Secret services are now under cover

2025-03-27 06:10:53 +01:00 · 2022-02-20 18:36:34 +01:00 · 2022-02-20 18:36:34 +01:00 · 96d5711503
commit 96d5711503
parent f01fd4e8ca
7 changed files with 23 additions and 7 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -52,6 +52,22 @@ in
    };
  };

+  mkPrivateSubdomain = name: port: {
+    luj.nginx.enable = true;
+    services.nginx.virtualHosts."${name}.julienmalka.me" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString port}";
+        extraConfig = ''
+          allow 10.100.0.0/24;
+          deny all;
+        '';
+      };
+    };
+  };
+
+
  luj = import ./luj.nix final;

 }
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@ -68,7 +68,7 @@
    prefixLength = 120;
  }];

-  networking.nameservers = [ "8.8.8.8" ];
+  networking.nameservers = [ "10.100.0.2" ];
  networking.hostId = "fbb334ae";
  services.zfs.autoSnapshot.enable = true;
  services.zfs.autoScrub.enable = true;
@ -123,7 +123,7 @@
          publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo=";
        }
        {
-          allowedIPs = [ "10.100.0.8" ];
+          allowedIPs = [ "10.100.0.8/32" ];
          publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA=";
        }
      ]; 
--- a/modules/deluge/default.nix
+++ b/modules/deluge/default.nix
@ -54,7 +54,7 @@ in
      };
    }

-      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+      (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))]);



--- a/modules/jackett/default.nix
+++ b/modules/jackett/default.nix
@ -38,7 +38,7 @@ in

    }

-      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+      (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))]);



--- a/modules/lidarr/default.nix
+++ b/modules/lidarr/default.nix
@ -38,7 +38,7 @@ in
      };
    }

-      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]);
+      (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port) )]);



--- a/modules/radarr/default.nix
+++ b/modules/radarr/default.nix
@ -38,7 +38,7 @@ in
      };
    }

-      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))
+      (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))

    ]);

--- a/modules/sonarr/default.nix
+++ b/modules/sonarr/default.nix
@ -38,7 +38,7 @@ in
      };
    }

-      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]);
+      (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port) )]);