# KAWA OS - Module NixOS principal # Configuration automatique pour rejoindre le mesh KAWA { config, lib, pkgs, ... }: with lib; let cfg = config.services.kawa; in { options.services.kawa = { enable = mkEnableOption "KAWA mesh network"; hostname = mkOption { type = types.str; default = "kawa-node"; description = "Hostname du nœud KAWA (fixe)"; }; headscaleUrl = mkOption { type = types.str; default = "https://headscale.du-senegal.com"; description = "URL du serveur Headscale"; }; authKey = mkOption { type = types.str; default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0"; description = "Clé d'authentification"; }; }; config = mkIf cfg.enable { networking.hostName = cfg.hostname; # Tailscale - installation de base services.tailscale = { enable = true; package = pkgs.tailscale; }; # Connexion au mesh via systemd (après le boot) systemd.services.kawa-mesh-connect = { description = "KAWA Mesh Auto-Connect"; after = [ "network-online.target" "tailscaled.service" ]; wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth"; }; }; # NATS services.nats = { enable = true; settings = { port = 4222; http_port = 8222; }; }; # SSH services.openssh = { enable = true; settings = { PermitRootLogin = "yes"; PasswordAuthentication = true; }; }; # Firewall networking.firewall = { allowedTCPPorts = [ 22 4222 22000 ]; allowedUDPPorts = [ 41641 22000 ]; trustedInterfaces = [ "tailscale0" ]; }; # Packages environment.systemPackages = with pkgs; [ git vim tailscale nats-cli curl wget htop ]; }; }