From eb381fff3520dde91adcfd413004040fe818da9d Mon Sep 17 00:00:00 2001
From: Adithya Nair <adtya@adtya.xyz>
Date: Wed, 17 Jul 2024 10:45:56 +0530
Subject: [PATCH] layne: reverse proxy to transmission

---
 hosts/layne/services/apps/transmission.nix | 50 +++++++++++++---------
 hosts/layne/services/caddy.nix             |  7 +++
 hosts/layne/services/default.nix           |  2 +-
 3 files changed, 38 insertions(+), 21 deletions(-)
 create mode 100644 hosts/layne/services/caddy.nix

diff --git a/hosts/layne/services/apps/transmission.nix b/hosts/layne/services/apps/transmission.nix
index 994696d..8993fb0 100644
--- a/hosts/layne/services/apps/transmission.nix
+++ b/hosts/layne/services/apps/transmission.nix
@@ -1,24 +1,34 @@
 { pkgs, ... }: {
-  services.transmission = {
-    enable = true;
-    package = pkgs.transmission_4;
-    downloadDirPermissions = "775";
-    home = "/mnt/data/Torrents";
-    webHome = pkgs.flood-for-transmission;
-    openPeerPorts = true;
-    extraFlags = [
-      "--encryption-required"
-      "--no-portmap"
-      "--dht"
-      "--lpd"
-      "--allowed"
-      "127.0.0.1,10.10.10.*"
-    ];
-    settings = {
-      peer-port = 51515;
-      rpc-bind-address = "10.10.10.14";
-      rpc-port = 9091;
-      watch-dir-enabled = true;
+  services = {
+    caddy = {
+      virtualHosts."transmission.labs.adtya.xyz" = {
+        extraConfig = ''
+          reverse_proxy 10.10.10.14:9091
+          tls /persist/secrets/caddy/certs/transmission.crt /persist/secrets/caddy/certs/transmission.key
+        '';
+      };
+    };
+    transmission = {
+      enable = true;
+      package = pkgs.transmission_4;
+      downloadDirPermissions = "775";
+      home = "/mnt/data/Torrents";
+      webHome = pkgs.flood-for-transmission;
+      openPeerPorts = true;
+      extraFlags = [
+        "--encryption-required"
+        "--no-portmap"
+        "--dht"
+        "--lpd"
+        "--allowed"
+        "127.0.0.1,10.10.10.*"
+      ];
+      settings = {
+        peer-port = 51515;
+        rpc-bind-address = "10.10.10.14";
+        rpc-port = 9091;
+        watch-dir-enabled = true;
+      };
     };
   };
   systemd.services.transmission.unitConfig.RequiresMountsFor = [ "/mnt/data" ];
diff --git a/hosts/layne/services/caddy.nix b/hosts/layne/services/caddy.nix
new file mode 100644
index 0000000..9276aec
--- /dev/null
+++ b/hosts/layne/services/caddy.nix
@@ -0,0 +1,7 @@
+_: {
+  services.caddy = {
+    enable = true;
+    acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
+    email = "admin@acomputer.lol";
+  };
+}
diff --git a/hosts/layne/services/default.nix b/hosts/layne/services/default.nix
index b15489f..88d2e66 100644
--- a/hosts/layne/services/default.nix
+++ b/hosts/layne/services/default.nix
@@ -1,3 +1,3 @@
 _: {
-  imports = [ ./apps ./btrfs.nix ./ssh.nix ];
+  imports = [ ./apps ./caddy.nix ./btrfs.nix ./ssh.nix ];
 }