WIP: mosquitto config

2022-07-31 00:36:06 +02:00 · 2022-07-31 00:36:06 +02:00 · bf0732c6ae
commit bf0732c6ae
parent 3a489b7851
4 changed files with 65 additions and 44 deletions
--- a/container/webserver.nix
+++ b/container/webserver.nix
@ -1,43 +0,0 @@
-{
-  virtualisation.arion.projects.webserver.settings = {
-    services = {
-      ipv6nat = {
-        service = {
-          image = "robbertkl/ipv6nat:latest";
-          name = "ipv6nat";
-          restart = "always";
-          capabilities = {
-            ALL = false;
-            NET_ADMIN = true;
-            NET_RAW = true;
-          };
-          network_mode = "host";
-          volumes = [
-            "/var/run/docker.sock:/var/run/docker.sock:ro"
-          ];
-        };
-      };
-
-      ifconfig-sexy = {
-        service = {
-          image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";
-          restart = "always";
-          networks = [ "webserver" ];
-        };
-      };
-    };
-
-    networks.webserver = {
-      driver = "bridge";
-      enable_ipv6 = true;
-      ipam = {
-        driver = "default";
-        config = [
-          {
-            subnet = "fd00:dead:beef::/48";
-          }
-        ];
-      };
-    };
-  };
-}
--- a/container/webserver/config/mosquitto.nix
+++ b/container/webserver/config/mosquitto.nix
@ -0,0 +1,6 @@
+{
+  environment.usr."local/etc/container-webserver/mosquitto/mosquitto.conf".text = ''
+    listener 1883
+    password_file /mosquitto/config/users.conf
+  '';
+}
--- a/container/webserver/default.nix
+++ b/container/webserver/default.nix
@ -0,0 +1,58 @@
+let
+  config-mosquitto = import ./config/mosquitto.nix;
+in
+{
+  virtualisation.arion.projects.webserver.settings = {
+    services = {
+      ipv6nat = {
+        service = {
+          image = "robbertkl/ipv6nat:latest";
+          name = "ipv6nat";
+          restart = "always";
+          capabilities = {
+            ALL = false;
+            NET_ADMIN = true;
+            NET_RAW = true;
+          };
+          network_mode = "host";
+          volumes = [
+            "/var/run/docker.sock:/var/run/docker.sock:ro"
+          ];
+        };
+      };
+
+      ifconfig-sexy = {
+        service = {
+          image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";
+          restart = "always";
+          depends_on = [ "ipv6nat" ];
+          networks = [ "webserver" ];
+          labels = {
+            "traefik.enable" = "true";
+            "traefik.http.routers.ifconfig-sexy-http.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
+            "traefik.http.routers.ifconfig-sexy-http.entrypoints" = "web";
+            "traefik.http.routers.ifconfig-sexy-http.middlewares" = "https-redirect@file";
+            "traefik.http.routers.ifconfig-sexy.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
+            "traefik.http.routers.ifconfig-sexy.entrypoints" = "websecure";
+            "traefik.http.routers.ifconfig-sexy.tls" = "true";
+            "traefik.http.routers.ifconfig-sexy.tls.certresolver" = "cfresolver";
+            "traefik.http.routers.ifconfig-sexy.middlewares" = "non-www-redirect@file, content-compression@file";
+          };
+        };
+      };
+    };
+
+    networks.webserver = {
+      driver = "bridge";
+      enable_ipv6 = true;
+      ipam = {
+        driver = "default";
+        config = [
+          {
+            subnet = "fd00:dead:beef::/48";
+          }
+        ];
+      };
+    };
+  };
+} // config-mosquitto
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@ -11,7 +11,7 @@ in
    ../nixos/git.nix

    ../nixos/arion.nix
-    ../../container/webserver.nix
+    ../../container/webserver
  ];

  nix = {