49 lines
1.0 KiB
Nix
49 lines
1.0 KiB
Nix
{
|
|
pkgs,
|
|
service_configs,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
vpnNamespaces.wg = {
|
|
portMappings = [
|
|
{
|
|
from = service_configs.ports.bitmagnet;
|
|
to = service_configs.ports.bitmagnet;
|
|
}
|
|
];
|
|
|
|
openVPNPorts = [
|
|
{
|
|
port = service_configs.ports.bitmagnet;
|
|
protocol = "both";
|
|
}
|
|
];
|
|
};
|
|
|
|
services.bitmagnet = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
postgres = {
|
|
host = service_configs.postgres.socket;
|
|
};
|
|
http_server = {
|
|
# TODO! make issue about this being a string and not a `port` type
|
|
port = ":" + (builtins.toString service_configs.ports.bitmagnet);
|
|
};
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."bitmagnet.${service_configs.https.domain}".extraConfig = ''
|
|
# tls internal
|
|
${builtins.readFile ../secrets/caddy_auth}
|
|
reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString service_configs.ports.bitmagnet}
|
|
'';
|
|
|
|
systemd.services.bitmagnet.vpnConfinement = {
|
|
enable = true;
|
|
vpnNamespace = "wg";
|
|
};
|
|
}
|