manatee: Expose komga publicly via komga.ppp.pm

2026-03-02 21:41:41 +01:00
parent 65569f6b57
commit 4f5de3b4cc
3 changed files with 53 additions and 26 deletions
--- a/hosts/manatee/modules/certs/default.nix
+++ b/hosts/manatee/modules/certs/default.nix
@@ -20,6 +20,19 @@
          "--http-timeout=60"
        ];
      };
+
+      "komga.ppp.pm" = {
+        dnsProvider = "hetzner";
+        environmentFile = config.age.secrets.hetzner-dns.path;
+        group = "nginx";
+
+        extraLegoFlags = [
+          "--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
+          "--dns.propagation-wait=60s"
+          "--dns-timeout=60"
+          "--http-timeout=60"
+        ];
+      };
    };
  };

--- a/hosts/manatee/modules/home-assistant/default.nix
+++ b/hosts/manatee/modules/home-assistant/default.nix
@@ -160,13 +160,13 @@ in

    user = {
      timers = {
-        "update-hetzner-ha-dns" = {
+        "update-hetzner-dns" = {
          unitConfig = {
-            Description = "updates Hetzner DNS for home-assistant";
+            Description = "updates Hetzner DNS records";
          };

          timerConfig = {
-            Unit = "update-hetzner-ha-dns.service";
+            Unit = "update-hetzner-dns.service";
            OnCalendar = "*-*-* *:00/30:00";
            Persistent = true;
          };
@@ -176,9 +176,9 @@ in
      };

      services = {
-        "update-hetzner-ha-dns" = {
+        "update-hetzner-dns" = {
          unitConfig = {
-            Description = "updates Hetzner DNS for home-assistant";
+            Description = "updates Hetzner DNS records";
          };

          serviceConfig = {
@@ -188,26 +188,28 @@ in

          path = [
            pkgs.curl
-            pkgs.coreutils # For `cat`
+            pkgs.coreutils
            pkgs.jq
          ];

          script = ''
-            LAST_IP_FILE="/tmp/hetzner-dns-ha-ip"
+            SUBDOMAINS="ha komga"
            INTERFACE="enp3s0"

            CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)

+            for SUBDOMAIN in $SUBDOMAINS; do
+              LAST_IP_FILE="/tmp/hetzner-dns-''${SUBDOMAIN}-ip"
+
              LAST_IP=""
              if [[ -f "$LAST_IP_FILE" ]]; then
                  LAST_IP=$(cat "$LAST_IP_FILE")
              fi

              if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
-                echo "IP unchanged, NOOP update."
-                exit 0
+                  echo "$SUBDOMAIN: IP unchanged, NOOP update."
              else
-                echo "Updating IP"
+                  echo "$SUBDOMAIN: Updating IP"

                  JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')

@@ -217,9 +219,10 @@ in
                    -H "Authorization: Bearer $HETZNER_API_TOKEN" \
                    -H "Content-Type: application/json" \
                    -d "$JSON_BODY" \
-                  "https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/ha/A/actions/set_records" \
+                    "https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/''${SUBDOMAIN}/A/actions/set_records" \
                    && echo $CURRENT_IP > $LAST_IP_FILE
              fi
+            done
          '';
        };
      };
--- a/hosts/manatee/modules/komga/default.nix
+++ b/hosts/manatee/modules/komga/default.nix
@@ -47,6 +47,7 @@ in
        server.port = 8002;
        komga."cors.allowed-origins" = [
          "http://manatee:8888"
+          "https://komga.ppp.pm"
        ];
      };

@@ -68,6 +69,16 @@ in
          tryFiles = "$uri $uri/ /komga-reader.html";
        };
      };
+
+      virtualHosts."komga.ppp.pm" = {
+        forceSSL = true;
+        useACMEHost = "komga.ppp.pm";
+
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8002";
+          proxyWebsockets = true;
+        };
+      };
    };

    networking.firewall.allowedTCPPorts = [ 8888 ];