From 98ab0aa25ebe87c2bec8642ec672389114164f1e Mon Sep 17 00:00:00 2001 From: albert Date: Fri, 5 Apr 2024 13:54:07 +0900 Subject: [PATCH] Update containers --- nixos/containers/default.nix | 37 +++------------------ nixos/hosts/framework-server/containers.nix | 10 +++--- 2 files changed, 8 insertions(+), 39 deletions(-) diff --git a/nixos/containers/default.nix b/nixos/containers/default.nix index 88c63776..54af6af2 100644 --- a/nixos/containers/default.nix +++ b/nixos/containers/default.nix @@ -3,23 +3,17 @@ ./${hostname} ../users/${username} ../common/modules/nixos.nix - ../common/modules/networking.nix + # ,../common/modules/networking.nix # Services ../common/services/promtail.nix ../common/services/telegraf.nix - ../common/services/tailscale.nix ../common/services/openssh.nix ]; boot.isContainer = true; - networking.hostName = "${hostname}"; system.stateVersion = stateVersion; - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - # networking.useHostResolvConf = lib.mkForce false; - # services.resolved.enable = true; - - networking.defaultGateway = "192.168.2.1"; + networking.hostName = "${hostname}"; # Set up the secrets file: sops.secrets."tailscale_key" = { @@ -31,30 +25,7 @@ ]; }; + services.tailscale.enable = true; services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; - systemd.services.tailscaled.enable = lib.mkForce false; - - services.tailscale = { - enable = true; - interfaceName = "tailscale0-${hostname}"; - extraUpFlags = [ - "--login-server=https://headscale.sysctl.io" - "--accept-dns" - "--accept-routes" - ]; - }; - - systemd.services = { - "tailscaled-custom" = { - enable = true; - path = [ pkgs.tailscale ]; - script = ''tailscaled -no-logs-no-support -tun=userspace''; - after = [ "network.target" ]; - wantedBy = [ "tailscaled-autoconnect.service" ]; - serviceConfig.Restart = "on-failure"; - serviceConfig.Type = "oneshot"; - serviceConfig.User = "root"; - serviceConfig.Group = "wheel"; - }; - }; + services.tailscale.interfaceName = "userspace-networking"; } diff --git a/nixos/hosts/framework-server/containers.nix b/nixos/hosts/framework-server/containers.nix index 89b32aae..ba9b1765 100644 --- a/nixos/hosts/framework-server/containers.nix +++ b/nixos/hosts/framework-server/containers.nix @@ -8,11 +8,9 @@ in { }; networking = { - networkmanager.unmanaged = [ "interface-name:ve-*" ]; - nat = { - enable = true; - externalInterface = lanInterface; - internalInterfaces = [ "ve-+" ]; - }; + nat.enable = true; + nat.internalInterfaces = [ "ve-+" ]; + nat.externalInterface = lanInterface; + firewall.extraCommands = ''iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE''; }; }