loptland: babysteps

modules/desktop/niri.nix

@@ -28,7 +28,8 @@
         ...
       }:
       {
-        config = lib.mkIf osConfig.programs.niri.enable {
+
+        config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") {
           programs.niri.settings = {
             input = {
               keyboard = {

modules/hosts/loptland/default.nix

@@ -5,7 +5,69 @@
 let
 in
 {
-  flake.modules.nixos."hosts/loptland" = {
+  flake.modules.nixos."hosts/loptland" =
+    {
+      inputs,
+      lib,
+      pkgs,
+      modulesPath,
+      ...
+    }:
+    let
+      sopsFile = ../../../secrets/secrets-loptland.yaml;
 
-  };
+    in
+    {
+      nixpkgs.config.allowUnfree = true;
+      services.qemuGuest.enable = true;
+
+      imports =
+        with config.flake.modules.nixos;
+        [
+          (modulesPath + "/profiles/qemu-guest.nix")
+          inputs.catppuccin.nixosModules.catppuccin
+
+          # System modules
+          base
+          server
+          dev
+
+          # apps
+
+          # Users
+          cholli
+        ]
+        ++ [
+          {
+            home-manager.users.cholli = {
+              imports = with config.flake.modules.homeManager; [
+                inputs.catppuccin.homeModules.catppuccin
+
+                # components
+                base
+                dev
+
+                # Activate all user based config
+                cholli
+              ];
+            };
+          }
+
+        ];
+
+      sops = {
+        secrets = {
+          "forgejo/db/password" = {
+            inherit sopsFile;
+          };
+          "forgejo/mail/password" = {
+            inherit sopsFile;
+          };
+          "forgejo/mail/passwordHash" = {
+            inherit sopsFile;
+          };
+        };
+      };
+
+    };
 }

modules/hosts/loptland/hardware.nix

@@ -0,0 +1,55 @@
+{
+  config,
+  ...
+}:
+let
+in
+{
+  flake.modules.nixos."hosts/loptland" =
+    {
+      inputs,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      boot = {
+        kernelPackages = pkgs.linuxPackages_latest;
+        loader = {
+          systemd-boot.enable = true;
+          efi.canTouchEfiVariables = true;
+        };
+      };
+
+      boot.initrd.availableKernelModules = [
+        "ata_piix"
+        "uhci_hcd"
+        "virtio_pci"
+        "sr_mod"
+        "virtio_blk"
+      ];
+      boot.initrd.kernelModules = [ ];
+      boot.kernelModules = [ ];
+      boot.extraModulePackages = [ ];
+
+      fileSystems."/" = {
+        device = "/dev/disk/by-uuid/26b098dd-0a15-49c5-9998-75f43d17eb26";
+        fsType = "ext4";
+      };
+
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-uuid/30AB-7309";
+        fsType = "vfat";
+        options = [
+          "fmask=0077"
+          "dmask=0077"
+        ];
+      };
+
+      swapDevices = [ { device = "/dev/disk/by-uuid/b9bcb425-cb1c-40a1-89bb-d7fe6b421834"; } ];
+
+      networking.useDHCP = lib.mkDefault true;
+      nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+    };
+
+}

modules/hosts/loptland/nginx.nix

@@ -0,0 +1,76 @@
+{
+  flake.modules.nixos."hosts/loptland" =
+    {
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    let
+      domainName = "christophhollizeck.dev";
+      forgejoPort = 3000;
+      hydraPort = 2000;
+    in
+    {
+      services.nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+
+        virtualHosts = {
+          "git.${domainName}" = {
+            forceSSL = true;
+            useACMEHost = domainName;
+
+            locations."/" = {
+              extraConfig = ''
+                client_max_body_size 200M;
+              '';
+              proxyPass = "http://localhost:${toString forgejoPort}/";
+            };
+          };
+
+          "hydra.${domainName}" = lib.mkIf config.services.hydra.enable {
+            forceSSL = true;
+            useACMEHost = domainName;
+
+            locations."/" = {
+              proxyPass = "http://localhost:${toString hydraPort}/";
+            };
+          };
+
+          "ha.${domainName}" = {
+            forceSSL = true;
+            useACMEHost = domainName;
+
+            locations."/" = {
+              # tailscale ip
+              extraConfig = ''
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+              '';
+              proxyPass = "http://100.86.23.74:8123";
+            };
+          };
+
+          "nixcache.${domainName}" = lib.mkIf config.services.nix-serve.enable {
+            forceSSL = true;
+            useACMEHost = domainName;
+
+            locations."/" = {
+              proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+            };
+          };
+
+          "_" = {
+            forceSSL = true;
+            useACMEHost = domainName;
+
+            locations."/" = {
+              proxyPass = "https://${domainName}";
+            };
+          };
+        };
+      };
+
+    };
+}

modules/server/acme.nix

@@ -1,4 +1,4 @@
-{
+topLevel: {
   flake.modules.nixos.server =
     {
       config,
@@ -41,10 +41,10 @@
       security.acme = {
         acceptTerms = true;
         defaults = {
-          inherit (config.flake.meta.users.cholli) email;
+          inherit (topLevel.config.flake.meta.users.cholli) email;
 
-          group = lib.optional config.services.nginx.enable "nginx";
-          reloadServices = lib.optional config.services.nginx.enable "nginx.service";
+          group = lib.mkIf config.services.nginx.enable "nginx";
+          reloadServices = lib.mkIf config.services.nginx.enable "nginx.service";
 
           dnsProvider = "netcup";
           environmentFile = config.sops.templates."netcup.env".path;

modules/users/cholli/default.nix

@@ -14,6 +14,7 @@
 
         authorizedKeys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Pr7p0jizrvIl0UhcvrmL5SHRQQQWIcHLAnRFyUZS6"
         ];
 
       };