81 lines
1.5 KiB
Nix
Executable File
81 lines
1.5 KiB
Nix
Executable File
{ namespace
|
|
, lib
|
|
, modulesPath
|
|
, ...
|
|
}:
|
|
let
|
|
inherit (lib.${namespace}) enabled;
|
|
in
|
|
{
|
|
imports = [
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
];
|
|
|
|
system.stateVersion = "25.11";
|
|
time.timeZone = "America/New_York";
|
|
|
|
programs.nix-ld.enable = true;
|
|
|
|
# System Config
|
|
reichard = {
|
|
nix = enabled;
|
|
|
|
system = {
|
|
boot = {
|
|
enable = true;
|
|
silentBoot = true;
|
|
};
|
|
|
|
disk = {
|
|
enable = true;
|
|
diskPath = "/dev/vda";
|
|
};
|
|
|
|
networking = {
|
|
enable = true;
|
|
useStatic = {
|
|
interface = "enp0s1";
|
|
address = "192.168.64.3";
|
|
defaultGateway = "192.168.64.1";
|
|
nameservers = [ "192.168.64.1" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
services = {
|
|
openssh = enabled;
|
|
mosh = enabled;
|
|
};
|
|
|
|
virtualisation = {
|
|
podman = enabled;
|
|
};
|
|
};
|
|
|
|
# Trust Interface & NAT All Ports
|
|
networking = {
|
|
firewall.trustedInterfaces = [ "enp0s1" ];
|
|
nftables.enable = true;
|
|
nftables.ruleset = ''
|
|
table ip nat {
|
|
chain prerouting {
|
|
type nat hook prerouting priority dstnat; policy accept;
|
|
iifname "enp0s1" meta l4proto tcp dnat ip to 127.0.0.1
|
|
iifname "enp0s1" meta l4proto udp dnat ip to 127.0.0.1
|
|
}
|
|
}
|
|
'';
|
|
};
|
|
|
|
# Allow NAT
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.conf.all.route_localnet" = 1;
|
|
};
|
|
|
|
fileSystems."/mnt/host-share" = {
|
|
device = "share";
|
|
fsType = "virtiofs";
|
|
options = [ "defaults" ];
|
|
};
|
|
}
|