From 6746a035b4fc7f129fcf6206449ec0320c5ec694 Mon Sep 17 00:00:00 2001
From: Kaybee <kb01@kb-one.de>
Date: Tue, 15 Jul 2025 01:28:19 +0200
Subject: [PATCH] Configured Web-Servers for Public Access

---
 modules/nixos/suites/nas/default.nix   | 28 ++++++++++++++++----------
 systems/x86_64-linux/mow0m/default.nix |  2 +-
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/modules/nixos/suites/nas/default.nix b/modules/nixos/suites/nas/default.nix
index ef22d24..ed34c26 100644
--- a/modules/nixos/suites/nas/default.nix
+++ b/modules/nixos/suites/nas/default.nix
@@ -120,37 +120,43 @@ in
       enable = true;
       staticConfigOptions = {
         api = {
-          dashboard = true;
-          insecure = true;
+          dashboard = false;
+          insecure = false;
         };
         entryPoints = {
           http = {
             address = ":80";
-#            http.redirections.entrypoint = {
-#              to = "https";
-#              scheme = "https";
-#            };
+            http.redirections.entrypoint = {
+              to = "https";
+              scheme = "https";
+            };
           };
           https = {
             address = ":443";
           };
         };
+        certificatesResolvers.letsencrypt.acme = {
+          storage = "/run/secrets/acme.json";
+          httpchallenge.entrypoint = "http";
+        };
       };
     };
     services.traefik.dynamicConfigOptions = {
       # Traefik Dashbaord
-      http.routers.dashboard.rule = "Host(`traefik.mow0m`)";
+      http.routers.dashboard.rule = "Host(`traefik.hopp14.de`)";
       http.routers.dashboard.service = "api@internal";
       # Jellyfin
       http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
-      http.routers.jellyfin.entrypoints = "http";
-      http.routers.jellyfin.tls = false;
+      http.routers.jellyfin.entrypoints = "https";
+      #http.routers.jellyfin.tls = true;
+      http.routers.jellyfin.tls.certresolver = "letsencrypt";
       http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
       http.routers.jellyfin.service = "jellyfin";
       # Kavita
       http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
-      http.routers.kavita.entrypoints = "http";
-      http.routers.kavita.tls = false;
+      http.routers.kavita.entrypoints = "https";
+      #http.routers.kavita.tls = true;
+      http.routers.kavita.tls.certresolver = "letsencrypt";
       http.routers.kavita.rule = "Host(`kavita.${config.suites.nas.domain}`)";
       http.routers.kavita.service = "kavita";
     };
diff --git a/systems/x86_64-linux/mow0m/default.nix b/systems/x86_64-linux/mow0m/default.nix
index 0e1b7e5..890dbc9 100644
--- a/systems/x86_64-linux/mow0m/default.nix
+++ b/systems/x86_64-linux/mow0m/default.nix
@@ -76,7 +76,7 @@
   # Enable NAS Suite
   suites.nas.enable = true;
   suites.nas.debug = true;
-  suites.nas.domain = "mow0m";
+  suites.nas.domain = "hopp14.de";
   suites.nas.media.enable = true;
   suites.nas.media.folder = "/laowu/media";
   suites.nas.media.servers.enable = true;