fix lxc

flake.nix

@@ -120,11 +120,11 @@
             specialArgs = { inherit inputs; };
           };
         in (genAttrs hosts mkHost) // {
-          NixOS-CT = nixpkgs-stable.lib.nixosSystem {
+          NixOS-CT = (name: nixpkgs-stable.lib.nixosSystem {
             system = builtins.readFile (./machines + "/${name}/system");
             modules = [ (import (./machines + "/${name}")) { device = name; } ];
             specialArgs = { inherit inputs; };
-          };
+          } NixOS-CT);
         };
 
       legacyPackages.x86_64-linux =

machines/NixOS-CT/default.nix

@@ -28,4 +28,16 @@
   systemd.suppressedSystemUnits = [
     "sys-kernel-debug.mount"
   ];
+
+  environment.noXlibs = lib.mkForce false;
+
+  networking = {
+    enableIPv6 = false;
+    defaultGateway = "192.168.0.1";
+    nameservers = [ "192.168.0.1" ];
+    interfaces.eth0.ipv4.addresses = [{
+      address = "192.168.0.12";
+      prefixLength = 24;
+    }];
+  };
 }

profiles/network.nix

@@ -34,7 +34,7 @@ with config.deviceSpecific;
     firewall = {
       enable = true;
       allowPing = true;
-      allowedTCPPorts = lib.mkIf isServer [ 22 80 443 8448 ];
+      allowedTCPPorts = lib.mkIf isServer [ 22 ];
     };
 
     usePredictableInterfaceNames = true;

profiles/security.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 with config.deviceSpecific; {
-  security.apparmor.enable = true;
+  security.apparmor.enable = !isContainer;
   programs.firejail.enable = true;
   users.mutableUsers = false;
   users.users.alukard = {
@@ -28,7 +28,7 @@ with config.deviceSpecific; {
       "corectrl"
       "video"
     ];
-    description = "Дмитрий Холкин";
+    description = "Dmitriy Kholkin";
     uid = 1000;
     hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
     shell = pkgs.zsh;