nix/nixos/containers/default.nix

{ pkgs, lib, stateVersion, hostname, username, ... }: {
  imports = [
    ./${hostname}
    ../users/${username}
    ../common/modules/nixos.nix
    ../common/modules/networking.nix
    # Services
    ../common/services/promtail.nix
    ../common/services/telegraf.nix
    ../common/services/tailscale.nix
    ../common/services/openssh.nix
  ];

  boot.isContainer = true;
  networking.hostName = "${hostname}";
  system.stateVersion = stateVersion;

  # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
  networking.useHostResolvConf = lib.mkForce false;
  services.resolved.enable = true;

  # Set up the secrets file:
 sops.secrets."tailscale_key" = {
    owner = "root";
    sopsFile = ../../secrets/containers/${hostname}.yaml;
    restartUnits = [ 
      "tailscaled.service"
      "tailscaled-autoconnect.service" 
    ];
  };

  services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
  systemd.services.tailscaled.enable = lib.mkForce false;

  services.tailscale = {
    enable = true;
    interfaceName = "tailscale0-${hostname}";
    extraUpFlags = [
      "--login-server=https://headscale.sysctl.io"
      "--accept-dns"
      "--accept-routes"
    ];
  };
 
  systemd.services = {
    "tailscaled-custom" = {
      enable = true;
      path = [ pkgs.tailscale ];
      script = ''tailscaled -no-logs-no-support -tun=userspace'';
      after = [ "network.target" ];
      wantedBy = [ "tailscaled-autoconnect.service" ];
      serviceConfig.Restart = "on-failure";
      serviceConfig.Type = "oneshot";
      serviceConfig.User = "root";
      serviceConfig.Group = "wheel";
    };
  };
}
Test 2024-03-30 07:27:21 +01:00			`{ pkgs, lib, stateVersion, hostname, username, ... }: {`
test 2024-03-21 12:27:53 +01:00			`imports = [`
Testing 2024-03-21 10:51:41 +01:00			`./${hostname}`
			`../users/${username}`
			`../common/modules/nixos.nix`
Test 2024-03-30 07:27:21 +01:00			`../common/modules/networking.nix`
			`# Services`
			`../common/services/promtail.nix`
			`../common/services/telegraf.nix`
			`../common/services/tailscale.nix`
			`../common/services/openssh.nix`
Testing 2024-03-21 10:51:41 +01:00			`];`
Test 2024-03-30 07:27:21 +01:00
			`boot.isContainer = true;`
			`networking.hostName = "${hostname}";`
			`system.stateVersion = stateVersion;`

			`# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686`
			`networking.useHostResolvConf = lib.mkForce false;`
			`services.resolved.enable = true;`

test 2024-03-25 03:53:39 +01:00			`# Set up the secrets file:`
Test 2024-03-30 07:27:21 +01:00			`sops.secrets."tailscale_key" = {`
test 2024-03-25 04:41:07 +01:00			`owner = "root";`
			`sopsFile = ../../secrets/containers/${hostname}.yaml;`
			`restartUnits = [`
			`"tailscaled.service"`
			`"tailscaled-autoconnect.service"`
			`];`
			`};`
update keys 2024-03-26 01:00:46 +01:00
test 2024-03-25 04:41:07 +01:00			`services.tailscale.authKeyFile = "/run/secrets/tailscale_key";`
Test 2024-03-30 07:27:21 +01:00			`systemd.services.tailscaled.enable = lib.mkForce false;`

			`services.tailscale = {`
			`enable = true;`
			`interfaceName = "tailscale0-${hostname}";`
			`extraUpFlags = [`
			`"--login-server=https://headscale.sysctl.io"`
			`"--accept-dns"`
			`"--accept-routes"`
			`];`
			`};`

			`systemd.services = {`
			`"tailscaled-custom" = {`
			`enable = true;`
			`path = [ pkgs.tailscale ];`
			`script = ''tailscaled -no-logs-no-support -tun=userspace'';`
			`after = [ "network.target" ];`
			`wantedBy = [ "tailscaled-autoconnect.service" ];`
			`serviceConfig.Restart = "on-failure";`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.User = "root";`
			`serviceConfig.Group = "wheel";`
			`};`
			`};`
Testing 2024-03-21 10:51:41 +01:00			`}`