mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
38 lines
1 KiB
Nix
38 lines
1 KiB
Nix
{
|
|
config,
|
|
systemConfig,
|
|
gensokyo-zone,
|
|
lib,
|
|
meta,
|
|
...
|
|
}: let
|
|
inherit (gensokyo-zone.lib) unmerged;
|
|
inherit (lib.modules) mkIf mkMerge;
|
|
inherit (lib.attrsets) mapAttrsToList;
|
|
inherit (systemConfig) proxmox;
|
|
in {
|
|
imports = let
|
|
inherit (meta) nixos;
|
|
in [
|
|
nixos.hw.proxmox
|
|
];
|
|
|
|
proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true;
|
|
|
|
systemd.network = mkIf proxmox.enabled (mkMerge (mapAttrsToList (_: interface:
|
|
mkIf (interface.enable && interface.networkd.enable) {
|
|
networks.${interface.networkd.name} = unmerged.mergeAttrs interface.networkd.networkSettings;
|
|
})
|
|
proxmox.network.interfaces));
|
|
|
|
networking.firewall.interfaces = let
|
|
inherit (proxmox.network) internal;
|
|
intConditions = ["iifname ${internal.interface.name}"];
|
|
in
|
|
mkIf (internal.interface != null) {
|
|
lan.nftables.conditions = intConditions;
|
|
local.nftables.conditions = intConditions;
|
|
};
|
|
|
|
image.baseName = "${systemConfig.name}-${config.system.nixos.label}-proxmox";
|
|
}
|