add slskd, config.mailserver -> services.mailserver, fix gotosocial backups

2023-09-08 21:29:08 +01:00 · 2023-09-08 21:29:08 +01:00 · 9b75a69bd4
parent 798d976733
commit 9b75a69bd4
19 changed files with 514 additions and 30 deletions
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix
@ -4,9 +4,9 @@
  ...
 }:
 with lib; let
-  cfg = config.mailserver;
+  cfg = config.services.mailserver;
 in {
-  options.mailserver = {
+  options.services.mailserver = {
    enable = mkEnableOption "mailserver";
    fqdn = mkOption {type = types.str;};
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix
@ -4,7 +4,7 @@
  lib,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  vmail_config = mail_config.vmail_config;
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix
@ -3,7 +3,7 @@
  config,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
 in {
  config = lib.mkIf mail_config.enable {
    networking.firewall = {
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix
@ -5,7 +5,7 @@
  ...
 }:
 with lib; let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  dkimUser = config.services.opendkim.user;
  dkimGroup = config.services.opendkim.group;
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix
@ -4,7 +4,7 @@
  lib,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" ''
    /^Received:/            IGNORE
    /^X-Originating-IP:/    IGNORE
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix
@ -3,7 +3,7 @@
  lib,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  postfixCfg = config.services.postfix;
  rspamdCfg = config.services.rspamd;
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix
@ -3,7 +3,7 @@
  lib,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  acmeRoot = "/var/lib/acme/acme-challenge";
 in {
  config = lib.mkIf (mail_config.enable && mail_config.ssl_config.useACME) {
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix
@ -4,7 +4,7 @@
  lib,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  vmail_config = mail_config.vmail_config;
  vmail_user = vmail_config.user;
--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix
+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix
@ -3,7 +3,7 @@
  lib,
  ...
 }: let
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
 in {
  config = lib.mkIf (mail_config.enable && mail_config.enable_roundcube) {
    services.roundcube = {
--- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix
+++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix
@ -1,7 +1,11 @@
-{host_secrets, ...}: let
+{
  pkgs,
  host_secrets,
  ...
 }: let
  secrets = host_secrets;
 in {
-  config.mailserver = {
+  services.mailserver = {
    enable = true;
    fqdn = "mail.owo.monster";
    domains = ["owo.monster"];
@ -56,15 +60,23 @@ in {
    };
  };
-  config.systemd.tmpfiles.rules = [
+  systemd.tmpfiles.rules = [
    "d /var/sockets - nginx nginx"
  ];
-  config.systemd.services.nginx.serviceConfig.ReadWritePaths = [
+  systemd.services.nginx.serviceConfig.ReadWritePaths = [
    "/var/sockets"
  ];
-  config.services.nginx.virtualHosts."mail.owo.monster" = {
+  services.roundcube = {
    package = pkgs.roundcube.withPlugins (plugins:
      with pkgs.roundcubePlugins; [
        persistent_login
      ]);
    plugins = ["persistent_login"];
  };
  services.nginx.virtualHosts."mail.owo.monster" = {
    listen = [
      {
        addr = "127.0.0.1";
--- a/hosts/hetzner-vm/containers/mail/profiles/restic.nix
+++ b/hosts/hetzner-vm/containers/mail/profiles/restic.nix
@ -6,7 +6,7 @@
  ...
