nixos/git: Fix for local access to git.nul.ie

2023-12-09 16:30:06 +00:00
parent 56704821b8
commit c7fdb70cc0
4 changed files with 26 additions and 10 deletions
--- a/nixos/boxes/colony/vms/git/default.nix
+++ b/nixos/boxes/colony/vms/git/default.nix
@@ -1,6 +1,7 @@
 { lib, ... }:
 let
  inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.colony) domain prefixes;
 in
 {
--- a/nixos/boxes/colony/vms/git/gitea.nix
+++ b/nixos/boxes/colony/vms/git/gitea.nix
@@ -12,6 +12,10 @@ in
      };
    };

+    boot.kernel.sysctl = {
+      "net.ipv4.conf.all.route_localnet" = 1;
+    };
+
    users = {
      users.git = {
        description = "Gitea Service";
@@ -23,6 +27,8 @@ in
      groups.git = {};
    };

+    networking.hosts."127.0.0.1" = [ "git.nul.ie" ];
+
    systemd = {
      services = {
        gitea.preStart =
@@ -136,6 +142,12 @@ in
            ip daddr ${assignments.internal.ipv4.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address}
            ip6 daddr ${assignments.internal.ipv6.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv6.address}
          }
+          chain output {
+            ip daddr 127.0.0.1 tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address}
+          }
+          chain postrouting {
+            ip saddr 127.0.0.1 snat to ${assignments.internal.ipv4.address}
+          }
        }
      '';
    };
--- a/nixos/modules/firewall.nix
+++ b/nixos/modules/firewall.nix
@@ -131,6 +131,9 @@ in
                chain prerouting {
                  type nat hook prerouting priority dstnat;
                }
+                chain output {
+                  type nat hook output priority dstnat;
+                }
                chain postrouting {
                  type nat hook postrouting priority srcnat;
                }