LoutreOS: refactor services

systems/LoutreOS/web.nix

@@ -0,0 +1,113 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  domaine = "nyanlout.re";
+
+  jellyfin_backend = ''
+    http-request set-header X-Forwarded-Port %[dst_port]
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }
+  '';
+  sonarr_acl = ''
+    acl API path_beg /api
+  '';
+  sonarr_auth = ''
+    !AUTH_OK !API
+  '';
+in
+{
+  services = {
+    haproxy-acme = {
+      enable = true;
+      domaine = domaine;
+      services = {
+        "grafana.${domaine}" = { ip = "127.0.0.1"; port = config.services.grafana.port; auth = true; };
+        "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; extraBackend = jellyfin_backend; };
+        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
+        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
+        "transmission.${domaine}" = { ip = "127.0.0.1"; port = config.services.transmission.port; auth = true; };
+        "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
+        "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
+        "searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; };
+        "riot.${domaine}" = { ip = "127.0.0.1"; port = (findFirst (x: x.addr == "127.0.0.1") "" config.services.nginx.virtualHosts.riot.listen).port; auth = false; };
+        "matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; };
+        "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = config.services.pgmanage.port; auth = true; };
+        "gitea.${domaine}" = { ip = "127.0.0.1"; port = config.services.gitea.httpPort; auth = false; };
+        "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; };
+        "factorio.${domaine}" = { ip = "127.0.0.1"; port = (findFirst (x: x.addr == "127.0.0.1") "" config.services.nginx.virtualHosts.factorio.listen).port; auth = false; };
+        "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; };
+        "${domaine}" = { ip = "127.0.0.1"; port = (findFirst (x: x.addr == "127.0.0.1") "" config.services.nginx.virtualHosts.wkd.listen).port; auth = false; };
+      };
+    };
+
+    searx.enable = true;
+
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        "riot" = {
+          listen = [ { addr = "127.0.0.1"; port = 52345; } ];
+          locations = { "/" = { root = pkgs.riot-web; }; };
+        };
+        "factorio" = {
+          listen = [ { addr = "127.0.0.1"; port = 52351; } ];
+          locations = { "/" = { root = "/var/www/factorio"; }; };
+        };
+        "wkd" = {
+          listen = [ { addr = "127.0.0.1"; port = 52352; } ];
+          locations = { "/.well-known/openpgpkey/" = {
+            alias = "/var/lib/gnupg/wks/nyanlout.re";
+            extraConfig = ''
+              add_header Access-Control-Allow-Origin * always;
+            '';
+          }; };
+        };
+      };
+    };
+
+    postgresql.enable = true;
+
+    pgmanage = {
+      enable = true;
+      port = 52347;
+      connections = {
+        localhost = "hostaddr=127.0.0.1 port=5432 dbname=postgres";
+      };
+    };
+
+    gitea = {
+      enable = true;
+      cookieSecure = true;
+      httpPort = 3001;
+      rootUrl = "https://gitea.nyanlout.re/";
+      database = {
+        type = "postgres";
+        port = 5432;
+        passwordFile = "/var/lib/gitea/custom/conf/database_password";
+      };
+      log.level = "Warn";
+      extraConfig = ''
+        [ui]
+        DEFAULT_THEME = arc-green
+
+        [service]
+        DISABLE_REGISTRATION = true
+      '';
+    };
+
+    python-ci.enable = true;
+
+    site-musique = {
+      enable = true;
+      port = 52349;
+      domaine = "musique-meyenheim.fr";
+    };
+
+    site-max = {
+      enable = true;
+      port = 52348;
+      domaine = "maxspiegel.fr";
+    };
+  };
+}