Testing
This commit is contained in:
parent
92e933d846
commit
cf6de9610d
5 changed files with 17 additions and 46 deletions
|
@ -1,12 +1,14 @@
|
|||
{ ... }: {
|
||||
{ pkgs-unstable, pkgs, ... }: {
|
||||
# Enable tailscale and open port 22 on it
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
package = pkgs-unstable.tailscale;
|
||||
interfaceName = "tailscale0";
|
||||
extraUpFlags = [
|
||||
"--login-server=https://headscale.sysctl.io"
|
||||
"--accept-dns"
|
||||
"--accept-routes"
|
||||
"--reset"
|
||||
];
|
||||
};
|
||||
networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 22 ];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
''0 0 * * * root mkdir -p /Storage/Data/Docker/sysctl.io/letsencrypt/; rsync -avr root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||||
''0 0 * * * root mkdir -p /Storage/Data/Docker/sysctl.io/letsencrypt/; rsync -avr --delete root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -20,8 +20,8 @@
|
|||
};
|
||||
volumes = [
|
||||
"/var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/frankfurt.sysctl.io.crt:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/frankfurt.sysctl.io.key:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/public.crt:/app/certs/frankfurt.sysctl.io.crt:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/private.key:/app/certs/frankfurt.sysctl.io.key:ro"
|
||||
];
|
||||
ports = [
|
||||
"3478:3478/udp"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
''0 0 * * * root mkdir -p /Storage/Data/Docker/sysctl.io/letsencrypt/; rsync -avr root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||||
''0 0 * * * root mkdir -p /Storage/Data/Docker/sysctl.io/letsencrypt/; rsync -avr --delete root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -20,8 +20,8 @@
|
|||
};
|
||||
volumes = [
|
||||
"/var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/milan.sysctl.io.crt:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/milan.sysctl.io.key:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/public.crt:/app/certs/milan.sysctl.io.crt:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/private.key:/app/certs/milan.sysctl.io.key:ro"
|
||||
];
|
||||
ports = [
|
||||
"3478:3478/udp"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
''0 0 * * * root mkdir -p /Storage/Data/Docker/sysctl.io/letsencrypt/; rsync -avr root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||||
''0 0 * * * root mkdir -p /Storage/Data/Docker/sysctl.io/letsencrypt/; rsync -avr --delete root@framework-server:/Storage/Data/Docker/sysctl.io/letsencrypt/ /Storage/Data/Docker/sysctl.io/letsencrypt/''
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -20,8 +20,8 @@
|
|||
};
|
||||
volumes = [
|
||||
"/var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/certs/*.sysctl.io.crt:/app/certs/sysctl.io.crt:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/certificates/private/*.sysctl.io.key:/app/certs/sysctl.io.key:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/public.crt:/app/certs/sysctl.io.crt:ro"
|
||||
"/Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/private.key:/app/certs/sysctl.io.key:ro"
|
||||
];
|
||||
ports = [
|
||||
"3478:3478/udp"
|
||||
|
|
|
@ -50,40 +50,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
# sops.secrets."cloudflare/api_key" = {
|
||||
# owner = "haproxy";
|
||||
# sopsFile = ../../../secrets/cloudflare.yaml;
|
||||
# };
|
||||
#
|
||||
# sops.secrets."cloudflare/email" = {
|
||||
# owner = "haproxy";
|
||||
# sopsFile = ../../../secrets/cloudflare.yaml;
|
||||
# };
|
||||
|
||||
# security.acme = {
|
||||
# acceptTerms = true;
|
||||
# defaults = {
|
||||
# group = "haproxy";
|
||||
# extraLegoFlags = [ "--pem" ];
|
||||
# dnsPropagationCheck = false;
|
||||
# email = "albert@sysctl.io";
|
||||
# };
|
||||
# certs."sysctl.io" = {
|
||||
# directory = "/haproxy/";
|
||||
# dnsProvider = "cloudflare";
|
||||
# dnsResolver = "1.1.1.1:53";
|
||||
# enableDebugLogs = true;
|
||||
# credentialFiles = {
|
||||
# "CF_DNS_API_TOKEN_FILE" = "/var/run/secrets/cloudflare/api_key";
|
||||
# "CLOUDFLARE_EMAIL_FILE" = "/var/run/secrets/cloudflare/email";
|
||||
# };
|
||||
# domain = "sysctl.io";
|
||||
# extraDomainNames = [ "*.sysctl.io" ];
|
||||
# reloadServices = [ "haproxy" ];
|
||||
# };
|
||||
# };
|
||||
|
||||
services.haproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
|
@ -105,8 +71,11 @@
|
|||
|
||||
frontend https
|
||||
mode tcp
|
||||
bind :443
|
||||
default_backend backend_tcp
|
||||
bind :443 ssl crt /Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/combined.pem
|
||||
default_backend backend_https
|
||||
backend backend_http
|
||||
mode http
|
||||
server framework-server 10.100.0.2:443 ssl verity required ca-file /Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/combined.pem
|
||||
|
||||
frontend tcp
|
||||
mode tcp
|
||||
|
|
Loading…
Reference in a new issue