kawa_bot/kawa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2623a5683af6f6a9b98c8163bb8b134acd9fdca
kawa/nixos/kawa.nix
Debian b8d5b01b3a Fix Tailscale: separate systemd service for mesh connection 
Problem: extraUpFlags in services.tailscale blocks boot if network
is not ready or Headscale is unreachable.

Solution:
- services.tailscale.enable = true (installs tailscale)
- Separate kawa-mesh-connect systemd service:
  - Waits for network-online.target
  - Waits for tailscaled.service
  - Connects to mesh after boot

Commands to verify:
  systemctl status tailscaled
  systemctl status kawa-mesh-connect
  tailscale status
2026-03-14 23:09:36 +00:00

87 lines
2.0 KiB
Nix
Raw Blame History

# KAWA OS - Module NixOS principal
# Configuration automatique pour rejoindre le mesh KAWA
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.kawa;
in
{
options.services.kawa = {
enable = mkEnableOption "KAWA mesh network";
hostname = mkOption {
type = types.str;
default = "kawa-node";
description = "Hostname du nœud KAWA (fixe)";
};
headscaleUrl = mkOption {
type = types.str;
default = "https://headscale.du-senegal.com";
description = "URL du serveur Headscale";
};
authKey = mkOption {
type = types.str;
default = "f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0";
description = "Clé d'authentification";
};
};
config = mkIf cfg.enable {
networking.hostName = cfg.hostname;
# Tailscale - installation de base
services.tailscale = {
enable = true;
package = pkgs.tailscale;
};
# Connexion au mesh via systemd (après le boot)
systemd.services.kawa-mesh-connect = {
description = "KAWA Mesh Auto-Connect";
after = [ "network-online.target" "tailscaled.service" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=${cfg.headscaleUrl} --authkey=${cfg.authKey} --force-reauth";
};
};
# NATS
services.nats = {
enable = true;
settings = {
port = 4222;
http_port = 8222;
};
};
# SSH
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
# Firewall
networking.firewall = {
allowedTCPPorts = [ 22 4222 22000 ];
allowedUDPPorts = [ 41641 22000 ];
trustedInterfaces = [ "tailscale0" ];
};
# Packages
environment.systemPackages = with pkgs; [
git vim tailscale nats-cli curl wget htop
];
};
}
Reference in New Issue View Git Blame Copy Permalink