From 410b6c083850aa36a3ffb73980e5c160694601c6 Mon Sep 17 00:00:00 2001 From: Magic_RB Date: Sat, 2 Sep 2023 22:47:38 +0200 Subject: [PATCH] Expose some services to semi wan Signed-off-by: Magic_RB --- nixos/systems/blowhole/nomad.nix | 1 + terranix/containers/ingress-blowhole/job.hcl | 10 ++++++++++ terranix/containers/ingress-blowhole/upstreams.conf | 3 +++ 3 files changed, 14 insertions(+) diff --git a/nixos/systems/blowhole/nomad.nix b/nixos/systems/blowhole/nomad.nix index c49d0f6..d0ae414 100644 --- a/nixos/systems/blowhole/nomad.nix +++ b/nixos/systems/blowhole/nomad.nix @@ -103,6 +103,7 @@ in "docker.privileged.enabled" = "true"; }; + host_network."wan".cidr = secret.network.networks.home.wan or ""; host_network."default".cidr = secret.network.networks.home.amsterdam or ""; host_network."mesh".cidr = secret.network.networks.vpn or ""; diff --git a/terranix/containers/ingress-blowhole/job.hcl b/terranix/containers/ingress-blowhole/job.hcl index 6e3739d..ccc53a2 100644 --- a/terranix/containers/ingress-blowhole/job.hcl +++ b/terranix/containers/ingress-blowhole/job.hcl @@ -28,19 +28,29 @@ job "ingress" { network { mode = "bridge" + + port "http-paccess" { + static = 80 + to = 81 + host_network = "wan" + } + port "http" { static = 80 to = 80 + host_network = "default" } port "https" { static = 443 to = 443 + host_network = "default" } port "imap" { static = 143 to = 143 + host_network = "default" } } diff --git a/terranix/containers/ingress-blowhole/upstreams.conf b/terranix/containers/ingress-blowhole/upstreams.conf index 29cffc6..47f6527 100644 --- a/terranix/containers/ingress-blowhole/upstreams.conf +++ b/terranix/containers/ingress-blowhole/upstreams.conf @@ -36,6 +36,7 @@ upstream matrix-mautrix-facebook { server { listen 80; + listen 81; server_name jellyfin.in.redalder.org; @@ -84,6 +85,7 @@ server { server { listen 80; + listen 81; server_name hass.in.redalder.org; @@ -254,6 +256,7 @@ server { server { listen 80; + listen 81; server_name _; include /local/security.conf;