Server: move services to subdomains

2023-12-10 18:12:27 +01:00 · 2023-12-10 18:12:27 +01:00 · 1a84aa2290
commit 1a84aa2290
parent 5a52fd9f3a
3 changed files with 17 additions and 22 deletions
--- a/roles/server/gitea.nix
+++ b/roles/server/gitea.nix
@ -9,31 +9,27 @@
 			server = {
 				#server.SSH_PORT = 69;
 				DISABLE_REGISTRATION = lib.mkDefault true;
-				ROOT_URL = "http://everest/gitea/";
+				ROOT_URL = "http://git.everest.sable-pancake.ts.net";
 			};
 		};
 	};
 	# Add a cname for gitea
 	services.dnsmasq.settings.cname = [ "git.everest.sable-pancake.ts.net,everest" ];
 	# Set up traefik as the reverse proxy for Gitea
 	services.traefik = {
 		dynamicConfigOptions = {
 			http = {
 				routers = {
 					/*
 					Gitea works best as a subdomain, but I do not have a dns server (yet),
 					and since tailscale doesn't support adding subdomains with MagicDNS I'll
 					just put it in a subpath for now
 					*/
 					gitea-subpath = {
-						middlewares = [ "gitea-strip-prefix" ];
+						rule = "Host(`git.everest.sable-pancake.ts.net`)";
 						rule = "PathPrefix(`/gitea`)";
 						service = "gitea";
 					};
 				};
 				services.gitea.loadBalancer.servers = [
 					{ url = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}"; }
 				];
 				# Gitea freaks out if you don't remove the subpath it's being proxied from
 				middlewares.gitea-strip-prefix.stripprefix.prefixes = "/gitea";
 			};
 		};
 	};
--- a/roles/server/syncthing.nix
+++ b/roles/server/syncthing.nix
@ -34,26 +34,22 @@
 		AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
 	};
 	# Add a cname for syncthing
 	services.dnsmasq.settings.cname = [ "sync.everest.sable-pancake.ts.net,everest" ];
 	# Set up traefik as the reverse proxy for syncthing
 	services.traefik = {
 		dynamicConfigOptions = {
 			http = {
 				routers = {
-					syncthing-subpath = {
+					syncthing-subdomain = {
-						middlewares = [ "syncthing-add-trailing-slash" "syncthing-strip-prefix" ];
+						rule = "Host(`sync.everest.sable-pancake.ts.net`)";
 						rule = "PathPrefix(`/syncthing`)";
 						service = "syncthing";
 					};
 				};
 				services.syncthing.loadBalancer.servers = [
 					{ url = "http://localhost:8384"; }
 				];
 				middlewares.syncthing-strip-prefix.stripprefix.prefixes = "/syncthing";
 				middlewares.syncthing-add-trailing-slash.redirectRegex = {
 					# Going to everest/syncthing without a slash at the end breaks things
 					regex = "http:\/\/everest\/syncthing+$";
 					replacement = "http://everest/syncthing/";
 				};
 			};
 		};
 	};
--- a/roles/server/transmission.nix
+++ b/roles/server/transmission.nix
@ -7,18 +7,21 @@
 		settings = {
 			incomplete-dir-enabled = false;
 			rpc-bind-address = "0.0.0.0";
-			rpc-host-whitelist = "everest";
+			rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
 			rpc-whitelist = "127.0.0.1";
 		};
 	};
 	# Add a cname for transmission
 	services.dnsmasq.settings.cname = [ "transmission.everest.sable-pancake.ts.net,everest" ];
 	# Set up traefik as the reverse proxy for transmission
 	services.traefik = {
 		dynamicConfigOptions = {
 			http = {
 				routers = {
-					transmission-subpath = {
+					transmission-subdomain = {
-						rule = "PathPrefix(`/transmission`)";
+						rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
 						service = "transmission";
 					};
 				};