{ ip, config, pkgs, stateVersion, hostname, username, ... }: { imports = [ ./${hostname} # Modules ../common/modules/nixos.nix ../common/modules/networking.nix # Services ../common/services/promtail.nix ../common/services/telegraf.nix ../common/services/openssh.nix ]; networking.interfaces.eth0.ipv4.addresses = [{ address = "192.168.2.${ip}"; prefixLength = 24; }]; # We can access the internet through this interface. networking.defaultGateway = { address = "192.168.2.1"; interface = "eth0"; }; boot.isContainer = true; system.stateVersion = stateVersion; networking.hostName = "${hostname}"; # Set up the secrets file: sops.secrets."tailscale_key" = { owner = "root"; sopsFile = ../../secrets/containers/${hostname}.yaml; restartUnits = [ "tailscaled.service" "tailscaled-autoconnect.service" ]; }; services.tailscale = { enable = true; interfaceName = "tailscale0"; extraUpFlags = [ "--login-server=https://headscale.sysctl.io" "--accept-dns" "--accept-routes" ]; }; networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ]; networking.firewall.checkReversePath = "loose"; networking.extraHosts = '' 100.64.0.14 influx.sysctl.io 100.64.0.14 loki.sysctl.io ''; }