99 lines
2.5 KiB
Nix
99 lines
2.5 KiB
Nix
# ============================================================================
|
|
# USDA Dashboard External System Module
|
|
# ============================================================================
|
|
# External system configuration for usda-dash
|
|
#
|
|
# USAGE FROM ATHENIX:
|
|
#
|
|
# 1. Add required flake inputs in athenix/flake.nix:
|
|
#
|
|
# inputs.usda-vision = {
|
|
# url = "git+https://git.factory.uga.edu/MODEL/usda-vision.git";
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
# };
|
|
#
|
|
# 2. Pass inputs to modules via specialArgs:
|
|
#
|
|
# nixosConfigurations.proxmox-usda-dash = nixpkgs.lib.nixosSystem {
|
|
# specialArgs = { inherit inputs; };
|
|
# modules = [
|
|
# ./path/to/usda-dash-config/default.nix
|
|
# ];
|
|
# };
|
|
#
|
|
# 3. Configure secrets in athenix:
|
|
#
|
|
# age.secrets.usda-vision-env.file = ./secrets/usda-vision/env.age;
|
|
|
|
{ inputs, ... }:
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Import the usda-vision NixOS module
|
|
inputs.usda-vision.nixosModules.default
|
|
];
|
|
|
|
config = {
|
|
# Enable and configure usda-vision
|
|
services.usda-vision = {
|
|
enable = true;
|
|
package = inputs.usda-vision.packages.${pkgs.system};
|
|
hostname = "192.168.1.156";
|
|
replaceHostnames = true;
|
|
envFile = config.age.secrets.usda-vision-env.path or null;
|
|
};
|
|
|
|
# Nix configuration for LXC container
|
|
nix.settings = {
|
|
sandbox = false;
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
};
|
|
|
|
# LXC-specific settings for nested containers
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_forward" = 1;
|
|
"net.ipv4.conf.all.forwarding" = 1;
|
|
};
|
|
|
|
# Configure users
|
|
athenix.users.sv22900.enable = true;
|
|
users.users.sv22900.extraGroups = [ "docker" ];
|
|
users.users.engr-ugaif.extraGroups = [ "docker" ];
|
|
|
|
# Additional system packages
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
vim
|
|
htop
|
|
curl
|
|
wget
|
|
nfs-utils
|
|
];
|
|
|
|
# NFS mount
|
|
services.rpcbind.enable = true;
|
|
fileSystems."/mnt/nfs_share" = {
|
|
device = "192.168.1.249:/mnt/nfs_share";
|
|
fsType = "nfs";
|
|
options = [ "nfsvers=4" "rw" "soft" "_netdev" ];
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /mnt/nfs_share 0755 root root -"
|
|
];
|
|
|
|
# Firewall configuration
|
|
networking.firewall = {
|
|
enable = false;
|
|
allowedTCPPorts = [
|
|
80 443 3000 3001 3002 3003 4000
|
|
54321 54322 54323 54324 54327
|
|
8000 8025 8090 8189 8554 8889
|
|
];
|
|
allowedUDPPorts = [ 3956 ];
|
|
allowPing = true;
|
|
};
|
|
};
|
|
}
|