caddy: redo stuff

2024-11-15 11:01:33 -05:00
parent f081e8ff27
commit c3bb3979fa
11 changed files with 78 additions and 147 deletions
--- a/services/bitmagnet.nix
+++ b/services/bitmagnet.nix
@@ -5,13 +5,11 @@
      {
        from = service_configs.ports.bitmagnet;
        to = service_configs.ports.bitmagnet;
-
      }
    ];

    openVPNPorts = [
      {
-        # TODO! make an issue about this variable
        port = service_configs.ports.bitmagnet;
        protocol = "both";
      }
@@ -26,6 +24,7 @@
        host = service_configs.postgres.socket;
      };
      http_server = {
+        # TODO! make issue about this being a string and not a `port` type
        port = ":" + (builtins.toString service_configs.ports.bitmagnet);
      };
    };
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -7,35 +7,45 @@
 {
  services.caddy = {
    enable = true;
+    email = "titaniumtown@proton.me";
+    globalConfig = ''
+      auto_https disable_redirects
+    '';
    virtualHosts = {
-      ":${builtins.toString service_configs.ports.https}".extraConfig = ''
-        tls ${service_configs.https.certs}/cert.crt ${service_configs.https.certs}/cert.key
+      ${service_configs.https.domain} = {
+        extraConfig = ''
+          root * ${service_configs.https.data_dir}
+          file_server browse
+        '';

-        handle_path /torrent* {
-        	reverse_proxy 192.168.15.1:${builtins.toString service_configs.ports.torrent}
-        }
+        serverAliases = [ "www.${service_configs.https.domain}" ];
+      };

-        root * ${service_configs.https.data_dir}
-        file_server browse
+      "immich.${service_configs.https.domain}".extraConfig = ''
+        reverse_proxy :${builtins.toString config.services.immich.port}
      '';

-      "immich.gardling.com".extraConfig = ''
-        reverse_proxy 127.0.0.1:${builtins.toString config.services.immich.port}
-      '';
-
-      "jellyfin.gardling.com".extraConfig = ''
-        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.jellyfin}
+      "jellyfin.${service_configs.https.domain}".extraConfig = ''
+        reverse_proxy :${builtins.toString service_configs.ports.jellyfin}
        request_body {
        	max_size 4096MB
        }
      '';

      ${service_configs.gitea.domain}.extraConfig = ''
-        reverse_proxy 127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}
+        reverse_proxy :${builtins.toString config.services.gitea.settings.server.HTTP_PORT}
      '';

-      "recorder.gardling.com".extraConfig = ''
-        reverse_proxy 192.168.15.1:${builtins.toString service_configs.ports.bitmagnet}
+      "bitmagnet.${service_configs.https.domain}".extraConfig = ''
+        tls internal
+        ${import ../secrets/caddy_auth.nix}
+        reverse_proxy http://192.168.15.1:${builtins.toString service_configs.ports.bitmagnet}
+      '';
+
+      "torrent.${service_configs.https.domain}".extraConfig = ''
+        tls internal
+        ${import ../secrets/caddy_auth.nix}
+        reverse_proxy http://192.168.15.1:${builtins.toString service_configs.ports.torrent}
      '';
    };
  };
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@@ -2,7 +2,6 @@
  pkgs,
  config,
  service_configs,
-  lib,
  ...
 }:
 {
@@ -35,11 +34,14 @@
        hash = "sha256-PpumQCgIZp9wENL1XZvf7CdUAW9W0pQP5wqtG9oOUpM=";
      }}";
      Password_PBKDF2 = "@ByteArray(U6PmgkmajHD6Nu5rLbazHw==:ycEEnAMGTxwAhkFiQtdkc6mbGArmnZ2Tkujk6wt4CCytlX0mzGgjQVLKzRb8vSV/S1Yu6+PuAO5gC8IxGR97jA==)";
-    };
+
+AuthSubnetWhitelist="127.0.0.1";
+AuthSubnetWhitelistEnabled = true;
+        };

    serverConfig.Preferences.Downloads = {
-      SavePath = service_configs.hdd_path + "/torrents";
-      TempPath = service_configs.hdd_path + "/torrents/incomplete";
+      SavePath = service_configs.torrent.SavePath;
+      TempPath = service_configs.torrent.TempPath;
    };

    serverConfig.BitTorrent.Session = {
--- a/services/quadlet.nix
+++ b/services/quadlet.nix
@@ -1,61 +0,0 @@
-{ service_configs, config, ... }:
-{
-  virtualisation.quadlet = {
-    containers = {
-      gluetun.containerConfig = {
-        image = "docker.io/qmcgaw/gluetun";
-        name = "gluetun";
-        # autoUpdate = "registry";
-
-        addCapabilities = [
-          "NET_ADMIN"
-          "MKNOD"
-        ];
-
-        environments = import ../secrets/mullvad.nix;
-
-        publishPorts = [
-          "6081:6081"
-          "6081:6081/udp"
-          "${builtins.toString service_configs.ports.torrent}:6011"
-        ];
-
-        volumes = [ "${service_configs.gluetun.dir}:/gluetun:z" ];
-        podmanArgs = [
-          "--device=/dev/net/tun"
-        ];
-      };
-
-      qbittorrent = {
-        containerConfig = {
-          image = "lscr.io/linuxserver/qbittorrent:latest";
-          name = "qbittorrent";
-          autoUpdate = "registry";
-
-          environments = {
-            WEBUI_PORT = service_configs.ports.torrent;
-            DOCKER_MODS = "ghcr.io/gabe565/linuxserver-mod-vuetorrent";
-            # PUID = config.users.users.${config.services.jellyfin.user}.uid;
-            PGID = config.users.groups.${config.services.jellyfin.group}.gid;
-          };
-
-          volumes = [
-            "${service_configs.torrent.config_dir}:/config:z"
-            "${service_configs.torrent.download_dir}:/downloads:z"
-          ];
-
-          networks = [ "container:gluetun" ];
-        };
-
-        serviceConfig = {
-          requires = [ "gluetun.service" ];
-          after = [ "gluetun.service" ];
-        };
-      };
-    };
-
-    networks = {
-      internal.networkConfig.subnets = [ "10.0.123.1/24" ];
-    };
-  };
-}
--- a/services/wg.nix
+++ b/services/wg.nix
@@ -1,12 +1,11 @@
 { pkgs, service_configs, ... }:
 {
-
  # network namespace that is proxied through mullvad
  vpnNamespaces.wg = {
    enable = true;
    wireguardConfigFile = ../secrets/wg0.conf;
    accessibleFrom = [
-      "192.168.0.0/24"
+      # "192.168.0.0/24"
    ];
  };
 }