diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix index 58e6d906..9418f90d 100644 --- a/hosts/mauville/default.nix +++ b/hosts/mauville/default.nix @@ -10,7 +10,6 @@ domain = "raffauflabs.com"; mediaDirectory = "/mnt/Media"; archiveDirectory = "/mnt/Archive"; - openPorts = [80 443 51413 9091]; in { imports = [./hardware-configuration.nix ./home.nix]; @@ -59,9 +58,12 @@ in { }; networking = { - firewall = { - allowedTCPPorts = openPorts; - allowedUDPPorts = openPorts; + firewall = let + transmissionPort = config.alyraffauf.containers.oci.transmission.port; + bitTorrentPort = config.alyraffauf.containers.oci.transmission.bitTorrentPort; + in { + allowedTCPPorts = [80 443 transmissionPort bitTorrentPort]; + allowedUDPPorts = [bitTorrentPort]; }; # My router doesn't expose settings for NAT loopback # So we have to use this workaround. @@ -102,7 +104,7 @@ in { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:8080"; + proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.freshRSS.port}"; proxyWebsockets = true; # needed if you need to use WebSocket extraConfig = '' proxy_buffering off; @@ -126,7 +128,7 @@ in { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:32400"; + proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.plexMediaServer.port}"; proxyWebsockets = true; # needed if you need to use WebSocket extraConfig = '' proxy_buffering off; @@ -138,7 +140,7 @@ in { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:13378"; + proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.audiobookshelf.port}"; # proxyWebsockets = true; # This breaks audiobookshelf. extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nixosModules/containers/oci/audiobookshelf/default.nix b/nixosModules/containers/oci/audiobookshelf/default.nix index 75b121dd..ce22f149 100644 --- a/nixosModules/containers/oci/audiobookshelf/default.nix +++ b/nixosModules/containers/oci/audiobookshelf/default.nix @@ -12,12 +12,17 @@ default = "/mnt/Media"; type = lib.types.str; }; + alyraffauf.containers.oci.audiobookshelf.port = lib.mkOption { + description = "Port for audiobookshelf."; + default = 13378; + type = lib.types.int; + }; }; config = lib.mkIf config.alyraffauf.containers.oci.audiobookshelf.enable { virtualisation.oci-containers.containers = { audiobookshelf = { - ports = ["0.0.0.0:13378:80"]; + ports = ["0.0.0.0:${toString config.alyraffauf.containers.oci.audiobookshelf.port}:80"]; image = "ghcr.io/advplyr/audiobookshelf:latest"; environment = {TZ = "America/New_York";}; volumes = ["abs_config:/config" "abs_metadata:/metadata" "${config.alyraffauf.containers.oci.audiobookshelf.mediaDirectory}:/Media"]; diff --git a/nixosModules/containers/oci/freshRSS/default.nix b/nixosModules/containers/oci/freshRSS/default.nix index 719af35a..0c49a9fc 100644 --- a/nixosModules/containers/oci/freshRSS/default.nix +++ b/nixosModules/containers/oci/freshRSS/default.nix @@ -7,12 +7,17 @@ options = { alyraffauf.containers.oci.freshRSS.enable = lib.mkEnableOption "Enable FreshRSS news client."; + alyraffauf.containers.oci.freshRSS.port = lib.mkOption { + description = "Port for FreshRSS."; + default = 8080; + type = lib.types.int; + }; }; config = lib.mkIf config.alyraffauf.containers.oci.freshRSS.enable { virtualisation.oci-containers.containers = { freshrss = { - ports = ["0.0.0.0:8080:80"]; + ports = ["0.0.0.0:${toString config.alyraffauf.containers.oci.freshRSS.port}:80"]; image = "freshrss/freshrss:latest"; environment = { TZ = "America/New_York"; diff --git a/nixosModules/containers/oci/jellyfin/default.nix b/nixosModules/containers/oci/jellyfin/default.nix index ad912648..051d4187 100644 --- a/nixosModules/containers/oci/jellyfin/default.nix +++ b/nixosModules/containers/oci/jellyfin/default.nix @@ -17,12 +17,17 @@ default = "/mnt/Archive"; type = lib.types.str; }; + alyraffauf.containers.oci.jellyfin.port = lib.mkOption { + description = "Port for Jellyfin."; + default = 8096; + type = lib.types.int; + }; }; config = lib.mkIf config.alyraffauf.containers.oci.jellyfin.enable { virtualisation.oci-containers.containers = { jellyfin = { - ports = ["0.0.0.0:8096:8096"]; + ports = ["0.0.0.0:${toString config.alyraffauf.containers.oci.jellyfin.port}:8096"]; image = "jellyfin/jellyfin"; environment = {TZ = "America/New_York";}; volumes = [ diff --git a/nixosModules/containers/oci/plexMediaServer/default.nix b/nixosModules/containers/oci/plexMediaServer/default.nix index 77b5e4c6..ecbcd3f2 100644 --- a/nixosModules/containers/oci/plexMediaServer/default.nix +++ b/nixosModules/containers/oci/plexMediaServer/default.nix @@ -17,12 +17,17 @@ default = "/mnt/Archive"; type = lib.types.str; }; + alyraffauf.containers.oci.plexMediaServer.port = lib.mkOption { + description = "Port for Plex Media Server."; + default = 32400; + type = lib.types.int; + }; }; config = lib.mkIf config.alyraffauf.containers.oci.plexMediaServer.enable { virtualisation.oci-containers.containers = { plexMediaServer = { - ports = ["0.0.0.0:32400:32400"]; + ports = ["0.0.0.0:${toString config.alyraffauf.containers.oci.plexMediaServer.port}:32400"]; image = "plexinc/pms-docker:public"; environment = {TZ = "America/New_York";}; volumes = [ diff --git a/nixosModules/containers/oci/transmission/default.nix b/nixosModules/containers/oci/transmission/default.nix index 0c623ff7..076f142c 100644 --- a/nixosModules/containers/oci/transmission/default.nix +++ b/nixosModules/containers/oci/transmission/default.nix @@ -17,12 +17,22 @@ default = "/mnt/Archive"; type = lib.types.str; }; + alyraffauf.containers.oci.transmission.port = lib.mkOption { + description = "Port for Transmission."; + default = 9091; + type = lib.types.int; + }; + alyraffauf.containers.oci.transmission.bitTorrentPort = lib.mkOption { + description = "Port for BitTorrent p2p services.."; + default = 5143; + type = lib.types.int; + }; }; config = lib.mkIf config.alyraffauf.containers.oci.transmission.enable { virtualisation.oci-containers.containers = { transmission = { - ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"]; + ports = ["0.0.0.0:${toString config.alyraffauf.containers.oci.transmission.port}:9091" "0.0.0.0:${toString config.alyraffauf.containers.oci.transmission.bitTorrentPort}:51413"]; image = "linuxserver/transmission:latest"; environment = { PGID = "1000";