add tailscaled example

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2022-04-22 00:13:46 +00:00
parent 138c25c1c3
commit eb4b2c4754
5 changed files with 83 additions and 2 deletions

View File

@ -3,7 +3,10 @@ source $stdenv/setup
set -o pipefail set -o pipefail
# basic file system layout # basic file system layout
mkdir -p $out/etc $out/proc $out/sys $out/dev $out/run $out/tmp $out/var/tmp $out/var/lib $out/var/log mkdir -p $out/etc $out/proc $out/sys $out/dev $out/run $out/tmp $out/var/tmp $out/var/lib/private/$serviceName $out/var/log $out/var/cache/private/$serviceName
ln -sf /var/cache/private/$serviceName $out/var/cache/$serviceName
ln -sf /var/lib/private/$serviceName $out/var/lib/$serviceName
# empty files to mount over with host's version # empty files to mount over with host's version
touch $out/etc/resolv.conf $out/etc/machine-id touch $out/etc/resolv.conf $out/etc/machine-id

View File

@ -52,6 +52,7 @@ let
rootfs = stdenv.mkDerivation { rootfs = stdenv.mkDerivation {
name = "rootfs"; name = "rootfs";
serviceName = name;
builder = ./build-rootfs.sh; builder = ./build-rootfs.sh;
inherit units; inherit units;
unitNames = map getUnitName units; unitNames = map getUnitName units;

26
flake.lock Normal file
View File

@ -0,0 +1,26 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1650161686,
"narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

View File

@ -1,7 +1,32 @@
{ {
description = "Nix tools to help you build portable services"; description = "Nix tools to help you build portable services";
outputs = { self }: { inputs.nixpkgs.url = "nixpkgs/nixos-unstable";
outputs = { self, nixpkgs, ... }: {
overlay = final: prev: { portableService = prev.pkgs.callPackage ./. { }; }; overlay = final: prev: { portableService = prev.pkgs.callPackage ./. { }; };
packages.x86_64-linux.default = let
pkgs = import nixpkgs {
overlays = [ self.overlay ];
system = "x86_64-linux";
};
service = pkgs.substituteAll {
name = "tailscaled.service";
src = ./ts/tailscaled.service.in;
inherit (pkgs) tailscale;
};
in pkgs.portableService {
name = "tailscale";
version = pkgs.tailscale.version;
homepage = "https://tailscale.com";
units = [ service ];
symlinks = [{
object = "${pkgs.cacert}/etc/ssl";
symlink = "/etc/ssl";
}];
};
}; };
} }

26
ts/tailscaled.service.in Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=Tailscale node agent
Documentation=https://tailscale.com/kb/
Wants=network-pre.target
After=network-pre.target NetworkManager.service systemd-resolved.service
[Service]
ExecStartPre=@tailscale@/bin/tailscaled --cleanup
ExecStart=@tailscale@/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --tun=userspace-networking
ExecStopPost=@tailscale@/bin/tailscaled --cleanup
AmbientCapabilities=CAP_NET_ADMIN
Restart=on-failure
User=root
BindPaths=/dev/net
BindPaths=/etc/resolv.conf
BindPaths=/run/tailscale
RuntimeDirectory=tailscale
RuntimeDirectoryMode=0755
StateDirectory=tailscale
StateDirectoryMode=0700
CacheDirectory=tailscale
CacheDirectoryMode=0750
Type=notify
[Install]
WantedBy=multi-user.target