2022-12-20 05:40:58 +01:00
|
|
|
{ zentralwerk, config, hostRegistry, pkgs, lib, ... }:
|
2019-03-31 21:46:51 +02:00
|
|
|
|
|
|
|
{
|
2021-02-22 11:45:12 +01:00
|
|
|
imports = [
|
|
|
|
./proxy.nix
|
2021-09-09 18:21:38 +02:00
|
|
|
./stats.nix
|
2021-02-22 11:45:12 +01:00
|
|
|
];
|
2019-03-31 21:46:51 +02:00
|
|
|
|
2022-12-18 22:16:29 +01:00
|
|
|
c3d2.deployment.server = "server10";
|
2022-06-16 22:23:36 +02:00
|
|
|
|
2019-03-31 21:46:51 +02:00
|
|
|
networking.hostName = "public-access-proxy";
|
|
|
|
|
2022-06-20 20:17:13 +02:00
|
|
|
services.proxy = {
|
2019-03-31 21:46:51 +02:00
|
|
|
enable = true;
|
2022-05-31 19:15:00 +02:00
|
|
|
proxyHosts = [ {
|
|
|
|
hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
|
|
|
|
proxyTo.host = "172.20.73.51";
|
|
|
|
matchArg = "-m end";
|
2022-07-23 00:06:12 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "auth.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.auth.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "jabber.c3d2.de" ];
|
|
|
|
proxyTo = {
|
2022-12-20 05:40:58 +01:00
|
|
|
host = hostRegistry.jabber.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
};
|
|
|
|
matchArg = "-m end";
|
|
|
|
} {
|
|
|
|
hostNames = [ "zw.poelzi.org" ];
|
|
|
|
proxyTo.host = "172.20.73.162";
|
|
|
|
matchArg = "-m end";
|
|
|
|
} {
|
|
|
|
hostNames = [ "staging.dvb.solutions" ];
|
|
|
|
proxyTo = {
|
2022-12-20 05:40:58 +01:00
|
|
|
host = hostRegistry.staging-data-hoarder.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
};
|
|
|
|
matchArg = "-m end";
|
2022-07-11 23:36:25 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "dvb.solutions" ];
|
|
|
|
proxyTo = {
|
|
|
|
host = "172.20.73.69";
|
|
|
|
};
|
2022-07-12 00:57:42 +02:00
|
|
|
matchArg = "-m end";
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "bind.serv.zentralwerk.org" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.bind.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "blogs.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.blogs.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [
|
|
|
|
"datenspuren.de" "www.datenspuren.de" "ds.c3d2.de" "datenspuren.c3d2.de"
|
|
|
|
"c3d2.de" "www.c3d2.de" "c3dd.de" "www.c3dd.de" "cccdd.de" "www.cccdd.de" "dresden.ccc.de" "www.dresden.ccc.de"
|
|
|
|
"openpgpkey.c3d2.de"
|
|
|
|
"netzbiotop.org" "www.netzbiotop.org"
|
|
|
|
"autotopia.c3d2.de"
|
2023-01-08 23:10:22 +01:00
|
|
|
"rc3.c3d2.de" "dezentrale-jahresendveranstaltungen.fyi" "www.dezentrale-jahresendveranstaltungen.fyi"
|
2022-05-31 19:15:00 +02:00
|
|
|
];
|
2022-12-16 21:25:56 +01:00
|
|
|
proxyTo.host = zentralwerk.lib.config.site.net.flpk.hosts4.c3d2-web;
|
2022-06-21 23:41:56 +02:00
|
|
|
} {
|
2022-07-24 03:58:44 +02:00
|
|
|
hostNames = [
|
|
|
|
"codimd.c3d2.de"
|
2022-09-01 23:56:14 +02:00
|
|
|
"hackmd.c3d2.de"
|
2022-07-24 03:58:44 +02:00
|
|
|
"hedgedoc.c3d2.de"
|
|
|
|
];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.hedgedoc.ip4;
|
2022-07-16 20:38:23 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "ftp.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.ftp.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "gitea.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.gitea.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "grafana.hq.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.grafana.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [
|
|
|
|
"hydra.hq.c3d2.de"
|
2022-06-23 22:54:43 +02:00
|
|
|
"hydra-ca.hq.c3d2.de"
|
2023-04-03 20:34:04 +02:00
|
|
|
"nix-cache.hq.c3d2.de"
|
2022-05-31 19:15:00 +02:00
|
|
|
"nix-serve.hq.c3d2.de"
|
|
|
|
