nixos/kelder: Add acquisition

nixos/boxes/colony/vms/estuary/default.nix

@@ -137,7 +137,7 @@ in
                 in
                 {
                   after = [ waitOnline ];
-                  requires = [ waitOnline ];
+                  # requires = [ waitOnline ];
                 };
               };
             };
@@ -185,7 +185,7 @@ in
                       {
                         wireguardPeerConfig = {
                           PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E=";
-                          AllowedIPs = [ "${lib.my.kelder.vpn.start}2" ];
+                          AllowedIPs = [ "${lib.my.kelder.start.vpn.v4}2" ];
                           PersistentKeepalive = 25;
                         };
                       }
@@ -336,7 +336,7 @@ in
                 };
                 "95-kelder" = {
                   matchConfig.Name = "kelder";
-                  address = [ "${lib.my.kelder.vpn.start}1/30" ];
+                  address = [ "${lib.my.kelder.start.vpn.v4}1/30" ];
                 };
               } ];
             };
@@ -388,7 +388,7 @@ in
 
                     {
                       port = 6922;
-                      dst = "${lib.my.kelder.vpn.start}2";
+                      dst = "${lib.my.kelder.start.vpn.v4}2";
                       dstPort = "ssh";
                     }
                   ];

nixos/boxes/colony/vms/shill/containers/middleman/default.nix

@@ -167,6 +167,14 @@
                   dnsProvider = "cloudflare";
                   credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
                 };
+
+                "${lib.my.kelder.domain}" = {
+                  extraDomainNames = [
+                    "*.${lib.my.kelder.domain}"
+                  ];
+                  dnsProvider = "cloudflare";
+                  credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
+                };
               };
             };
           };

nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix

@@ -45,6 +45,8 @@ let
     };
     "/.well-known/webfinger".return = "301 https://toot.nul.ie$request_uri";
   };
+
+  kelderUpstream = "http://${lib.my.kelder.start.vpn.v4}2:80";
 in
 {
   my = {
@@ -368,6 +370,39 @@ in
         };
         useACMEHost = lib.my.pubDomain;
       };
+
+      "torrents.${lib.my.kelder.domain}" = {
+        locations."/".proxyPass = kelderUpstream;
+        useACMEHost = lib.my.kelder.domain;
+      };
+      "jackett.${lib.my.kelder.domain}" = {
+        locations."/".proxyPass = kelderUpstream;
+        useACMEHost = lib.my.kelder.domain;
+      };
+      "radarr.${lib.my.kelder.domain}" = {
+        locations."/" = {
+          proxyPass = kelderUpstream;
+          proxyWebsockets = true;
+          extraConfig = lib.my.nginx.proxyHeaders;
+        };
+        useACMEHost = lib.my.kelder.domain;
+      };
+      "sonarr.${lib.my.kelder.domain}" = {
+        locations."/" = {
+          proxyPass = kelderUpstream;
+          proxyWebsockets = true;
+          extraConfig = lib.my.nginx.proxyHeaders;
+        };
+        useACMEHost = lib.my.kelder.domain;
+      };
+      "media.${lib.my.kelder.domain}" = {
+        locations."/" = {
+          proxyPass = kelderUpstream;
+          proxyWebsockets = true;
+          extraConfig = lib.my.nginx.proxyHeaders;
+        };
+        useACMEHost = lib.my.kelder.domain;
+      };
     };
 
     minio =