add etherpad to arachnide server and fix internet access from nixos-containers
This commit is contained in:
parent
e85686be0c
commit
f3603eec25
5 changed files with 50 additions and 17 deletions
|
@ -14,6 +14,7 @@
|
|||
/var/src/modules/forgejo.nix
|
||||
/var/src/modules/forgejo-runner.nix
|
||||
/var/src/modules/nextcloud.nix
|
||||
/var/src/modules/etherpad.nix
|
||||
];
|
||||
|
||||
# Bootloader.
|
||||
|
@ -70,6 +71,10 @@
|
|||
address-prefix = "/24";
|
||||
};
|
||||
|
||||
nixin.etherpad = {
|
||||
domain = "pad.lab12.fr";
|
||||
};
|
||||
|
||||
|
||||
# Enable ip forwarding to route packets for the local network connected to enp3s0
|
||||
boot.kernel.sysctl = {
|
||||
|
|
|
@ -12,6 +12,15 @@
|
|||
useDHCP = false;
|
||||
defaultGateway = "192.168.36.1";
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
#internalInterfaces = ["vb-+"];
|
||||
internalIPs = ["10.10.10.0/24"];
|
||||
externalInterface = "enp1s0";
|
||||
# Lazy IPv6 connectivity for the containers
|
||||
#enableIPv6 = true;
|
||||
};
|
||||
|
||||
# bridge for containers
|
||||
bridges = {
|
||||
"br0" = {
|
||||
|
|
33
modules/etherpad.nix
Normal file
33
modules/etherpad.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Forgejo
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkOption mkDefault;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
nixin.etherpad = {
|
||||
domain = mkOption { type = lib.types.str; };
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "${config.nixin.etherpad.domain}" ];
|
||||
};
|
||||
|
||||
# Etherpad is not yes packaged for nixos, so deploy it using docker
|
||||
virtualisation.oci-containers.containers.etherpad = {
|
||||
autoStart = true;
|
||||
image = "etherpad/etherpad";
|
||||
extraOptions = [
|
||||
"--label=traefik.enable=true"
|
||||
"--label=traefik.http.routers.etherpad.entrypoints=websecure"
|
||||
"--label=traefik.http.routers.etherpad.rule=Host(`${config.nixin.etherpad.domain}`)"
|
||||
"--label=traefik.http.routers.etherpad.tls=true"
|
||||
"--label=traefik.http.services.etherpad.loadbalancer.server.port=9001"
|
||||
"--label=traefik.http.routers.etherpad.tls.certresolver=acme-challenge"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -67,6 +67,9 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -w -t nat -A POSTROUTING -s ${config.containers.nextcloud.localAddress} -j MASQUERADE
|
||||
'';
|
||||
|
||||
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
|
||||
loadBalancer.servers = [
|
||||
|
|
|
@ -82,22 +82,5 @@ in
|
|||
middlewares = [ "wg-whitelist" ];
|
||||
entryPoints = [ "websecure" ];
|
||||
};
|
||||
|
||||
|
||||
# You can find and example proxy for a non-docker service in the nixin-web.nix module
|
||||
|
||||
# Example docker service with traefik proxy enabled through labels
|
||||
# virtualisation.oci-containers.containers.whoami = {
|
||||
# autoStart = true;
|
||||
# image = "jwilder/whoami";
|
||||
# extraOptions = [
|
||||
# "--label=traefik.enable=true"
|
||||
# "--label=traefik.http.routers.whoami.entrypoints=websecure"
|
||||
# "--label=traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
|
||||
# "--label=traefik.http.routers.whoami.tls=true"
|
||||
# "--label=traefik.http.services.whoami.loadbalancer.server.port=8000"
|
||||
# "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge"
|
||||
# ];
|
||||
# };
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue