose";
} }

1
system
View file

@ -1 +0,0 @@
/nix/store/4yqza1r8m2ds7nr52838iysp0nx742np-nixos-system-extremist-software-26.05.20260217.0182a36