From 5a3a8fd6a283ad0f86e897368907b2903131ae32 Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <alukard.develop@gmail.com>
Date: Fri, 11 Feb 2022 21:09:58 +0300
Subject: [PATCH] fix lxc

---
 flake.nix                     |  4 ++--
 machines/NixOS-CT/default.nix | 12 ++++++++++++
 profiles/network.nix          |  2 +-
 profiles/security.nix         |  4 ++--
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/flake.nix b/flake.nix
index 4de342a..11a9141 100644
--- a/flake.nix
+++ b/flake.nix
@@ -120,11 +120,11 @@
             specialArgs = { inherit inputs; };
           };
         in (genAttrs hosts mkHost) // {
-          NixOS-CT = nixpkgs-stable.lib.nixosSystem {
+          NixOS-CT = (name: nixpkgs-stable.lib.nixosSystem {
             system = builtins.readFile (./machines + "/${name}/system");
             modules = [ (import (./machines + "/${name}")) { device = name; } ];
             specialArgs = { inherit inputs; };
-          };
+          } NixOS-CT);
         };
 
       legacyPackages.x86_64-linux =
diff --git a/machines/NixOS-CT/default.nix b/machines/NixOS-CT/default.nix
index 2707d4f..d180d0c 100644
--- a/machines/NixOS-CT/default.nix
+++ b/machines/NixOS-CT/default.nix
@@ -28,4 +28,16 @@
   systemd.suppressedSystemUnits = [
     "sys-kernel-debug.mount"
   ];
+
+  environment.noXlibs = lib.mkForce false;
+
+  networking = {
+    enableIPv6 = false;
+    defaultGateway = "192.168.0.1";
+    nameservers = [ "192.168.0.1" ];
+    interfaces.eth0.ipv4.addresses = [{
+      address = "192.168.0.12";
+      prefixLength = 24;
+    }];
+  };
 }
diff --git a/profiles/network.nix b/profiles/network.nix
index e58f52f..63631e1 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -34,7 +34,7 @@ with config.deviceSpecific;
     firewall = {
       enable = true;
       allowPing = true;
-      allowedTCPPorts = lib.mkIf isServer [ 22 80 443 8448 ];
+      allowedTCPPorts = lib.mkIf isServer [ 22 ];
     };
 
     usePredictableInterfaceNames = true;
diff --git a/profiles/security.nix b/profiles/security.nix
index 7695821..8a37a66 100644
--- a/profiles/security.nix
+++ b/profiles/security.nix
@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 with config.deviceSpecific; {
-  security.apparmor.enable = true;
+  security.apparmor.enable = !isContainer;
   programs.firejail.enable = true;
   users.mutableUsers = false;
   users.users.alukard = {
@@ -28,7 +28,7 @@ with config.deviceSpecific; {
       "corectrl"
       "video"
     ];
-    description = "Дмитрий Холкин";
+    description = "Dmitriy Kholkin";
     uid = 1000;
     hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
     shell = pkgs.zsh;