parent
0eb6953b0d
commit
d74a131529
14 changed files with 259 additions and 67 deletions
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
containers.ds9 = {
|
||||
autoStart = true;
|
||||
timeoutStartSec = "10000000min";
|
||||
privateNetwork = true;
|
||||
enableTun = true;
|
||||
additionalCapabilities = [
|
||||
|
|
@ -33,28 +34,40 @@
|
|||
];
|
||||
hostAddress = "192.168.100.10";
|
||||
localAddress = "192.168.100.11";
|
||||
# hostAddress6 = "fc00::1";
|
||||
# localAddress6 = "fc00::2";
|
||||
|
||||
path = inputs.oldConf.nixosConfigurations.ds9.config.system.build.toplevel;
|
||||
|
||||
|
||||
bindMounts = {
|
||||
"/data" = {
|
||||
hostPath = "/data";
|
||||
isReadOnly = false;
|
||||
};
|
||||
"/backup" = {
|
||||
hostPath = "/backup";
|
||||
"/backups" = {
|
||||
hostPath = "/backups";
|
||||
isReadOnly = false;
|
||||
};
|
||||
"/persistent" = {
|
||||
hostPath = "/oldds9/persistent";
|
||||
isReadOnly = false;
|
||||
};
|
||||
"/var/lib/containers" = {
|
||||
hostPath = "/oldds9/persistent/var/lib/containers";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.nat.enable = true;
|
||||
networking.nat.enableIPv6 = true;
|
||||
networking.nat.internalInterfaces = [ "ve-+" ];
|
||||
networking.nat.externalInterface = "enp1s0f1"; # TODO: changeme
|
||||
|
||||
services.traefik.dynamicConfigOptions.http.routers.simpleproxy-oldds9-router.rule =
|
||||
lib.mkForce "HostRegexp(`^.+\.hailsatan\.eu$`)";
|
||||
# services.traefik.dynamicConfigOptions.http.routers.simpleproxy-oldds9-router.tls.options = "old";
|
||||
services.traefik.dynamicConfigOptions.http.routers.simpleproxy-oldds9-router-robotstxt.rule =
|
||||
lib.mkForce "HostRegexp(`^.+\.hailsatan\.eu$`) && Path(`/robots.txt`)";
|
||||
xyno.services.traefik = {
|
||||
enable = true;
|
||||
simpleProxy.oldds9 = {
|
||||
|
|
@ -63,8 +76,27 @@
|
|||
};
|
||||
};
|
||||
|
||||
users.users.root.password = "hunter2";
|
||||
|
||||
systemd.services."dyndns-refresh" = {
|
||||
script = ''
|
||||
set -eu
|
||||
export PATH=$PATH:${pkgs.curl}/bin:${pkgs.jq}/bin:${pkgs.iproute2}/bin
|
||||
${pkgs.bash}/bin/bash ${config.sops.secrets.dyndns.path}
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
startAt = "*:0/10";
|
||||
};
|
||||
sops.secrets.dyndns = {
|
||||
sopsFile = ./secrets/dyndns.yaml;
|
||||
};
|
||||
|
||||
xyno.presets.cli.enable = true;
|
||||
xyno.presets.server.enable = true;
|
||||
xyno.impermanence.enable = true;
|
||||
# xyno.services.wireguard.enable = true;
|
||||
# xyno.services.caddy.enable = true;
|
||||
# xyno.services.monitoring.enable = true;
|
||||
|
|
@ -74,6 +106,16 @@
|
|||
xyno.networking.networkd = {
|
||||
enable = true;
|
||||
};
|
||||
networking.useDHCP = lib.mkForce false;
|
||||
networking.interfaces."enp1s0f1" = {
|
||||
useDHCP = true;
|
||||
tempAddress = "enabled";
|
||||
};
|
||||
systemd.network.networks."40-enp1s0f1" = {
|
||||
networkConfig = {
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue