Skip to content

Instantly share code, notes, and snippets.

@Xe
Created Jan 13, 2021
Embed
What would you like to do?
#cloud-config
write_files:
- path: /etc/nixos/host.nix
permissions: '0644'
content: |
{ config, pkgs, ... }:
{
# make the tailscale command usable to users
environment.systemPackages = [ pkgs.tailscale ];
# enable the tailscale service
services.tailscale.enable = true;
# create a oneshot job to authenticate to Tailscale
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --authkey=tskey-examplekeyhere
'';
};
networking.firewall = {
# enable the firewall
enable = true;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
# allow the Tailscale UDP port through the firewall
allowedUDPPorts = [ config.services.tailscale.port ];
};
services.minecraft-server = {
enable = true;
eula = false; # set to true if you agree to mojang's eula: https://account.mojang.com/documents/minecraft_eula
declarative = true;
# see here for more info: https://minecraft.gamepedia.com/Server.properties#server.properties
serverProperties = {
server-port = 25565;
gamemode = "survival";
motd = "NixOS Minecraft server on Tailscale!";
max-players = 5;
enable-rcon = true;
"rcon.password" = "hunter2";
};
};
}
runcmd:
- curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log
@john-g-g

This comment has been minimized.

Copy link

@john-g-g john-g-g commented Jan 27, 2021

Thanks for this and all you blog posts about Nix, they are super helpful! Not sure if it was intentional or not, but I noticed you omitted the ssh port from the firewall config that you use in your blog post:

    allowedTCPPorts = [ 22 ];
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment