Updated nginx configuration for vm and for undefined virtualHosts

2025-03-20 09:57:01 +01:00 · 2025-03-20 09:57:01 +01:00 · fd6bcd05b6
parent f0b23e712f
commit fd6bcd05b6
2 changed files with 41 additions and 69 deletions
--- a/services/auto-torrent.nix
+++ b/services/auto-torrent.nix
@ -5,12 +5,21 @@
 }: let
  lib = pkgs.lib;
  host = "10.0.${toString vm-index}.1";
-  port = 8989;
+
+  ports = {
+    sonarr.port = 8989;
+    radarr.port = 7878;
+    jackett.port = 9117;
+    # transmission.port = 9091;
+  };
+
  vm-index = 1;
  vm-mac = "02:00:00:00:00:02";
  vm-name = "auto-torrent";
  vpn-endpoint = "193.32.248.70";
  enable-services = true;
+
+  ports-list = pkgs.lib.attrsets.mapAttrsToList (name: value: value.port) ports;
 in {
  microvm.autostart = [vm-name];

@ -139,6 +148,7 @@ in {
      services.transmission = pkgs.lib.mkIf enable-services {
        enable = true;
        openFirewall = true;
+        openRPCPort = true;
        home = "/mnt/transmission";
        settings.download-dir = "/mnt/transmission";
        settings.incomplete-dir = "/mnt/transmission/.incomplete";
@ -169,73 +179,33 @@ in {
    };
  };

-  # Sonarr
-  services.nginx.virtualHosts."sonarr.spoodythe.one" = {
-    addSSL = true;
-    enableACME = true;
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-        ssl = false;
+  # Add virtual hosts for all the different services running in the vm
+  services.nginx.virtualHosts = builtins.listToAttrs (pkgs.lib.attrsets.mapAttrsToList (
+      name: value: {
+        name = "${name}.spoodythe.one";
+        value = {
+          addSSL = true;
+          enableACME = true;
+          listen = [
+            {
+              port = value.port;
+              addr = "0.0.0.0";
+              ssl = false;
+            }
+            {
+              port = 443;
+              addr = "0.0.0.0";
+              ssl = true;
+            }
+          ];
+          locations."/" = {
+            proxyPass = "http://${host}:${toString value.port}";
+          };
+        };
      }
-      {
-        port = 443;
-        addr = "0.0.0.0";
-        ssl = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://${host}:${toString port}";
-    };
-  };
+    )
+    ports);

-  # Radarr
-  services.nginx.virtualHosts."radarr.spoodythe.one" = let
-    port = 7878;
-  in {
-    addSSL = true;
-    enableACME = true;
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-        ssl = false;
-      }
-      {
-        port = 443;
-        addr = "0.0.0.0";
-        ssl = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://${host}:${toString port}";
-    };
-  };
-
-  # Jackett
-  services.nginx.virtualHosts."jackett.spoodythe.one" = let
-    port = 9117;
-  in {
-    addSSL = true;
-    enableACME = true;
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-        ssl = false;
-      }
-      {
-        port = 443;
-        addr = "0.0.0.0";
-        ssl = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://${host}:${toString port}";
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [port 9117 7878 9696 80 433];
-  networking.firewall.allowedUDPPorts = [port 9117 7878 9696 80 433];
+  networking.firewall.allowedTCPPorts = [80 443] ++ ports-list;
+  networking.firewall.allowedUDPPorts = [80 443] ++ ports-list;
 }
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -11,7 +11,9 @@
      enableACME = true;
      default = true;
      locations."/" = {
-        return = 404;
+        extraConfig = ''
+          deny all;
+        '';
      };
    };
  };