use tailscale auth for hledger

2025-06-10 23:26:27 +03:00
parent 4d91990ea1
commit 269bb6ac6a
6 changed files with 93 additions and 22 deletions
--- a/hosts/freun-dev/configuration.nix
+++ b/hosts/freun-dev/configuration.nix
@@ -36,14 +36,26 @@ in
  networking.useDHCP = false;
  networking.nftables.enable = true;

-  services.octodns.records."" = {
-    A = {
-      ttl = 86400;
-      values = [ ipv4Address ];
+  services.octodns.records = {
+    "" = {
+      A = {
+        ttl = 86400;
+        values = [ ipv4Address ];
+      };
+      AAAA = {
+        ttl = 86400;
+        values = [ ipv6Address ];
+      };
    };
-    AAAA = {
-      ttl = 86400;
-      values = [ ipv6Address ];
+    "ts" = {
+      A = {
+        ttl = 86400;
+        values = [ "100.84.105.63" ];
+      };
+      AAAA = {
+        ttl = 86400;
+        values = [ "fd7a:115c:a1e0::7901:693f" ];
+      };
    };
  };

--- a/hosts/freun-dev/secrets.nix
+++ b/hosts/freun-dev/secrets.nix
@@ -26,6 +26,7 @@
          "mosquitto/mokkimaatti"
          "gitlab-runner/default"
          "gitlab-runner/docker"
+          "hetzner"
        ]
    )
    // {
--- a/hosts/freun-dev/services.nix
+++ b/hosts/freun-dev/services.nix
@@ -19,6 +19,7 @@ in
 {
  virtualisation.podman.enable = true;
  virtualisation.oci-containers.backend = "podman";
+  security.acme.defaults.environmentFile = secrets.hetzner.path;

  modules.storageBoxMounts = {
    ${immichDataDir} = {
@@ -387,12 +388,17 @@ in
      enable = true;
      subdomain = "ledger";
      stateDir = "${syncthingDataDir}/ledger";
-      basicAuthFile = secrets.hledger-basic-auth.path;
      user = config.systemd.services.syncthing.serviceConfig.User;
      group = config.systemd.services.syncthing.serviceConfig.Group;
+      extraOptions = [ "--forecast" ];
      journalFiles = [
        "main.ldg"
      ];
    };
+
+    webserver = {
+      acme.dnsChallenge = true;
+      tailscaleAuth.expectedTailnet = "tempel-vibes.ts.net";
+    };
  };
 }