From 252ad42fb2bc6fb2525b69b15e06a20929d4cf79 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 4 Nov 2020 17:23:52 +0000 Subject: [PATCH] clouvider-lon01: add minotarproxy --- ops/nixos/clouvider-lon01/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index 2bd2d1cfef..161eb91b7b 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -132,6 +132,9 @@ in { users.users = { lukegb.extraGroups = [ "bird2" ]; + minotarproxy = { + isSystemUser = true; + }; }; users.groups = { znc-acme = { @@ -188,6 +191,10 @@ in { enable = true; virtualHosts = { "clouvider-lon01.as205479.net" = { + listen = [ + {addr = "185.198.188.29"; port = 80; ssl = false;} + {addr = "[2a0a:54c0:0:17::2]"; port = 80; ssl = false;} + ]; locations."/.well-known/acme-challenge" = { root = "/var/lib/acme/.challenges"; }; @@ -198,5 +205,20 @@ in { }; }; + systemd.services.minotarproxy = { + description = "Minotar proxy"; + wants = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy''; + User = "minotarproxy"; + Restart = "always"; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + }; + }; + systemd.tmpfiles.rules = [ + "d /run/minotarproxy 0700 minotarproxy - -" + ]; + system.stateVersion = "20.09"; }