{ hostRegistry, config, pkgs, lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/docker-container.nix") ]; boot = { isContainer = true; loader = { grub.enable = false; # /sbin/init initScript.enable = true; }; }; environment.etc."resolv.conf".text = lib.concatMapStrings (ns: '' nameserver ${ns} '') config.networking.nameservers; fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; }; nix = { useSandbox = false; maxJobs = lib.mkDefault 1; buildCores = lib.mkDefault 4; }; networking = { interfaces.eth0 = { useDHCP = false; tempAddress = "disabled"; }; nameservers = with hostRegistry.hosts.dnscache; [ ip4 ip6 "9.9.9.9" ]; networkmanager.dns = "unbound"; useDHCP = false; useHostResolvConf = false; useNetworkd = true; }; services = { journalbeat = { enable = false; tags = [ "container" ]; extraConfig = '' journalbeat.inputs: # Paths that should be crawled and fetched. Possible values files and directories. # When setting a directory, all journals under it are merged. # When empty starts to read from local journal. - paths: [] journalbeat: seek_position: cursor cursor_seek_fallback: tail write_cursor_state: true cursor_flush_period: 5s clean_field_names: true convert_to_numbers: false move_metadata_to_field: journal default_type: journal kernel: true output.logstash: # Boolean flag to enable or disable the output module. enabled: true hosts: ["${config.c3d2.hosts.logging.ip4}:5044"] ''; }; # Required for remote deployment openssh.enable = true; resolved.enable = false; }; # Create a few files early before packing tarball for Proxmox architecture/OS detection. system.extraSystemBuilderCmds = '' mkdir -m 0755 -p $out/bin ln -s ${pkgs.bash}/bin/bash $out/bin/sh mkdir -m 0755 -p $out/sbin ln -s ../init $out/sbin/init ''; systemd.network.networks."40-eth0".networkConfig = { IPv6AcceptRA = true; LinkLocalAddressing = "ipv6"; }; }