From b014ef780b5aa85aa1c2473ae387fdc1a819dba3 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Mon, 1 Mar 2021 17:16:06 +0000 Subject: [PATCH] clouvider-lon01: give minotarproxy more IPs --- ops/nixos/clouvider-lon01/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index 0d3caf697c..4f5cc08b89 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -6,6 +6,8 @@ let inherit (depot.ops) secrets; machineSecrets = secrets.machineSpecific.clouvider-lon01; + + aliasIPs = map (n: "92.118.29.${toString n}") (lib.range 1 253); in { imports = [ ../lib/zfs.nix @@ -109,7 +111,7 @@ in { }; interfaces.lo = { ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ ( - map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253)); + map (address: { inherit address; prefixLength = 32; }) aliasIPs); ipv6.addresses = [{ address = "::1"; prefixLength = 128; }]; }; firewall = { @@ -226,7 +228,7 @@ in { wants = ["network-online.target"]; wantedBy = ["multi-user.target"]; serviceConfig = { - ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy''; + ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="${builtins.concatStringsSep "," aliasIPs}" --autocert_cache_dir=/run/minotarproxy''; User = "minotarproxy"; Restart = "always"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";