Loadsamoney

2025-05-09 00:22:34 +01:00
parent a3afa8eb2c
commit 1f137c2f0c
11 changed files with 206 additions and 91 deletions
--- a/modules/caddy/Caddyfile
+++ b/modules/caddy/Caddyfile
@@ -2,16 +2,12 @@
 	log {
 		level ERROR
 	}
-	admin off
+	# admin off
 	servers {
 		metrics
 	}
 }

-http://localhost:2019 {
-	metrics /metrics
-}
-
 matrix.broccoli.town {
 	reverse_proxy /_matrix/* http://localhost:8008
 	reverse_proxy /_synapse/client/* http://localhost:8008
@@ -25,26 +21,56 @@ broccoli.town:8448 {
 	reverse_proxy http://localhost:8008
 }

-broccoli.town {
-	header /.well-known/* "Access-Control-Allow-Origin" "*"
+radarr.broccoli.town {
+	bind 100.91.249.54

-	respond /.well-known/matrix/client `{ "m.homeserver": { "base_url": "https://broccoli.town" } }`
+	tls {
+		dns porkbun {
+			api_key {env.PORKBUN_API_KEY}
+			api_secret_key {env.PORKBUN_SECRET_KEY}
+		}
+	}

-	reverse_proxy /_matrix/* http://localhost:8008
-	reverse_proxy /_synapse/client/* http://localhost:8008
-
-	redir / https://chat.broccoli.town
+	reverse_proxy http://localhost:7878
 }

-chat.broccoli.town {
-	header {
-		X-Frame-Options "SAMEORIGIN"
-		X-XSS-Protection "1; mode=block"
-		X-Content-Type-Options "nosniff"
-		X-Robots-Tag "noindex, noarchive, nofollow"
+sab.broccoli.town {
+	bind 100.91.249.54
+
+	tls {
+		dns porkbun {
+			api_key {env.PORKBUN_API_KEY}
+			api_secret_key {env.PORKBUN_SECRET_KEY}
+		}
 	}
-	root * @element@
-	file_server
+
+	reverse_proxy http://localhost:8085
+}
+
+sonarr.broccoli.town {
+	bind 100.91.249.54
+
+	tls {
+		dns porkbun {
+			api_key {env.PORKBUN_API_KEY}
+			api_secret_key {env.PORKBUN_SECRET_KEY}
+		}
+	}
+
+	reverse_proxy localhost:8989
+}
+
+transmission.broccoli.town {
+	bind 100.91.249.54
+
+	tls {
+		dns porkbun {
+			api_key {env.PORKBUN_API_KEY}
+			api_secret_key {env.PORKBUN_SECRET_KEY}
+		}
+	}
+
+	reverse_proxy localhost:9091
 }

 danielpatterson.dev {
@@ -69,19 +95,14 @@ git.broccoli.town {
 }

 http://bigding:8384 {
+	bind 100.91.249.54
+
 	reverse_proxy localhost:8387
 }

-bigding.squirrel-clownfish.ts.net {
-	tls {
-		get_certificate tailscale
-	}
-	reverse_proxy localhost:9091
-}
-
 http://bigding {
-	reverse_proxy /transmission localhost:9091
-	reverse_proxy /transmission/* localhost:9091
+	bind 100.91.249.54
+
 	handle_path /prometheus/* {
 		reverse_proxy localhost:9090
 	}
--- a/modules/caddy/default.nix
+++ b/modules/caddy/default.nix
@@ -1,36 +1,20 @@
 {
  pkgs,
  lib,
+  config,
  ...
 }: {
  networking.firewall.allowedTCPPorts = [80 8448 443];

