From 39a574e94a81dcc7eb7007b9b4477bf4598ab67f Mon Sep 17 00:00:00 2001 From: reo101 Date: Sat, 20 Jul 2024 18:02:26 +0300 Subject: [PATCH] feat(jeeves)!: `nginx` reverse-proxying for `jeeves.local` --- .../x86_64-linux/jeeves/configuration.nix | 2 ++ .../nixos/x86_64-linux/jeeves/jellyfin.nix | 26 ++++------------ .../nixos/x86_64-linux/jeeves/network.nix | 4 +++ machines/nixos/x86_64-linux/jeeves/nginx.nix | 25 +++++++++++++++ .../x86_64-linux/jeeves/transmission.nix | 31 +++++++++++++++++++ 5 files changed, 68 insertions(+), 20 deletions(-) create mode 100644 machines/nixos/x86_64-linux/jeeves/nginx.nix create mode 100644 machines/nixos/x86_64-linux/jeeves/transmission.nix diff --git a/machines/nixos/x86_64-linux/jeeves/configuration.nix b/machines/nixos/x86_64-linux/jeeves/configuration.nix index f553b0f..953ddd7 100644 --- a/machines/nixos/x86_64-linux/jeeves/configuration.nix +++ b/machines/nixos/x86_64-linux/jeeves/configuration.nix @@ -8,7 +8,9 @@ inputs.agenix-rekey.nixosModules.default ./network.nix ./wireguard.nix + ./nginx.nix ./jellyfin.nix + ./transmission.nix ./mindustry.nix # ./home-assistant ./samba.nix diff --git a/machines/nixos/x86_64-linux/jeeves/jellyfin.nix b/machines/nixos/x86_64-linux/jeeves/jellyfin.nix index 0015142..912dd52 100644 --- a/machines/nixos/x86_64-linux/jeeves/jellyfin.nix +++ b/machines/nixos/x86_64-linux/jeeves/jellyfin.nix @@ -1,13 +1,5 @@ { lib, pkgs, config, ... }: { - environment.systemPackages = with pkgs; [ - tremc - ]; - - # networking.extraHosts = '' - # 127.0.0.1 jeeves - # ''; - hardware.graphics = { enable = true; enable32Bit = true; @@ -21,20 +13,14 @@ }; services = { - transmission = { - enable = true; - package = pkgs.transmission_4; - openRPCPort = true; - webHome = pkgs.flood-for-transmission; - # TODO: `credentialsFile` for RPC password with agenix - settings = { - download-dir = "/data/torrents/download"; - incomplete-dir = "/data/torrents/incomplete"; - incomplete-dir-enabled = true; - rpc-bind-address = "0.0.0.0"; - rpc-whitelist = "127.0.0.1,192.168.*.*,10.100.0.*"; + nginx = { + virtualHosts."jellyfin.jeeves.local" = { + enableACME = false; + forceSSL = false; + locations."/".proxyPass = "http://127.0.0.1:8096"; }; }; + jellyfin = { enable = true; openFirewall = true; diff --git a/machines/nixos/x86_64-linux/jeeves/network.nix b/machines/nixos/x86_64-linux/jeeves/network.nix index 5e13c8f..6ca4b47 100644 --- a/machines/nixos/x86_64-linux/jeeves/network.nix +++ b/machines/nixos/x86_64-linux/jeeves/network.nix @@ -3,6 +3,10 @@ environment.systemPackages = with pkgs; [ ]; + networking.extraHosts = '' + 127.0.0.1 jeeves.local + ''; + # networking.nftables.enable = true; age.secrets."home.wifi.env" = { diff --git a/machines/nixos/x86_64-linux/jeeves/nginx.nix b/machines/nixos/x86_64-linux/jeeves/nginx.nix new file mode 100644 index 0000000..970edf4 --- /dev/null +++ b/machines/nixos/x86_64-linux/jeeves/nginx.nix @@ -0,0 +1,25 @@ +{ inputs, outputs, lib, pkgs, config, ... }: + +{ + environment.systemPackages = [ + # config.services.nextcloud.package + ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx = { + enable = true; + package = pkgs.openresty; + # virtualHosts."_.jeeves.local" = { + # # listen = [ + # # { + # # addr = "127.0.0.1"; + # # port = 1234; + # # } + # # ]; + # enableACME = false; + # forceSSL = false; + # locations."/".proxyPass = "http://127.0.0.1:1234"; + # }; + }; +} diff --git a/machines/nixos/x86_64-linux/jeeves/transmission.nix b/machines/nixos/x86_64-linux/jeeves/transmission.nix new file mode 100644 index 0000000..a631c77 --- /dev/null +++ b/machines/nixos/x86_64-linux/jeeves/transmission.nix @@ -0,0 +1,31 @@ +{ lib, pkgs, config, ... }: +{ + environment.systemPackages = with pkgs; [ + tremc + ]; + + services = { + transmission = { + enable = true; + package = pkgs.transmission_4; + openRPCPort = true; + webHome = pkgs.flood-for-transmission; + # TODO: `credentialsFile` for RPC password with agenix + settings = { + download-dir = "/data/torrents/download"; + incomplete-dir = "/data/torrents/incomplete"; + incomplete-dir-enabled = true; + rpc-bind-address = "0.0.0.0"; + rpc-whitelist = "127.0.0.1,192.168.*.*,10.100.0.*,*.local"; + }; + }; + + nginx = { + virtualHosts."transmission.jeeves.local" = { + enableACME = false; + forceSSL = false; + locations."/".proxyPass = "http://127.0.0.1:9091"; + }; + }; + }; +}