fix(access): deluge

2026-02-09 04:19:19 -08:00 · 2024-05-17 20:33:12 -07:00 · 2024-05-17 20:33:12 -07:00 · edf2d60410
commit edf2d60410
parent 5a5844cc08
10 changed files with 217 additions and 18 deletions
--- a/nixos/access/deluge.nix
+++ b/nixos/access/deluge.nix
@ -0,0 +1,88 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
+  inherit (config.services) nginx;
+  cfg = config.services.deluge;
+  upstreamName = "deluge'access";
+  upstreamName'daemon = "deluge'daemon'access";
+  locations."/".proxy.enable = true;
+  name.shortServer = mkDefault "deluge";
+  copyFromVhost = mkDefault "deluge";
+in {
+  config.services.nginx = {
+    upstreams'.${upstreamName}.servers = {
+      local = mkIf (cfg.enable && cfg.web.enable) {
+        enable = mkDefault true;
+        addr = mkDefault "127.0.0.1";
+        port = mkDefault cfg.web.port;
+      };
+      access = {upstream, ...}: {
+        enable = mkDefault (!upstream.servers.local.enable or false);
+        accessService = {
+          name = "deluge";
+          port = "web";
+          getAddressFor = mkDefault "getAddress4For";
+        };
+      };
+    };
+    virtualHosts = {
+      deluge = {
+        inherit name locations;
+        ssl.force = mkDefault true;
+        proxy.upstream = mkDefault upstreamName;
+        vouch.enable = mkDefault true;
+      };
+      deluge'local = {
+        inherit name locations;
+        ssl = {
+          force = mkDefault true;
+          cert = {
+            inherit copyFromVhost;
+          };
+        };
+        local.enable = true;
+        proxy = {
+          inherit copyFromVhost;
+        };
+      };
+    };
+    stream = {
+      upstreams.${upstreamName'daemon} = {
+        enable = mkDefault (!cfg.enable);
+        servers = {
+          local = mkIf cfg.enable {
+            enable = mkDefault true;
+            addr = mkDefault "127.0.0.1";
+            port = mkDefault cfg.config.daemon_port;
+          };
+          access = {upstream, ...}: {
+            enable = mkDefault (!upstream.servers.local.enable or false);
+            accessService = {
+              name = "deluge";
+              getAddressFor = mkDefault "getAddress4For";
+            };
+          };
+        };
+      };
+      servers.deluge'local = {config, ...}: let
+        upstream = nginx.stream.upstreams.${config.proxy.upstream};
+      in {
+        enable = mkDefault upstream.enable;
+        listen.daemon.port = mkOptionDefault upstream.servers.${upstream.defaultServerName}.port;
+        local.enable = true;
+        proxy.upstream = mkDefault upstreamName'daemon;
+      };
+    };
+  };
+  config.networking.firewall = let
+    daemonServer = nginx.stream.servers.deluge'local;
+  in
+    mkIf daemonServer.enable {
+      interfaces.local.allowedTCPPorts = [
+        daemonServer.listen.daemon.port
+      ];
+    };
+}