From 3fcde8ba62032fe7e52f82b1657c8fafae343464 Mon Sep 17 00:00:00 2001
From: Snorre <snorre@altschul.dk>
Date: Tue, 4 Mar 2025 12:52:52 +0100
Subject: [PATCH] cleaned up services

---
 flake.lock             | 72 ++++++++++++++++++++++++++++++++++++++++++
 services/forgejo.nix   | 20 ++++--------
 services/jellyfin.nix  |  6 +++-
 services/nextcloud.nix | 30 +++++++++++-------
 services/nginx.nix     |  3 ++
 services/sonarr.nix    | 17 ++++++++++
 6 files changed, 121 insertions(+), 27 deletions(-)
 create mode 100644 services/sonarr.nix

diff --git a/flake.lock b/flake.lock
index 6927d65..b5dc3ba 100755
--- a/flake.lock
+++ b/flake.lock
@@ -97,6 +97,24 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -138,6 +156,28 @@
         "type": "github"
       }
     },
+    "microvm": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "spectrum": "spectrum"
+      },
+      "locked": {
+        "lastModified": 1739104176,
+        "narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=",
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "astro",
+        "repo": "microvm.nix",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1740560979,
@@ -174,6 +214,7 @@
         "agenix": "agenix",
         "disko": "disko",
         "home-manager": "home-manager_2",
+        "microvm": "microvm",
         "nixpkgs": "nixpkgs",
         "simple-nixos-mailserver": "simple-nixos-mailserver"
       }
@@ -201,6 +242,22 @@
         "type": "gitlab"
       }
     },
+    "spectrum": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733308308,
+        "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
+        "ref": "refs/heads/main",
+        "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
+        "revCount": 792,
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://spectrum-os.org/git/spectrum"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -215,6 +272,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/services/forgejo.nix b/services/forgejo.nix
index 6b64a92..9de7f0c 100755
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
+{...}: let
   host = "127.0.0.1";
   port = 6969;
 in {
@@ -21,7 +16,7 @@ in {
       server = {
         DOMAIN = "git.spoodythe.one";
         HTTP_PORT = port;
-        ROOT_URL = "http://${host}:${toString port}";
+        ROOT_URL = "https://git.spoodythe.one";
       };
 
       service.DISABLE_REGISTRATION = true;
@@ -33,11 +28,7 @@ in {
     };
   };
 
-  networking.firewall.allowedTCPPorts = [80 443];
-  networking.firewall.allowedUDPPorts = [80 443];
-
-  services.nginx.
-    virtualHosts."git.spoodythe.one" = {
+  services.nginx.virtualHosts."git.spoodythe.one" = {
     addSSL = true;
     enableACME = true;
     locations."/" = {
@@ -45,6 +36,7 @@ in {
     };
   };
 
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "snorre@altschul.dk";
+  # Open port 80 and 443 for reverse proxy
+  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [80 443];
 }
diff --git a/services/jellyfin.nix b/services/jellyfin.nix
index db769f9..e60af47 100644
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@@ -20,7 +20,7 @@ in {
   # Enable Jellyfin
   services.jellyfin = {
     enable = true;
-    openFirewall = false;
+    openFirewall = false; # We want jellyfin behind a reverse proxy
   };
 
   # Route subdomain traffic to jellyfin
@@ -39,4 +39,8 @@ in {
       proxyPass = "http://${host}:${toString port}";
     };
   };
+
+  # Open port 80 and 443 for reverse proxy
+  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [80 443];
 }
diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 4cf032b..6d914e4 100755
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -1,26 +1,32 @@
 {pkgs, ...}: let
   nextcloud-pkg = pkgs.nextcloud30;
+  host = "127.0.0.1";
+  port = 8008;
 in {
-  imports = [
-    "${fetchTarball {
-      url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
-      sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
-    }}/nextcloud-extras.nix"
-  ];
-
   services.nextcloud = {
     enable = true;
     package = nextcloud-pkg;
     hostName = "localhost";
     config.adminpassFile = "/var/lib/db/nextcloud/admin-password";
     config.dbtype = "sqlite";
-    webserver = "caddy";
   };
 
+  # Place nextcloud behind a reverse proxy
+  services.nginx.virtualHosts."localhost".listen = [
+    {
+      addr = host;
+      port = port;
+    }
+  ];
+  services.nginx.virtualHosts."nextcloud.spoodythe.one" = {
+    addSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${host}:${toString port}";
+    };
+  };
+
+  # Open port 80 and 443 for reverse proxy
   networking.firewall.allowedTCPPorts = [80 443];
   networking.firewall.allowedUDPPorts = [80 443];
-
-  environment.systemPackages = [
-    nextcloud-pkg
-  ];
 }
diff --git a/services/nginx.nix b/services/nginx.nix
index 63b27f6..cc0b9ad 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -6,4 +6,7 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
   };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "snorre@altschul.dk";
 }
diff --git a/services/sonarr.nix b/services/sonarr.nix
new file mode 100644
index 0000000..26a81e2
--- /dev/null
+++ b/services/sonarr.nix
@@ -0,0 +1,17 @@
+{...}: let
+  host = "127.0.0.1";
+  port = 8989;
+in {
+  services.sonarr = {
+    enable = true;
+    openFirewall = false; # Hide sonarr behind firewall
+  };
+
+  services.nginx.virtualHosts."git.spoodythe.one" = {
+    addSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${host}:${toString port}";
+    };
+  };
+}