Loadsamoney

2025-05-09 00:22:34 +01:00
parent a3afa8eb2c
commit 1f137c2f0c
11 changed files with 206 additions and 91 deletions
--- a/hosts/bigding/configuration.nix
+++ b/hosts/bigding/configuration.nix
@@ -3,7 +3,29 @@
  pkgs,
  lib,
  ...
-}: {
+}: let
+  mkVHost = baseUrl: {
+    service,
+    port,
+  }: {
+    name = "${service}.${baseUrl}";
+    value = {
+      listenAddresses = ["100.91.249.54"];
+      extraConfig = ''
+        tls {
+        	dns porkbun {
+        		api_key {env.PORKBUN_API_KEY}
+        		api_secret_key {env.PORKBUN_SECRET_KEY}
+        	}
+        }
+
+         reverse_proxy localhost:${builtins.toString port}
+      '';
+    };
+  };
+
+  mkVHosts = baseUrl: hosts: builtins.listToAttrs (builtins.map (mkVHost baseUrl) hosts);
+in {
  imports = [
    ../common
    ./hardware-configuration.nix
@@ -26,6 +48,7 @@
    interfaces.ens3.useDHCP = true;

    firewall = {
+      allowedTCPPorts = [80 8448 443];
      allowedTCPPortRanges = [
        {
          from = 12500;
@@ -46,6 +69,8 @@
    };
  };

+  services.tailscale.permitCertUid = "caddy";
+
  services.syncthing = {
    settings = {
      gui = {
@@ -55,6 +80,105 @@
    guiAddress = "localhost:8387";
  };

+  users.groups."media".name = "media";
+
+  age.secrets = {
+    caddy_porkbun_api_env.file = ../../secrets/caddy_porkbun_api_env.age;
+  };
+
+  services.sabnzbd = {
+    enable = true;
+    group = "media";
+  };
+
+  services.radarr = {
+    enable = true;
+    group = "media";
+  };
+
+  services.caddy = {
+    enable = true;
+    enableReload = false;
+    environmentFile = config.age.secrets.caddy_porkbun_api_env.path;
+    package = pkgs.caddy.withPlugins {
+      plugins = ["github.com/caddy-dns/porkbun@v0.2.1"];
+      hash = "sha256-X8QbRc2ahW1B5niV8i3sbfpe1OPYoaQ4LwbfeaWvfjg=";
+    };
+    logFormat = "level INFO";
+    virtualHosts =
+      (mkVHosts "broccoli.town" [
+        {
+          service = "radarr";
+          port = 7878;
+        }
+        {
+          service = "sonarr";
+          port = 8989;
+        }
+        {
+          service = "sab";
+          port = 8085;
+        }
+        {
+          service = "transmission";
+          port = 9091;
+        }
+      ])
+      // {
+        "danielpatterson.dev" = {
+          extraConfig = ''
+            header {
+            	proof proven.lol/de4a14
+            }
+            root * /srv/site/danielpatterson.dev
+            encode zstd gzip
+            file_server
+          '';
+        };
+        "movies.danielpatterson.dev" = {
+          extraConfig = ''
+            reverse_proxy localhost:8096
+          '';
+        };
+        "git.broccoli.town" = {
+          extraConfig = ''
+            reverse_proxy localhost:3030
+          '';
+        };
+      };
+  };
+
+  # containers.radarr = {
+  #   autoStart = false;
+  #   bindMounts = {
+  #     "/data" = {
+  #       hostPath = "/var/media";
+  #       mountPoint = "/data";
+  #       isReadOnly = false;
+  #     };
+  #   };
+  #   forwardPorts = [
+  #     {
+  #       containerPort = 7878;
+  #       hostPort = 7979;
+  #     }
+  #   ];
+  #   config = {config, pkgs, lib, ...}: {
+  #     services.radarr = {
+  #       enable = true;
+  #     };
+  #   };
+  # };
+
+  services.sonarr = {
+    enable = true;
+    group = "media";
+  };
+
+  services.prowlarr = {
+    enable = true;
+  };
+
  environment.systemPackages = with pkgs; [
    helix
    kitty # For terminfo