dotfiles/container/webserver/default.nix

let
  config-mosquitto = import ./config/mosquitto.nix;
in
{
  virtualisation.arion.projects.webserver.settings = {
    services = {
      ipv6nat = {
        service = {
          image = "robbertkl/ipv6nat:latest";
          name = "ipv6nat";
          restart = "always";
          capabilities = {
            ALL = false;
            NET_ADMIN = true;
            NET_RAW = true;
          };
          network_mode = "host";
          volumes = [
            "/var/run/docker.sock:/var/run/docker.sock:ro"
          ];
        };
      };

      ifconfig-sexy = {
        service = {
          image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";
          restart = "always";
          depends_on = [ "ipv6nat" ];
          networks = [ "webserver" ];
          labels = {
            "traefik.enable" = "true";
            "traefik.http.routers.ifconfig-sexy-http.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
            "traefik.http.routers.ifconfig-sexy-http.entrypoints" = "web";
            "traefik.http.routers.ifconfig-sexy-http.middlewares" = "https-redirect@file";
            "traefik.http.routers.ifconfig-sexy.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
            "traefik.http.routers.ifconfig-sexy.entrypoints" = "websecure";
            "traefik.http.routers.ifconfig-sexy.tls" = "true";
            "traefik.http.routers.ifconfig-sexy.tls.certresolver" = "cfresolver";
            "traefik.http.routers.ifconfig-sexy.middlewares" = "non-www-redirect@file, content-compression@file";
          };
        };
      };
    };

    networks.webserver = {
      driver = "bridge";
      enable_ipv6 = true;
      ipam = {
        driver = "default";
        config = [
          {
            subnet = "fd00:dead:beef::/48";
          }
        ];
      };
    };
  };
} // config-mosquitto
WIP: mosquitto config 2022-07-30 22:36:06 +00:00			`let`
			`config-mosquitto = import ./config/mosquitto.nix;`
			`in`
			`{`
			`virtualisation.arion.projects.webserver.settings = {`
			`services = {`
			`ipv6nat = {`
			`service = {`
			`image = "robbertkl/ipv6nat:latest";`
			`name = "ipv6nat";`
			`restart = "always";`
			`capabilities = {`
			`ALL = false;`
			`NET_ADMIN = true;`
			`NET_RAW = true;`
			`};`
			`network_mode = "host";`
			`volumes = [`
			`"/var/run/docker.sock:/var/run/docker.sock:ro"`
			`];`
			`};`
			`};`

			`ifconfig-sexy = {`
			`service = {`
			`image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";`
			`restart = "always";`
			`depends_on = [ "ipv6nat" ];`
			`networks = [ "webserver" ];`
			`labels = {`
			`"traefik.enable" = "true";`
			"traefik.http.routers.ifconfig-sexy-http.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
			`"traefik.http.routers.ifconfig-sexy-http.entrypoints" = "web";`
			`"traefik.http.routers.ifconfig-sexy-http.middlewares" = "https-redirect@file";`
			"traefik.http.routers.ifconfig-sexy.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
			`"traefik.http.routers.ifconfig-sexy.entrypoints" = "websecure";`
			`"traefik.http.routers.ifconfig-sexy.tls" = "true";`
			`"traefik.http.routers.ifconfig-sexy.tls.certresolver" = "cfresolver";`
			`"traefik.http.routers.ifconfig-sexy.middlewares" = "non-www-redirect@file, content-compression@file";`
			`};`
			`};`
			`};`
			`};`

			`networks.webserver = {`
			`driver = "bridge";`
			`enable_ipv6 = true;`
			`ipam = {`
			`driver = "default";`
			`config = [`
			`{`
			`subnet = "fd00:dead:beef::/48";`
			`}`
			`];`
			`};`
			`};`
			`};`
			`} // config-mosquitto`