mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-10 04:49:19 -08:00
61 lines
1.1 KiB
Nix
61 lines
1.1 KiB
Nix
{
|
|
meta,
|
|
...
|
|
}: {
|
|
imports = let
|
|
inherit (meta) nixos;
|
|
in [
|
|
nixos.sops
|
|
nixos.base
|
|
nixos.reisen-ct
|
|
nixos.tailscale
|
|
nixos.github-runner.zone
|
|
];
|
|
|
|
nix.gc = {
|
|
dates = "monthly";
|
|
options = "--delete-older-than 30d";
|
|
};
|
|
|
|
services.github-runner-zone = {
|
|
count = 16;
|
|
networkNamespace.name = "ns1";
|
|
};
|
|
|
|
networking.namespaces.ns1 = {
|
|
dhcpcd.enable = true;
|
|
nftables = {
|
|
enable = true;
|
|
rejectLocaladdrs = true;
|
|
serviceSettings = rec {
|
|
wants = [ "localaddrs.service" ];
|
|
after = wants;
|
|
};
|
|
};
|
|
interfaces.eth1 = { };
|
|
};
|
|
systemd.network.networks.eth0 = {
|
|
name = "eth0";
|
|
matchConfig = {
|
|
MACAddress = "BC:24:11:C4:66:A9";
|
|
Type = "ether";
|
|
};
|
|
address = ["10.1.1.47/24"];
|
|
gateway = ["10.1.1.1"];
|
|
DHCP = "no";
|
|
};
|
|
systemd.network.networks.eth1 = {
|
|
name = "eth1";
|
|
matchConfig = {
|
|
MACAddress = "BC:24:11:C4:66:AA";
|
|
Type = "ether";
|
|
};
|
|
DHCP = "no";
|
|
slaac.enable = false;
|
|
mdns.enable = false;
|
|
};
|
|
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|