]> gitweb.ps.run Git - flake_thinkpad/blob - config-containers.nix
projects / flake_thinkpad / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
update
[flake_thinkpad] / config-containers.nix
1 { config, pkgs, inputs, lib, ... } @ args:
2 {
3   # Containers
4   containers = {
5     im = {
6       ephemeral = true;
7       # privateNetwork = true;
8       localAddress = "10.23.45.2";
9       hostAddress = "10.23.45.1";
10
11       bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
12       bindMounts."/per".isReadOnly = false;
13
14       extraFlags = [
15         "--property='MemoryMax=60M'"
16         "--property='MemoryHigh=50M'"
17         "--property='CPUQuota=4%'"
18       ];
19
20       config = { config, pkgs, ... }: {
21         imports = [ inputs.impermanence.nixosModules.impermanence ];
22
23         environment.persistence."/per" = {
24           directories = [
25             "/var/log"
26             "/var/lib"
27             { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
28           ];
29           files = [];
30         };
31         environment.systemPackages = with pkgs; [ helix python312 deno ];
32
33         users.users.ps = { isNormalUser = true; };
34
35         networking.firewall.allowedTCPPorts = [ 80 8080 ];
36
37         system.stateVersion = "25.05";
38       };
39     };
40   };
41   networking.nat.enable = true;
42   networking.nat.internalInterfaces = ["ve-+"];
43   networking.nat.externalInterface = "eth0";
44   networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
45 }
Unnamed repository; edit this file 'description' to name the repository.