dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/git: Fix for local access to git.nul.ie
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 43s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-12-09 16:30:06 +00:00
parent 56704821b8
commit c7fdb70cc0
4 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/boxes/colony/vms/git/default.nix
View File

@ -1,6 +1,7 @@
{ lib, ... }: { lib, ... }:
let let
inherit (lib.my) net; inherit (lib.my) net;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) domain prefixes; inherit (lib.my.c.colony) domain prefixes;
in in
{ {

12
nixos/boxes/colony/vms/git/gitea.nix
View File

@ -12,6 +12,10 @@ in
}; };
}; };
boot.kernel.sysctl = {
"net.ipv4.conf.all.route_localnet" = 1;
};
users = { users = {
users.git = { users.git = {
description = "Gitea Service"; description = "Gitea Service";
@ -23,6 +27,8 @@ in
groups.git = {}; groups.git = {};
}; };
networking.hosts."127.0.0.1" = [ "git.nul.ie" ];
systemd = { systemd = {
services = { services = {
gitea.preStart = gitea.preStart =
@ -136,6 +142,12 @@ in
ip daddr ${assignments.internal.ipv4.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address} ip daddr ${assignments.internal.ipv4.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address}
ip6 daddr ${assignments.internal.ipv6.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv6.address} ip6 daddr ${assignments.internal.ipv6.address} tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv6.address}
} }
chain output {
ip daddr 127.0.0.1 tcp dport { http, https } dnat to ${allAssignments.middleman.internal.ipv4.address}
}
chain postrouting {
ip saddr 127.0.0.1 snat to ${assignments.internal.ipv4.address}
}
} }
''; '';
}; };

3
nixos/modules/firewall.nix
View File

@ -131,6 +131,9 @@ in
chain prerouting { chain prerouting {
type nat hook prerouting priority dstnat; type nat hook prerouting priority dstnat;
} }
chain output {
type nat hook output priority dstnat;
}
chain postrouting { chain postrouting {
type nat hook postrouting priority srcnat; type nat hook postrouting priority srcnat;
} }

20
secrets/gitea/actions-runner.env.age
View File

@ -1,12 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGpJOFJBZyBobGg0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGpJOFJBZyA2dlpB
Sk1uMGtHZ1FLK3ZJYlhBQTNlOUo1YXQ0L0FqN00vVEtxT2NYVm5VCkV1bUZXdGZn M3RNNmF6TG9SSmM1Y0E3ZVdGczEyMENsTnFjc0t2K2ZnbEZIdlFrClJrN3d1eXhi
bXh6TnMwN3p6Rm5WRWxpTkoyeGx1NFB3bTBwdGcrT0JWMzgKLT4gWDI1NTE5IER4 aU1iNnJoY08yNTd0S1BHeGpUQWhMdTlqdDdjbzA1QVY3dGMKLT4gWDI1NTE5IGw3
S1FsK2JhK243QkJWSkFweWVOZTQzZnR1YlZjVGw1Uk1jMmdNVks1SEkKMU50cjha R1FTRXZHdkVtSk9NN09iR0VjYjd0ZGlmVi9MTkpuYmo0eDFGTFJIbGcKYzlmRDNY
c1U0MVVZNmMvYitZYWorQ0R1VXhibWZvYzR6TUFTclVrREJ6MAotPiBPQ11RLWdy VjRhZjhaeTZ1cEhJQTJURlRCUkdWNTNyYlNHcU1SbGNTcnpXQQotPiBPMlNGYy1n
ZWFzZSBkPFlEeiFFfCBMImhVR0poUiBjL1MjP0kKTkJWWngvankzc3ByREJaYUhM cmVhc2UgMyBHaWN+bntrXSA0cltsNQpXZzZqSVJmcG9raFhTWXp0Wm9STWgzR0lG
emZ1akNSSmJIcjB1d2RoTE90bDZld0YwelN5STlaSTBwQjV2Q0sKLS0tIHRHK0V4 NHc0dGQzK2g5eWRQb2dEcytSL1ZRUWxRL3lIbjFYSzUvWQotLS0gQW1qd25CS0U2
UkgrQ21PSFVpWms0THdmOVRlK09zV3Y4ZnFTd2JvbnZaSWk2ZjgKYWufQ+yFOWWJ bk5uSlcxMjBrZURseWZJWkZLakxxYVFodnBENmQxLzRyQQpBFLUiRAvyFsgZuDsQ
mXe4hvy3X6iAdBW52dJVpu//ql2tBMKS05hcYo4uSa1QjURMANeinStojEQPnMRc 4/trVbfLtZbl6CdSlGqsgL7QCpS45Wy7iKcI6Lyvoi8EsZdlytGJ3JsPpi8KjqUO
Ci5WovrSssqjOYYoVgx/41DL5BPSBw== 2r2IpbL3LjerjiAEchqnVRAA
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----