diff --git a/nixos/configurations/Tytonidae/default.nix b/nixos/configurations/Tytonidae/default.nix index db632ed..4189403 100644 --- a/nixos/configurations/Tytonidae/default.nix +++ b/nixos/configurations/Tytonidae/default.nix @@ -38,6 +38,10 @@ }; open-webui.enable = true; transmission.enable = true; + caddy = { + enable = true; + baseDomain = "home.arp"; + }; }; gui.enabled = "cosmic"; }; diff --git a/nixos/modules/caddy.nix b/nixos/modules/caddy.nix new file mode 100644 index 0000000..e207126 --- /dev/null +++ b/nixos/modules/caddy.nix @@ -0,0 +1,20 @@ +{ lib, config, ... }: +let + cfg = config.youthlic.programs.caddy; +in +{ + options = { + youthlic.programs.caddy = { + enable = lib.mkEnableOption "caddy"; + baseDomain = lib.mkOption { + type = lib.types.str; + example = "youthlic.fun"; + }; + }; + }; + config = lib.mkIf cfg.enable { + services.caddy = { + enable = true; + }; + }; +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 1a935a5..e45594b 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -29,6 +29,7 @@ ./kvm.nix ./open-webui.nix ./transmission.nix + ./caddy.nix ]; config = { diff --git a/nixos/modules/open-webui.nix b/nixos/modules/open-webui.nix index 0b06b9e..b17e67a 100644 --- a/nixos/modules/open-webui.nix +++ b/nixos/modules/open-webui.nix @@ -8,14 +8,30 @@ in enable = lib.mkEnableOption "open-webui"; }; }; - config = lib.mkIf cfg.enable { - services.open-webui = { - enable = true; - port = 8083; - environmentFile = "${config.sops.secrets."open-webui_env".path}"; - }; - sops.secrets."open-webui_env" = { - format = "yaml"; - }; - }; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + services.open-webui = { + enable = true; + port = 8083; + environmentFile = "${config.sops.secrets."open-webui_env".path}"; + }; + sops.secrets."open-webui_env" = { + format = "yaml"; + }; + }) + ( + let + caddy-cfg = config.youthlic.programs.caddy; + in + lib.mkIf caddy-cfg.enable { + services.caddy.virtualHosts = { + "open-webui.${caddy-cfg.baseDomain}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:8083 + ''; + }; + }; + } + ) + ]; } diff --git a/nixos/modules/transmission.nix b/nixos/modules/transmission.nix index c32f5a1..acb5db7 100644 --- a/nixos/modules/transmission.nix +++ b/nixos/modules/transmission.nix @@ -15,24 +15,47 @@ in enable = lib.mkEnableOption "transmission"; }; }; - config = lib.mkIf cfg.enable { - users.groups."${config.services.transmission.group}".members = [ - config.youthlic.home-manager.unixName - ]; - sops.secrets."transmission-config" = { - sopsFile = rootPath + "/secrets/transmission.yaml"; - }; - services.transmission = { - enable = true; - package = pkgs.transmission_4; - settings = { - utp-enabled = true; - watch-dir-enabled = true; - default-trackers = builtins.readFile "${inputs.bt-tracker}/all.txt"; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + users.groups."${config.services.transmission.group}".members = [ + config.youthlic.home-manager.unixName + ]; + sops.secrets."transmission-config" = { + sopsFile = rootPath + "/secrets/transmission.yaml"; }; - openRPCPort = true; - openPeerPorts = true; - credentialsFile = "${config.sops.secrets.transmission-config.path}"; - }; - }; + services.transmission = { + enable = true; + package = pkgs.transmission_4; + settings = { + utp-enabled = true; + watch-dir-enabled = true; + default-trackers = builtins.readFile "${inputs.bt-tracker}/all.txt"; + rpc-bind-address = "0.0.0.0"; + }; + openRPCPort = true; + openPeerPorts = true; + credentialsFile = "${config.sops.secrets.transmission-config.path}"; + }; + }) + ( + let + caddy-cfg = config.youthlic.programs.caddy; + in + lib.mkIf caddy-cfg.enable { + services.transmission = { + openRPCPort = lib.mkForce false; + settings = { + rpc-bind-address = lib.mkForce "127.0.0.1"; + }; + }; + services.caddy.virtualHosts = { + "transmission.${caddy-cfg.baseDomain}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:9091 + ''; + }; + }; + } + ) + ]; }