quakeflake/nixos-modules/container.nix

{ pkgs, ... }:
{
  # system
  boot = {
    isContainer = true;
    tmpOnTmpfs = true;
  };
  nix = {
    extraOptions = "experimental-features = nix-command flakes";
    package = pkgs.nixUnstable;
  };
  system.stateVersion = "21.11";

  # network
  networking.useDHCP = false;
  systemd.network.enable = false;
  services.resolved.enable = false;
  networking.firewall.allowedTCPPorts = [ 22 ];
  services.openssh = {
    startWhenNeeded = true;
    permitRootLogin = "prohibit-password";
  };
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../astro.pub
  ];

  environment.noXlibs = false;
  environment.systemPackages = with pkgs; [
    git tcpdump
  ];
}
PoC 2021-12-02 01:59:44 +01:00			`{ pkgs, ... }:`
			`{`
			`# system`
			`boot = {`
			`isContainer = true;`
			`tmpOnTmpfs = true;`
			`};`
			`nix = {`
			`extraOptions = "experimental-features = nix-command flakes";`
			`package = pkgs.nixUnstable;`
			`};`
			`system.stateVersion = "21.11";`

			`# network`
			`networking.useDHCP = false;`
			`systemd.network.enable = false;`
			`services.resolved.enable = false;`
enable ssh for quicker deployment 2021-12-02 02:43:25 +01:00			`networking.firewall.allowedTCPPorts = [ 22 ];`
PoC 2021-12-02 01:59:44 +01:00			`services.openssh = {`
enable ssh for quicker deployment 2021-12-02 02:43:25 +01:00			`startWhenNeeded = true;`
			`permitRootLogin = "prohibit-password";`
PoC 2021-12-02 01:59:44 +01:00			`};`
enable ssh for quicker deployment 2021-12-02 02:43:25 +01:00			`users.users.root.openssh.authorizedKeys.keyFiles = [`
			`../astro.pub`
			`];`
PoC 2021-12-02 01:59:44 +01:00
			`environment.noXlibs = false;`
			`environment.systemPackages = with pkgs; [`
			`git tcpdump`
			`];`
			`}`