From 18f4d0c65f55642dd6c9b58d75ae87885eefbbc4 Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Fri, 13 Mar 2026 15:47:52 +0100
Subject: [PATCH] ipv6 haproxy pass everything to 141.56.51.1

---
 hosts/v6proxy/default.nix                | 109 +++++++++++++++++++++++
 hosts/v6proxy/hardware-configuration.nix |  38 ++++++++
 hosts/v6proxy/hetzner-disk.nix           |  56 ++++++++++++
 3 files changed, 203 insertions(+)
 create mode 100644 hosts/v6proxy/default.nix
 create mode 100644 hosts/v6proxy/hardware-configuration.nix
 create mode 100644 hosts/v6proxy/hetzner-disk.nix

diff --git a/hosts/v6proxy/default.nix b/hosts/v6proxy/default.nix
new file mode 100644
index 0000000..6dd17b3
--- /dev/null
+++ b/hosts/v6proxy/default.nix
@@ -0,0 +1,109 @@
+{
+  self,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./hetzner-disk.nix
+  ];
+
+  networking = {
+    hostName = "v6proxy";
+    interfaces.eth0 = {
+      ipv4.addresses = [
+        {
+          address = "178.104.18.93";
+          prefixLength = 32;
+        }
+      ];
+      ipv6 = {
+        addresses = [
+          {
+            address = "2a01:4f8:1c19:96f8::1";
+            prefixLength = 64;
+          }
+        ];
+        routes = [
+          { address = "::"; prefixLength = 0; via = "fe80::1";}
+        ];
+      };
+    };
+    defaultGateway.address = "172.31.1.1";
+    defaultGateway.interface = "eth0";
+    nameservers = [
+      "9.9.9.9"
+      "1.1.1.1"
+    ];
+    firewall = {
+      allowedTCPPorts = [
+        22
+        80
+        443
+      ];
+    };
+    nftables = {
+      enable = true;
+    };
+  };
+
+  # wenn instanzen in die flake migriert sind könnte man das autogenerierien
+  services ={
+      haproxy = {
+        enable = true;
+        config = ''
+          global
+            # schreibe globalen log ins journal ip -> app 
+            log /dev/log format raw local0
+            maxconn 50000
+            # man könnte metriken über einen socket file statt einen lokalen port machen für user permission control
+            # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+            tune.bufsize 32762
+
+          defaults
+            log global
+            mode tcp
+            option tcplog
+            timeout connect 5s
+            timeout client  30s
+            timeout server  30s
+
+          # stats seite zeigt backend connection status, wenn check gesetzt ist
+          frontend stats
+            bind 127.0.0.1:8404
+            mode http
+            stats enable
+            stats uri /stats
+            stats refresh 10s
+            stats show-legends
+            stats show-node
+            stats show-modules
+
+          frontend http-in
+            bind :::80
+            use_backend http_80
+
+          frontend sni_router
+            bind :::443
+            mode tcp
+            use_backend http_443
+
+          backend http_80
+            mode http
+            server proxy 141.56.51.1:80
+          backend http_443
+            mode tcp
+            server proxy 141.56.51.1:443
+        '';
+      };
+    };
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  system.stateVersion = "25.11";
+
+}
diff --git a/hosts/v6proxy/hardware-configuration.nix b/hosts/v6proxy/hardware-configuration.nix
new file mode 100644
index 0000000..b92ae55
--- /dev/null
+++ b/hosts/v6proxy/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # fileSystems."/" =
+  #   {
+  #     device = "/dev/sda1";
+  #     fsType = "ext4";
+  #   };
+
+  # swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/hosts/v6proxy/hetzner-disk.nix b/hosts/v6proxy/hetzner-disk.nix
new file mode 100644
index 0000000..a679e7c
--- /dev/null
+++ b/hosts/v6proxy/hetzner-disk.nix
@@ -0,0 +1,56 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+            };
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              start = "1M";
+              end = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ]; # Override existing partition
+                subvolumes = {
+                  "/rootfs" = {
+                    mountpoint = "/";
+                  };
+                  "/home" = {
+                    mountOptions = [ "compress=zstd" ];
+                    mountpoint = "/home";
+                  };
+                  # Sub(sub)volume doesn't need a mountpoint as its parent is mounted
+                  "/nix" = {
+                    mountOptions = [
+                      "compress=zstd"
+                      "noatime"
+                    ];
+                    mountpoint = "/nix";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}