diff options
author | makefu <github@syntax-fehler.de> | 2023-03-08 19:27:59 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-03-08 19:27:59 +0100 |
commit | caa8f83e79f7373bf234874b8614117c3f7a0710 (patch) | |
tree | 9167f06d093d44a662536aa4b5e3d32c271ccca0 /lass/2configs/services/flix/container-host.nix | |
parent | 8b4c488bff6b61e2e3ed7c75d96b161a66f5a8c4 (diff) | |
parent | 2168f3961298b661fd010add7972a86af77f81de (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs/services/flix/container-host.nix')
-rw-r--r-- | lass/2configs/services/flix/container-host.nix | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix new file mode 100644 index 000000000..1c5b81128 --- /dev/null +++ b/lass/2configs/services/flix/container-host.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +{ + krebs.sync-containers3.containers.yellow = { + sshKey = "${toString <secrets>}/yellow.sync.key"; + }; + containers.yellow.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/yellow/state"; + isReadOnly = false; + }; + containers.yellow.bindMounts."/var/download" = { + hostPath = "/var/download"; + isReadOnly = false; + }; + # krebs.iptables.tables.filter.FORWARD.rules = [ + # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; } + # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; } + # ]; + # krebs.iptables.tables.nat.PREROUTING.rules = [ + # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; } + # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; } + # ]; + networking.firewall.allowedTCPPorts = [ 8096 8920 ]; + networking.firewall.allowedUDPPorts = [ 1900 7359 ]; + containers.yellow.forwardPorts = [ + { hostPort = 8096; containerPort = 8096; protocol = "tcp"; } + { hostPort = 8920; containerPort = 8920; protocol = "tcp"; } + { hostPort = 1900; containerPort = 1900; protocol = "udp"; } + { hostPort = 7359; containerPort = 7359; protocol = "udp"; } + ]; + + services.nginx.virtualHosts."flix.lassul.us" = { + # forceSSL = true; + # enableACME = true; + locations."/" = { + proxyPass = "http://yellow.r:8096"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; +} |