From ac5236386b21260e5d66f1fac464f4aeef5393d8 Mon Sep 17 00:00:00 2001
From: vancycles-knak <henri.vandersleyen@knak.com>
Date: Mon, 2 Jun 2025 15:47:18 -0700
Subject: [PATCH] learned a few things + traefik works...nextcloud not

---
 nix-darwin/flakes/monolith/configuration.nix | 112 +++++++++++++++----
 1 file changed, 92 insertions(+), 20 deletions(-)

diff --git a/nix-darwin/flakes/monolith/configuration.nix b/nix-darwin/flakes/monolith/configuration.nix
index 15dcb3c7..1e142e23 100644
--- a/nix-darwin/flakes/monolith/configuration.nix
+++ b/nix-darwin/flakes/monolith/configuration.nix
@@ -64,7 +64,9 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCpHZBybBTCsCyW6/Q4OZ07SvUpRUvclc10u25j0B+Q hvandersleyen@gmail.com"
     ];
   };
-
+  security.sudo.extraConfig = ''
+    Defaults        timestamp_timeout=3600
+  '';
   environment.systemPackages = with pkgs; [
     sops
     git
@@ -137,8 +139,11 @@
           #   scheme = "https";
           # };
         };
-        # websecure = {
-        #   address = ":443";
+        websecure = {
+          address = ":443";
+        };
+        # log = {
+        #   level = "DEBUG";
         # };
       };
     };
@@ -150,7 +155,22 @@
             rule = "PathPrefix(`/n8n`)";
             service = "n8n-service";
             entryPoints = [ "web" ];
-            # middlewares = [ "strip-n8n-prefix" ];
+            middlewares = [ "strip-n8n-prefix" ];
+          };
+
+          gitea-router = {
+            rule = "PathPrefix(`/gitea`)";
+            service = "gitea-service";
+            entryPoints = [ "web" ];
+            middlewares = [ "strip-gitea-prefix" ];
+          };
+
+          nextcloud-router = {
+            #rule = "Host(`nextcloud.local`)";
+            rule = "PathPrefix(`/nextcloud`)";
+            service = "nextcloud-service";
+            entryPoints = [ "web" ];
+            middlewares = [ "strip-nextcloud-prefix" ];
           };
         };
 
@@ -160,25 +180,39 @@
               { url = "http://0.0.0.0:5678"; }
             ];
           };
+
+          gitea-service = {
+            loadBalancer.servers = [
+              { url = "http://0.0.0.0:3000"; }
+            ];
+          };
+
+          nextcloud-service = {
+            loadBalancer.servers = [
+              { url = "http://0.0.0.0:8081"; }
+            ];
+          };
+        };
+        middlewares = {
+          strip-n8n-prefix = {
+            stripPrefix.prefixes = [ "/n8n" ];
+          };
+
+          strip-gitea-prefix = {
+            stripPrefix.prefixes = [ "/gitea" ];
+          };
+
+          strip-nextcloud-prefix = {
+            stripPrefix.prefixes = [ "/nextcloud" ];
+          };
         };
-        # middlewares = {
-        #   strip-n8n-prefix = {
-        #     stripPrefix.prefixes = [ "/n8n" ];
-        #   };
-        # };
       };
     };
   };
+
   systemd.services.traefik.serviceConfig = {
     ReadWritePaths = [ "/var/lib/traefik" ];
   };
-  services.paperless = {
-    enable = true;
-  };
-  services.home-assistant = {
-    enable = false;
-    config = { };
-  };
   services.n8n = {
     enable = true;
     openFirewall = true;
@@ -191,17 +225,54 @@
   systemd.services.n8n.environment = {
     N8N_SECURE_COOKIE = "false";
     N8N_LISTEN_ADDRESS = "0.0.0.0";
+    N8N_PATH = "/n8n";
+  };
+  services.gitea = {
+    enable = true;
+    settings = {
+      server.ROOT_URL = "http://0.0.0.0/gitea/";
+    };
   };
+  environment.etc."nextcloud-admin-pass".text = "thisisnotsecure";
   services.nextcloud = {
     enable = false;
     hostName = meta.hostname;
-    # config.adminpassFile
+    config = {
+      adminpassFile = "/etc/nextcloud-admin-pass";
+      dbtype = "sqlite";
+    };
+    settings = {
+      trusted_domains = [ "192.168.4.129" ];
+    };
+    # phpOptions = {
+    #   "listen.port" = 8081;
+    # };
+    extraApps = {
+      inherit (config.services.nextcloud.package.packages.apps)
+        news
+        contacts
+        calendar
+        tasks
+        ;
+    };
+    extraAppsEnable = true;
   };
-  services.gitea = {
+  services.paperless = {
     enable = true;
   };
+  services.home-assistant = {
+    enable = false;
+    config = { };
+  };
   # networking
   networking = {
+    hosts = {
+      "192.168.4.129" = [
+        "nextcloud.local"
+        "gitea.local"
+        "n8n.local"
+      ];
+    };
     defaultGateway = "192.168.4.1"; # Point to Proxmox
     nameservers = [ "192.168.1.1" ]; # Ensure DNS resolution
     hostName = meta.hostname; # Define your hostname.
@@ -211,8 +282,9 @@
       allowedUDPPorts = [ 34197 ]; # Explicitly open Factorio port
       allowedTCPPorts = [
         80
-        5678 # n8n
-        3000 # gitea
+        # 8081
+        # 5678 # n8n
+        # 3000 # gitea
         27015
       ];
     };