waffentrager: add maloja and multi-scrobbler, file restructure. valkyrie: reverse proxy

configurations/host/valkyrie/default.nix

@@ -142,6 +142,11 @@
   };
 
 
+  virtualisation.podman.autoPrune.enable = true;
+  virtualisation.podman.autoPrune.dates = "daily";
+  virtualisation.oci-containers.backend = "podman";
+
+
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "materus+acme@podkos.pl";
   security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;

configurations/host/valkyrie/services/dcbot.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, materusArg, ... }:
 {
-  options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable dcbot";
+  options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable muse bot";
 
 
 
@@ -10,269 +10,32 @@
       cfg = config.valkyrieService.dcbot;
     in
     lib.mkIf cfg.enable {
+      sops.templates."muse.env".content = ''
+        CACHE_LIMIT=512MB
+        BOT_STATUS=online
+        BOT_ACTIVITY_TYPE=LISTENING
+        BOT_ACTIVITY=Coś
+        DISCORD_TOKEN=${config.sops.placeholder.discord-token}
+        YOUTUBE_API_KEY=${config.sops.placeholder.youtube-api}
+        SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id}
+        SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret}
+      '';
 
       systemd.tmpfiles.rules = [
-        "d    /var/lib/dcbot   0776    dcbot    dcbot     -"
+        "d    /var/lib/muse  0776    root    root     -"
       ];
-      users.groups.dcbot = { };
+
-      users.users.dcbot = {
+      virtualisation.oci-containers.containers.dcbot = {
-        group = "dcbot";
+        image = "ghcr.io/museofficial/muse:latest";
-        isSystemUser = true;
+        volumes = [
+          "/var/lib/muse:/data"
+        ];
+        environmentFiles = [
+          config.sops.templates."muse.env".path
+        ];
       };
-      systemd.services.dcbot = {
-        description = "Make some noise!";
-        serviceConfig = {
-          User="dcbot";
-          Group="dcbot";
-        };
-        wantedBy = [ "multi-user.target" ];
-        path = [ pkgs.jdk ];
-        script = let 
-          musicbot = let version = "0.4.3"; in (pkgs.fetchurl {
-              url = "https://github.com/jagrosh/MusicBot/releases/download/${version}/JMusicBot-${version}.jar";
-              sha256 = "sha256-7CHFc94Fe6ip7RY+XJR9gWpZPKM5JY7utHp8C3paU9s=";
-            });
-        
-        in ''
-          cd /var/lib/dcbot
-          java -Dconfig=${config.sops.templates."dcbot.config.txt".path} -Xmx1G -Dnogui=true -Djava.util.concurrent.ForkJoinPool.common.parallelism=1 -jar ${musicbot}
-        '';
-      };
-
-
-
-      sops.templates."dcbot.config.txt".owner = "dcbot";
-      sops.templates."dcbot.config.txt".group = "dcbot";
-      sops.templates."dcbot.config.txt".content = ''
-/////////////////////////////////////////////////////////
-// Config for the JMusicBot                            //
-/////////////////////////////////////////////////////////
-// Any line starting with // is ignored                //
-// You MUST set the token and owner                    //
-// All other items have defaults if you don't set them //
-// Open in Notepad++ for best results                  //
-/////////////////////////////////////////////////////////
-
-
-// This sets the token for the bot to log in with
-// This MUST be a bot token (user tokens will not work)
-// If you don't know how to get a bot token, please see the guide here:
-// https://github.com/jagrosh/MusicBot/wiki/Getting-a-Bot-Token
-
-token = ${config.sops.placeholder.discord-token}
-
-
-// This sets the owner of the bot
-// This needs to be the owner's ID (a 17-18 digit number)
-// https://github.com/jagrosh/MusicBot/wiki/Finding-Your-User-ID
-
-owner = 141287334627901440
-
-
-// This sets the prefix for the bot
-// The prefix is used to control the commands
-// If you use !!, the play command will be !!play
-// If you do not set this, the prefix will be a mention of the bot (@Botname play)
-
-prefix = "@mention"
-
-
-// If you set this, it modifies the default game of the bot
-// Set this to NONE to have no game
-// Set this to DEFAULT to use the default game
-// You can make the game "Playing X", "Listening to X", or "Watching X"
-// where X is the title. If you don't include an action, it will use the
-// default of "Playing"
-
-game = "DEFAULT"
-
-
-// If you set this, it will modify the default status of bot
-// Valid values: ONLINE IDLE DND INVISIBLE
-
-status = ONLINE
-
-
-// If you set this to true, the bot will list the title of the song it is currently playing in its
-// "Playing" status. Note that this will ONLY work if the bot is playing music on ONE guild;
-// if the bot is playing on multiple guilds, this will not work.
-
-songinstatus=true
-
-
-// If you set this, the bot will also use this prefix in addition to
-// the one provided above
-
-altprefix = "-"
-
-
-// If you set these, it will change the various emojis
-
-success = "🎶"
-warning = "💡"
-error = "🚫"
-loading = "⌚"
-searching = "🔎"
-
-
-// If you set this, you change the word used to view the help.
-// For example, if you set the prefix to !! and the help to cmds, you would type
-// !!cmds to see the help text
-
-help = help
-
-
-// If you set this, the "nowplaying" command will show youtube thumbnails
-// Note: If you set this to true, the nowplaying boxes will NOT refresh
-// This is because refreshing the boxes causes the image to be reloaded
-// every time it refreshes.
-
-npimages = false
-
-
-// If you set this, the bot will not leave a voice channel after it finishes a queue.
-// Keep in mind that being connected to a voice channel uses additional bandwith,
-// so this option is not recommended if bandwidth is a concern.
-
-stayinchannel = false
-
-
-// This sets the maximum amount of seconds any track loaded can be. If not set or set
-// to any number less than or equal to zero, there is no maximum time length. This time
-// restriction applies to songs loaded from any source.
-
-maxtime = 0
-
-// This sets the maximum number of pages of songs that can be loaded from a YouTube
-// playlist. Each page can contain up to 100 tracks. Playing a playlist with more
-// pages than the maximum will stop loading after the provided number of pages.
-// For example, if the max was set to 15 and a playlist contained 1850 tracks,
-// only the first 1500 tracks (15 pages) would be loaded. By default, this is
-// set to 10 pages (1000 tracks).
-
-maxytplaylistpages = 10
-
-
-// This sets the ratio of users that must vote to skip the currently playing song.
-// Guild owners can define their own skip ratios, but this will be used if a guild
-// has not defined their own skip ratio.
-
-skipratio = 0.55
-
-
-// This sets the amount of seconds the bot will stay alone on a voice channel until it
-// automatically leaves the voice channel and clears the queue. If not set or set
-// to any number less than or equal to zero, the bot won't leave when alone.
-
-alonetimeuntilstop = 120
-
-
-// This sets an alternative folder to be used as the Playlists folder
-// This can be a relative or absolute path
-
-playlistsfolder = "Playlists"
-
-
-// By default, the bot will DM the owner if the bot is running and a new version of the bot
-// becomes available. Set this to false to disable this feature.
-
-updatealerts=false
-
-
-// Changing this changes the lyrics provider
-// Currently available providers: "A-Z Lyrics", "Genius", "MusicMatch", "LyricsFreak"
-// At the time of writing, I would recommend sticking with A-Z Lyrics or MusicMatch,
-// as Genius tends to have a lot of non-song results and you might get something 
-// completely unrelated to what you want.
-// If you are interested in contributing a provider, please see
-// https://github.com/jagrosh/JLyrics
-
-lyrics.default = "A-Z Lyrics"
-
-
-// These settings allow you to configure custom aliases for all commands.
-// Multiple aliases may be given, separated by commas.
-//
-// Example 1: Giving command "play" the alias "p":
-// play = [ p ]
-//
-// Example 2: Giving command "search" the aliases "yts" and "find":
-// search = [ yts, find ]
-
-aliases {
-  // General commands
-  settings = [ status ]
-
-  // Music commands
-  lyrics = []
-  nowplaying = [ np, current ]
-  play = []
-  playlists = [ pls ]
-  queue = [ list ]
-  remove = [ delete ]
-  scsearch = []
-  search = [ ytsearch ]
-  shuffle = []
-  skip = [ voteskip ]
-
-  // Admin commands
-  prefix = [ setprefix ]
-  setdj = []
-  setskip = [ setskippercent, skippercent, setskipratio ]
-  settc = []
-  setvc = []
-
-  // DJ Commands
-  forceremove = [ forcedelete, modremove, moddelete, modelete ]
-  forceskip = [ modskip ]
-  movetrack = [ move ]
-  pause = []
-  playnext = []
-  queuetype = []
-  repeat = []
-  skipto = [ jumpto ]
-  stop = [ leave ]
-  volume = [ vol ]
-}
-
-
-// This sets the logging verbosity.
-// Available levels: off, error, warn, info, debug, trace, all
-//
-// It is recommended to leave this at info. Debug log levels might help with troubleshooting,
-// but can contain sensitive data.
-
-loglevel = info
-
-
-// Transforms are used to modify specific play inputs and convert them to different kinds of inputs
-// These are quite complicated to use, and have limited use-cases, but in theory allow for rough
-// whitelists or blacklists, roundabout loading from some sources, and customization of how things are
-// requested.
-//
-// These are NOT EASY to set up, so if you want to use these, you'll need to look through the code 
-// for how they work and what fields are needed. Also, it's possible this feature might get entirely
-// removed in the future if I find a better way to do this.
-
-transforms = {}
-
-
-// If you set this to true, it will enable the eval command for the bot owner. This command
-// allows the bot owner to run arbitrary code from the bot's account.
-//
-// WARNING:
-// This command can be extremely dangerous. If you don't know what you're doing, you could
-// cause horrific problems on your Discord server or on whatever computer this bot is running
-// on. Never run this command unless you are completely positive what you are running.
-//
-// DO NOT ENABLE THIS IF YOU DON'T KNOW WHAT THIS DOES OR HOW TO USE IT
-// IF SOMEONE ASKS YOU TO ENABLE THIS, THERE IS AN 11/10 CHANCE THEY ARE TRYING TO SCAM YOU
-
-eval=false
-evalengine="Nashorn"
-'';
 
     };
 
 
-}
+}

configurations/host/waffentrager/default.nix

@@ -7,4 +7,9 @@
     ./secrets
     ./services
   ];
+
+  virtualisation.podman.autoPrune.enable = true;
+  virtualisation.podman.autoPrune.dates = "daily";
+  virtualisation.oci-containers.backend = "podman";
+
 }

configurations/host/waffentrager/secrets/default.nix

@@ -25,4 +25,14 @@
   sops.secrets."users/materus" = { neededForUsers = true; };
   sops.secrets.elements = { };
   sops.secrets.nextcloud-adminpass = { };
+  sops.secrets.maloja = { };
+  sops.secrets.maloja-api = { };
+  sops.secrets.spotify-client-id = {};
+  sops.secrets.spotify-client-secret = {};
+  sops.secrets.lastfm-user= {};
+  sops.secrets.lastfm-pass = {};
+  sops.secrets.lastfm-api = {};
+  sops.secrets.lastfm-secret = {};
+  sops.secrets.lastfm-token = {};
+  sops.secrets.listenbrainz-api = {};
 }

configurations/host/waffentrager/secrets/secrets.yaml

@@ -1,4 +1,4 @@
-wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
+ireguard: ENC[AES256_GCM,data:wBeMFAZ1Dib84bIzQ3m0DiVpz92ZqvJiDz+IXV5rLtJ3OjpNFqbiTSVZnlU=,iv:mJqbXafDv0FqUlY1s69DXbcN7Sd+rxas7IPefFKsMNE=,tag:Ic94bnY0MULfow70KkBWmA==,type:str]
 nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
 jwt: ENC[AES256_GCM,data:1Qn7DaBZr8vEa8VZiv2BpwePPOBYRTdHEiDv0asUbvhCtfHvhG4mX5/plyRPlQok6FLEjEzKZTEdnvyyOtFEgA==,iv:kqfHkEr0jkKAro9gQup6CeopQnjfMGhEqbVL81wnDgc=,tag:gP/WACy5cOzzmQOh1v8wsQ==,type:str]
 lldap-database: ENC[AES256_GCM,data:rNLS4WwvqRd3TFWDXaf8UmDTRsHZNPPS,iv:URV4Oz4ik2vHb03+Zh7ND+AbozSmoXpxENpvad4yvRI=,tag:6TbuMCnHwtTaG5mMWVN/mQ==,type:str]
@@ -8,6 +8,16 @@ ldap-master: ENC[AES256_GCM,data:jiinK8xzuKiTwB9k44okgj+sWWEgbeay,iv:Slvci3EBylI
 elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
 users:
     materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
+maloja: ENC[AES256_GCM,data:V/WV0181zupKLiDtf5pinwYFFzL1hg+j,iv:KmGHapsD7thnmgkHwnTYFP/fvBS6dft9ZmmFN4AZEXs=,tag:uEmZaFkvBIQfu+3+0gQFlg==,type:str]
+maloja-api: ENC[AES256_GCM,data:8vLC1a5pL8ldS7LWXqA/HOqtnyYFQk7/oisGgOOYH7TtnpBL93I2O3mWQIGCZUwWqMWFLvbOxIAnpoS0Qmg=,iv:swziHFypoh1YZkyEpDhqH2BhqUrWi0J63CqzORyY4s4=,tag:B9kkYHqyWP0KGPMD4S1I1A==,type:str]
