diff --git a/flake.nix b/flake.nix index 768253b..ec3da0f 100644 --- a/flake.nix +++ b/flake.nix @@ -8,25 +8,24 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - vpnconfinement = { - url = "github:Maroka-chan/VPN-Confinement"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; + vpnconfinement.url = "github:Maroka-chan/VPN-Confinement"; + vpnconfinement.inputs.nixpkgs.follows = "nixpkgs"; + + sub-merge.url = "github:rasmus-kirk/sub-merge"; + sub-merge.inputs.nixpkgs.follows = "nixpkgs"; + + # Flake stuff + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; + flake-root.url = "github:srid/flake-root"; - devshell = { - url = "github:numtide/devshell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + devshell.url = "github:numtide/devshell"; + devshell.inputs.nixpkgs.follows = "nixpkgs"; + + treefmt-nix.url = "github:numtide/treefmt-nix"; + treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs @ { @@ -50,6 +49,7 @@ nixosModules = rec { nixarr = import ./nixarr vpnconfinement; imports = [ vpnconfinement.nixosModules.default ]; + specialArgs = { inherit inputs; }; default = nixarr; }; }; diff --git a/nixarr/bazarr/default.nix b/nixarr/bazarr/default.nix index 4cf00ee..b364b0f 100644 --- a/nixarr/bazarr/default.nix +++ b/nixarr/bazarr/default.nix @@ -104,5 +104,27 @@ in { } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString config.bazarr.listenPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = config.bazarr.listenPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString config.bazarr.listenPort}"; + }; + }; + }; }; } diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix index e764de5..de19ef1 100644 --- a/nixarr/jellyfin/default.nix +++ b/nixarr/jellyfin/default.nix @@ -261,6 +261,21 @@ in }; }; }) + (mkIf cfg.vpn.enable { + virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable { + listen = [ + { + addr = "0.0.0.0"; + port = defaultPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; + }; + }; + }) (mkIf cfg.expose.vpn.enable { virtualHosts."${builtins.toString cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = { enableACME = true; diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix index b5a1d30..e987b5c 100644 --- a/nixarr/lidarr/default.nix +++ b/nixarr/lidarr/default.nix @@ -101,5 +101,27 @@ in { } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = defaultPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; + }; + }; + }; }; } diff --git a/nixarr/nixarr.nix b/nixarr/nixarr.nix index e546cbc..36419eb 100644 --- a/nixarr/nixarr.nix +++ b/nixarr/nixarr.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + inputs, ... }: with lib; let @@ -240,6 +241,7 @@ in { ]; environment.systemPackages = with pkgs; [ + inputs.sub-merge.packages."${system}".default jdupes list-unlinked fix-permissions @@ -259,7 +261,6 @@ in { wireguardConfigFile = cfg.vpn.wgConf; }; - # TODO: openports systemd.services.vpn-test-service = mkIf cfg.vpn.vpnTestService.enable { enable = true; diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix index d86dbf8..8243082 100644 --- a/nixarr/prowlarr/default.nix +++ b/nixarr/prowlarr/default.nix @@ -103,5 +103,27 @@ in { } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = defaultPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; + }; + }; + }; }; } diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix index 90e1627..ddc41aa 100644 --- a/nixarr/radarr/default.nix +++ b/nixarr/radarr/default.nix @@ -101,5 +101,27 @@ in { } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = defaultPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; + }; + }; + }; }; } diff --git a/nixarr/readarr/default.nix b/nixarr/readarr/default.nix index ed24a64..cab9bbe 100644 --- a/nixarr/readarr/default.nix +++ b/nixarr/readarr/default.nix @@ -94,10 +94,32 @@ in { vpnnamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { - from = 8787; - to = 8787; + from = defaultPort; + to = defaultPort; } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = defaultPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; + }; + }; + }; }; } diff --git a/nixarr/sabnzbd/default.nix b/nixarr/sabnzbd/default.nix index b266ccf..09413a5 100644 --- a/nixarr/sabnzbd/default.nix +++ b/nixarr/sabnzbd/default.nix @@ -226,5 +226,27 @@ in { } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString cfg.guiPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = cfg.guiPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString cfg.guiPort}"; + }; + }; + }; }; } diff --git a/nixarr/sonarr/default.nix b/nixarr/sonarr/default.nix index c839f7f..cc8bd2f 100644 --- a/nixarr/sonarr/default.nix +++ b/nixarr/sonarr/default.nix @@ -101,5 +101,27 @@ in { } ]; }; + + services.nginx = mkIf cfg.vpn.enable { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = { + listen = [ + { + addr = "0.0.0.0"; + port = defaultPort; + } + ]; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; + }; + }; + }; }; }