nico/dots
2
2
Fork 1
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
dots/modules/services/media/arr.nix
Nico 7537a1e5b6
caddy: add block_non_private_ips snippet 
blocks ips not in tailnet or in local network from accessing services
using `important block_non_private_ips` in their caddy config
2025-08-04 22:15:05 +10:00

91 lines
2.1 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ...}:
{
users.groups.media = {};
# Finding/Requesting downloading
services.radarr = {
enable = true;
openFirewall = false;
dataDir = "/var/lib/radarr";
group = "media";
};
services.sonarr = {
enable = true;
openFirewall = false;
dataDir = "/var/lib/sonarr";
group = "media";
};
services.prowlarr = {
enable = true;
openFirewall = false;
};
services.bazarr = {
enable = true;
openFirewall = false;
group = "media";
};
# Downloading files
services.deluge = {
enable = true;
web.enable = true;
web.openFirewall = false;
group = "media";
};
# Requesting Frontend
services.jellyseerr = {
enable = true;
port = 5055;
openFirewall = false;
package = pkgs.jellyseerr;
};
services.caddy.virtualHosts."radarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:7878
import block_non_private_ips
'';
};
services.caddy.virtualHosts."sonarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8989
import block_non_private_ips
'';
};
services.caddy.virtualHosts."prowlarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:9696
import block_non_private_ips
'';
};
services.caddy.virtualHosts."bazarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:6767
import block_non_private_ips
'';
};
services.caddy.virtualHosts."deluge.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8112
import block_non_private_ips
'';
};
services.caddy.virtualHosts."jellyseer.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:5055
import block_non_private_ips
'';
};
}
Reference in a new issue View git blame Copy permalink