demo nixos-containers

2023-12-30 14:47:12 +01:00 · 2023-12-30 14:47:12 +01:00 · ee41777c7e
commit ee41777c7e
parent 592537fb63
5 changed files with 62 additions and 16 deletions
--- a/nixos/hosts/olympus/bastion/containers/default.nix
+++ b/nixos/hosts/olympus/bastion/containers/default.nix
@ -0,0 +1,30 @@
+{ lib, ... }: {
+  # TODO: Loop over subdirs, create nixos container for each
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "ens18";
+    # Lazy IPv6 connectivity for the container
+    enableIPv6 = true;
+  };
+
+  # Containers network is
+  # * 10.42.99.0/24
+  # * fc00:x
+
+  containers.monitoring = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "10.42.99.1";
+    localAddress = "10.42.99.2";
+    hostAddress6 = "fc00::1";
+    localAddress6 = "fc00::2";
+
+    config = {
+      imports = [ ./monitoring ];
+      # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+      networking.useHostResolvConf = lib.mkForce false;
+      services.resolved.enable = true;
+    };
+  };
+}
--- a/nixos/hosts/olympus/bastion/containers/monitoring/default.nix
+++ b/nixos/hosts/olympus/bastion/containers/monitoring/default.nix
@ -0,0 +1,5 @@
+{ ... }: {
+  imports = [
+    ./grafana.nix
+  ];
+}
--- a/nixos/hosts/olympus/bastion/containers/monitoring/grafana.nix
+++ b/nixos/hosts/olympus/bastion/containers/monitoring/grafana.nix
@ -0,0 +1,10 @@
+{ config, pkgs, ... }: {
+  services.grafana = {
+    enable = true;
+    domain = "grafana.olympus";
+    port = 80;
+    addr = "0.0.0.0";
+  };
+
+  networking.firewall.allowedTCPPorts = [ config.services.grafana.port ];
+}