From a04a3c917ffacfd96246b7a30021b887fac97cff Mon Sep 17 00:00:00 2001 From: stuebinm Date: Fri, 26 Mar 2021 00:11:06 +0100 Subject: [PATCH] nextcloud: add network to container this appears to break nix in a way in which nix should not be possible to break. --- hosts/hainich/services/nextcloud.nix | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/hosts/hainich/services/nextcloud.nix b/hosts/hainich/services/nextcloud.nix index 6b2b12a..9d210f1 100644 --- a/hosts/hainich/services/nextcloud.nix +++ b/hosts/hainich/services/nextcloud.nix @@ -19,8 +19,8 @@ autoStart = true; privateNetwork = true; - hostAddress6 = "fd00::10:1"; - localAddress6 = "fd00::10:2"; + hostAddress = "192.168.110.1"; + localAddress = "192.168.110.10"; config = { pkgs, ... }: { @@ -44,7 +44,7 @@ # there's also a adminpassFile option, but for testing this seems # enough (less fiddling with getting the file into a nixos # container for ad-hoc setups) - adminpass = "root"; + adminpass = "lushfjwebrwhjebr"; adminuser = "root"; }; @@ -113,13 +113,28 @@ after = ["postgresql.service"]; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.enable = false; + + services.coredns = { + enable = true; + config = '' + .:53 { + forward . 1.1.1.1 + } + ''; + }; }; }; services.nginx.virtualHosts."cloud2.infra4future.de" = { - locations."/".proxyPass = "http://[${config.containers.nextcloud.localAddress6}]:80"; + locations."/".proxyPass = "http://${config.containers.nextcloud.localAddress}:80"; enableACME = true; forceSSL = true; }; + + + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-nextcloud"]; + networking.nat.externalInterface = "enp6s0"; + }