gitweb.ps.run Git - flake_thinkpad/blob - config-containers.nix

   1
   2   # Containers
   3   containers = {
   4     im = {
   5       ephemeral = true;
   6       # privateNetwork = true;
   7       localAddress = "10.23.45.2";
   8       hostAddress = "10.23.45.1";
   9
  10       bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
  11       bindMounts."/per".isReadOnly = false;
  12
  13       extraFlags = [
  14         "--property='MemoryMax=60M'"
  15         "--property='MemoryHigh=50M'"
  16         "--property='CPUQuota=4%'"
  17       ];
  18
  19       config = { config, pkgs, ... }: {
  20         imports = [ inputs.impermanence.nixosModules.impermanence ];
  21
  22         environment.persistence."/per" = {
  23           directories = [
  24             "/var/log"
  25             "/var/lib"
  26             { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
  27           ];
  28           files = [];
  29         };
  30         environment.systemPackages = with pkgs; [ helix python312 deno ];
  31
  32         users.users.ps = { isNormalUser = true; };
  33
  34         networking.firewall.allowedTCPPorts = [ 80 8080 ];
  35
  36         system.stateVersion = "25.05";
  37       };
  38     };
  39   };
  40   networking.nat.enable = true;
  41   networking.nat.internalInterfaces = ["ve-+"];
  42   networking.nat.externalInterface = "eth0";
  43   networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];