55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
{ config, pkgs, lib, modulesPath, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
|
../../base.nix
|
|
../../common/metrics-exporters.nix
|
|
|
|
./services/flame.nix
|
|
./services/hedgedoc.nix
|
|
./services/nginx.nix
|
|
./services/postgresql.nix
|
|
];
|
|
|
|
# Boot and console is handled by proxmoxLXC.
|
|
boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.
|
|
|
|
# Override proxmox networking
|
|
proxmoxLXC.manageNetwork = true;
|
|
networking = {
|
|
hostName = "sarek";
|
|
defaultGateway = "192.168.10.1";
|
|
interfaces."eth0".ipv4 = {
|
|
addresses = [
|
|
{ address = "192.168.10.181"; prefixLength = 24; }
|
|
];
|
|
};
|
|
hostId = "15dd36bc";
|
|
};
|
|
|
|
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
|
|
virtualisation.docker.enable = true;
|
|
virtualisation.oci-containers.backend = "docker";
|
|
|
|
# Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers
|
|
system.activationScripts.var = lib.mkForce ''
|
|
# Various log/runtime directories.
|
|
mkdir -p /var/tmp
|
|
chmod 1777 /var/tmp
|
|
# Empty, immutable home directory of many system accounts.
|
|
mkdir -p /var/empty
|
|
# Make sure it's really empty
|
|
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
|
|
find /var/empty -mindepth 1 -delete
|
|
chmod 0555 /var/empty
|
|
chown root:root /var/empty
|
|
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
|
|
'';
|
|
systemd.tmpfiles.rules = lib.mkForce [];
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|
|
|