kawa_bot/kawa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
kawa/nixos/kawa.nix

87 lines
2.0 KiB
Nix
Raw Permalink Blame History

# KAWA OS - Module NixOS principal
# Configuration automatique pour rejoindre le mesh KAWA
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.kawa;
in
{
options.services.kawa = {
enable = mkEnableOption "KAWA mesh network";
hostname = mkOption {
type = types.str;
default = "kawa-node";
description = "Hostname du nœud KAWA (fixe)";
};
headscaleUrl = mkOption {
type = types.str;
default = "https://headscale.du-senegal.com";
description = "URL du serveur Headscale";
};
authKey = mkOption {
type = types.str;
default = "<HEADSCALE_AUTHKEY>";
description = "Clé d'authentification";
};
};
config = mkIf cfg.enable {
networking.hostName = cfg.hostname;
# Tailscale - installation de base
services.tailscale = {
enable = true;
package = pkgs.tailscale;
};
# Connexion au mesh via systemd (après le boot)
systemd.services.kawa-mesh-connect = {
description = "KAWA Mesh Auto-Connect";
after = [ "network-online.target" "tailscaled.service" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth";
};
};
# NATS
services.nats = {
enable = true;
settings = {
port = 4222;
http_port = 8222;
};
};
# SSH
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
# Firewall
networking.firewall = {
allowedTCPPorts = [ 22 4222 22000 ];
allowedUDPPorts = [ 41641 22000 ];
trustedInterfaces = [ "tailscale0" ];
};
# Packages
environment.systemPackages = with pkgs; [
git vim tailscale nats-cli curl wget htop
];
};
}
Reference in New Issue View Git Blame Copy Permalink