Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-02 18:20:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Secret services are now under cover

Browse source
This commit is contained in:
Julien Malka 2022-02-20 18:36:34 +01:00
parent f01fd4e8ca
commit 96d5711503
No known key found for this signature in database
GPG key ID: 3C68E13964FEA07F
7 changed files with 23 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/default.nix
View file

@ -52,6 +52,22 @@ in
}; };
}; };
mkPrivateSubdomain = name: port: {
luj.nginx.enable = true;
services.nginx.virtualHosts."${name}.julienmalka.me" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
extraConfig = ''
allow 10.100.0.0/24;
deny all;
'';
};
};
};
luj = import ./luj.nix final; luj = import ./luj.nix final;
} }

4
machines/lisa/default.nix
View file

@ -68,7 +68,7 @@
prefixLength = 120; prefixLength = 120;
}]; }];
networking.nameservers = [ "8.8.8.8" ]; networking.nameservers = [ "10.100.0.2" ];
networking.hostId = "fbb334ae"; networking.hostId = "fbb334ae";
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
@ -123,7 +123,7 @@
publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo="; publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo=";
} }
{ {
allowedIPs = [ "10.100.0.8" ]; allowedIPs = [ "10.100.0.8/32" ];
publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA="; publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA=";
} }
]; ];

2
modules/deluge/default.nix
View file

@ -54,7 +54,7 @@ in
}; };
} }
(mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]); (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))]);

2
modules/jackett/default.nix
View file

@ -38,7 +38,7 @@ in
} }
(mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]); (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))]);

2
modules/lidarr/default.nix
View file

@ -38,7 +38,7 @@ in
}; };
} }
(mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]); (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port) )]);

2
modules/radarr/default.nix
View file

@ -38,7 +38,7 @@ in
}; };
} }
(mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port)) (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port))
]); ]);

2
modules/sonarr/default.nix
View file

@ -38,7 +38,7 @@ in
}; };
} }
(mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]); (mkIf cfg.nginx.enable (mkPrivateSubdomain cfg.nginx.subdomain port) )]);