clouvider-lon01: give minotarproxy more IPs
This commit is contained in:
parent
439a6efcab
commit
b014ef780b
1 changed files with 4 additions and 2 deletions
|
@ -6,6 +6,8 @@
|
|||
let
|
||||
inherit (depot.ops) secrets;
|
||||
machineSecrets = secrets.machineSpecific.clouvider-lon01;
|
||||
|
||||
aliasIPs = map (n: "92.118.29.${toString n}") (lib.range 1 253);
|
||||
in {
|
||||
imports = [
|
||||
../lib/zfs.nix
|
||||
|
@ -109,7 +111,7 @@ in {
|
|||
};
|
||||
interfaces.lo = {
|
||||
ipv4.addresses = [{ address = "127.0.0.1"; prefixLength = 8; }] ++ (
|
||||
map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253));
|
||||
map (address: { inherit address; prefixLength = 32; }) aliasIPs);
|
||||
ipv6.addresses = [{ address = "::1"; prefixLength = 128; }];
|
||||
};
|
||||
firewall = {
|
||||
|
@ -226,7 +228,7 @@ in {
|
|||
wants = ["network-online.target"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
serviceConfig = {
|
||||
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="92.118.29.225,92.118.29.226,92.118.29.227,92.118.29.228,92.118.29.229,92.118.29.230,92.118.29.231,92.118.29.232,92.118.29.233,92.118.29.234,92.118.29.235,92.118.29.236,92.118.29.237,92.118.29.238,92.118.29.239,92.118.29.240,92.118.29.241,92.118.29.242,92.118.29.243,92.118.29.244,92.118.29.245,92.118.29.246,92.118.29.247,92.118.29.248,92.118.29.249,92.118.29.250,92.118.29.251,92.118.29.252,92.118.29.253" --autocert_cache_dir=/run/minotarproxy'';
|
||||
ExecStart = ''${depot.go.minotarproxy}/bin/minotarproxy --logtostderr --server_bind=92.118.29.225:443 --autocert_insecure_bind=92.118.29.225:80 --autocert_domain=minotarproxy.lukegb.xyz --outbound_bind="${builtins.concatStringsSep "," aliasIPs}" --autocert_cache_dir=/run/minotarproxy'';
|
||||
User = "minotarproxy";
|
||||
Restart = "always";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
|
|
Loading…
Reference in a new issue