 }: let
  secrets = host_secrets;
-  mail_config = config.mailserver;
+  mail_config = config.services.mailserver;
  backupPrepareCommand = "${
    (pkgs.writeShellScriptBin "backupPrepareCommand" ''
      systemctl start postgresqlBackup-roundcube --wait
--- a/hosts/hetzner-vm/containers/music/data/ports.nix
+++ b/hosts/hetzner-vm/containers/music/data/ports.nix
@ -4,4 +4,6 @@
  mpd-opus-medium = 4243;
  mpd-opus-high = 4244;
  mpd-flac = 4245;
  slskd = 5000;
  slskd-web = 5001;
 }
--- a/hosts/hetzner-vm/containers/music/music.nix
+++ b/hosts/hetzner-vm/containers/music/music.nix
@ -16,8 +16,12 @@
 in {
  networking.nat.forwardPorts = [
    {
-      sourcePort = 6600;
+      sourcePort = ports.mpd;
-      destination = "${containerIP}\:6600";
+      destination = "${containerIP}\:${toString ports.mpd}";
    }
    {
      sourcePort = ports.slskd;
      destination = "${containerIP}\:${toString ports.slskd}";
    }
  ];
@ -26,13 +30,16 @@ in {
    privateNetwork = true;
    hostAddress = hostIP;
    localAddress = containerIP;
-    bindMounts = lib.mkMerge (lib.forEach ["mpd_control_password"] (secret_name: let
+    bindMounts = lib.mkMerge (lib.forEach [
-      path = "${secrets.${secret_name}.path}";
+        "mpd_control_password"
-    in {
+        "slskd_env"
-      "${path}" = {
+      ] (secret_name: let
-        hostPath = "${path}";
+        path = "${secrets.${secret_name}.path}";
-      };
+      in {
-    }));
+        "${path}" = {
          hostPath = "${path}";
        };
      }));
    config = {
      config,
@ -51,6 +58,7 @@ in {
          inputs.home-manager-unstable.nixosModules.home-manager
          profiles.sshd
          profiles.nginx
          modules.nixos.secrets
@ -59,6 +67,7 @@ in {
        ++ (with hosts.hetzner-vm.containers.music; [
          profiles.music-sync
          profiles.mpd
          profiles.soulseek
        ]);
      # For Shared Secrets
@ -84,6 +93,15 @@ in {
    };
  };
  services.nginx.virtualHosts."soulseek.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${containerIP}:${toString ports.slskd-web}";
      proxyWebsockets = true;
    };
  };
  services.nginx.virtualHosts."stream.owo.monster" = let
    extraConfig = ''
      auth_basic "Music Password";
@ -117,5 +135,8 @@ in {
    gid = config.ids.gids.mpd;
  };
-  networking.firewall.allowedTCPPorts = [6600];
+  networking.firewall.allowedTCPPorts = with ports; [
    mpd
    slskd
  ];
 }
--- a/hosts/hetzner-vm/containers/music/profiles/soulseek.nix
+++ b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix
@ -0,0 +1,43 @@
 {
  lib,
  host_secrets,
  ...
 }: let
  ports = import ../data/ports.nix {};
  secrets = host_secrets;
  inherit (lib.modules) mkForce;
 in {
  services.slskd = {
    enable = true;
    openFirewall = true;
    environmentFile = secrets.slskd_env.path;
    settings = {
      remote_configuration = false;
      remote_file_management = true;
      soulseek = {
        username = "chaoticryptidz";
        description = "chaos's soulseek";
        listen_port = ports.slskd;
      };
      web = {
        port = ports.slskd-web;
        authentication = {
          username = "chaos";
        };
      };
      shares.directories = [
        "/Music"
      ];
    };
    nginx = {
      enable = true; # I don't think this is even cheked
      domainName = "soulseek.owo.monster";
    };
  };
  services.nginx.virtualHosts."soulseek.owo.monster" = {
    forceSSL = mkForce false;
    enableACME = mkForce false;
  };
 }
--- a/hosts/hetzner-vm/containers/social/profiles/backups.nix
+++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix
@ -38,7 +38,7 @@
