2024-06-23 18:27:59 +00:00
|
|
|
{ config, lib, ... }:
|
2024-06-23 04:41:53 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
boot.isContainer = true;
|
2024-06-23 18:27:59 +00:00
|
|
|
|
|
|
|
# XXX: There's currently no way to remove the "problematic" entries (trying
|
|
|
|
# to override the /proc, /sys, /dev, ... mounts from systemd-nspawn) while
|
|
|
|
# also keeping the entry for the wrappers dir.
|
|
|
|
boot.specialFileSystems = lib.mkForce {
|
|
|
|
"/run/wrappers" = {
|
|
|
|
fsType = "tmpfs";
|
|
|
|
options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
|
|
|
|
};
|
|
|
|
};
|
2024-06-23 04:41:53 +00:00
|
|
|
|
|
|
|
boot.loader.initScript.enable = true;
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
useNetworkd = true;
|
|
|
|
useHostResolvConf = false;
|
|
|
|
|
|
|
|
hostName = "bagel-box";
|
|
|
|
nameservers = [ "2001:4860:4860::8844" ];
|
|
|
|
|
|
|
|
interfaces.host0.ipv6.addresses = [
|
|
|
|
{ address = "2001:bc8:38ee:100:100::1"; prefixLength = 64; }
|
|
|
|
];
|
|
|
|
|
2024-06-23 18:28:15 +00:00
|
|
|
interfaces.host1.ipv4.addresses = [
|
|
|
|
{ address = "172.16.100.2"; prefixLength = 24; }
|
|
|
|
];
|
|
|
|
defaultGateway = { address = "172.16.100.1"; interface = "host1"; };
|
|
|
|
|
2024-06-23 04:41:53 +00:00
|
|
|
firewall.allowPing = true;
|
|
|
|
};
|
|
|
|
|
2024-06-24 14:45:59 +00:00
|
|
|
bagel.services = {
|
|
|
|
postgres.enable = true;
|
|
|
|
|
|
|
|
hydra.enable = true;
|
|
|
|
hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
|
|
|
|
};
|
|
|
|
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
security.acme.defaults.email = "bagel@delroth.net";
|
|
|
|
|
2024-06-23 04:41:53 +00:00
|
|
|
services.openssh.enable = true;
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
# delroth
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3tjB4KYDok3KlWxdBp/yEmqhhmybd+w0VO4xUwLKKV"
|
|
|
|
# raito
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
|
|
|
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM="
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
deployment.targetHost = "2001:bc8:38ee:100:100::1";
|
|
|
|
}
|