diff --git a/modules/servers.nix b/modules/servers.nix index 5f36e0e..615d59f 100644 --- a/modules/servers.nix +++ b/modules/servers.nix @@ -1,48 +1,5 @@ -{ - lib, - config, - pkgs, - ... -}: +{ lib, config, ... }: let - setup = import ./servers/setup.nix { inherit lib config; }; - proxy = locations: { - inherit locations; - forceSSL = true; - enableACME = true; - http2 = true; - }; - proxyReverse = - host: port: - let - useLocalhost = host == config.networking.hostName; - proxyTarget = if useLocalhost then config.my.localhost else config.my.ips."${host}"; - in - proxy { "/".proxyPass = "http://${proxyTarget}:${toString port}/"; }; - proxyReverseArr = - host: port: - let - useLocalhost = host == config.networking.hostName; - headers = '' - proxy_set_header X-Forwarded-Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - ''; - localHeaders = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - in - proxyReverse host port - // { - extraConfig = '' - ${if useLocalhost then localHeaders else ""} - ${headers} - ''; - }; enableContainers = lib.any (opt: opt) [ config.my.servers.collabora.enable config.my.servers.ryot.enable @@ -57,167 +14,13 @@ let ]; in { - imports = [ - ./servers/adguardhome.nix - (import ./servers/paperless.nix { inherit lib config; }) - ./servers/postgres.nix - (import ./servers/audiobookshelf.nix { - inherit - lib - config - proxy - setup - ; - }) - (import ./servers/bazarr.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/flame.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/homepage.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/jellyfin.nix { - inherit - lib - config - pkgs - setup - ; - }) - (import ./servers/kavita.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/lidarr.nix { - inherit - lib - config - proxyReverseArr - setup - ; - }) - (import ./servers/maloja.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/mealie.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/metube.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/microbin.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/multi-scrobbler.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/nextcloud.nix { - inherit - lib - config - pkgs - setup - ; - }) - (import ./servers/prowlarr.nix { - inherit - lib - config - proxyReverseArr - setup - ; - }) - (import ./servers/qbittorrent.nix { inherit lib config pkgs; }) - (import ./servers/sabnzbd.nix { inherit lib config; }) - (import ./servers/radarr.nix { - inherit - lib - config - proxyReverseArr - setup - ; - }) - (import ./servers/ryot.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/shiori.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/sonarr.nix { - inherit - lib - config - proxyReverse - setup - ; - }) - (import ./servers/vaultwarden.nix { - inherit - lib - config - pkgs - proxyReverse - setup - ; - }) - (import ./servers/firefly-iii.nix { inherit lib config; }) - ]; + imports = + let + serverFiles = builtins.filter ( + file: builtins.match ".*\\.nix" file != null && file != "setup.nix" + ) (builtins.attrNames (builtins.readDir ./servers)); + in + map (file: ./servers/${file}) serverFiles; options.my = { localhost = lib.mkOption { type = lib.types.str; diff --git a/modules/servers/audiobookshelf.nix b/modules/servers/audiobookshelf.nix index 9eee25c..73cf891 100644 --- a/modules/servers/audiobookshelf.nix +++ b/modules/servers/audiobookshelf.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxy, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.audiobookshelf; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; @@ -18,20 +13,22 @@ in enable = true; group = "piracy"; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (proxy { - "/" = { - proxyPass = cfg.local; - extraConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - proxy_redirect http:// https://; - ''; - }; - }); + nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( + setup.proxy { + "/" = { + proxyPass = cfg.local; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_redirect http:// https://; + ''; + }; + } + ); }; }; } diff --git a/modules/servers/bazarr.nix b/modules/servers/bazarr.nix index 1aee45b..16e7d6a 100644 --- a/modules/servers/bazarr.nix +++ b/modules/servers/bazarr.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.bazarr; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; @@ -18,7 +13,7 @@ in group = "piracy"; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/flame.nix b/modules/servers/flame.nix index c40aee4..f0fa7dc 100644 --- a/modules/servers/flame.nix +++ b/modules/servers/flame.nix @@ -1,14 +1,9 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.flame; cfgS = config.my.servers.flameSecret; enable = (cfg.enable || cfgS.enable); + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers = { @@ -52,8 +47,8 @@ in }; services.nginx = { virtualHosts = lib.mkIf (cfg.enableProxy || cfgS.enableProxy) { - "${cfg.host}" = proxyReverse cfg.hostName cfg.port // { }; - "${cfgS.host}" = proxyReverse cfgS.hostName cfgS.port // { }; + "${cfg.host}" = setup.proxyReverse cfg.hostName cfg.port // { }; + "${cfgS.host}" = setup.proxyReverse cfgS.hostName cfgS.port // { }; }; }; }; diff --git a/modules/servers/homepage.nix b/modules/servers/homepage.nix index 06e560a..fdc46a8 100644 --- a/modules/servers/homepage.nix +++ b/modules/servers/homepage.nix @@ -1,13 +1,8 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let services = import ./homepage/services.nix { inherit config lib; }; cfg = config.my.servers.homepage; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082; @@ -127,7 +122,7 @@ in ]; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/jellyfin.nix b/modules/servers/jellyfin.nix index 77024d5..609868c 100644 --- a/modules/servers/jellyfin.nix +++ b/modules/servers/jellyfin.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - setup, ... }: let @@ -19,6 +18,7 @@ let pkgs.gum sub-sync ]; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096; diff --git a/modules/servers/kavita.nix b/modules/servers/kavita.nix index 4f865e9..0fba96c 100644 --- a/modules/servers/kavita.nix +++ b/modules/servers/kavita.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.kavita; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port; @@ -27,7 +22,7 @@ in tokenKeyFile = config.sops.secrets.kavita-token.path; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/lidarr.nix b/modules/servers/lidarr.nix index c014680..d2b825f 100644 --- a/modules/servers/lidarr.nix +++ b/modules/servers/lidarr.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverseArr, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.lidarr; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686; @@ -38,7 +33,7 @@ in }; }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverseArr cfg.hostName cfg.port // { } + setup.proxyReverseArr cfg.hostName cfg.port // { } ); }; } diff --git a/modules/servers/maloja.nix b/modules/servers/maloja.nix index 8a66b08..4c0b1eb 100644 --- a/modules/servers/maloja.nix +++ b/modules/servers/maloja.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.maloja; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010; @@ -34,7 +29,7 @@ in }; }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; } diff --git a/modules/servers/mealie.nix b/modules/servers/mealie.nix index 04a94ef..d786d16 100644 --- a/modules/servers/mealie.nix +++ b/modules/servers/mealie.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.mealie; + setup = import ../setup.nix { inherit lib config; }; in { disabledModules = [ "services/web-apps/mealie.nix" ]; @@ -35,7 +30,7 @@ in credentialsFile = config.sops.secrets.mealie.path; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/metube.nix b/modules/servers/metube.nix index 2baf3ba..74a6b21 100644 --- a/modules/servers/metube.nix +++ b/modules/servers/metube.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.metube; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881; @@ -25,7 +20,7 @@ in }; }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; } diff --git a/modules/servers/microbin.nix b/modules/servers/microbin.nix index 0f421cd..dfb438f 100644 --- a/modules/servers/microbin.nix +++ b/modules/servers/microbin.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.microbin; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8080; @@ -26,7 +21,7 @@ in }; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/multi-scrobbler.nix b/modules/servers/multi-scrobbler.nix index e45de60..e7c96c0 100644 --- a/modules/servers/multi-scrobbler.nix +++ b/modules/servers/multi-scrobbler.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.multi-scrobbler; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078; @@ -35,7 +30,7 @@ in }; }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; } diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix index a5134d0..95417bc 100644 --- a/modules/servers/nextcloud.nix +++ b/modules/servers/nextcloud.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - setup, ... }: let @@ -17,6 +16,7 @@ let ''; cfg = config.my.servers.nextcloud; cfgC = config.my.servers.collabora; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers = { diff --git a/modules/servers/prowlarr.nix b/modules/servers/prowlarr.nix index 38e243a..3355382 100644 --- a/modules/servers/prowlarr.nix +++ b/modules/servers/prowlarr.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverseArr, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.prowlarr; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696; @@ -19,7 +14,7 @@ in services = { prowlarr.enable = cfg.enable; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverseArr cfg.hostName cfg.port // { } + setup.proxyReverseArr cfg.hostName cfg.port // { } ); }; virtualisation.oci-containers.containers.flaresolverr = lib.mkIf cfg.enable { diff --git a/modules/servers/radarr.nix b/modules/servers/radarr.nix index b92c5bd..ce74a99 100644 --- a/modules/servers/radarr.nix +++ b/modules/servers/radarr.nix @@ -2,11 +2,11 @@ lib, config, proxyReverseArr, - setup, ... }: let cfg = config.my.servers.radarr; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; @@ -18,7 +18,7 @@ in group = "piracy"; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverseArr cfg.hostName cfg.port // { } + setup.proxyReverseArr cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/ryot.nix b/modules/servers/ryot.nix index 50d317c..a83aff8 100644 --- a/modules/servers/ryot.nix +++ b/modules/servers/ryot.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.ryot; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765; @@ -31,7 +26,7 @@ in }; }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; } diff --git a/modules/servers/shiori.nix b/modules/servers/shiori.nix index 8072a18..4cf8826 100644 --- a/modules/servers/shiori.nix +++ b/modules/servers/shiori.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.shiori; + setup = import ../setup.nix { inherit lib config; }; in { disabledModules = [ "services/web-apps/shiori.nix" ]; @@ -23,7 +18,7 @@ in databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}"; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/sonarr.nix b/modules/servers/sonarr.nix index 8afc7b9..6717d26 100644 --- a/modules/servers/sonarr.nix +++ b/modules/servers/sonarr.nix @@ -1,12 +1,7 @@ -{ - lib, - config, - proxyReverse, - setup, - ... -}: +{ lib, config, ... }: let cfg = config.my.servers.sonarr; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; @@ -18,7 +13,7 @@ in group = "piracy"; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/vaultwarden.nix b/modules/servers/vaultwarden.nix index 1f25822..c290a0d 100644 --- a/modules/servers/vaultwarden.nix +++ b/modules/servers/vaultwarden.nix @@ -2,12 +2,11 @@ lib, config, pkgs, - proxyReverse, - setup, ... }: let cfg = config.my.servers.vaultwarden; + setup = import ../setup.nix { inherit lib config; }; in { options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222; @@ -33,7 +32,7 @@ in }; }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy ( - proxyReverse cfg.hostName cfg.port // { } + setup.proxyReverse cfg.hostName cfg.port // { } ); }; }; diff --git a/modules/servers/setup.nix b/modules/setup.nix similarity index 52% rename from modules/servers/setup.nix rename to modules/setup.nix index 88b0d69..511e222 100644 --- a/modules/servers/setup.nix +++ b/modules/setup.nix @@ -41,7 +41,49 @@ let default = "${config.my.servers.${name}.hostName}" == config.my.mainServer; }; }; + proxy = locations: { + inherit locations; + forceSSL = true; + enableACME = true; + http2 = true; + }; + proxyReverse = + host: port: + let + useLocalhost = host == config.networking.hostName; + proxyTarget = if useLocalhost then config.my.localhost else config.my.ips."${host}"; + in + proxy { "/".proxyPass = "http://${proxyTarget}:${toString port}/"; }; + proxyReverseArr = + host: port: + let + useLocalhost = host == config.networking.hostName; + headers = '' + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + localHeaders = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + in + proxyReverse host port + // { + extraConfig = '' + ${if useLocalhost then localHeaders else ""} + ${headers} + ''; + }; in { - inherit mkOptions; + inherit + mkOptions + proxy + proxyReverse + proxyReverseArr + ; }