Add host surgat and move weechat to it.

2020-12-30 15:11:19 +01:00 · 2020-12-30 15:11:19 +01:00 · cbfe1f0d11
commit cbfe1f0d11
parent 186fb9d017
6 changed files with 68 additions and 16 deletions
--- a/default.nix
+++ b/default.nix
@ -7,6 +7,9 @@ with pkgs;
  hmModules = import ./modules/home;
  overlays = import ./overlays;

+  profiles = import ./modules/profiles;
+  hmProfiles = import ./modules/home/profiles;
+
  tubslatex = callPackage ./pkgs/tubslatex {};
  keys = callPackage ./pkgs/keys {};
 }
--- a/hosts/gorgon/home/default.nix
+++ b/hosts/gorgon/home/default.nix
@ -19,6 +19,7 @@ in
    kitty.enable = true;
    ssh.enable = true;
    syncthing.enable = true;
+    tmux.enable = true;
    xdg.enable = true;
    zsh.enable = true;

--- a/hosts/ifrit/default.nix
+++ b/hosts/ifrit/default.nix
@ -2,7 +2,7 @@
 let
  hostAliases = [
    "ifrit.dadada.li"
-    "vpn.dadada.li"
+    "bs.vpn.dadada.li"
    "media.dadada.li"
    "media.local"
  ];
@ -36,8 +36,6 @@ in {
        key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
      };
    };
-
-    weechat.enable = true;
  };

  services.borgbackup.repos = {
@ -117,16 +115,16 @@ in {
  security.acme = {
    email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
    acceptTerms = true;
-    certs."webchat.dadada.li" = {
-      credentialsFile = "/var/lib/lego/acme-joker.env";
-      dnsProvider = "joker";
-      postRun = "systemctl reload nginx.service";
-    };
-    certs."weechat.dadada.li" = {
-      credentialsFile = "/var/lib/lego/acme-joker.env";
-      dnsProvider = "joker";
-      postRun = "systemctl reload nginx.service";
-    };
+  #  certs."webchat.dadada.li" = {
+  #    credentialsFile = "/var/lib/lego/acme-joker.env";
+  #    dnsProvider = "joker";
+  #    postRun = "systemctl reload nginx.service";
+  #  };
+  #  certs."weechat.dadada.li" = {
+  #    credentialsFile = "/var/lib/lego/acme-joker.env";
+  #    dnsProvider = "joker";
+  #    postRun = "systemctl reload nginx.service";
+  #  };
  };

  users.users."mist" = {
--- a/hosts/surgat/default.nix
+++ b/hosts/surgat/default.nix
@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+let
+  hostName = "surgat";
+  this = import ../.. {};
+  keys = ../../pkgs/keys/keys;
+in {
+  imports = [ this.profiles.base ];
+
+  networking.hostName = hostName;
+
+  dadada.admin = {
+    enable = true;
+    users = [ "dadada" ];
+  };
+
+  dadada.networking.vpnExtension = "4";
+  dadada.weechat.enable = true;
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [
+      22 # SSH
+      80 443 # HTTPS
+    ];
+    allowedUDPPorts = [
+      51234 # Wireguard
+    ];
+  };
+
+  security.acme = {
+    email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+}
--- a/modules/profiles/default.nix
+++ b/modules/profiles/default.nix
@ -0,0 +1,4 @@
+{
+  base = ./base;
+  laptop = ./laptop;
+}
--- a/modules/weechat.nix
+++ b/modules/weechat.nix
@ -14,9 +14,12 @@ in {
    };

    services.nginx.virtualHosts."webchat.dadada.li" = {
-      useACMEHost = "webchat.dadada.li";
+      enableACME = true;
      forceSSL = true;
-      serverAliases = [ "webchat.${config.networking.domain}" ];
+      serverAliases = [
+        "webchat.${config.networking.domain}"
+        "weechat.${config.networking.domain}"
+      ];

      root = pkgs.glowing-bear;

@ -30,7 +33,7 @@ in {
      };
    };
    services.nginx.virtualHosts."weechat.dadada.li" = {
-      useACMEHost = "weechat.dadada.li";
+      useACMEHost = "webchat.dadada.li";
      forceSSL = true;
      serverAliases = [ "weechat.${config.networking.domain}" ];