ipv6 haproxy pass everything to 141.56.51.1

2026-03-13 15:47:52 +01:00 · 2026-03-13 15:47:52 +01:00 · 18f4d0c65f
commit 18f4d0c65f
parent dee37a55e2
3 changed files with 203 additions and 0 deletions
--- a/hosts/v6proxy/default.nix
+++ b/hosts/v6proxy/default.nix
@ -0,0 +1,109 @@
+{
+  self,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./hetzner-disk.nix
+  ];
+
+  networking = {
+    hostName = "v6proxy";
+    interfaces.eth0 = {
+      ipv4.addresses = [
+        {
+          address = "178.104.18.93";
+          prefixLength = 32;
+        }
+      ];
+      ipv6 = {
+        addresses = [
+          {
+            address = "2a01:4f8:1c19:96f8::1";
+            prefixLength = 64;
+          }
+        ];
+        routes = [
+          { address = "::"; prefixLength = 0; via = "fe80::1";}
+        ];
+      };
+    };
+    defaultGateway.address = "172.31.1.1";
+    defaultGateway.interface = "eth0";
+    nameservers = [
+      "9.9.9.9"
+      "1.1.1.1"
+    ];
+    firewall = {
+      allowedTCPPorts = [
+        22
+        80
+        443
+      ];
+    };
+    nftables = {
+      enable = true;
+    };
+  };
+
+  # wenn instanzen in die flake migriert sind könnte man das autogenerierien
+  services ={
+      haproxy = {
+        enable = true;
+        config = ''
+          global
+            # schreibe globalen log ins journal ip -> app 
+            log /dev/log format raw local0
+            maxconn 50000
+            # man könnte metriken über einen socket file statt einen lokalen port machen für user permission control
+            # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+            tune.bufsize 32762
+
+          defaults
+            log global
+            mode tcp
+            option tcplog
+            timeout connect 5s
+            timeout client  30s
+            timeout server  30s
+
+          # stats seite zeigt backend connection status, wenn check gesetzt ist
+          frontend stats
+            bind 127.0.0.1:8404
+            mode http
+            stats enable
+            stats uri /stats
+            stats refresh 10s
+            stats show-legends
+            stats show-node
+            stats show-modules
+
+          frontend http-in
+            bind :::80
+            use_backend http_80
+
+          frontend sni_router
+            bind :::443
+            mode tcp
+            use_backend http_443
+
+          backend http_80
+            mode http
+            server proxy 141.56.51.1:80
+          backend http_443
+            mode tcp
+            server proxy 141.56.51.1:443
+        '';
+      };
+    };
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  system.stateVersion = "25.11";
+
+}