roles/server/default.nix

@@ -15,6 +15,5 @@
 		./tailscale.nix
 		./traefik.nix
 		./minecraft.nix
-		./dns.nix
 	];
 }

roles/server/dns.nix

@@ -1,43 +0,0 @@
-{ ... }:
-
-{
-  services.dnsmasq = {
-    enable = true;
-    
-    # Only using this for tailscale IPs, so better to let tailscale itself deal with it
-    resolveLocalQueries = false;
-    
-    settings = {
-      listen-address = [ "100.73.96.48" ];
-      
-      /*
-      Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
-      From the little testing I have done it seems to not cause any issues, but better to be safe
-      than sorry :P
-      */
-      dns-loop-detect = true;
-      
-      # If this isn't set a cname that targets a host might return the wrong ip
-      localise-queries = true;
-      ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
-      filter-AAAA = true;
-      expand-hosts = true;
-      domain = "sable-pancake.ts.net";
-      domain-needed = true;
-    };
-  };
-
-  # Add tailscale hosts
-  networking.hosts = {
-    "100.73.96.48" = [ "everest" ];
-    "100.113.139.93" = [ "archie" ];
-    "100.85.48.85" = [ "steamdeck" ];
-    "100.96.92.13" = [ "surfecego" ];
-  };
-
-  # Dnsmasq conflicts with the resolved dns stub listener
-  services.resolved.extraConfig = ''
-    [Resolve]
-    DNSStubListener=no
-  '';
-}

roles/server/gitea.nix

@@ -9,27 +9,31 @@
 			server = {
 				#server.SSH_PORT = 69;
 				DISABLE_REGISTRATION = lib.mkDefault true;
-				ROOT_URL = "http://git.everest.sable-pancake.ts.net";
+				ROOT_URL = "http://everest/gitea/";
 			};
 		};
 	};
-
-	# Add a cname for gitea
-	services.dnsmasq.settings.cname = [ "git.everest.sable-pancake.ts.net,everest" ];
-
 	# Set up traefik as the reverse proxy for Gitea
 	services.traefik = {
 		dynamicConfigOptions = {
 			http = {
 				routers = {
+					/*
+					Gitea works best as a subdomain, but I do not have a dns server (yet),
+					and since tailscale doesn't support adding subdomains with MagicDNS I'll
+					just put it in a subpath for now
+					*/
 					gitea-subpath = {
-						rule = "Host(`git.everest.sable-pancake.ts.net`)";
+						middlewares = [ "gitea-strip-prefix" ];
+						rule = "PathPrefix(`/gitea`)";
 						service = "gitea";
 					};
 				};
 				services.gitea.loadBalancer.servers = [
 					{ url = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}"; }
 				];
+				# Gitea freaks out if you don't remove the subpath it's being proxied from
+				middlewares.gitea-strip-prefix.stripprefix.prefixes = "/gitea";
 			};
 		};
 	};

roles/server/syncthing.nix

@@ -34,22 +34,26 @@
 		AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
 	};
 
-	# Add a cname for syncthing
-	services.dnsmasq.settings.cname = [ "sync.everest.sable-pancake.ts.net,everest" ];
-
 	# Set up traefik as the reverse proxy for syncthing
 	services.traefik = {
 		dynamicConfigOptions = {
 			http = {
 				routers = {
-					syncthing-subdomain = {
+					syncthing-subpath = {
-						rule = "Host(`sync.everest.sable-pancake.ts.net`)";
+						middlewares = [ "syncthing-add-trailing-slash" "syncthing-strip-prefix" ];
+						rule = "PathPrefix(`/syncthing`)";
 						service = "syncthing";
 					};
 				};
 				services.syncthing.loadBalancer.servers = [
 					{ url = "http://localhost:8384"; }
 				];
+				middlewares.syncthing-strip-prefix.stripprefix.prefixes = "/syncthing";
+				middlewares.syncthing-add-trailing-slash.redirectRegex = {
+					# Going to everest/syncthing without a slash at the end breaks things
+					regex = "http:\/\/everest\/syncthing+$";
+					replacement = "http://everest/syncthing/";
+				};
 			};
 		};
 	};

roles/server/traefik.nix

@@ -1,21 +1,14 @@
 { config, ... }:
 
 {
-	specialisation.traefikEnableWebUI.configuration.services.traefik = {
-		staticConfigOptions = {
-			api = {
-				# Enable the web ui
-				insecure = true;
-				dashboard = true;
-			};
-		};
-	};
-	
 	services.traefik = {
 		enable = true;
 		staticConfigOptions = {
+			# Enable the web ui
+			api.insecure = true;
+			api.dashboard = true;
 			entryPoints = {
-				http = { address = "100.73.96.48:80"; };
+				http = { address = ":80"; };
 			};
 		};
 	};

roles/server/transmission.nix

@@ -7,21 +7,18 @@
 		settings = {
 			incomplete-dir-enabled = false;
 			rpc-bind-address = "0.0.0.0";
-			rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
+			rpc-host-whitelist = "everest";
 			rpc-whitelist = "127.0.0.1";
 		};
 	};
 
-	# Add a cname for transmission
-	services.dnsmasq.settings.cname = [ "transmission.everest.sable-pancake.ts.net,everest" ];
-
 	# Set up traefik as the reverse proxy for transmission
 	services.traefik = {
 		dynamicConfigOptions = {
 			http = {
 				routers = {
-					transmission-subdomain = {
+					transmission-subpath = {
-						rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
+						rule = "PathPrefix(`/transmission`)";
 						service = "transmission";
 					};
 				};