2024-06-23 18:27:59 +00:00
|
|
|
{ config, lib, ... }:
|
2024-06-23 04:41:53 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
boot.isContainer = true;
|
2024-06-23 18:27:59 +00:00
|
|
|
|
|
|
|
# XXX: There's currently no way to remove the "problematic" entries (trying
|
|
|
|
# to override the /proc, /sys, /dev, ... mounts from systemd-nspawn) while
|
|
|
|
# also keeping the entry for the wrappers dir.
|
|
|
|
boot.specialFileSystems = lib.mkForce {
|
|
|
|
"/run/wrappers" = {
|
|
|
|
fsType = "tmpfs";
|
|
|
|
options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ];
|
|
|
|
};
|
|
|
|
};
|
2024-06-23 04:41:53 +00:00
|
|
|
|
|
|
|
boot.loader.initScript.enable = true;
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
useNetworkd = true;
|
|
|
|
useHostResolvConf = false;
|
|
|
|
|
|
|
|
hostName = "bagel-box";
|
|
|
|
nameservers = [ "2001:4860:4860::8844" ];
|
|
|
|
|
|
|
|
interfaces.host0.ipv6.addresses = [
|
|
|
|
{ address = "2001:bc8:38ee:100:100::1"; prefixLength = 64; }
|
|
|
|
];
|
|
|
|
|
2024-06-23 18:28:15 +00:00
|
|
|
interfaces.host1.ipv4.addresses = [
|
|
|
|
{ address = "172.16.100.2"; prefixLength = 24; }
|
|
|
|
];
|
|
|
|
defaultGateway = { address = "172.16.100.1"; interface = "host1"; };
|
|
|
|
|
2024-06-23 04:41:53 +00:00
|
|
|
firewall.allowPing = true;
|
|
|
|
};
|
|
|
|
|
2024-06-24 14:45:59 +00:00
|
|
|
bagel.services = {
|
|
|
|
postgres.enable = true;
|
|
|
|
|
|
|
|
hydra.enable = true;
|
|
|
|
hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra";
|
|
|
|
};
|
2024-07-07 21:52:40 +00:00
|
|
|
bagel.meta.monitoring.address = "bagel-box.infra.forkos.org";
|
2024-06-24 14:45:59 +00:00
|
|
|
|
|
|
|
security.acme.acceptTerms = true;
|
2024-07-07 21:52:40 +00:00
|
|
|
security.acme.defaults.email = "infra@forkos.org";
|
2024-06-24 14:45:59 +00:00
|
|
|
|
2024-06-23 04:41:53 +00:00
|
|
|
services.openssh.enable = true;
|
|
|
|
|
2024-07-07 21:52:40 +00:00
|
|
|
deployment.targetHost = "bagel-box.infra.forkos.org";
|
2024-06-23 04:41:53 +00:00
|
|
|
}
|