Allods

systems/x86_64-linux/stargate/services/allods.nix

@@ -0,0 +1,24 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  systemd.targets.machines.enable = true;
+  systemd.nspawn."allods" = {
+    enable = true;
+    execConfig = { 
+      Boot = true; 
+      CapabilityBoundingSet = "";
+      PrivateUsers = true;	    
+    };
+
+    filesConfig = { BindReadOnly = [ "/etc/resolv.conf:/etc/resolv.conf" ]; };
+    networkConfig = { Private = false; };
+  };
+  systemd.services."systemd-nspawn@allods" = {
+    enable = true;
+    requiredBy = [ "machines.target" ];
+    overrideStrategy = "asDropin";
+  };
+}