diff --git a/machines/hippocampus/servers/public.nix b/machines/hippocampus/servers/public.nix index 4b6185c..a6a3c62 100644 --- a/machines/hippocampus/servers/public.nix +++ b/machines/hippocampus/servers/public.nix @@ -47,5 +47,8 @@ # Random Usage, specific port ./public/random.nix + + # Perfect Pitch Project + ./public/perfect_pitch.nix ]; } diff --git a/machines/hippocampus/servers/public/perfect_pitch.nix b/machines/hippocampus/servers/public/perfect_pitch.nix new file mode 100644 index 0000000..88879e5 --- /dev/null +++ b/machines/hippocampus/servers/public/perfect_pitch.nix @@ -0,0 +1,52 @@ +{config, pkgs, ...}: + +{ + systemd.targets.machines.enable = true; + systemd.services."perfectpitch-container" = { + enable = true; + wantedBy = ["machines.target"]; + environment = { + # SYSTEMD_NSPAWN_USE_CGNS = "0"; + }; + script = '' + exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \ + --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \ + -nbD /var/lib/machines/perfectpitch --machine perfectpitch + ''; + postStart = '' + ${pkgs.iproute2}/bin/ip link set ve-perfectpitch up || true + ${pkgs.iproute2}/bin/ip addr add 10.2.0.0 dev ve-perfectpitch || true + ${pkgs.iproute2}/bin/ip route add 10.2.0.1 dev ve-perfectpitch || true + ''; + serviceConfig = { + Type = "notify"; + Slice = "machine.slice"; + Delegate = true; + DeviceAllow = "/dev/fuse rwm"; + }; + }; + networking.nat = { + enable = true; + # Check for hostBridge use vb instead of ve + internalInterfaces = ["ve-perfectpitch"]; + externalInterface = "enp0s25"; + enableIPv6 = true; + forwardPorts = [ + { sourcePort = 8022; + destination = "10.2.0.1:22"; + proto = "tcp"; + } + { sourcePort = 8022; + destination = "10.2.0.1:22"; + proto = "udp"; + } + ]; + }; + services.caddy.virtualHosts = { + "pitch.crompton.cc" = { + extraConfig = '' + reverse_proxy 10.2.0.1:8080 + ''; + }; + }; +}