nix-configs

Personal NixOS and home-manager configuration files
Log | Files | Refs
commit 227aa444897250e1011b3c190acb7dc5cc1202ce
parent 1c8ba40d88d8806821b8f14213b4eda12f7b2fd4
Author: breadcat <breadcat@users.noreply.github.com>
Date:   Thu, 12 Mar 2026 14:32:54 +0000

Add local reverse proxy

Requires changing Stromboli port too

Diffstat:

Acommon/roles/caddy-ilias.nix | 33+++++++++++++++++++++++++++++++++


Mcommon/roles/gnocchi.nix | 3---


Mcommon/roles/navidrome.nix | 6+-----


Mcommon/roles/stromboli.nix | 9+++------


Mmachines/ilias.nix | 1+


5 files changed, 38 insertions(+), 14 deletions(-)

diff --git a/common/roles/caddy-ilias.nix b/common/roles/caddy-ilias.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+
+let
+  services = {
+    music  = { host = "127.0.0.1"; port = 4533; };
+    stream = { host = "127.0.0.1"; port = 8080; };
+    weight = { host = "127.0.0.1"; port = 9090; };
+  };
+
+  mkVirtualHost = name: svc: {
+    name = "http://${name}.lan";
+    value = {
+      extraConfig = ''
+        reverse_proxy ${svc.host}:${toString svc.port}
+      '';
+    };
+  };
+in
+{
+  services.caddy = {
+    enable = true;
+    virtualHosts = (lib.mapAttrs' mkVirtualHost services) // {
+      "http://192.168.1.3:80" = {
+        extraConfig = ''
+          reverse_proxy 127.0.0.1:8080
+        '';
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
+}
+\ No newline at end of file
diff --git a/common/roles/gnocchi.nix b/common/roles/gnocchi.nix
@@ -29,7 +29,4 @@
 
   };
 
-  # Open firewall port
-  networking.firewall.allowedTCPPorts = [ 9090 ];
-
 }
diff --git a/common/roles/navidrome.nix b/common/roles/navidrome.nix
@@ -1,10 +1,6 @@
 {
   services.navidrome = {
     enable = true;
-    openFirewall = true;
-    settings = {
-      Address = "0.0.0.0";
-      MusicFolder = "/tank/media/audio/music";
-    };
+    settings.MusicFolder = "/tank/media/audio/music";
   };
 }
diff --git a/common/roles/stromboli.nix b/common/roles/stromboli.nix
@@ -11,11 +11,11 @@
       Type = "simple";
       User = "${username}";
       WorkingDirectory = "/home/${username}/vault/src/stromboli";
-      ExecStart = "${pkgs.go}/bin/go run . -d /tank/media/videos/ -p 80";
+      ExecStart = "${pkgs.go}/bin/go run . -d /tank/media/videos/ -p 8080";
       Restart = "on-failure";
       RestartSec = "5s";
-      AmbientCapabilities = "cap_net_bind_service";
-      CapabilityBoundingSet = "cap_net_bind_service";
+      # AmbientCapabilities = "cap_net_bind_service";
+      # CapabilityBoundingSet = "cap_net_bind_service";
     };
 
     environment = {
@@ -31,7 +31,4 @@
 
   };
 
-  # Open firewall port
-  networking.firewall.allowedTCPPorts = [ 80 ];
-
 }
diff --git a/machines/ilias.nix b/machines/ilias.nix
@@ -15,6 +15,7 @@ let machine = "ilias"; in {
     ../common/mount-drives.nix
     ../common/networking.nix
     ../common/packages.nix
+    ../common/roles/caddy-${machine}.nix
     ../common/roles/gnocchi.nix
     ../common/roles/navidrome.nix
     ../common/roles/nfs-server.nix