flakes/containers/citrine/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    catppuccin.url = "github:catppuccin/nix";
  };
  outputs = { nixpkgs, catppuccin, ... }:
  let
    name = "citrine";
    fqdn = "garden.lava.moe";
    subnetId = "3";

    subnet = x: "fd0d:1::${subnetId}:${toString x}";
    host = subnet 1;
    client = subnet 2;

    subnet4 = x: "10.30.${subnetId}.${toString x}";
    host4 = subnet4 1;
    client4 = subnet4 2;

    modules = [
      ./configuration.nix
      catppuccin.nixosModules.catppuccin
      {
        networking.useHostResolvConf = false;
        networking.nameservers = [ host ];
      }
    ];
  in {
    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
      inherit modules;
    };
    nixosModule = { ... }: {
      networking.nat = {
        enable = true;
        enableIPv6 = true;
        internalInterfaces = [ "ve-${name}" ];
      };

      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:3000";
      };

      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
      containers.${name} = {
        autoStart = true;
        privateNetwork = true;
        hostAddress = host4;
        localAddress = client4;
        hostAddress6 = host;
        localAddress6 = client;
        # privateUsers = "pick";
        nixpkgs = nixpkgs;
        ephemeral = true;
        config = { imports = modules; };
        specialArgs = { inherit fqdn; };

        bindMounts."persist" = {
          hostPath = "/persist/containers/${name}";
          mountPoint = "/persist";
          isReadOnly = false;
        };
        # flake = "path:" + ./.;
      };
    };
  };
}
containers/citrine: init 2026-03-16 00:48:51 +11:00			`{`
			`inputs = {`
			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";`
containers/citrine: catppuccin theming 2026-03-16 02:32:09 +11:00			`catppuccin.url = "github:catppuccin/nix";`
containers/citrine: init 2026-03-16 00:48:51 +11:00			`};`
containers/citrine: catppuccin theming 2026-03-16 02:32:09 +11:00			`outputs = { nixpkgs, catppuccin, ... }:`
			`let`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`name = "citrine";`
containers: clean up domain names 2026-03-17 17:01:15 +11:00			`fqdn = "garden.lava.moe";`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`subnetId = "3";`
containers/citrine: enable ipv4 bc ipv6 is broken and i cba :sob: 2026-03-16 16:31:58 +11:00
containers/citrine: oops 2026-03-16 16:25:25 +11:00			`subnet = x: "fd0d:1::${subnetId}:${toString x}";`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`host = subnet 1;`
			`client = subnet 2;`

containers/citrine: enable ipv4 bc ipv6 is broken and i cba :sob: 2026-03-16 16:31:58 +11:00			`subnet4 = x: "10.30.${subnetId}.${toString x}";`
			`host4 = subnet4 1;`
			`client4 = subnet4 2;`

containers/citrine: catppuccin theming 2026-03-16 02:32:09 +11:00			`modules = [`
			`./configuration.nix`
			`catppuccin.nixosModules.catppuccin`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`{`
			`networking.useHostResolvConf = false;`
			`networking.nameservers = [ host ];`
			`}`
containers/citrine: catppuccin theming 2026-03-16 02:32:09 +11:00			`];`
			`in {`
containers/citrine: init 2026-03-16 00:48:51 +11:00			`nixosConfigurations.container = nixpkgs.lib.nixosSystem {`
containers/citrine: catppuccin theming 2026-03-16 02:32:09 +11:00			`inherit modules;`
containers/citrine: init 2026-03-16 00:48:51 +11:00			`};`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`nixosModule = { ... }: {`
containers/citrine: enable nat 2026-03-16 16:18:41 +11:00			`networking.nat = {`
			`enable = true;`
			`enableIPv6 = true;`
			`internalInterfaces = [ "ve-${name}" ];`
			`};`

containers: clean up domain names 2026-03-17 17:01:15 +11:00			`services.nginx.virtualHosts."${fqdn}" = {`
containers/citrine: init 2026-03-16 00:48:51 +11:00			`useACMEHost = "lava.moe";`
			`forceSSL = true;`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`locations."/".proxyPass = "http://[${client}]:3000";`
containers/citrine: init 2026-03-16 00:48:51 +11:00			`};`

			`systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];`
			`containers.${name} = {`
			`autoStart = true;`
			`privateNetwork = true;`
containers/citrine: enable ipv4 bc ipv6 is broken and i cba :sob: 2026-03-16 16:31:58 +11:00			`hostAddress = host4;`
			`localAddress = client4;`
containers/citrine: refactor networking and use proper nameservers 2026-03-16 16:24:12 +11:00			`hostAddress6 = host;`
			`localAddress6 = client;`
containers/citrine: init 2026-03-16 00:48:51 +11:00			`# privateUsers = "pick";`
			`nixpkgs = nixpkgs;`
			`ephemeral = true;`
containers/citrine: catppuccin theming 2026-03-16 02:32:09 +11:00			`config = { imports = modules; };`
containers: clean up domain names 2026-03-17 17:01:15 +11:00			`specialArgs = { inherit fqdn; };`
containers/citrine: init 2026-03-16 00:48:51 +11:00
			`bindMounts."persist" = {`
			`hostPath = "/persist/containers/${name}";`
			`mountPoint = "/persist";`
			`isReadOnly = false;`
			`};`
			`# flake = "path:" + ./.;`
			`};`
			`};`
			`};`
			`}`