22 lines
501 B
Nix
22 lines
501 B
Nix
{ ... }:
|
|
let
|
|
lxd_profiles = {
|
|
"default" = (import ./profiles/default.nix);
|
|
};
|
|
in
|
|
{
|
|
boot = {
|
|
kernelModules = [ "nf_nat_ftp" ];
|
|
|
|
kernel.sysctl = {
|
|
"net.ipv4.conf.all.forwarding" = true;
|
|
"net.ipv4.conf.default.forwarding" = true;
|
|
};
|
|
};
|
|
|
|
# allow static ipv4 for containers
|
|
networking.firewall.extraCommands = ''
|
|
iptables -A INPUT -i ${lxd_profiles.default.network.name} -m comment --comment "lxd rule for ${lxd_profiles.default.network.name}" -j ACCEPT
|
|
'';
|
|
}
|