cleanup

2025-02-01 21:32:26 -05:00
parent b98adc50f6
commit a22012df2c
18 changed files with 102 additions and 79 deletions
--- a/services/bitmagnet.nix
+++ b/services/bitmagnet.nix
@@ -1,4 +1,9 @@
-{ pkgs, service_configs, ... }:
+{
+  pkgs,
+  service_configs,
+  config,
+  ...
+}:
 {
  vpnNamespaces.wg = {
    portMappings = [
@@ -30,6 +35,14 @@
    };
  };

+  services.caddy.virtualHosts.
+
+  "bitmagnet.${service_configs.https.domain}".extraConfig =
+    ''
+      # tls internal
+      ${builtins.readFile ../secrets/caddy_auth}
+      reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString service_configs.ports.bitmagnet}
+    '';
  systemd.services.bitmagnet.vpnConfinement = {
    enable = true;
    vpnNamespace = "wg";
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -5,9 +5,6 @@
  pkgs,
  ...
 }:
-let
-  matrix_hostname = "matrix.${service_configs.https.domain}";
-in
 {
  services.caddy = {
    enable = true;
@@ -15,12 +12,6 @@ in
    virtualHosts = {
      ${service_configs.https.domain} = {
        extraConfig = ''
-
-          header /.well-known/matrix/* Content-Type application/json
-          header /.well-known/matrix/* Access-Control-Allow-Origin *
-          respond /.well-known/matrix/server `{"m.server": "${matrix_hostname}:443"}`
-          respond /.well-known/matrix/client `{"m.server":{"base_url":"https://${matrix_hostname}"},"m.homeserver":{"base_url":"https://${matrix_hostname}"},"org.matrix.msc3575.proxy":{"base_url":"https://${config.services.matrix-conduit.settings.global.server_name}"}}`
-
          root * ${service_configs.https.data_dir}
          file_server browse
        '';
@@ -28,52 +19,11 @@ in
        serverAliases = [ "www.${service_configs.https.domain}" ];
      };

-      "immich.${service_configs.https.domain}".extraConfig = ''
-        reverse_proxy :${builtins.toString config.services.immich.port}
-      '';
-
-      "jellyfin.${service_configs.https.domain}".extraConfig = ''
-        reverse_proxy :${builtins.toString service_configs.ports.jellyfin}
-        request_body {
-        	max_size 4096MB
-        }
-      '';
-
-      "${service_configs.gitea.domain}".extraConfig = ''
-        reverse_proxy :${builtins.toString config.services.gitea.settings.server.HTTP_PORT}
-      '';
-
-      "bitmagnet.${service_configs.https.domain}".extraConfig = ''
-        # tls internal
-        ${import ../secrets/caddy_auth.nix}
-        reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString service_configs.ports.bitmagnet}
-      '';
-
-      "torrent.${service_configs.https.domain}".extraConfig = ''
-        # tls internal
-        ${import ../secrets/caddy_auth.nix}
-        reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString config.services.qbittorrent.webuiPort}
-      '';
-
      "map.${service_configs.https.domain}".extraConfig = ''
        # tls internal
        root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web
        file_server browse
      '';
-
-      "${matrix_hostname}".extraConfig = ''
-        reverse_proxy :${builtins.toString config.services.matrix-conduit.settings.global.port}
-      '';
-
-      # Exact duplicate of matrix.DOMAIN_NAME
-      "${matrix_hostname}:8448".extraConfig =
-        config.services.caddy.virtualHosts."${config.services.matrix-conduit.settings.global.server_name
-        }".extraConfig;
-
-      "owntracks.${service_configs.https.domain}".extraConfig = ''
-        ${import ../secrets/owntracks_caddy_auth.nix}
-        reverse_proxy :${builtins.toString service_configs.ports.owntracks}
-      '';
    };
  };

--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -30,6 +30,10 @@
    };
  };

+  services.caddy.virtualHosts."${service_configs.gitea.domain}".extraConfig = ''
+    reverse_proxy :${builtins.toString config.services.gitea.settings.server.HTTP_PORT}
+  '';
+
  systemd.tmpfiles.rules = [
    "d ${config.services.gitea.stateDir} 0770 ${config.services.gitea.user} ${config.services.gitea.group}"
  ];
--- a/services/immich.nix
+++ b/services/immich.nix
@@ -17,6 +17,10 @@
    };
  };

