clouvider-lon01: give minotarproxy more IPs
This commit is contained in:
parent
439a6efcab
commit
b014ef780b
1 changed files with 4 additions and 2 deletions
|
@ -6,6 +6,8 @@
|
||||||
let
|
let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
machineSecrets = secrets.machineSpecific.clouvider-lon01;
|
machineSecrets = secrets.machineSpecific.clouvider-lon01;
|
||||||
|
|
||||||
|
aliasIPs = map (n: "92.118.29.${toString n}") (lib.range 1 253);
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../lib/zfs.nix
|
../lib/zfs.nix
|
||||||
|
@ -109,7 +111,7 @@ in {
|
||||||
};
|
};
|
||||||
interfaces.lo = {
|
interfaces.lo = {
|
||||||
ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ (
|
ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ (
|
||||||
map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253));
|
map (address: { inherit address; prefixLength = 32; }) aliasIPs);
|
||||||
ipv6.addresses = [{ address = "::1"; prefixLength = 128; }];
|
ipv6.addresses = [{ address = "::1"; prefixLength = 128; }];
|
||||||
};
|
};
|
||||||
firewall = {
|
firewall = {
|
||||||
|
@ -226,7 +228,7 @@ in {
|
||||||
wants = ["network-online.target"];
|
wants = ["network-online.target"];
|
||||||
wantedBy = ["multi-user.target"];
|
wantedBy = ["multi-user.target"];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy'';
|
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="${builtins.concatStringsSep "," aliasIPs}" --autocert_cache_dir=/run/minotarproxy'';
|
||||||
User = "minotarproxy";
|
User = "minotarproxy";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
|
|
Loading…
Reference in a new issue