Add frontends

hosts/muho/configuration.nix

@@ -1,9 +1,8 @@
 { config, lib, pkgs, inputs, system, ... }:
 let cfg = config.mods;
-
 in {
   # Hardware
-  imports = [ ./hardware-configuration.nix ];
+  imports = [ ./hardware-configuration.nix ../ports.nix ];
 
   # System
   mods.user.name = "muon";
@@ -11,6 +10,10 @@ in {
   networking.hostId = "56e55e83";
   mods.home.file = ./home.nix;
 
+  # Hosting
+  networking.firewall.allowedTCPPorts =
+    lib.attrsets.mapAttrsToList (name: value: value) cfg.server.nginx.ports;
+
   # Modules
   mods.desktop.enable = true;
   mods.desktop.gaming.enable = true;
@@ -21,6 +24,8 @@ in {
 
   mods.server.photos.enable = true;
   mods.server.search.enable = true;
+  mods.server.videos.enable = true;
+  mods.server.reddit.enable = true;
 
   mods.tailscale.enable = true;
   mods.wireguard.id = 3;

hosts/mups/configuration.nix

@@ -9,7 +9,7 @@ let
 
 in {
   # Hardware
-  imports = [ ./hardware-configuration.nix ];
+  imports = [ ./hardware-configuration.nix ../ports.nix ];
 
   # System
   mods.user.name = "muon";
@@ -42,16 +42,18 @@ in {
   boot.loader.grub.device = "/dev/vda";
   boot.initrd.checkJournalingFS = false;
 
-  # services.static-web-server = {
+  services.static-web-server = {
-  #   enable = true;
+    enable = true;
-  #   listen = "[::]:80";
+    listen = "[::]:8008";
-  #   root = "/var/www";
+    root = "/var/www";
-  #   configuration = {
+    configuration = { general = { directory-listing = true; }; };
-  #     general = { 
+  };
-  #       directory-listing = true;
+  services.nginx.virtualHosts."muon.host" = {
-  #     };
+    enableACME = true;
-  #   };
+    forceSSL = true;
-  # };
+    default = true;
+    locations."/" = { proxyPass = "http://localhost:8008"; };
+  };
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;

hosts/ports.nix

@@ -0,0 +1,9 @@
+{ pkgs, lib, config, ... }: {
+  mods.server.nginx.ports = {
+    photos = 3001;
+
+    search = 8081;
+    videos = 8082;
+    reddit = 8083;
+  };
+}

modules/nixos/server/default.nix

@@ -11,5 +11,6 @@
     ./photoprism.nix
     ./search.nix
     ./nginx.nix
+    ./frontends.nix
   ];
 }

modules/nixos/server/frontends.nix

@@ -0,0 +1,41 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.mods.server;
+  ports = cfg.nginx.ports;
+in with lib; {
+  options.mods.server = {
+    videos = {
+      enable = mkEnableOption {
+        default = false;
+        description = "enables invidious server";
+      };
+    };
+
+    reddit = {
+      enable = mkEnableOption {
+        default = false;
+        description = "enables redlib server";
+      };
+    };
+  };
+
+  config = {
+    services.invidious = mkIf cfg.videos.enable {
+      enable = true;
+      address = "0.0.0.0";
+      port = ports.videos;
+
+      settings = {
+        db.user = "invidious";
+        db.dbname = "invidious";
+      };
+    };
+
+    services.redlib = mkIf cfg.reddit.enable {
+      enable = true;
+      openFirewall = true;
+      address = "0.0.0.0";
+      port = ports.reddit;
+    };
+  };
+}

modules/nixos/server/media.nix

@@ -1,10 +1,10 @@
 { pkgs, lib, config, ... }:
 let
   cfg = config.mods.server;
-  port = 2283;
+  port = cfg.nginx.ports.photos;
 in with lib; {
   options.mods.server = {
-    videos = {
+    movies = {
       enable = mkEnableOption {
         default = false;
         description = "enables jellyfin server";
@@ -20,24 +20,12 @@ in with lib; {
   };
 
   config = {
-    services.jellyfin = mkIf cfg.videos.enable {
+    services.jellyfin = mkIf cfg.movies.enable {
       enable = true;
       openFirewall = true;
       user = "${config.mods.user.name}";
     };
 
-    # mods.server.nginx.ports.photos = port;
-    services.nginx.virtualHosts."photos.muon.host" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://10.0.0.3:${toString port}";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-        extraConfig =
-          # required when the server wants to use HTTP Authentication
-          "proxy_pass_header Authorization;";
-      };
-    };
     services.immich = mkIf cfg.photos.enable {
       enable = true;
       openFirewall = true;

modules/nixos/server/nginx.nix

@@ -71,18 +71,19 @@ in with lib; {
         proxy_pass_header Authorization;
       '';
 
-      # virtualHosts = let
+      virtualHosts = let
-      #   base = locations: {
+        base = locations: {
-      #     inherit locations;
+          inherit locations;
 
-      #     forceSSL = true;
+          forceSSL = true;
-      #     enableACME = true;
+          enableACME = true;
-      #   };
+        };
-      #   proxy = port:
+        proxy = port:
-      #     base { "/".proxyPass = "http://${cfg.ip}:${toString port}/"; };
+          base { "/".proxyPass = "http://${cfg.ip}:${toString port}/"; };
-      # in mapAttrs' (name: port:
+      in mapAttrs' (name: port:
-      #   nameValuePair ("${name}.${cfg.domain}")
+        nameValuePair ("${name}.${cfg.domain}")
-      #   (proxy port // { default = true; })) cfg.ports;
+        # (proxy port // { default = true; })) cfg.ports;
+        (proxy port)) cfg.ports;
     };
   };
 }

modules/nixos/server/search.nix

@@ -2,7 +2,7 @@
 let
   inherit (lib) types mkOption mkEnableOption;
   cfg = config.mods.server.search;
-  port = 8081;
+  port = config.mods.server.nginx.ports.search;
 in {
   options.mods.server.search = {
     enable = mkEnableOption {
@@ -12,27 +12,9 @@ in {
   };
 
   config = {
-    # mods.server.nginx.ports.search = port;
-    services.nginx.virtualHosts."search.muon.host" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://10.0.0.3:${toString port}";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-        extraConfig =
-          # required when the server wants to use HTTP Authentication
-          "proxy_pass_header Authorization;";
-      };
-    };
     services.searx = lib.mkIf cfg.enable {
       enable = true;
 
-      # runInUwsgi = true;
-      # uwsgiConfig = {
-      #   disable-logging = true;
-      #   http = ":${toString port}";
-      # };
-
       settings = {
         server.port = port;
         server.bind_address = "0.0.0.0";