clouvider-lon01: add minotarproxy

This commit is contained in:
Luke Granger-Brown 2020-11-04 17:23:52 +00:00
parent 013da6e7c3
commit 252ad42fb2

View file

@ -132,6 +132,9 @@ in {
users.users = {
lukegb.extraGroups = [ "bird2" ];
minotarproxy = {
isSystemUser = true;
};
};
users.groups = {
znc-acme = {
@ -188,6 +191,10 @@ in {
enable = true;
virtualHosts = {
"clouvider-lon01.as205479.net" = {
listen = [
{addr = "185.198.188.29"; port = 80; ssl = false;}
{addr = "[2a0a:54c0:0:17::2]"; port = 80; ssl = false;}
];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
@ -198,5 +205,20 @@ in {
};
};
systemd.services.minotarproxy = {
description = "Minotar proxy";
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy'';
User = "minotarproxy";
Restart = "always";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
};
};
systemd.tmpfiles.rules = [
"d /run/minotarproxy 0700 minotarproxy - -"
];
system.stateVersion = "20.09";
}