summaryrefslogtreecommitdiffstats
path: root/lass/2configs/services/flix/container-host.nix
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-02-21 11:15:26 +0100
committerlassulus <git@lassul.us>2023-02-21 11:16:52 +0100
commit79a7ab4fd8899e7ac197318bb58a3e04affdf459 (patch)
tree07d4035f80c10fb4affb14a63f6b097d51c4edfc /lass/2configs/services/flix/container-host.nix
parent6624d3aab64adcc4f8e1bf8393859fc4769e5ed2 (diff)
l yellow.r: move flix to services
Diffstat (limited to 'lass/2configs/services/flix/container-host.nix')
-rw-r--r--lass/2configs/services/flix/container-host.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix
new file mode 100644
index 000000000..1c5b81128
--- /dev/null
+++ b/lass/2configs/services/flix/container-host.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+{
+ krebs.sync-containers3.containers.yellow = {
+ sshKey = "${toString <secrets>}/yellow.sync.key";
+ };
+ containers.yellow.bindMounts."/var/lib" = {
+ hostPath = "/var/lib/sync-containers3/yellow/state";
+ isReadOnly = false;
+ };
+ containers.yellow.bindMounts."/var/download" = {
+ hostPath = "/var/download";
+ isReadOnly = false;
+ };
+ # krebs.iptables.tables.filter.FORWARD.rules = [
+ # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; }
+ # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; }
+ # ];
+ # krebs.iptables.tables.nat.PREROUTING.rules = [
+ # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; }
+ # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; }
+ # ];
+ networking.firewall.allowedTCPPorts = [ 8096 8920 ];
+ networking.firewall.allowedUDPPorts = [ 1900 7359 ];
+ containers.yellow.forwardPorts = [
+ { hostPort = 8096; containerPort = 8096; protocol = "tcp"; }
+ { hostPort = 8920; containerPort = 8920; protocol = "tcp"; }
+ { hostPort = 1900; containerPort = 1900; protocol = "udp"; }
+ { hostPort = 7359; containerPort = 7359; protocol = "udp"; }
+ ];
+
+ services.nginx.virtualHosts."flix.lassul.us" = {
+ # forceSSL = true;
+ # enableACME = true;
+ locations."/" = {
+ proxyPass = "http://yellow.r:8096";
+ proxyWebsockets = true;
+ recommendedProxySettings = true;
+ };
+ };
+}