+spotify-client-id: ENC[AES256_GCM,data:2vC2E7rHBrZ2VHTGqYRJp1fWNWprDaYq4J6gJ7tTfF0=,iv:KQJgzUiD70N2vQeTO9r8ucC96xc9mSW9VlU2IGmKT7Y=,tag:kWR+1Hhb4yGK/AAqxMCd3A==,type:str]
+spotify-client-secret: ENC[AES256_GCM,data:MKHo36AF1hHiXERltKdeMiuMhiGyyH8E3TqQfTf1tqc=,iv:/dPWUqjDtxZUOLZRx2lrHuU5Sf2fch2Fvnl+20KZ5dk=,tag:ZgsbCFBNHXSUuHbdSlrm4w==,type:str]
+lastfm-user: ENC[AES256_GCM,data:o/FUjIiB9PcFTQ==,iv:UtovNmHISz9jUj+HFZPIduZj6h3ayjA5RyVlh11k8LM=,tag:bS3ReGR2BRcs3lcutt95UQ==,type:str]
+lastfm-pass: ENC[AES256_GCM,data:g90kxN+HkSqN+B9XFH6AvbD376bHFPVI,iv:ZRxKxdKXIgKOm7TKKPLR1yLzTBjuCWQk4tTJN5d/0N4=,tag:soIJI75WAhoiXwVYlxkmQA==,type:str]
+lastfm-api: ENC[AES256_GCM,data:UxGOqFEsjDb5zBXjm6G+66zlr5M0pk/NdTad3a5MBVE=,iv:3v9Lg0bjmlAhcSOjCW44CN7FezSdNG3KVVLrk1G9Ies=,tag:amgDr25PYiB+E7+D/fVEOw==,type:str]
+lastfm-secret: ENC[AES256_GCM,data:z+XqodyRm9qnZwYwdON/KwAQ3E6hSI+mA0Nby0PQVT4=,iv:sY3Eqr7ZCx5lwjZaRFSghx/3OjuWlDQHQywgt7LpoIo=,tag:f7j1PFanHfLdDK+ASusCMA==,type:str]
+lastfm-token: ENC[AES256_GCM,data:X877lDOXtou5OF0KbkvuJ4rhJ+3IY5XnyXlqq4LuSb8=,iv:f8t36ut6zlHvBuKGmJabyc9nHViQvUcqNvCVy0YIeB8=,tag:0h9Jm1h2cxegUXXk6UTz9Q==,type:str]
+listenbrainz-api: ENC[AES256_GCM,data:eh03MPc5kn7CUDXXnEJTx4DXv9BpyabyRL+ENDFJw+kS66tV,iv:gerOaZ3gqM7ccLursFuCJrW1HcSjlTGk0wOLM8x4/2A=,tag:ZqxYNlgdqV0zRUUHm7VK3Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +33,8 @@ sops:
             eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
             ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-21T22:14:08Z"
+    lastmodified: "2024-09-10T12:55:49Z"
-    mac: ENC[AES256_GCM,data:DKI+SljQTH+5T7wtIfYRzNK+W5qQoxQ7E/6b9S7cptAsccdZhupWmVzHlwUlk5MFm92r0Qy3A6B/qV8Dashf6ABmjfnDuysvPoI5O45xE0Qs3TEyPKAbPV07FVi6lDHInEOznNAr6vhEN1Bhveg+ByyVeo+C5C5b+U7Qvx5KESM=,iv:B6xX7/u1ZHOPbEheFSpDeaRey3SP9bZMnDARc5xvzRM=,tag:nux6gkIfodj/4JedkBXWkQ==,type:str]
+    mac: ENC[AES256_GCM,data:/YXB4vQxd5+ZZrkqKFVYIcNJF4j8PricarHyi0ESi4HXr00Efnat+NnoM74Sy/ukrKIJOKBKVVWmmEW8uFCK4H+kJrMkdagALhsjMkeMSB23cmP8nLbCus5QPhX3bSpkZwYNuspmEYN1cQCHvaLC5Eus+YIi92L+KqHsWJS71iM=,iv:OIwGUDG63wbaxCaLpkior76Ckyql2c4was4PXEc1miY=,tag:lwM1QRCEc6zX9a+yv0mN8A==,type:str]
     pgp:
         - created_at: "2024-03-21T18:15:00Z"
           enc: |-

