Merge remote-tracking branch 'origin/main'

2025-10-15 15:49:55 +10:00
parent b25b2e5b35 f3e680e906
commit c5a5df58df
3 changed files with 37 additions and 20 deletions
--- a/hosts/alt/caddy.nix
+++ b/hosts/alt/caddy.nix
@@ -15,19 +15,35 @@ let
 		"ha.figtree.dev"        = "http://192.168.1.50:8123";
 		# "budget.figtree.dev"    = "http://192.168.80.1:5006";

-		# Only this one needs extra top-level Caddyfile lines:
-		"budget.box" = {
-			backend = "http://192.168.80.1:5006";
-			extraBefore = ''
-				tls internal
-			'';
-		};
+		# .box domains now automatically get "tls internal"
+		"home.box"              = "http://192.168.1.63:3000";
+		"budget.box"            = "http://192.168.80.1:5006";
+		"torrent.box"           = "http://192.168.1.65:8080";
+		"books.box"             = "http://192.168.80.4:8010";
 	};

-	# Turn strings into { backend = "..."; }
-	normalizedSites = lib.mapAttrs (_: v: if lib.isString v then { backend = v; } else v) sites;
+	# Normalize sites:
+	# 1. Turn strings into { backend = "..."; }.
+	# 2. Automatically prepend `tls internal` for any domain ending in .box.
+	normalizedSites = lib.mapAttrs (domain: siteConfig:
+		let
+			# Ensure siteConfig is an attrset.
+			baseConfig = if lib.isString siteConfig then { backend = siteConfig; } else siteConfig;
+			# Check if it's a .box domain.
+			isBoxDomain = lib.hasSuffix ".box" domain;
+		in
+			if isBoxDomain then
+				baseConfig // {
+					extraBefore = ''
+						tls internal
+						${lib.optionalString (baseConfig ? extraBefore) baseConfig.extraBefore}
+					'';
+				}
+			else
+				baseConfig
+	) sites;

-	# Render each vhost
+	# Render each vhost from its config.
 	mkVHost = cfg: {
 		extraConfig = ''
 			${lib.optionalString (cfg ? extraBefore) cfg.extraBefore}
@@ -39,6 +55,6 @@ in
 {
 	services.caddy = {
 		enable = true;
-		virtualHosts = lib.mapAttrs (_domain: cfg: mkVHost cfg) normalizedSites;
+		virtualHosts = lib.mapAttrs (_: cfg: mkVHost cfg) normalizedSites;
 	};
 }
--- a/hosts/alt/configuration.nix
+++ b/hosts/alt/configuration.nix
@@ -23,11 +23,12 @@
  networking.firewall.allowedTCPPorts = [
    80 443 # caddy
    8000
-    8010
-    8080
+    8001
+    8010 # audio bookshelf
+    8080 # file browser
    8234 # shiori (non-standard)
    9117
-    8191
+    8191 # flaresolverr
  ];

  networking.hostName = "alt"; # Define your hostname.