weee

common/_containers/forgejo.nix

@@ -7,8 +7,11 @@ let
   name = "forgejo";
 
   hostDataDir = "/var/lib/${name}";
+  hostAddress = "10.0.0.1";
+  containerAddress = "10.0.0.2";
   hostAddress6 = "fc00::1";
   containerAddress6 = "fc00::2";
+  hostBridge = "br0";
 
   binds = [
     # Postgres data, must use postgres user in container and host
@@ -80,6 +83,8 @@ in
     ephemeral = true;
     autoStart = true;
     privateNetwork = true;
+    hostAddress = hostAddress;
+    localAddress = containerAddress;
     hostAddress6 = hostAddress6;
     localAddress6 = containerAddress6;
     bindMounts = lib.foldl (
@@ -100,13 +105,15 @@ in
         networking = {
           firewall = {
             enable = true;
-            allowedTCPPorts = [ 3000 3032 ];
+            allowedTCPPorts = [
+              3000
+              3032
+            ];
           };
           # Use systemd-resolved inside the container
           # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
           useHostResolvConf = lib.mkForce false;
         };
-
         services.resolved.enable = true;
 
         # Ensure users exist on container
@@ -163,6 +170,8 @@ in
               DISABLE_ORGANIZATIONS_PAGE = true;
             };
             repository = {
+              # ENABLE_PUSH_CREATE_USER = true;
+              # ENABLE_PUSH_CREATE_ORG = true;
               DISABLE_STARS = true;
               DEFAULT_PRIVATE = "private";
             };
@@ -175,6 +184,10 @@ in
               SHOW_FOOTER_VERSION = false;
               SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
             };
+            migrations = {
+              ALLOWED_DOMAINS = "*.github.com,github.com";
+              ALLOW_LOCALNETWORKS = true;
+            };
           };
         };
       };

common/general/shell/common.nix

@@ -40,7 +40,7 @@ with lib;
       date_short = "date +'%Y-%m-%d'";
       ls = "ls --color -Gah";
       ll = "ls --color -Galh";
-      lss = "du --max-depth=0 -h * 2>/dev/null | sort -hr";
+      lss = "du --max-depth=0 -h {.,}* 2>/dev/null | sort -hr";
       psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep";
       cl = "clear";
 

hosts/lio/containers.nix

@@ -16,10 +16,15 @@
 
   config = {
     ## Give internet access
-    networking.nat.enable = true;
-    networking.nat.internalInterfaces = [ "ve-*" ];
-    networking.nat.externalInterface = "ens3";
-    networking.nat.enableIPv6 = true;
+    networking = {
+      nat = {
+        enable = true;
+        internalInterfaces = [ "ve-*" ];
+        externalInterface = "eno1";
+        enableIPv6 = true;
+      };
+      firewall.trustedInterfaces = [ "ve-*" ];
+    };
 
     # mathesar
     # services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3";

hosts/lio/flake.lock

@@ -32,7 +32,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-fpl7kTl/r442RV8N8ut08UclEQR1wUs2G+gk4/S71pA=",
+        "narHash": "sha256-PLiddkpkHZxcS8MiVlI8k3rbBWNqDb0mrHWdRvadANI=",
         "path": "../../common",
         "type": "path"
       },