feat(public-cof): add IPv4 → IPv6 proxy
This commit is contained in:
parent
c90e89bc7a
commit
54163ed857
7 changed files with 72 additions and 6 deletions
|
@ -12,6 +12,7 @@ let
|
|||
remoteBuilders = {
|
||||
nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];
|
||||
};
|
||||
mkProxyRecord = AAAA: { inherit AAAA; A = [ "45.13.104.29" ]; };
|
||||
dualstack = {
|
||||
A = my.ipv4;
|
||||
AAAA = my.ipv6.standard;
|
||||
|
@ -58,10 +59,7 @@ dualstack // {
|
|||
|
||||
beta = public-cof-ips // {
|
||||
subdomains = {
|
||||
traque = {
|
||||
inherit (public-cof-ips) A;
|
||||
AAAA = [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
|
||||
};
|
||||
traque = mkProxyRecord [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
|
||||
nuage = public-cof-ips;
|
||||
minecraft = public-cof-ips;
|
||||
factorio = public-cof-ips;
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
# ./cryptpad.nix
|
||||
./hedgedoc.nix
|
||||
./secrets
|
||||
./v6proxy
|
||||
# TODO monitoring
|
||||
];
|
||||
|
||||
|
|
|
@ -32,7 +32,9 @@ in {
|
|||
};
|
||||
|
||||
interfaces.ens20 = {
|
||||
ipv4.addresses = map mkAddress [ "45.13.104.27/32" ];
|
||||
# 1st is for public-cof
|
||||
# 2nd is for IPv4 → IPv6 proxy in v6proxy/
|
||||
ipv4.addresses = map mkAddress [ "45.13.104.27/32" "45.13.104.29/32" ];
|
||||
};
|
||||
|
||||
firewall.allowedTCPPorts = [ 22 ];
|
||||
|
|
|
@ -29,6 +29,18 @@
|
|||
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixexprs": {
|
||||
"branch": "master",
|
||||
"description": "All my Nix expressions",
|
||||
"homepage": null,
|
||||
"owner": "RaitoBezarius",
|
||||
"repo": "nixexprs",
|
||||
"rev": "5fd6966844be775a272e932375d7982275ba2300",
|
||||
"sha256": "1l5zgdgqbn7apw2ngqzid0sqrklx0rnj8sjid4ykx9156kdqjan5",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/RaitoBezarius/nixexprs/archive/5fd6966844be775a272e932375d7982275ba2300.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"raito-nur": {
|
||||
"branch": "master",
|
||||
"description": "All my Nix expressions",
|
||||
|
|
|
@ -31,8 +31,28 @@ let
|
|||
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||
submodules = if spec ? submodules then spec.submodules else false;
|
||||
submoduleArg =
|
||||
let
|
||||
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||
emptyArgWithWarning =
|
||||
if submodules == true
|
||||
then
|
||||
builtins.trace
|
||||
(
|
||||
"The niv input \"${name}\" uses submodules "
|
||||
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||
+ "does not support them"
|
||||
)
|
||||
{}
|
||||
else {};
|
||||
in
|
||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
||||
if nixSupportsSubmodules
|
||||
then { inherit submodules; }
|
||||
else emptyArgWithWarning;
|
||||
in
|
||||
builtins.fetchGit
|
||||
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
||||
|
||||
fetch_local = spec: spec.path;
|
||||
|
||||
|
|
|
@ -3,6 +3,8 @@ let
|
|||
nivSources = import ./nix/sources.nix;
|
||||
rz-src = nivSources.klubrz-nur;
|
||||
rz-no-pkgs = (import nivSources.klubrz-nur {});
|
||||
raitobezarius-src = nivSources.nixexprs;
|
||||
raitobezarius-no-pkgs = (import raitobezarius-src {});
|
||||
in
|
||||
{
|
||||
nixpkgs.config.packageOverrides = {
|
||||
|
@ -11,6 +13,7 @@ in
|
|||
|
||||
imports = [
|
||||
"${nivSources.agenix}/modules/age.nix"
|
||||
raitobezarius-no-pkgs.modules.sniproxy
|
||||
] ++ lib.attrValues rz-no-pkgs.modules;
|
||||
|
||||
nixpkgs.overlays = [];
|
||||
|
|
30
machines/public-cof/v6proxy/default.nix
Normal file
30
machines/public-cof/v6proxy/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ ... }:
|
||||
let
|
||||
proxyIPv4 = "45.13.104.29";
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||
|
||||
services.sniproxy = {
|
||||
enable = true;
|
||||
|
||||
resolver = {
|
||||
mode = "ipv6_first";
|
||||
};
|
||||
|
||||
listeners = [
|
||||
{
|
||||
address = "${proxyIPv4}:443";
|
||||
table = "vhosts";
|
||||
fallback = null;
|
||||
}
|
||||
];
|
||||
|
||||
tables.vhosts = [
|
||||
{
|
||||
match = "traque.beta.rz.ens.wtf";
|
||||
dest = "traque.beta.rz.ens.wtf";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue