From 74754554e85a9af337eab8f0205fb6e7885603e3 Mon Sep 17 00:00:00 2001
From: satr14 <admin@satr14.my.id>
Date: Mon, 13 Apr 2026 08:03:22 +0700
Subject: [PATCH 1/2] move tunnels to options.nix

---
 lib/options.nix                    |  7 +++++++
 modules/system/homelab/tunnels.nix | 14 +++-----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/lib/options.nix b/lib/options.nix
index dd3f22a..65e2f7e 100644
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -46,6 +46,13 @@ in {
       [ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ]
       [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ]
     ];
+    routes = {
+      "git.${domain}"     = "http://localhost:5080";
+      "auth.${domain}"    = "http://localhost:1411";
+      "dash.${domain}"    = "http://localhost:5070";
+      "media.${domain}"   = "http://localhost:8096";
+      "gallery.${domain}" = "http://localhost:2284";
+    };
     proxy = {
       base = "proxy.${domain}";
       hosts = {
diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix
index 8cf0fb6..c1a9c8d 100644
--- a/modules/system/homelab/tunnels.nix
+++ b/modules/system/homelab/tunnels.nix
@@ -1,19 +1,11 @@
-{ pkgs, lib, homelab, ... }: let
-  routes = {
-    "git.${homelab.domain}"     = "http://localhost:5080";
-    "auth.${homelab.domain}"    = "http://localhost:1411";
-    "dash.${homelab.domain}"    = "http://localhost:5070";
-    "media.${homelab.domain}"   = "http://localhost:8096";
-    "gallery.${homelab.domain}" = "http://localhost:2284";
-  };
-in {
+{ pkgs, lib, homelab, ... }: {
   services.cloudflared = {
     enable = true;
     tunnels.homelab = {
       credentialsFile = "/mnt/data/cloudflared/homelab.json";
       certificateFile = "/mnt/data/cloudflared/cert.pem";
       default = "http_status:404";
-      ingress = routes;
+      ingress = homelab.routes;
     };
   };
   
@@ -32,6 +24,6 @@ in {
     script = lib.concatMapStringsSep "\n" (domain: ''
       echo "Ensuring DNS route for ${domain}..."
       ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true
-    '') (builtins.attrNames routes);
+    '') (builtins.attrNames homelab.routes);
   };
 }

From 4b2c7464f066b9ea16e4ff8b4e60a995c194a659 Mon Sep 17 00:00:00 2001
From: satr14 <admin@satr14.my.id>
Date: Mon, 13 Apr 2026 08:16:16 +0700
Subject: [PATCH 2/2] cryptpad and copyparty

---
 lib/options.nix                 |  5 +++++
 modules/system/homelab/cdn.nix  |  5 +++++
 modules/system/homelab/docs.nix | 15 +++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 modules/system/homelab/cdn.nix
 create mode 100644 modules/system/homelab/docs.nix

diff --git a/lib/options.nix b/lib/options.nix
index 65e2f7e..18a0ca1 100644
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -35,6 +35,8 @@ in {
     dash = [
       [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ]
       [ "Forgejo" "forgejo" "https://git.${domain}" "http://localhost:5080/" ]
+      [ "Copyparty" "files" "https://cdn.${domain}" "http://localhost:3923/" ]
+      [ "CryptPad" "cryptpad" "https://docs.${domain}" "http://localhost:7090/" ]
       [ "CodeServer" "coder" "https://code.proxy.${domain}" "http://localhost:8443/" ]
       [ "AdGuardHome" "adguard" "https://dns.proxy.${domain}" "http://localhost:8088/" ]
       [ "Traefik" "traefikproxy" "https://dynamic.proxy.${domain}/dashboard/" "" ]
@@ -48,6 +50,8 @@ in {
     ];
     routes = {
       "git.${domain}"     = "http://localhost:5080";
+      "cdn.${domain}"     = "http://localhost:3923";
+      "docs.${domain}"    = "http://localhost:7090";
       "auth.${domain}"    = "http://localhost:1411";
       "dash.${domain}"    = "http://localhost:5070";
       "media.${domain}"   = "http://localhost:8096";
@@ -72,6 +76,7 @@ in {
         "pass"       = d "http://localhost:8060";
         "auth"       = d "http://localhost:1411";
         "git"        = d "http://localhost:5080";
+        "cdn"        = d "http://localhost:3923";
         "ai"         = d "http://localhost:8080";
         "@"          = d "http://localhost:5070";
       };
diff --git a/modules/system/homelab/cdn.nix b/modules/system/homelab/cdn.nix
new file mode 100644
index 0000000..a481800
--- /dev/null
+++ b/modules/system/homelab/cdn.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [ copyparty-most ];
+
+  # TODO: systemd service
+}
diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix
new file mode 100644
index 0000000..849e23d
--- /dev/null
+++ b/modules/system/homelab/docs.nix
@@ -0,0 +1,15 @@
+{ homelab, ... }: let
+  domain = "docs.${homelab.domain}";
+in {
+  services.cryptpad = {
+    enable = true;
+    settings = {
+      httpPort = 7090;
+      websocketPort = 7080;
+      httpUnsafeOrigin = "https://${domain}";
+      httpSafeOrigin = "https://${domain}";
+      blockDailyCheck = true;
+      disableIntegratedEviction = true;
+    };
+  };
+}
\ No newline at end of file