feat(public-cof): add IPv4 → IPv6 proxy
This commit is contained in:
parent
c90e89bc7a
commit
54163ed857
7 changed files with 72 additions and 6 deletions
|
@ -12,6 +12,7 @@ let
|
||||||
remoteBuilders = {
|
remoteBuilders = {
|
||||||
nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];
|
nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];
|
||||||
};
|
};
|
||||||
|
mkProxyRecord = AAAA: { inherit AAAA; A = [ "45.13.104.29" ]; };
|
||||||
dualstack = {
|
dualstack = {
|
||||||
A = my.ipv4;
|
A = my.ipv4;
|
||||||
AAAA = my.ipv6.standard;
|
AAAA = my.ipv6.standard;
|
||||||
|
@ -58,10 +59,7 @@ dualstack // {
|
||||||
|
|
||||||
beta = public-cof-ips // {
|
beta = public-cof-ips // {
|
||||||
subdomains = {
|
subdomains = {
|
||||||
traque = {
|
traque = mkProxyRecord [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
|
||||||
inherit (public-cof-ips) A;
|
|
||||||
AAAA = [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
|
|
||||||
};
|
|
||||||
nuage = public-cof-ips;
|
nuage = public-cof-ips;
|
||||||
minecraft = public-cof-ips;
|
minecraft = public-cof-ips;
|
||||||
factorio = public-cof-ips;
|
factorio = public-cof-ips;
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
# ./cryptpad.nix
|
# ./cryptpad.nix
|
||||||
./hedgedoc.nix
|
./hedgedoc.nix
|
||||||
./secrets
|
./secrets
|
||||||
|
./v6proxy
|
||||||
# TODO monitoring
|
# TODO monitoring
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,9 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
interfaces.ens20 = {
|
interfaces.ens20 = {
|
||||||
ipv4.addresses = map mkAddress [ "45.13.104.27/32" ];
|
# 1st is for public-cof
|
||||||
|
# 2nd is for IPv4 → IPv6 proxy in v6proxy/
|
||||||
|
ipv4.addresses = map mkAddress [ "45.13.104.27/32" "45.13.104.29/32" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
firewall.allowedTCPPorts = [ 22 ];
|
firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
|
@ -29,6 +29,18 @@
|
||||||
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
|
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
|
"nixexprs": {
|
||||||
|
"branch": "master",
|
||||||
|
"description": "All my Nix expressions",
|
||||||
|
"homepage": null,
|
||||||
|
"owner": "RaitoBezarius",
|
||||||
|
"repo": "nixexprs",
|
||||||
|
"rev": "5fd6966844be775a272e932375d7982275ba2300",
|
||||||
|
"sha256": "1l5zgdgqbn7apw2ngqzid0sqrklx0rnj8sjid4ykx9156kdqjan5",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://github.com/RaitoBezarius/nixexprs/archive/5fd6966844be775a272e932375d7982275ba2300.tar.gz",
|
||||||
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
|
},
|
||||||
"raito-nur": {
|
"raito-nur": {
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"description": "All my Nix expressions",
|
"description": "All my Nix expressions",
|
||||||
|
|
|
@ -31,8 +31,28 @@ let
|
||||||
if spec ? branch then "refs/heads/${spec.branch}" else
|
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||||
|
submodules = if spec ? submodules then spec.submodules else false;
|
||||||
|
submoduleArg =
|
||||||
|
let
|
||||||
|
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||||
|
emptyArgWithWarning =
|
||||||
|
if submodules == true
|
||||||
|
then
|
||||||
|
builtins.trace
|
||||||
|
(
|
||||||
|
"The niv input \"${name}\" uses submodules "
|
||||||
|
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||||
|
+ "does not support them"
|
||||||
|
)
|
||||||
|
{}
|
||||||
|
else {};
|
||||||
in
|
in
|
||||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
if nixSupportsSubmodules
|
||||||
|
then { inherit submodules; }
|
||||||
|
else emptyArgWithWarning;
|
||||||
|
in
|
||||||
|
builtins.fetchGit
|
||||||
|
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
||||||
|
|
||||||
fetch_local = spec: spec.path;
|
fetch_local = spec: spec.path;
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,8 @@ let
|
||||||
nivSources = import ./nix/sources.nix;
|
nivSources = import ./nix/sources.nix;
|
||||||
rz-src = nivSources.klubrz-nur;
|
rz-src = nivSources.klubrz-nur;
|
||||||
rz-no-pkgs = (import nivSources.klubrz-nur {});
|
rz-no-pkgs = (import nivSources.klubrz-nur {});
|
||||||
|
raitobezarius-src = nivSources.nixexprs;
|
||||||
|
raitobezarius-no-pkgs = (import raitobezarius-src {});
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = {
|
nixpkgs.config.packageOverrides = {
|
||||||
|
@ -11,6 +13,7 @@ in
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
"${nivSources.agenix}/modules/age.nix"
|
"${nivSources.agenix}/modules/age.nix"
|
||||||
|
raitobezarius-no-pkgs.modules.sniproxy
|
||||||
] ++ lib.attrValues rz-no-pkgs.modules;
|
] ++ lib.attrValues rz-no-pkgs.modules;
|
||||||
|
|
||||||
nixpkgs.overlays = [];
|
nixpkgs.overlays = [];
|
||||||
|
|
30
machines/public-cof/v6proxy/default.nix
Normal file
30
machines/public-cof/v6proxy/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ ... }:
|
||||||
|
let
|
||||||
|
proxyIPv4 = "45.13.104.29";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||||
|
|
||||||
|
services.sniproxy = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
resolver = {
|
||||||
|
mode = "ipv6_first";
|
||||||
|
};
|
||||||
|
|
||||||
|
listeners = [
|
||||||
|
{
|
||||||
|
address = "${proxyIPv4}:443";
|
||||||
|
table = "vhosts";
|
||||||
|
fallback = null;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
tables.vhosts = [
|
||||||
|
{
|
||||||
|
match = "traque.beta.rz.ens.wtf";
|
||||||
|
dest = "traque.beta.rz.ens.wtf";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue