diff options
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/neoprism/config.nix | 5 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 28 | ||||
-rw-r--r-- | lass/1systems/yellow/config.nix | 37 |
3 files changed, 68 insertions, 2 deletions
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index f203abc07..8e5a60c36 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -4,8 +4,13 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + + # sync-containers <stockholm/lass/2configs/consul.nix> <stockholm/lass/2configs/yellow-host.nix> + <stockholm/lass/2configs/radio/container-host.nix> + + # other containers <stockholm/lass/2configs/riot.nix> ]; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c2a405759..bcc8c1a08 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -97,9 +97,35 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } + { + services.nginx.virtualHosts."radio.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/" = { + # recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://radio.r"; + extraConfig = '' + proxy_set_header Host radio.r; + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; + ''; + }; + }; + krebs.htgen.radio-redirect = { + port = 8000; + scriptFile = pkgs.writers.writeDash "redir" '' + printf 'HTTP/1.1 301 Moved Permanently\r\n' + printf "Location: http://radio.lassul.us''${Request_URI}\r\n" + printf '\r\n' + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + ]; + } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio> <stockholm/lass/2configs/binary-cache/server.nix> <stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/paste.nix> diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 552dd7f00..06561e9cf 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -34,6 +34,12 @@ in { }; }; + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; package = pkgs.nginx.override { @@ -41,8 +47,10 @@ in { fancyindex ]; }; - virtualHosts.default = { + virtualHosts."yellow.r" = { default = true; + enableACME = true; + addSSL = true; locations."/" = { root = "/var/download"; extraConfig = '' @@ -137,11 +145,29 @@ in { ''; }; virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_pass http://localhost:8096/; proxy_set_header Accept-Encoding ""; ''; }; + virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:7878"; + }; + }; + virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:8989"; + }; + }; }; services.samba = { @@ -215,6 +241,7 @@ in { enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic @@ -222,6 +249,7 @@ in { { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr + { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } @@ -367,13 +395,20 @@ in { services.radarr = { enable = true; + group = "download"; }; services.sonarr = { enable = true; + group = "download"; }; services.prowlarr = { enable = true; }; + + services.bazarr = { + enable = true; + group = "download"; + }; } |