Well it's broken again...

This commit is contained in:
albert 2024-04-05 22:51:54 +09:00
parent 3cd13d1441
commit a309679516
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
4 changed files with 24 additions and 12 deletions

View file

@ -40,24 +40,25 @@
repo ? "nixpkgs", repo ? "nixpkgs",
unfree ? false, unfree ? false,
ip ? null, ip ? null,
ephemeral ? false,
pkgs ? import inputs.${repo} pkgs ? import inputs.${repo}
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }, { inherit system; config.allowUnfree = unfree; hostPlatform = system; },
pkgs-unstable ? import inputs.nixpkgs-unstable pkgs-unstable ? import inputs.nixpkgs-unstable
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; } { inherit system; config.allowUnfree = unfree; hostPlatform = system; }
}: { }: {
bindMounts = lib.mkMerge [ bindMounts = lib.mkMerge [
( import ../nixos/containers/mounts.nix ) ( import ../nixos/containers/mounts.nix )
( import ../nixos/containers/${hostname}/mounts.nix ) ( import ../nixos/containers/${hostname}/mounts.nix )
]; ];
autoStart = true; ephemeral = false;
privateNetwork = true; autoStart = true;
hostAddress = "192.168.2.1"; privateNetwork = true;
localAddress = "192.168.2.2"; hostAddress = "192.168.2.1";
localAddress = "192.168.2.2";
restartIfChanged = true; restartIfChanged = true;
enableTun = true; enableTun = false;
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; }; specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: { config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
# Choose whether to pull from stable or unstable
nixpkgs.pkgs = import inputs.${repo} { nixpkgs.pkgs = import inputs.${repo} {
inherit system; inherit system;
config.allowUnfree = unfree; config.allowUnfree = unfree;

View file

@ -3,6 +3,7 @@
./${hostname} ./${hostname}
../users/${username} ../users/${username}
../common/modules/nixos.nix ../common/modules/nixos.nix
# ../common/modules/networking.nix
# Services # Services
../common/services/promtail.nix ../common/services/promtail.nix
../common/services/telegraf.nix ../common/services/telegraf.nix
@ -11,7 +12,7 @@
boot.isContainer = true; boot.isContainer = true;
system.stateVersion = stateVersion; system.stateVersion = stateVersion;
networking.hostName = hostname; networking.hostName = "${hostname}";
# Set up the secrets file: # Set up the secrets file:
sops.secrets."tailscale_key" = { sops.secrets."tailscale_key" = {
@ -23,7 +24,9 @@
]; ];
}; };
services.tailscale.enable = true; services.tailscale = {
services.tailscale.authKeyFile = "/run/secrets/tailscale_key"; enable = true;
services.tailscale.interfaceName = "userspace-networking"; authKeyFile = "/run/secrets/tailscale_key";
interfaceName = "userspace-networking";
};
} }

View file

@ -1,8 +1,17 @@
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }: { lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
let let
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; }; libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
lanInterface = "enp0s13f0u4";
in { in {
containers = { containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; desktop = "xfce"; }; rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; desktop = "xfce"; };
}; };
networking = {
nat.enable = true;
nat.internalInterfaces = [ "ve-+" ];
nat.externalInterface = lanInterface;
firewall.extraCommands = ''iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE'';
};
} }

View file

@ -15,7 +15,6 @@ in {
++ ifExists [ "video" ] ++ ifExists [ "video" ]
++ ifExists [ "docker" ] ++ ifExists [ "docker" ]
++ ifExists [ "podman" ] ++ ifExists [ "podman" ]
++ ifExists [ "xrdp" ]
++ ifExists [ "syncthing" ]; ++ ifExists [ "syncthing" ];
# mkpasswd -m sha-512 # mkpasswd -m sha-512
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";