infra/hosts/bagel-box/default.nix

61 lines
2.1 KiB
Nix
Raw Normal View History

{ config, lib, ... }:
2024-06-23 04:41:53 +00:00
{
boot.isContainer = true;
# XXX: There's currently no way to remove the "problematic" entries (trying
# to override the /proc, /sys, /dev, ... mounts from systemd-nspawn) while
# also keeping the entry for the wrappers dir.
boot.specialFileSystems = lib.mkForce {
"/run/wrappers" = {
fsType = "tmpfs";
options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
};
};
2024-06-23 04:41:53 +00:00
boot.loader.initScript.enable = true;
networking = {
useNetworkd = true;
useHostResolvConf = false;
hostName = "bagel-box";
nameservers = [ "2001:4860:4860::8844" ];
interfaces.host0.ipv6.addresses = [
{ address = "2001:bc8:38ee:100:100::1"; prefixLength = 64; }
];
interfaces.host1.ipv4.addresses = [
{ address = "172.16.100.2"; prefixLength = 24; }
];
defaultGateway = { address = "172.16.100.1"; interface = "host1"; };
2024-06-23 04:41:53 +00:00
firewall.allowPing = true;
};
2024-06-24 14:45:59 +00:00
bagel.services = {
postgres.enable = true;
hydra.enable = true;
hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "bagel@delroth.net";
2024-06-23 04:41:53 +00:00
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
# delroth
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
# raito
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM="
];
deployment.targetHost = "2001:bc8:38ee:100:100::1";
}