];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.hydra.ip4;
|
2022-10-22 21:38:12 +02:00
|
|
|
} {
|
|
|
|
hostNames = [
|
|
|
|
"zentralwerk.org"
|
|
|
|
"www.zentralwerk.org"
|
|
|
|
];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.network-homepage.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "matemat.hq.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.matemat.ip4;
|
2023-03-24 01:56:23 +01:00
|
|
|
} {
|
2023-03-25 16:23:00 +01:00
|
|
|
hostNames = [
|
|
|
|
"element.c3d2.de"
|
|
|
|
"matrix.c3d2.de"
|
|
|
|
];
|
2023-03-24 01:56:23 +01:00
|
|
|
proxyTo.host = hostRegistry.matrix.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "mobilizon.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.mobilizon.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "drkkr.hq.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.pulsebert.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "scrape.hq.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.scrape.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [
|
|
|
|
"adsb.hq.c3d2.de"
|
|
|
|
"sdr.hq.c3d2.de"
|
|
|
|
];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.sdrweb.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [
|
|
|
|
"stream.hq.c3d2.de" "torrents.hq.c3d2.de"
|
|
|
|
];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.stream.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "ticker.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.ticker.ip4;
|
2022-06-23 18:46:35 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "wiki.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.mediawiki.ip4;
|
2022-11-21 19:39:38 +01:00
|
|
|
} {
|
|
|
|
hostNames = [ "owncast.c3d2.de" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.owncast.ip4;
|
2022-11-30 18:13:08 +01:00
|
|
|
} {
|
|
|
|
hostNames = [ "c3d2.social" ];
|
2022-12-20 05:40:58 +01:00
|
|
|
proxyTo.host = hostRegistry.mastodon.ip4;
|
2022-12-19 22:04:07 +01:00
|
|
|
} {
|
|
|
|
hostNames = [ "relay.fedi.buzz" ];
|
|
|
|
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.buzzrelay;
|
2023-01-18 18:31:08 +01:00
|
|
|
} {
|
|
|
|
hostNames = [ "tmppleroma.hq.c3d2.de" ];
|
|
|
|
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.tmppleroma;
|
2023-01-20 22:38:34 +01:00
|
|
|
} {
|
|
|
|
hostNames = [ "oxigraph.hq.c3d2.de" ];
|
|
|
|
proxyTo.host = zentralwerk.lib.config.site.net.serv.hosts4.oxigraph;
|
2023-01-26 00:55:17 +01:00
|
|
|
} {
|
2023-01-29 22:45:13 +01:00
|
|
|
hostNames = [ "drone.hq.c3d2.de" ];
|
|
|
|
proxyTo.host = hostRegistry.drone.ip4;
|
2023-04-08 21:28:43 +02:00
|
|
|
} {
|
|
|
|
hostNames = [ "home-assistant.hq.c3d2.de" ];
|
|
|
|
proxyTo.host = hostRegistry.home-assistant.ip4;
|
2022-05-31 19:15:00 +02:00
|
|
|
} ];
|
2019-03-31 21:46:51 +02:00
|
|
|
};
|
|
|
|
|
2022-03-05 01:15:41 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
# haproxy
|
|
|
|
80 443
|
|
|
|
# gemini
|
|
|
|
1965
|
|
|
|
];
|
|
|
|
|
|
|
|
# DNS records IN AAAA {www.,}c3d2.de point to this host but
|
|
|
|
# gemini:// is served on c3d2-web only
|
|
|
|
systemd.services.gemini-forward = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
path = with pkgs; [ socat ];
|
|
|
|
script = ''
|
2022-12-16 21:25:56 +01:00
|
|
|
socat tcp6-listen:1965,fork "tcp6:[${zentralwerk.lib.config.site.net.flpk.hosts6.flpk.c3d2-web}]:1965"
|
2022-03-05 01:15:41 +01:00
|
|
|
'';
|
|
|
|
serviceConfig = {
|
|
|
|
ProtectSystem = "strict";
|
|
|
|
DynamicUser = true;
|
|
|
|
};
|
|
|
|
};
|
2019-03-31 21:46:51 +02:00
|
|
|
|
2021-09-09 16:44:23 +02:00
|
|
|
system.stateVersion = "18.09";
|
2019-03-31 21:46:51 +02:00
|
|
|
}
|