+  services.caddy.virtualHosts."immich.${service_configs.https.domain}".extraConfig = ''
+    reverse_proxy :${builtins.toString config.services.immich.port}
+  '';
+
  systemd.tmpfiles.rules = [
    "d ${config.services.immich.mediaLocation} 0770 ${config.services.immich.user} ${config.services.immich.group}"
  ];
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@@ -22,6 +22,13 @@
    cacheDir = dataDir + "_cache";
  };

+  services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = ''
+    reverse_proxy :${builtins.toString service_configs.ports.jellyfin}
+    request_body {
+    	max_size 4096MB
+    }
+  '';
+
  systemd.tmpfiles.rules = [
    "d ${config.services.jellyfin.dataDir} 0770 ${config.services.jellyfin.user} ${config.services.jellyfin.group}"
    "d ${config.services.jellyfin.cacheDir} 0770 ${config.services.jellyfin.user} ${config.services.jellyfin.group}"
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -2,6 +2,7 @@
  pkgs,
  config,
  service_configs,
+  lib,
  ...
 }:
 {
@@ -9,6 +10,22 @@
    ../secrets/matrix_reg_token.nix
  ];

+  services.caddy.virtualHosts.${service_configs.https.domain}.extraConfig = lib.mkBefore ''
+    header /.well-known/matrix/* Content-Type application/json
+    header /.well-known/matrix/* Access-Control-Allow-Origin *
+    respond /.well-known/matrix/server `{"m.server": "${service_configs.https.matrix_hostname}:443"}`
+    respond /.well-known/matrix/client `{"m.server":{"base_url":"https://${service_configs.https.matrix_hostname}"},"m.homeserver":{"base_url":"https://${service_configs.https.matrix_hostname}"},"org.matrix.msc3575.proxy":{"base_url":"https://${config.services.matrix-conduit.settings.global.server_name}"}}`
+  '';
+
+  services.caddy.virtualHosts."${service_configs.https.matrix_hostname}".extraConfig = ''
+    reverse_proxy :${builtins.toString config.services.matrix-conduit.settings.global.port}
+  '';
+
+  # Exact duplicate
+  services.caddy.virtualHosts."${service_configs.https.matrix_hostname}:8448".extraConfig =
+    config.services.caddy.virtualHosts."${config.services.matrix-conduit.settings.global.server_name
+    }".extraConfig;
+
  services.matrix-conduit = {
    enable = true;
    package = pkgs.conduwuit;
--- a/services/owntracks.nix
+++ b/services/owntracks.nix
@@ -37,6 +37,11 @@ in
    "d ${service_configs.owntracks.data_dir} 0770 owntracks owntracks"
  ];

+  services.caddy.virtualHosts."owntracks.${service_configs.https.domain}".extraConfig = ''
+    ${builtins.readFile ../secrets/owntracks_caddy_auth}
+    reverse_proxy :${builtins.toString service_configs.ports.owntracks}
+  '';
+
  users.users.${username}.extraGroups = [
    "owntracks"
  ];
--- a/services/postgresql.nix
+++ b/services/postgresql.nix
@@ -0,0 +1,21 @@
+{
+  pkgs,
+  config,
+  username,
+  ...
+}:
+{
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+    dataDir = "/tank/services/sql";
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${config.services.postgresql.dataDir} 0700 postgresql postgresql"
+  ];
+
+  users.users.${username}.extraGroups = [
+    "postgresql"
+  ];
+}
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@@ -92,6 +92,12 @@
    vpnNamespace = "wg";
  };

+  services.caddy.virtualHosts."torrent.${service_configs.https.domain}".extraConfig = ''
+    # tls internal
+    ${builtins.readFile ../secrets/caddy_auth}
+    reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString config.services.qbittorrent.webuiPort}
+  '';
+
  users.users.${config.services.qbittorrent.user}.extraGroups = [
    service_configs.torrent_group
  ];