Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

feat(public-cof): add IPv4 → IPv6 proxy

Browse source
This commit is contained in:
Raito Bezarius 2022-09-10 15:29:51 +02:00
parent c90e89bc7a
commit 54163ed857
7 changed files with 72 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/core-services-01/subZone.nix
View file

@ -12,6 +12,7 @@ let
remoteBuilders = { remoteBuilders = {
nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ]; nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];
}; };
mkProxyRecord = AAAA: { inherit AAAA; A = [ "45.13.104.29" ]; };
dualstack = { dualstack = {
A = my.ipv4; A = my.ipv4;
AAAA = my.ipv6.standard; AAAA = my.ipv6.standard;
@ -58,10 +59,7 @@ dualstack // {
beta = public-cof-ips // { beta = public-cof-ips // {
subdomains = { subdomains = {
traque = { traque = mkProxyRecord [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
inherit (public-cof-ips) A;
AAAA = [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
};
nuage = public-cof-ips; nuage = public-cof-ips;
minecraft = public-cof-ips; minecraft = public-cof-ips;
factorio = public-cof-ips; factorio = public-cof-ips;

1
machines/public-cof/configuration.nix
View file

@ -18,6 +18,7 @@
# ./cryptpad.nix # ./cryptpad.nix
./hedgedoc.nix ./hedgedoc.nix
./secrets ./secrets
./v6proxy
# TODO monitoring # TODO monitoring
]; ];

4
machines/public-cof/networking.nix
View file

@ -32,7 +32,9 @@ in {
}; };
interfaces.ens20 = { interfaces.ens20 = {
ipv4.addresses = map mkAddress [ "45.13.104.27/32" ]; # 1st is for public-cof
# 2nd is for IPv4 → IPv6 proxy in v6proxy/
ipv4.addresses = map mkAddress [ "45.13.104.27/32" "45.13.104.29/32" ];
}; };
firewall.allowedTCPPorts = [ 22 ]; firewall.allowedTCPPorts = [ 22 ];

12
machines/public-cof/nix/sources.json
View file

@ -29,6 +29,18 @@
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixexprs": {
"branch": "master",
"description": "All my Nix expressions",
"homepage": null,
"owner": "RaitoBezarius",
"repo": "nixexprs",
"rev": "5fd6966844be775a272e932375d7982275ba2300",
"sha256": "1l5zgdgqbn7apw2ngqzid0sqrklx0rnj8sjid4ykx9156kdqjan5",
"type": "tarball",
"url": "https://github.com/RaitoBezarius/nixexprs/archive/5fd6966844be775a272e932375d7982275ba2300.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"raito-nur": { "raito-nur": {
"branch": "master", "branch": "master",
"description": "All my Nix expressions", "description": "All my Nix expressions",

22
machines/public-cof/nix/sources.nix
View file

@ -31,8 +31,28 @@ let
if spec ? branch then "refs/heads/${spec.branch}" else if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
submodules = if spec ? submodules then spec.submodules else false;
submoduleArg =
let
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
emptyArgWithWarning =
if submodules == true
then
builtins.trace
(
"The niv input \"${name}\" uses submodules "
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+ "does not support them"
)
{}
else {};
in
if nixSupportsSubmodules
then { inherit submodules; }
else emptyArgWithWarning;
in in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; builtins.fetchGit
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
fetch_local = spec: spec.path; fetch_local = spec: spec.path;

3
machines/public-cof/nur.nix
View file

@ -3,6 +3,8 @@ let
nivSources = import ./nix/sources.nix; nivSources = import ./nix/sources.nix;
rz-src = nivSources.klubrz-nur; rz-src = nivSources.klubrz-nur;
rz-no-pkgs = (import nivSources.klubrz-nur {}); rz-no-pkgs = (import nivSources.klubrz-nur {});
raitobezarius-src = nivSources.nixexprs;
raitobezarius-no-pkgs = (import raitobezarius-src {});
in in
{ {
nixpkgs.config.packageOverrides = { nixpkgs.config.packageOverrides = {
@ -11,6 +13,7 @@ in
imports = [ imports = [
"${nivSources.agenix}/modules/age.nix" "${nivSources.agenix}/modules/age.nix"
raitobezarius-no-pkgs.modules.sniproxy
] ++ lib.attrValues rz-no-pkgs.modules; ] ++ lib.attrValues rz-no-pkgs.modules;
nixpkgs.overlays = []; nixpkgs.overlays = [];

30
machines/public-cof/v6proxy/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ ... }:
let
proxyIPv4 = "45.13.104.29";
in
{
networking.firewall.allowedTCPPorts = [ 443 ];
services.sniproxy = {
enable = true;
resolver = {
mode = "ipv6_first";
};
listeners = [
{
address = "${proxyIPv4}:443";
table = "vhosts";
fallback = null;
}
];
tables.vhosts = [
{
match = "traque.beta.rz.ens.wtf";
dest = "traque.beta.rz.ens.wtf";
}
];
};
}