add mongodb

2026-01-10 14:02:19 +01:00 · 2026-01-10 14:02:19 +01:00 · 2998cc763c
commit 2998cc763c
parent 35be9ff89a
4 changed files with 32 additions and 2 deletions
--- a/hosts/nixos/nfss/containers.nix
+++ b/hosts/nixos/nfss/containers.nix
@ -7,7 +7,18 @@ let
  systemTZ = config.time.timeZone;
 in
 {
-  # Container definitions for hs host
+  # Container definitions for nfss host
  virtualisation.oci-containers.containers = {
+
+    mongodb = {
+      image = "docker.io/mongo:7";
+      volumes = [ "/var/lib/mongodb:/data/db" ];
+      environment = { TZ = systemTZ; };
+      environmentFiles = [ "/etc/mongodb-env" ];
+      ports = [ "27017:27017" ];
+      extraOptions = [ "--network=podman" ];
+      autoStart = true;
+    };
+
  };
 }
--- a/hosts/nixos/vps/proxy.nix
+++ b/hosts/nixos/vps/proxy.nix
@ -70,5 +70,21 @@
      };

    };
+
+    tcp = {
+      routers.mongodb = {
+        rule = "HostSNI(`mongodb.yanlincs.com`)";
+        service = "mongodb";
+        entrypoints = [ "mongodb" ];
+        tls = {
+          certResolver = "cloudflare";
+          domains = [{ main = "*.yanlincs.com"; }];
+        };
+      };
+      services.mongodb = {
+        loadBalancer.servers = [{ address = "nfss.yanlincs.com:27017"; }];
+      };
+    };
+
  };
 }
--- a/hosts/nixos/vps/system.nix
+++ b/hosts/nixos/vps/system.nix
@ -40,7 +40,7 @@
    useDHCP = true; # VPS typically use DHCP
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 22 80 443 22000 ];
+      allowedTCPPorts = [ 22 80 443 22000 27017 ];
      allowedUDPPorts = [ 22000 ];
      trustedInterfaces = [ "tailscale0" ];
    };
--- a/modules/traefik.nix
+++ b/modules/traefik.nix
@ -26,6 +26,9 @@
        websecure = {
          address = ":443";
        };
+        mongodb = {
+          address = ":27017";
+        };
      };

      # Certificate resolver using Cloudflare DNS challenge