gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(access): deluge

Browse source
This commit is contained in:
arcnmx 2024-05-17 20:33:12 -07:00
parent 5a5844cc08
commit edf2d60410
10 changed files with 217 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/nixos/nginx/local.nix
View file

@ -148,10 +148,27 @@
trusted = mkOptionDefault cfg.denyGlobal; trusted = mkOptionDefault cfg.denyGlobal;
}; };
}; };
serverModule = {config, ...}: let
cfg = config.local;
in { in {
options = with lib.types; { imports = [localModule];
services.nginx.virtualHosts = mkOption {
config.local = {
enable = mkOptionDefault false;
denyGlobal = mkOptionDefault cfg.enable;
trusted = mkOptionDefault cfg.denyGlobal;
};
};
in {
options.services.nginx = with lib.types; {
virtualHosts = mkOption {
type = attrsOf (submodule [hostModule]); type = attrsOf (submodule [hostModule]);
}; };
stream.servers = mkOption {
type = attrsOf (submoduleWith {
modules = [serverModule];
shorthandOnlyDefinesConfig = false;
});
};
}; };
} }

6
modules/nixos/nginx/upstream.nix
View file

@ -40,6 +40,10 @@ let
type = str; type = str;
default = "default"; default = "default";
}; };
getAddressFor = mkOption {
type = str;
default = "getAddressFor";
};
network = mkOption { network = mkOption {
type = str; type = str;
default = "lan"; default = "lan";
@ -61,7 +65,7 @@ let
enable = lib.warnIf (!port.enable) "${cfg.system}.exports.services.${cfg.name}.ports.${cfg.port} isn't enabled" ( enable = lib.warnIf (!port.enable) "${cfg.system}.exports.services.${cfg.name}.ports.${cfg.port} isn't enabled" (
mkAlmostOptionDefault port.enable mkAlmostOptionDefault port.enable
); );
addr = mkAlmostOptionDefault (access.getAddressFor system.name cfg.network); addr = mkAlmostOptionDefault (access.${cfg.getAddressFor} system.name cfg.network);
port = mkOptionDefault port.port; port = mkOptionDefault port.port;
ssl.enable = mkIf port.ssl (mkAlmostOptionDefault true); ssl.enable = mkIf port.ssl (mkAlmostOptionDefault true);
}; };

46
modules/system/exports/deluge.nix Normal file
View file

@ -0,0 +1,46 @@
{
lib,
gensokyo-zone,
...
}: let
inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault;
inherit (lib.modules) mkIf;
inherit (lib.attrsets) mapAttrs;
in {
config.exports.services.deluge = {config, ...}: {
nixos = {
serviceAttr = "deluge";
assertions = let
mkAssertion = f: nixosConfig: let
cfg = nixosConfig.services.deluge;
in
f nixosConfig cfg;
in
mkIf config.enable [
(mkAssertion (nixosConfig: cfg: {
assertion = config.ports.default.port == cfg.config.daemon_port;
message = "config.daemon_port mismatch";
}))
(mkAssertion (nixosConfig: cfg: {
assertion = config.ports.web.port == cfg.web.port;
message = "web.port mismatch";
}))
(mkAssertion (nixosConfig: cfg: {
assertion = config.ports.web.enable == cfg.web.enable;
message = "web.enable mismatch";
}))
];
};
defaults.port.listen = mkAlmostOptionDefault "lan";
ports = mapAttrs (_: mapAlmostOptionDefaults) {
default = {
port = 58846;
transport = "tcp";
};
web = {
port = 8112;
protocol = "http";
};
};
};
}

