tailscale

2026-03-19 17:39:44 +02:00
parent eebf3f6159
commit 6b886eeea8
9 changed files with 89 additions and 70 deletions
--- a/modules/force.nix
+++ b/modules/force.nix
@@ -13,6 +13,8 @@
    ./stuff/zsh.nix
  ];

+  services.tailscale.enable = true;
+
  environment.systemPackages = with pkgs; [
    tmux
    gh
@@ -21,6 +23,7 @@
    openssl
    nss
    glibc
+    kitty
    nixfmt-rfc-style
    killall
    deno
--- a/modules/nixos/network.nix
+++ b/modules/nixos/network.nix
@@ -2,11 +2,14 @@

 {

-	#! Disable default nameservers to prevent ISP espionage
-	networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
+  #! Disable default nameservers to prevent ISP espionage
+  networking.nameservers = [
+    "1.1.1.1"
+    "1.0.0.1"
+  ];

-	networking.hostName = "ralsei-pc";
-	networking.networkmanager.enable = true;
-	networking.resolvconf.enable = false;
+  networking.hostName = "kris-server";
+  networking.networkmanager.enable = true;
+  networking.resolvconf.enable = false;

 }
--- a/modules/openclaw-fs.nix
+++ b/modules/openclaw-fs.nix
@@ -1,29 +1,13 @@
 { ... }:
 {
-  fileSystems =
-    let
-      bindRO = src: {
-        device = src;
-        fsType = "none";
-        options = [ "bind" "ro" ];
-      };
-      bindHide = src: {
-        device = "tmpfs";
-        fsType = "tmpfs";
-        options = [ "size=0" "mode=000" ];
-      };
-    in
-    {
-      "/home/openclaw/private/AT Protocol" = bindHide "/private/AT Protocol";
-      "/home/openclaw/private/cloudflared" = bindHide "/private/cloudflared";
-      "/home/openclaw/private/vaultwarden" = bindHide "/private/vaultwarden";
-      "/home/openclaw/protected" = bindHide "/protected";
-    };
-
  systemd.tmpfiles.rules = [
-    "d /home/openclaw/private 0750 openclaw openclaw -"
-    "d /home/openclaw/protected 0000 root root -"
-    "f /home/openclaw/private/tangled.env 0000 root root -"
-    "f /home/openclaw/private/cloudflared.pem 0000 root root -"
+    "d /private 0750 root root -"
+    "z /private/AT\x20Protocol 0700 root root -"
+    "z /private/cloudflared 0700 root root -"
+    "z /private/cloudflared.pem 0600 root root -"
+    "z /private/wafrn 0700 root root -"
+    "z /private/tangled.env 0600 root root -"
+    "z /private/vaultwarden 0700 root root -"
+    "z /protected 0700 root root -"
  ];
 }
--- a/modules/openclaw-user.nix
+++ b/modules/openclaw-user.nix
@@ -1,15 +1,3 @@
 { pkgs, ... }:
 {
-  users.users.openclaw = {
-    isSystemUser = false;
-    isNormalUser = true;
-    home = "/home/openclaw";
-    createHome = true;
-    group = "openclaw";
-    extraGroups = [ "docker" ];
-    shell = pkgs.bash;
-    description = "OpenClaw agent sandboxed user";
-  };
-
-  users.groups.openclaw = { };
 }