add tailscaled example
Signed-off-by: Xe <me@christine.website>
This commit is contained in:
parent
138c25c1c3
commit
eb4b2c4754
|
@ -3,7 +3,10 @@ source $stdenv/setup
|
|||
set -o pipefail
|
||||
|
||||
# basic file system layout
|
||||
mkdir -p $out/etc $out/proc $out/sys $out/dev $out/run $out/tmp $out/var/tmp $out/var/lib $out/var/log
|
||||
mkdir -p $out/etc $out/proc $out/sys $out/dev $out/run $out/tmp $out/var/tmp $out/var/lib/private/$serviceName $out/var/log $out/var/cache/private/$serviceName
|
||||
|
||||
ln -sf /var/cache/private/$serviceName $out/var/cache/$serviceName
|
||||
ln -sf /var/lib/private/$serviceName $out/var/lib/$serviceName
|
||||
|
||||
# empty files to mount over with host's version
|
||||
touch $out/etc/resolv.conf $out/etc/machine-id
|
||||
|
|
|
@ -52,6 +52,7 @@ let
|
|||
|
||||
rootfs = stdenv.mkDerivation {
|
||||
name = "rootfs";
|
||||
serviceName = name;
|
||||
builder = ./build-rootfs.sh;
|
||||
inherit units;
|
||||
unitNames = map getUnitName units;
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
{
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1650161686,
|
||||
"narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
27
flake.nix
27
flake.nix
|
@ -1,7 +1,32 @@
|
|||
{
|
||||
description = "Nix tools to help you build portable services";
|
||||
|
||||
outputs = { self }: {
|
||||
inputs.nixpkgs.url = "nixpkgs/nixos-unstable";
|
||||
|
||||
outputs = { self, nixpkgs, ... }: {
|
||||
overlay = final: prev: { portableService = prev.pkgs.callPackage ./. { }; };
|
||||
|
||||
packages.x86_64-linux.default = let
|
||||
pkgs = import nixpkgs {
|
||||
overlays = [ self.overlay ];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
service = pkgs.substituteAll {
|
||||
name = "tailscaled.service";
|
||||
src = ./ts/tailscaled.service.in;
|
||||
inherit (pkgs) tailscale;
|
||||
};
|
||||
in pkgs.portableService {
|
||||
name = "tailscale";
|
||||
version = pkgs.tailscale.version;
|
||||
homepage = "https://tailscale.com";
|
||||
units = [ service ];
|
||||
|
||||
symlinks = [{
|
||||
object = "${pkgs.cacert}/etc/ssl";
|
||||
symlink = "/etc/ssl";
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
[Unit]
|
||||
Description=Tailscale node agent
|
||||
Documentation=https://tailscale.com/kb/
|
||||
Wants=network-pre.target
|
||||
After=network-pre.target NetworkManager.service systemd-resolved.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=@tailscale@/bin/tailscaled --cleanup
|
||||
ExecStart=@tailscale@/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --tun=userspace-networking
|
||||
ExecStopPost=@tailscale@/bin/tailscaled --cleanup
|
||||
AmbientCapabilities=CAP_NET_ADMIN
|
||||
Restart=on-failure
|
||||
User=root
|
||||
BindPaths=/dev/net
|
||||
BindPaths=/etc/resolv.conf
|
||||
BindPaths=/run/tailscale
|
||||
RuntimeDirectory=tailscale
|
||||
RuntimeDirectoryMode=0755
|
||||
StateDirectory=tailscale
|
||||
StateDirectoryMode=0700
|
||||
CacheDirectory=tailscale
|
||||
CacheDirectoryMode=0750
|
||||
Type=notify
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue