feat: new k3s cluster

2026-05-27 16:59:09 +02:00 · 2024-02-18 13:49:28 +08:00
parent 1a3b02a062
commit c19184a6be
27 changed files with 508 additions and 68 deletions
@@ -1,17 +1,14 @@
-{vars_networking, ...}:
+{vars_networking, mylib, ...}:
 #############################################################
 #
 #  Tailscale Gateway(homelab subnet router) - a NixOS VM running on Proxmox
 #
 #############################################################
 let
-  hostName = "tailscale_gw"; # Define your hostname.
+  hostName = "tailscale-gw"; # Define your hostname.
  hostAddress = vars_networking.hostAddress.${hostName};
 in {
-  imports = [
-    ./tailscale.nix
-    ./proxy.nix
-  ];
+  imports = mylib.scanPaths ./.;

  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = [
@@ -25,7 +22,10 @@ in {

  networking = {
    inherit hostName;
-    inherit (vars_networking) defaultGateway nameservers;
+    inherit (vars_networking) nameservers;
+
+    # Use mainGateway instead of defaultGateway to make NAT Traversal work
+    defaultGateway = vars_networking.mainGateway;

    networkmanager.enable = false;
    interfaces.ens18 = {
@@ -1,90 +0,0 @@
-{
-  # dae(running on aquamarine) do not provides http/socks5 proxy server; so we use v2ray here.
-  # https=//github.com/v2fly
-  services.v2ray = {
-    enable = true;
-    config = {
-      # for monitoring
-      "stats" = {};
-      "api" = {
-        "tag" = "api";
-        "services" = [
-          "StatsService"
-        ];
-      };
-      "policy" = {
-        "levels" = {
-          "0" = {
-            "statsUserUplink" = true;
-            "statsUserDownlink" = true;
-          };
-        };
-        "system" = {
-          "statsInboundUplink" = true;
-          "statsInboundDownlink" = true;
-          "statsOutboundUplink" = true;
-          "statsOutboundDownlink" = true;
-        };
-      };
-
-      inbounds = [
-        # core inbound
-        {
-          listen = "0.0.0.0";
-          port = 7890;
-          protocol = "http";
-        }
-        {
-          listen = "0.0.0.0";
-          port = 7891;
-          protocol = "socks";
-          settings = {
-            auth = "noauth";
-            udp = true;
-          };
-        }
-
-        # for monitoring
-        {
-          "tag" = "api";
-          "listen" = "127.0.0.1";
-          "port" = 54321;
-          "protocol" = "dokodemo-door";
-          "settings" = {
-            "address" = "127.0.0.1";
-          };
-        }
-      ];
-      outbounds = [
-        # forward traffic directly via system's default network(to dae proxy running on aquamarine)
-        {
-          protocol = "freedom";
-          tag = "freedom";
-        }
-      ];
-
-      # for monitoring
-      "routing" = {
-        "rules" = [
-          {
-            "inboundTag" = [
-              "api"
-            ];
-            "outboundTag" = "api";
-            "type" = "field";
-          }
-        ];
-      };
-    };
-  };
-
-  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix
-  # https://github.com/wi1dcard/v2ray-exporter
-  services.prometheus.exporters.v2ray = {
-    enable = true;
-    listenAddress = "0.0.0.0";
-    port = 9153;
-    openFirewall = false;
-    v2rayEndpoint = "127.0.0.1:54321";
-  };
-}