diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix new file mode 100644 index 0000000..90cdb0d --- /dev/null +++ b/containers/citrine/configuration.nix @@ -0,0 +1,19 @@ +{ ... }: { + system.stateVersion = "25.11"; + networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedUDPPorts = [ 3000 ]; + + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "garden.lava.moe"; + ROOT_URL = "https://garden.lava.moe/"; + HTTP_PORT = 3000; + }; + service.DISABLE_REGISTRATION = false; + }; + stateDir = "/persist/forgejo"; + }; +} diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/citrine/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix new file mode 100644 index 0000000..bd6ccdf --- /dev/null +++ b/containers/citrine/flake.nix @@ -0,0 +1,48 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: + let + name = "citrine"; + subnet = "3"; + in { + # networking.nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-${name}" ]; + # }; + + services.nginx.virtualHosts."garden.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:3000"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 3099d30..cd62ccb 100644 --- a/flake.lock +++ b/flake.lock @@ -71,6 +71,20 @@ }, "parent": [] }, + "c-citrine": { + "inputs": { + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "path": "./containers/citrine", + "type": "path" + }, + "original": { + "path": "./containers/citrine", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -458,7 +472,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1770778188, @@ -590,6 +604,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -605,7 +635,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -621,7 +651,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -679,7 +709,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -741,6 +771,7 @@ "agenix": "agenix", "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", + "c-citrine": "c-citrine", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -749,7 +780,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 407c4fa..f8866db 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,7 @@ # containers c-amethyst.url = "path:./containers/amethyst"; c-beryllium.url = "path:./containers/beryllium"; + c-citrine.url = "path:./containers/citrine"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..367e975 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,6 +37,8 @@ ../../users/rin modules.services.syncthing + + inputs.c-citrine.nixosModule ]; me = {