Well it's broken again...
This commit is contained in:
parent
3cd13d1441
commit
a309679516
4 changed files with 24 additions and 12 deletions
|
@ -40,24 +40,25 @@
|
||||||
repo ? "nixpkgs",
|
repo ? "nixpkgs",
|
||||||
unfree ? false,
|
unfree ? false,
|
||||||
ip ? null,
|
ip ? null,
|
||||||
|
ephemeral ? false,
|
||||||
pkgs ? import inputs.${repo}
|
pkgs ? import inputs.${repo}
|
||||||
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; },
|
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; },
|
||||||
pkgs-unstable ? import inputs.nixpkgs-unstable
|
pkgs-unstable ? import inputs.nixpkgs-unstable
|
||||||
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }
|
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }
|
||||||
}: {
|
}: {
|
||||||
bindMounts = lib.mkMerge [
|
bindMounts = lib.mkMerge [
|
||||||
( import ../nixos/containers/mounts.nix )
|
( import ../nixos/containers/mounts.nix )
|
||||||
( import ../nixos/containers/${hostname}/mounts.nix )
|
( import ../nixos/containers/${hostname}/mounts.nix )
|
||||||
];
|
];
|
||||||
autoStart = true;
|
ephemeral = false;
|
||||||
privateNetwork = true;
|
autoStart = true;
|
||||||
hostAddress = "192.168.2.1";
|
privateNetwork = true;
|
||||||
localAddress = "192.168.2.2";
|
hostAddress = "192.168.2.1";
|
||||||
|
localAddress = "192.168.2.2";
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
enableTun = true;
|
enableTun = false;
|
||||||
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
||||||
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
|
config = { lib, config, pkgs-unstable, hostname, username, desktop, theme, system, repo, stateVersion, ... }: {
|
||||||
# Choose whether to pull from stable or unstable
|
|
||||||
nixpkgs.pkgs = import inputs.${repo} {
|
nixpkgs.pkgs = import inputs.${repo} {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = unfree;
|
config.allowUnfree = unfree;
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
./${hostname}
|
./${hostname}
|
||||||
../users/${username}
|
../users/${username}
|
||||||
../common/modules/nixos.nix
|
../common/modules/nixos.nix
|
||||||
|
# ../common/modules/networking.nix
|
||||||
# Services
|
# Services
|
||||||
../common/services/promtail.nix
|
../common/services/promtail.nix
|
||||||
../common/services/telegraf.nix
|
../common/services/telegraf.nix
|
||||||
|
@ -11,7 +12,7 @@
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
system.stateVersion = stateVersion;
|
system.stateVersion = stateVersion;
|
||||||
networking.hostName = hostname;
|
networking.hostName = "${hostname}";
|
||||||
|
|
||||||
# Set up the secrets file:
|
# Set up the secrets file:
|
||||||
sops.secrets."tailscale_key" = {
|
sops.secrets."tailscale_key" = {
|
||||||
|
@ -23,7 +24,9 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.tailscale.enable = true;
|
services.tailscale = {
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
enable = true;
|
||||||
services.tailscale.interfaceName = "userspace-networking";
|
authKeyFile = "/run/secrets/tailscale_key";
|
||||||
|
interfaceName = "userspace-networking";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,17 @@
|
||||||
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
|
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, ... }:
|
||||||
let
|
let
|
||||||
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
||||||
|
lanInterface = "enp0s13f0u4";
|
||||||
in {
|
in {
|
||||||
containers = {
|
containers = {
|
||||||
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; desktop = "xfce"; };
|
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; desktop = "xfce"; };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
nat.enable = true;
|
||||||
|
nat.internalInterfaces = [ "ve-+" ];
|
||||||
|
nat.externalInterface = lanInterface;
|
||||||
|
firewall.extraCommands = ''iptables -t nat -A POSTROUTING -o ${lanInterface} -j MASQUERADE'';
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,6 @@ in {
|
||||||
++ ifExists [ "video" ]
|
++ ifExists [ "video" ]
|
||||||
++ ifExists [ "docker" ]
|
++ ifExists [ "docker" ]
|
||||||
++ ifExists [ "podman" ]
|
++ ifExists [ "podman" ]
|
||||||
++ ifExists [ "xrdp" ]
|
|
||||||
++ ifExists [ "syncthing" ];
|
++ ifExists [ "syncthing" ];
|
||||||
# mkpasswd -m sha-512
|
# mkpasswd -m sha-512
|
||||||
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
||||||
|
|
Loading…
Reference in a new issue