From 17d2e103459cbe127de67c17882d4a694746b8f3 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Mon, 5 Jun 2023 00:50:31 +0200
Subject: [PATCH] bazarr: use vhost

---
 hosts/architect/bazarr.nix | 38 ++++++++++++++------------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/hosts/architect/bazarr.nix b/hosts/architect/bazarr.nix
index 7ca8884..4586da8 100644
--- a/hosts/architect/bazarr.nix
+++ b/hosts/architect/bazarr.nix
@@ -2,35 +2,25 @@
 
 let
   domain = "htbaz.giugl.io";
-  auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
-  
-  utilities = import ./utilities.nix { inherit lib config; };
-  inherit (utilities) architectInterfaceAddress;
 in
 {
-  services = {
-    bazarr = {
-      enable = true;
-      group = "media";
-    };
+  services.bazarr = {
+    enable = true;
+    group = "media";
+  };
 
-    nginx.virtualHosts.${domain} = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:6767";
-        extraConfig = auth_block {
-          access_role = "bazarr";
-        };
-      };
+  architect.vhost.${domain} = with config.architect.networks; {
+    dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
+    locations."/" = {
+      port = 6767;
+      deny = [ lan.devices.router.address ];
+      allow = [
+        lan.net
+        wireguard.net
+        tailscale.net
+      ];
     };
   };
 
-  networking.extraHosts = ''
-    ${architectInterfaceAddress "lan"} ${domain}
-    ${architectInterfaceAddress "wireguard"} ${domain}
-    ${architectInterfaceAddress "tailscale"} ${domain}
-  '';
-
   users.groups.media.members = [ "bazarr" ];
 }