From cc599436389b5d77661e2d7d3910a39183bcdb56 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 9 May 2025 14:25:56 +0200 Subject: [PATCH] network: use internal domains --- hosts/fujitsu/modules/jellyfin/default.nix | 8 +++++++- hosts/nuc/modules/adguard/default.nix | 10 +++++++-- hosts/nuc/modules/caddy/default.nix | 24 ---------------------- hosts/nuc/modules/indexing/prowlarr.nix | 9 ++++++-- hosts/nuc/modules/indexing/radarr.nix | 9 ++++++-- hosts/nuc/modules/indexing/sonarr.nix | 9 ++++++-- hosts/nuc/modules/torrent/default.nix | 5 ++++- 7 files changed, 40 insertions(+), 34 deletions(-) delete mode 100644 hosts/nuc/modules/caddy/default.nix diff --git a/hosts/fujitsu/modules/jellyfin/default.nix b/hosts/fujitsu/modules/jellyfin/default.nix index 8379831..fdb5880 100644 --- a/hosts/fujitsu/modules/jellyfin/default.nix +++ b/hosts/fujitsu/modules/jellyfin/default.nix @@ -1,6 +1,12 @@ +{ config, ... }: +let + domain = "media.vpn.rfive.de"; +in { services.jellyfin = { enable = true; - openFirewall = true; }; + services.caddy.virtualHosts."http://${domain}".extraConfig = '' + reverse_proxy 127.0.0.1:8096 + ''; } diff --git a/hosts/nuc/modules/adguard/default.nix b/hosts/nuc/modules/adguard/default.nix index b368d88..86ef790 100644 --- a/hosts/nuc/modules/adguard/default.nix +++ b/hosts/nuc/modules/adguard/default.nix @@ -1,13 +1,19 @@ { ... }: +let + domain = "adguard.vpn.rfive.de"; + port = 3000; +in { networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; services.adguardhome = { enable = true; - openFirewall = true; settings = { dns.bind_hosts = [ "192.168.42.2" ]; - http.address = "0.0.0.0:3000"; + http.address = "127.0.0.1:${toString port}"; }; }; + services.caddy.virtualHosts."http://${domain}".extraConfig = '' + reverse_proxy 127.0.0.1:${toString port} + ''; } diff --git a/hosts/nuc/modules/caddy/default.nix b/hosts/nuc/modules/caddy/default.nix deleted file mode 100644 index ef52dd7..0000000 --- a/hosts/nuc/modules/caddy/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, ... }: -{ - services.caddy = { - enable = true; - email = "ca@${config.networking.domain}"; - logFormat = "format console"; - globalConfig = '' - servers { - metrics - } - ''; - virtualHosts.":2018" = { - extraConfig = '' - metrics - ''; - logFormat = '' - output discard - ''; - }; - }; - systemd.services.caddy.environment.XDG_DATA_HOME = "/var/lib"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 443 ]; -} diff --git a/hosts/nuc/modules/indexing/prowlarr.nix b/hosts/nuc/modules/indexing/prowlarr.nix index 03bc1b8..5a2910b 100644 --- a/hosts/nuc/modules/indexing/prowlarr.nix +++ b/hosts/nuc/modules/indexing/prowlarr.nix @@ -1,7 +1,12 @@ -{ ... }: +{ config, ... }: +let + domain = "index.vpn.rfive.de"; +in { services.prowlarr = { enable = true; - openFirewall = true; }; + services.caddy.virtualHosts."http://${domain}".extraConfig = '' + reverse_proxy 127.0.0.1:${toString config.services.prowlarr.settings.server.port} + ''; } diff --git a/hosts/nuc/modules/indexing/radarr.nix b/hosts/nuc/modules/indexing/radarr.nix index f56365f..1eda08e 100644 --- a/hosts/nuc/modules/indexing/radarr.nix +++ b/hosts/nuc/modules/indexing/radarr.nix @@ -1,7 +1,12 @@ -{ ... }: +{ config, ... }: +let + domain = "movies.vpn.rfive.de"; +in { services.radarr = { enable = true; - openFirewall = true; }; + services.caddy.virtualHosts."http://${domain}".extraConfig = '' + reverse_proxy 127.0.0.1:${toString config.services.radarr.settings.server.port} + ''; } diff --git a/hosts/nuc/modules/indexing/sonarr.nix b/hosts/nuc/modules/indexing/sonarr.nix index 92f5cc0..2596e14 100644 --- a/hosts/nuc/modules/indexing/sonarr.nix +++ b/hosts/nuc/modules/indexing/sonarr.nix @@ -1,7 +1,12 @@ -{ ... }: +{ config, ... }: +let + domain = "shows.vpn.rfive.de"; +in { services.sonarr = { enable = true; - openFirewall = true; }; + services.caddy.virtualHosts."http://${domain}".extraConfig = '' + reverse_proxy 127.0.0.1:${toString config.services.sonarr.settings.server.port} + ''; } diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index d55f270..dd9e081 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: let + domain = "torrents.vpn.rfive.de"; cfg = { stateDir = "/var/lib/qbittorrent"; downloadDir = "/var/videos/"; # TODO support other Media Types @@ -124,7 +125,9 @@ in SystemCallFilter = "@system-service"; }; }; - networking.firewall.allowedTCPPorts = [ cfg.port ]; + services.caddy.virtualHosts."http://${domain}".extraConfig = '' + reverse_proxy 127.0.0.1:${toString cfg.port} + ''; systemd.tmpfiles.rules = [ # ensure downloads directory is created, set permissions "d ${cfg.stateDir} - ${cfg.user} ${cfg.user} - -"