StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
stura-infra/hosts/v6proxy/default.nix

109 lines
2.3 KiB
Nix
Raw Blame History

{
self,
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./hetzner-disk.nix
];
networking = {
hostName = "v6proxy";
interfaces.eth0 = {
ipv4.addresses = [
{
address = "178.104.18.93";
prefixLength = 32;
}
];
ipv6 = {
addresses = [
{
address = "2a01:4f8:1c19:96f8::1";
prefixLength = 64;
}
];
routes = [
{ address = "::"; prefixLength = 0; via = "fe80::1";}
];
};
};
defaultGateway.address = "172.31.1.1";
defaultGateway.interface = "eth0";
nameservers = [
"9.9.9.9"
"1.1.1.1"
];
firewall = {
allowedTCPPorts = [
22
80
443
];
};
nftables = {
enable = true;
};
};
# wenn instanzen in die flake migriert sind könnte man das autogenerierien
services ={
haproxy = {
enable = true;
config = ''
global
# schreibe globalen log ins journal ip -> app
log /dev/log format raw local0
maxconn 50000
# man könnte metriken über einen socket file statt einen lokalen port machen für user permission control
# stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
tune.bufsize 32762
defaults
log global
mode tcp
option tcplog
timeout connect 5s
timeout client 30s
timeout server 30s
# stats seite zeigt backend connection status, wenn check gesetzt ist
frontend stats
bind 127.0.0.1:8404
mode http
stats enable
stats uri /stats
stats refresh 10s
stats show-legends
stats show-node
stats show-modules
frontend http-in
bind :::80
use_backend http_80
frontend sni_router
bind :::443
mode tcp
use_backend http_443
backend http_80
mode http
server proxy 141.56.51.1:80
backend http_443
mode tcp
server proxy 141.56.51.1:443
'';
};
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "25.11";
}
Reference in a new issue View git blame Copy permalink