58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
{ pkgs, lib, stateVersion, hostname, username, ... }: {
|
|
imports = [
|
|
./${hostname}
|
|
../users/${username}
|
|
../common/modules/nixos.nix
|
|
../common/modules/networking.nix
|
|
# Services
|
|
../common/services/promtail.nix
|
|
../common/services/telegraf.nix
|
|
../common/services/tailscale.nix
|
|
../common/services/openssh.nix
|
|
];
|
|
|
|
boot.isContainer = true;
|
|
networking.hostName = "${hostname}";
|
|
system.stateVersion = stateVersion;
|
|
|
|
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
|
networking.useHostResolvConf = lib.mkForce false;
|
|
services.resolved.enable = true;
|
|
|
|
# Set up the secrets file:
|
|
sops.secrets."tailscale_key" = {
|
|
owner = "root";
|
|
sopsFile = ../../secrets/containers/${hostname}.yaml;
|
|
restartUnits = [
|
|
"tailscaled.service"
|
|
"tailscaled-autoconnect.service"
|
|
];
|
|
};
|
|
|
|
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
|
systemd.services.tailscaled.enable = lib.mkForce false;
|
|
|
|
services.tailscale = {
|
|
enable = true;
|
|
interfaceName = "tailscale0-${hostname}";
|
|
extraUpFlags = [
|
|
"--login-server=https://headscale.sysctl.io"
|
|
"--accept-dns"
|
|
"--accept-routes"
|
|
];
|
|
};
|
|
|
|
systemd.services = {
|
|
"tailscaled-custom" = {
|
|
enable = true;
|
|
path = [ pkgs.tailscale ];
|
|
script = ''tailscaled -no-logs-no-support -tun=userspace'';
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "tailscaled-autoconnect.service" ];
|
|
serviceConfig.Restart = "on-failure";
|
|
serviceConfig.Type = "oneshot";
|
|
serviceConfig.User = "root";
|
|
serviceConfig.Group = "wheel";
|
|
};
|
|
};
|
|
}
|