diff --git a/flake.lock b/flake.lock index a1b2957f..2cd07f44 100644 --- a/flake.lock +++ b/flake.lock @@ -462,11 +462,11 @@ ] }, "locked": { - "lastModified": 1651866459, - "narHash": "sha256-3meISPND17bqm20wRKBK8ZF8AauHLJ7s3dRW2Pps2eE=", + "lastModified": 1653693749, + "narHash": "sha256-xUhR5spPie631lbhYuWaj8C/7pLyG2ECnsM+qiVSYhc=", "ref": "master", - "rev": "398eccd4ba7589ca901281ffa38ae131d35c4ae8", - "revCount": 125, + "rev": "e1070cfa48be3269e9bac87d7edd59399c1afc2b", + "revCount": 127, "type": "git", "url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git" }, diff --git a/hosts/containers/oparl/default.nix b/hosts/containers/oparl/default.nix index 1d6c21d3..f99322c7 100644 --- a/hosts/containers/oparl/default.nix +++ b/hosts/containers/oparl/default.nix @@ -6,6 +6,9 @@ let rev = "oparl"; sha256 = "sha256-KicEjx0WlKTyFng1WSdYmS9Wd8RVKUxCJrVi9aHa1eg="; }) { inherit pkgs; }; + + netConfig = zentralwerk.lib.config.site.net.serv; + in { microvm = { @@ -34,22 +37,26 @@ in networking.hostName = "oparl"; + networking.useDHCP = false; networking.interfaces.eth0 = { useDHCP = false; - ipv4.addresses = - let - netConfig = zentralwerk.lib.config.site.net.serv; - in [ { - address = netConfig.hosts4.${config.networking.hostName}; - prefixLength = netConfig.subnet4Len; - } ]; + ipv4.addresses = [ { + address = netConfig.hosts4.${config.networking.hostName}; + prefixLength = netConfig.subnet4Len; + } ]; }; + networking.nameservers = [ + netConfig.hosts4.dnscache "9.9.9.9" + ]; users.users.oparl = { isNormalUser = true; group = "oparl"; }; users.groups.oparl = {}; + systemd.tmpfiles.rules = [ + "${config.users.users.oparl.home}/.ssh/id_ed25519 0400 oparl oparl - ${config.sops.secrets."users/oparl/id_ed25519".path}" + ]; systemd.services.oparl-scraper = { wantedBy = [ "multi-user.target" ];