diff --git a/lib/default.nix b/lib/default.nix
index 170181c..1e2ded9 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -52,6 +52,22 @@ in
};
};
+ mkPrivateSubdomain = name: port: {
+ luj.nginx.enable = true;
+ services.nginx.virtualHosts."${name}.julienmalka.me" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${toString port}";
+ extraConfig = ''
+ allow 10.100.0.0/24;
+ deny all;
+ '';
+ };
+ };
+ };
+
+
luj = import ./luj.nix final;
}
diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix
index 4f4db35..0aec296 100644
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@@ -68,7 +68,7 @@
prefixLength = 120;
}];
- networking.nameservers = [ "8.8.8.8" ];
+ networking.nameservers = [ "10.100.0.2" ];
networking.hostId = "fbb334ae";
services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true;
@@ -123,7 +123,7 @@
publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo=";
}
{
- allowedIPs = [ "10.100.0.8" ];
+ allowedIPs = [ "10.100.0.8/32" ];
publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA=";
}
];
diff --git a/modules/deluge/default.nix b/modules/deluge/default.nix
index b7a2bb6..ab547e9 100644
--- a/modules/deluge/default.nix
+++ b/modules/deluge/default.nix
@@ -54,7 +54,7 @@ in
};
}
- (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+ (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))]);
diff --git a/modules/jackett/default.nix b/modules/jackett/default.nix
index 951ca63..41fcf51 100644
--- a/modules/jackett/default.nix
+++ b/modules/jackett/default.nix
@@ -38,7 +38,7 @@ in
}
- (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+ (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))]);
diff --git a/modules/lidarr/default.nix b/modules/lidarr/default.nix
index ea9f95c..8c0a1d7 100644
--- a/modules/lidarr/default.nix
+++ b/modules/lidarr/default.nix
@@ -38,7 +38,7 @@ in
};
}
- (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]);
+ (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port) )]);
diff --git a/modules/radarr/default.nix b/modules/radarr/default.nix
index 2900ede..daa5715 100644
--- a/modules/radarr/default.nix
+++ b/modules/radarr/default.nix
@@ -38,7 +38,7 @@ in
};
}
- (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))
+ (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))
]);
diff --git a/modules/sonarr/default.nix b/modules/sonarr/default.nix
index dd23564..229488a 100644
--- a/modules/sonarr/default.nix
+++ b/modules/sonarr/default.nix
@@ -38,7 +38,7 @@ in
};
}
- (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]);
+ (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port) )]);