  }/bin/backupPrepareCommand";
  backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" ''
-    rm /var/lib/gotosocial/gts-export.json
+    rm /var/lib/gotosocial/gts-export.json || true
  '')}/bin/backupCleanupCommand";
 in {
  environment.systemPackages = with pkgs; [
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@ -42,7 +42,7 @@
        echo "Host: "
        systemctl --failed
        ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
-          echo "Container: "
+          echo "Container: ${name}"
          systemctl -M ${name} --failed
        ''))}
      '')
--- a/hosts/hetzner-vm/secrets.nix
+++ b/hosts/hetzner-vm/secrets.nix
@ -60,6 +60,15 @@
          htpasswd -bc $secretFile "$username" "$password" 2>/dev/null
        '';
      };
      slskd_env = {
        fetchScript = ''
          soulseek_password=$(simple_get "/passwords/soulseek" .password)
          slskd_password=$(simple_get "/passwords/slskd" .password)
          echo > $secretFile
          echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> $secretFile
          echo "SLSKD_PASSWORD=$slskd_password" >> $secretFile
        '';
      };
      # Container: mail
      mail_restic_password = {
--- a/392
+++ b/392
@ -0,0 +1,392 @@
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix[m
 [1mindex 0e9f1da..73979dd 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/default.nix[m
 [36m@@ -4,9 +4,9 @@[m
   ...[m
 }:[m
 with lib; let[m
 [31m-  cfg = config.mailserver;[m
 [32m+[m[32m  cfg = config.services.mailserver;[m
 in {[m
 [31m-  options.mailserver = {[m
 [32m+[m[32m  options.services.mailserver = {[m
     enable = mkEnableOption "mailserver";[m
 [m
     fqdn = mkOption {type = types.str;};[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix[m
 [1mindex ef5f01d..d306611 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/dovecot.nix[m
 [36m@@ -4,7 +4,7 @@[m
   lib,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
 [m
   vmail_config = mail_config.vmail_config;[m
 [m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix[m
 [1mindex 6c69bb3..0602a9a 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/firewall.nix[m
 [36m@@ -3,7 +3,7 @@[m
   config,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
 in {[m
   config = lib.mkIf mail_config.enable {[m
     networking.firewall = {[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix[m
 [1mindex 3297ee5..32e2481 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/opendkim.nix[m
 [36m@@ -5,7 +5,7 @@[m
   ...[m
 }:[m
 with lib; let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
   dkimUser = config.services.opendkim.user;[m
   dkimGroup = config.services.opendkim.group;[m
 [m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix[m
 [1mindex 8599bbf..b795a26 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/postfix.nix[m
 [36m@@ -4,7 +4,7 @@[m
   lib,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
   submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" ''[m
     /^Received:/            IGNORE[m
     /^X-Originating-IP:/    IGNORE[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix[m
 [1mindex 5df6349..be9ae1e 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix[m
 [36m@@ -3,7 +3,7 @@[m
   lib,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
 [m
   postfixCfg = config.services.postfix;[m
   rspamdCfg = config.services.rspamd;[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix[m
 [1mindex f0f26bd..c7d7a61 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/ssl.nix[m
 [36m@@ -3,7 +3,7 @@[m
   lib,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
   acmeRoot = "/var/lib/acme/acme-challenge";[m
