{ config, lib, ... }: { boot.isContainer = true; # XXX: There's currently no way to remove the "problematic" entries (trying # to override the /proc, /sys, /dev, ... mounts from systemd-nspawn) while # also keeping the entry for the wrappers dir. boot.specialFileSystems = lib.mkForce { "/run/wrappers" = { fsType = "tmpfs"; options = [ "nodev" "mode=755" "size=${config.security.wrapperDirSize}" ]; }; }; boot.loader.initScript.enable = true; networking = { useNetworkd = true; useHostResolvConf = false; hostName = "bagel-box"; nameservers = [ "2001:4860:4860::8844" ]; interfaces.host0.ipv6.addresses = [ { address = "2001:bc8:38ee:100:100::1"; prefixLength = 64; } ]; interfaces.host1.ipv4.addresses = [ { address = "172.16.100.2"; prefixLength = 24; } ]; defaultGateway = { address = "172.16.100.1"; interface = "host1"; }; firewall.allowPing = true; }; bagel.services = { postgres.enable = true; hydra.enable = true; hydra.dbi = "dbi:Pg:dbname=hydra;user=hydra"; # Takes 10 builders (0 → 9). hydra.builders = lib.genList (i: "builder-${i}") 9; ofborg.enable = true; }; bagel.sysadmin.enable = true; security.acme.acceptTerms = true; security.acme.defaults.email = "infra@forkos.org"; services.openssh.enable = true; deployment.targetHost = "bagel-box.infra.forkos.org"; }