refactor: standardized instance records

modules/config/instances/config/acme.nix

@@ -5,16 +5,16 @@ let
     sopsPath
     ;
 
-  acmeLabel = "Acme";
+  label = "Acme";
-  acmeName = "acme";
+  name = "acme";
 in
 {
-  label = acmeLabel;
+  label = label;
-  name = acmeName;
+  name = name;
   paths = {
     path0 = sslPath;
   };
   sops = {
-    path0 = "${sopsPath}/${acmeName}";
+    path0 = "${sopsPath}/${name}";
   };
 }

modules/config/instances/config/audiobookshelf.nix

@@ -1,13 +1,13 @@
 { instancesFunctions }:
 let
   inherit (instancesFunctions)
-    audiobookshelfLabel
-    audiobookshelfName
     domain0
     servicePath
     sslPath
     sopsPath
     ;
+  audiobookshelfLabel = "Audiobookshelf";
+  audiobookshelfName = "audiobookshelf";
   audiobookshelfSubdomain = "books";
   audiobookshelfDomain = "${audiobookshelfSubdomain}.${domain0}";
 in

modules/config/instances/config/forgejo.nix

@@ -7,32 +7,32 @@ let
     sopsPath
     ;
 
-  forgejoLabel = "Forgejo";
+  label = "Forgejo";
-  forgejoName = "forgejo";
+  name = "forgejo";
-  forgejoSubdomain = "source";
+  subdomain = "source";
-  forgejoDomain = "${forgejoSubdomain}.${domain3}";
+  domain = "${subdomain}.${domain3}";
 in
 {
-  label = forgejoLabel;
+  label = label;
-  name = forgejoName;
+  name = name;
   email = {
     address0 = "noreply@${domain3}";
   };
   sops = {
-    path0 = "${sopsPath}/${forgejoName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = forgejoDomain;
+    url0 = domain;
   };
-  subdomain = forgejoSubdomain;
+  subdomain = subdomain;
   paths = {
-    path0 = "${servicePath}/${forgejoLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 3033;
   };
   ssl = {
-    cert = "${sslPath}/${forgejoSubdomain}.${domain3}/fullchain.pem";
+    cert = "${sslPath}/${subdomain}.${domain3}/fullchain.pem";
-    key = "${sslPath}/${forgejoSubdomain}.${domain3}/key.pem";
+    key = "${sslPath}/${subdomain}.${domain3}/key.pem";
   };
 }

modules/config/instances/config/glance.nix

@@ -7,32 +7,32 @@ let
     sopsPath
     ;
 
-  glanceLabel = "Glance";
+  label = "Glance";
-  glanceName = "glance";
+  name = "glance";
-  glanceSubdomain = "dashboard";
+  subdomain = "dashboard";
-  glanceDomain = "${glanceSubdomain}.${domain0}";
+  domain = "${subdomain}.${domain0}";
 in
 {
-  label = glanceLabel;
+  label = label;
-  name = glanceName;
+  name = name;
   email = {
     address0 = "noreply@${domain0}";
   };
   sops = {
-    path0 = "${sopsPath}/${glanceName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = glanceDomain;
+    url0 = domain;
   };
-  subdomain = glanceSubdomain;
+  subdomain = subdomain;
   paths = {
-    path0 = "${servicePath}/${glanceLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 3434;
   };
   ssl = {
-    cert = "${sslPath}/${glanceSubdomain}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${subdomain}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${glanceSubdomain}.${domain0}/key.pem";
+    key = "${sslPath}/${subdomain}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/jellyfin.nix

@@ -2,27 +2,27 @@
 let
   inherit (instancesFunctions)
     domain0
-    jellyfinLabel
-    jellyfinName
     servicePath
     sslPath
     sopsPath
     ;
-  jellyfinDomain = "${jellyfinName}.${domain0}";
+  label = "Jellyfin";
+  name = "jellyfin";
+  domain = "${name}.${domain0}";
 in
 {
-  label = jellyfinLabel;
+  label = label;
-  name = jellyfinName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${jellyfinName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = jellyfinDomain;
+    url0 = domain;
   };
-  subdomain = jellyfinName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${jellyfinLabel}";
+    path0 = "${servicePath}/${label}";
-    path1 = "${servicePath}/${jellyfinLabel}/cache";
+    path1 = "${servicePath}/${label}/cache";
   };
   ports = {
     port0 = 5055; # Jellyseer
@@ -30,7 +30,7 @@ in
     port2 = 8920; # Jellyfin HTTPS
   };
   ssl = {
-    cert = "${sslPath}/${jellyfinName}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${jellyfinName}.${domain0}/key.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/kanboard.nix

@@ -1,38 +0,0 @@
-{ instancesFunctions }:
-let
-  inherit (instancesFunctions)
-    domain0
-    servicePath
-    sslPath
-    sopsPath
-    ;
-
-  kanboardLabel = "Kanboard";
-  kanboardName = "kanboard";
-  kanboardSubdomain = "todo";
-  kanboardDomain = "${kanboardSubdomain}.${domain0}";
-in
-{
-  label = kanboardLabel;
-  name = kanboardName;
-  email = {
-    address0 = "noreply@${kanboardName}.${domain0}";
-  };
-  sops = {
-    path0 = "${sopsPath}/${kanboardName}";
-  };
-  domains = {
-    url0 = kanboardDomain;
-  };
-  subdomain = kanboardSubdomain;
-  paths = {
-    path0 = "${servicePath}/${kanboardLabel}";
-  };
-  ports = {
-    port0 = 3128;
-  };
-  ssl = {
-    cert = "${sslPath}/${kanboardSubdomain}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${kanboardSubdomain}.${domain0}/key.pem";
-  };
-}

modules/config/instances/config/mastodon.nix

@@ -7,31 +7,31 @@ let
     sopsPath
     ;
 
-  mastodonLabel = "Mastodon";
+  label = "Mastodon";
-  mastodonName = "mastodon";
+  name = "mastodon";
-  mastodonSubdomain = "social";
+  subdomain = "social";
-  mastodonDomain = "${mastodonSubdomain}.${domain3}";
+  domain = "${subdomain}.${domain3}";
 in
 {
-  label = mastodonLabel;
+  label = label;
-  name = mastodonName;
+  name = name;
   email = {
     address0 = "noreply@${domain3}";
   };
   domains = {
-    url0 = mastodonDomain;
+    url0 = domain;
   };
-  subdomain = mastodonSubdomain;
+  subdomain = subdomain;
   sops = {
-    path0 = "${sopsPath}/${mastodonName}";
+    path0 = "${sopsPath}/${name}";
   };
   paths = {
-    path0 = "${servicePath}/${mastodonLabel}";
+    path0 = "${servicePath}/${label}";
     path1 = "";
     path2 = "";
   };
   ssl = {
-    cert = "${sslPath}/${mastodonSubdomain}.${domain3}/fullchain.pem";
+    cert = "${sslPath}/${subdomain}.${domain3}/fullchain.pem";
-    key = "${sslPath}/${mastodonSubdomain}.${domain3}/key.pem";
+    key = "${sslPath}/${subdomain}.${domain3}/key.pem";
   };
 }

modules/config/instances/config/matrix.nix

@@ -5,18 +5,18 @@ let
     sopsPath
     ;
 
-  matrixLabel = "Matrix";
+  label = "Matrix";
-  matrixName = "matrix";
+  name = "matrix";
 in
 {
-  label = matrixLabel;
+  label = label;
-  name = matrixName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${matrixName}";
+    path0 = "${sopsPath}/${name}";
   };
-  subdomain = matrixName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${matrixLabel}";
+    path0 = "${servicePath}/${label}";
     path1 = "";
     path2 = "";
   };

modules/config/instances/config/minecraft.nix

@@ -7,24 +7,24 @@ let
     sopsPath
     ;
 
-  minecraftLabel = "Minecraft";
+  label = "Minecraft";
-  minecraftName = "minecraft";
+  name = "minecraft";
 in
 {
-  label = minecraftLabel;
+  label = label;
-  name = minecraftName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${minecraftName}";
+    path0 = "${sopsPath}/${name}";
   };
-  subdomain = minecraftName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${minecraftLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 43000; # Minecraft (Brix on Nix)
   };
   ssl = {
-    cert = "${sslPath}/${minecraftName}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${minecraftName}.${domain0}/key.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/nextcloud.nix

@@ -7,31 +7,31 @@ let
     sopsPath
     ;
 
