From cd7ef95c15b2184a95b61111cfaa9ca176c4a055 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Sat, 2 Jan 2021 16:09:42 +0100
Subject: [PATCH] Add pruflas

---
 hosts/default.nix         |  1 +
 hosts/pruflas/default.nix | 83 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100644 hosts/pruflas/default.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index ade7342..e22e9f5 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -2,4 +2,5 @@
   ifrit = ./ifrit;
   gorgon = ./gorgon;
   surgat = ./surgat;
+  pruflas = ./pruflas;
 }
diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix
new file mode 100644
index 0000000..91e0712
--- /dev/null
+++ b/hosts/pruflas/default.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, lib, ... }:
+let
+  hostName = "pruflas";
+  this = import ../.. { inherit pkgs; };
+in
+{
+  imports = [ this.profiles.base ];
+
+  networking.hostName = hostName;
+
+  services.hydra = {
+    enable = true;
+    hydraURL = "hydra.dadada.li";
+    notificationSender = "hydra@localhost";
+    buildMachinesFiles = [ ];
+    useSubstitutes = true;
+  };
+
+  nix.buildMachines = [
+    {
+      hostName = "localhost";
+      system = "x86_64-linux";
+      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+      maxJobs = 8;
+    }
+  ];
+
+  services.nginx = {
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    logError = "/dev/null";
+    appendHttpConfig = ''
+      access_log off;
+    '';
+  };
+
+  dadada.admin = {
+    enable = true;
+    users = {
+      "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ];
+    };
+  };
+
+  dadada.networking.vpnExtension = "5";
+  dadada.backupClient = {
+    enable = true;
+    bs = true;
+  };
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [
+      22 # SSH
+      80
+      443 # HTTPS
+    ];
+    allowedUDPPorts = [
+      51234 # Wireguard
+    ];
+  };
+
+  security.acme = {
+    email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  swapDevices = [
+    {
+      device = "/var/swapfile";
+      size = 32768;
+    }
+  ];
+}