blob: ec2dc130663f39b71bc3d2611a73647ebdba9889 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
{
pkgs,
lib,
nixpkgs-master,
matrix-synapse-unwrapped-patched,
draupnir,
spacebar,
...
}:
{
imports = [
../../modules/base-server.nix
./services/nginx/nginx.nix
./services/postgres.nix
./vm.nix
];
boot.loader.grub.devices = lib.mkForce [ "nodev" ];
networking = {
hostName = "Rory-ovh";
nat = {
enable = true;
internalInterfaces = [
"ve-+"
"vb-+"
];
externalInterface = "enp98s0f0";
enableIPv6 = false;
};
enableIPv6 = lib.mkForce false;
nameservers = lib.mkForce [ "1.1.1.1" ];
firewall.enable = lib.mkForce true;
resolvconf.enable = false;
defaultGateway = lib.mkForce null;
defaultGateway6 = lib.mkForce null;
firewall.allowedTCPPorts = [
25565
];
};
systemd.network = {
enable = true;
networks.enp98s0f0 = {
name = "enp98s0f0";
DHCP = "no";
#gateway = [ "51.210.113.254" ];
routes = [
{
Gateway = "51.210.113.254";
GatewayOnLink = true;
}
];
address = [ "51.210.113.110/32" ];
};
};
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
"dotnet-runtime-wrapped-7.0.20"
"dotnet-runtime-7.0.20"
"dotnet-sdk-7.0.20"
];
services.irqbalance.enable = true;
environment.memoryAllocator.provider = "jemalloc";
networking.firewall.interfaces."ve-spacebar".allowedTCPPorts = [ 5432 ];
containers."spacebar" = import ./services/containers/spacebar/container.nix {
inherit
pkgs
lib
spacebar
;
};
# prevent a hang on rebuild with forgotten shells...
systemd.services."container@spacebar" = {
# dependency on postgres for good measure...
after = [ "postgresql.service" ];
wants = [ "postgresql.service" ];
# preStop = ''
# for pid in $(pgrep -f "nixos-container root-login spacebar"); do
# echo "Killing shell with PID $pid"
# kill -9 "$pid"
# done
# '';
};
system.stateVersion = "22.11"; # DO NOT EDIT!
environment.systemPackages = with pkgs; [ waypipe ];
nix.nrBuildUsers = 128;
}
|
