nix/nixos/containers/default.nix
2024-04-07 08:43:25 +09:00

53 lines
1.3 KiB
Nix

{ ip, config, pkgs, stateVersion, hostname, username, ... }: {
imports = [
./${hostname}
# Modules
../common/modules/nixos.nix
../common/modules/networking.nix
# Services
../common/services/promtail.nix
../common/services/telegraf.nix
../common/services/openssh.nix
];
networking.interfaces.eth0.ipv4.addresses = [{
address = "192.168.2.${ip}";
prefixLength = 24;
}];
# We can access the internet through this interface.
networking.defaultGateway = {
address = "192.168.2.1";
interface = "eth0";
};
boot.isContainer = true;
system.stateVersion = stateVersion;
networking.hostName = "${hostname}";
# Set up the secrets file:
sops.secrets."tailscale_key" = {
owner = "root";
sopsFile = ../../secrets/containers/${hostname}.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale = {
enable = true;
interfaceName = "tailscale0";
extraUpFlags = [
"--login-server=https://headscale.sysctl.io"
"--accept-dns"
"--accept-routes"
];
};
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
networking.firewall.checkReversePath = "loose";
networking.extraHosts = ''
100.64.0.14 influx.sysctl.io
100.64.0.14 loki.sysctl.io
'';
}