From fd6bcd05b6bdd84bebbd1def5636206bab785e4a Mon Sep 17 00:00:00 2001
From: baritone <baritone@mail.spoodythe.one>
Date: Thu, 20 Mar 2025 09:57:01 +0100
Subject: [PATCH] Updated nginx configuration for vm and for undefined
 virtualHosts

---
 services/auto-torrent.nix | 106 ++++++++++++++------------------------
 services/nginx.nix        |   4 +-
 2 files changed, 41 insertions(+), 69 deletions(-)

diff --git a/services/auto-torrent.nix b/services/auto-torrent.nix
index 33381a0..0d97048 100644
--- a/services/auto-torrent.nix
+++ b/services/auto-torrent.nix
@@ -5,12 +5,21 @@
 }: let
   lib = pkgs.lib;
   host = "10.0.${toString vm-index}.1";
-  port = 8989;
+
+  ports = {
+    sonarr.port = 8989;
+    radarr.port = 7878;
+    jackett.port = 9117;
+    # transmission.port = 9091;
+  };
+
   vm-index = 1;
   vm-mac = "02:00:00:00:00:02";
   vm-name = "auto-torrent";
   vpn-endpoint = "193.32.248.70";
   enable-services = true;
+
+  ports-list = pkgs.lib.attrsets.mapAttrsToList (name: value: value.port) ports;
 in {
   microvm.autostart = [vm-name];
 
@@ -139,6 +148,7 @@ in {
       services.transmission = pkgs.lib.mkIf enable-services {
         enable = true;
         openFirewall = true;
+        openRPCPort = true;
         home = "/mnt/transmission";
         settings.download-dir = "/mnt/transmission";
         settings.incomplete-dir = "/mnt/transmission/.incomplete";
@@ -169,73 +179,33 @@ in {
     };
   };
 
-  # Sonarr
-  services.nginx.virtualHosts."sonarr.spoodythe.one" = {
-    addSSL = true;
-    enableACME = true;
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-        ssl = false;
+  # Add virtual hosts for all the different services running in the vm
+  services.nginx.virtualHosts = builtins.listToAttrs (pkgs.lib.attrsets.mapAttrsToList (
+      name: value: {
+        name = "${name}.spoodythe.one";
+        value = {
+          addSSL = true;
+          enableACME = true;
+          listen = [
+            {
+              port = value.port;
+              addr = "0.0.0.0";
+              ssl = false;
+            }
+            {
+              port = 443;
+              addr = "0.0.0.0";
+              ssl = true;
+            }
+          ];
+          locations."/" = {
+            proxyPass = "http://${host}:${toString value.port}";
+          };
+        };
       }
-      {
-        port = 443;
-        addr = "0.0.0.0";
-        ssl = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://${host}:${toString port}";
-    };
-  };
+    )
+    ports);
 
-  # Radarr
-  services.nginx.virtualHosts."radarr.spoodythe.one" = let
-    port = 7878;
-  in {
-    addSSL = true;
-    enableACME = true;
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-        ssl = false;
-      }
-      {
-        port = 443;
-        addr = "0.0.0.0";
-        ssl = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://${host}:${toString port}";
-    };
-  };
-
-  # Jackett
-  services.nginx.virtualHosts."jackett.spoodythe.one" = let
-    port = 9117;
-  in {
-    addSSL = true;
-    enableACME = true;
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-        ssl = false;
-      }
-      {
-        port = 443;
-        addr = "0.0.0.0";
-        ssl = true;
-      }
-    ];
-    locations."/" = {
-      proxyPass = "http://${host}:${toString port}";
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [port 9117 7878 9696 80 433];
-  networking.firewall.allowedUDPPorts = [port 9117 7878 9696 80 433];
+  networking.firewall.allowedTCPPorts = [80 443] ++ ports-list;
+  networking.firewall.allowedUDPPorts = [80 443] ++ ports-list;
 }
diff --git a/services/nginx.nix b/services/nginx.nix
index 7538fd0..982020d 100755
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -11,7 +11,9 @@
       enableACME = true;
       default = true;
       locations."/" = {
-        return = 404;
+        extraConfig = ''
+          deny all;
+        '';
       };
     };
   };