feat: add gonic

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
feat: prevent dns leaks
2025-09-21 12:11:00 +02:00 · 2025-09-21 11:46:09 +02:00
2 changed files with 29 additions and 0 deletions
--- a/hosts/servers/hosting-02.nix
+++ b/hosts/servers/hosting-02.nix
@ -23,6 +23,7 @@
    publicKey = "KkShcqgwbkX2A9n1hhST6qu+m3ldxdJ2Lx8Eiw6mdXw=";
    endpoint = "146.70.117.226:51820";
    privateKeyFile = config.sops.secrets.wireguardKey.path;
+    dns = "10.64.0.1";
  };

  services.storagebox = {
@ -67,6 +68,24 @@
    };
  };

+  services.gonic = {
+    enable = true;
+    settings = {
+      music-path = [ "/data/music" ];
+      podcast-path = [ "/data/podcast" ];
+      playlists-path = [ "/data/playlists" ];
+    };
+  };
+
+  services.nginx.virtualHosts."music.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:4747";
+      proxyWebsockets = true;
+    };
+  };
+
  sops = {
    defaultSopsFile = ./hosting-02.yaml;
    secrets = {
--- a/modules/nixos/namespaced-vpn.nix
+++ b/modules/nixos/namespaced-vpn.nix
@ -47,6 +47,11 @@ in
      type = types.str;
      default = "10.10.10.2/30";
    };
+
+    dns = mkOption {
+      type = types.str;
+      default = "9.9.9.9";
+    };
  };

  config = mkIf cfg.enable {
@ -138,5 +143,10 @@ in
      };
    };

+    environment.etc."netns/${cfg.namespace}/resolv.conf" = {
+      text = ''
+        nameserver ${cfg.dns}
+      '';
+    };
  };
 }
Author	SHA1	Message	Date
Lander Van den Bulcke	a3bd66771e	feat: add gonic Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-09-21 12:11:00 +02:00
Lander Van den Bulcke	87f425b1c6	feat: prevent dns leaks Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-09-21 11:46:09 +02:00