From cca51699eee9d4fc3391bfb296b397df26a895d9 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Wed, 18 Dec 2024 15:40:15 +0300
Subject: [PATCH] feat: Dynamic templating

---
 README.md                                     | 116 ++++++++++++++++++
 configuration.nix                             |  24 ++++
 flake.lock                                    |  10 +-
 flake.nix                                     |  10 ++
 lib/meta.nix                                  |  21 ++++
 sp-modules/bitwarden/flake.nix                |  24 ++++
 sp-modules/bitwarden/icon.svg                 |   3 +
 sp-modules/bitwarden/module.nix               |  48 +++++++-
 sp-modules/gitea/flake.nix                    |  22 ++++
 sp-modules/gitea/icon.svg                     |   3 +
 sp-modules/gitea/module.nix                   |  83 +++++++++++--
 sp-modules/jitsi-meet/flake.nix               |  24 ++++
 sp-modules/jitsi-meet/icon.svg                |   3 +
 sp-modules/jitsi-meet/module.nix              |  25 +++-
 sp-modules/monitoring/flake.nix               |  27 ++++
 sp-modules/monitoring/icon.svg                |   3 +
 sp-modules/monitoring/module.nix              |  14 ++-
 sp-modules/mumble/config-paths-needed.json    |   5 +
 sp-modules/mumble/flake.nix                   |  35 ++++++
 sp-modules/mumble/icon.svg                    |   9 ++
 sp-modules/mumble/module.nix                  |  87 +++++++++++++
 sp-modules/nextcloud/flake.nix                |  23 ++++
 sp-modules/nextcloud/icon.svg                 |  10 ++
 sp-modules/nextcloud/module.nix               |  36 +++++-
 sp-modules/ocserv/flake.nix                   |  20 +++
 sp-modules/ocserv/icon.svg                    |   3 +
 sp-modules/ocserv/module.nix                  |  17 ++-
 sp-modules/pleroma/flake.nix                  |  26 ++++
 sp-modules/pleroma/icon.svg                   |  10 ++
 sp-modules/pleroma/module.nix                 |  24 +++-
 sp-modules/roundcube/flake.nix                |  20 +++
 sp-modules/roundcube/icon.svg                 |   5 +
 sp-modules/roundcube/module.nix               |  17 ++-
 sp-modules/simple-nixos-mailserver/flake.nix  |  21 ++++
 sp-modules/simple-nixos-mailserver/icon.svg   |   3 +
 .../simple-nixos-mailserver/options.nix       |  14 ++-
 36 files changed, 802 insertions(+), 43 deletions(-)
 create mode 100644 lib/meta.nix
 create mode 100644 sp-modules/bitwarden/icon.svg
 create mode 100644 sp-modules/gitea/icon.svg
 create mode 100644 sp-modules/jitsi-meet/icon.svg
 create mode 100644 sp-modules/monitoring/icon.svg
 create mode 100644 sp-modules/mumble/config-paths-needed.json
 create mode 100644 sp-modules/mumble/flake.nix
 create mode 100644 sp-modules/mumble/icon.svg
 create mode 100644 sp-modules/mumble/module.nix
 create mode 100644 sp-modules/nextcloud/icon.svg
 create mode 100644 sp-modules/ocserv/icon.svg
 create mode 100644 sp-modules/pleroma/icon.svg
 create mode 100644 sp-modules/roundcube/icon.svg
 create mode 100644 sp-modules/simple-nixos-mailserver/icon.svg

diff --git a/README.md b/README.md
index 3625aaf..a1b72c2 100644
--- a/README.md
+++ b/README.md
@@ -109,3 +109,119 @@ If you added a new SelfPrivacy module, you have to also edit a `genUserdata` fun
         ```
         Substitute `PACKAGE_NAME` and `NIXPKGS_COMMIT_SHA1` with affected package name and nixpkgs commit SHA1 (found at step 1), respectively.
     3. Commit the [`overlay.nix`](overlay.nix) changes. Configuration is ready to be built.
+
+## SelfPrivacy Module schema
+
+### Flake.nix metadata
+
+```nix
+{
+  description = "Flake description";
+
+  outputs = { self }: {
+    nixosModules.default = import ./module.nix;
+    configPathsNeeded =
+      builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = {lib, ...}: {
+      # Schema version
+      spModuleVersion = 1;
+      # Must be the same name as flake and Systemd slice
+      id = "jitsi-meet";
+      # Service name displayed to a user
+      name = "JitsiMeet";
+      # Description displayed to a user
+      description = "Jitsi Meet is a free and open-source video conferencing solution.";
+      # Icon of the service
+      svgIcon = builtins.readFile ./icon.svg;
+      # Do we need to show URL in the UI? True by default
+      showUrl = true;
+      # If there are several subdomain options, which one to use to generate the URL?
+      primarySubdomain = "subdomain";
+      # Can be moved to another volume?
+      isMovable = false;
+      # Is required for SelfPrivacy operation?
+      isRequired = false;
+      # Can be backed up by API?
+      # Implied to be TRUE by default
+      canBeBackedUp = true;
+      # Description of the backup
+      backupDescription = "Secrets that are used to encrypt the communication.";
+      # Systemd services that API checks and manipulates
+      systemdServices = [
+        "prosody.service"
+        "jitsi-videobridge2.service"
+        "jicofo.service"
+      ];
+      # A unix user used by this service
+      # By default implied to be the same as the service ID
+      user = "jitsi-meet";
+      # A unix group used by this group
+      # By default implied to be the same as the user
+      group = "jitsi-meet";
+      # Folders that have to be moved or backed up
+      # Ownership is implied by the user/group defined above
+      folders = [
+        "/var/lib/jitsi-meet"
+      ];
+      # Same as above, but if you need to overwrite ownership
+      ownedFolders = [
+        {
+          path = "/var/lib/prometheus";
+          owner = "prometheus";
+          group = "prometheus";
+        }
+      ];
+      # PostgreSQL databases to back up
+      postgreDatabases = [];
+      # Licenses of this service
+      license = [
+        lib.licenses.asl20
+      ];
+      # Homepage for this service
+      homepage = "https://jitsi.org/meet";
+      # Git repository with the sources of this service
+      sourcePage = "https://github.com/jitsi/jitsi-meet";
+      # What is our support level for this service?
+      # Supported values:
+      # - normal
+      # - deprecated
+      # - experimental
+      supportLevel = "normal";
+    };
+  };
+}
+```
+
+### Flake options
+
+```nix
+enable = (lib.mkOption {
+  default = false;
+  type = lib.types.bool;
+  description = "Enable";
+}) // {
+  meta = {
+    type = "enable";
+  };
+};
+location = (lib.mkOption {
+  type = lib.types.str;
+  description = "Location";
+}) // {
+  meta = {
+    type = "location";
+  };
+};
+subdomain = (lib.mkOption {
+  default = "";
+  type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+  description = "Subdomain";
+}) // {
+  meta = {
+    widget = "subdomain";
+    type = "string";
+    regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+    weight = 0;
+  };
+};
+```
diff --git a/configuration.nix b/configuration.nix
index eeb02a7..4ee7959 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -14,6 +14,20 @@ let
       echo "$token"
     '';
   };
+  # TODO: We need this in the API's environmet, not here.
+  sp-fetch-remote-module = pkgs.writeShellApplication {
+    name = "sp-fetch-remote-module";
+    runtimeInputs = [ config.nix.package.out ];
+    text = ''
+      if [ "$#" -ne 1 ]; then
+        echo "Usage: $0 <URL>"
+        exit 1
+      fi
+
+      URL="$1"
+      nix eval --file /etc/nixos/sp-fetch-remote-module.nix --raw --apply "f: f { flakeURL = \"$URL\"; }" | jq .
+    '';
+  };
 in
 {
   imports = [
@@ -27,6 +41,15 @@ in
     # ./resources/limits.nix
   ];
 
+  environment.etc."sp-fetch-remote-module.nix" = {
+    text = ''
+      { flakeURL }: let
+        sp-module = builtins.getFlake flakeURL;
+        pkgs = import ${pkgs.path} {};
+      in (import ${./lib/meta.nix}) { inherit pkgs sp-module; }
+    '';
+  };
+
   fileSystems."/".options = [ "noatime" ];
 
   services.selfprivacy-api.enable = true;
@@ -90,6 +113,7 @@ in
     git
     jq
     sp-print-api-token
+    sp-fetch-remote-module
   ];
   # consider environment.defaultPackages = lib.mkForce [];
   documentation.enable = false; # no {man,info}-pages & docs, etc to save space
diff --git a/flake.lock b/flake.lock
index de7563d..7f0f7e4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1734269435,
-        "narHash": "sha256-KimSmykCfcGPKGUMgOxlC+s9nw7sNO5B8vW74Fj76Uc=",
-        "ref": "master",
-        "rev": "7d9150a77ab86f5624f726be1d03da23fd124334",
-        "revCount": 1473,
+        "lastModified": 1734807830,
+        "narHash": "sha256-nzkcvZjMo5bE2ZML404+9Hzhq7UmMx8+V+LclrCYZRA=",
+        "ref": "inex/dynamic-templating",
+        "rev": "fcc167fb33b4154f0685ac94f3def3a9dbcd26e6",
+        "revCount": 1487,
         "type": "git",
         "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git"
       },
diff --git a/flake.nix b/flake.nix
index f74bce0..27c0444 100644
--- a/flake.nix
+++ b/flake.nix
@@ -25,6 +25,16 @@
             deployment
             ./configuration.nix
             selfprivacy-api.nixosModules.default
+            ({ pkgs, lib, ... }: {
+              environment.etc = (lib.attrsets.mapAttrs'
+                (name: sp-module: {
+                  name = "sp-modules/${name}";
+                  value.text = import ./lib/meta.nix { inherit pkgs sp-module; };
+                })
+                sp-modules) // {
+                suggested-sp-modules.text = builtins.toJSON (builtins.attrNames (builtins.readDir ./sp-modules));
+              };
+            })
             (
               let
                 deepFilter = ref: attrset:
diff --git a/lib/meta.nix b/lib/meta.nix
new file mode 100644
index 0000000..35f9bc1
--- /dev/null
+++ b/lib/meta.nix
@@ -0,0 +1,21 @@
+{ sp-module, pkgs }:
+let
+  lib = pkgs.lib;
+  # sp-module = builtins.getFlake "git+file:.?dir=sp-modules/jitsi-meet";
+  # sp-module = builtins.getFlake flakeURL;
+  options = (pkgs.lib.evalModules { modules = [{ _module.check = false; } sp-module.nixosModules.default]; }).options;
+  # Transform a Nix option to a JSON structure with metadata
+  optionToMeta = (name: option: {
+    name = name;
+    description = if builtins.hasAttr "description" option then option.description else null;
+    loc = option.loc;
+    meta = if builtins.hasAttr "meta" option then option.meta else null;
+    # value = if builtins.hasAttr "value" option then option.value else null;
+    default = if builtins.hasAttr "default" option then option.default else null;
+  });
+in
+builtins.toJSON ({
+  meta = if builtins.hasAttr "meta" sp-module then sp-module.meta { inherit lib; } else null;
+  configPathsNeeded = sp-module.configPathsNeeded;
+  options = pkgs.lib.mapAttrs optionToMeta (builtins.head (lib.mapAttrsToList (name: value: value) options.selfprivacy.modules));
+})
diff --git a/sp-modules/bitwarden/flake.nix b/sp-modules/bitwarden/flake.nix
index d01d6b9..dfea84c 100644
--- a/sp-modules/bitwarden/flake.nix
+++ b/sp-modules/bitwarden/flake.nix
@@ -6,5 +6,29 @@
       { imports = [ ./module.nix ./cleanup-module.nix ]; };
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "bitwarden";
+      name = "Bitwarden";
+      description = "Bitwarden is a password manager.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = true;
+      isRequired = false;
+      backupDescription = "Password database, encryption certificate and attachments.";
+      systemdServices = [
+        "vaultwarden.service"
+      ];
+      user = "vaultwarden";
+      folders = [
+        "/var/lib/bitwarden"
+        "/var/lib/bitwarden_rs"
+      ];
+      license = [
+        lib.licenses.agpl3Only
+      ];
+      homepage = "https://github.com/dani-garcia/vaultwarden";
+      sourcePage = "https://github.com/dani-garcia/vaultwarden";
+      supportLevel = "normal";
+    };
   };
 }
diff --git a/sp-modules/bitwarden/icon.svg b/sp-modules/bitwarden/icon.svg
