Prove senza container e con caddy dietro tailscale

2024-09-06 08:09:29 +02:00 · 2024-09-06 08:09:29 +02:00 · ecbf722032
commit ecbf722032
parent b5992904e3
1 changed files with 73 additions and 28 deletions
--- a/modules/services/download-pod.nix
+++ b/modules/services/download-pod.nix
@ -65,7 +65,10 @@ let
 in
 {
  options.my.services.download-pod = {
+
+    programs = {
      enable = lib.mkEnableOption "Enable the download search stack";
+    };

    proxy = {
      enable = lib.mkEnableOption "Enable proxy for the services";
@ -90,38 +93,80 @@ in

  };

-  config = lib.mkIf cfg.enable {
+  config = lib.mkMerge [

-    my.virtualisation.podmanPods = {
-      inherit podDefinition;
-    };
+    # Services definition
+    (lib.mkIf cfg.programs.enable {

-    virtualisation.oci-containers.containers =
-      let
-        pod = config.helpers.processContainers podDefinition;
-      in
-      pod.containers;
+      services = {

-    services.caddy = lib.mkIf cfg.proxy.enable {
+        # Indexer
+        prowlarr = {
          enable = true;
-      enableReload = false;
-      virtualHosts = {
-        "jackett.${cfg.proxy.hostName}".extraConfig = ''
-          reverse_proxy http://${cfg.proxy.serverName}:9117
-        '';
-        "radarr.${cfg.proxy.hostName}".extraConfig = ''
-          reverse_proxy http://${cfg.proxy.serverName}:7878
-        '';
-        "sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
-          reverse_proxy http://${cfg.proxy.serverName}:8080
-        '';
-        "sonarr.${cfg.proxy.hostName}".extraConfig = ''
-          reverse_proxy http://${cfg.proxy.serverName}:8989
-        '';
+          openFirewall = true;
+        };
+
+        # Movies
+        radarr = {
+          enable = true;
+          openFirewall = true;
+        };
+
+        # TV Shows
+        sonarr = {
+          enable = true;
+          openFirewall = true;
+        };
+
+        # Music
+        lidarr = {
+          enable = true;
+          openFirewall = true;
+        };
+
+        # E-books
+        readarr = {
+          enable = true;
+          openFirewall = true;
        };

      };

-  };
+      # my.virtualisation.podmanPods = {
+      #   inherit podDefinition;
+      # };

+      # virtualisation.oci-containers.containers =
+      #   let
+      #     pod = config.helpers.processContainers podDefinition;
+      #   in
+      #   pod.containers;
+
+    })
+
+    # Caddy for reverse proxy
+    (lib.mkIf cfg.proxy.enable {
+
+      services.caddy = {
+        enable = true;
+        package = pkgs.caddy-custom;
+        # {env.CLOUDFLARE_KEY}
+        extraConfig = ''
+          (cloudflare) {
+            tls {
+              dns cloudflare {env.CLOUDFLARE_KEY}
+            }
+          }
+        '';
+        virtualHosts."prowlarr.tegola.pro".extraConfig = ''
+          reverse_proxy http://arr.internal:9696
+          import cloudflare
+        '';
+        virtualHosts."radarr.tegola.pro".extraConfig = ''
+          reverse_proxy http://arr.internal:7878
+          import cloudflare
+        '';
+      };
+    })
+  ];
 }