albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

Update containers

Browse source
This commit is contained in:
albert 2024-04-05 13:54:07 +09:00
parent ee9c452083
commit 98ab0aa25e
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
2 changed files with 8 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
nixos/containers/default.nix
View file

@ -3,23 +3,17 @@
./${hostname} ./${hostname}
../users/${username} ../users/${username}
../common/modules/nixos.nix ../common/modules/nixos.nix
../common/modules/networking.nix # ,../common/modules/networking.nix
# Services # Services
../common/services/promtail.nix ../common/services/promtail.nix
../common/services/telegraf.nix ../common/services/telegraf.nix
../common/services/tailscale.nix
../common/services/openssh.nix ../common/services/openssh.nix
]; ];
boot.isContainer = true; boot.isContainer = true;
networking.hostName = "${hostname}";
system.stateVersion = stateVersion; system.stateVersion = stateVersion;
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 networking.hostName = "${hostname}";
# networking.useHostResolvConf = lib.mkForce false;
# services.resolved.enable = true;
networking.defaultGateway = "192.168.2.1";
# Set up the secrets file: # Set up the secrets file:
sops.secrets."tailscale_key" = { sops.secrets."tailscale_key" = {
@ -31,30 +25,7 @@
]; ];
}; };
services.tailscale.enable = true;
services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
systemd.services.tailscaled.enable = lib.mkForce false; services.tailscale.interfaceName = "userspace-networking";
services.tailscale = {
enable = true;
interfaceName = "tailscale0-${hostname}";
extraUpFlags = [
"--login-server=https://headscale.sysctl.io"
"--accept-dns"
"--accept-routes"
];
};
systemd.services = {
"tailscaled-custom" = {
enable = true;
path = [ pkgs.tailscale ];
script = ''tailscaled -no-logs-no-support -tun=userspace'';
after = [ "network.target" ];
wantedBy = [ "tailscaled-autoconnect.service" ];
serviceConfig.Restart = "on-failure";
serviceConfig.Type = "oneshot";
serviceConfig.User = "root";
serviceConfig.Group = "wheel";
};
};
} }

10
nixos/hosts/framework-server/containers.nix
View file

@ -8,11 +8,9 @@ in {
}; };
networking = { networking = {
networkmanager.unmanaged = [ "interface-name:ve-*" ]; nat.enable = true;
nat = { nat.internalInterfaces = [ "ve-+" ];
enable = true; nat.externalInterface = lanInterface;
externalInterface = lanInterface; firewall.extraCommands = ''iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE'';
internalInterfaces = [ "ve-+" ];
};
}; };
} }