mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

wip: prepare testing caddy over nginx with oauth2-proxy

Browse source
This commit is contained in:
oddlama 2023-06-04 21:42:28 +02:00
parent 7f2f93b640
commit c5a863ce51
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
7 changed files with 245 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/ward/default.nix
View file

@ -73,7 +73,6 @@ in {
networking.nftables.firewall = {
zones = lib.mkForce {
#local-vms.interfaces = ["local-vms"];
proxy-sentinel.interfaces = ["proxy-sentinel"];
sentinel = {
parent = "proxy-sentinel";
@ -241,17 +240,18 @@ in {
networking.nftables.firewall = {
zones = lib.mkForce {
local-vms.interfaces = ["local-vms"];
grafana = {
parent = "local-vms";
ipv4Addresses = [nodes."${parentNodeName}-test".config.extra.wireguard."${parentNodeName}-local-vms".ipv4];
ipv6Addresses = [nodes."${parentNodeName}-test".config.extra.wireguard."${parentNodeName}-local-vms".ipv6];
#local-vms.interfaces = ["local-vms"];
proxy-sentinel.interfaces = ["proxy-sentinel"];
sentinel = {
parent = "proxy-sentinel";
ipv4Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv4];
ipv6Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv6];
};
};
rules = lib.mkForce {
local-vms-to-local = {
from = ["grafana"];
sentinel-to-local = {
from = ["sentinel"];
to = ["local"];
allowedTCPPorts = [3100];
};
@ -272,7 +272,7 @@ in {
ingester = {
lifecycler = {
address = "127.0.0.1";
interface_names = ["proxy-sentinel"];
ring = {
kvstore.store = "inmemory";
replication_factor = 1;