-  services.tailscale.permitCertUid = "caddy";
-
-  services.caddy = let
-    catppuccin = builtins.fromJSON (builtins.readFile (pkgs.fetchurl {
-      url = "https://raw.githubusercontent.com/catppuccin/element/main/config.json";
-      hash = "sha256-jaH6E2YO2np3Ewv6JQWbGRiRqsL75rIEJuKfXv95W6Y=";
-    }));
-
-    element = pkgs.element-web.override {
-      conf =
-        {
-          default_server_config."m.homeserver" = {
-            "base_url" = "https://broccoli.town";
-            "server_name" = "broccoli.town";
-          };
-        }
-        // catppuccin;
+  services.caddy = {
+    package = pkgs.caddy.withPlugins {
+      plugins = ["github.com/caddy-dns/porkbun@v0.2.1"];
+      hash = "sha256-X8QbRc2ahW1B5niV8i3sbfpe1OPYoaQ4LwbfeaWvfjg=";
    };
-
-    config = pkgs.substituteAll {
-      inherit element;
-      src = ./Caddyfile;
-    };
-  in {
    enable = true;
-    configFile = config;
+    enableReload = false;
    adapter = "caddyfile";
+    environmentFile = config.age.secrets.caddy_porkbun_api_env.path;
+    configFile = ./Caddyfile;
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,7 +2,7 @@
  bigding = {
    imports = [
      ./backups/bigding
-      ./caddy
+      # ./caddy
      ./dungflix
      ./fail2ban
      ./gitea
--- a/modules/dungflix/default.nix
+++ b/modules/dungflix/default.nix
@@ -4,26 +4,15 @@
  ...
 }: let
  mountdir = "/var/media/danflix";
-
-  rclone_config = pkgs.writeText "" ''
-    [danflix-storage-box]
-    type = sftp
-    sftp_md5sum_command = md5sum
-    sftp_sha1sum_command = sha1sum
-
-    [danflix-crypto]
-    type = crypt
-    remote = danflix-storage-box:danflix
-  '';
 in {
  age.secrets = {
-    danflix_storage_box_crypt_obscured_pw.file = ../../secrets/danflix_storage_box_crypt_obscured_pw.age;
    danflix_hetzner_storage_box_pub_key.file = ../../secrets/danflix_hetzner_storage_box_pub_key.age;
-    danflix_env_file.file = ../../secrets/danflix_env_file.age;
+    danflix_rclone_config.file = ../../secrets/danflix_rclone_config.age;
  };

  services = {
    jellyfin.enable = true;
+    jellyfin.group = "media";

    transmission = {
      enable = true;
@@ -55,7 +44,7 @@ in {
      "RCLONE_SFTP_KEY_FILE" = config.age.secrets.danflix_hetzner_storage_box_pub_key.path;
    };
    script = ''
-      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount danflix-crypto: ${mountdir} \
+      ${pkgs.rclone}/bin/rclone --config="${config.age.secrets.danflix_rclone_config.path}" mount danflix-union: ${mountdir} \
         --vfs-cache-mode full \
         --vfs-cache-max-age 336h \
         --vfs-cache-max-size 60G \
@@ -70,14 +59,13 @@ in {
    '';
    postStart = ''
      sleep 5
-      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" rc vfs/refresh recursive=true _async=true
+      ${pkgs.rclone}/bin/rclone --config="${config.age.secrets.danflix_rclone_config.path}" rc vfs/refresh recursive=true _async=true
    '';
    postStop = ''
      sleep 3
      ${pkgs.fuse3}/bin/fusermount -u ${mountdir}
    '';
    serviceConfig = {
-      EnvironmentFile = config.age.secrets.danflix_env_file.path;
      Restart = "on-failure";
    };
  };
--- a/modules/synapse/default.nix
+++ b/modules/synapse/default.nix
@@ -7,7 +7,7 @@
  fqdn = "matrix.broccoli.town";
 in {
  services.postgresql = {
-    enable = true;
+    enable = false;
    package = pkgs.postgresql_16;
    ensureUsers = [
    ];
@@ -20,7 +20,7 @@ in {
  };

  services.matrix-synapse = {
-    enable = true;
+    enable = false;
    settings = {
      enable_metrics = true;
      server_name = "broccoli.town";