this removes usage of the nftnat module by rendering it into a static
nftables config. It's a no-op (modulo /etc/haccfiles) as far as nix is
concerned, hence the slightly off-putting whitespace of the multi-line
string.
This seems to me to be a better approach than just bundling the module,
since we only use it for two things (giving the containers network
access & forwarding port 22 to forgejo), which to me doesn't press for
using a custom module we can't really maintain on our own.
the bind mount module has been tweaked in a couple ways:
- rename hexchen.* to hacc.*
- rename bindmount to bindMount to make it consistent with usage in
the nixpkgs container module
- add a hacc.bindToPersist option as shorthand for prepending /perist
to a path via bind mount
the nopersist module has been shortened a little by moving
service-specific things which are used once out into the individual
service files, and removing those which we don't need at all (this also
means we get to loose a mkForce or two in case of mismatches between
hexchen's and our current config).
we decided to:
- get rid of unused packages
- simpify the directory layout since we only have one host anyways
- move our docs (such as they are) in-tree
2024-01-11 23:49:26 +01:00
Renamed from hosts/parsons/configuration.nix (Browse further)
stuebinm