new file mode 100644
index 0000000..ced270c
--- /dev/null
+++ b/sp-modules/bitwarden/icon.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M5.125 2C4.2962 2 3.50134 2.32924 2.91529 2.91529C2.32924 3.50134 2 4.2962 2 5.125L2 18.875C2 19.7038 2.32924 20.4987 2.91529 21.0847C3.50134 21.6708 4.2962 22 5.125 22H18.875C19.7038 22 20.4987 21.6708 21.0847 21.0847C21.6708 20.4987 22 19.7038 22 18.875V5.125C22 4.2962 21.6708 3.50134 21.0847 2.91529C20.4987 2.32924 19.7038 2 18.875 2H5.125ZM6.25833 4.43333H17.7583C17.9317 4.43333 18.0817 4.49667 18.2083 4.62333C18.2688 4.68133 18.3168 4.7511 18.3494 4.82835C18.3819 4.9056 18.3983 4.98869 18.3975 5.0725V12.7392C18.3975 13.3117 18.2858 13.8783 18.0633 14.4408C17.8558 14.9751 17.5769 15.4789 17.2342 15.9383C16.8824 16.3987 16.4882 16.825 16.0567 17.2117C15.6008 17.6242 15.18 17.9667 14.7942 18.24C14.4075 18.5125 14.005 18.77 13.5858 19.0133C13.1667 19.2558 12.8692 19.4208 12.6925 19.5075C12.5158 19.5942 12.375 19.6608 12.2675 19.7075C12.1872 19.7472 12.0987 19.7674 12.0092 19.7667C11.919 19.7674 11.8299 19.7468 11.7492 19.7067C11.6062 19.6429 11.4645 19.5762 11.3242 19.5067C11.0218 19.3511 10.7242 19.1866 10.4317 19.0133C10.0175 18.7738 9.6143 18.5158 9.22333 18.24C8.7825 17.9225 8.36093 17.5791 7.96083 17.2117C7.52907 16.825 7.13456 16.3987 6.7825 15.9383C6.44006 15.4788 6.16141 14.9751 5.95417 14.4408C5.73555 13.9 5.62213 13.3225 5.62 12.7392V5.0725C5.62 4.89917 5.68333 4.75 5.80917 4.6225C5.86726 4.56188 5.93717 4.51382 6.01457 4.48129C6.09196 4.44875 6.17521 4.43243 6.25917 4.43333H6.25833ZM12.0083 6.35V17.7C12.8 17.2817 13.5092 16.825 14.135 16.3333C15.6992 15.1083 16.4808 13.9108 16.4808 12.7392V6.35H12.0083Z" fill="black"/>
+</svg>
diff --git a/sp-modules/bitwarden/module.nix b/sp-modules/bitwarden/module.nix
index ad4ab09..5fa12ca 100644
--- a/sp-modules/bitwarden/module.nix
+++ b/sp-modules/bitwarden/module.nix
@@ -7,28 +7,64 @@ let
 in
 {
   options.selfprivacy.modules.bitwarden = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable Vaultwarden";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    location = lib.mkOption {
+    location = (lib.mkOption {
       type = lib.types.str;
+      description = "Vaultwarden location";
+    }) // {
+      meta = {
+        type = "location";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "password";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
-    signupsAllowed = lib.mkOption {
+    signupsAllowed = (lib.mkOption {
       default = true;
       type = lib.types.bool;
+      description = "Allow new user signups";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 1;
+      };
     };
-    sendsAllowed = lib.mkOption {
+    sendsAllowed = (lib.mkOption {
       default = true;
       type = lib.types.bool;
+      description = "Allow users to use Bitwarden Send";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 2;
+      };
     };
-    emergencyAccessAllowed = lib.mkOption {
+    emergencyAccessAllowed = (lib.mkOption {
       default = true;
       type = lib.types.bool;
+      description = "Allow users to enable Emergency Access";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 3;
+      };
     };
   };
 
diff --git a/sp-modules/gitea/flake.nix b/sp-modules/gitea/flake.nix
index dd9857d..35f444a 100644
--- a/sp-modules/gitea/flake.nix
+++ b/sp-modules/gitea/flake.nix
@@ -5,5 +5,27 @@
     nixosModules.default = import ./module.nix;
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "gitea";
+      name = "Forgejo";
+      description = "Forgejo is a Git forge.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = true;
+      isRequired = false;
+      backupDescription = "Git repositories, database and user data.";
+      systemdServices = [
+        "forgejo.service"
+      ];
+      folders = [
+        "/var/lib/gitea"
+      ];
+      license = [
+        lib.licenses.gpl3Plus
+      ];
+      homepage = "https://forgejo.org";
+      sourcePage = "https://codeberg.org/forgejo/forgejo";
+      supportLevel = "normal";
+    };
   };
 }
diff --git a/sp-modules/gitea/icon.svg b/sp-modules/gitea/icon.svg
new file mode 100644
index 0000000..9ba8a76
--- /dev/null
+++ b/sp-modules/gitea/icon.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M2.60007 10.5899L8.38007 4.79995L10.0701 6.49995C9.83007 7.34995 10.2201 8.27995 11.0001 8.72995V14.2699C10.4001 14.6099 10.0001 15.2599 10.0001 15.9999C10.0001 16.5304 10.2108 17.0391 10.5859 17.4142C10.9609 17.7892 11.4696 17.9999 12.0001 17.9999C12.5305 17.9999 13.0392 17.7892 13.4143 17.4142C13.7894 17.0391 14.0001 16.5304 14.0001 15.9999C14.0001 15.2599 13.6001 14.6099 13.0001 14.2699V9.40995L15.0701 11.4999C15.0001 11.6499 15.0001 11.8199 15.0001 11.9999C15.0001 12.5304 15.2108 13.0391 15.5859 13.4142C15.9609 13.7892 16.4696 13.9999 17.0001 13.9999C17.5305 13.9999 18.0392 13.7892 18.4143 13.4142C18.7894 13.0391 19.0001 12.5304 19.0001 11.9999C19.0001 11.4695 18.7894 10.9608 18.4143 10.5857C18.0392 10.2107 17.5305 9.99995 17.0001 9.99995C16.8201 9.99995 16.6501 9.99995 16.5001 10.0699L13.9301 7.49995C14.1901 6.56995 13.7101 5.54995 12.7801 5.15995C12.3501 4.99995 11.9001 4.95995 11.5001 5.06995L9.80007 3.37995L10.5901 2.59995C11.3701 1.80995 12.6301 1.80995 13.4101 2.59995L21.4001 10.5899C22.1901 11.3699 22.1901 12.6299 21.4001 13.4099L13.4101 21.3999C12.6301 22.1899 11.3701 22.1899 10.5901 21.3999L2.60007 13.4099C1.81007 12.6299 1.81007 11.3699 2.60007 10.5899Z" fill="black"/>
+</svg>
diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix
index d854127..8fc063c 100644
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -6,47 +6,106 @@ let
     then "/volumes/${cfg.location}/gitea"
     else "/var/lib/gitea";
   cfg = sp.modules.gitea;
+  themes = [
+    "forgejo-auto"
+    "forgejo-light"
