Streaming across Tailscale for the win

2026-03-27 01:17:42 -04:00 · 2025-01-28 22:17:34 -05:00 · 2025-01-28 22:17:34 -05:00 · 2810ed2ffd
commit 2810ed2ffd
parent 924766af58
2 changed files with 18 additions and 2 deletions
--- a/modules/hosts/nixos/hetznix01/default.nix
+++ b/modules/hosts/nixos/hetznix01/default.nix
@ -29,7 +29,9 @@
      443  # https to local Nginx
      465  # SMTP with TLS
      587  # SMTP with STARTTLS
+      8333 # Bitcoin Core
      8448 # Matrix Synapse
+      9735 # LND
    ];
    # firewall.allowedUDPPorts = [ ... ];
    # Or disable the firewall altogether.
--- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix
@ -2,6 +2,7 @@
  domain = "technicalissues.us";
  http_port = 80;
  https_port = 443;
+  private_btc = "100.83.153.7";
 in {

  services.nginx = {
@ -19,6 +20,19 @@ in {
      }
      add_header Strict-Transport-Security $hsts_header;
    '';
+    streamConfig = ''
+      server {
+        listen 0.0.0.0:8333;
+        listen [::]:8333;
+        proxy_pass ${private_btc}:8333;
+      }
+
+      server {
+        listen 0.0.0.0:9735;
+        listen [::]:9735;
+        proxy_pass ${private_btc}:9735;
+      }
+    '';
    virtualHosts = {
      "hetznix01.${domain}" = {
        serverAliases = [
@ -70,9 +84,9 @@ in {
        acmeRoot = null;
        forceSSL = true;
       # basicAuthFile = config.sops.secrets.owntracks_basic_auth.path;
-        # Albyhub container
+        # Albyhub via Tailscale
        locations."/" = {
-          proxyPass = "http://127.0.0.1:8080";
+          proxyPass = "http://${private_btc}:59000";
          proxyWebsockets = true;
        };
      };