nixos/shill: Add jam container

2024-06-20 23:38:28 +01:00
parent bc9f266ef0
commit dd9439b7fa
7 changed files with 139 additions and 6 deletions
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -394,6 +394,9 @@ in
                      # Safe enough to allow all SSH
                      tcp dport ssh accept

+                      # jam-ctr forwards
+                      ip daddr ${aa.shill.internal.ipv4.address} tcp dport 60022 accept
+
                      ip6 daddr ${aa.middleman.internal.ipv6.address} tcp dport { http, https, 8448 } accept
                      ${matchInet "tcp dport { http, https } accept" "git"}
                      ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport { 25565, 25575 } accept
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@@ -2,7 +2,7 @@
 let
  inherit (builtins) attrNames;
  inherit (lib.my) net;
-  inherit (lib.my.c.colony) prefixes;
+  inherit (lib.my.c.colony) prefixes custRouting;

  authZones = attrNames config.my.pdns.auth.bind.zones;
 in
@@ -162,6 +162,10 @@ in

            andrey-cust IN A ${allAssignments.kelder.estuary.ipv4.address}

+            jam-cust IN A ${net.cidr.host 0 prefixes.jam.v4}
+            jam-fwd IN A ${allAssignments.shill.internal.ipv4.address}
+            jam-cust IN AAAA ${net.cidr.host 1 prefixes.jam.v6}
+
            $TTL 3
            _acme-challenge IN LUA TXT @@FILE@@