diff --git a/container/webserver.nix b/container/webserver.nix deleted file mode 100644 index fa6173d..0000000 --- a/container/webserver.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - virtualisation.arion.projects.webserver.settings = { - services = { - ipv6nat = { - service = { - image = "robbertkl/ipv6nat:latest"; - name = "ipv6nat"; - restart = "always"; - capabilities = { - ALL = false; - NET_ADMIN = true; - NET_RAW = true; - }; - network_mode = "host"; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock:ro" - ]; - }; - }; - - ifconfig-sexy = { - service = { - image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master"; - restart = "always"; - networks = [ "webserver" ]; - }; - }; - }; - - networks.webserver = { - driver = "bridge"; - enable_ipv6 = true; - ipam = { - driver = "default"; - config = [ - { - subnet = "fd00:dead:beef::/48"; - } - ]; - }; - }; - }; -} diff --git a/container/webserver/config/mosquitto.nix b/container/webserver/config/mosquitto.nix new file mode 100644 index 0000000..571f635 --- /dev/null +++ b/container/webserver/config/mosquitto.nix @@ -0,0 +1,6 @@ +{ + environment.usr."local/etc/container-webserver/mosquitto/mosquitto.conf".text = '' + listener 1883 + password_file /mosquitto/config/users.conf + ''; +} diff --git a/container/webserver/default.nix b/container/webserver/default.nix new file mode 100644 index 0000000..c21566a --- /dev/null +++ b/container/webserver/default.nix @@ -0,0 +1,58 @@ +let + config-mosquitto = import ./config/mosquitto.nix; +in +{ + virtualisation.arion.projects.webserver.settings = { + services = { + ipv6nat = { + service = { + image = "robbertkl/ipv6nat:latest"; + name = "ipv6nat"; + restart = "always"; + capabilities = { + ALL = false; + NET_ADMIN = true; + NET_RAW = true; + }; + network_mode = "host"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock:ro" + ]; + }; + }; + + ifconfig-sexy = { + service = { + image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master"; + restart = "always"; + depends_on = [ "ipv6nat" ]; + networks = [ "webserver" ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.ifconfig-sexy-http.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)"; + "traefik.http.routers.ifconfig-sexy-http.entrypoints" = "web"; + "traefik.http.routers.ifconfig-sexy-http.middlewares" = "https-redirect@file"; + "traefik.http.routers.ifconfig-sexy.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)"; + "traefik.http.routers.ifconfig-sexy.entrypoints" = "websecure"; + "traefik.http.routers.ifconfig-sexy.tls" = "true"; + "traefik.http.routers.ifconfig-sexy.tls.certresolver" = "cfresolver"; + "traefik.http.routers.ifconfig-sexy.middlewares" = "non-www-redirect@file, content-compression@file"; + }; + }; + }; + }; + + networks.webserver = { + driver = "bridge"; + enable_ipv6 = true; + ipam = { + driver = "default"; + config = [ + { + subnet = "fd00:dead:beef::/48"; + } + ]; + }; + }; + }; +} // config-mosquitto diff --git a/system/hosts/sail.nix b/system/hosts/sail.nix index 5cc9869..c677a42 100644 --- a/system/hosts/sail.nix +++ b/system/hosts/sail.nix @@ -11,7 +11,7 @@ in ../nixos/git.nix ../nixos/arion.nix - ../../container/webserver.nix + ../../container/webserver ]; nix = {