diff options
Diffstat (limited to 'parts/modules/nixos/features')
| -rw-r--r-- | parts/modules/nixos/features/tailscale.nix | 67 | ||||
| -rw-r--r-- | parts/modules/nixos/features/virtualisation.nix | 21 |
2 files changed, 0 insertions, 88 deletions
diff --git a/parts/modules/nixos/features/tailscale.nix b/parts/modules/nixos/features/tailscale.nix deleted file mode 100644 index 5a00110..0000000 --- a/parts/modules/nixos/features/tailscale.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - config, - lib, - pkgs, - self, - ... -}: let - cfg = config.features.tailscale; - inherit (lib) mkDefault mkEnableOption mkIf optionalAttrs; -in { - options.features.tailscale = { - enable = mkEnableOption "enable support for tailscale"; - ssh.enable = mkEnableOption "enable support for tailscale ssh"; - }; - - config = mkIf cfg.enable { - age.secrets = let - baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}"; - in - mkIf cfg.ssh.enable { - tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age"; - }; - - networking.firewall = - { - allowedUDPPorts = [config.services.tailscale.port]; - trustedInterfaces = ["tailscale0"]; - } - // optionalAttrs cfg.ssh.enable { - allowedTCPPorts = [22]; - }; - - services = { - tailscale.enable = mkDefault true; - }; - - # https://tailscale.com/kb/1096/nixos-minecraft/ - systemd.services = mkIf cfg.ssh.enable { - tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; - - serviceConfig.Type = "oneshot"; - - script = let - inherit (pkgs) tailscale jq; - in '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --ssh \ - --auth-key "file:${config.age.secrets.tailscaleAuthKey.path}" - ''; - }; - }; - }; -} diff --git a/parts/modules/nixos/features/virtualisation.nix b/parts/modules/nixos/features/virtualisation.nix deleted file mode 100644 index 206a98e..0000000 --- a/parts/modules/nixos/features/virtualisation.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.features.virtualisation; - inherit (lib) mkEnableOption mkIf; -in { - options.features.virtualisation.enable = mkEnableOption "enable podman"; - - config.virtualisation = mkIf cfg.enable { - podman = { - enable = true; - enableNvidia = true; - extraPackages = with pkgs; [podman-compose]; - autoPrune.enable = true; - }; - oci-containers.backend = "podman"; - }; -} |