-  nextcloudLabel = "Nextcloud";
+  label = "Nextcloud";
-  nextcloudName = "nextcloud";
+  name = "nextcloud";
-  nextcloudDomain = "${nextcloudName}.${domain0}";
+  domain = "${name}.${domain0}";
 in
 {
-  label = nextcloudLabel;
+  label = label;
-  name = nextcloudName;
+  name = name;
   email = {
-    address0 = "noreply@${nextcloudName}.${domain0}";
+    address0 = "noreply@${name}.${domain0}";
   };
   sops = {
-    path0 = "${sopsPath}/${nextcloudName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = nextcloudDomain;
+    url0 = domain;
   };
-  subdomain = nextcloudName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${nextcloudLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 8354; # Nextcloud
   };
   ssl = {
-    cert = "${sslPath}/${nextcloudName}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${nextcloudName}.${domain0}/key.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/nginx.nix

@@ -4,14 +4,14 @@ let
     sopsPath
     ;
 
-  nginxLabel = "Nginx";
+  label = "Nginx";
-  nginxName = "nginx";
+  name = "nginx";
 in
 {
-  label = nginxLabel;
+  label = label;
-  name = nginxName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${nginxName}";
+    path0 = "${sopsPath}/${name}";
   };
   ports = {
     port0 = 8080;

modules/config/instances/config/ollama.nix

@@ -7,30 +7,30 @@ let
     sopsPath
     ;
 
-  ollamaLabel = "Ollama";
+  label = "Ollama";
-  ollamaName = "ollama";
+  name = "ollama";
-  ollamaDomain = "${ollamaName}.${domain0}";
+  domain = "${name}.${domain0}";
 in
 {
-  label = ollamaLabel;
+  label = label;
-  name = ollamaName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${ollamaName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = ollamaDomain;
+    url0 = domain;
   };
-  subdomain = ollamaName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${ollamaLabel}";
+    path0 = "${servicePath}/${label}";
-    path1 = "/mnt/media/storage/${ollamaName}";
+    path1 = "/mnt/media/storage/${name}";
   };
   ports = {
     port0 = 8088; # Open-WebUI (Ollama Front End)
     port1 = 11434; # Ollama API
   };
   ssl = {
-    cert = "${sslPath}/${ollamaName}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${ollamaName}.${domain0}/key.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/owncast.nix

@@ -7,31 +7,31 @@ let
     sopsPath
     ;
 
-  owncastLabel = "Owncast";
+  label = "Owncast";
-  owncastName = "owncast";
+  name = "owncast";
-  owncastSubdomain = "stream";
+  subdomain = "stream";
-  owncastDomain = "${owncastSubdomain}.${domain1}";
+  domain = "${subdomain}.${domain1}";
 in
 {
-  label = owncastLabel;
+  label = label;
-  name = owncastName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${owncastName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = owncastDomain;
+    url0 = domain;
   };
-  subdomain = owncastSubdomain;
+  subdomain = subdomain;
   paths = {
-    path0 = "${servicePath}/${owncastLabel}";
+    path0 = "${servicePath}/${label}";
-    path1 = "/mnt/media/storage/${owncastName}";
+    path1 = "/mnt/media/storage/${name}";
   };
   ports = {
     port0 = 9454;
     port1 = 1935;
   };
   ssl = {
-    cert = "${sslPath}/${owncastSubdomain}.${domain1}/fullchain.pem";
+    cert = "${sslPath}/${subdomain}.${domain1}/fullchain.pem";
-    key = "${sslPath}/${owncastSubdomain}.${domain1}/key.pem";
+    key = "${sslPath}/${subdomain}.${domain1}/key.pem";
   };
 }

modules/config/instances/config/peertube.nix

@@ -7,26 +7,26 @@ let
     sopsPath
     ;
 
-  peertubeLabel = "PeerTube";
+  label = "PeerTube";
-  peertubeName = "peertube";
+  name = "peertube";
-  peertubeSubdomain = "video";
+  subdomain = "video";
-  peertubeDomain = "${peertubeSubdomain}.${domain3}";
+  domain = "${subdomain}.${domain3}";
 in
 {
-  label = peertubeLabel;
+  label = label;
-  name = peertubeName;
+  name = name;
   email = {
     address0 = "noreply@${domain3}";
   };
   sops = {
-    path0 = "${sopsPath}/${peertubeName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = peertubeDomain;
+    url0 = domain;
   };
-  subdomain = peertubeSubdomain;
+  subdomain = subdomain;
   paths = {
-    path0 = "${servicePath}/${peertubeLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 9000; # HTTP
@@ -36,7 +36,7 @@ in
     port4 = 52800;
   };
   ssl = {
-    cert = "${sslPath}/${peertubeSubdomain}.${domain3}/fullchain.pem";
+    cert = "${sslPath}/${subdomain}.${domain3}/fullchain.pem";
-    key = "${sslPath}/${peertubeSubdomain}.${domain3}/key.pem";
+    key = "${sslPath}/${subdomain}.${domain3}/key.pem";
   };
 }

