5 changed files with 99 additions and 99 deletions
--- a/modules/nixos/services/traefik-proxy/default.nix
+++ b/modules/nixos/services/traefik-proxy/default.nix
@ -32,6 +32,7 @@ in
          websecure = {
            address = ":443";
            asDefault = true;
+            http.tls.certResolver = "letsencrypt";
          };
        };
      };
@ -41,6 +42,7 @@ in
    # Configure Letsencrypt
    services.traefik.staticConfigOptions = {
      certificatesResolvers.letsencrypt.acme = {
+        email = "kb01@kb-one.de";
        tlsChallenge = {};
        storage = "/var/secrets/traefik/acme.json";
      };
--- a/modules/nixos/suites/nas/default.nix
+++ b/modules/nixos/suites/nas/default.nix
@ -10,12 +10,10 @@ let
  cfg = config.suites.nas;
 in
 {
-  # imports = [
-  # ];
-
-  ###########
-  # Options #
-  ###########
+  imports = [
+    ./jellyfin.nix
+    ./kavita.nix
+  ];
  options.suites.nas.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = false;
@ -33,22 +31,18 @@ in
  };
  options.suites.nas.media.folder = lib.mkOption {
    type = with lib.types; str;
-    default = "/home/media";
+    default = "/home/media/media";
    description = "Media Root Directory";
  };
-  options.suites.nas.media.servers.enable = lib.mkOption {
-    type = with lib.types; uniq bool;
-    default = true;
-    description = "Enable Preconfigured Media Servers";
-  };

+  # Media Config
+  config = lib.mkIf (cfg.enable && cfg.media.enable) {

-  # NAS Config
-  config = lib.mkIf (cfg.enable) {
+    # Media Defaults
+    suites.nas.media.jellyfin.enable = true;
+    suites.nas.media.kavita.enable = false;

-    #########
-    # Users #
-    #########
+    # Create Media User
    users.groups.media = {};
    users.users.media = {
      isSystemUser = true;
@ -58,70 +52,8 @@ in
      home = "/home/media";
    };

-    ##################
-    # Network Drives #
-    ##################
-    services.samba = {
-      enable = true;
-      openFirewall = true;
-      settings = {
-        global = {
-          # Discorvery
-          "workgroup" = "WORKGROUP";
-          "netbios name" = "mow0m";
-          "netbios aliases" = "";
-          "server string" = "mow0m Server";
-          # Guest Access
-          #"restrict anonymous" = "0"; # Default 0
-          "guest account" = "nobody";
-          "map to guest" = "Bad User";
-          # Security
-          "local master" = "True";
-          "create mask" = "0664";
-          "directory mask" = "0775";
-          #"ntlm auth" = "False";
-          security = "user";
-          "invalid users" = [ "root" ];
-          "passwd program" = "/run/wrappers/bin/passwd %u";
-          # Networking
-          "winbind request timeout" = "2";
-        };
-        media = {
-          comment = "Public Media Share";
-          browsable = "yes";
-          "guest ok" = "yes"; # same as public = true
-          "writable" = "yes";
-          path = "/laowu/media";
-          "create mask" = "0644";
-          "directory mask" = "0755";
-          "force user" = "media";
-          "force group" = "media";
-        };
-      };
-    };
-    services.samba-wsdd = { # Web Service Discorvery Daemon
-      enable = true;
-      openFirewall = true;
-    };
-    networking.firewall.allowPing = true;
-
-
-    #################
-    # Media Servers #
-    #################
-    # Jellyfin
-    services.jellyfin.enable = cfg.media.servers.enable;
-    services.jellyfin.user = "media";
-    services.traefik.dynamicConfigOptions = {
-      http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
-      http.routers.jellyfin.entrypoints = "websecure";
-      http.routers.jellyfin.tls = true;
-      #http.routers.jellyfin.tls.certresolver = "letsencrypt";
-      http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
-      http.routers.jellyfin.service = "jellyfin";
-    };
-
-
  };

+
 }
+
--- a/modules/nixos/suites/nas/jellyfin.nix
+++ b/modules/nixos/suites/nas/jellyfin.nix
@ -0,0 +1,41 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.suites.nas.media.jellyfin;
+in
+{
+  options.suites.nas.media.jellyfin.enable = lib.mkOption {
+    type = with lib.types; uniq bool;
+    default = false;
+    description = "Enable Preconfigured Jellyfin Config";
+  };
+  options.suites.nas.media.jellyfin.subdomain = lib.mkOption {
+    type = with lib.types; string;
+    default = "watch";
+    description = "Subdomain for Jellyfin Server";
+  };
+
+  config = lib.mkIf (cfg.enable) {
+
+    services.jellyfin.enable = true;
+    services.jellyfin.user = "media";
+    
+    # Configure Reverse-Proxy
+    services.traefik.dynamicConfigOptions = {
+      http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
+      http.routers.jellyfin.entrypoints = "websecure";
+      http.routers.jellyfin.tls = true;
+      #http.routers.jellyfin.tls.certresolver = "letsencrypt";
+      http.routers.jellyfin.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)";
+      http.routers.jellyfin.service = "jellyfin";
+    };
+
+  };
+}
+
--- a/modules/nixos/suites/nas/kavita.nix
+++ b/modules/nixos/suites/nas/kavita.nix
@ -0,0 +1,42 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.suites.nas.media.kavita;
+in
+{
+  options.suites.nas.media.kavita.enable = lib.mkOption {
+    type = with lib.types; uniq bool;
+    default = false;
+    description = "Enable Preconfigured kavita Config";
+  };
+  options.suites.nas.media.kavita.subdomain = lib.mkOption {
+    type = with lib.types; string;
+    default = "read";
+    description = "Kavita Subdomain";
+  };
+
+  config = lib.mkIf (cfg.enable) {
+
+    services.kavita.enable = true;
+    services.kavita.user = "media";
+    services.kavita.tokenKeyFile = "/home/media/secrets/kavita-secret";
+    
+    # Configure Reverse-Proxy
+    services.traefik.dynamicConfigOptions = {
+      http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
+      http.routers.kavita.entrypoints = "websecure";
+      http.routers.kavita.tls = true;
+      #http.routers.kavita.tls.certresolver = "letsencrypt";
+      http.routers.kavita.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)";
+      http.routers.kavita.service = "kavita";
+    };
+
+  };
+}
+
--- a/systems/x86_64-linux/mow0m/default.nix
+++ b/systems/x86_64-linux/mow0m/default.nix
@ -10,7 +10,6 @@
  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
  };
-  nix.settings.trusted-users=[ "remotebuild" ];

  # Networking
  networking.hostName = "mow0m";
@ -37,18 +36,9 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICc3ShcoW5cPw1sbwiKI8ldMNtPi5xb6FPd/oH4AoSJW kb@Ohybke"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGL0MCmqvwph9Py81MtAjpJHtw5ecyE3s3q/SQW+D7HJ wdlbrmft"
    ];
+
  };

-  users.users.remotebuild = {
-    isNormalUser = true;
-    createHome = true;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW6aXcRu9+eYHi6taG8uWiG3XMJ429sax8EMyLHa31C kissen@Lolquak"
-    ];
-  };
-
-
-
  # programs.firefox.enable = true;

  # System Packages: (search via $ nix search wget)
@ -73,13 +63,6 @@

  services.asterisk-phony.enable = true;

-  # Enable NAS Suite
-  suites.nas.enable = true;
-  suites.nas.domain = "mow0m.lan";
-  suites.nas.media.enable = true;
-  suites.nas.media.folder = "/laowu/media";
-  suites.nas.media.servers.enable = false;
-
  # Firewall
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];