From d77ed19d5834e929f1d66ad0d4a13dff7bb847b4 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Sat, 1 Nov 2025 03:23:56 -0500
Subject: [PATCH] feat: started working on eris

---
 modules/nixos/services/opencloud/default.nix | 42 ++++++++++++++++----
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/modules/nixos/services/opencloud/default.nix b/modules/nixos/services/opencloud/default.nix
index 71163a4..a56126d 100755
--- a/modules/nixos/services/opencloud/default.nix
+++ b/modules/nixos/services/opencloud/default.nix
@@ -1,30 +1,48 @@
-{ config, flake, ... }:
+{
+  config,
+  flake,
+  pkgs,
+  ...
+}:
 let
   inherit (flake.config.services.instances) opencloud web caddy;
+  inherit (flake.config.machines.devices) eris;
   service = opencloud;
   localhost = web.localhost.address1;
   host = service.domains.url0;
 in
 {
+
+  environment.systemPackages = with pkgs; [
+    inotify-tools
+  ];
+
   services = {
     opencloud = {
       enable = true;
-      url = "http://${localhost}:${toString service.ports.port0}";
+      url = "https://${host}";
       port = service.ports.port0;
       address = localhost;
       stateDir = "/var/lib/${service.name}";
       environmentFile = config.sops.secrets."${service.name}/env".path;
     };
+
     caddy = {
       virtualHosts = {
-        ":${toString caddy.ports.port4}" = {
+        ":${host}" = {
           extraConfig = ''
-            reverse_proxy http://${localhost}:${toString service.ports.port0}
+            redir /.well-known/carddav /remote.php/dav/ 301
+            redir /.well-known/caldav /remote.php/dav/ 301
+
+            reverse_proxy ${localhost}:${toString service.ports.port0}
+
+            tls ${service.ssl.cert} ${service.ssl.key}
           '';
         };
       };
     };
   };
+
   sops =
     let
       sopsPath = secret: {
@@ -46,12 +64,22 @@ in
       );
     };
 
-  systemd = {
-    tmpfiles.rules = [
-      "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
+  fileSystems."/var/lib/${service.name}" = {
+    device = service.paths.path0;
+    fsType = "none";
+    options = [
+      "bind"
+    ];
+    depends = [
+      eris.storage0.mount
     ];
   };
 
+  systemd.tmpfiles.rules = [
+    "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
+    "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
+  ];
+
   networking = {
     firewall = {
       allowedTCPPorts = [