From 716c38c488eda5137b94235898b0af4f28fe236f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kjetil=20=C3=98rbekk?= <kj@orbekk.com>
Date: Fri, 30 Mar 2018 16:48:39 -0400
Subject: add kick container

---
 data/dns/db.orbekk.shared.zone |  2 ++
 machines/dragon.nix            | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/data/dns/db.orbekk.shared.zone b/data/dns/db.orbekk.shared.zone
index c5e7f2f..3327cca 100644
--- a/data/dns/db.orbekk.shared.zone
+++ b/data/dns/db.orbekk.shared.zone
@@ -43,6 +43,8 @@ semeai      IN A    96.232.156.38
 shape       IN AAAA 2001:470:8e2e:20:f05b:e3ff:fed9:58f7
 shape       IN A    96.232.156.38
 
+kick        IN AAAA 2001:470:8e2e:20:5457:55ff:fe2e:9572
+
 vpn6        IN AAAA 2001:470:8e2e:22:d2bf:9cff:fe45:a6ec
 
 mxa         IN AAAA 2001:470:8e2e:20:f05b:e3ff:fed9:58f7
diff --git a/machines/dragon.nix b/machines/dragon.nix
index 184b34f..0097bf3 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -29,6 +29,48 @@
     packages = [ pkgs.lxc ];
   };
 
+  containers.kick = {
+    autoStart = true;
+    hostBridge = "br0";
+    privateNetwork = true;
+    config = { config, pkgs, ... }: {
+      system.activationScripts = {
+        resolvconf = {
+          text = ''
+	    chmod +w /etc/resolv.conf
+	    echo nameserver 2001:4860:4860::8888 >> /etc/resolv.conf
+	    chmod -w /etc/resolv.conf
+	  '';
+	};
+      };
+      networking.firewall.allowedTCPPorts = [ 80 443 ];
+      networking.nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" ];
+      services.nginx = {
+        enable = true;
+	virtualHosts = {
+          "kick.orbekk.no" = {
+	    enableACME = true;  
+	  };
+	};
+      };
+      environment.systemPackages = [
+        pkgs.simp_le
+      ];
+      nixpkgs.config.packageOverrides = pkgs: {
+        simp_le = pkgs.stdenv.mkDerivation {
+          name = "simp_le";
+	  nativeBuildInputs = [ pkgs.makeWrapper ];
+	  buildCommand = ''
+	    mkdir -p $out/bin
+	    makeWrapper "${pkgs.simp_le}/bin/simp_le" $out/bin/simp_le \
+	      --add-flags "--server https://api.buypass.com/acme/directory" \
+	      --add-flags "--email kj@orbekk.com" \
+	      --add-flags "--tos_sha256 07c2ac41aff33fe06e27447ea592c503f22967fd43b0e8500cbc8452f28a4bf1"
+	  '';  
+	};
+      };
+    };
+  };
 
   boot = {
     kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ];
-- 
cgit v1.2.3