Test
This commit is contained in:
parent
4e4744d9fc
commit
91bda7ab1c
5 changed files with 52 additions and 10 deletions
|
@ -50,6 +50,7 @@
|
||||||
];
|
];
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = false;
|
privateNetwork = false;
|
||||||
|
restartIfChanged = true;
|
||||||
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
||||||
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
|
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
|
||||||
# Choose whether to pull from stable or unstable
|
# Choose whether to pull from stable or unstable
|
||||||
|
@ -60,6 +61,7 @@
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
../nixos/containers
|
../nixos/containers
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -11,14 +11,14 @@
|
||||||
];
|
];
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||||
# Set up the secrets file:
|
# Set up the secrets file:
|
||||||
sops.secrets."tailscale_key" = {
|
# sops.secrets."tailscale_key" = {
|
||||||
owner = "root";
|
# owner = "root";
|
||||||
sopsFile = ../../../secrets/containers/${hostname}.yaml;
|
# sopsFile = ../../secrets/containers/${hostname}.yaml;
|
||||||
restartUnits = [
|
# restartUnits = [
|
||||||
"tailscaled.service"
|
# "tailscaled.service"
|
||||||
"tailscaled-autoconnect.service"
|
# "tailscaled-autoconnect.service"
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
# services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
||||||
networking.hostName = "${hostname}";
|
networking.hostName = "${hostname}";
|
||||||
}
|
}
|
||||||
|
|
7
nixos/containers/mounts.nix
Normal file
7
nixos/containers/mounts.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
"/etc/ssh" = {
|
||||||
|
hostPath = "/etc/ssh";
|
||||||
|
mountPath = "/etc/ssh";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,7 +2,7 @@
|
||||||
let
|
let
|
||||||
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
||||||
in {
|
in {
|
||||||
# Set up the bridge network:
|
# Secrets
|
||||||
containers = {
|
containers = {
|
||||||
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };
|
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };
|
||||||
};
|
};
|
||||||
|
|
33
secrets/containers/rdesktop.yaml
Normal file
33
secrets/containers/rdesktop.yaml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
tailscale_keys:
|
||||||
|
rdesktop: ENC[AES256_GCM,data:NF6ZzqsINETWp6cOO9ykVcHuEWsI85yOnAFdAnBdrLsb+4wQl4zkU+6rUmST2Mnt,iv:08Q/B4vjxk3ZyVR/+QWWquNwRX4laSXgNUUfy6ag9C0=,tag:yinP9KSf81amHWs/n/eAig==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-03-25T02:59:43Z"
|
||||||
|
mac: ENC[AES256_GCM,data:2NroS77r0+0r25xYPpVtUKlEWCrsyPx6OvFMsQhMY3soqdmhA+VmP63FwzQKvU78rgsRdgupnKFBGo5QoRS/5gI26Vys08AfCULScBDCQN/DXJnKkK0dku0A1T1vUwkO52si/AeUZRH8tCslueLzu9YFgwbodBmvisanDBA4NT8=,iv:8XGSXryVanta6kPKbllu11KmI4kDV095+YnG7TCHg3I=,tag:lZcKrVTprtdtdAH3zDqXLA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-03-25T02:57:12Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAx+imH9kwOLOARAAl+SEO7uBSKVXN9iKrHYBBohaNB5M89cgj94W8DsPNWfs
|
||||||
|
A7lqpkJJfQGmE4GnmAuMp38UHMOu906LSleAcecCxPUDOaKwz8Lbfs8awxk+jJ5H
|
||||||
|
OuqFkWo1ErqDZxZYQmeM0KG2+oc45gXVbIg3/B/rS26TLpOUxOrzwKIXu+4dw2ME
|
||||||
|
v90AXEW4uRrItdm7EOU/fyzuC4sm/gsEwRyW6NMHuWQxwpLi3d/KLEyxB00Akiwg
|
||||||
|
ct8UfyenG7XUyKRpdyo0sFvB2xxYKsjvX0In75o81AA6A5mLoyabItJSzTcIK/rr
|
||||||
|
IsBsp2YAd2bCEwMAU9QCexgSicvh2jpczvIryAYdMIp/vVOf6+X6/z4Iyju5mfSQ
|
||||||
|
JsNhs7tLQOQ4bjyLYZqtx7YaZjHjXWpSwBW24IfQRQ1BUjrmzZjPXuftAr2mT5fd
|
||||||
|
KJlWfnN0yKaRgh8vtqE1RmqX15eid/0h3VJ6gGl+1juLOv4/CLtAcNkhZS2hN1wP
|
||||||
|
SBJqZMzNIVrkj/WSnXFXIJbkvfxbX12elyvvLSChBNjpE77JddQcFLareNDLr3k1
|
||||||
|
W+t456Ql7AGlfz1lZE7s07Nuu1XofTR/VqcN/xsgCnXl+cDUUBHox7L0C4IRneF0
|
||||||
|
vLC+neAjGecR3oAIZuyBfFcXPxaebXBblWCw4XafiU+ppziG8TSIBy9Q3pv6KjfS
|
||||||
|
VgE7MciCKsl3JeKKTn7rugsMcBDY54l8AKgKElKU2cg6ExAey8hINCamUj5RoF82
|
||||||
|
r9JE7H+RAWVU4wP+VqaF7JNMyPxbfHfjv2ybwR+Bm9IFqzD01Oxl
|
||||||
|
=xeiz
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in a new issue