causalhonk/dots
1
0
Fork 0
forked from nico/dots
Code Pull requests Activity

caddy: init

Browse source
This commit is contained in:
Nico 2025-05-03 16:16:03 +10:00
parent 2dd3ade483
commit 25f02ec9ee
6 changed files with 118 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -23,6 +23,7 @@
./modules/nix/linux.nix
./modules/shell.nix
./modules/services/caddy.nix
./modules/services/miniflux.nix
./modules/services/media/arr.nix
./modules/services/media/jellyfin.nix

34
modules/services/caddy.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs, config, lib, ... }:
{
options = {
homelab.domain = lib.mkOption {
type = lib.types.str;
};
};
config = {
homelab.domain = "nyanyanya.myaddr.io";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.caddy = {
enable = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "nicocute@proton.me";
certs."${config.homelab.domain}" = {
group = config.services.caddy.group;
domain = "${config.homelab.domain}";
extraDomainNames = [ "*.${config.homelab.domain}" ];
dnsProvider = "myaddr";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
environmentFile = /var/lib/caddy/secret;
};
};
};
}

30
modules/services/glance.nix
View file

@ -3,9 +3,9 @@
{
services.glance = {
enable = true;
settings.server.port = 80;
settings.server.port = 8888;
settings.server.host = "0.0.0.0";
openFirewall = true;
openFirewall = false;
settings = {
pages = [
{
@ -57,35 +57,35 @@
links = [
{
title = "Jellyfin";
url = "http://${config.networking.hostName}:8096";
url = "https://watch.${config.homelab.domain}";
}
{
title = "Jellyseer";
url = "http://${config.networking.hostName}:5055";
url = "https://jellyseer.${config.homelab.domain}";
}
{
title = "Radarr";
url = "http://${config.networking.hostName}:7878";
url = "https://radarr.${config.homelab.domain}";
}
{
title = "Sonarr";
url = "http://${config.networking.hostName}:8989";
url = "https://sonarr.${config.homelab.domain}";
}
{
title = "Lidarr";
url = "http://${config.networking.hostName}:8686";
url = "https://lidarr.${config.homelab.domain}";
}
{
title = "Prowlarr";
url = "http://${config.networking.hostName}:9696";
url = "https://prowlarr.${config.homelab.domain}";
}
{
title = "Bazarr";
url = "http://${config.networking.hostName}:6767";
url = "https://bazarr.${config.homelab.domain}";
}
{
title = "Deluge";
url = "http://${config.networking.hostName}:8112";
url = "https://deluge.${config.homelab.domain}";
}
];
}
@ -95,7 +95,7 @@
links = [
{
title = "Miniflux";
url = "http://${config.networking.hostName}:8021";
url = "https://rss.${config.homelab.domain}";
}
];
}
@ -109,6 +109,10 @@
};
};
# allow services to bind to port 80
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0;
services.caddy.virtualHosts."${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8888
'';
};
}

57
modules/services/media/arr.nix
View file

@ -6,33 +6,33 @@
# Finding/Requesting downloading
services.radarr = {
enable = true;
openFirewall = true;
openFirewall = false;
dataDir = "/var/lib/radarr";
group = "media";
};
services.sonarr = {
enable = true;
openFirewall = true;
openFirewall = false;
dataDir = "/var/lib/sonarr";
group = "media";
};
services.lidarr = {
enable = true;
openFirewall = true;
openFirewall = false;
dataDir = "/var/lib/lidarr";
group = "media";
};
services.prowlarr = {
enable = true;
openFirewall = true;
openFirewall = false;
};
services.bazarr = {
enable = true;
openFirewall = true;
openFirewall = false;
group = "media";
};
@ -40,7 +40,7 @@
services.deluge = {
enable = true;
web.enable = true;
web.openFirewall = true;
web.openFirewall = false;
group = "media";
};
@ -49,7 +49,50 @@
services.jellyseerr = {
enable = true;
port = 5055;
openFirewall = true;
openFirewall = false;
package = pkgs.jellyseerr;
};
services.caddy.virtualHosts."radarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:7878
'';
};
services.caddy.virtualHosts."sonarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8989
'';
};
services.caddy.virtualHosts."lidarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8686
'';
};
services.caddy.virtualHosts."prowlarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:9696
'';
};
services.caddy.virtualHosts."bazarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:6767
'';
};
services.caddy.virtualHosts."deluge.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8112
'';
};
services.caddy.virtualHosts."jellyseer.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:5055
'';
};
}

11
modules/services/media/jellyfin.nix
View file

@ -1,10 +1,17 @@
{ ... }:
{ config, ... }:
{
# Streaming frontend
services.jellyfin = {
enable = true;
openFirewall = true;
openFirewall = false;
group = "media";
};
services.caddy.virtualHosts."watch.${config.homelab.domain}" = {
# useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8096
'';
};
}

10
modules/services/miniflux.nix
View file

@ -11,7 +11,7 @@
config = {
LISTEN_ADDR = "0.0.0.0:8021";
BASE_URL = "http://${config.networking.hostName}";
BASE_URL = "http://rss.${config.homelab.domain}";
CLEANUP_FREQUENCY = 48;
CREATE_ADMIN = 1;
@ -34,6 +34,10 @@
};
};
networking.firewall.allowedTCPPorts = [ 8021 ];
networking.firewall.allowedUDPPorts = [ 8021 ];
services.caddy.virtualHosts."rss.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8021
'';
};
}