blob: 90517a61dea6a2c174e2bfb2d9c1227520eb02f9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
{ config, pkgs, fetchurl, lib, ... }:
let
dockerConfig = {
ipv6 = true;
fixed-cidr-v6 = "fd69:2074:9fcd:b0fd::/64";
features = {
buildkit = true;
};
};
in
{ virtualisation = {
docker = {
enable = true;
enableOnBoot = false;
liveRestore = false;
extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON dockerConfig)}";
autoPrune = {
enable = true;
dates = "Mon, 13:00";
};
};
};
networking.firewall.extraCommands = ''
iptables -A nixos-fw -p udp --source 172.17.0.0/24 -j nixos-fw-accept
iptables -A nixos-fw -p tcp --source 172.17.0.0/24 -j nixos-fw-accept
ip6tables -A nixos-fw -p tcp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept
ip6tables -A nixos-fw -p udp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept
'';
services.postgresql = {
enable = true;
ensureDatabases = ["satoshipay"];
authentication = ''
# TYPE DATABASE USER ADDRESS METHOD
local all postgres trust
local all all md5
'';
ensureUsers = [
{
name = "alan";
ensurePermissions = {
"DATABASE satoshipay" = "ALL PRIVILEGES";
};
}
{
name = "satoshipay";
ensurePermissions = {
"DATABASE satoshipay" = "ALL PRIVILEGES";
};
}
];
};
nix.gc.dates = "12:30";
system.autoUpgrade.dates = "13:05";
networking.search = ["satoshipay.io"];
}
|