configurations/host/waffentrager/services/default.nix

@@ -2,16 +2,17 @@
 {
   imports =
     [
-      ./elements.nix
+      ./storage/elements.nix
-      ./postgresql.nix
+      ./storage/mount-acme.nix
-      ./mount-acme.nix
+      ./storage/gitea.nix
-      ./gitea.nix
+      ./storage/nextcloud.nix
-      ./nginx.nix
+      ./storage/samba.nix
-      ./nextcloud.nix
+      ./storage/syncthing.nix
-      ./samba.nix
+      ./multimedia/jellyfin.nix
-      ./syncthing.nix
+      ./multimedia/scrobbling.nix
-      ./jellyfin.nix
       ./monitoring.nix
+      ./nginx.nix
+      ./postgresql.nix
       ./auth
     ];
   waffentragerService.elements.enable = true;
@@ -22,6 +23,8 @@
   waffentragerService.nextcloud.enable = true;
   waffentragerService.samba.enable = true;
   waffentragerService.jellyfin.enable = true;
+  waffentragerService.scrobbling.enable = true;
+
   waffentragerService.syncthing.enable = true;
   waffentragerService.monitoring.enable = true;
 }

configurations/host/waffentrager/services/multimedia/scrobbling.nix

@@ -0,0 +1,120 @@
+{ config, pkgs, lib, materusArg, ... }:
+{
+  options.waffentragerService.scrobbling.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable scrobbling";
+
+
+
+
+  config =
+    let
+      cfg = config.waffentragerService.scrobbling;
+    in
+
+
+    #### MALOJA
+    lib.mkIf cfg.enable {
+      sops.templates."maloja.env".content = ''
+        MALOJA_DATA_DIRECTORY=/data
+        MALOJA_DIRECTORY_CONFIG=/data/config
+        MALOJA_DIRECTORY_STATE=/data/state
+        MALOJA_DIRECTORY_CACHE=/data/cache
+        MALOJA_NAME="Melody"
+        MALOJA_LASTFM_USERNAME=${config.sops.placeholder.lastfm-user}
+        MALOJA_LASTFM_PASSWORD=${config.sops.placeholder.lastfm-pass}
+        MALOJA_LASTFM_API_KEY=${config.sops.placeholder.lastfm-api}
+        MALOJA_LASTFM_API_SECRET=${config.sops.placeholder.lastfm-secret}
+        MALOJA_LASTFM_API_SK=${config.sops.placeholder.lastfm-token}
+        MALOJA_SKIP_SETUP=yes
+        MALOJA_FORCE_PASSWORD=${config.sops.placeholder.maloja}
+        MALOJA_SPOTIFY_API_ID=${config.sops.placeholder.spotify-client-id}
+        MALOJA_SPOTIFY_API_SECRET=${config.sops.placeholder.spotify-client-secret}
+      '';
+
+      virtualisation.oci-containers.containers.maloja = {
+        image = "krateng/maloja:latest";
+        ports = [
+          "42010:42010"
+        ];
+        volumes = [
+          "${config.waffentragerService.elements.malojaDir}:/data"
+        ];
+        environmentFiles = [
+          config.sops.templates."maloja.env".path
+        ];
+      };
+      systemd.services."${config.virtualisation.oci-containers.backend}-maloja" = {
+        requires = [ "elements-mount.service" ];
+        after = [ "elements-mount.service" ];
+      };
+
+      #### MULTI SCROBBLER
+      sops.templates."multi-scrobbler.env".content = ''
+          BASE_URL="https://melody.materus.pl/multi-scrobbler"
+          TC=Europe/Warsaw
+
+          JELLYFIN_SERVER="https://noot.materus.pl/"
+          SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id}
+          SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret}
+          MALOJA_URL="https://melody.materus.pl"
+          MALOJA_API_KEY="${config.sops.placeholder.maloja-api}"
+          LASTFM_API_KEY=${config.sops.placeholder.lastfm-api}
+          LASTFM_SECRET=${config.sops.placeholder.lastfm-secret}
+      '';
+      virtualisation.oci-containers.containers.multi-scrobbler = {
+        image = "foxxmd/multi-scrobbler:latest";
+        ports = [
+          "42011:9078"
+        ];
+        volumes = [
+          "${config.waffentragerService.elements.malojaDir}/multi-scrobbler:/data"
+        ];
+        environmentFiles = [
+          config.sops.templates."multi-scrobbler.env".path
+        ];
+      };
+
+
+      
+      #### Proxy
+      services.nginx.virtualHosts = {
+        "melody.materus.pl" = {
+          sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
+          sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
+          sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
+          addSSL = true;
+          http2 = false;
+          http3 = true;
+          # Maloja
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:42010";
+            extraConfig = ''
+              proxy_http_version 1.1;
+              proxy_set_header    Host                $host;
+              proxy_set_header    X-Real-IP           $remote_addr;
+              proxy_set_header    X-Forwarded-Ssl     on;
+              proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+              proxy_set_header    X-Forwarded-Proto   $scheme;
+
+            '';
+          };
+
+          locations."/multi-scrobbler" = {
+            proxyPass = "http://127.0.0.1:42011";
+            extraConfig = ''
+              proxy_http_version 1.1;
+              proxy_set_header    Host                $host;
+              proxy_set_header    X-Real-IP           $remote_addr;
+              proxy_set_header    X-Forwarded-Ssl     on;
+              proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+              proxy_set_header    X-Forwarded-Proto   $scheme;
+
+            '';
+          };
+
+        };
+
+      };
+
+
+    };
+}

configurations/host/waffentrager/services/storage/elements.nix

@@ -7,6 +7,8 @@
   options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
   options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
   options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; };
+  options.waffentragerService.elements.malojaDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/maloja"; };
+
   config =
     let
       cfg = config.waffentragerService.elements;
@@ -35,8 +37,12 @@
         '' + lib.optionalString config.waffentragerService.jellyfin.enable ''
           mkdir -p ${cfg.jellyfinDir}
           chown -R materus:nextcloud ${cfg.jellyfinDir}
+        '' + lib.optionalString config.waffentragerService.scrobbling.enable ''
+          mkdir -p ${cfg.malojaDir}/multi-scrobbler
+          chown -R ${cfg.malojaDir}
         ''
 
+
         ;
         preStop = ''
           umount ${cfg.path}