network: use internal domains

2025-05-13 15:51:09 +02:00 · 2025-05-09 14:25:56 +02:00 · 2025-05-09 14:25:56 +02:00 · cc59943638
commit cc59943638
parent f511f7d146
7 changed files with 40 additions and 34 deletions
--- a/hosts/nuc/modules/torrent/default.nix
+++ b/hosts/nuc/modules/torrent/default.nix
@ -1,5 +1,6 @@
 { config, pkgs, ... }:
 let
+  domain = "torrents.vpn.rfive.de";
  cfg = {
    stateDir = "/var/lib/qbittorrent";
    downloadDir = "/var/videos/"; # TODO support other Media Types
@ -124,7 +125,9 @@ in
      SystemCallFilter = "@system-service";
    };
  };
-  networking.firewall.allowedTCPPorts = [ cfg.port ];
+  services.caddy.virtualHosts."http://${domain}".extraConfig = ''
+    reverse_proxy 127.0.0.1:${toString cfg.port}
+  '';
  systemd.tmpfiles.rules = [
    # ensure downloads directory is created, set permissions
    "d ${cfg.stateDir} - ${cfg.user} ${cfg.user} - -"