hippocampus: Perfect Pitch Container

machines/hippocampus/servers/public.nix

@@ -47,5 +47,8 @@
 
     # Random Usage, specific port
     ./public/random.nix
+
+    # Perfect Pitch Project
+    ./public/perfect_pitch.nix
   ];
 }

machines/hippocampus/servers/public/perfect_pitch.nix

@@ -0,0 +1,52 @@
+{config, pkgs, ...}:
+
+{
+  systemd.targets.machines.enable = true;
+  systemd.services."perfectpitch-container" = {
+    enable = true;
+    wantedBy = ["machines.target"];
+    environment = {
+      # SYSTEMD_NSPAWN_USE_CGNS = "0";
+    };
+    script = ''
+      exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
+        --resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \
+        -nbD /var/lib/machines/perfectpitch --machine perfectpitch
+    '';
+    postStart = ''
+      ${pkgs.iproute2}/bin/ip link set ve-perfectpitch up || true
+      ${pkgs.iproute2}/bin/ip addr add 10.2.0.0 dev ve-perfectpitch || true
+      ${pkgs.iproute2}/bin/ip route add 10.2.0.1 dev ve-perfectpitch || true
+    '';
+    serviceConfig = {
+      Type = "notify";
+      Slice = "machine.slice";
+      Delegate = true;
+      DeviceAllow = "/dev/fuse rwm";
+    };
+  };
+  networking.nat = {
+    enable = true;
+    # Check for hostBridge use vb instead of ve
+    internalInterfaces = ["ve-perfectpitch"];
+    externalInterface = "enp0s25";
+    enableIPv6 = true;
+    forwardPorts = [
+     { sourcePort = 8022;
+       destination = "10.2.0.1:22";
+       proto = "tcp";
+     }
+     { sourcePort = 8022;
+       destination = "10.2.0.1:22";
+       proto = "udp";
+     }
+    ];
+  };
+  services.caddy.virtualHosts = {
+    "pitch.crompton.cc" = {
+      extraConfig = ''
+        reverse_proxy 10.2.0.1:8080
+      '';
+    };
+  };
+}