1 files changed, 36 insertions, 1 deletions

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 552dd7f0..06561e9c 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -34,6 +34,12 @@ in {
     };
   };
 
+  security.acme.defaults.email = "spam@krebsco.de";
+  security.acme.acceptTerms = true;
+  security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
+  security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
+  security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
+  security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
   services.nginx = {
     enable = true;
     package = pkgs.nginx.override {
@@ -41,8 +47,10 @@ in {
         fancyindex
       ];
     };
-    virtualHosts.default = {
+    virtualHosts."yellow.r" = {
       default = true;
+      enableACME = true;
+      addSSL = true;
       locations."/" = {
         root = "/var/download";
         extraConfig = ''
@@ -137,11 +145,29 @@ in {
       '';
     };
     virtualHosts."jelly.r" = {
+      enableACME = true;
+      addSSL = true;
       locations."/".extraConfig = ''
         proxy_pass http://localhost:8096/;
         proxy_set_header Accept-Encoding "";
       '';
     };
+    virtualHosts."radar.r" = {
+      enableACME = true;
+      addSSL = true;
+      locations."/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://localhost:7878";
+      };
+    };
+    virtualHosts."sonar.r" = {
+      enableACME = true;
+      addSSL = true;
+      locations."/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://localhost:8989";
+      };
+    };
   };
 
   services.samba = {
@@ -215,6 +241,7 @@ in {
     enable = true;
     tables.filter.INPUT.rules = [
       { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
+      { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
       { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
       { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
       { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
@@ -222,6 +249,7 @@ in {
       { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr
       { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr
       { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr
+      { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr
 
       # smbd
       { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
@@ -367,13 +395,20 @@ in {
 
   services.radarr = {
     enable = true;
+    group = "download";
   };
 
   services.sonarr = {
     enable = true;
+    group = "download";
   };
 
   services.prowlarr = {
     enable = true;
   };
+
+  services.bazarr = {
+    enable = true;
+    group = "download";
+  };
 }