diff --git a/config/services/access.nix b/config/services/access.nix index 0d6549b2..4ee3600a 100644 --- a/config/services/access.nix +++ b/config/services/access.nix @@ -1,4 +1,4 @@ -{ config, lib, meta, ... }: { +{ config, lib, meta, ... }: with lib; { deploy.tf.dns.records.services_media_forward = { inherit (config.network.dns) zone; domain = "media"; @@ -11,27 +11,30 @@ cname = { inherit (config.network.addresses.public) target; }; }; - services.nginx.virtualHosts = { - "cast.${config.network.dns.domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/".proxyPass = "http://127.0.0.1:8082"; - }; - }; - "media.${config.network.dns.domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/jellyfin/".proxyPass = "http://${meta.network.nodes.yukari.network.addresses.wireguard.nixos.ipv4.address}:8096/jellyfin/"; - "/jellyfin/socket" = { - proxyPass = "http://${meta.network.nodes.yukari.network.addresses.wireguard.nixos.ipv4.address}:8096/jellyfin/"; - extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; + services.nginx.virtualHosts = mkMerge [ + { + "cast.${config.network.dns.domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/".proxyPass = "http://127.0.0.1:8082"; }; }; - }; - }; + "media.${config.network.dns.domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/jellyfin/".proxyPass = "http://${meta.network.nodes.yukari.network.addresses.wireguard.nixos.ipv4.address}:8096/jellyfin/"; + "/jellyfin/socket" = { + proxyPass = "http://${meta.network.nodes.yukari.network.addresses.wireguard.nixos.ipv4.address}:8096/jellyfin/"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + }; + }; + } + (mkIf config.deploy.profile.trusted (import config.kw.secrets.repo.access.source { inherit config meta; })) + ]; }