{ config, pkgs, fetchurl, lib, ... }: let dockerConfig = { ipv6 = true; fixed-cidr-v6 = "fd69:2074:9fcd:b0fd::/64"; features = { buildkit = true; }; }; in { virtualisation = { docker = { enable = true; enableOnBoot = false; liveRestore = false; extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON dockerConfig)}"; autoPrune = { enable = true; dates = "Mon, 13:00"; }; }; }; networking.firewall.extraCommands = '' iptables -A nixos-fw -p udp --source 172.17.0.0/24 -j nixos-fw-accept iptables -A nixos-fw -p tcp --source 172.17.0.0/24 -j nixos-fw-accept ip6tables -A nixos-fw -p tcp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept ip6tables -A nixos-fw -p udp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept ''; services.postgresql = { enable = true; ensureDatabases = ["satoshipay"]; authentication = '' # TYPE DATABASE USER ADDRESS METHOD local all postgres trust local all all md5 ''; ensureUsers = [ { name = "alan"; ensurePermissions = { "DATABASE satoshipay" = "ALL PRIVILEGES"; }; } { name = "satoshipay"; ensurePermissions = { "DATABASE satoshipay" = "ALL PRIVILEGES"; }; } ]; }; nix.gc.dates = "12:30"; system.autoUpgrade.dates = "13:05"; networking.search = ["satoshipay.io"]; }