forked from the-distro/infra
48 lines
1.4 KiB
Nix
48 lines
1.4 KiB
Nix
let
|
|
ipv6 = {
|
|
openssh ="2001:bc8:38ee:100:1000::41";
|
|
forgejo = "2001:bc8:38ee:100:1000::40";
|
|
};
|
|
in
|
|
{
|
|
networking.hostName = "git";
|
|
networking.domain = "infra.forkos.org";
|
|
|
|
bagel.sysadmin.enable = true;
|
|
# Forgejo will be proxied.
|
|
bagel.raito.v6-proxy-awareness.enable = true;
|
|
bagel.hardware.raito-vm = {
|
|
enable = true;
|
|
networking = {
|
|
nat-lan-mac = "BC:24:11:83:71:56";
|
|
wan = {
|
|
address = "${ipv6.forgejo}/64";
|
|
mac = "BC:24:11:0B:8A:81";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Add one additional IPv6, so we can have both OpenSSH and
|
|
# Forgejo's built-in server bind on port :22.
|
|
systemd.network.networks."10-wan".networkConfig.Address = [ "${ipv6.openssh}/64" ];
|
|
services.openssh.listenAddresses = [{
|
|
addr = "[${ipv6.openssh}]";
|
|
}];
|
|
# Defaults to network.target, but networkd may take a while to settle and set up
|
|
# the required (additional) IPv6 address, leading to sshd to not being able to
|
|
# bind to the requested IP, crashing 5 times and running into the default
|
|
# restart counter limit (5).
|
|
systemd.services.sshd.wants = [ "network-online.target" ];
|
|
systemd.services.sshd.after = [ "network-online.target" ];
|
|
|
|
bagel.services.forgejo = {
|
|
enable = true;
|
|
sshBindAddr = ipv6.forgejo;
|
|
};
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
system.stateVersion = "24.05";
|
|
deployment.targetHost = "git.infra.forkos.org";
|
|
}
|