| { |
| networking.nat = { |
| enable = true; |
| internalInterfaces = ["ve-aux-wikijs"]; |
| externalInterface = "enp1s0"; |
| }; |
| |
| containers.aux-wikijs = { |
| autoStart = true; |
| privateNetwork = true; |
| |
| hostAddress = "10.0.101.1"; |
| localAddress = "10.0.101.2"; |
| |
| config = { config, pkgs, lib, ... }: { |
| services.wiki-js = { |
| enable = true; |
| |
| settings = { |
| bindIP = "0.0.0.0"; |
| port = 1024; |
| |
| db = { |
| host = "127.0.0.1"; |
| user = "wiki"; |
| pass = "internalonly"; |
| }; |
| }; |
| }; |
| |
| system.stateVersion = "22.11"; |
| |
| services.postgresql = { |
| enable = true; |
| ensureDatabases = [ |
| "wiki" |
| ]; |
| ensureUsers = [ |
| { |
| name = "wiki"; |
| ensureDBOwnership = true; |
| } |
| ]; |
| }; |
| |
| systemd.services.postgresql.postStart = '' |
| $PSQL -tAc "ALTER USER wiki PASSWORD 'internalonly';" |
| ''; |
| |
| networking = { |
| firewall = { |
| enable = true; |
| allowedTCPPorts = [ 1024 ]; |
| }; |
| # Use systemd-resolved inside the container |
| # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 |
| useHostResolvConf = lib.mkForce false; |
| |
| nameservers = [ "1.1.1.1" "1.0.0.1" ]; |
| }; |
| }; |
| }; |
| } |