clouvider-lon01: give minotarproxy more IPs

This commit is contained in:
Luke Granger-Brown 2021-03-01 17:16:06 +00:00
parent 439a6efcab
commit b014ef780b

View file

@ -6,6 +6,8 @@
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
machineSecrets = secrets.machineSpecific.clouvider-lon01; machineSecrets = secrets.machineSpecific.clouvider-lon01;
aliasIPs = map (n: "92.118.29.${toString n}") (lib.range 1 253);
in { in {
imports = [ imports = [
../lib/zfs.nix ../lib/zfs.nix
@ -109,7 +111,7 @@ in {
}; };
interfaces.lo = { interfaces.lo = {
ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ ( ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ (
map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253)); map (address: { inherit address; prefixLength = 32; }) aliasIPs);
ipv6.addresses = [{ address = "::1"; prefixLength = 128; }]; ipv6.addresses = [{ address = "::1"; prefixLength = 128; }];
}; };
firewall = { firewall = {
@ -226,7 +228,7 @@ in {
wants = ["network-online.target"]; wants = ["network-online.target"];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy''; ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="${builtins.concatStringsSep "," aliasIPs}" --autocert_cache_dir=/run/minotarproxy'';
User = "minotarproxy"; User = "minotarproxy";
Restart = "always"; Restart = "always";
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";