+    "forgejo-dark"
+    "gitea-auto"
+    "gitea-light"
+    "gitea-dark"
+  ];
 in
 {
   options.selfprivacy.modules.gitea = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable Forgejo";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    location = lib.mkOption {
+    location = (lib.mkOption {
       type = lib.types.str;
+      description = "Forgejo location";
+    }) // {
+      meta = {
+        type = "location";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "git";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
-    appName = lib.mkOption {
+    appName = (lib.mkOption {
       default = "SelfPrivacy git Service";
       type = lib.types.str;
+      description = "The name displayed in the web interface";
+    }) // {
+      meta = {
+        type = "string";
+        weight = 1;
+      };
     };
-    enableLfs = lib.mkOption {
+    enableLfs = (lib.mkOption {
       default = true;
       type = lib.types.bool;
+      description = "Enable Git LFS";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 2;
+      };
     };
-    forcePrivate = lib.mkOption {
+    forcePrivate = (lib.mkOption {
       default = false;
       type = lib.types.bool;
       description = "Force all new repositories to be private";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 3;
+      };
     };
-    disableRegistration = lib.mkOption {
+    disableRegistration = (lib.mkOption {
       default = false;
       type = lib.types.bool;
       description = "Disable registration of new users";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 4;
+      };
     };
-    requireSigninView = lib.mkOption {
+    requireSigninView = (lib.mkOption {
       default = false;
       type = lib.types.bool;
-      description = "Require signin to view any page";
+      description = "Force users to log in to view any page";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 5;
+      };
     };
-    defaultTheme = lib.mkOption {
+    defaultTheme = (lib.mkOption {
       default = "forgejo-auto";
-      type = lib.types.enum [ "forgejo-auto" "forgejo-light" "forgejo-dark" "auto" "gitea" "arc-green" ];
-      description = "The default theme for the gitea instance";
+      type = lib.types.enum themes;
+      description = "Default theme";
+    }) // {
+      meta = {
+        type = "enum";
+        options = themes;
+        weight = 6;
+      };
     };
   };
 
diff --git a/sp-modules/jitsi-meet/flake.nix b/sp-modules/jitsi-meet/flake.nix
index e93ae96..1e923d9 100644
--- a/sp-modules/jitsi-meet/flake.nix
+++ b/sp-modules/jitsi-meet/flake.nix
@@ -5,5 +5,29 @@
     nixosModules.default = import ./module.nix;
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "jitsi-meet";
+      name = "JitsiMeet";
+      description = "Jitsi Meet is a free and open-source video conferencing solution.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = false;
+      isRequired = false;
+      backupDescription = "Secrets that are used to encrypt the communication.";
+      systemdServices = [
+        "prosody.service"
+        "jitsi-videobridge2.service"
+        "jicofo.service"
+      ];
+      folders = [
+        "/var/lib/jitsi-meet"
+      ];
+      license = [
+        lib.licenses.asl20
+      ];
+      homepage = "https://jitsi.org/meet";
+      sourcePage = "https://github.com/jitsi/jitsi-meet";
+      supportLevel = "normal";
+    };
   };
 }
diff --git a/sp-modules/jitsi-meet/icon.svg b/sp-modules/jitsi-meet/icon.svg
new file mode 100644
index 0000000..e3a6eaa
--- /dev/null
+++ b/sp-modules/jitsi-meet/icon.svg
@@ -0,0 +1,3 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M26.6665 2.66663H5.33317C3.8665 2.66663 2.67984 3.86663 2.67984 5.33329L2.6665 29.3333L7.99984 24H26.6665C28.1332 24 29.3332 22.8 29.3332 21.3333V5.33329C29.3332 3.86663 28.1332 2.66663 26.6665 2.66663ZM26.6665 21.3333H6.89317L5.33317 22.8933V5.33329H26.6665V21.3333ZM18.6665 14.1333L22.6665 17.3333V9.33329L18.6665 12.5333V9.33329H9.33317V17.3333H18.6665V14.1333Z" fill="black"/>
+</svg>
diff --git a/sp-modules/jitsi-meet/module.nix b/sp-modules/jitsi-meet/module.nix
index f394ab4..87cf429 100644
--- a/sp-modules/jitsi-meet/module.nix
+++ b/sp-modules/jitsi-meet/module.nix
@@ -5,17 +5,36 @@ let
 in
 {
   options.selfprivacy.modules.jitsi-meet = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable JitsiMeet";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "meet";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
-    appName = lib.mkOption {
+    appName = (lib.mkOption {
       default = "Jitsi Meet";
       type = lib.types.str;
+      description = "The name displayed in the web interface";
+    }) // {
+      meta = {
+        type = "string";
+        weight = 1;
+      };
     };
   };
 
diff --git a/sp-modules/monitoring/flake.nix b/sp-modules/monitoring/flake.nix
index b6b3f77..76d9fdb 100644
--- a/sp-modules/monitoring/flake.nix
+++ b/sp-modules/monitoring/flake.nix
@@ -5,5 +5,32 @@
     nixosModules.default = import ./module.nix;
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "monitoring";
+      name = "Prometheus";
+      description = "Prometheus is used for resource monitoring and alerts.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = false;
+      isRequired = true;
+      canBeBackedUp = false;
+      backupDescription = "Backups are not available for Prometheus.";
+      systemdServices = [
+        "prometheus.service"
+      ];
+      ownedFolders = [
+        {
+          path = "/var/lib/prometheus";
+          owner = "prometheus";
+          group = "prometheus";
+        }
+      ];
+      license = [
+        lib.licenses.asl20
+      ];
+      homepage = "https://prometheus.io/";
+      sourcePage = "https://prometheus.io/";
