53 lines
1.4 KiB
Nix
53 lines
1.4 KiB
Nix
{config, pkgs, ...}:
|
|
|
|
{
|
|
systemd.targets.machines.enable = true;
|
|
systemd.services."perfectpitch-container" = {
|
|
enable = true;
|
|
wantedBy = ["machines.target"];
|
|
environment = {
|
|
# SYSTEMD_NSPAWN_USE_CGNS = "0";
|
|
};
|
|
script = ''
|
|
exec ${config.systemd.package}/bin/systemd-nspawn --hostname perfectpitch \
|
|
--resolv-conf=off --system-call-filter="add_key keyctl bpf" --bind /dev/fuse \
|
|
-nbD /var/lib/machines/perfectpitch --machine perfectpitch
|
|
'';
|
|
postStart = ''
|
|
${pkgs.iproute2}/bin/ip link set ve-perfectpitch up || true
|
|
${pkgs.iproute2}/bin/ip addr add 10.2.0.0 dev ve-perfectpitch || true
|
|
${pkgs.iproute2}/bin/ip route add 10.2.0.1 dev ve-perfectpitch || true
|
|
'';
|
|
serviceConfig = {
|
|
Type = "notify";
|
|
Slice = "machine.slice";
|
|
Delegate = true;
|
|
DeviceAllow = "/dev/fuse rwm";
|
|
};
|
|
};
|
|
networking.nat = {
|
|
enable = true;
|
|
# Check for hostBridge use vb instead of ve
|
|
internalInterfaces = ["ve-perfectpitch"];
|
|
externalInterface = "enp0s25";
|
|
enableIPv6 = true;
|
|
forwardPorts = [
|
|
{ sourcePort = 8022;
|
|
destination = "10.2.0.1:22";
|
|
proto = "tcp";
|
|
}
|
|
{ sourcePort = 8022;
|
|
destination = "10.2.0.1:22";
|
|
proto = "udp";
|
|
}
|
|
];
|
|
};
|
|
services.caddy.virtualHosts = {
|
|
"pitch.crompton.cc" = {
|
|
extraConfig = ''
|
|
reverse_proxy 10.2.0.1:8080
|
|
'';
|
|
};
|
|
};
|
|
}
|