stuebinm
d707ba5ef3
For the record: this is the last state before nftables broke yesterday. As far as I know, all that is missing from this to make the authentication for wink actually work is internet access for the container (as was also the case for hasenloch); the snippets for coredns and NAT copied from that container led to the aforementioned firewall problem — or at least they are the only thing I changed between deployments. Apart from that: this moves the proxy into the container, mostly to make keeping track of its state (esp. the secrets file) easier should we ever decide to move this somewhere else / delete the container, since that will just delete any additional state of the proxy with it. |
||
|---|---|---|
| .. | ||
| services | ||
| configuration.nix | ||
| encboot.nix | ||
| hardware.nix | ||
| k8s.nix | ||
| wireguard.nix | ||