4 files changed, 27 insertions, 26 deletions

diff --git a/modules/mailserver.nix b/modules/mailserver.nix
index 90c17fa..3329d43 100644
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@@ -16,7 +16,7 @@
     loginAccounts = {
       "mail@krinitsin.com" = {
         hashedPasswordFile = "/secret/mail@krinitsin.com";
-        aliases = ["postmaster@krinitsin.com"];
+        aliases = [ "postmaster@krinitsin.com" "christian@krinitsin.com" ];
       };
       "wladislaw@krinitsin.com" = {
         hashedPasswordFile = "/secret/wladislaw@krinitsin.com";
@@ -33,4 +33,6 @@
        $config['smtp_pass'] = "%p";
      '';
   };
+
+  security.acme.certs."krinitsin.com".extraDomainNames = [ "webmail.krinitsin.com" ];
 }
diff --git a/modules/mealie.nix b/modules/mealie.nix
index 74dcf57..5059c8f 100644
--- a/modules/mealie.nix
+++ b/modules/mealie.nix
@@ -9,6 +9,13 @@ in
     package = unstable.mealie;
   };
 
-  networking.firewall.allowedTCPPorts = [ 9000 8080 ];
+  services.nginx.virtualHosts."recipes.krinitsin.com" = {
+    forceSSL = true;
+    useACMEHost = "krinitsin.com";
+    serverAliases = [ "rezepte.krinitsin.com" ];
+    locations."/".proxyPass = "http://localhost:9000";
+  };
+
+  security.acme.certs."krinitsin.com".extraDomainNames = [ "recipes.krinitsin.com" "rezepte.krinitsin.com" ];
 
 }
diff --git a/modules/syncthing.nix b/modules/syncthing.nix
index 4458b42..c25c956 100644
--- a/modules/syncthing.nix
+++ b/modules/syncthing.nix
@@ -8,5 +8,12 @@
     openDefaultPorts = true;
   };
   
-  networking.firewall.allowedTCPPorts = [ 8384 ];
+  services.nginx.virtualHosts."syncthing.krinitsin.com" = {
+    forceSSL = true;
+    useACMEHost = "krinitsin.com";
+    locations."/".proxyPass = "https://localhost:8384";
+  };
+
+  security.acme.certs."krinitsin.com".extraDomainNames = [ "syncthing.krinitsin.com" ];
+
 }
diff --git a/modules/webserver.nix b/modules/webserver.nix
index e8867d3..e61cb68 100644
--- a/modules/webserver.nix
+++ b/modules/webserver.nix
@@ -12,20 +12,12 @@
 	serverAliases = [ "www.krinitsin.com" ];
 
 	locations."/shopping/".basicAuthFile = "/secret/shopping_auth";
-	locations."/shopping/api/".proxyPass = "http://krinitsin.com:5000";
-      };
+	locations."/shopping/api/" = {
+	  proxyPass = "http://127.0.0.1:5000";
+	  basicAuthFile = "/secret/shopping_auth";
+	};
 
-      "recipes.krinitsin.com" = {
-        forceSSL = true;
-	useACMEHost = "krinitsin.com";
-	serverAliases = [ "rezepte.krinitsin.com" ];
-        locations."/".proxyPass = "http://localhost:9000";
-      };
-      
-      "syncthing.krinitsin.com" = {
-        forceSSL = true;
-	useACMEHost = "krinitsin.com";
-        locations."/".proxyPass = "https://localhost:8384";
+	locations."/mensa/api/".proxyPass = "http://127.0.0.1:5000";
       };
     };
   };
@@ -33,19 +25,12 @@
   security.acme = {
     acceptTerms = true;
     defaults.email = "christian@krinitsin.xyz";
-    certs."krinitsin.com".extraDomainNames = [ "recipes.krinitsin.com" "rezepte.krinitsin.com" "webmail.krinitsin.com" "syncthing.krinitsin.com" ];
   };
 
-
-  environment.systemPackages = with pkgs; [
-    python312
-    python312Packages.flask
-  ];
-
-  systemd.services.flask = {
+  systemd.services.flask-backend = {
     enable = true;
-    wantedBy = ["default.target"];
-    serviceConfig.ExecStart = ''/run/current-system/sw/bin/flask --app /var/www/krinitsin.com/shopping/app.py run -h krinitsin.com'';
+    wantedBy = ["multi-user.target"];
+    serviceConfig.ExecStart = ''/var/flask-backend/result/bin/app.py'';
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 5000 ];