This commit is contained in:
albert 2024-03-25 12:30:28 +09:00
parent 4e4744d9fc
commit 91bda7ab1c
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
5 changed files with 52 additions and 10 deletions

View file

@ -50,6 +50,7 @@
];
autoStart = true;
privateNetwork = false;
restartIfChanged = true;
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
# Choose whether to pull from stable or unstable
@ -60,6 +61,7 @@
};
imports = [
../nixos/containers
inputs.sops-nix.nixosModules.sops
];
};
};

View file

@ -11,14 +11,14 @@
];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_key" = {
owner = "root";
sopsFile = ../../../secrets/containers/${hostname}.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
# sops.secrets."tailscale_key" = {
# owner = "root";
# sopsFile = ../../secrets/containers/${hostname}.yaml;
# restartUnits = [
# "tailscaled.service"
# "tailscaled-autoconnect.service"
# ];
# };
# services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
networking.hostName = "${hostname}";
}

View file

@ -0,0 +1,7 @@
{
"/etc/ssh" = {
hostPath = "/etc/ssh";
mountPath = "/etc/ssh";
isReadOnly = true;
};
}

View file

@ -2,7 +2,7 @@
let
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
in {
# Set up the bridge network:
# Secrets
containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };
};

View file

@ -0,0 +1,33 @@
tailscale_keys:
rdesktop: ENC[AES256_GCM,data:NF6ZzqsINETWp6cOO9ykVcHuEWsI85yOnAFdAnBdrLsb+4wQl4zkU+6rUmST2Mnt,iv:08Q/B4vjxk3ZyVR/+QWWquNwRX4laSXgNUUfy6ag9C0=,tag:yinP9KSf81amHWs/n/eAig==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-03-25T02:59:43Z"
mac: ENC[AES256_GCM,data:2NroS77r0+0r25xYPpVtUKlEWCrsyPx6OvFMsQhMY3soqdmhA+VmP63FwzQKvU78rgsRdgupnKFBGo5QoRS/5gI26Vys08AfCULScBDCQN/DXJnKkK0dku0A1T1vUwkO52si/AeUZRH8tCslueLzu9YFgwbodBmvisanDBA4NT8=,iv:8XGSXryVanta6kPKbllu11KmI4kDV095+YnG7TCHg3I=,tag:lZcKrVTprtdtdAH3zDqXLA==,type:str]
pgp:
- created_at: "2024-03-25T02:57:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAx+imH9kwOLOARAAl+SEO7uBSKVXN9iKrHYBBohaNB5M89cgj94W8DsPNWfs
A7lqpkJJfQGmE4GnmAuMp38UHMOu906LSleAcecCxPUDOaKwz8Lbfs8awxk+jJ5H
OuqFkWo1ErqDZxZYQmeM0KG2+oc45gXVbIg3/B/rS26TLpOUxOrzwKIXu+4dw2ME
v90AXEW4uRrItdm7EOU/fyzuC4sm/gsEwRyW6NMHuWQxwpLi3d/KLEyxB00Akiwg
ct8UfyenG7XUyKRpdyo0sFvB2xxYKsjvX0In75o81AA6A5mLoyabItJSzTcIK/rr
IsBsp2YAd2bCEwMAU9QCexgSicvh2jpczvIryAYdMIp/vVOf6+X6/z4Iyju5mfSQ
JsNhs7tLQOQ4bjyLYZqtx7YaZjHjXWpSwBW24IfQRQ1BUjrmzZjPXuftAr2mT5fd
KJlWfnN0yKaRgh8vtqE1RmqX15eid/0h3VJ6gGl+1juLOv4/CLtAcNkhZS2hN1wP
SBJqZMzNIVrkj/WSnXFXIJbkvfxbX12elyvvLSChBNjpE77JddQcFLareNDLr3k1
W+t456Ql7AGlfz1lZE7s07Nuu1XofTR/VqcN/xsgCnXl+cDUUBHox7L0C4IRneF0
vLC+neAjGecR3oAIZuyBfFcXPxaebXBblWCw4XafiU+ppziG8TSIBy9Q3pv6KjfS
VgE7MciCKsl3JeKKTn7rugsMcBDY54l8AKgKElKU2cg6ExAey8hINCamUj5RoF82
r9JE7H+RAWVU4wP+VqaF7JNMyPxbfHfjv2ybwR+Bm9IFqzD01Oxl
=xeiz
-----END PGP MESSAGE-----
fp: D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
unencrypted_suffix: _unencrypted
version: 3.8.1