cleanup

modules/nixos/services/actual/default.nix

@@ -102,13 +102,16 @@ let
     bindMounts = bindMounts;
     config = actualConfig;
   }) { inherit lib; };
-in
-{
-  imports = [ ./options.nix ];
 
-  config = mkIf cfg.enable {
+  fullConfig = {
     ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable {
       reverseProxies = [ reverseProxyConfig ];
     };
   } // actualContainer;
+in
+{
+  imports = [ ./options.nix ];
+  
+  config = mkIf cfg.enable fullConfig;
 }
+

modules/nixos/services/gitea/default.nix

@@ -7,39 +7,13 @@
 with lib;
 let
   cfg = config.${namespace}.services.gitea;
-  hostAddress = "10.0.1.3";
-  # localAddress = "10.0.4.18";
-  # httpPort = 3000;
-  # sshPort = 2222;
   rootUrl = "https://gitea.mjallen.dev/";
-  # stateDir = "/media/nas/main/nix-app-data/gitea";
   dataDir = "/var/lib/gitea";
   secretsDir = "/run/secrets/jallen-nas/gitea";
   mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
   metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
-in
-{
-  imports = [ ./options.nix ];
-  config = mkIf cfg.enable {
-    containers.gitea = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = hostAddress;
-      localAddress = cfg.localAddress;
 
-      bindMounts = {
-        ${dataDir} = {
-          hostPath = cfg.dataDir;
-          isReadOnly = false;
-        };
-        secrets = {
-          hostPath = secretsDir;
-          isReadOnly = true;
-          mountPoint = secretsDir;
-        };
-      };
-
-      config =
+  serviceConfig = 
     { lib, ... }:
     {
       services.gitea = {
@@ -100,46 +74,42 @@ in
       services.resolved.enable = true;
       system.stateVersion = "23.11";
     };
+  
+  bindMounts = {
+    ${dataDir} = {
+      hostPath = cfg.dataDir;
+      isReadOnly = false;
+    };
+    secrets = {
+      hostPath = secretsDir;
+      isReadOnly = true;
+      mountPoint = secretsDir;
+    };
   };
 
-    services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
-      services.gitea.loadBalancer.servers = [
-        {
+  # Create reverse proxy configuration using mkReverseProxy
+  reverseProxyConfig = lib.${namespace}.mkReverseProxy {
+    name = "gitea";
+    subdomain = cfg.reverseProxy.subdomain;
     url = "http://${cfg.localAddress}:${toString cfg.httpPort}";
-        }
-      ];
-      routers.gitea = {
-        entryPoints = [ "websecure" ];
-        rule = "Host(`${cfg.reverseProxy.host}`)";
-        service = "gitea";
     middlewares = cfg.reverseProxy.middlewares;
-        tls.certResolver = "letsencrypt";
-      };
   };
 
-    networking = {
-      nat = {
-        forwardPorts = [
+  containerConfig = (lib.${namespace}.mkContainer {
+    name = "gitea";
+    localAddress = cfg.localAddress;
+    port = cfg.httpPort;
+    bindMounts = bindMounts;
+    config = serviceConfig;
+  }) { inherit lib; };
+
+  giteaConfig = {
+    ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable {
+      reverseProxies = [ reverseProxyConfig ];
+    };
+  } // containerConfig;
+in
 {
-            destination = "${cfg.localAddress}:${toString cfg.httpPort}";
-            sourcePort = cfg.httpPort;
-          }
-          {
-            destination = "${cfg.localAddress}:${toString cfg.sshPort}";
-            sourcePort = cfg.sshPort;
-          }
-        ];
-      };
-      firewall = {
-        allowedTCPPorts = [
-          cfg.httpPort
-          cfg.sshPort
-        ];
-        allowedUDPPorts = [
-          cfg.httpPort
-          cfg.sshPort
-        ];
-      };
-    };
-  };
+  imports = [ ./options.nix ];
+  config = mkIf cfg.enable giteaConfig;
 }

modules/nixos/services/gitea/options.nix

@@ -24,19 +24,6 @@ with lib;
       default = "";
     };
 
-    reverseProxy = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-      host = mkOption {
-        type = types.str;
-        default = "";
-      };
-      middlewares = mkOption {
-        type = with types; listOf str;
-        default = [ ];
-      };
-    };
+    reverseProxy = lib.${namespace}.mkReverseProxyOpt;
   };
 }

modules/nixos/services/nextcloud/default.nix

@@ -20,9 +20,9 @@ let
   nextcloudPortExtHttps = 9943;
   onlyofficePortExt = 9943;
 
-  nextcloudPhotos = pkgs.${namespace}.photos;
-  nextcloudPdfViewer = pkgs.${namespace}.pdfviewer;
-  nextcloudAssist = pkgs.${namespace}.assistant;
+  nextcloudPhotos = pkgs.${namespace}.nextcloud-app-photos;
+  nextcloudPdfViewer = pkgs.${namespace}.nextcloud-app-pdfviewer;
+  nextcloudAssist = pkgs.${namespace}.nextcloud-app-assistant;
 in
 {
   imports = [ ./options.nix ];

packages/nextcloud/nextcloud-app-assistant/default.nix

@@ -3,7 +3,7 @@
   ...
 }:
 fetchNextcloudApp {
-  name = "assistant";
+  name = "nextcloud-app-assistant";
   sha256 = "sha256-kW2rbgfhCg4RHp/RW+L1vuoyVXOp5r4Mc1VdI0g5cXA=";
   url = "https://github.com/nextcloud/assistant/archive/refs/tags/v2.8.0.tar.gz";
   license = "agpl3Only";

packages/nextcloud/nextcloud-app-pdfviewer/default.nix

@@ -3,7 +3,7 @@
   ...
 }:
 fetchNextcloudApp {
-  name = "files_pdfviewer";
+  name = "nextcloud-app-files_pdfviewer";
   sha256 = "sha256-TeNOzRczeXK15DURrZ5al0cvXhRj7+y1VA4axPROvD4=";
   url = "https://github.com/nextcloud/files_pdfviewer/archive/refs/tags/v31.0.8.tar.gz";
   license = "agpl3Only";

packages/nextcloud/nextcloud-app-photos/default.nix

@@ -3,7 +3,7 @@
   ...
 }:
 fetchNextcloudApp {
-  name = "photos";
+  name = "nextcloud-app-photos";
   sha256 = "sha256-F2hh/0RlLG2zcEatfd4fejRV0i2hMkwONM4P7nhdh18=";
   url = "https://github.com/nextcloud/photos/archive/refs/tags/v31.0.8.tar.gz";
   license = "agpl3Only";

systems/x86_64-linux/jallen-nas/apps.nix

@@ -79,7 +79,7 @@
         dataDir = "/media/nas/main/nix-app-data/gitea";
         reverseProxy = {
           enable = true;
-          host = "gitea.mjallen.dev";
+          subdomain = "gitea";
           middlewares = [
             "crowdsec"
             "whitelist-geoblock"