add mongodb

hosts/nixos/nfss/containers.nix

@@ -7,7 +7,18 @@ let
   systemTZ = config.time.timeZone;
 in
 {
-  # Container definitions for hs host
+  # Container definitions for nfss host
   virtualisation.oci-containers.containers = {
+
+    mongodb = {
+      image = "docker.io/mongo:7";
+      volumes = [ "/var/lib/mongodb:/data/db" ];
+      environment = { TZ = systemTZ; };
+      environmentFiles = [ "/etc/mongodb-env" ];
+      ports = [ "27017:27017" ];
+      extraOptions = [ "--network=podman" ];
+      autoStart = true;
+    };
+
   };
 }

hosts/nixos/vps/proxy.nix

@@ -70,5 +70,21 @@
       };
 
     };
+
+    tcp = {
+      routers.mongodb = {
+        rule = "HostSNI(`mongodb.yanlincs.com`)";
+        service = "mongodb";
+        entrypoints = [ "mongodb" ];
+        tls = {
+          certResolver = "cloudflare";
+          domains = [{ main = "*.yanlincs.com"; }];
+        };
+      };
+      services.mongodb = {
+        loadBalancer.servers = [{ address = "nfss.yanlincs.com:27017"; }];
+      };
+    };
+
   };
 }

hosts/nixos/vps/system.nix

@@ -40,7 +40,7 @@
     useDHCP = true; # VPS typically use DHCP
     firewall = {
       enable = true;
-      allowedTCPPorts = [ 22 80 443 22000 ];
+      allowedTCPPorts = [ 22 80 443 22000 27017 ];
       allowedUDPPorts = [ 22000 ];
       trustedInterfaces = [ "tailscale0" ];
     };

modules/traefik.nix

@@ -26,6 +26,9 @@
         websecure = {
           address = ":443";
         };
+        mongodb = {
+          address = ":27017";
+        };
       };
 
       # Certificate resolver using Cloudflare DNS challenge