88
nixos/access/deluge.nix Normal file
View file

@ -0,0 +1,88 @@
{
config,
lib,
...
}: let
inherit (lib.modules) mkIf mkDefault mkOptionDefault;
inherit (config.services) nginx;
cfg = config.services.deluge;
upstreamName = "deluge'access";
upstreamName'daemon = "deluge'daemon'access";
locations."/".proxy.enable = true;
name.shortServer = mkDefault "deluge";
copyFromVhost = mkDefault "deluge";
in {
config.services.nginx = {
upstreams'.${upstreamName}.servers = {
local = mkIf (cfg.enable && cfg.web.enable) {
enable = mkDefault true;
addr = mkDefault "127.0.0.1";
port = mkDefault cfg.web.port;
};
access = {upstream, ...}: {
enable = mkDefault (!upstream.servers.local.enable or false);
accessService = {
name = "deluge";
port = "web";
getAddressFor = mkDefault "getAddress4For";
};
};
};
virtualHosts = {
deluge = {
inherit name locations;
ssl.force = mkDefault true;
proxy.upstream = mkDefault upstreamName;
vouch.enable = mkDefault true;
};
deluge'local = {
inherit name locations;
ssl = {
force = mkDefault true;
cert = {
inherit copyFromVhost;
};
};
local.enable = true;
proxy = {
inherit copyFromVhost;
};
};
};
stream = {
upstreams.${upstreamName'daemon} = {
enable = mkDefault (!cfg.enable);
servers = {
local = mkIf cfg.enable {
enable = mkDefault true;
addr = mkDefault "127.0.0.1";
port = mkDefault cfg.config.daemon_port;
};
access = {upstream, ...}: {
enable = mkDefault (!upstream.servers.local.enable or false);
accessService = {
name = "deluge";
getAddressFor = mkDefault "getAddress4For";
};
};
};
};
servers.deluge'local = {config, ...}: let
upstream = nginx.stream.upstreams.${config.proxy.upstream};
in {
enable = mkDefault upstream.enable;
listen.daemon.port = mkOptionDefault upstream.servers.${upstream.defaultServerName}.port;
local.enable = true;
proxy.upstream = mkDefault upstreamName'daemon;
};
};
};
config.networking.firewall = let
daemonServer = nginx.stream.servers.deluge'local;
in
mkIf daemonServer.enable {
interfaces.local.allowedTCPPorts = [
daemonServer.listen.daemon.port
];
};
}

7
nixos/deluge.nix
View file

@ -70,4 +70,11 @@ in {
${mediatomb.user}.extraGroups = [cfg.group]; ${mediatomb.user}.extraGroups = [cfg.group];
}) })
]); ]);
networking.firewall = mkIf cfg.enable {
interfaces.lan.allowedTCPPorts = [
cfg.config.daemon_port
(mkIf cfg.web.enable cfg.web.port)
];
};
} }

10
systems/hakurei/nixos.nix
View file

@ -39,6 +39,7 @@ in {
nixos.access.unifi nixos.access.unifi
nixos.access.kitchencam nixos.access.kitchencam
nixos.access.openwebrx nixos.access.openwebrx
nixos.access.deluge
nixos.access.home-assistant nixos.access.home-assistant
nixos.access.zigbee2mqtt nixos.access.zigbee2mqtt
nixos.access.grocy nixos.access.grocy
@ -219,6 +220,14 @@ in {
virtualHosts.openwebrx'local.allServerNames virtualHosts.openwebrx'local.allServerNames
]; ];
}; };
deluge = {
inherit (nginx) group;
domain = virtualHosts.deluge.serverName;
extraDomainNames = mkMerge [
virtualHosts.deluge.otherServerNames
virtualHosts.deluge'local.allServerNames
];
};
yt = { yt = {
inherit (nginx) group; inherit (nginx) group;
domain = virtualHosts.invidious.serverName; domain = virtualHosts.invidious.serverName;
@ -308,6 +317,7 @@ in {
}; };
kitchencam.ssl.cert.enable = true; kitchencam.ssl.cert.enable = true;
openwebrx.ssl.cert.enable = true; openwebrx.ssl.cert.enable = true;
deluge.ssl.cert.enable = true;
invidious = { invidious = {
ssl.cert.enable = true; ssl.cert.enable = true;
}; };

