its working

configuration.nix

@@ -3,7 +3,7 @@
     ./services/openssh.nix
     ./services/forgejo.nix
     ./services/vaultwarden.nix
-    # ./services/jellyfin.nix
+    ./services/jellyfin.nix
     # ./services/mailserver.nix
     ./services/misc.nix
 

home.nix

@@ -1,4 +1,4 @@
-{username ? throw "no username provided"}: {pkgs,...}: {
+{username ? throw "no username provided"}: {pkgs, ...}: {
   imports = [];
 
   home.username = username;

services/forgejo.nix

@@ -33,13 +33,25 @@ in {
     };
   };
 
-  networking.firewall.allowedTCPPorts = [port];
-  networking.firewall.allowedUDPPorts = [port];
+  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [80 443];
 
-  services.caddy = {
+  services.nginx = {
     enable = true;
-    virtualHosts."git.spoodythe.one".extraConfig = ''
-      reverse_proxy * ${host}:${toString port}
-    '';
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."git.spoodythe.one" = {
+      addSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://${host}:${toString port}";
+      };
+    };
   };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "snorre@altschul.dk";
 }

services/jellyfin.nix

@@ -39,8 +39,8 @@ in {
     recommendedTlsSettings = true;
 
     virtualHosts."media.spoodythe.one" = {
-      # addSSL = true;
-      # enableACME = true;
+      addSSL = true;
+      enableACME = true;
       locations."/" = {
         proxyPass = "http://${host}:${toString port}";
       };