M docs/PREPARATION.md => docs/PREPARATION.md +34 -2
@@ 122,11 122,43 @@ have a look at the [Troubleshooting](./TROUBLESHOOTING.md) page.
I'd recommend using caddy to forward traffic from the host to the container,
as the config files are fairly simple and it automatically configures ssl.
+An example caddy config could look like this:
+```caddy
+hub.hut.ccw.icu, hut.ccw.icu {
+ reverse_proxy 10.0.3.3:80
+}
+meta.hut.ccw.icu {
+ reverse_proxy 10.0.3.3:80
+}
+git.hut.ccw.icu {
+ reverse_proxy 10.0.3.3:80
+}
+builds.hut.ccw.icu {
+ reverse_proxy 10.0.3.3:80
+}
+runner.hut.ccw.icu {
+ reverse_proxy 10.0.3.3:80
+}
+```
+
## Additional configuration
Because sourcehut requires the `:22` port to be redirected to the container,
if you want to clone using `git@`/ssh,
you should probably forward the ssh port to the lxc container.
-In case you are using `nftables` as a firewall you can use the following command:
+In case you are using `nftables` as a firewall you can use the following commands:
``` sh
-nft add rule ip nat prerouting tcp dport 22 redirect to 10.0.3.3:22
+nft add table nat
+nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
+nft add rule nat prerouting iif eth0 tcp dport 22 dnat to 10.0.3.3
+```
+As explained on the [nftables wiki](https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)#Destination_NAT)
+
+Or add the following lines to your hosts `nftables.nft`:
+```nft
+table ip nat {
+ chain prerouting {
+ type nat hook prerouting priority dstnat; policy accept;
+ iif "eth0" tcp dport 22 dnat to 10.0.3.3
+ }
+}
```
M roles/builds.sr.ht/README.md => roles/builds.sr.ht/README.md +1 -1
@@ 90,7 90,7 @@ i.e:
cd edge
```
-And run `./genimage x86_64` to generate an image.
+And run `./genimg x86_64` to generate an image.
Now repeat for all the image version you want.
If all the images were generated successfully,