feat(jeeves)!: nginx reverse-proxying for jeeves.local

machines/nixos/x86_64-linux/jeeves/configuration.nix

@@ -8,7 +8,9 @@
     inputs.agenix-rekey.nixosModules.default
     ./network.nix
     ./wireguard.nix
+    ./nginx.nix
     ./jellyfin.nix
+    ./transmission.nix
     ./mindustry.nix
     # ./home-assistant
     ./samba.nix

machines/nixos/x86_64-linux/jeeves/jellyfin.nix

@@ -1,13 +1,5 @@
 { lib, pkgs, config, ... }:
 {
-  environment.systemPackages = with pkgs; [
-    tremc
-  ];
-
-  # networking.extraHosts = ''
-  #   127.0.0.1 jeeves
-  # '';
-
   hardware.graphics = {
     enable = true;
     enable32Bit = true;
@@ -21,20 +13,14 @@
   };
 
   services = {
-    transmission = {
-      enable = true;
-      package = pkgs.transmission_4;
-      openRPCPort = true;
-      webHome = pkgs.flood-for-transmission;
-      # TODO: `credentialsFile` for RPC password with agenix
-      settings = {
-        download-dir = "/data/torrents/download";
-        incomplete-dir = "/data/torrents/incomplete";
-        incomplete-dir-enabled = true;
-        rpc-bind-address = "0.0.0.0";
-        rpc-whitelist = "127.0.0.1,192.168.*.*,10.100.0.*";
+    nginx = {
+      virtualHosts."jellyfin.jeeves.local" = {
+        enableACME = false;
+        forceSSL = false;
+        locations."/".proxyPass = "http://127.0.0.1:8096";
       };
     };
+
     jellyfin = {
       enable = true;
       openFirewall = true;

machines/nixos/x86_64-linux/jeeves/network.nix

@@ -3,6 +3,10 @@
   environment.systemPackages = with pkgs; [
   ];
 
+  networking.extraHosts = ''
+    127.0.0.1 jeeves.local
+  '';
+
   # networking.nftables.enable = true;
 
   age.secrets."home.wifi.env" = {

machines/nixos/x86_64-linux/jeeves/nginx.nix

@@ -0,0 +1,25 @@
+{ inputs, outputs, lib, pkgs, config, ... }:
+
+{
+  environment.systemPackages = [
+    # config.services.nextcloud.package
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    package = pkgs.openresty;
+    # virtualHosts."_.jeeves.local" = {
+    #   # listen = [
+    #   #   {
+    #   #     addr = "127.0.0.1";
+    #   #     port = 1234;
+    #   #   }
+    #   # ];
+    #   enableACME = false;
+    #   forceSSL = false;
+    #   locations."/".proxyPass = "http://127.0.0.1:1234";
+    # };
+  };
+}

machines/nixos/x86_64-linux/jeeves/transmission.nix

@@ -0,0 +1,31 @@
+{ lib, pkgs, config, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    tremc
+  ];
+
+  services = {
+    transmission = {
+      enable = true;
+      package = pkgs.transmission_4;
+      openRPCPort = true;
+      webHome = pkgs.flood-for-transmission;
+      # TODO: `credentialsFile` for RPC password with agenix
+      settings = {
+        download-dir = "/data/torrents/download";
+        incomplete-dir = "/data/torrents/incomplete";
+        incomplete-dir-enabled = true;
+        rpc-bind-address = "0.0.0.0";
+        rpc-whitelist = "127.0.0.1,192.168.*.*,10.100.0.*,*.local";
+      };
+    };
+
+    nginx = {
+      virtualHosts."transmission.jeeves.local" = {
+        enableACME = false;
+        forceSSL = false;
+        locations."/".proxyPass = "http://127.0.0.1:9091";
+      };
+    };
+  };
+}