separate

[flake_thinkpad] / config-containers.nix

diff --git a/config-containers.nix b/config-containers.nix
new file mode 100644 (file)
index 0000000..8141c35
--- /dev/null
+++ b/config-containers.nix
@@ -0,0 +1,43 @@
+
+  # Containers
+  containers = {
+    im = {
+      ephemeral = true;
+      # privateNetwork = true;
+      localAddress = "10.23.45.2";
+      hostAddress = "10.23.45.1";
+
+      bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
+      bindMounts."/per".isReadOnly = false;
+
+      extraFlags = [
+        "--property='MemoryMax=60M'"
+        "--property='MemoryHigh=50M'"
+        "--property='CPUQuota=4%'"
+      ];
+
+      config = { config, pkgs, ... }: {
+        imports = [ inputs.impermanence.nixosModules.impermanence ];
+
+        environment.persistence."/per" = {
+          directories = [
+            "/var/log"
+            "/var/lib"
+            { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
+          ];
+          files = [];
+        };
+        environment.systemPackages = with pkgs; [ helix python312 deno ];
+
+        users.users.ps = { isNormalUser = true; };
+
+        networking.firewall.allowedTCPPorts = [ 80 8080 ];
+
+        system.stateVersion = "25.05";
+      };
+    };
+  };
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["ve-+"];
+  networking.nat.externalInterface = "eth0";
+  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];