l: add red.r

author: lassulus <lassulus@lassul.us> 2018-04-28 23:18:05 +0200
committer: lassulus <lassulus@lassul.us> 2018-04-28 23:18:05 +0200
commit: 1820b1753011eb42bb9be30011e6fbd11993b201 (patch)
tree: 1d9a8ea4ea7b94e7057e633bbaeedcb0dcc52be2 /lass/1systems/prism/config.nix
parent: b96f9d898a77bb5a735ad35d1bc1eeeea1833cae (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 7b581d905..d1faf77bd 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -304,6 +304,34 @@ in {
       ];
     }
     <stockholm/lass/2configs/go.nix>
+    {
+      environment.systemPackages = [ pkgs.cryptsetup ];
+      systemd.services."container@red".reloadIfChanged = mkForce false;
+      containers.red = {
+        config = { ... }: {
+          environment.systemPackages = [ pkgs.git ];
+          services.openssh.enable = true;
+          users.users.root.openssh.authorizedKeys.keys = [
+            config.krebs.users.lass.pubkey
+          ];
+        };
+        autoStart = false;
+        enableTun = true;
+        privateNetwork = true;
+        hostAddress = "10.233.2.3";
+        localAddress = "10.233.2.4";
+      };
+      services.nginx.virtualHosts."rote-allez-fraktion.de" = {
+        enableACME = true;
+        addSSL = true;
+        locations."/" = {
+          extraConfig = ''
+            proxy_set_header Host rote-allez-fraktion.de;
+            proxy_pass http://10.233.2.4;
+          '';
+        };
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
author	lassulus <lassulus@lassul.us>	2018-04-28 23:18:05 +0200
committer	lassulus <lassulus@lassul.us>	2018-04-28 23:18:05 +0200
commit	1820b1753011eb42bb9be30011e6fbd11993b201 (patch)
tree	1d9a8ea4ea7b94e7057e633bbaeedcb0dcc52be2 /lass/1systems/prism/config.nix
parent	b96f9d898a77bb5a735ad35d1bc1eeeea1833cae (diff)