{ flake, config, ... }: { config = { boot.enableContainers = true; boot.kernel.sysctl = { "net.netfilter.nf_log_all_netns" = true; }; containers."kimai" = { autoStart = true; ephemeral = true; bindMounts = { "/var/lib/kimai" = { hostPath = "/var/lib/kimai/state"; isReadOnly = false; }; "/var/lib/mysql" = { hostPath = "/var/lib/kimai/mysql"; isReadOnly = false; }; }; privateNetwork = true; # forwardPorts = [ # { containerPort = 80; # hostPort = 28983; # } # ]; hostAddress = "192.168.52.113"; localAddress = "192.168.52.114"; hostAddress6 = "2a03:4000:52:ada:6::1"; localAddress6 = "2a03:4000:52:ada:6::2"; config = let hostConfig = config; in { config, pkgs, lib, ... }: { system.stateVersion = lib.mkIf hostConfig.containers."kimai".ephemeral config.system.nixos.release; system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; nixpkgs.pkgs = hostConfig.nixpkgs.pkgs; services.kimai.sites."kimai.yggdrasil.li" = { database.socket = "/run/mysqld/mysqld.sock"; }; networking = { useDHCP = false; useNetworkd = true; useHostResolvConf = false; firewall.enable = false; nftables = { enable = true; rulesetFile = ./ruleset.nft; }; }; services.resolved.fallbackDns = [ "9.9.9.10#dns10.quad9.net" "149.112.112.10#dns10.quad9.net" "2620:fe::10#dns10.quad9.net" "2620:fe::fe:10#dns10.quad9.net" ]; systemd.network = { networks.upstream = { name = "eth0"; matchConfig = { Name = "eth0"; }; linkConfig = { RequiredForOnline = true; }; networkConfig = { Address = [ "192.168.52.114/32" "2a03:4000:52:ada:6::2/128" ]; LLMNR = false; MulticastDNS = false; }; routes = [ { Destination = "192.168.52.113/32"; } { Destination = "2a03:4000:52:ada:6::1/128"; } { Destination = "0.0.0.0/0"; Gateway = "192.168.52.113"; } { Destination = "::/0"; Gateway = "2a03:4000:52:ada:6::1"; } ]; }; }; }; }; }; }