From e671f877d9a07907d07bd3dfdad581aa09c057fc Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Mon, 28 Apr 2025 18:02:45 -0500 Subject: [PATCH] weee --- common/_containers/forgejo.nix | 17 +++++++++++++++-- common/general/shell/common.nix | 2 +- hosts/lio/containers.nix | 13 +++++++++---- hosts/lio/flake.lock | 2 +- 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/common/_containers/forgejo.nix b/common/_containers/forgejo.nix index 21c0df3..8ca1b3c 100644 --- a/common/_containers/forgejo.nix +++ b/common/_containers/forgejo.nix @@ -7,8 +7,11 @@ let name = "forgejo"; hostDataDir = "/var/lib/${name}"; + hostAddress = "10.0.0.1"; + containerAddress = "10.0.0.2"; hostAddress6 = "fc00::1"; containerAddress6 = "fc00::2"; + hostBridge = "br0"; binds = [ # Postgres data, must use postgres user in container and host @@ -80,6 +83,8 @@ in ephemeral = true; autoStart = true; privateNetwork = true; + hostAddress = hostAddress; + localAddress = containerAddress; hostAddress6 = hostAddress6; localAddress6 = containerAddress6; bindMounts = lib.foldl ( @@ -100,13 +105,15 @@ in networking = { firewall = { enable = true; - allowedTCPPorts = [ 3000 3032 ]; + allowedTCPPorts = [ + 3000 + 3032 + ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; - services.resolved.enable = true; # Ensure users exist on container @@ -163,6 +170,8 @@ in DISABLE_ORGANIZATIONS_PAGE = true; }; repository = { + # ENABLE_PUSH_CREATE_USER = true; + # ENABLE_PUSH_CREATE_ORG = true; DISABLE_STARS = true; DEFAULT_PRIVATE = "private"; }; @@ -175,6 +184,10 @@ in SHOW_FOOTER_VERSION = false; SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; }; + migrations = { + ALLOWED_DOMAINS = "*.github.com,github.com"; + ALLOW_LOCALNETWORKS = true; + }; }; }; }; diff --git a/common/general/shell/common.nix b/common/general/shell/common.nix index 3a290b0..4a69442 100644 --- a/common/general/shell/common.nix +++ b/common/general/shell/common.nix @@ -40,7 +40,7 @@ with lib; date_short = "date +'%Y-%m-%d'"; ls = "ls --color -Gah"; ll = "ls --color -Galh"; - lss = "du --max-depth=0 -h * 2>/dev/null | sort -hr"; + lss = "du --max-depth=0 -h {.,}* 2>/dev/null | sort -hr"; psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep"; cl = "clear"; diff --git a/hosts/lio/containers.nix b/hosts/lio/containers.nix index 715493f..d22ca25 100644 --- a/hosts/lio/containers.nix +++ b/hosts/lio/containers.nix @@ -16,10 +16,15 @@ config = { ## Give internet access - networking.nat.enable = true; - networking.nat.internalInterfaces = [ "ve-*" ]; - networking.nat.externalInterface = "ens3"; - networking.nat.enableIPv6 = true; + networking = { + nat = { + enable = true; + internalInterfaces = [ "ve-*" ]; + externalInterface = "eno1"; + enableIPv6 = true; + }; + firewall.trustedInterfaces = [ "ve-*" ]; + }; # mathesar # services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3"; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 90500fc..5a7dc78 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -32,7 +32,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-fpl7kTl/r442RV8N8ut08UclEQR1wUs2G+gk4/S71pA=", + "narHash": "sha256-PLiddkpkHZxcS8MiVlI8k3rbBWNqDb0mrHWdRvadANI=", "path": "../../common", "type": "path" },