This commit is contained in:
albert 2024-03-25 11:53:39 +09:00
parent dd2e858b64
commit 78c70dc4ef
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
6 changed files with 38 additions and 18 deletions

View file

@ -29,6 +29,12 @@ creation_rules:
- *host_framework-server
- *host_backups-rpi4
- path_regex: secrets\/containers\/rdesktop\.yaml$
key_groups:
- pgp:
- *user_albert
- *host_framework-server
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
key_groups:
- pgp:

View file

@ -66,8 +66,8 @@
quitman-rpi4 = libx.mkHost { hostname = "quitman-rpi4"; system = "aarch64-linux"; type = "small"; };
};
homeConfigurations = {
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; };
"albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; };
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; type = "small"; };
"albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; type = "small"; };
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
"albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; };
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; };

View file

@ -1,4 +1,4 @@
{ self, inputs, outputs, stateVersion, hmStateVersion , ... }: {
{ lib ? lib, self, inputs, outputs, stateVersion, hmStateVersion , ... }: {
deploy = {
hostname,
system ? "x86_64-linux",
@ -44,7 +44,10 @@
pkgs-unstable ? import inputs.nixpkgs-unstable
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }
}: {
bindMounts = import ../nixos/containers/${hostname}/mounts.nix;
bindMounts = lib.mkMerge [
( import ../nixos/containers/mounts.nix )
( import ../nixos/containers/${hostname}/mounts.nix )
];
autoStart = true;
privateNetwork = false;
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };

View file

@ -4,6 +4,21 @@
../users/${username}
../common/modules/nixos.nix
../common/modules/networking.nix
# Services
../common/services/promtail.nix
../common/services/telegraf.nix
../common/services/tailscale.nix
];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_key" = {
owner = "root";
sopsFile = ../../../secrets/containers/${hostname}.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
networking.hostName = "${hostname}";
}

View file

@ -1,7 +1,5 @@
{
"/etc/nixos/git" = {
hostPath = "/etc/nixos/git";
mountPoint = "/etc/nixos/git";
isReadOnly = false;
};
}

View file

@ -1,9 +1,7 @@
{ self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }:
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }:
let
libx = import ../../../lib { inherit self inputs outputs stateVersion hmStateVersion; };
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
in {
# TODO: Set up Tailscale key
# Set up the bridge network:
containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };