diff --git a/modules/nixos/services/traefik-proxy/default.nix b/modules/nixos/services/traefik-proxy/default.nix index 95f7694..5c7ebd9 100644 --- a/modules/nixos/services/traefik-proxy/default.nix +++ b/modules/nixos/services/traefik-proxy/default.nix @@ -15,8 +15,7 @@ in }; config = lib.mkIf (cfg.enable || - config.services.binary-cache.enable || - config.suites.nas.media.enable) { + config.services.binary-cache.enable) { services.traefik = { enable = true; staticConfigOptions = { diff --git a/modules/nixos/suites/nas/default.nix b/modules/nixos/suites/nas/default.nix index 70cbaf4..ef22d24 100644 --- a/modules/nixos/suites/nas/default.nix +++ b/modules/nixos/suites/nas/default.nix @@ -26,6 +26,12 @@ in default = "localhost"; description = "NAS Reachable Domain Name"; }; + options.suites.nas.debug = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Insecure, shows Traefik Dashboard"; + }; + options.suites.nas.media.enable = lib.mkOption { type = with lib.types; uniq bool; default = true; @@ -49,8 +55,8 @@ in ######### # Users # ######### - users.groups.media = {}; - users.users.media = { + users.groups.media = lib.mkForce {}; # kavita wants to create user too + users.users.media = lib.mkForce { isSystemUser = true; createHome = true; description = "Media User"; @@ -105,6 +111,50 @@ in }; networking.firewall.allowPing = true; + ################# + # Reverse Proxy # + ################# + # Firewall + networking.firewall.allowedTCPPorts = [ 80 443 8080 ]; + services.traefik = { + enable = true; + staticConfigOptions = { + api = { + dashboard = true; + insecure = true; + }; + entryPoints = { + http = { + address = ":80"; +# http.redirections.entrypoint = { +# to = "https"; +# scheme = "https"; +# }; + }; + https = { + address = ":443"; + }; + }; + }; + }; + services.traefik.dynamicConfigOptions = { + # Traefik Dashbaord + http.routers.dashboard.rule = "Host(`traefik.mow0m`)"; + http.routers.dashboard.service = "api@internal"; + # Jellyfin + http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; + http.routers.jellyfin.entrypoints = "http"; + http.routers.jellyfin.tls = false; + http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)"; + http.routers.jellyfin.service = "jellyfin"; + # Kavita + http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ]; + http.routers.kavita.entrypoints = "http"; + http.routers.kavita.tls = false; + http.routers.kavita.rule = "Host(`kavita.${config.suites.nas.domain}`)"; + http.routers.kavita.service = "kavita"; + }; + ################# # Media Servers # @@ -112,14 +162,10 @@ in # Jellyfin services.jellyfin.enable = cfg.media.servers.enable; services.jellyfin.user = "media"; - services.traefik.dynamicConfigOptions = { - http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; - http.routers.jellyfin.entrypoints = "websecure"; - http.routers.jellyfin.tls = true; - #http.routers.jellyfin.tls.certresolver = "letsencrypt"; - http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)"; - http.routers.jellyfin.service = "jellyfin"; - }; + # Kavita + services.kavita.enable = cfg.media.servers.enable; + services.kavita.user = "media"; + services.kavita.tokenKeyFile = "/home/media/kavitaKeyToken"; }; diff --git a/systems/x86_64-linux/mow0m/default.nix b/systems/x86_64-linux/mow0m/default.nix index cd7928c..0e1b7e5 100644 --- a/systems/x86_64-linux/mow0m/default.nix +++ b/systems/x86_64-linux/mow0m/default.nix @@ -6,7 +6,7 @@ ]; # Configure Nix - nix.package = pkgs.lix.override { aws-sdk-cpp = null; }; + nix.package = pkgs.lix; nix.settings = { experimental-features = [ "nix-command" "flakes" ]; }; @@ -75,10 +75,11 @@ # Enable NAS Suite suites.nas.enable = true; - suites.nas.domain = "mow0m.lan"; + suites.nas.debug = true; + suites.nas.domain = "mow0m"; suites.nas.media.enable = true; suites.nas.media.folder = "/laowu/media"; - suites.nas.media.servers.enable = false; + suites.nas.media.servers.enable = true; # Firewall # networking.firewall.allowedTCPPorts = [ ... ];