-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwork.nix
43 lines (40 loc) · 1.35 KB
/
work.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# work-machine specific stuff - like env vars needed for netskope
{ pkgs, ... }:
{
environment.variables =
let
# this is all public keys, but IT doesn't want us throwing the bundle in
# public repos so this is just the path my work machines would both expect
# to find it.
path = "/Library/Application\ Support/Netskope/STAgent/data/netskope-cert-bundle.pem";
in
{
NIX_SSL_CERT_FILE = path;
CURL_CA_BUNDLE = path;
GIT_SSL_CAPATH = path;
GIT_SSL_CAINFO = path;
SSL_CERT_FILE = path;
NODE_EXTRA_CA_CERTS = path;
};
services.tailscale = {
enable = true;
package = pkgs.stdenv.mkDerivation {
pname = "tailscale-cp";
version = pkgs.tailscale.version;
src = pkgs.tailscale;
dontBuild = true;
installPhase = ''
mkdir -p $out/bin
cp $src/bin/tailscaled $out/bin/gvproxy
ln -s $out/bin/gvproxy $out/bin/tailscaled
ln -s $out/bin/gvproxy $out/bin/tailscale
'';
};
};
nix.settings.http2 = false;
# https://github.com/LnL7/nix-darwin/blob/master/modules/services/tailscale.nix#L66C2-L72C7
environment.etc."resolver/c.headscale.ehden.net".text = "nameserver 100.100.100.100";
environment.etc."resolver/c.headscale.ehden.net".knownSha256Hashes = [
"2c28f4fe3b4a958cd86b120e7eb799eee6976daa35b228c885f0630c55ef626c"
];
}