nix/nixos/containers/default.nix

{ ip, stateVersion, hostname, ... }: {
  imports = [
    ./${hostname}
    # Modules
    ../common/modules/nixos.nix
    ../common/modules/networking.nix
    # Services
    ../common/services/promtail.nix
    ../common/services/telegraf.nix
    ../common/services/openssh.nix
    ../common/services/gnupg-agent.nix
  ];

  networking.interfaces.eth0.ipv4.addresses = [{
    address = "192.168.2.${ip}";
    prefixLength = 24;
  }];

  programs.fish.enable = true;
  time.timeZone = "Asia/Tokyo";
  
  # We can access the internet through this interface.
  networking.defaultGateway = {
    address = "192.168.2.1";
    interface = "eth0";
  };

  boot.isContainer = true;
  system.stateVersion = stateVersion;
  networking.hostName = "${hostname}";

  # Set up the secrets file:
  sops.secrets."tailscale_key" = {
    owner = "root";
    sopsFile = ../../secrets/containers/${hostname}.yaml;
    restartUnits = [ 
      "tailscaled.service"
      "tailscaled-autoconnect.service" 
    ];
  };

  services.tailscale = {
    enable = true;
    authKeyFile = "/run/secrets/tailscale_key";
    interfaceName = "tailscale0";
    extraUpFlags = [
      "--login-server=https://headscale.sysctl.io"
      "--accept-dns"
      "--accept-routes"
    ];
  };
  
  networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
  networking.firewall.checkReversePath = "loose";
  networking.extraHosts = ''
    100.64.0.14 influx.sysctl.io
    100.64.0.14 loki.sysctl.io
  '';

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

}
Various updates 2024-04-08 11:23:23 +09:00			`{ ip, stateVersion, hostname, ... }: {`
test 2024-03-21 20:27:53 +09:00			`imports = [`
Testing 2024-03-21 18:51:41 +09:00			`./${hostname}`
Working containers! 2024-04-07 08:42:00 +09:00			`# Modules`
Testing 2024-03-21 18:51:41 +09:00			`../common/modules/nixos.nix`
Working containers! 2024-04-07 08:42:00 +09:00			`../common/modules/networking.nix`
Test 2024-03-30 15:27:21 +09:00			`# Services`
			`../common/services/promtail.nix`
			`../common/services/telegraf.nix`
			`../common/services/openssh.nix`
Various updates 2024-04-07 21:05:15 +09:00			`../common/services/gnupg-agent.nix`
Testing 2024-03-21 18:51:41 +09:00			`];`
Test 2024-03-30 15:27:21 +09:00
Working containers! 2024-04-07 08:42:00 +09:00			`networking.interfaces.eth0.ipv4.addresses = [{`
			`address = "192.168.2.${ip}";`
			`prefixLength = 24;`
			`}];`

Updates 2024-04-29 12:32:15 +09:00			`programs.fish.enable = true;`
			`time.timeZone = "Asia/Tokyo";`

Working containers! 2024-04-07 08:42:00 +09:00			`# We can access the internet through this interface.`
			`networking.defaultGateway = {`
			`address = "192.168.2.1";`
			`interface = "eth0";`
			`};`

Test 2024-03-30 15:27:21 +09:00			`boot.isContainer = true;`
			`system.stateVersion = stateVersion;`
Well it's broken again... 2024-04-05 22:51:54 +09:00			`networking.hostName = "${hostname}";`
Test 2024-03-30 15:27:21 +09:00
test 2024-03-25 11:53:39 +09:00			`# Set up the secrets file:`
Working containers! 2024-04-07 08:42:00 +09:00			`sops.secrets."tailscale_key" = {`
test 2024-03-25 12:41:07 +09:00			`owner = "root";`
			`sopsFile = ../../secrets/containers/${hostname}.yaml;`
			`restartUnits = [`
			`"tailscaled.service"`
			`"tailscaled-autoconnect.service"`
			`];`
			`};`
update keys 2024-03-26 09:00:46 +09:00
Well it's broken again... 2024-04-05 22:51:54 +09:00			`services.tailscale = {`
			`enable = true;`
update rdesktop tailscale 2024-05-08 19:21:23 +09:00			`authKeyFile = "/run/secrets/tailscale_key";`
Working containers! 2024-04-07 08:42:00 +09:00			`interfaceName = "tailscale0";`
			`extraUpFlags = [`
			`"--login-server=https://headscale.sysctl.io"`
			`"--accept-dns"`
			`"--accept-routes"`
			`];`
Well it's broken again... 2024-04-05 22:51:54 +09:00			`};`
update rdesktop tailscale 2024-05-08 19:21:23 +09:00
Working containers! 2024-04-07 08:42:00 +09:00			`networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];`
			`networking.firewall.checkReversePath = "loose";`
			`networking.extraHosts = ''`
			`100.64.0.14 influx.sysctl.io`
			`100.64.0.14 loki.sysctl.io`
Random Updates 2024-06-27 17:28:29 +09:00			`'';`

Various updates 2024-04-07 21:05:15 +09:00			`# Select internationalisation properties.`
			`i18n.defaultLocale = "en_US.UTF-8";`
			`i18n.extraLocaleSettings = {`
			`LC_ADDRESS = "en_US.UTF-8";`
			`LC_IDENTIFICATION = "en_US.UTF-8";`
			`LC_MEASUREMENT = "en_US.UTF-8";`
			`LC_MONETARY = "en_US.UTF-8";`
			`LC_NAME = "en_US.UTF-8";`
			`LC_NUMERIC = "en_US.UTF-8";`
			`LC_PAPER = "en_US.UTF-8";`
			`LC_TELEPHONE = "en_US.UTF-8";`
			`LC_TIME = "en_US.UTF-8";`
			`};`

Testing 2024-03-21 18:51:41 +09:00			`}`