stream: format

2023-09-15 22:44:17 +02:00 · 2023-09-15 22:44:17 +02:00 · 9cf336ff79
parent f7b4f369fb
commit 9cf336ff79
1 changed files with 40 additions and 36 deletions
--- a/hosts/stream/default.nix
+++ b/hosts/stream/default.nix
@ -18,65 +18,69 @@
      networkConfig.IPv6AcceptRA = false;
      # try harder disabling global ipv6
      networkConfig.LinkLocalAddressing = "no";
-      addresses = [ {
+      addresses = [{
        addressConfig.Address = "${hostRegistry.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
-      } ];
-      gateway = lib.mkForce [];
-      routes = [ {
+      }];
+      gateway = lib.mkForce [ ];
+      routes = [{
        routeConfig = {
          Destination = "172.20.0.0/14";
          Gateway = hostRegistry.serv-gw.ip4;
        };
-      } ];
+      }];
    };

    # On the pub network I am a normal client.
    networks."30-pub" = {
      networkConfig.DHCP = "ipv4";
-      gateway = lib.mkForce [];
+      gateway = lib.mkForce [ ];
      networkConfig.IPv6AcceptRA = true;
    };
  };

-  services.peerflix.enable = true;
+  services = {
+    jackett.enable = true;
+
+    nginx = {
+      enable = true;
+      virtualHosts."stream.hq.c3d2.de" = {
+        default = true;
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9000";
+          proxyWebsockets = true;
+          extraConfig = ''
+            auth_basic "Stream";
+            auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
+          '';
+        };
+      };
+      virtualHosts."torrents.hq.c3d2.de" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9117";
+          extraConfig = ''
+            auth_basic "Torrents";
+            auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
+          '';
+        };
+      };
+    };
+
+    peerflix.enable = true;
+  };
+
  systemd.services.peerflix.serviceConfig = {
    Restart = "always";
    RestartSec = 60;
  };
-  services.jackett.enable = true;

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets."nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User;
  };

-  services.nginx = {
-    enable = true;
-    virtualHosts."stream.hq.c3d2.de" = {
-      default = true;
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:9000";
-        proxyWebsockets = true;
-        extraConfig = ''
-          auth_basic "Stream";
-          auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
-        '';
-      };
-    };
-    virtualHosts."torrents.hq.c3d2.de" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:9117";
-        extraConfig = ''
-          auth_basic "Torrents";
-          auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
-        '';
-      };
-    };
-  };
-
  system.stateVersion = "22.05";
 }