Background So I have a small home lab, where I have a few random things running, like a GitLab CI runner, a media server etc. All my home lab servers (3 of them) are running NixOS and are defined within my Nix flake what services they run.
For example: https://gitlab.com/hmajid2301/nixicle/-/blob/main/systems/x86_64-linux/ms01/default.nix?ref_type=heads
They are set up using nixos-anywhere like most of my other services. Then using deploy-rs we can ssh onto our home lab servers and deploy nix config, i.e. updating packages.
...
Recently I have been playing around with running a homelab directly on a NixOS machine without kubernetes. I didn’t want to bother to have to setup certificates using Traefik (DNS challenge) and Cloudflare. I wanted to use the certificate that comes with Tailscale (wireguard VPN I use to connect to my home lab).
In this post I will show you how I set this up as a Nix module.
Nix Let us look at the relevant Nix code.
...
TIL: How to Use Tailscale to Connect to K3S PI Cluster
So what do we do if want to connect to our K3S cluster running our RPIs, but we are not on the same network/at home. Well we can look to use a VPN, in this article we will be using tailscale. It is super easy to setup on NixOS, and we need very little config for Tailscale. It also has a generous free tier, which will be more than enough for our home lab use case.
...