feat(public-cof): add IPv4 → IPv6 proxy

This commit is contained in:
Raito Bezarius 2022-09-10 15:29:51 +02:00
parent c90e89bc7a
commit 54163ed857
7 changed files with 72 additions and 6 deletions

View file

@ -12,6 +12,7 @@ let
remoteBuilders = {
nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];
};
mkProxyRecord = AAAA: { inherit AAAA; A = [ "45.13.104.29" ]; };
dualstack = {
A = my.ipv4;
AAAA = my.ipv6.standard;
@ -58,10 +59,7 @@ dualstack // {
beta = public-cof-ips // {
subdomains = {
traque = {
inherit (public-cof-ips) A;
AAAA = [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
};
traque = mkProxyRecord [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
nuage = public-cof-ips;
minecraft = public-cof-ips;
factorio = public-cof-ips;

View file

@ -18,6 +18,7 @@
# ./cryptpad.nix
./hedgedoc.nix
./secrets
./v6proxy
# TODO monitoring
];

View file

@ -32,7 +32,9 @@ in {
};
interfaces.ens20 = {
ipv4.addresses = map mkAddress [ "45.13.104.27/32" ];
# 1st is for public-cof
# 2nd is for IPv4 → IPv6 proxy in v6proxy/
ipv4.addresses = map mkAddress [ "45.13.104.27/32" "45.13.104.29/32" ];
};
firewall.allowedTCPPorts = [ 22 ];

View file

@ -29,6 +29,18 @@
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixexprs": {
"branch": "master",
"description": "All my Nix expressions",
"homepage": null,
"owner": "RaitoBezarius",
"repo": "nixexprs",
"rev": "5fd6966844be775a272e932375d7982275ba2300",
"sha256": "1l5zgdgqbn7apw2ngqzid0sqrklx0rnj8sjid4ykx9156kdqjan5",
"type": "tarball",
"url": "https://github.com/RaitoBezarius/nixexprs/archive/5fd6966844be775a272e932375d7982275ba2300.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"raito-nur": {
"branch": "master",
"description": "All my Nix expressions",

View file

@ -31,8 +31,28 @@ let
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
submodules = if spec ? submodules then spec.submodules else false;
submoduleArg =
let
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
emptyArgWithWarning =
if submodules == true
then
builtins.trace
(
"The niv input \"${name}\" uses submodules "
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+ "does not support them"
)
{}
else {};
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
if nixSupportsSubmodules
then { inherit submodules; }
else emptyArgWithWarning;
in
builtins.fetchGit
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
fetch_local = spec: spec.path;

View file

@ -3,6 +3,8 @@ let
nivSources = import ./nix/sources.nix;
rz-src = nivSources.klubrz-nur;
rz-no-pkgs = (import nivSources.klubrz-nur {});
raitobezarius-src = nivSources.nixexprs;
raitobezarius-no-pkgs = (import raitobezarius-src {});
in
{
nixpkgs.config.packageOverrides = {
@ -11,6 +13,7 @@ in
imports = [
"${nivSources.agenix}/modules/age.nix"
raitobezarius-no-pkgs.modules.sniproxy
] ++ lib.attrValues rz-no-pkgs.modules;
nixpkgs.overlays = [];

View file

@ -0,0 +1,30 @@
{ ... }:
let
proxyIPv4 = "45.13.104.29";
in
{
networking.firewall.allowedTCPPorts = [ 443 ];
services.sniproxy = {
enable = true;
resolver = {
mode = "ipv6_first";
};
listeners = [
{
address = "${proxyIPv4}:443";
table = "vhosts";
fallback = null;
}
];
tables.vhosts = [
{
match = "traque.beta.rz.ens.wtf";
dest = "traque.beta.rz.ens.wtf";
}
];
};
}