dmz: add dummy config

author: Alejandro Soto <alejandro@34project.org> 2022-12-29 04:57:16 -0600
committer: Alejandro Soto <alejandro@34project.org> 2022-12-29 04:59:07 -0600
commit: 0d849ddb6a666748c873e0a596fbd4f276f1a939 (patch)
tree: 842b41e2cf971bb1a9e1cbb4836381ad64495403 /sys
parent: e508b2b5d7c7e3504bb5e8ff33fd3bbfc006f9ef (diff)
2 files changed, 13 insertions, 1 deletions
diff --git a/sys/default.nix b/sys/default.nix
index 228c126..3224c40 100644
--- a/sys/default.nix
+++ b/sys/default.nix
@@ -1,10 +1,11 @@
-{ lib, config, pkgs, modulesPath, ... }:
+{ lib, config, pkgs, ... }:
 with lib; {
   imports = [
     ./auth.nix
     ./boot.nix
     ./fs
     ./net.nix
+    ./nspawn.nix
     ./options.nix
     ./users.nix
   ];
diff --git a/sys/nspawn.nix b/sys/nspawn.nix
new file mode 100644
index 0000000..528223a
--- /dev/null
+++ b/sys/nspawn.nix
@@ -0,0 +1,11 @@
+{ lib, config, ... }:
+with lib; let
+  cfg = config.local.nspawn;
+in
+{
+  options.local.nspawn.dmz.enable = mkEnableOption "DMZ services in a container";
+
+  config.systemd.nspawn.dmz = mkIf cfg.dmz.enable {
+    execConfig.PrivateUsers = true;
+  };
+}
author	Alejandro Soto <alejandro@34project.org>	2022-12-29 04:57:16 -0600
committer	Alejandro Soto <alejandro@34project.org>	2022-12-29 04:59:07 -0600
commit	0d849ddb6a666748c873e0a596fbd4f276f1a939 (patch)
tree	842b41e2cf971bb1a9e1cbb4836381ad64495403 /sys
parent	e508b2b5d7c7e3504bb5e8ff33fd3bbfc006f9ef (diff)