diff --git a/lib/default.nix b/lib/default.nix index 48e63fa6..6bd2a73c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -40,24 +40,25 @@ repo ? "nixpkgs", unfree ? false, ip ? null, + ephemeral ? false, pkgs ? import inputs.${repo} { inherit system; config.allowUnfree = unfree; hostPlatform = system; }, pkgs-unstable ? import inputs.nixpkgs-unstable { inherit system; config.allowUnfree = unfree; hostPlatform = system; } }: { - bindMounts = lib.mkMerge [ + bindMounts = lib.mkMerge [ ( import ../nixos/containers/mounts.nix ) ( import ../nixos/containers/${hostname}/mounts.nix ) ]; - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.2.1"; - localAddress = "192.168.2.2"; + ephemeral = false; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.2.1"; + localAddress = "192.168.2.2"; restartIfChanged = true; - enableTun = true; + enableTun = false; specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; }; config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: { - # Choose whether to pull from stable or unstable nixpkgs.pkgs = import inputs.${repo} { inherit system; config.allowUnfree = unfree; diff --git a/nixos/containers/default.nix b/nixos/containers/default.nix index 48df3555..49adf092 100644 --- a/nixos/containers/default.nix +++ b/nixos/containers/default.nix @@ -3,6 +3,7 @@ ./${hostname} ../users/${username} ../common/modules/nixos.nix + # ../common/modules/networking.nix # Services ../common/services/promtail.nix ../common/services/telegraf.nix @@ -11,7 +12,7 @@ boot.isContainer = true; system.stateVersion = stateVersion; - networking.hostName = hostname; + networking.hostName = "${hostname}"; # Set up the secrets file: sops.secrets."tailscale_key" = { @@ -23,7 +24,9 @@ ]; }; - services.tailscale.enable = true; - services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; - services.tailscale.interfaceName = "userspace-networking"; + services.tailscale = { + enable = true; + authKeyFile = "/run/secrets/tailscale_key"; + interfaceName = "userspace-networking"; + }; } diff --git a/nixos/hosts/framework-server/containers.nix b/nixos/hosts/framework-server/containers.nix index 88e77fb3..05ffce26 100644 --- a/nixos/hosts/framework-server/containers.nix +++ b/nixos/hosts/framework-server/containers.nix @@ -1,8 +1,17 @@ { lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }: let libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; + lanInterface = "enp0s13f0u4"; in { containers = { rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; desktop = "xfce"; }; + }; + + networking = { + nat.enable = true; + nat.internalInterfaces = [ "ve-+" ]; + nat.externalInterface = lanInterface; + firewall.extraCommands = ''iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE''; }; + } diff --git a/nixos/users/albert/default.nix b/nixos/users/albert/default.nix index 1cbfc2f4..1c32d494 100644 --- a/nixos/users/albert/default.nix +++ b/nixos/users/albert/default.nix @@ -15,7 +15,6 @@ in { ++ ifExists [ "video" ] ++ ifExists [ "docker" ] ++ ifExists [ "podman" ] - ++ ifExists [ "xrdp" ] ++ ifExists [ "syncthing" ]; # mkpasswd -m sha-512 hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";