diff options
| -rw-r--r-- | data/dns/db.orbekk.shared.zone | 2 | ||||
| -rw-r--r-- | machines/dragon.nix | 42 |
2 files changed, 44 insertions, 0 deletions
diff --git a/data/dns/db.orbekk.shared.zone b/data/dns/db.orbekk.shared.zone index c5e7f2f..3327cca 100644 --- a/data/dns/db.orbekk.shared.zone +++ b/data/dns/db.orbekk.shared.zone @@ -43,6 +43,8 @@ semeai IN A 96.232.156.38 shape IN AAAA 2001:470:8e2e:20:f05b:e3ff:fed9:58f7 shape IN A 96.232.156.38 +kick IN AAAA 2001:470:8e2e:20:5457:55ff:fe2e:9572 + vpn6 IN AAAA 2001:470:8e2e:22:d2bf:9cff:fe45:a6ec mxa IN AAAA 2001:470:8e2e:20:f05b:e3ff:fed9:58f7 diff --git a/machines/dragon.nix b/machines/dragon.nix index 184b34f..0097bf3 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -29,6 +29,48 @@ packages = [ pkgs.lxc ]; }; + containers.kick = { + autoStart = true; + hostBridge = "br0"; + privateNetwork = true; + config = { config, pkgs, ... }: { + system.activationScripts = { + resolvconf = { + text = '' + chmod +w /etc/resolv.conf + echo nameserver 2001:4860:4860::8888 >> /etc/resolv.conf + chmod -w /etc/resolv.conf + ''; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" ]; + services.nginx = { + enable = true; + virtualHosts = { + "kick.orbekk.no" = { + enableACME = true; + }; + }; + }; + environment.systemPackages = [ + pkgs.simp_le + ]; + nixpkgs.config.packageOverrides = pkgs: { + simp_le = pkgs.stdenv.mkDerivation { + name = "simp_le"; + nativeBuildInputs = [ pkgs.makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + makeWrapper "${pkgs.simp_le}/bin/simp_le" $out/bin/simp_le \ + --add-flags "--server https://api.buypass.com/acme/directory" \ + --add-flags "--email kj@orbekk.com" \ + --add-flags "--tos_sha256 07c2ac41aff33fe06e27447ea592c503f22967fd43b0e8500cbc8452f28a4bf1" + ''; + }; + }; + }; + }; boot = { kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; |