clouvider-lon01: add minotarproxy
This commit is contained in:
parent
013da6e7c3
commit
252ad42fb2
1 changed files with 22 additions and 0 deletions
|
@ -132,6 +132,9 @@ in {
|
||||||
|
|
||||||
users.users = {
|
users.users = {
|
||||||
lukegb.extraGroups = [ "bird2" ];
|
lukegb.extraGroups = [ "bird2" ];
|
||||||
|
minotarproxy = {
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
users.groups = {
|
users.groups = {
|
||||||
znc-acme = {
|
znc-acme = {
|
||||||
|
@ -188,6 +191,10 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"clouvider-lon01.as205479.net" = {
|
"clouvider-lon01.as205479.net" = {
|
||||||
|
listen = [
|
||||||
|
{addr = "185.198.188.29"; port = 80; ssl = false;}
|
||||||
|
{addr = "[2a0a:54c0:0:17::2]"; port = 80; ssl = false;}
|
||||||
|
];
|
||||||
locations."/.well-known/acme-challenge" = {
|
locations."/.well-known/acme-challenge" = {
|
||||||
root = "/var/lib/acme/.challenges";
|
root = "/var/lib/acme/.challenges";
|
||||||
};
|
};
|
||||||
|
@ -198,5 +205,20 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.minotarproxy = {
|
||||||
|
description = "Minotar proxy";
|
||||||
|
wants = ["network-online.target"];
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy'';
|
||||||
|
User = "minotarproxy";
|
||||||
|
Restart = "always";
|
||||||
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /run/minotarproxy 0700 minotarproxy - -"
|
||||||
|
];
|
||||||
|
|
||||||
system.stateVersion = "20.09";
|
system.stateVersion = "20.09";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue