kawa_bot/kawa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Tailscale: separate systemd service for mesh connection

Browse Source 
Problem: extraUpFlags in services.tailscale blocks boot if network
is not ready or Headscale is unreachable.

Solution:
- services.tailscale.enable = true (installs tailscale)
- Separate kawa-mesh-connect systemd service:
  - Waits for network-online.target
  - Waits for tailscaled.service
  - Connects to mesh after boot

Commands to verify:
  systemctl status tailscaled
  systemctl status kawa-mesh-connect
  tailscale status
This commit is contained in:
Debian
2026-03-14 23:09:36 +00:00
parent e4c41daf6e
commit b8d5b01b3a
2 changed files with 48 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
modules/kawa-physical.nix
View File

@@ -7,25 +7,34 @@
# Hostname FIXE (pas de lecture /sys - mode pur) # Hostname FIXE (pas de lecture /sys - mode pur)
networking.hostName = "kawa-honor-v4"; networking.hostName = "kawa-honor-v4";
# Activation de Tailscale # === TAILSCALE - Installation de base ===
services.tailscale = { services.tailscale = {
enable = true; enable = true;
extraUpFlags = [ package = pkgs.tailscale;
"--login-server=https://headscale.du-senegal.com"
"--authkey=f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0"
"--force-reauth"
];
}; };
# CONFIGURATION OLLAMA CPU UNIQUEMENT # Service systemd pour connexion au mesh APRÈS le boot
systemd.services.kawa-mesh-connect = {
description = "KAWA Mesh Auto-Connect";
after = [ "network-online.target" "tailscaled.service" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=https://headscale.du-senegal.com --authkey=f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0 --force-reauth";
};
};
# OLLAMA CPU UNIQUEMENT
services.ollama = { services.ollama = {
enable = true; enable = true;
acceleration = null; # Force le mode CPU uniquement acceleration = null;
host = "0.0.0.0"; host = "0.0.0.0";
port = 11434; port = 11434;
}; };
# SSH activé avec PermitRootLogin pour debug # SSH
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
@@ -34,38 +43,26 @@
}; };
}; };
# NATS Client (option corrigée) # NATS
services.nats = { services.nats = {
enable = true; enable = true;
server = "100.64.0.1:4222"; settings = {
port = 4222;
http_port = 8222;
};
}; };
# Syncthing pour synchronisation # Syncthing
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = "kawa"; user = "kawa";
group = "kawa"; group = "kawa";
config = {
devices = {
"vps-7ed4abb0" = { id = "AHF53QZ-ZYCQ2K7-556QBZ2-2UAYZL4-QNEQOGZ-PHZQIAG-4ZRXI3P-QLLJNA6"; };
};
folders = {
"kawa-memory" = {
path = "/home/kawa/.local/share/kawa/memory";
devices = [ "vps-7ed4abb0" ];
};
"kawa-workspace" = {
path = "/home/kawa/.local/share/kawa/workspace";
devices = [ "vps-7ed4abb0" ];
};
};
};
}; };
# Utilisateur KAWA # Utilisateur
users.users.kawa = { users.users.kawa = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "tailscale" "syncthing" ]; extraGroups = [ "wheel" "networkmanager" "tailscale" ];
initialPassword = "kawa2026"; initialPassword = "kawa2026";
}; };
@@ -76,15 +73,8 @@
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];
}; };
# Packages système # Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git vim tailscale ollama nats-cli curl wget htop
vim
tailscale
ollama
nats-cli
curl
wget
htop
]; ];
} }

78
nixos/kawa.nix
View File

@@ -15,7 +15,7 @@ in
hostname = mkOption { hostname = mkOption {
type = types.str; type = types.str;
default = "kawa-node"; default = "kawa-node";
description = "Hostname du nœud KAWA (fixe, pas dynamique)"; description = "Hostname du nœud KAWA (fixe)";
}; };
headscaleUrl = mkOption { headscaleUrl = mkOption {
@@ -27,43 +27,33 @@ in
authKey = mkOption { authKey = mkOption {
type = types.str; type = types.str;
default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0"; default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0";
description = "Clé d'authentification Headscale"; description = "Clé d'authentification";
};
natsServer = mkOption {
type = types.str;
default = "100.64.0.1:4222";
description = "Serveur NATS";
};
enableOllama = mkOption {
type = types.bool;
default = false;
description = "Activer Ollama";
};
enableSyncthing = mkOption {
type = types.bool;
default = true;
description = "Activer Syncthing";
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Hostname fixe (pas de lecture /sys)
networking.hostName = cfg.hostname; networking.hostName = cfg.hostname;
# Tailscale # Tailscale - installation de base
services.tailscale = { services.tailscale = {
enable = true; enable = true;
extraUpFlags = [ package = pkgs.tailscale;
"--login-server=${cfg.headscaleUrl}"
"--authkey=${cfg.authKey}"
"--force-reauth"
];
}; };
# NATS (options corrigées pour Nixpkgs récent) # Connexion au mesh via systemd (après le boot)
systemd.services.kawa-mesh-connect = {
description = "KAWA Mesh Auto-Connect";
after = [ "network-online.target" "tailscaled.service" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth";
};
};
# NATS
services.nats = { services.nats = {
enable = true; enable = true;
settings = { settings = {
@@ -72,21 +62,6 @@ in
}; };
}; };
# Ollama (optionnel)
services.ollama = mkIf cfg.enableOllama {
enable = true;
acceleration = null; # CPU uniquement
host = "0.0.0.0";
port = 11434;
};
# Syncthing
services.syncthing = mkIf cfg.enableSyncthing {
enable = true;
user = "kawa";
group = "kawa";
};
# SSH # SSH
services.openssh = { services.openssh = {
enable = true; enable = true;
@@ -98,27 +73,14 @@ in
# Firewall # Firewall
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 22 4222 22000 11434 ]; allowedTCPPorts = [ 22 4222 22000 ];
allowedUDPPorts = [ 41641 22000 ]; allowedUDPPorts = [ 41641 22000 ];
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];
}; };
# Utilisateur KAWA
users.users.kawa = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "tailscale" ];
initialPassword = "kawa2026";
};
# Packages # Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git vim tailscale nats-cli curl wget htop
vim
tailscale
nats-cli
curl
wget
htop
]; ];
}; };
} }