2024-04-07 01:42:00 +02:00
|
|
|
{ ip, config, pkgs, stateVersion, hostname, username, ... }: {
|
2024-03-21 12:27:53 +01:00
|
|
|
imports = [
|
2024-03-21 10:51:41 +01:00
|
|
|
./${hostname}
|
2024-04-07 01:42:00 +02:00
|
|
|
# Modules
|
2024-03-21 10:51:41 +01:00
|
|
|
../common/modules/nixos.nix
|
2024-04-07 01:42:00 +02:00
|
|
|
../common/modules/networking.nix
|
2024-03-30 07:27:21 +01:00
|
|
|
# Services
|
|
|
|
../common/services/promtail.nix
|
|
|
|
../common/services/telegraf.nix
|
|
|
|
../common/services/openssh.nix
|
2024-04-07 14:05:15 +02:00
|
|
|
../common/services/gnupg-agent.nix
|
2024-03-21 10:51:41 +01:00
|
|
|
];
|
2024-03-30 07:27:21 +01:00
|
|
|
|
2024-04-07 01:42:00 +02:00
|
|
|
networking.interfaces.eth0.ipv4.addresses = [{
|
|
|
|
address = "192.168.2.${ip}";
|
|
|
|
prefixLength = 24;
|
|
|
|
}];
|
|
|
|
|
|
|
|
# We can access the internet through this interface.
|
|
|
|
networking.defaultGateway = {
|
|
|
|
address = "192.168.2.1";
|
|
|
|
interface = "eth0";
|
|
|
|
};
|
|
|
|
|
2024-03-30 07:27:21 +01:00
|
|
|
boot.isContainer = true;
|
|
|
|
system.stateVersion = stateVersion;
|
2024-04-05 15:51:54 +02:00
|
|
|
networking.hostName = "${hostname}";
|
2024-03-30 07:27:21 +01:00
|
|
|
|
2024-03-25 03:53:39 +01:00
|
|
|
# Set up the secrets file:
|
2024-04-07 01:42:00 +02:00
|
|
|
sops.secrets."tailscale_key" = {
|
2024-03-25 04:41:07 +01:00
|
|
|
owner = "root";
|
|
|
|
sopsFile = ../../secrets/containers/${hostname}.yaml;
|
|
|
|
restartUnits = [
|
|
|
|
"tailscaled.service"
|
|
|
|
"tailscaled-autoconnect.service"
|
|
|
|
];
|
|
|
|
};
|
2024-03-26 01:00:46 +01:00
|
|
|
|
2024-04-05 15:51:54 +02:00
|
|
|
services.tailscale = {
|
|
|
|
enable = true;
|
2024-04-07 01:42:00 +02:00
|
|
|
interfaceName = "tailscale0";
|
|
|
|
extraUpFlags = [
|
|
|
|
"--login-server=https://headscale.sysctl.io"
|
|
|
|
"--accept-dns"
|
|
|
|
"--accept-routes"
|
|
|
|
];
|
2024-04-05 15:51:54 +02:00
|
|
|
};
|
2024-04-07 01:42:00 +02:00
|
|
|
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
|
|
|
networking.firewall.checkReversePath = "loose";
|
|
|
|
networking.extraHosts = ''
|
|
|
|
100.64.0.14 influx.sysctl.io
|
|
|
|
100.64.0.14 loki.sysctl.io
|
2024-04-07 14:05:15 +02:00
|
|
|
'';
|
|
|
|
# Select internationalisation properties.
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
i18n.extraLocaleSettings = {
|
|
|
|
LC_ADDRESS = "en_US.UTF-8";
|
|
|
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
|
|
LC_MEASUREMENT = "en_US.UTF-8";
|
|
|
|
LC_MONETARY = "en_US.UTF-8";
|
|
|
|
LC_NAME = "en_US.UTF-8";
|
|
|
|
LC_NUMERIC = "en_US.UTF-8";
|
|
|
|
LC_PAPER = "en_US.UTF-8";
|
|
|
|
LC_TELEPHONE = "en_US.UTF-8";
|
|
|
|
LC_TIME = "en_US.UTF-8";
|
|
|
|
};
|
|
|
|
|
2024-03-21 10:51:41 +01:00
|
|
|
}
|