ports refactor
This commit is contained in:
@@ -7,8 +7,8 @@ let
|
||||
radarrConfig = "${service_configs.radarr.dataDir}/config.xml";
|
||||
sonarrConfig = "${service_configs.sonarr.dataDir}/config.xml";
|
||||
|
||||
radarrUrl = "http://localhost:${builtins.toString service_configs.ports.radarr}";
|
||||
sonarrUrl = "http://localhost:${builtins.toString service_configs.ports.sonarr}";
|
||||
radarrUrl = "http://localhost:${builtins.toString service_configs.ports.private.radarr.port}";
|
||||
sonarrUrl = "http://localhost:${builtins.toString service_configs.ports.private.sonarr.port}";
|
||||
|
||||
curl = "${pkgs.curl}/bin/curl";
|
||||
jq = "${pkgs.jq}/bin/jq";
|
||||
|
||||
@@ -20,12 +20,12 @@
|
||||
|
||||
services.bazarr = {
|
||||
enable = true;
|
||||
listenPort = service_configs.ports.bazarr;
|
||||
listenPort = service_configs.ports.private.bazarr.port;
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."bazarr.${service_configs.https.domain}".extraConfig = ''
|
||||
import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.bazarr}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.bazarr.port}
|
||||
'';
|
||||
|
||||
users.users.${config.services.bazarr.user}.extraGroups = [
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
prowlarr = {
|
||||
enable = true;
|
||||
serviceName = "prowlarr";
|
||||
port = service_configs.ports.prowlarr;
|
||||
port = service_configs.ports.private.prowlarr.port;
|
||||
dataDir = service_configs.prowlarr.dataDir;
|
||||
apiVersion = "v1";
|
||||
networkNamespacePath = "/run/netns/wg";
|
||||
@@ -14,8 +14,8 @@
|
||||
name = "Sonarr";
|
||||
implementation = "Sonarr";
|
||||
configContract = "SonarrSettings";
|
||||
prowlarrUrl = "http://localhost:${builtins.toString service_configs.ports.prowlarr}";
|
||||
baseUrl = "http://${config.vpnNamespaces.wg.bridgeAddress}:${builtins.toString service_configs.ports.sonarr}";
|
||||
prowlarrUrl = "http://localhost:${builtins.toString service_configs.ports.private.prowlarr.port}";
|
||||
baseUrl = "http://${config.vpnNamespaces.wg.bridgeAddress}:${builtins.toString service_configs.ports.private.sonarr.port}";
|
||||
apiKeyFrom = "${service_configs.sonarr.dataDir}/config.xml";
|
||||
syncCategories = [
|
||||
5000
|
||||
@@ -33,8 +33,8 @@
|
||||
name = "Radarr";
|
||||
implementation = "Radarr";
|
||||
configContract = "RadarrSettings";
|
||||
prowlarrUrl = "http://localhost:${builtins.toString service_configs.ports.prowlarr}";
|
||||
baseUrl = "http://${config.vpnNamespaces.wg.bridgeAddress}:${builtins.toString service_configs.ports.radarr}";
|
||||
prowlarrUrl = "http://localhost:${builtins.toString service_configs.ports.private.prowlarr.port}";
|
||||
baseUrl = "http://${config.vpnNamespaces.wg.bridgeAddress}:${builtins.toString service_configs.ports.private.radarr.port}";
|
||||
apiKeyFrom = "${service_configs.radarr.dataDir}/config.xml";
|
||||
syncCategories = [
|
||||
2000
|
||||
@@ -56,7 +56,7 @@
|
||||
sonarr = {
|
||||
enable = true;
|
||||
serviceName = "sonarr";
|
||||
port = service_configs.ports.sonarr;
|
||||
port = service_configs.ports.private.sonarr.port;
|
||||
dataDir = service_configs.sonarr.dataDir;
|
||||
healthChecks = true;
|
||||
rootFolders = [ service_configs.media.tvDir ];
|
||||
@@ -68,7 +68,7 @@
|
||||
serviceName = "qbittorrent";
|
||||
fields = {
|
||||
host = config.vpnNamespaces.wg.namespaceAddress;
|
||||
port = service_configs.ports.torrent;
|
||||
port = service_configs.ports.private.torrent.port;
|
||||
useSsl = false;
|
||||
tvCategory = "tvshows";
|
||||
};
|
||||
@@ -79,7 +79,7 @@
|
||||
radarr = {
|
||||
enable = true;
|
||||
serviceName = "radarr";
|
||||
port = service_configs.ports.radarr;
|
||||
port = service_configs.ports.private.radarr.port;
|
||||
dataDir = service_configs.radarr.dataDir;
|
||||
healthChecks = true;
|
||||
rootFolders = [ service_configs.media.moviesDir ];
|
||||
@@ -91,7 +91,7 @@
|
||||
serviceName = "qbittorrent";
|
||||
fields = {
|
||||
host = config.vpnNamespaces.wg.namespaceAddress;
|
||||
port = service_configs.ports.torrent;
|
||||
port = service_configs.ports.private.torrent.port;
|
||||
useSsl = false;
|
||||
movieCategory = "movies";
|
||||
};
|
||||
@@ -103,17 +103,17 @@
|
||||
services.bazarrInit = {
|
||||
enable = true;
|
||||
dataDir = "/var/lib/bazarr";
|
||||
port = service_configs.ports.bazarr;
|
||||
port = service_configs.ports.private.bazarr.port;
|
||||
sonarr = {
|
||||
enable = true;
|
||||
dataDir = service_configs.sonarr.dataDir;
|
||||
port = service_configs.ports.sonarr;
|
||||
port = service_configs.ports.private.sonarr.port;
|
||||
serviceName = "sonarr";
|
||||
};
|
||||
radarr = {
|
||||
enable = true;
|
||||
dataDir = service_configs.radarr.dataDir;
|
||||
port = service_configs.ports.radarr;
|
||||
port = service_configs.ports.private.radarr.port;
|
||||
serviceName = "radarr";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
services.jellyseerr = {
|
||||
enable = true;
|
||||
port = service_configs.ports.jellyseerr;
|
||||
port = service_configs.ports.private.jellyseerr.port;
|
||||
configDir = service_configs.jellyseerr.configDir;
|
||||
};
|
||||
|
||||
@@ -38,6 +38,6 @@
|
||||
|
||||
services.caddy.virtualHosts."jellyseerr.${service_configs.https.domain}".extraConfig = ''
|
||||
# import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.jellyseerr}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.jellyseerr.port}
|
||||
'';
|
||||
}
|
||||
|
||||
@@ -10,17 +10,17 @@
|
||||
(lib.serviceMountWithZpool "prowlarr" service_configs.zpool_ssds [
|
||||
service_configs.prowlarr.dataDir
|
||||
])
|
||||
(lib.vpnNamespaceOpenPort service_configs.ports.prowlarr "prowlarr")
|
||||
(lib.vpnNamespaceOpenPort service_configs.ports.private.prowlarr.port "prowlarr")
|
||||
];
|
||||
|
||||
services.prowlarr = {
|
||||
enable = true;
|
||||
dataDir = service_configs.prowlarr.dataDir;
|
||||
settings.server.port = service_configs.ports.prowlarr;
|
||||
settings.server.port = service_configs.ports.private.prowlarr.port;
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."prowlarr.${service_configs.https.domain}".extraConfig = ''
|
||||
import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.prowlarr}
|
||||
reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.private.prowlarr.port}
|
||||
'';
|
||||
}
|
||||
|
||||
@@ -21,13 +21,13 @@
|
||||
services.radarr = {
|
||||
enable = true;
|
||||
dataDir = service_configs.radarr.dataDir;
|
||||
settings.server.port = service_configs.ports.radarr;
|
||||
settings.server.port = service_configs.ports.private.radarr.port;
|
||||
settings.update.mechanism = "external";
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."radarr.${service_configs.https.domain}".extraConfig = ''
|
||||
import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.radarr}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.radarr.port}
|
||||
'';
|
||||
|
||||
users.users.${config.services.radarr.user}.extraGroups = [
|
||||
|
||||
@@ -44,7 +44,7 @@ in
|
||||
|
||||
configuration = {
|
||||
radarr.movies = {
|
||||
base_url = "http://localhost:${builtins.toString service_configs.ports.radarr}";
|
||||
base_url = "http://localhost:${builtins.toString service_configs.ports.private.radarr.port}";
|
||||
|
||||
include = [
|
||||
{ template = "radarr-quality-definition-movie"; }
|
||||
@@ -123,7 +123,7 @@ in
|
||||
};
|
||||
|
||||
sonarr.series = {
|
||||
base_url = "http://localhost:${builtins.toString service_configs.ports.sonarr}";
|
||||
base_url = "http://localhost:${builtins.toString service_configs.ports.private.sonarr.port}";
|
||||
|
||||
include = [
|
||||
{ template = "sonarr-quality-definition-series"; }
|
||||
|
||||
@@ -27,13 +27,13 @@
|
||||
services.sonarr = {
|
||||
enable = true;
|
||||
dataDir = service_configs.sonarr.dataDir;
|
||||
settings.server.port = service_configs.ports.sonarr;
|
||||
settings.server.port = service_configs.ports.private.sonarr.port;
|
||||
settings.update.mechanism = "external";
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."sonarr.${service_configs.https.domain}".extraConfig = ''
|
||||
import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.sonarr}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.sonarr.port}
|
||||
'';
|
||||
|
||||
users.users.${config.services.sonarr.user}.extraGroups = [
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
(lib.vpnNamespaceOpenPort service_configs.ports.bitmagnet "bitmagnet")
|
||||
(lib.vpnNamespaceOpenPort service_configs.ports.private.bitmagnet.port "bitmagnet")
|
||||
];
|
||||
|
||||
services.bitmagnet = {
|
||||
@@ -19,13 +19,13 @@
|
||||
};
|
||||
http_server = {
|
||||
# TODO! make issue about this being a string and not a `port` type
|
||||
port = ":" + (builtins.toString service_configs.ports.bitmagnet);
|
||||
port = ":" + (builtins.toString service_configs.ports.private.bitmagnet.port);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."bitmagnet.${service_configs.https.domain}".extraConfig = ''
|
||||
import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.bitmagnet}
|
||||
reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.private.bitmagnet.port}
|
||||
'';
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@
|
||||
SIGNUPS_ALLOWED = false;
|
||||
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = service_configs.ports.vaultwarden;
|
||||
ROCKET_PORT = service_configs.ports.private.vaultwarden.port;
|
||||
ROCKET_LOG = "critical";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -113,14 +113,14 @@ in
|
||||
systemd.packages = with pkgs; [ nssTools ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
service_configs.ports.https
|
||||
service_configs.ports.public.https.port
|
||||
|
||||
# http (but really acmeCA challenges)
|
||||
service_configs.ports.http
|
||||
service_configs.ports.public.http.port
|
||||
];
|
||||
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
service_configs.ports.https
|
||||
service_configs.ports.public.https.port
|
||||
];
|
||||
|
||||
# Protect Caddy basic auth endpoints from brute force attacks
|
||||
|
||||
@@ -10,8 +10,8 @@
|
||||
realm = service_configs.https.domain;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret = lib.strings.trim (builtins.readFile ../secrets/coturn_static_auth_secret);
|
||||
listening-port = service_configs.ports.coturn;
|
||||
tls-listening-port = service_configs.ports.coturn_tls;
|
||||
listening-port = service_configs.ports.public.coturn.port;
|
||||
tls-listening-port = service_configs.ports.public.coturn_tls.port;
|
||||
no-cli = true;
|
||||
|
||||
# recommended security settings from Synapse's coturn docs
|
||||
@@ -41,12 +41,12 @@
|
||||
# coturn needs these ports open
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
service_configs.ports.coturn
|
||||
service_configs.ports.coturn_tls
|
||||
service_configs.ports.public.coturn.port
|
||||
service_configs.ports.public.coturn_tls.port
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
service_configs.ports.coturn
|
||||
service_configs.ports.coturn_tls
|
||||
service_configs.ports.public.coturn.port
|
||||
service_configs.ports.public.coturn_tls.port
|
||||
];
|
||||
# relay port range
|
||||
allowedUDPPortRanges = [
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
user = "firefox_syncserver";
|
||||
};
|
||||
secrets = config.age.secrets.firefox-syncserver-env.path;
|
||||
settings.port = service_configs.ports.firefox_syncserver;
|
||||
settings.port = service_configs.ports.private.firefox_syncserver.port;
|
||||
singleNode = {
|
||||
enable = true;
|
||||
hostname = service_configs.firefox_syncserver.domain;
|
||||
@@ -34,6 +34,6 @@
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."${service_configs.firefox_syncserver.domain}".extraConfig = ''
|
||||
reverse_proxy :${builtins.toString service_configs.ports.firefox_syncserver}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.firefox_syncserver.port}
|
||||
'';
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
SSH_USER = "gitea";
|
||||
DOMAIN = service_configs.gitea.domain;
|
||||
ROOT_URL = "https://" + config.services.gitea.settings.server.DOMAIN;
|
||||
HTTP_PORT = service_configs.ports.gitea;
|
||||
HTTP_PORT = service_configs.ports.private.gitea.port;
|
||||
LANDING_PAGE = "/explore/repos";
|
||||
DISABLE_HTTP_GIT = true;
|
||||
};
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
services.immich = {
|
||||
enable = true;
|
||||
mediaLocation = service_configs.immich.dir;
|
||||
port = service_configs.ports.immich;
|
||||
port = service_configs.ports.private.immich.port;
|
||||
# openFirewall = true;
|
||||
host = "0.0.0.0";
|
||||
database = {
|
||||
|
||||
@@ -43,8 +43,8 @@
|
||||
};
|
||||
|
||||
environment = {
|
||||
JELLYFIN_URL = "http://localhost:${builtins.toString service_configs.ports.jellyfin}";
|
||||
QBITTORRENT_URL = "http://${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.torrent}";
|
||||
JELLYFIN_URL = "http://localhost:${builtins.toString service_configs.ports.private.jellyfin.port}";
|
||||
QBITTORRENT_URL = "http://${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.private.torrent.port}";
|
||||
CHECK_INTERVAL = "30";
|
||||
# Bandwidth budget configuration
|
||||
TOTAL_BANDWIDTH_BUDGET = "30000000"; # 30 Mbps in bits per second
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = ''
|
||||
reverse_proxy :${builtins.toString service_configs.ports.jellyfin} {
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.jellyfin.port} {
|
||||
header_up X-Real-IP {remote_host}
|
||||
header_up X-Forwarded-For {remote_host}
|
||||
header_up X-Forwarded-Proto {scheme}
|
||||
|
||||
@@ -4,8 +4,6 @@
|
||||
}:
|
||||
let
|
||||
keyFile = ../secrets/livekit_keys;
|
||||
|
||||
ports = service_configs.ports;
|
||||
in
|
||||
{
|
||||
services.livekit = {
|
||||
@@ -14,7 +12,7 @@ in
|
||||
openFirewall = true;
|
||||
|
||||
settings = {
|
||||
port = ports.livekit;
|
||||
port = service_configs.ports.public.livekit.port;
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
|
||||
rtc = {
|
||||
@@ -38,16 +36,16 @@ in
|
||||
enable = true;
|
||||
inherit keyFile;
|
||||
livekitUrl = "wss://${service_configs.livekit.domain}";
|
||||
port = ports.lk_jwt;
|
||||
port = service_configs.ports.private.lk_jwt.port;
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."${service_configs.livekit.domain}".extraConfig = ''
|
||||
@jwt path /sfu/get /healthz
|
||||
handle @jwt {
|
||||
reverse_proxy :${builtins.toString ports.lk_jwt}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.lk_jwt.port}
|
||||
}
|
||||
handle {
|
||||
reverse_proxy :${builtins.toString ports.livekit}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.public.livekit.port}
|
||||
}
|
||||
'';
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
enable = true;
|
||||
|
||||
settings.global = {
|
||||
port = [ service_configs.ports.matrix ];
|
||||
port = [ service_configs.ports.private.matrix.port ];
|
||||
server_name = service_configs.https.domain;
|
||||
allow_registration = true;
|
||||
registration_token = lib.strings.trim (builtins.readFile ../secrets/matrix_reg_token);
|
||||
@@ -49,25 +49,25 @@
|
||||
services.caddy.virtualHosts.${service_configs.https.domain}.extraConfig = lib.mkBefore ''
|
||||
header /.well-known/matrix/* Content-Type application/json
|
||||
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||
respond /.well-known/matrix/server `{"m.server": "${service_configs.matrix.domain}:${builtins.toString service_configs.ports.https}"}`
|
||||
respond /.well-known/matrix/server `{"m.server": "${service_configs.matrix.domain}:${builtins.toString service_configs.ports.public.https.port}"}`
|
||||
respond /.well-known/matrix/client `{"m.server":{"base_url":"https://${service_configs.matrix.domain}"},"m.homeserver":{"base_url":"https://${service_configs.matrix.domain}"},"org.matrix.msc3575.proxy":{"base_url":"https://${config.services.matrix-continuwuity.settings.global.server_name}"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://${service_configs.livekit.domain}"}]}`
|
||||
'';
|
||||
|
||||
services.caddy.virtualHosts."${service_configs.matrix.domain}".extraConfig = ''
|
||||
reverse_proxy :${builtins.toString service_configs.ports.matrix}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.matrix.port}
|
||||
'';
|
||||
|
||||
# Exact duplicate for federation port
|
||||
services.caddy.virtualHosts."${service_configs.matrix.domain}:${builtins.toString service_configs.ports.matrix_federation}".extraConfig =
|
||||
services.caddy.virtualHosts."${service_configs.matrix.domain}:${builtins.toString service_configs.ports.public.matrix_federation.port}".extraConfig =
|
||||
config.services.caddy.virtualHosts."${service_configs.matrix.domain}".extraConfig;
|
||||
|
||||
# for federation
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
service_configs.ports.matrix_federation
|
||||
service_configs.ports.public.matrix_federation.port
|
||||
];
|
||||
|
||||
# for federation
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
service_configs.ports.matrix_federation
|
||||
service_configs.ports.public.matrix_federation.port
|
||||
];
|
||||
}
|
||||
|
||||
@@ -73,7 +73,7 @@
|
||||
];
|
||||
|
||||
serverProperties = {
|
||||
server-port = service_configs.ports.minecraft;
|
||||
server-port = service_configs.ports.public.minecraft.port;
|
||||
enforce-whitelist = true;
|
||||
gamemode = "survival";
|
||||
white-list = true;
|
||||
|
||||
@@ -18,12 +18,12 @@
|
||||
dataDir = service_configs.monero.dataDir;
|
||||
rpc = {
|
||||
address = "0.0.0.0";
|
||||
port = service_configs.ports.monero_rpc;
|
||||
port = service_configs.ports.public.monero_rpc.port;
|
||||
restricted = true;
|
||||
};
|
||||
extraConfig = ''
|
||||
p2p-bind-port=${builtins.toString service_configs.ports.monero}
|
||||
zmq-pub=tcp://127.0.0.1:${builtins.toString service_configs.ports.monero_zmq}
|
||||
p2p-bind-port=${builtins.toString service_configs.ports.public.monero.port}
|
||||
zmq-pub=tcp://127.0.0.1:${builtins.toString service_configs.ports.private.monero_zmq.port}
|
||||
db-sync-mode=fast:async:1000000000bytes
|
||||
public-node=1
|
||||
confirm-external-bind=1
|
||||
@@ -31,7 +31,7 @@
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
service_configs.ports.monero
|
||||
service_configs.ports.monero_rpc
|
||||
service_configs.ports.public.monero.port
|
||||
service_configs.ports.public.monero_rpc.port
|
||||
];
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
settings = {
|
||||
base-url = "https://${service_configs.ntfy.domain}";
|
||||
listen-http = "127.0.0.1:${builtins.toString service_configs.ports.ntfy}";
|
||||
listen-http = "127.0.0.1:${builtins.toString service_configs.ports.private.ntfy.port}";
|
||||
behind-proxy = true;
|
||||
auth-default-access = "deny-all";
|
||||
enable-login = true;
|
||||
@@ -28,7 +28,7 @@
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."${service_configs.ntfy.domain}".extraConfig = ''
|
||||
reverse_proxy :${builtins.toString service_configs.ports.ntfy}
|
||||
reverse_proxy :${builtins.toString service_configs.ports.private.ntfy.port}
|
||||
'';
|
||||
|
||||
}
|
||||
|
||||
@@ -23,10 +23,10 @@ in
|
||||
walletAddress = walletAddress;
|
||||
sidechain = "nano";
|
||||
host = "127.0.0.1";
|
||||
rpcPort = service_configs.ports.monero_rpc;
|
||||
zmqPort = service_configs.ports.monero_zmq;
|
||||
rpcPort = service_configs.ports.public.monero_rpc.port;
|
||||
zmqPort = service_configs.ports.private.monero_zmq.port;
|
||||
extraArgs = [
|
||||
" --stratum 0.0.0.0:${builtins.toString service_configs.ports.p2pool_stratum}"
|
||||
" --stratum 0.0.0.0:${builtins.toString service_configs.ports.private.p2pool_stratum.port}"
|
||||
];
|
||||
};
|
||||
|
||||
@@ -43,6 +43,6 @@ in
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
service_configs.ports.p2pool_p2p
|
||||
service_configs.ports.public.p2pool_p2p.port
|
||||
];
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
|
||||
services.qbittorrent = {
|
||||
enable = true;
|
||||
webuiPort = service_configs.ports.torrent;
|
||||
webuiPort = service_configs.ports.private.torrent.port;
|
||||
profileDir = "/var/lib/qBittorrent";
|
||||
# Set the service group to 'media' so the systemd unit runs with media as
|
||||
# the primary GID. Linux assigns new file ownership from the process's GID
|
||||
|
||||
@@ -30,11 +30,11 @@
|
||||
|
||||
settings = {
|
||||
web = {
|
||||
port = service_configs.ports.soulseek_web;
|
||||
port = service_configs.ports.private.soulseek_web.port;
|
||||
};
|
||||
soulseek = {
|
||||
# description = "smth idk";
|
||||
listen_port = service_configs.ports.soulseek_listen;
|
||||
listen_port = service_configs.ports.public.soulseek_listen.port;
|
||||
};
|
||||
|
||||
shares = {
|
||||
@@ -64,6 +64,6 @@
|
||||
'';
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
service_configs.ports.soulseek_listen
|
||||
service_configs.ports.public.soulseek_listen.port
|
||||
];
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
|
||||
dataDir = service_configs.syncthing.dataDir;
|
||||
|
||||
guiAddress = "127.0.0.1:${toString service_configs.ports.syncthing_gui}";
|
||||
guiAddress = "127.0.0.1:${toString service_configs.ports.private.syncthing_gui.port}";
|
||||
|
||||
overrideDevices = false;
|
||||
overrideFolders = false;
|
||||
@@ -42,16 +42,16 @@
|
||||
|
||||
# Open firewall ports for syncthing protocol
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ service_configs.ports.syncthing_protocol ];
|
||||
allowedTCPPorts = [ service_configs.ports.public.syncthing_protocol.port ];
|
||||
allowedUDPPorts = [
|
||||
service_configs.ports.syncthing_discovery
|
||||
service_configs.ports.syncthing_protocol
|
||||
service_configs.ports.public.syncthing_discovery.port
|
||||
service_configs.ports.public.syncthing_protocol.port
|
||||
];
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."syncthing.${service_configs.https.domain}".extraConfig = ''
|
||||
import ${config.age.secrets.caddy_auth.path}
|
||||
reverse_proxy :${toString service_configs.ports.syncthing_gui}
|
||||
reverse_proxy :${toString service_configs.ports.private.syncthing_gui.port}
|
||||
'';
|
||||
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ in
|
||||
|
||||
pools = [
|
||||
{
|
||||
url = "127.0.0.1:${builtins.toString service_configs.ports.p2pool_stratum}";
|
||||
url = "127.0.0.1:${builtins.toString service_configs.ports.private.p2pool_stratum.port}";
|
||||
tls = false;
|
||||
}
|
||||
];
|
||||
|
||||
Reference in New Issue
Block a user