modules/config/instances/config/podgrab.nix

@@ -0,0 +1,35 @@
+{ instancesFunctions }:
+let
+  inherit (instancesFunctions)
+    domain0
+    servicePath
+    sslPath
+    sopsPath
+    ;
+
+  label = "Podgrab";
+  name = "podgrab";
+  subdomain = "podcasts";
+  domain = "${subdomain}.${domain0}";
+in
+{
+  label = label;
+  name = name;
+  sops = {
+    path0 = "${sopsPath}/${name}";
+  };
+  domains = {
+    url0 = domain;
+  };
+  subdomain = name;
+  paths = {
+    path0 = "${servicePath}/${label}";
+  };
+  ports = {
+    port0 = 4242;
+  };
+  ssl = {
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
+  };
+}

modules/config/instances/config/postfix.nix

@@ -7,22 +7,22 @@ let
     sopsPath
     ;
 
-  postfixLabel = "Postfix";
+  label = "Postfix";
-  postfixName = "postfix";
+  name = "postfix";
-  postfixDomain = "${postfixName}.${domain3}";
+  domain = "${name}.${domain3}";
 in
 {
-  label = postfixLabel;
+  label = label;
-  name = postfixName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${postfixName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = postfixDomain;
+    url0 = domain;
   };
-  subdomain = postfixName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${postfixLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ssl = {
     cert = "${sslPath}/${domain3}/fullchain.pem";

modules/config/instances/config/postgresql.nix

@@ -5,17 +5,17 @@ let
     sopsPath
     ;
 
-  postgresLabel = "PostgreSQL";
+  label = "PostgreSQL";
-  postgresName = "postgres";
+  name = "postgres";
 in
 {
-  label = postgresLabel;
+  label = label;
-  name = postgresName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${postgresName}";
+    path0 = "${sopsPath}/${name}";
   };
   paths = {
-    path0 = "${servicePath}/${postgresLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 5432;

modules/config/instances/config/samba.nix

@@ -4,14 +4,14 @@ let
     sopsPath
     ;
 
-  sambaLabel = "Samba";
+  label = "Samba";
-  sambaName = "samba";
+  name = "samba";
 in
 {
-  label = sambaLabel;
+  label = label;
-  name = sambaName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${sambaName}";
+    path0 = "${sopsPath}/${name}";
   };
   paths = {
   };

modules/config/instances/config/searx.nix

@@ -7,32 +7,32 @@ let
     sopsPath
     ;
 
-  searxLabel = "SearXNG";
+  label = "SearXNG";
-  searxName = "searx";
+  name = "searx";
-  searxSubdomain = "search";
+  subdomain = "search";
-  searxDomain = "${searxSubdomain}.${domain0}";
+  domain = "${subdomain}.${domain0}";
 in
 {
-  label = searxLabel;
+  label = label;
-  name = searxName;
+  name = name;
   email = {
     address0 = "noreply@${domain0}";
   };
   sops = {
-    path0 = "${sopsPath}/${searxName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = searxDomain;
+    url0 = domain;
   };
-  subdomain = searxSubdomain;
+  subdomain = subdomain;
   paths = {
-    path0 = "${servicePath}/${searxLabel}";
+    path0 = "${servicePath}/${label}";
   };
   ports = {
     port0 = 8888;
   };
   ssl = {
-    cert = "${sslPath}/${searxSubdomain}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${subdomain}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${searxSubdomain}.${domain0}/key.pem";
+    key = "${sslPath}/${subdomain}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/syncthing.nix

@@ -6,27 +6,27 @@ let
     sopsPath
     ;
 
-  syncthingLabel = "Syncthing";
+  label = "Syncthing";
-  syncthingName = "syncthing";
+  name = "syncthing";
-  syncthingDomain = "${syncthingName}.${domain0}";
+  domain = "${name}.${domain0}";
 in
 {
-  label = syncthingLabel;
+  label = label;
-  name = syncthingName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${syncthingName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = syncthingDomain;
+    url0 = domain;
   };
-  subdomain = syncthingName;
+  subdomain = name;
   ports = {
     port0 = 8388; # Syncthing (WebUI)
     port1 = 21027; # Syncthing (Discovery)
     port2 = 22000; # Syncthing (Transfer)
   };
   ssl = {
-    cert = "${sslPath}/${syncthingName}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${syncthingName}.${domain0}/key.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/synology.nix