+      supportLevel = "normal";
+    };
   };
 }
diff --git a/sp-modules/monitoring/icon.svg b/sp-modules/monitoring/icon.svg
new file mode 100644
index 0000000..db5daf0
--- /dev/null
+++ b/sp-modules/monitoring/icon.svg
@@ -0,0 +1,3 @@
+<svg width="128" height="128" viewBox="0 0 128 128" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M64.125 0.51C99.229 0.517 128.045 29.133 128 63.951C127.955 99.293 99.258 127.515 63.392 127.49C28.325 127.466 -0.0249987 98.818 1.26289e-06 63.434C0.0230013 28.834 28.898 0.503 64.125 0.51ZM44.72 22.793C45.523 26.753 44.745 30.448 43.553 34.082C42.73 36.597 41.591 39.022 40.911 41.574C39.789 45.777 38.52 50.004 38.052 54.3C37.381 60.481 39.81 65.925 43.966 71.34L24.86 67.318C24.893 67.92 24.86 68.148 24.925 68.342C26.736 73.662 29.923 78.144 33.495 82.372C33.872 82.818 34.732 83.046 35.372 83.046C54.422 83.084 73.473 83.08 92.524 83.055C93.114 83.055 93.905 82.945 94.265 82.565C98.349 78.271 101.47 73.38 103.425 67.223L83.197 71.185C84.533 68.567 86.052 66.269 86.93 63.742C89.924 55.099 88.682 46.744 84.385 38.862C80.936 32.538 77.754 26.242 79.475 18.619C75.833 22.219 74.432 26.798 73.543 31.517C72.671 36.167 72.154 40.881 71.478 45.6C71.38 45.457 71.258 45.35 71.236 45.227C71.1507 44.7338 71.0919 44.2365 71.06 43.737C70.647 36.011 69.14 28.567 65.954 21.457C64.081 17.275 62.013 12.995 63.946 8.001C62.639 8.694 61.456 9.378 60.608 10.357C58.081 13.277 57.035 16.785 56.766 20.626C56.535 23.908 56.22 27.205 55.61 30.432C54.97 33.824 53.96 37.146 51.678 40.263C50.76 33.607 50.658 27.019 44.722 22.793H44.72ZM93.842 88.88H34.088V99.26H93.842V88.88ZM45.938 104.626C45.889 113.268 54.691 119.707 65.571 119.24C74.591 118.851 82.57 111.756 81.886 104.626H45.938Z" fill="black"/>
+</svg>
diff --git a/sp-modules/monitoring/module.nix b/sp-modules/monitoring/module.nix
index 5981af7..9b2f92c 100644
--- a/sp-modules/monitoring/module.nix
+++ b/sp-modules/monitoring/module.nix
@@ -4,12 +4,22 @@ let
 in
 {
   options.selfprivacy.modules.monitoring = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable monitoring service";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    location = lib.mkOption {
+    location = (lib.mkOption {
       type = lib.types.str;
+      description = "Monitoring data location";
+    }) // {
+      meta = {
+        type = "location";
+      };
     };
   };
   config = lib.mkIf cfg.enable {
diff --git a/sp-modules/mumble/config-paths-needed.json b/sp-modules/mumble/config-paths-needed.json
new file mode 100644
index 0000000..a08720f
--- /dev/null
+++ b/sp-modules/mumble/config-paths-needed.json
@@ -0,0 +1,5 @@
+[
+  [ "selfprivacy", "domain" ],
+  [ "selfprivacy", "useBinds" ],
+  [ "selfprivacy", "modules", "mumble" ]
+]
diff --git a/sp-modules/mumble/flake.nix b/sp-modules/mumble/flake.nix
new file mode 100644
index 0000000..0d04808
--- /dev/null
+++ b/sp-modules/mumble/flake.nix
@@ -0,0 +1,35 @@
+{
+  description = "PoC SP module for Mumble conferences server";
+
+  outputs = { self }: {
+    nixosModules.default = import ./module.nix;
+    configPathsNeeded =
+      builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "mumble";
+      name = "Mumble";
+      description = "Open Source, Low Latency, High Quality Voice Chat.";
+      svgIcon = builtins.readFile ./icon.svg;
+      showUrl = false;
+      isMovable = true;
+      isRequired = false;
+      canBeBackedUp = true;
+      backupDescription = "Mumble server data.";
+      systemdServices = [
+        "murmur.service"
+      ];
+      user = "murmur";
+      group = "murmur";
+      folders = [
+        "/var/lib/murmur"
+      ];
+      license = [
+        lib.licenses.bsd3
+      ];
+      homepage = "https://www.mumble.info";
+      sourcePage = "https://github.com/mumble-voip/mumble";
+      supportLevel = "normal";
+    };
+  };
+}
diff --git a/sp-modules/mumble/icon.svg b/sp-modules/mumble/icon.svg
new file mode 100644
index 0000000..4289864
--- /dev/null
+++ b/sp-modules/mumble/icon.svg
@@ -0,0 +1,9 @@
+<svg width="400" height="400" viewBox="0 0 400 400" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M154.671 33.7001C128.787 33.0539 102.567 50.1899 96.0259 75.8328C94.5022 82.0493 93.8808 87.9428 93.771 93.9464C93.771 116.214 93.771 138.482 93.771 160.75C102.521 160.75 111.271 160.75 120.021 160.75C120.114 137.249 119.888 113.874 120.2 90.3245C121.007 75.3692 132.562 59.6034 148.601 59.7859C148.718 83.5881 148.36 107.405 148.79 131.197C150.158 150.545 168.49 166.558 187.895 164.917C200.018 164.623 212.232 165.624 224.275 164.156C242.614 160.718 255.306 142.041 253.601 123.784C253.601 102.484 253.601 81.1844 253.601 59.8844C270.283 58.6661 282.935 74.8609 283.675 90.4229C283.985 113.971 283.762 137.35 283.854 160.849C292.604 160.849 301.354 160.849 310.104 160.849C310.104 137.224 310.104 113.598 310.104 89.9735C309.245 82.3336 308.033 72.9843 303.893 65.6151C293.153 43.8263 268.032 32.0698 244.34 33.8408C237.419 32.9618 229.974 37.6415 228.079 44.2007C228.193 72.2761 228.274 100.361 228.063 128.432C227.272 140.191 215.683 149.184 204.117 147.691C195.936 148.046 186.694 147.705 181.114 140.675C173.593 132.726 176.112 121.349 175.671 111.473C175.691 88.6677 175.596 65.8833 175.802 43.1172C172.38 36.1964 164.774 32.624 157.239 33.7597L155.992 33.7425L154.671 33.7001Z" fill="black" stroke="white" stroke-width="1.05"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M299.59 329.324C298.856 329.316 296.114 328.72 295.452 329.148C295.452 329.148 294.365 332.316 290.618 335.104C287.329 337.552 284.205 339.899 280.859 342.1C277.854 344.077 274.629 346.214 271.608 347.668C269.231 348.812 267.289 348.978 267.289 348.978H233.458C231.345 348.978 229.613 350.645 229.613 352.719V353.638C229.613 355.712 231.345 357.411 233.458 357.411H269.032C269.85 357.411 272.809 356.55 274.568 355.778C278.953 353.854 281.812 351.404 286.863 348.399C292.233 344.964 302.164 336.969 302.164 336.969C303.928 335.826 304.399 333.515 303.234 331.785L302.733 330.997C302.005 329.915 300.813 329.336 299.59 329.324Z" fill="black" stroke="white" stroke-width="1.05"/>
+<path opacity="0.9666" fill-rule="evenodd" clip-rule="evenodd" d="M297.307 156.369V334.213C332.435 330.359 360.045 292.025 360.045 245.291C360.045 198.557 332.435 160.222 297.307 156.369Z" fill="black" stroke="white" stroke-width="1.05"/>
+<path opacity="0.9666" fill-rule="evenodd" clip-rule="evenodd" d="M106.179 157.314V335.158C71.0511 331.304 43.4417 292.969 43.4417 246.236C43.4417 199.502 71.0511 161.167 106.179 157.314Z" fill="black" stroke="white" stroke-width="1.05"/>
+<path opacity="0.9666" fill-rule="evenodd" clip-rule="evenodd" d="M233.639 352.008C233.639 356.464 230.597 360.737 225.182 363.888C219.767 367.038 212.422 368.808 204.764 368.808C197.106 368.808 189.762 367.038 184.347 363.888C178.931 360.737 175.889 356.464 175.889 352.008C175.889 347.553 178.931 343.28 184.347 340.129C189.762 336.978 197.106 335.208 204.764 335.208C212.422 335.208 219.767 336.978 225.182 340.129C230.597 343.28 233.639 347.553 233.639 352.008Z" fill="black" stroke="white" stroke-width="1.25891"/>
+<path opacity="0.9666" d="M291.817 153.492H286.022C283.782 153.492 281.966 155.156 281.966 157.209V330.321C281.966 332.374 283.782 334.039 286.022 334.039H291.817C294.057 334.039 295.873 332.374 295.873 330.321V157.209C295.873 155.156 294.057 153.492 291.817 153.492Z" fill="black" stroke="white" stroke-width="1.10295"/>
+<path opacity="0.9666" d="M116.998 154.537H111.319C109.123 154.537 107.344 156.201 107.344 158.254V331.377C107.344 333.43 109.123 335.094 111.319 335.094H116.998C119.193 335.094 120.973 333.43 120.973 331.377V158.254C120.973 156.201 119.193 154.537 116.998 154.537Z" fill="black" stroke="white" stroke-width="1.09192"/>
+</svg>
diff --git a/sp-modules/mumble/module.nix b/sp-modules/mumble/module.nix
new file mode 100644
index 0000000..d477e29
--- /dev/null
+++ b/sp-modules/mumble/module.nix
@@ -0,0 +1,87 @@
+{ config, lib, ... }:
+let
+  domain = config.selfprivacy.domain;
+  sp = config.selfprivacy;
+  cfg = sp.modules.mumble;
+in
+{
+  options.selfprivacy.modules.mumble = {
+    enable = (lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = "Enable Mumble";
+    }) // {
+      meta = {
+        type = "enable";
+      };
+    };
+    subdomain = (lib.mkOption {
+      default = "mumble";
+      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
+    };
+    location = (lib.mkOption {
+      type = lib.types.str;
+      description = "Location";
+    }) // {
+      meta = {
+        type = "location";
+      };
+    };
+    appName = (lib.mkOption {
+      default = "SelfPrivacy Mumble Service";
+      type = lib.types.str;
+      description = "The name of your Mumble server";
+    }) // {
+      meta = {
+        type = "string";
+        weight = 1;
+      };
+    };
+    welcomeText = (lib.mkOption {
+      default = "Welcome to my Mumble server!";
+      type = lib.types.str;
+      description = "Welcome message";
+    }) // {
+      meta = {
+        type = "string";
+        weight = 2;
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    fileSystems = lib.mkIf sp.useBinds {
+      "/var/lib/murmur" = {
+        device = "/volumes/${cfg.location}/murmur";
+        options = [
+          "bind"
+          "x-systemd.required-by=murmur.service"
+          "x-systemd.before=murmur.service"
+        ];
+      };
+    };
+    services.murmur = {
+      enable = true;
+      openFirewall = true;
+      registerHostname = "${cfg.subdomain}.${domain}";
+      hostName = "${cfg.subdomain}.${domain}";
+      registerName = cfg.appName;
+    };
+    systemd = {
+      services = {
+        murmur.serviceConfig.Slice = "mumble.slice";
+      };
+      slices.mumble = {
+        description = "Mumble service slice";
+      };
+    };
+  };
+}
diff --git a/sp-modules/nextcloud/flake.nix b/sp-modules/nextcloud/flake.nix
index 2cf384e..65031a2 100644
--- a/sp-modules/nextcloud/flake.nix
+++ b/sp-modules/nextcloud/flake.nix
@@ -6,5 +6,28 @@
       { imports = [ ./module.nix ./cleanup-module.nix ]; };
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "nextcloud";
+      name = "Nextcloud";
+      description = "Nextcloud is a cloud storage service that offers a web interface and a desktop client.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = true;
+      isRequired = false;
+      canBeBackedUp = true;
+      backupDescription = "All the files and other data stored in Nextcloud.";
+      systemdServices = [
+        "phpfpm-nextcloud.service"
+      ];
+      folders = [
+        "/var/lib/nextcloud"
+      ];
+      license = [
+        lib.licenses.agpl3Plus
+      ];
+      homepage = "https://nextcloud.com/";
+      sourcePage = "https://github.com/nextcloud";
+      supportLevel = "normal";
+    };
   };
 }
diff --git a/sp-modules/nextcloud/icon.svg b/sp-modules/nextcloud/icon.svg
new file mode 100644
index 0000000..d7dbcb5
--- /dev/null
+++ b/sp-modules/nextcloud/icon.svg
@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_51106_4974)">
+<path d="M12.018 6.53699C9.518 6.53699 7.418 8.24899 6.777 10.552C6.217 9.31999 4.984 8.44699 3.552 8.44699C2.61116 8.45146 1.71014 8.82726 1.04495 9.49264C0.379754 10.158 0.00420727 11.0591 0 12C0.00420727 12.9408 0.379754 13.842 1.04495 14.5073C1.71014 15.1727 2.61116 15.5485 3.552 15.553C4.984 15.553 6.216 14.679 6.776 13.447C7.417 15.751 9.518 17.463 12.018 17.463C14.505 17.463 16.594 15.77 17.249 13.486C17.818 14.696 19.032 15.553 20.447 15.553C21.3881 15.549 22.2895 15.1734 22.955 14.508C23.6205 13.8425 23.9961 12.9411 24 12C23.9958 11.059 23.6201 10.1577 22.9547 9.49229C22.2893 8.82688 21.388 8.4512 20.447 8.44699C19.031 8.44699 17.817 9.30499 17.248 10.514C16.594 8.22999 14.505 6.53599 12.018 6.53699ZM12.018 8.62199C13.896 8.62199 15.396 10.122 15.396 12C15.396 13.878 13.896 15.378 12.018 15.378C11.5739 15.38 11.1338 15.2939 10.7231 15.1249C10.3124 14.9558 9.93931 14.707 9.62532 14.393C9.31132 14.0789 9.06267 13.7057 8.89373 13.295C8.72478 12.8842 8.63888 12.4441 8.641 12C8.641 10.122 10.141 8.62199 12.018 8.62199ZM3.552 10.532C4.374 10.532 5.019 11.177 5.019 12C5.019 12.823 4.375 13.467 3.552 13.468C3.35871 13.47 3.16696 13.4334 2.988 13.3603C2.80905 13.2872 2.64648 13.1792 2.50984 13.0424C2.3732 12.9057 2.26524 12.7431 2.19229 12.5641C2.11934 12.3851 2.08286 12.1933 2.085 12C2.085 11.177 2.729 10.533 3.552 10.533V10.532ZM20.447 10.532C21.27 10.532 21.915 11.177 21.915 12C21.915 12.823 21.27 13.468 20.447 13.468C20.2537 13.47 20.062 13.4334 19.883 13.3603C19.704 13.2872 19.5415 13.1792 19.4048 13.0424C19.2682 12.9057 19.1602 12.7431 19.0873 12.5641C19.0143 12.3851 18.9779 12.1933 18.98 12C18.98 11.177 19.624 10.533 20.447 10.533V10.532Z" fill="black"/>
+</g>
+<defs>
+<clipPath id="clip0_51106_4974">
+<rect width="24" height="24" fill="white"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix
index f4b7d08..12ad007 100644
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -1,20 +1,44 @@
 { config, lib, pkgs, ... }:
 {
   options.selfprivacy.modules.nextcloud = with lib; {
-    enable = mkOption {
-      type = types.bool;
+    enable = (lib.mkOption {
       default = false;
+      type = lib.types.bool;
+      description = "Enable Nextcloud";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    location = mkOption {
-      type = types.str;
+    location = (lib.mkOption {
+      type = lib.types.str;
+      description = "Nextcloud location";
+    }) // {
+      meta = {
+        type = "location";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "cloud";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
-    enableImagemagick = lib.mkOption {
+    enableImagemagick = (lib.mkOption {
       type = types.bool;
       default = true;
+      description = "Enable ImageMagick";
+    }) // {
+      meta = {
+        type = "bool";
+        weight = 1;
+      };
     };
   };
 
diff --git a/sp-modules/ocserv/flake.nix b/sp-modules/ocserv/flake.nix
index d08ad70..9f09338 100644
--- a/sp-modules/ocserv/flake.nix
+++ b/sp-modules/ocserv/flake.nix
@@ -5,5 +5,25 @@
     nixosModules.default = import ./module.nix;
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "ocserv";
+      name = "OpenConnect VPN";
+      description = "OpenConnect VPN to connect your devices and access the internet.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = false;
+      isRequired = false;
+      canBeBackedUp = false;
+      backupDescription = "Backups are not available for OpenConnect VPN.";
+      systemdServices = [
+        "ocserv.service"
+      ];
+      license = [
+        lib.licenses.gpl2Plus
+      ];
+      homepage = "https://gitlab.com/openconnect/ocserv";
+      sourcePage = "https://gitlab.com/openconnect/ocserv";
+      supportLevel = "deprecated";
+    };
   };
 }
diff --git a/sp-modules/ocserv/icon.svg b/sp-modules/ocserv/icon.svg
new file mode 100644
index 0000000..288f743
--- /dev/null
+++ b/sp-modules/ocserv/icon.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12 1L3 5V11C3 16.55 6.84 21.74 12 23C17.16 21.74 21 16.55 21 11V5L12 1ZM12 11.99H19C18.47 16.11 15.72 19.78 12 20.93V12H5V6.3L12 3.19V11.99Z" fill="black"/>
+</svg>
diff --git a/sp-modules/ocserv/module.nix b/sp-modules/ocserv/module.nix
index f4d2dc0..a332a17 100644
--- a/sp-modules/ocserv/module.nix
+++ b/sp-modules/ocserv/module.nix
@@ -7,13 +7,26 @@ let
 in
 {
   options.selfprivacy.modules.ocserv = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "vpn";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
   };
 
diff --git a/sp-modules/pleroma/flake.nix b/sp-modules/pleroma/flake.nix
index a524458..2887c93 100644
--- a/sp-modules/pleroma/flake.nix
+++ b/sp-modules/pleroma/flake.nix
@@ -5,5 +5,31 @@
     nixosModules.default = import ./module.nix;
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "pleroma";
+      name = "Pleroma";
+      description = "Pleroma is a microblogging service that offers a web interface and a desktop client.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = true;
+      isRequired = false;
+      canBeBackedUp = true;
+      backupDescription = "Your Pleroma accounts, posts and media.";
+      systemdServices = [
+        "pleroma.service"
+      ];
+      folders = [
+        "/var/lib/pleroma"
+      ];
+      postgreDatabases = [
+        "pleroma"
+      ];
+      license = [
+        lib.licenses.agpl3Only
+      ];
+      homepage = "https://pleroma.social/";
+      sourcePage = "https://git.pleroma.social/pleroma/pleroma";
+      supportLevel = "deprecated";
+    };
   };
 }
diff --git a/sp-modules/pleroma/icon.svg b/sp-modules/pleroma/icon.svg
new file mode 100644
index 0000000..f87c438
--- /dev/null
+++ b/sp-modules/pleroma/icon.svg
@@ -0,0 +1,10 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_51106_4998)">
+<path d="M6.35999 1.07076e-06C6.11451 -0.000261753 5.87139 0.0478616 5.64452 0.14162C5.41766 0.235378 5.21149 0.372932 5.03782 0.546418C4.86415 0.719904 4.72638 0.925919 4.63237 1.15269C4.53837 1.37945 4.48999 1.62252 4.48999 1.868V24H10.454V1.07076e-06H6.35999ZM13.473 1.07076e-06V12H17.641C18.1364 12 18.6115 11.8032 18.9619 11.4529C19.3122 11.1026 19.509 10.6274 19.509 10.132V1.07076e-06H13.473ZM13.473 18.036V24H17.641C18.1364 24 18.6115 23.8032 18.9619 23.4529C19.3122 23.1026 19.509 22.6274 19.509 22.132V18.036H13.473Z" fill="black"/>
+</g>
+<defs>
+<clipPath id="clip0_51106_4998">
+<rect width="24" height="24" fill="white"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/sp-modules/pleroma/module.nix b/sp-modules/pleroma/module.nix
index f345e5d..14c10a5 100644
--- a/sp-modules/pleroma/module.nix
+++ b/sp-modules/pleroma/module.nix
@@ -6,16 +6,34 @@ let
 in
 {
   options.selfprivacy.modules.pleroma = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    location = lib.mkOption {
+    location = (lib.mkOption {
       type = lib.types.str;
+      description = "Location";
+    }) // {
+      meta = {
+        type = "location";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "social";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
   };
   config = lib.mkIf cfg.enable {
diff --git a/sp-modules/roundcube/flake.nix b/sp-modules/roundcube/flake.nix
index d335522..12035e8 100644
--- a/sp-modules/roundcube/flake.nix
+++ b/sp-modules/roundcube/flake.nix
@@ -5,5 +5,25 @@
     nixosModules.default = import ./module.nix;
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "roundcube";
+      name = "Roundcube";
+      description = "Roundcube is an open source webmail software.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = false;
+      isRequired = false;
+      canBeBackedUp = false;
+      backupDescription = "Nothing to backup.";
+      systemdServices = [
+        "phpfpm-roundcube.service"
+      ];
+      license = [
+        lib.licenses.gpl3
+      ];
+      homepage = "https://roundcube.net/";
+      sourcePage = "https://github.com/roundcube/roundcubemail";
+      supportLevel = "normal";
+    };
   };
 }
diff --git a/sp-modules/roundcube/icon.svg b/sp-modules/roundcube/icon.svg
new file mode 100644
index 0000000..35918e1
--- /dev/null
+++ b/sp-modules/roundcube/icon.svg
@@ -0,0 +1,5 @@
+<svg fill="none" version="1.1" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+    <g transform="translate(29.07 -.3244)">
+        <path d="m-17.02 2.705c-4.01 2e-7 -7.283 3.273-7.283 7.283 0 0.00524-1.1e-5 0.01038 0 0.01562l-1.85 1.068v5.613l9.105 5.26 9.104-5.26v-5.613l-1.797-1.037c1.008e-4 -0.01573 0.00195-0.03112 0.00195-0.04688-1e-7 -4.01-3.271-7.283-7.281-7.283zm0 2.012c2.923 1e-7 5.27 2.349 5.27 5.271 0 2.923-2.347 5.27-5.27 5.27-2.923-1e-6 -5.271-2.347-5.271-5.27 0-2.923 2.349-5.271 5.271-5.271z" fill="#000" fill-rule="evenodd" stroke-linejoin="bevel"/>
+    </g>
+</svg>
diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix
index a279ff1..8067289 100644
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@@ -5,13 +5,26 @@ let
 in
 {
   options.selfprivacy.modules.roundcube = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    subdomain = lib.mkOption {
+    subdomain = (lib.mkOption {
       default = "roundcube";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+      description = "Subdomain";
+    }) // {
+      meta = {
+        widget = "subdomain";
+        type = "string";
+        regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+        weight = 0;
+      };
     };
   };
 
diff --git a/sp-modules/simple-nixos-mailserver/flake.nix b/sp-modules/simple-nixos-mailserver/flake.nix
index a19d2da..cce75bb 100644
--- a/sp-modules/simple-nixos-mailserver/flake.nix
+++ b/sp-modules/simple-nixos-mailserver/flake.nix
@@ -14,6 +14,27 @@
     };
     configPathsNeeded =
       builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+    meta = { lib, ... }: {
+      spModuleVersion = 1;
+      id = "simple-nixos-mailserver";
+      name = "Mail Server";
+      description = "E-Mail for company and family.";
+      svgIcon = builtins.readFile ./icon.svg;
+      isMovable = true;
+      isRequired = true;
+      canBeBackedUp = true;
+      backupDescription = "Mail boxes and filters.";
+      systemdServices = [
+        "dovecot2.service"
+        "postfix.service"
+      ];
+      user = "virtualMail";
+      folders = [
+        "/var/vmail"
+        "/var/sieve"
+      ];
+      supportLevel = "normal";
+    };
 
     # TODO generate json docs from module? something like:
     # nix eval --impure --expr 'let flake = builtins.getFlake (builtins.toPath ./.); pkgs = flake.inputs.mailserver.inputs.nixpkgs.legacyPackages.x86_64-linux; in (pkgs.nixosOptionsDoc { inherit (pkgs.lib.evalModules { modules = [ flake.nixosModules.default ]; }) options; }).optionsJSON'
diff --git a/sp-modules/simple-nixos-mailserver/icon.svg b/sp-modules/simple-nixos-mailserver/icon.svg
new file mode 100644
index 0000000..b6d877d
--- /dev/null
+++ b/sp-modules/simple-nixos-mailserver/icon.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M13.3333 2.66675H2.66665C1.93331 2.66675 1.33998 3.26675 1.33998 4.00008L1.33331 12.0001C1.33331 12.7334 1.93331 13.3334 2.66665 13.3334H13.3333C14.0666 13.3334 14.6666 12.7334 14.6666 12.0001V4.00008C14.6666 3.26675 14.0666 2.66675 13.3333 2.66675ZM13.3333 12.0001H2.66665V5.33341L7.99998 8.66675L13.3333 5.33341V12.0001ZM7.99998 7.33341L2.66665 4.00008H13.3333L7.99998 7.33341Z" fill="black"/>
+</svg>
diff --git a/sp-modules/simple-nixos-mailserver/options.nix b/sp-modules/simple-nixos-mailserver/options.nix
index c6f6d3a..b8a5782 100644
--- a/sp-modules/simple-nixos-mailserver/options.nix
+++ b/sp-modules/simple-nixos-mailserver/options.nix
@@ -1,12 +1,22 @@
 { lib, ... }:
 {
   options.selfprivacy.modules.simple-nixos-mailserver = {
-    enable = lib.mkOption {
+    enable = (lib.mkOption {
       default = false;
       type = lib.types.bool;
+      description = "Enable mail server";
+    }) // {
+      meta = {
+        type = "enable";
+      };
     };
-    location = lib.mkOption {
+    location = (lib.mkOption {
       type = lib.types.str;
+      description = "Location";
+    }) // {
+      meta = {
+        type = "location";
+      };
     };
   };
 }