From 88990545ede868a8564f20583eb930537ceccedc Mon Sep 17 00:00:00 2001 From: "Giulio De Pasquale (aider)" Date: Sat, 26 Apr 2025 16:57:07 +0100 Subject: [PATCH] refactor: Introduce interface types for network configuration --- modules/core/network.nix | 20 ++++++++++++++++++++ modules/core/vhost.nix | 3 ++- modules/services/bazarr/default.nix | 6 +++--- modules/services/gitea/default.nix | 4 ++-- modules/services/immich/default.nix | 6 +++--- modules/services/jellyfin/default.nix | 8 ++++---- modules/services/jellyseer/default.nix | 6 +++--- modules/services/lidarr/default.nix | 6 +++--- modules/services/navidrome/default.nix | 4 ++-- modules/services/nzbget/default.nix | 6 +++--- modules/services/prowlarr/default.nix | 6 +++--- modules/services/radarr/default.nix | 6 +++--- modules/services/sonarr/default.nix | 6 +++--- 13 files changed, 54 insertions(+), 33 deletions(-) diff --git a/modules/core/network.nix b/modules/core/network.nix index efd3a59..2a2246f 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -6,6 +6,26 @@ let in { options.pepe.core.network = { + interfaceTypes = { + lan = mkOption { + type = types.str; + default = "lan"; + description = "Key for LAN interface"; + }; + + wan = mkOption { + type = types.str; + default = "wan"; + description = "Key for WAN interface"; + }; + + vpn = mkOption { + type = types.str; + default = "tailscale"; + description = "Key for VPN interface"; + }; + }; + interfaces = mkOption { type = types.attrsOf (types.submodule { options = { diff --git a/modules/core/vhost.nix b/modules/core/vhost.nix index cdef45d..2963edf 100644 --- a/modules/core/vhost.nix +++ b/modules/core/vhost.nix @@ -13,6 +13,7 @@ in type = types.listOf types.str; default = [ ]; description = "List of interfaces to add extra DNS hosts for this vhost."; + example = "config.pepe.core.network.interfaceTypes.lan"; }; locations = mkOption { @@ -91,7 +92,7 @@ in recommendedProxySettings = location.recommendedProxySettings; extraConfig = '' ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} - ${optionalString location.allowLan ''allow ${config.pepe.core.network.interfaces."lan".net};''} + ${optionalString location.allowLan ''allow ${config.pepe.core.network.interfaces.${config.pepe.core.network.interfaceTypes.lan}.net};''} ${optionalString (!location.allowWAN) "deny all;"} '' + location.extraConfig; }) diff --git a/modules/services/bazarr/default.nix b/modules/services/bazarr/default.nix index 1120487..c81db67 100644 --- a/modules/services/bazarr/default.nix +++ b/modules/services/bazarr/default.nix @@ -22,13 +22,13 @@ in group = "media"; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "tailscale" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn ]; locations."/" = { port = 6767; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 92441eb..bc6bbb2 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -18,8 +18,8 @@ in config = mkIf cfg.enable { pepe.core = { firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ]; - vhost.hosts.${cfg.domain} = { - dnsInterfaces = [ "lan" "tailscale" ]; + vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ]; locations."/" = { port = config.services.gitea.settings.server.HTTP_PORT; allowWAN = true; diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix index cf7a719..d37a816 100644 --- a/modules/services/immich/default.nix +++ b/modules/services/immich/default.nix @@ -22,14 +22,14 @@ in }; }; - pepe.core.vhost.hosts.${cfg.domain} = { - dnsInterfaces = [ "tailscale" "lan" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; locations."/" = { host = "[::1]"; port = config.services.immich.port; allowLan = true; allowWAN = true; - allow = [ config.pepe.core.network.interfaces."tailscale".net ]; + allow = [ interfaces.${interfaceTypes.vpn}.net ]; proxyWebsockets = true; extraConfig = '' # allow large file uploads diff --git a/modules/services/jellyfin/default.nix b/modules/services/jellyfin/default.nix index 223d579..c37f4f1 100644 --- a/modules/services/jellyfin/default.nix +++ b/modules/services/jellyfin/default.nix @@ -24,14 +24,14 @@ in # needed since StateDirectory does not accept symlinks systemd.services.jellyfin.serviceConfig.StateDirectory = mkForce ""; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "lan" "tailscale" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ]; locations = { "/" = { port = 8096; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; @@ -40,7 +40,7 @@ in allowLan = true; proxyWebsockets = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/jellyseer/default.nix b/modules/services/jellyseer/default.nix index e614ff5..24d3939 100644 --- a/modules/services/jellyseer/default.nix +++ b/modules/services/jellyseer/default.nix @@ -21,13 +21,13 @@ in package = cfg.package; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "tailscale" "lan" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; locations."/" = { port = config.services.jellyseerr.port; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/lidarr/default.nix b/modules/services/lidarr/default.nix index 194866f..1479ee4 100644 --- a/modules/services/lidarr/default.nix +++ b/modules/services/lidarr/default.nix @@ -22,13 +22,13 @@ in group = "media"; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "lan" "tailscale" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ]; locations."/" = { port = 8686; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index aa4066b..ddba714 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -46,8 +46,8 @@ in } // cfg.settings; }; - pepe.core.vhost.hosts.${cfg.domain} = { - dnsInterfaces = [ "lan" "tailscale" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ]; locations."/" = { port = 4533; allowLan = true; diff --git a/modules/services/nzbget/default.nix b/modules/services/nzbget/default.nix index 42d2599..e769bdf 100644 --- a/modules/services/nzbget/default.nix +++ b/modules/services/nzbget/default.nix @@ -22,13 +22,13 @@ in group = "media"; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "tailscale" "lan" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; locations."/" = { port = 6789; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/prowlarr/default.nix b/modules/services/prowlarr/default.nix index 848f11a..ca4a231 100644 --- a/modules/services/prowlarr/default.nix +++ b/modules/services/prowlarr/default.nix @@ -21,14 +21,14 @@ in package = cfg.package; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "tailscale" "lan" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; locations."/" = { port = 9696; allowLan = true; proxyWebsockets = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/radarr/default.nix b/modules/services/radarr/default.nix index 66f0384..f5bbab0 100644 --- a/modules/services/radarr/default.nix +++ b/modules/services/radarr/default.nix @@ -21,14 +21,14 @@ in package = cfg.package; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "tailscale" "lan" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; locations."/" = { port = 7878; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; }; diff --git a/modules/services/sonarr/default.nix b/modules/services/sonarr/default.nix index 7cc3999..f994081 100644 --- a/modules/services/sonarr/default.nix +++ b/modules/services/sonarr/default.nix @@ -21,13 +21,13 @@ in package = cfg.package; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network.interfaces; { - dnsInterfaces = [ "tailscale" "lan" ]; + pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { + dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; locations."/" = { port = 8989; allowLan = true; allow = [ - tailscale.net + interfaces.${interfaceTypes.vpn}.net ]; }; };