add etherpad to arachnide server and fix internet access from nixos-containers
This commit is contained in:
parent
e85686be0c
commit
f3603eec25
5 changed files with 50 additions and 17 deletions
|
@ -14,6 +14,7 @@
|
||||||
/var/src/modules/forgejo.nix
|
/var/src/modules/forgejo.nix
|
||||||
/var/src/modules/forgejo-runner.nix
|
/var/src/modules/forgejo-runner.nix
|
||||||
/var/src/modules/nextcloud.nix
|
/var/src/modules/nextcloud.nix
|
||||||
|
/var/src/modules/etherpad.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
|
@ -70,6 +71,10 @@
|
||||||
address-prefix = "/24";
|
address-prefix = "/24";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixin.etherpad = {
|
||||||
|
domain = "pad.lab12.fr";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# Enable ip forwarding to route packets for the local network connected to enp3s0
|
# Enable ip forwarding to route packets for the local network connected to enp3s0
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
|
|
|
@ -12,6 +12,15 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
defaultGateway = "192.168.36.1";
|
defaultGateway = "192.168.36.1";
|
||||||
|
|
||||||
|
nat = {
|
||||||
|
enable = true;
|
||||||
|
#internalInterfaces = ["vb-+"];
|
||||||
|
internalIPs = ["10.10.10.0/24"];
|
||||||
|
externalInterface = "enp1s0";
|
||||||
|
# Lazy IPv6 connectivity for the containers
|
||||||
|
#enableIPv6 = true;
|
||||||
|
};
|
||||||
|
|
||||||
# bridge for containers
|
# bridge for containers
|
||||||
bridges = {
|
bridges = {
|
||||||
"br0" = {
|
"br0" = {
|
||||||
|
|
33
modules/etherpad.nix
Normal file
33
modules/etherpad.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Forgejo
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mkOption mkDefault;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
nixin.etherpad = {
|
||||||
|
domain = mkOption { type = lib.types.str; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.hosts = {
|
||||||
|
"127.0.0.1" = [ "${config.nixin.etherpad.domain}" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Etherpad is not yes packaged for nixos, so deploy it using docker
|
||||||
|
virtualisation.oci-containers.containers.etherpad = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "etherpad/etherpad";
|
||||||
|
extraOptions = [
|
||||||
|
"--label=traefik.enable=true"
|
||||||
|
"--label=traefik.http.routers.etherpad.entrypoints=websecure"
|
||||||
|
"--label=traefik.http.routers.etherpad.rule=Host(`${config.nixin.etherpad.domain}`)"
|
||||||
|
"--label=traefik.http.routers.etherpad.tls=true"
|
||||||
|
"--label=traefik.http.services.etherpad.loadbalancer.server.port=9001"
|
||||||
|
"--label=traefik.http.routers.etherpad.tls.certresolver=acme-challenge"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -67,6 +67,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
iptables -w -t nat -A POSTROUTING -s ${config.containers.nextcloud.localAddress} -j MASQUERADE
|
||||||
|
'';
|
||||||
|
|
||||||
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
|
services.traefik.dynamicConfigOptions.http.services."service-nextcloud" = {
|
||||||
loadBalancer.servers = [
|
loadBalancer.servers = [
|
||||||
|
|
|
@ -82,22 +82,5 @@ in
|
||||||
middlewares = [ "wg-whitelist" ];
|
middlewares = [ "wg-whitelist" ];
|
||||||
entryPoints = [ "websecure" ];
|
entryPoints = [ "websecure" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# You can find and example proxy for a non-docker service in the nixin-web.nix module
|
|
||||||
|
|
||||||
# Example docker service with traefik proxy enabled through labels
|
|
||||||
# virtualisation.oci-containers.containers.whoami = {
|
|
||||||
# autoStart = true;
|
|
||||||
# image = "jwilder/whoami";
|
|
||||||
# extraOptions = [
|
|
||||||
# "--label=traefik.enable=true"
|
|
||||||
# "--label=traefik.http.routers.whoami.entrypoints=websecure"
|
|
||||||
# "--label=traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
|
|
||||||
# "--label=traefik.http.routers.whoami.tls=true"
|
|
||||||
# "--label=traefik.http.services.whoami.loadbalancer.server.port=8000"
|
|
||||||
# "--label=traefik.http.routers.whoami.tls.certresolver=acme-challenge"
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue