summaryrefslogtreecommitdiffstats
path: root/lass/2configs/services/flix/container-host.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-03-08 19:27:59 +0100
committermakefu <github@syntax-fehler.de>2023-03-08 19:27:59 +0100
commitcaa8f83e79f7373bf234874b8614117c3f7a0710 (patch)
tree9167f06d093d44a662536aa4b5e3d32c271ccca0 /lass/2configs/services/flix/container-host.nix
parent8b4c488bff6b61e2e3ed7c75d96b161a66f5a8c4 (diff)
parent2168f3961298b661fd010add7972a86af77f81de (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs/services/flix/container-host.nix')
-rw-r--r--lass/2configs/services/flix/container-host.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix
new file mode 100644
index 000000000..1c5b81128
--- /dev/null
+++ b/lass/2configs/services/flix/container-host.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+{
+ krebs.sync-containers3.containers.yellow = {
+ sshKey = "${toString <secrets>}/yellow.sync.key";
+ };
+ containers.yellow.bindMounts."/var/lib" = {
+ hostPath = "/var/lib/sync-containers3/yellow/state";
+ isReadOnly = false;
+ };
+ containers.yellow.bindMounts."/var/download" = {
+ hostPath = "/var/download";
+ isReadOnly = false;
+ };
+ # krebs.iptables.tables.filter.FORWARD.rules = [
+ # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; }
+ # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; }
+ # ];
+ # krebs.iptables.tables.nat.PREROUTING.rules = [
+ # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; }
+ # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; }
+ # ];
+ networking.firewall.allowedTCPPorts = [ 8096 8920 ];
+ networking.firewall.allowedUDPPorts = [ 1900 7359 ];
+ containers.yellow.forwardPorts = [
+ { hostPort = 8096; containerPort = 8096; protocol = "tcp"; }
+ { hostPort = 8920; containerPort = 8920; protocol = "tcp"; }
+ { hostPort = 1900; containerPort = 1900; protocol = "udp"; }
+ { hostPort = 7359; containerPort = 7359; protocol = "udp"; }
+ ];
+
+ services.nginx.virtualHosts."flix.lassul.us" = {
+ # forceSSL = true;
+ # enableACME = true;
+ locations."/" = {
+ proxyPass = "http://yellow.r:8096";
+ proxyWebsockets = true;
+ recommendedProxySettings = true;
+ };
+ };
+}