diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index cf0828f..f4e84c6 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -4,6 +4,7 @@ let ip = "10.42.97.3"; in { + users.users.gitea = { isSystemUser = true; uid = 990; @@ -98,7 +99,9 @@ in containers.gitea = { autoStart = true; - macvlans = [ "lan" ]; + privateNetwork = true; + hostBridge = "brserver"; + localAddress = "10.42.97.2/24"; bindMounts = { "/var/lib/gitea" = { hostPath = "/var/lib/gitea/"; @@ -156,7 +159,7 @@ in allowedTCPPorts = [ 22 80 443 ]; }; # Use systemd-resolved inside the container - useHostResolvConf = lib.mkForce false; + useHostResolvConf = false; }; services.resolved.enable = true; diff --git a/hosts/fw.cloonar.com/modules/networking.nix b/hosts/fw.cloonar.com/modules/networking.nix index a5fe58d..be48836 100644 --- a/hosts/fw.cloonar.com/modules/networking.nix +++ b/hosts/fw.cloonar.com/modules/networking.nix @@ -30,6 +30,10 @@ id = 101; interface = "enp5s0"; }; + server = { + id = 97; + interface = "enp5s0"; + }; multimedia = { id = 99; interface = "enp5s0"; @@ -44,6 +48,12 @@ }; }; + nat = { + enable = true; + internalInterfaces = [ "server" ]; + externalInterface = "brserver"; + }; + interfaces = { # Don't request DHCP on the physical interfaces lan.useDHCP = false; @@ -58,12 +68,12 @@ prefixLength = 24; }]; }; - # server = { - # ipv4.addresses = [{ - # address = "10.42.97.1"; - # prefixLength = 24; - # }]; - # }; + server = { + ipv4.addresses = [{ + address = "10.42.97.1"; + prefixLength = 24; + }]; + }; infrastructure = { ipv4.addresses = [{ address = "10.42.101.1";