{ self, config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./hetzner-disk.nix ]; networking = { hostName = "v6proxy"; interfaces.eth0 = { ipv4.addresses = [ { address = "178.104.18.93"; prefixLength = 32; } ]; ipv6 = { addresses = [ { address = "2a01:4f8:1c19:96f8::1"; prefixLength = 64; } ]; routes = [ { address = "::"; prefixLength = 0; via = "fe80::1";} ]; }; }; defaultGateway.address = "172.31.1.1"; defaultGateway.interface = "eth0"; nameservers = [ "9.9.9.9" "1.1.1.1" ]; firewall = { allowedTCPPorts = [ 22 80 443 ]; }; nftables = { enable = true; }; }; # wenn instanzen in die flake migriert sind könnte man das autogenerierien services ={ haproxy = { enable = true; config = '' global # schreibe globalen log ins journal ip -> app log /dev/log format raw local0 maxconn 50000 # man könnte metriken über einen socket file statt einen lokalen port machen für user permission control # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners tune.bufsize 32762 defaults log global mode tcp option tcplog timeout connect 5s timeout client 30s timeout server 30s # stats seite zeigt backend connection status, wenn check gesetzt ist frontend stats bind 127.0.0.1:8404 mode http stats enable stats uri /stats stats refresh 10s stats show-legends stats show-node stats show-modules frontend http-in bind :::80 use_backend http_80 frontend sni_router bind :::443 mode tcp use_backend http_443 backend http_80 mode http server proxy 141.56.51.1:80 backend http_443 mode tcp server proxy 141.56.51.1:443 ''; }; }; environment.systemPackages = with pkgs; [ ]; system.stateVersion = "25.11"; }