diff --git a/.sops.yaml b/.sops.yaml index 6536de1c..85ab6181 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -29,6 +29,12 @@ creation_rules: - *host_framework-server - *host_backups-rpi4 + - path_regex: secrets\/containers\/rdesktop\.yaml$ + key_groups: + - pgp: + - *user_albert + - *host_framework-server + - path_regex: secrets\/hosts\/milan-linode-01\.yaml$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index 9e1f0853..360c3159 100644 --- a/flake.nix +++ b/flake.nix @@ -59,18 +59,18 @@ milan-linode-01 = libx.mkHost { hostname = "milan-linode-01"; type = "small";}; framework-server = libx.mkHost { hostname = "framework-server"; }; nuc-server = libx.mkHost { hostname = "nuc-server"; }; - nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; unfree = true; desktop = "hyprland"; theme = "tokyo-night"; }; + nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; unfree = true; desktop = "hyprland"; theme = "tokyo-night"; }; nixos-framework = libx.mkHost { hostname = "nixos-framework"; unfree = true; desktop = "hyprland"; theme = "green"; }; backups-rpi4 = libx.mkHost { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; }; piaware-rpi4 = libx.mkHost { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; }; quitman-rpi4 = libx.mkHost { hostname = "quitman-rpi4"; system = "aarch64-linux"; type = "small"; }; }; homeConfigurations = { - "albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; }; - "albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; }; + "albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; type = "small"; }; + "albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; type = "small"; }; "albert@framework-server" = libx.mkHome { hostname = "framework-server"; }; - "albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; }; - "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; }; + "albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; }; + "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; }; "albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; }; "albert@backups-rpi4" = libx.mkHome { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; }; "albert@piaware-rpi4" = libx.mkHome { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; }; diff --git a/lib/default.nix b/lib/default.nix index 77e68414..dd80908b 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, outputs, stateVersion, hmStateVersion , ... }: { +{ lib ? lib, self, inputs, outputs, stateVersion, hmStateVersion , ... }: { deploy = { hostname, system ? "x86_64-linux", @@ -44,7 +44,10 @@ pkgs-unstable ? import inputs.nixpkgs-unstable { inherit system; config.allowUnfree = unfree; hostPlatform = system; } }: { - bindMounts = import ../nixos/containers/${hostname}/mounts.nix; + bindMounts = lib.mkMerge [ + ( import ../nixos/containers/mounts.nix ) + ( import ../nixos/containers/${hostname}/mounts.nix ) + ]; autoStart = true; privateNetwork = false; specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; }; diff --git a/nixos/containers/default.nix b/nixos/containers/default.nix index d32084d0..60e0b429 100644 --- a/nixos/containers/default.nix +++ b/nixos/containers/default.nix @@ -3,7 +3,22 @@ ./${hostname} ../users/${username} ../common/modules/nixos.nix - ../common/modules/networking.nix + ../common/modules/networking.nix + # Services + ../common/services/promtail.nix + ../common/services/telegraf.nix + ../common/services/tailscale.nix ]; + # Generic Tailscale configs are in /nixos/common/services/tailscale.nix + # Set up the secrets file: + sops.secrets."tailscale_key" = { + owner = "root"; + sopsFile = ../../../secrets/containers/${hostname}.yaml; + restartUnits = [ + "tailscaled.service" + "tailscaled-autoconnect.service" + ]; + }; + services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; networking.hostName = "${hostname}"; } diff --git a/nixos/containers/rdesktop/mounts.nix b/nixos/containers/rdesktop/mounts.nix index f6040fa0..cf3cfbbb 100644 --- a/nixos/containers/rdesktop/mounts.nix +++ b/nixos/containers/rdesktop/mounts.nix @@ -1,7 +1,5 @@ -{ - "/etc/nixos/git" = { - hostPath = "/etc/nixos/git"; - mountPoint = "/etc/nixos/git"; - isReadOnly = false; - }; +"/etc/nixos/git" = { + hostPath = "/etc/nixos/git"; + mountPoint = "/etc/nixos/git"; + isReadOnly = false; } diff --git a/nixos/hosts/framework-server/containers.nix b/nixos/hosts/framework-server/containers.nix index 56889719..5adc564d 100644 --- a/nixos/hosts/framework-server/containers.nix +++ b/nixos/hosts/framework-server/containers.nix @@ -1,9 +1,7 @@ -{ self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }: +{ lib, self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }: let - libx = import ../../../lib { inherit self inputs outputs stateVersion hmStateVersion; }; + libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; in { - # TODO: Set up Tailscale key - # Set up the bridge network: containers = { rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };