diff options
Diffstat (limited to 'lass/1systems/yellow')
-rw-r--r-- | lass/1systems/yellow/config.nix | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 552dd7f00..06561e9cf 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -34,6 +34,12 @@ in { }; }; + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; package = pkgs.nginx.override { @@ -41,8 +47,10 @@ in { fancyindex ]; }; - virtualHosts.default = { + virtualHosts."yellow.r" = { default = true; + enableACME = true; + addSSL = true; locations."/" = { root = "/var/download"; extraConfig = '' @@ -137,11 +145,29 @@ in { ''; }; virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_pass http://localhost:8096/; proxy_set_header Accept-Encoding ""; ''; }; + virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:7878"; + }; + }; + virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:8989"; + }; + }; }; services.samba = { @@ -215,6 +241,7 @@ in { enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic @@ -222,6 +249,7 @@ in { { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr + { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } @@ -367,13 +395,20 @@ in { services.radarr = { enable = true; + group = "download"; }; services.sonarr = { enable = true; + group = "download"; }; services.prowlarr = { enable = true; }; + + services.bazarr = { + enable = true; + group = "download"; + }; } |