add etherpad to arachnide server and fix internet access from nixos-containers

This commit is contained in:
Douze Bé 2024-12-22 17:12:20 +01:00
parent e85686be0c
commit f3603eec25
5 changed files with 50 additions and 17 deletions

View file

@ -14,6 +14,7 @@
/var/src/modules/forgejo.nix
/var/src/modules/forgejo-runner.nix
/var/src/modules/nextcloud.nix
/var/src/modules/etherpad.nix
];
# Bootloader.
@ -70,6 +71,10 @@
address-prefix = "/24";
};
nixin.etherpad = {
domain = "pad.lab12.fr";
};
# Enable ip forwarding to route packets for the local network connected to enp3s0
boot.kernel.sysctl = {

View file

@ -12,6 +12,15 @@
useDHCP = false;
defaultGateway = "192.168.36.1";
nat = {
enable = true;
#internalInterfaces = ["vb-+"];
internalIPs = ["10.10.10.0/24"];
externalInterface = "enp1s0";
# Lazy IPv6 connectivity for the containers
#enableIPv6 = true;
};
# bridge for containers
bridges = {
"br0" = {

33
modules/etherpad.nix Normal file
View file

@ -0,0 +1,33 @@
# Forgejo
{ config, pkgs, lib, ... }:
let
inherit (lib) mkOption mkDefault;
in
{
options = {
nixin.etherpad = {
domain = mkOption { type = lib.types.str; };
};
};
config = {
networking.hosts = {
"127.0.0.1" = [ "${config.nixin.etherpad.domain}" ];
};
# Etherpad is not yes packaged for nixos, so deploy it using docker
virtualisation.oci-containers.containers.etherpad = {
autoStart = true;
image = "etherpad/etherpad";
extraOptions = [
"--label=traefik.enable=true"
"--label=traefik.http.routers.etherpad.entrypoints=websecure"
"--label=traefik.http.routers.etherpad.rule=Host(`${config.nixin.etherpad.domain}`)"
"--label=traefik.http.routers.etherpad.tls=true"
"--label=traefik.http.services.etherpad.loadbalancer.server.port=9001"
"--label=traefik.http.routers.etherpad.tls.certresolver=acme-challenge"
];
};
};
}

View file

@ -67,6 +67,9 @@ in
};
};
networking.firewall.extraCommands = ''
iptables -w -t nat -A POSTROUTING -s ${config.containers.nextcloud.localAddress} -j MASQUERADE
'';
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
loadBalancer.servers = [

View file

@ -82,22 +82,5 @@ in
middlewares = [ "wg-whitelist" ];
entryPoints = [ "websecure" ];
};
# You can find and example proxy for a non-docker service in the nixin-web.nix module
# Example docker service with traefik proxy enabled through labels
# virtualisation.oci-containers.containers.whoami = {
# autoStart = true;
# image = "jwilder/whoami";
# extraOptions = [
# "--label=traefik.enable=true"
# "--label=traefik.http.routers.whoami.entrypoints=websecure"
# "--label=traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
# "--label=traefik.http.routers.whoami.tls=true"
# "--label=traefik.http.services.whoami.loadbalancer.server.port=8000"
# "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge"
# ];
# };
};
}