hosts/vidhar/kimai/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

{ flake, config, ... }:

{
  config = {
    boot.enableContainers = true;
    boot.kernel.sysctl = {
      "net.netfilter.nf_log_all_netns" = true;
    };

    containers."kimai" = {
      autoStart = true;
      ephemeral = true;
      bindMounts = {
        "/var/lib/kimai" = {
          hostPath = "/var/lib/kimai/state";
          isReadOnly = false;
        };
        "/var/lib/mysql" = {
          hostPath = "/var/lib/kimai/mysql";
          isReadOnly = false;
        };
      };
      privateNetwork = true;
      # forwardPorts = [
      #   { containerPort = 80;
      #     hostPort = 28983;
      #   }
      # ];
      hostAddress = "192.168.52.113";
      localAddress = "192.168.52.114";
      hostAddress6 = "2a03:4000:52:ada:6::1";
      localAddress6 = "2a03:4000:52:ada:6::2";
      config = let hostConfig = config; in { config, pkgs, lib, ... }: {
        system.stateVersion = lib.mkIf hostConfig.containers."kimai".ephemeral config.system.nixos.release;
        system.configurationRevision = lib.mkIf (flake ? rev) flake.rev;
        nixpkgs.pkgs = hostConfig.nixpkgs.pkgs;

        services.kimai.sites."kimai.yggdrasil.li" = {
          database.socket = "/run/mysqld/mysqld.sock";
        };

        networking = {
          useDHCP = false;
          useNetworkd = true;
          useHostResolvConf = false;
          firewall.enable = false;
          nftables = {
            enable = true;
            rulesetFile = ./ruleset.nft;
          };
        };

        services.resolved.fallbackDns = [
          "9.9.9.10#dns10.quad9.net"
          "149.112.112.10#dns10.quad9.net"
          "2620:fe::10#dns10.quad9.net"
          "2620:fe::fe:10#dns10.quad9.net"
        ];

        systemd.network = {
          networks.upstream = {
            name = "eth0";
            matchConfig = {
              Name = "eth0";
            };
            linkConfig = {
              RequiredForOnline = true;
            };
            networkConfig = {
              Address = [ "192.168.52.114/32" "2a03:4000:52:ada:6::2/128" ];
              LLMNR = false;
              MulticastDNS = false;
            };
            routes = [
              { Destination = "192.168.52.113/32"; }
              { Destination = "2a03:4000:52:ada:6::1/128"; }
              { Destination = "0.0.0.0/0";
                Gateway = "192.168.52.113";
              }
              { Destination = "::/0";
                Gateway = "2a03:4000:52:ada:6::1";
              }
            ];
          };
        };
      };
    };
  };
}