@@ -4,14 +4,14 @@ let
     sopsPath
     ;
 
-  synologyLabel = "Synology";
+  label = "Synology";
-  synologyName = "synology";
+  name = "synology";
 in
 {
-  label = synologyLabel;
+  label = label;
-  name = synologyName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${synologyName}";
+    path0 = "${sopsPath}/${name}";
   };
   ports = {
     port0 = 5001; # Synology HTTPS

modules/config/instances/config/upRootNutrition.nix

@@ -6,17 +6,17 @@ let
     sopsPath
     ;
 
-  upRootNutritionLabel = "upRootNutrition";
+  label = "upRootNutrition";
-  upRootNutritionName = "uprootnutrition";
+  name = "uprootnutrition";
 in
 {
-  label = upRootNutritionLabel;
+  label = label;
-  name = upRootNutritionName;
+  name = name;
   email = {
     address0 = "nick@${domain3}";
   };
   sops = {
-    path0 = "${sopsPath}/${upRootNutritionName}";
+    path0 = "${sopsPath}/${name}";
   };
   paths = {
     path0 = "/var/lib/website/dist";

modules/config/instances/config/vaultwarden.nix

@@ -7,31 +7,31 @@ let
     sopsPath
     ;
 
-  vaultwardenLabel = "Vaultwarden";
+  label = "Vaultwarden";
-  vaultwardenName = "vaultwarden";
+  name = "vaultwarden";
-  vaultwardenDomain = "${vaultwardenName}.${domain0}";
+  domain = "${name}.${domain0}";
 in
 {
-  label = vaultwardenLabel;
+  label = label;
-  name = vaultwardenName;
+  name = name;
   email = {
-    address0 = "noreply@${vaultwardenName}.${domain0}";
+    address0 = "noreply@${name}.${domain0}";
   };
   sops = {
-    path0 = "${sopsPath}/${vaultwardenName}";
+    path0 = "${sopsPath}/${name}";
   };
   domains = {
-    url0 = vaultwardenDomain;
+    url0 = domain;
   };
-  subdomain = vaultwardenName;
+  subdomain = name;
   paths = {
-    path0 = "${servicePath}/${vaultwardenLabel}/BackupDir";
+    path0 = "${servicePath}/${label}/BackupDir";
   };
   ports = {
     port0 = 8085; # Vaultwarden WebUI
   };
   ssl = {
-    cert = "${sslPath}/${vaultwardenName}.${domain0}/fullchain.pem";
+    cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
-    key = "${sslPath}/${vaultwardenName}.${domain0}/key.pem";
+    key = "${sslPath}/${name}.${domain0}/key.pem";
   };
 }

modules/config/instances/config/wireGuard.nix

@@ -4,14 +4,14 @@ let
     sopsPath
     ;
 
-  wireGuardLabel = "WireGuard";
+  label = "WireGuard";
-  wireGuardName = "wireguard";
+  name = "wireguard";
 in
 {
-  label = wireGuardLabel;
+  label = label;
-  name = wireGuardName;
+  name = name;
   sops = {
-    path0 = "${sopsPath}/${wireGuardName}";
+    path0 = "${sopsPath}/${name}";
   };
   ports = {
   };

modules/config/instances/default.nix

@@ -2,10 +2,6 @@ let
   configPath = ./config;
 
   instancesFunctions = {
-    jellyfinLabel = "Jellyfin";
-    jellyfinName = "jellyfin";
-    audiobookshelfLabel = "Audiobookshelf";
-    audiobookshelfName = "audiobookshelf";
     domain0 = "cloudbert.fun";
     domain1 = "the-nutrivore.social";
     domain2 = "the-nutrivore.com";

modules/nixos/services/acme/default.nix

@@ -38,8 +38,8 @@ in
           "nextcloud"
           "syncthing"
           "searx"
+          "podgrab"
           "vaultwarden"
-          "kanboard"
           "audiobookshelf"
         ]
       )