 in {[m
   config = lib.mkIf (mail_config.enable && mail_config.ssl_config.useACME) {[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix[m
 [1mindex 90ee44f..44a4e42 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/vmail.nix[m
 [36m@@ -4,7 +4,7 @@[m
   lib,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
 [m
   vmail_config = mail_config.vmail_config;[m
   vmail_user = vmail_config.user;[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix[m
 [1mindex 8230c64..e38e194 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/modules/mailserver/webmail.nix[m
 [36m@@ -3,7 +3,7 @@[m
   lib,[m
   ...[m
 }: let[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
 in {[m
   config = lib.mkIf (mail_config.enable && mail_config.enable_roundcube) {[m
     services.roundcube = {[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix[m
 [1mindex bed2716..3fd9bbf 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/profiles/mailserver.nix[m
 [36m@@ -1,7 +1,11 @@[m
 [31m-{host_secrets, ...}: let[m
 [32m+[m[32m{[m
 [32m+[m[32m  pkgs,[m
 [32m+[m[32m  host_secrets,[m
 [32m+[m[32m  ...[m
 [32m+[m[32m}: let[m
   secrets = host_secrets;[m
 in {[m
 [31m-  config.mailserver = {[m
 [32m+[m[32m  services.mailserver = {[m
     enable = true;[m
     fqdn = "mail.owo.monster";[m
     domains = ["owo.monster"];[m
 [36m@@ -56,15 +60,23 @@[m [min {[m
     };[m
   };[m
 [m
 [31m-  config.systemd.tmpfiles.rules = [[m
 [32m+[m[32m  systemd.tmpfiles.rules = [[m
     "d /var/sockets - nginx nginx"[m
   ];[m
 [m
 [31m-  config.systemd.services.nginx.serviceConfig.ReadWritePaths = [[m
 [32m+[m[32m  systemd.services.nginx.serviceConfig.ReadWritePaths = [[m
     "/var/sockets"[m
   ];[m
 [m
 [31m-  config.services.nginx.virtualHosts."mail.owo.monster" = {[m
 [32m+[m[32m  services.roundcube = {[m
 [32m+[m[32m    package = pkgs.roundcube.withPlugins (plugins:[m
 [32m+[m[32m      with pkgs.roundcubePlugins; [[m
 [32m+[m[32m        persistent_login[m
 [32m+[m[32m      ]);[m
 [32m+[m[32m    plugins = ["persistent_login"];[m
 [32m+[m[32m  };[m
 [32m+[m
 [32m+[m[32m  services.nginx.virtualHosts."mail.owo.monster" = {[m
     listen = [[m
       {[m
         addr = "127.0.0.1";[m
 [1mdiff --git a/hosts/hetzner-vm/containers/mail/profiles/restic.nix b/hosts/hetzner-vm/containers/mail/profiles/restic.nix[m
 [1mindex 18ac0ef..d66cb66 100644[m
 [1m--- a/hosts/hetzner-vm/containers/mail/profiles/restic.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/mail/profiles/restic.nix[m
 [36m@@ -6,7 +6,7 @@[m
   ...[m
 }: let[m
   secrets = host_secrets;[m
 [31m-  mail_config = config.mailserver;[m
 [32m+[m[32m  mail_config = config.services.mailserver;[m
   backupPrepareCommand = "${[m
     (pkgs.writeShellScriptBin "backupPrepareCommand" ''[m
       systemctl start postgresqlBackup-roundcube --wait[m
 [1mdiff --git a/hosts/hetzner-vm/containers/music/data/ports.nix b/hosts/hetzner-vm/containers/music/data/ports.nix[m
 [1mindex 4fdaed1..4209c4b 100644[m
 [1m--- a/hosts/hetzner-vm/containers/music/data/ports.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/music/data/ports.nix[m
 [36m@@ -4,4 +4,5 @@[m
   mpd-opus-medium = 4243;[m
   mpd-opus-high = 4244;[m
   mpd-flac = 4245;[m
 [32m+[m[32m  skskd = 5000;[m
 }[m
 [1mdiff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix[m
 [1mindex b199191..44e403d 100644[m
 [1m--- a/hosts/hetzner-vm/containers/music/music.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/music/music.nix[m
 [36m@@ -11,13 +11,22 @@[m
 [m
   # Using secrets from Host[m
   secrets = config.services.secrets.secrets;[m
 [32m+[m[32m  containerName = "music";[m
 [32m+[m
 [32m+[m[32m  socketPathFor = ([m
 [32m+[m[32m    name: "/var/lib/nixos-containers/${containerName}/var/sockets/${name}.sock"[m
 [32m+[m[32m  );[m
 [m
   ports = import ./data/ports.nix {};[m
 in {[m
   networking.nat.forwardPorts = [[m
     {[m
 [31m-      sourcePort = 6600;[m
 [31m-      destination = "${containerIP}\:6600";[m
 [32m+[m[32m      sourcePort = ports.mpd;[m
 [32m+[m[32m      destination = "${containerIP}\:${toString ports.mpd}";[m
 [32m+[m[32m    }[m
 [32m+[m[32m    {[m
 [32m+[m[32m      sourcePort = ports.slskd;[m
 [32m+[m[32m      destination = "${containerIP}\:${toString ports.slskd}";[m
     }[m
   ];[m
 [m
 [36m@@ -26,13 +35,16 @@[m [min {[m
     privateNetwork = true;[m
     hostAddress = hostIP;[m
     localAddress = containerIP;[m
 [31m-    bindMounts = lib.mkMerge (lib.forEach ["mpd_control_password"] (secret_name: let[m
 [31m-      path = "${secrets.${secret_name}.path}";[m
 [31m-    in {[m
 [31m-      "${path}" = {[m
 [31m-        hostPath = "${path}";[m
 [31m-      };[m
 [31m-    }));[m
 [32m+[m[32m    bindMounts = lib.mkMerge (lib.forEach [[m
 [32m+[m[32m        "mpd_control_password"[m
 [32m+[m[32m        "slskd_env"[m
 [32m+[m[32m      ] (secret_name: let[m
 [32m+[m[32m        path = "${secrets.${secret_name}.path}";[m
 [32m+[m[32m      in {[m
 [32m+[m[32m        "${path}" = {[m
 [32m+[m[32m          hostPath = "${path}";[m
 [32m+[m[32m        };[m
 [32m+[m[32m      }));[m
 [m
     config = {[m
       config,[m
 [36m@@ -51,6 +63,7 @@[m [min {[m
           inputs.home-manager-unstable.nixosModules.home-manager[m
 [m
           profiles.sshd[m
 [32m+[m[32m          profiles.nginx[m
 [m
           modules.nixos.secrets[m
 [m
 [36m@@ -59,6 +72,7 @@[m [min {[m
         ++ (with hosts.hetzner-vm.containers.music; [[m
           profiles.music-sync[m
           profiles.mpd[m
 [32m+[m[32m          profiles.soulseek[m
         ]);[m
 [m
       # For Shared Secrets[m
 [36m@@ -84,6 +98,14 @@[m [min {[m
     };[m
   };[m
 [m
 [32m+[m[32m  services.nginx.virtualHosts."soulseek.owo.monster" = {[m
 [32m+[m[32m    forceSSL = true;[m
 [32m+[m[32m    enableACME = true;[m
 [32m+[m[32m    locations."/" = {[m
 [32m+[m[32m      proxyPass = "http://${containerIP}:80";[m
 [32m+[m[32m    };[m
 [32m+[m[32m  };[m
 [32m+[m
   services.nginx.virtualHosts."stream.owo.monster" = let[m
     extraConfig = ''[m
       auth_basic "Music Password";[m
 [36m@@ -117,5 +139,8 @@[m [min {[m
     gid = config.ids.gids.mpd;[m
   };[m
 [m
 [31m-  networking.firewall.allowedTCPPorts = [6600];[m
 [32m+[m[32m  networking.firewall.allowedTCPPorts = with ports; [[m
 [32m+[m[32m    mpd[m
 [32m+[m[32m    slskd[m
 [32m+[m[32m  ];[m
 }[m
 [1mdiff --git a/hosts/hetzner-vm/containers/music/profiles/soulseek.nix b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix[m
 [1mnew file mode 100644[m
 [1mindex 0000000..d7906eb[m
 [1m--- /dev/null[m
 [1m+++ b/hosts/hetzner-vm/containers/music/profiles/soulseek.nix[m
 [36m@@ -0,0 +1,40 @@[m
 [32m+[m[32m{[m
 [32m+[m[32m  lib,[m
 [32m+[m[32m  host_secrets,[m
 [32m+[m[32m  ...[m
 [32m+[m[32m}: let[m
 [32m+[m[32m  ports = import ../data/ports.nix {};[m
 [32m+[m[32m  secrets = host_secrets;[m
 [32m+[m
 [32m+[m[32m  inherit (lib.modules) mkForce;[m
 [32m+[m[32min {[m
 [32m+[m[32m  services.slskd = {[m
 [32m+[m[32m    enable = true;[m
 [32m+[m[32m    openFirewall = true;[m
 [32m+[m[32m    environmentFile = secrets.slskd_env.path;[m
 [32m+[m[32m    settings = {[m
 [32m+[m[32m      remote_configuration = false;[m
 [32m+[m[32m      remote_file_management = true;[m
 [32m+[m[32m      soulseek = {[m
 [32m+[m[32m        username = "chaoticryptidz";[m
 [32m+[m[32m        description = "chaos's soulseek";[m
 [32m+[m[32m        listen_port = ports.slskd;[m
 [32m+[m[32m      };[m
 [32m+[m[32m      web.authentication = {[m
 [32m+[m[32m        username = "chaos";[m
 [32m+[m[32m      };[m
 [32m+[m[32m      shares.directories = [[m
 [32m+[m[32m        "/Music"[m
 [32m+[m[32m      ];[m
 [32m+[m[32m    };[m
 [32m+[m[32m    nginx = {[m
 [32m+[m[32m      enable = true; # I don't think this is even cheked[m
 [32m+[m[32m      domainName = "soulseek.owo.monster";[m
 [32m+[m[32m    };[m
 [32m+[m[32m  };[m
 [32m+[m
 [32m+[m[32m  services.nginx.virtualHosts."soulseek.owo.monster" = {[m
 [32m+[m[32m    forceSSL = mkForce false;[m
 [32m+[m[32m    enableACME = mkForce false;[m
 [32m+[m[32m  };[m
 [32m+[m[32m}[m
 [1mdiff --git a/hosts/hetzner-vm/containers/social/profiles/backups.nix b/hosts/hetzner-vm/containers/social/profiles/backups.nix[m
 [1mindex 4d5346b..5e70ca1 100644[m
 [1m--- a/hosts/hetzner-vm/containers/social/profiles/backups.nix[m
 [1m+++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix[m
 [36m@@ -38,7 +38,7 @@[m
   }/bin/backupPrepareCommand";[m
 [m
   backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" ''[m
 [31m-    rm /var/lib/gotosocial/gts-export.json[m
 [32m+[m[32m    rm /var/lib/gotosocial/gts-export.json || true[m
   '')}/bin/backupCleanupCommand";[m
 in {[m
   environment.systemPackages = with pkgs; [[m
 [1mdiff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix[m
 [1mindex 7924a9b..a45dc1f 100644[m
 [1m--- a/hosts/hetzner-vm/hetzner-vm.nix[m
 [1m+++ b/hosts/hetzner-vm/hetzner-vm.nix[m
 [36m@@ -42,7 +42,7 @@[m
         echo "Host: "[m
         systemctl --failed[m
         ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''[m
 [31m-          echo "Container: "[m
 [32m+[m[32m          echo "Container: ${name}"[m
           systemctl -M ${name} --failed[m
         ''))}[m
       '')[m
 [1mdiff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix[m
 [1mindex 30e3f97..98a1ab4 100644[m
 [1m--- a/hosts/hetzner-vm/secrets.nix[m
 [1m+++ b/hosts/hetzner-vm/secrets.nix[m
 [36m@@ -60,6 +60,15 @@[m
           htpasswd -bc $secretFile "$username" "$password" 2>/dev/null[m
         '';[m
       };[m
 [32m+[m[32m      slskd_env = {[m
 [32m+[m[32m        fetchScript = ''[m
 [32m+[m[32m          soulseek_password=$(simple_get "/passwords/soulseek" .password)[m
 [32m+[m[32m          slskd_password=$(simple_get "/passwords/slskd" .password)[m
 [32m+[m[32m          echo > $secretFile[m
 [32m+[m[32m          echo "SLSKD_SLSK_PASSWORD=$soulseek_password" >> $secretFile[m
 [32m+[m[32m          echo "SLSKD_PASSWORD=$slskd_password" >> $secretFile[m
 [32m+[m[32m        '';[m
 [32m+[m[32m      };[m
 [m
       # Container: mail[m
       mail_restic_password = {[m
 [1mdiff --git a/profiles/gui/base/default.nix b/profiles/gui/base/default.nix[m
 [1mindex 5563f5b..0786b5b 100644[m
 [1m--- a/profiles/gui/base/default.nix[m
 [1m+++ b/profiles/gui/base/default.nix[m
 [36m@@ -1,6 +1,11 @@[m
 [31m-{pkgs, lib, config, ...}: let [m
 [32m+[m[32m{[m
 [32m+[m[32m  pkgs,[m
 [32m+[m[32m  lib,[m
 [32m+[m[32m  config,[m
 [32m+[m[32m  ...[m
 [32m+[m[32m}: let[m
   inherit (lib.modules) mkIf;[m
 [31m-  [m
 [32m+[m
   networkManagerEnabled = config.networking.networkmanager.enable;[m
 in {[m
   environment.systemPackages = with pkgs; [[m
--- a/profiles/gui/base/default.nix
+++ b/profiles/gui/base/default.nix
@ -1,6 +1,11 @@
-{pkgs, lib, config, ...}: let 
+{
  pkgs,
  lib,
  config,
  ...
 }: let
  inherit (lib.modules) mkIf;
-  
+
  networkManagerEnabled = config.networking.networkmanager.enable;
 in {
  environment.systemPackages = with pkgs; [