fix(access): deluge

systems/hakurei/nixos.nix

@@ -39,6 +39,7 @@ in {
     nixos.access.unifi
     nixos.access.kitchencam
     nixos.access.openwebrx
+    nixos.access.deluge
     nixos.access.home-assistant
     nixos.access.zigbee2mqtt
     nixos.access.grocy
@@ -219,6 +220,14 @@ in {
         virtualHosts.openwebrx'local.allServerNames
       ];
     };
+    deluge = {
+      inherit (nginx) group;
+      domain = virtualHosts.deluge.serverName;
+      extraDomainNames = mkMerge [
+        virtualHosts.deluge.otherServerNames
+        virtualHosts.deluge'local.allServerNames
+      ];
+    };
     yt = {
       inherit (nginx) group;
       domain = virtualHosts.invidious.serverName;
@@ -308,6 +317,7 @@ in {
       };
       kitchencam.ssl.cert.enable = true;
       openwebrx.ssl.cert.enable = true;
+      deluge.ssl.cert.enable = true;
       invidious = {
         ssl.cert.enable = true;
       };

systems/mediabox/cloudflared.nix

@@ -1,5 +1,11 @@
-{config, ...}: let
-  inherit (config.services) deluge tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.services) nginx tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
+  inherit (lib.modules) mkMerge;
+  inherit (lib.attrsets) mapAttrs' nameValuePair;
 in {
   sops.secrets.cloudflare_mediabox_tunnel = {
     owner = cloudflared.user;
@@ -7,22 +13,29 @@ in {
 
   services.cloudflared = let
     tunnelId = "6a3c1863-d879-462f-b5d5-7c6ddf476d0e";
-    inherit (config.networking) domain;
+    ingressPorts = {
+      tautulli = tautulli.port;
+      ombi = ombi.port;
+      sonarr = sonarr.port;
+      radarr = radarr.port;
+      bazarr = bazarr.listenPort;
+      lidarr = lidarr.port;
+      readarr = readarr.port;
+      prowlarr = prowlarr.port;
+    };
+    ingress = mapAttrs' (name: port:
+      nameValuePair "${name}.${config.networking.domain}" {
+        service = "http://localhost:${toString port}";
+      })
+    ingressPorts;
   in {
     tunnels.${tunnelId} = {
       default = "http_status:404";
       credentialsFile = config.sops.secrets.cloudflare_mediabox_tunnel.path;
-      ingress = {
-        "tautulli.${domain}".service = "http://localhost:${toString tautulli.port}";
-        "ombi.${domain}".service = "http://localhost:${toString ombi.port}";
-        "sonarr.${domain}".service = "http://localhost:${toString sonarr.port}";
-        "radarr.${domain}".service = "http://localhost:${toString radarr.port}";
-        "bazarr.${domain}".service = "http://localhost:${toString bazarr.listenPort}";
-        "lidarr.${domain}".service = "http://localhost:${toString lidarr.port}";
-        "readarr.${domain}".service = "http://localhost:${toString readarr.port}";
-        "prowlarr.${domain}".service = "http://localhost:${toString prowlarr.port}";
-        "deluge.${domain}".service = "http://localhost:${toString deluge.web.port}";
-      };
+      ingress = mkMerge [
+        ingress
+        (nginx.virtualHosts.deluge.proxied.cloudflared.getIngress {})
+      ];
     };
   };
 }

systems/mediabox/default.nix

@@ -10,9 +10,13 @@ _: {
   exports = {
     services = {
       sshd.enable = true;
-      nginx.enable = true;
+      nginx = {
+        enable = true;
+        ports.proxied.enable = true;
+      };
       plex.enable = true;
       invidious.enable = true;
+      deluge.enable = true;
     };
   };
 }

systems/mediabox/nixos.nix

@@ -24,6 +24,7 @@ in {
     nixos.sops
     nixos.nginx
     nixos.access.plex
+    nixos.access.deluge
     nixos.cloudflared
     ./cloudflared.nix
 
@@ -45,6 +46,14 @@ in {
     nixos.prowlarr
   ];
 
+  services.nginx = {
+    proxied.enable = true;
+    vouch.enable = true;
+    virtualHosts = {
+      deluge.proxied.enable = "cloudflared";
+    };
+  };
+
   services.mediatomb = {
     serverName = "tewi";
     mediaDirectories = let