diff options
| author | Nguyễn Gia Phong <mcsinyx@disroot.org> | 2022-05-04 14:52:32 +0000 |
|---|---|---|
| committer | Nguyễn Gia Phong <mcsinyx@disroot.org> | 2022-05-04 14:52:32 +0000 |
| commit | 1399d4a1be1d0c72ef9bc79b32ffc570810273c2 (patch) | |
| tree | 5ed6a1a09a822cfc30b30129f971c85f765785a3 /vpsadminos.nix | |
| download | nixos-conf-1399d4a1be1d0c72ef9bc79b32ffc570810273c2.tar.gz | |
Snapshot configuration
Diffstat (limited to 'vpsadminos.nix')
| -rw-r--r-- | vpsadminos.nix | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/vpsadminos.nix b/vpsadminos.nix new file mode 100644 index 0000000..e804746 --- /dev/null +++ b/vpsadminos.nix @@ -0,0 +1,54 @@ +# This file provides compatibility for NixOS to run in a container on vpsAdminOS +# hosts. +# +# If you're experiencing issues, try updating this file to the latest version +# from vpsAdminOS repository: +# +# https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix + +{ config, pkgs, lib, ... }: +with lib; +let + nameservers = [ + "9.9.9.9" + "2620:fe::fe" + ]; +in { + networking.nameservers = mkDefault nameservers; + services.resolved = mkDefault { fallbackDns = nameservers; }; + networking.dhcpcd.extraConfig = "noipv4ll"; + + systemd.services.systemd-sysctl.enable = false; + systemd.sockets."systemd-journald-audit".enable = false; + systemd.mounts = [ {where = "/sys/kernel/debug"; enable = false;} ]; + systemd.services.systemd-udev-trigger.enable = false; + systemd.services.rpc-gssd.enable = false; + + boot.isContainer = true; + boot.enableContainers = mkDefault true; + boot.loader.initScript.enable = true; + boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs"; + boot.systemdExecutable = mkDefault "/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0"; + + # Overrides for <nixpkgs/nixos/modules/virtualisation/container-config.nix> + documentation.enable = mkOverride 500 true; + documentation.nixos.enable = mkOverride 500 true; + networking.useHostResolvConf = mkOverride 500 false; + services.openssh.startWhenNeeded = mkOverride 500 false; + + # Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host + systemd.services.networking-setup = { + description = "Load network configuration provided by the vpsAdminOS host"; + before = [ "network.target" ]; + wantedBy = [ "network.target" ]; + after = [ "network-pre.target" ]; + path = [ pkgs.iproute ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.bash}/bin/bash /ifcfg.add"; + ExecStop = "${pkgs.bash}/bin/bash /ifcfg.del"; + }; + unitConfig.ConditionPathExists = "/ifcfg.add"; + }; +} |