41
systems/mediabox/cloudflared.nix
View file

@ -1,5 +1,11 @@
{config, ...}: let {
inherit (config.services) deluge tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared; config,
lib,
...
}: let
inherit (config.services) nginx tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
inherit (lib.modules) mkMerge;
inherit (lib.attrsets) mapAttrs' nameValuePair;
in { in {
sops.secrets.cloudflare_mediabox_tunnel = { sops.secrets.cloudflare_mediabox_tunnel = {
owner = cloudflared.user; owner = cloudflared.user;
@ -7,22 +13,29 @@ in {
services.cloudflared = let services.cloudflared = let
tunnelId = "6a3c1863-d879-462f-b5d5-7c6ddf476d0e"; tunnelId = "6a3c1863-d879-462f-b5d5-7c6ddf476d0e";
inherit (config.networking) domain; ingressPorts = {
tautulli = tautulli.port;
ombi = ombi.port;
sonarr = sonarr.port;
radarr = radarr.port;
bazarr = bazarr.listenPort;
lidarr = lidarr.port;
readarr = readarr.port;
prowlarr = prowlarr.port;
};
ingress = mapAttrs' (name: port:
nameValuePair "${name}.${config.networking.domain}" {
service = "http://localhost:${toString port}";
})
ingressPorts;
in { in {
tunnels.${tunnelId} = { tunnels.${tunnelId} = {
default = "http_status:404"; default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflare_mediabox_tunnel.path; credentialsFile = config.sops.secrets.cloudflare_mediabox_tunnel.path;
ingress = { ingress = mkMerge [
"tautulli.${domain}".service = "http://localhost:${toString tautulli.port}"; ingress
"ombi.${domain}".service = "http://localhost:${toString ombi.port}"; (nginx.virtualHosts.deluge.proxied.cloudflared.getIngress {})
"sonarr.${domain}".service = "http://localhost:${toString sonarr.port}"; ];
"radarr.${domain}".service = "http://localhost:${toString radarr.port}";
"bazarr.${domain}".service = "http://localhost:${toString bazarr.listenPort}";
"lidarr.${domain}".service = "http://localhost:${toString lidarr.port}";
"readarr.${domain}".service = "http://localhost:${toString readarr.port}";
"prowlarr.${domain}".service = "http://localhost:${toString prowlarr.port}";
"deluge.${domain}".service = "http://localhost:${toString deluge.web.port}";
};
}; };
}; };
} }

6
systems/mediabox/default.nix
View file

@ -10,9 +10,13 @@ _: {
exports = { exports = {
services = { services = {
sshd.enable = true; sshd.enable = true;
nginx.enable = true; nginx = {
enable = true;
ports.proxied.enable = true;
};
plex.enable = true; plex.enable = true;
invidious.enable = true; invidious.enable = true;
deluge.enable = true;
}; };
}; };
} }

9
systems/mediabox/nixos.nix
View file

@ -24,6 +24,7 @@ in {
nixos.sops nixos.sops
nixos.nginx nixos.nginx
nixos.access.plex nixos.access.plex
nixos.access.deluge
nixos.cloudflared nixos.cloudflared
./cloudflared.nix ./cloudflared.nix
@ -45,6 +46,14 @@ in {
nixos.prowlarr nixos.prowlarr
]; ];
services.nginx = {
proxied.enable = true;
vouch.enable = true;
virtualHosts = {
deluge.proxied.enable = "cloudflared";
};
};
services.mediatomb = { services.mediatomb = {
serverName = "tewi"; serverName = "tewi";
mediaDirectories = let mediaDirectories = let

1
tf/cloudflare_records.tf
View file

@ -24,6 +24,7 @@ module "hakurei_system_records" {
"mqtt", "mqtt",
"kitchen", "kitchen",
"webrx", "webrx",
"deluge",
"home", "home",
"z2m", "z2m",
"grocy", "grocy",