Initial conduit container setup

2025-03-27 02:13:19 -04:00 · 2025-03-27 02:13:19 -04:00 · 8dfd30b333
commit 8dfd30b333
parent 8b165b7a60
3 changed files with 67 additions and 4 deletions
--- a/nixos/machines/driftwood/configuration.nix
+++ b/nixos/machines/driftwood/configuration.nix
@ -1,10 +1,12 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
@ -15,6 +17,25 @@
  i18n.defaultLocale = "en_US.UTF-8";

  system.stateVersion = "24.11"; # Did you read the comment?
+  networking.nat = {
+    enable = true;
+    internalInterfaces = ["ve-+"];
+    externalInterface = "enp5s0f0";
+    # Lazy IPv6 connectivity for the container
+    enableIPv6 = true;
+  };

+  # Nginx configuration
+  # Configure automated TLS acquisition/renewal
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "admin@stranger.systems";
+    };
+  };
+
+  # ACME data must be readable by the NGINX user
+  # users.users.nginx.extraGroups = [
+  #   "acme"
+  # ];
 }
-
--- a/nixos/machines/driftwood/containers/conduit.nix
+++ b/nixos/machines/driftwood/containers/conduit.nix
@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  containers.conduit = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+    hostAddress6 = "fc00::1";
+    localAddress6 = "fc00::2";
+    bindMounts = {
+      "/var/lib/" = {
+        hostPath = "/var/containers/conduit";
+        isReadOnly = false;
+      };
+    };
+    config = {
+      config,
+      lib,
+      pkgs,
+      ...
+    }: {
+      # Conduit proper
+      services.matrix-conduit = {
+        enable = true;
+        settings.global = {
+          server_name = "stranger.systems";
+          allow_registration = false;
+          port = 6167;
+        };
+      };
+      # Open the port
+      networking.firewall.allowedTCPPorts = [6167];
+
+      system.stateVersion = "24.11";
+    };
+  };
+}
--- a/nixos/machines/driftwood/machine.nix
+++ b/nixos/machines/driftwood/machine.nix
@ -38,6 +38,7 @@
                  mutableUsers = false;
                })
                (import ../../modules/ssh.nix)
+                (import ./containers/conduit.nix)
              ];

              nix.settings.experimental-features = [