configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

lxc-container.nix 1.9KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
  1. { pkgs, lib, modulesPath, ... }:
  2. {
  3. imports = [
  4. (modulesPath + "/profiles/minimal.nix")
  5. (modulesPath + "/profiles/docker-container.nix")
  6. ];
  7. networking.networkmanager.dns = "unbound";
  8. networking.useHostResolvConf = false;
  9. nix.useSandbox = false;
  10. nix.maxJobs = lib.mkDefault 1;
  11. nix.buildCores = lib.mkDefault 4;
  12. networking.useNetworkd = true;
  13. networking.useDHCP = false;
  14. services.resolved.enable = false;
  15. networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
  16. networking.interfaces.eth0 = {
  17. useDHCP = false;
  18. preferTempAddress = false;
  19. };
  20. systemd.network.networks."40-eth0" = {
  21. networkConfig = {
  22. IPv6AcceptRA = true;
  23. LinkLocalAddressing = "ipv6";
  24. };
  25. };
  26. boot.isContainer = true;
  27. # /sbin/init
  28. boot.loader.initScript.enable = true;
  29. boot.loader.grub.enable = false;
  30. # Create a few files early before packing tarball for Proxmox
  31. # architecture/OS detection.
  32. system.extraSystemBuilderCmds =
  33. ''
  34. mkdir -m 0755 -p $out/bin
  35. ln -s ${pkgs.bash}/bin/bash $out/bin/sh
  36. mkdir -m 0755 -p $out/sbin
  37. ln -s ../init $out/sbin/init
  38. '';
  39. fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
  40. # add central logging
  41. services.journalbeat = {
  42. enable = true;
  43. tags = [ "container" ];
  44. extraConfig = ''
  45. journalbeat:
  46. seek_position: cursor
  47. cursor_seek_fallback: tail
  48. write_cursor_state: true
  49. cursor_flush_period: 5s
  50. clean_field_names: true
  51. convert_to_numbers: false
  52. move_metadata_to_field: journal
  53. default_type: journal
  54. kernel: true
  55. output.logstash:
  56. # Boolean flag to enable or disable the output module.
  57. enabled: true
  58. hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
  59. '';
  60. };
  61. # Required for remote deployment
  62. services.openssh.enable = true;
  63. }