modules/nixos/services/podgrab/default.nix

@@ -0,0 +1,77 @@
+{ config, flake, ... }:
+let
+  inherit (flake.config.services.instances) podgrab web;
+  inherit (flake.config.machines.devices) ceres;
+  service = podgrab;
+  localhost = web.localhost.address0;
+  host = service.domains.url0;
+in
+{
+  services = {
+    podgrab = {
+      enable = true;
+      port = service.ports.port0;
+      passwordFile = config.sops.secrets."${service.name}-pass".path;
+      dataDirectory = service.paths.path0;
+    };
+    caddy = {
+      virtualHosts = {
+        "${host}" = {
+          extraConfig = ''
+            redir /.well-known/carddav /remote.php/dav/ 301
+            redir /.well-known/caldav /remote.php/dav/ 301
+
+            reverse_proxy ${localhost}:${toString service.ports.port1}
+
+            tls ${service.ssl.cert} ${service.ssl.key}
+          '';
+        };
+      };
+    };
+  };
+
+  sops =
+    let
+      sopsPath = secret: {
+        path = "${service.sops.path0}/${service.name}-${secret}";
+        owner = service.name;
+        mode = "600";
+      };
+    in
+    {
+      secrets = builtins.listToAttrs (
+        map
+          (secret: {
+            name = "${service.name}-${secret}";
+            value = sopsPath secret;
+          })
+          [
+            "pass"
+          ]
+      );
+    };
+
+  fileSystems."/var/lib/${service.name}" = {
+    device = service.paths.path0;
+    fsType = "none";
+    options = [
+      "bind"
+    ];
+    depends = [
+      ceres.storage0.mount
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
+    "Z ${service.sops.path0} 0755 ${service.name} ${service.name} -"
+  ];
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0
+      ];
+    };
+  };
+}

secrets/secrets.yaml

@@ -36,6 +36,7 @@ wireguard-CA358: ENC[AES256_GCM,data:/VewmiNfRc9/wSE7TT+z1F9LLIvr/5wPsQZ/zBwAh3d
 wireguard-CA627: ENC[AES256_GCM,data:chmDsH2nE0nagjFRZWuxX08/Ykt+rIgCHYkMHd+7nIqihK5SebF7MJlrp84=,iv:NVOlGE7W70nQ0UM/i5WixJvDULO3Y4cLf8h+OAGHhQQ=,tag:L123ShCnr9+kIg1itIoqBA==,type:str]
 glance-jellyfin: ENC[AES256_GCM,data:ozdDKgAWkA88J2j8RtiOP/aQPAt/neUOSlAZF20g510=,iv:x+VhYlnA9F/VPrzVcma4/oPelCc8kjWoTZvOs4L9Uqo=,tag:crdSDjr8Y5GH/JAF6t8Yeg==,type:str]
 kanboard-smtp: ENC[AES256_GCM,data:eOIEGwJZlvbJaTfDRU3IFQ==,iv:Jex01WlHG3uxqUnTSF+v1BgnNcIu4cS9OwHBCFl1m28=,tag:3Eld1FkI6AftlCyC3419BA==,type:str]
+podgrab-pass: ENC[AES256_GCM,data:Dg2eI0+yufvwfs6b3iNXtuyZR0ivL4U5LeC23isHZO4=,iv:ORB8xIBnNeJ6eQvm6Gb972Qv5xxY+cldwfUNYXaz6GA=,tag:ANAC/oyF6hqOGopYvpzaPQ==,type:str]
 sops:
     age:
         - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
@@ -47,7 +48,7 @@ sops:
             bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
             aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-09T22:48:59Z"
+    lastmodified: "2025-06-22T16:48:14Z"
-    mac: ENC[AES256_GCM,data:NDH6wnmCs/D4SPJW5UaI96dfH0LrNG3H6khNUndFg8qWn8AG8/QJjsanSkEs+OnOE/l4nO84qAr9k9mEeqtYxDQsPehrBroSNPZQLsmB9EWCM7mHX4f9aeadm7liWWRf8ay96F3zl8PrxJNEus8cO57FKDVDqUgcldSzdaHxI00=,iv:1Jbhr61vUmByPfGquSrHWiytgasjmGMw+aXPZnuCLN8=,tag:UzgVLK+wsFSwAUKmIImN/g==,type:str]
+    mac: ENC[AES256_GCM,data:qmfkuAvJuDSyWRFuEyp1Kb2Ba4QrMAHN1WrMaN3FIbpEm/jWAw6yyEiZ5fEwr5XMkBczjkg7ioG+IFf28I6TEgZVrgAv3NKm2wkIw2SCU0Fo7+s5Hbv4vT0pra6rHwL+b9ND6K32Z7hbanGytqLtv99Y9YxyVplzPaEIa0CP4v0=,iv:1lU5vKoAV4vr1lFv1dxqJrGu5fUsQQtzsSKOc+BhnVA=,tag:r/7gli4X5UpejJTe6UQywQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2