diff --git a/hosts/nixos/nfss/containers.nix b/hosts/nixos/nfss/containers.nix index 282ef2d..2479f68 100644 --- a/hosts/nixos/nfss/containers.nix +++ b/hosts/nixos/nfss/containers.nix @@ -7,7 +7,18 @@ let systemTZ = config.time.timeZone; in { - # Container definitions for hs host + # Container definitions for nfss host virtualisation.oci-containers.containers = { + + mongodb = { + image = "docker.io/mongo:7"; + volumes = [ "/var/lib/mongodb:/data/db" ]; + environment = { TZ = systemTZ; }; + environmentFiles = [ "/etc/mongodb-env" ]; + ports = [ "27017:27017" ]; + extraOptions = [ "--network=podman" ]; + autoStart = true; + }; + }; } diff --git a/hosts/nixos/vps/proxy.nix b/hosts/nixos/vps/proxy.nix index e08d56d..babfd71 100644 --- a/hosts/nixos/vps/proxy.nix +++ b/hosts/nixos/vps/proxy.nix @@ -70,5 +70,21 @@ }; }; + + tcp = { + routers.mongodb = { + rule = "HostSNI(`mongodb.yanlincs.com`)"; + service = "mongodb"; + entrypoints = [ "mongodb" ]; + tls = { + certResolver = "cloudflare"; + domains = [{ main = "*.yanlincs.com"; }]; + }; + }; + services.mongodb = { + loadBalancer.servers = [{ address = "nfss.yanlincs.com:27017"; }]; + }; + }; + }; } diff --git a/hosts/nixos/vps/system.nix b/hosts/nixos/vps/system.nix index d3622e8..5aedf6e 100644 --- a/hosts/nixos/vps/system.nix +++ b/hosts/nixos/vps/system.nix @@ -40,7 +40,7 @@ useDHCP = true; # VPS typically use DHCP firewall = { enable = true; - allowedTCPPorts = [ 22 80 443 22000 ]; + allowedTCPPorts = [ 22 80 443 22000 27017 ]; allowedUDPPorts = [ 22000 ]; trustedInterfaces = [ "tailscale0" ]; }; diff --git a/modules/traefik.nix b/modules/traefik.nix index dd66371..9c0a567 100644 --- a/modules/traefik.nix +++ b/modules/traefik.nix @@ -26,6 +26,9 @@ websecure = { address = ":443"; }; + mongodb = { + address = ":27017"; + }; }; # Certificate resolver using Cloudflare DNS challenge