diff --git a/config/arachnide/configuration.nix b/config/arachnide/configuration.nix index f5ccc0b..01f9086 100644 --- a/config/arachnide/configuration.nix +++ b/config/arachnide/configuration.nix @@ -14,6 +14,7 @@ /var/src/modules/forgejo.nix /var/src/modules/forgejo-runner.nix /var/src/modules/nextcloud.nix + /var/src/modules/etherpad.nix ]; # Bootloader. @@ -70,6 +71,10 @@ address-prefix = "/24"; }; + nixin.etherpad = { + domain = "pad.lab12.fr"; + }; + # Enable ip forwarding to route packets for the local network connected to enp3s0 boot.kernel.sysctl = { diff --git a/config/arachnide/network-configuration.nix b/config/arachnide/network-configuration.nix index d58a9bf..ace0a36 100644 --- a/config/arachnide/network-configuration.nix +++ b/config/arachnide/network-configuration.nix @@ -12,6 +12,15 @@ useDHCP = false; defaultGateway = "192.168.36.1"; + nat = { + enable = true; + #internalInterfaces = ["vb-+"]; + internalIPs = ["10.10.10.0/24"]; + externalInterface = "enp1s0"; + # Lazy IPv6 connectivity for the containers + #enableIPv6 = true; + }; + # bridge for containers bridges = { "br0" = { diff --git a/modules/etherpad.nix b/modules/etherpad.nix new file mode 100644 index 0000000..d742dc5 --- /dev/null +++ b/modules/etherpad.nix @@ -0,0 +1,33 @@ +# Forgejo +{ config, pkgs, lib, ... }: + +let + inherit (lib) mkOption mkDefault; +in +{ + options = { + nixin.etherpad = { + domain = mkOption { type = lib.types.str; }; + }; + }; + + config = { + networking.hosts = { + "127.0.0.1" = [ "${config.nixin.etherpad.domain}" ]; + }; + + # Etherpad is not yes packaged for nixos, so deploy it using docker + virtualisation.oci-containers.containers.etherpad = { + autoStart = true; + image = "etherpad/etherpad"; + extraOptions = [ + "--label=traefik.enable=true" + "--label=traefik.http.routers.etherpad.entrypoints=websecure" + "--label=traefik.http.routers.etherpad.rule=Host(`${config.nixin.etherpad.domain}`)" + "--label=traefik.http.routers.etherpad.tls=true" + "--label=traefik.http.services.etherpad.loadbalancer.server.port=9001" + "--label=traefik.http.routers.etherpad.tls.certresolver=acme-challenge" + ]; + }; + }; +} diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 53f3715..005e005 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -67,6 +67,9 @@ in }; }; + networking.firewall.extraCommands = '' + iptables -w -t nat -A POSTROUTING -s ${config.containers.nextcloud.localAddress} -j MASQUERADE + ''; services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = { loadBalancer.servers = [ diff --git a/modules/reverse-proxy-traefik.nix b/modules/reverse-proxy-traefik.nix index c1f2c5e..432bf4c 100644 --- a/modules/reverse-proxy-traefik.nix +++ b/modules/reverse-proxy-traefik.nix @@ -82,22 +82,5 @@ in middlewares = [ "wg-whitelist" ]; entryPoints = [ "websecure" ]; }; - - - # You can find and example proxy for a non-docker service in the nixin-web.nix module - - # Example docker service with traefik proxy enabled through labels - # virtualisation.oci-containers.containers.whoami = { - # autoStart = true; - # image = "jwilder/whoami"; - # extraOptions = [ - # "--label=traefik.enable=true" - # "--label=traefik.http.routers.whoami.entrypoints=websecure" - # "--label=traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)" - # "--label=traefik.http.routers.whoami.tls=true" - # "--label=traefik.http.services.whoami.loadbalancer.server.port=8000" - # "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge" - # ]; - # }; }; }