This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| write_files: | |
| - path: /etc/nixos/host.nix | |
| permissions: '0644' | |
| content: | | |
| { config, pkgs, ... }: | |
| { | |
| # make the tailscale command usable to users | |
| environment.systemPackages = [ pkgs.tailscale ]; | |
| # enable the tailscale service | |
| services.tailscale.enable = true; | |
| # create a oneshot job to authenticate to Tailscale | |
| systemd.services.tailscale-autoconnect = { | |
| description = "Automatic connection to Tailscale"; | |
| # make sure tailscale is running before trying to connect to tailscale | |
| after = [ "network-pre.target" "tailscale.service" ]; | |
| wants = [ "network-pre.target" "tailscale.service" ]; | |
| wantedBy = [ "multi-user.target" ]; | |
| # set this service as a oneshot job | |
| serviceConfig.Type = "oneshot"; | |
| # have the job run this shell script | |
| script = with pkgs; '' | |
| # wait for tailscaled to settle | |
| sleep 2 | |
| # check if we are already authenticated to tailscale | |
| status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" | |
| if [ $status = "Running" ]; then # if so, then do nothing | |
| exit 0 | |
| fi | |
| # otherwise authenticate with tailscale | |
| ${tailscale}/bin/tailscale up --authkey=tskey-examplekeyhere | |
| ''; | |
| }; | |
| networking.firewall = { | |
| # enable the firewall | |
| enable = true; | |
| # always allow traffic from your Tailscale network | |
| trustedInterfaces = [ "tailscale0" ]; | |
| # allow the Tailscale UDP port through the firewall | |
| allowedUDPPorts = [ config.services.tailscale.port ]; | |
| }; | |
| services.minecraft-server = { | |
| enable = true; | |
| eula = false; # set to true if you agree to mojang's eula: https://account.mojang.com/documents/minecraft_eula | |
| declarative = true; | |
| # see here for more info: https://minecraft.gamepedia.com/Server.properties#server.properties | |
| serverProperties = { | |
| server-port = 25565; | |
| gamemode = "survival"; | |
| motd = "NixOS Minecraft server on Tailscale!"; | |
| max-players = 5; | |
| enable-rcon = true; | |
| "rcon.password" = "hunter2"; | |
| }; | |
| }; | |
| } | |
| runcmd: | |
| - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | PROVIDER=digitalocean NIXOS_IMPORT=./host.nix NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for this and all you blog posts about Nix, they are super helpful! Not sure if it was intentional or not, but I noticed you omitted the ssh port from the firewall config that you use in your blog post: