forked from the-distro/infra
44 lines
1 KiB
Nix
44 lines
1 KiB
Nix
|
let
|
||
|
ipv6 = {
|
||
|
openssh ="2001:bc8:38ee:100:1000::41";
|
||
|
forgejo = "2001:bc8:38ee:100:1000::40";
|
||
|
};
|
||
|
in
|
||
|
{
|
||
|
networking.hostName = "git";
|
||
|
networking.domain = "infra.forkos.org";
|
||
|
|
||
|
time.timeZone = "Europe/Paris";
|
||
|
|
||
|
bagel.sysadmin.enable = true;
|
||
|
# Forgejo will be proxied.
|
||
|
bagel.raito.v6-proxy-awareness.enable = true;
|
||
|
bagel.hardware.raito-vm = {
|
||
|
enable = true;
|
||
|
networking = {
|
||
|
nat-lan-mac = "BC:24:11:83:71:56";
|
||
|
wan = {
|
||
|
address = "${ipv6.forgejo}/64";
|
||
|
mac = "BC:24:11:0B:8A:81";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# Add one additional IPv6, so we can have both OpenSSH and
|
||
|
# Forgejo's built-in server bind on port :22.
|
||
|
systemd.network.networks."10-wan".networkConfig.Address = [ "${ipv6.openssh}/64" ];
|
||
|
services.openssh.listenAddresses = [{
|
||
|
addr = "[${ipv6.openssh}]";
|
||
|
}];
|
||
|
|
||
|
bagel.services.forgejo = {
|
||
|
enable = true;
|
||
|
sshBindAddr = ipv6.forgejo;
|
||
|
};
|
||
|
|
||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||
|
|
||
|
system.stateVersion = "24.05";
|
||
|
deployment.targetHost = "git.infra.forkos.org";
|
||
|
}
|