contains/public-access-proxy: add to nixops and fixed proxy warnings
This commit is contained in:
parent
88943db469
commit
4aa3d1a291
|
@ -6,31 +6,13 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
|
[ ../../../lib/lxc-container.nix
|
||||||
|
../../../lib/shared.nix
|
||||||
|
../../../lib/admins.nix
|
||||||
./proxy.nix
|
./proxy.nix
|
||||||
];
|
];
|
||||||
nix.useSandbox = false;
|
|
||||||
nix.maxJobs = lib.mkDefault 2;
|
|
||||||
nix.buildCores = lib.mkDefault 16;
|
|
||||||
|
|
||||||
boot.isContainer = true;
|
|
||||||
# /sbin/init
|
|
||||||
boot.loader.initScript.enable = true;
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
|
|
||||||
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
|
||||||
|
|
||||||
networking.hostName = "public-access-proxy";
|
networking.hostName = "public-access-proxy";
|
||||||
networking.defaultGateway = { address = "172.22.99.4"; interface = "eth0"; };
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
permitRootLogin = "yes";
|
|
||||||
ports = [ 1122 ];
|
|
||||||
};
|
|
||||||
|
|
||||||
my.services.proxy = {
|
my.services.proxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -82,12 +82,12 @@ in {
|
||||||
|
|
||||||
frontend http-in
|
frontend http-in
|
||||||
bind :::80 v4v6
|
bind :::80 v4v6
|
||||||
|
timeout client 30000
|
||||||
default_backend proxy-backend-http
|
default_backend proxy-backend-http
|
||||||
|
|
||||||
backend proxy-backend-http
|
backend proxy-backend-http
|
||||||
timeout connect 5000
|
timeout connect 5000
|
||||||
timeout check 5000
|
timeout check 5000
|
||||||
timeout client 30000
|
|
||||||
timeout server 30000
|
timeout server 30000
|
||||||
${concatMapStringsSep "\n" (proxyHost:
|
${concatMapStringsSep "\n" (proxyHost:
|
||||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||||
|
@ -102,12 +102,12 @@ in {
|
||||||
|
|
||||||
frontend https-in
|
frontend https-in
|
||||||
bind :::443 v4v6
|
bind :::443 v4v6
|
||||||
|
timeout client 30000
|
||||||
default_backend proxy-backend-https
|
default_backend proxy-backend-https
|
||||||
|
|
||||||
backend proxy-backend-https
|
backend proxy-backend-https
|
||||||
timeout connect 5000
|
timeout connect 5000
|
||||||
timeout check 5000
|
timeout check 5000
|
||||||
timeout client 30000
|
|
||||||
timeout server 30000
|
timeout server 30000
|
||||||
${concatMapStringsSep "\n" (proxyHost:
|
${concatMapStringsSep "\n" (proxyHost:
|
||||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||||
|
|
13
hq.nixops
13
hq.nixops
|
@ -48,4 +48,17 @@
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"public-access-proxy" =
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
hosts/containers/public-access-proxy/configuration.nix
|
||||||
|
];
|
||||||
|
deployment = {
|
||||||
|
targetHost = "2a02:8106:208:5201:1024:5fff:febd:9be7";
|
||||||
|
storeKeysOnMachine = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue