nixos/git: Fix for local access to git.nul.ie

2023-12-09 16:30:06 +00:00
parent 56704821b8
commit 54f628d3a5
4 changed files with 26 additions and 10 deletions
--- a/nixos/boxes/colony/vms/git/default.nix
+++ b/nixos/boxes/colony/vms/git/default.nix
@@ -1,6 +1,7 @@
 { lib, ... }:
 let
  inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.colony) domain prefixes;
 in
 {
--- a/nixos/boxes/colony/vms/git/gitea.nix
+++ b/nixos/boxes/colony/vms/git/gitea.nix
@@ -25,6 +25,18 @@ in

    systemd = {
      services = {
+        # TODO: Figure out a way to do this properly... redirecting localhost is awkward...
+        local-http-forward = {
+          description = "Forward local HTTP connections";
+          serviceConfig.ExecStart = "${pkgs.socat}/bin/socat tcp-listen:80,fork tcp:${allAssignments.middleman.internal.ipv4.address}:80";
+          wantedBy = [ "multi-user.target" ];
+        };
+        local-https-forward = {
+          description = "Forward local HTTPS connections";
+          serviceConfig.ExecStart = "${pkgs.socat}/bin/socat tcp-listen:443,fork tcp:${allAssignments.middleman.internal.ipv4.address}:443";
+          wantedBy = [ "multi-user.target" ];
+        };
+
        gitea.preStart =
        let
          repSec = "${pkgs.replace-secret}/bin/replace-secret";
--- a/nixos/modules/firewall.nix
+++ b/nixos/modules/firewall.nix
@@ -131,6 +131,9 @@ in
                chain prerouting {
                  type nat hook prerouting priority dstnat;
                }
+                chain output {
+                  type nat hook output priority dstnat;
+                }
                chain postrouting {
                  type nat hook postrouting priority srcnat;
                }