updates

hosts/olympus/bastion/containers/common.nix

@@ -9,3 +9,4 @@
 
   system.stateVersion = lib.mkDefault "24.05";
 }
+

hosts/olympus/bastion/containers/default.nix

@@ -1,42 +1,82 @@
-{ config, lib, inputs, ... }:
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
 let
   hostAddress = "10.42.99.1";
   hostAddress6 = "fc00::1";
-in {
+in
+{
   networking.nat = {
     enable = true;
     internalInterfaces = [ "ve-+" ];
     externalInterface = "ens18";
     # Lazy IPv6 connectivity for the container
     enableIPv6 = true;
-
-    forwardPorts = [
-
-    ];
   };
 
+  networking.firewall.allowedTCPPorts = [
+    8384
+    22000
+  ];
+  networking.firewall.allowedUDPPorts = [
+    22000
+    21027
+  ];
+
   # Containers network is
   # * 10.42.99.0/24
   # * fc00:x
 
+  users.groups.backup = {
+    gid = 10000;
+    members = [ "vivian" ];
+  };
+
   containers = {
-    dns = {
+    syncthing = {
       autoStart = true;
       inherit hostAddress hostAddress6;
       localAddress = "10.42.99.2";
       localAddress6 = "fc00::2";
 
-      specialArgs = { inherit inputs; };
+      forwardPorts = [
+        {
+          containerPort = 8384;
+          hostPort = 8384;
+          protocol = "tcp";
+        }
+      ];
 
-      config = {pkgs, ...}: {
-        imports = [
-          ./common.nix
-          # ./dns.nix
-          inputs.home-manager.nixosModules.home-manager
-          inputs.gnome-autounlock-keyring.nixosModules.default
-          inputs.catppuccin.nixosModules.catppuccin
-        ];
+      bindMounts = {
+        "/data" = {
+          hostPath = "/mnt/backup";
+          isReadOnly = false;
+        };
       };
+
+      specialArgs = {
+        inherit inputs;
+      };
+
+      config =
+        { pkgs, ... }:
+        {
+          users.groups.backup = {
+            gid = 10000;
+            members = [ "syncthing" ];
+          };
+
+          imports = [
+            ./common.nix
+            ./syncthing.nix
+            inputs.home-manager.nixosModules.home-manager
+            inputs.gnome-autounlock-keyring.nixosModules.default
+            inputs.catppuccin.nixosModules.catppuccin
+          ];
+        };
     };
   };
 }

hosts/olympus/bastion/containers/syncthing.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  services.syncthing = {
+    enable = true;
+    openDefaultPorts = true;
+    guiAddress = "0.0.0.0:8384";
+  };
+}

hosts/olympus/bastion/default.nix

@@ -19,6 +19,13 @@
     mac = "82:F0:7C:CB:BD:6D";
   };
 
+  services.scrutiny = {
+    enable = true;
+    openFirewall = true;
+    influxdb.enable = true;
+    collector.enable = false;
+  };
+
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";