121 lines
3.1 KiB
Nix
121 lines
3.1 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
nixpkgs.system = "x86_64-linux";
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
# ./services/attic.nix
|
|
# ./services/immich.nix
|
|
# ./services/jellyfin.nix
|
|
# ./services/paperless.nix
|
|
# ./services/ytdl-sub.nix
|
|
|
|
];
|
|
time.timeZone = "Europe/Berlin";
|
|
networking.hostId = "7b4c2932";
|
|
|
|
containers.ds9 = {
|
|
autoStart = true;
|
|
timeoutStartSec = "10000000min";
|
|
privateNetwork = true;
|
|
enableTun = true;
|
|
additionalCapabilities = [
|
|
"CAP_NET_ADMIN"
|
|
"CAP_MKNOD"
|
|
"CAP_BPF"
|
|
"CAP_DAC_READ_SEARCH"
|
|
"CAP_SYS_RESOURCE"
|
|
"CAP_SYS_ADMIN"
|
|
];
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.11";
|
|
# hostAddress6 = "fc00::1";
|
|
# localAddress6 = "fc00::2";
|
|
|
|
path = inputs.oldConf.nixosConfigurations.ds9.config.system.build.toplevel;
|
|
|
|
bindMounts = {
|
|
"/data" = {
|
|
hostPath = "/data";
|
|
isReadOnly = false;
|
|
};
|
|
"/backups" = {
|
|
hostPath = "/backups";
|
|
isReadOnly = false;
|
|
};
|
|
"/persistent" = {
|
|
hostPath = "/oldds9/persistent";
|
|
isReadOnly = false;
|
|
};
|
|
"/var/lib/containers" = {
|
|
hostPath = "/oldds9/persistent/var/lib/containers";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
};
|
|
networking.nat.enable = true;
|
|
networking.nat.enableIPv6 = true;
|
|
networking.nat.internalInterfaces = [ "ve-+" ];
|
|
networking.nat.externalInterface = "enp1s0f1"; # TODO: changeme
|
|
|
|
services.traefik.dynamicConfigOptions.http.routers.simpleproxy-oldds9-router.rule =
|
|
lib.mkForce "HostRegexp(`^.+\.hailsatan\.eu$`)";
|
|
# services.traefik.dynamicConfigOptions.http.routers.simpleproxy-oldds9-router.tls.options = "old";
|
|
services.traefik.dynamicConfigOptions.http.routers.simpleproxy-oldds9-router-robotstxt.rule =
|
|
lib.mkForce "HostRegexp(`^.+\.hailsatan\.eu$`) && Path(`/robots.txt`)";
|
|
xyno.services.traefik = {
|
|
enable = true;
|
|
simpleProxy.oldds9 = {
|
|
host = "*.hailsatan.eu";
|
|
internal = "http://192.168.100.11";
|
|
};
|
|
};
|
|
|
|
users.users.root.password = "hunter2";
|
|
|
|
systemd.services."dyndns-refresh" = {
|
|
script = ''
|
|
set -eu
|
|
export PATH=$PATH:${pkgs.curl}/bin:${pkgs.jq}/bin:${pkgs.iproute2}/bin
|
|
${pkgs.bash}/bin/bash ${config.sops.secrets.dyndns.path}
|
|
'';
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "root";
|
|
};
|
|
startAt = "*:0/10";
|
|
};
|
|
sops.secrets.dyndns = {
|
|
sopsFile = ./secrets/dyndns.yaml;
|
|
};
|
|
|
|
xyno.presets.cli.enable = true;
|
|
xyno.presets.server.enable = true;
|
|
xyno.impermanence.enable = true;
|
|
# xyno.services.wireguard.enable = true;
|
|
# xyno.services.caddy.enable = true;
|
|
# xyno.services.monitoring.enable = true;
|
|
# xyno.services.authentik.enable = true;
|
|
xyno.presets.home-manager.enable = true;
|
|
xyno.system.user.enable = true;
|
|
xyno.networking.networkd = {
|
|
enable = true;
|
|
};
|
|
networking.useDHCP = lib.mkForce false;
|
|
networking.interfaces."enp1s0f1" = {
|
|
useDHCP = true;
|
|
tempAddress = "enabled";
|
|
};
|
|
systemd.network.networks."40-enp1s0f1" = {
|
|
networkConfig = {
|
|
IPv6AcceptRA = true;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|