X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Fdilion.nix;h=cf00ba67aedd4e2f9989df69caa4c0d8d8e3156c;hb=05becbbb4be5cd18cb12d60a2d2bc0fbcda74fe4;hp=a59d60797dc79b7f173e1a7a6573105a021f34cc;hpb=200690c9aecec1f38c1a62a65916df2950e1afe7;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index a59d607..cf00ba6 100644
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -1,11 +1,12 @@
-{ privateFiles }:
 { config, pkgs, name, lib, ... }:
 {
   deployment = {
     targetUser = "root";
-    targetHost = config.hostEnv.ips.main.ip4;
+    targetHost = lib.head config.hostEnv.ips.main.ip4;
     substituteOnDestination = true;
   };
+  # ssh-keyscan dilion | nix-shell -p ssh-to-age --run ssh-to-age
+  secrets.ageKeys = [ "age1x49n6qa0arkdpq8530s7umgm0gqkq90exv4jep97q30rfnzknpaqate06a" ];
   nixpkgs.system = lib.mkOverride 900 "x86_64-linux";
   boot = {
     loader = {
@@ -31,7 +32,7 @@
   powerManagement.cpuFreqGovernor = "powersave";
   hardware.enableRedistributableFirmware = true;
 
-  myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
+  myEnv = import ../../../nixops/secrets/environment.nix;
 
   swapDevices = [ { label = "swap"; } ];
   fileSystems = {
@@ -54,10 +55,10 @@
     hostId = "27c3048d"; # generated with head -c4 /dev/urandom | od -A none -t x4
     firewall.enable = false;
     interfaces."eth0".ipv4.addresses =
-      [ { address = config.hostEnv.ips.main.ip4; prefixLength = 27; } ]
-      ++ pkgs.lib.attrsets.mapAttrsToList
-        (n: ips: { address = ips.ip4; prefixLength = 32; })
-        (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips);
+      [ { address = lib.head config.hostEnv.ips.main.ip4; prefixLength = 27; } ]
+      ++ pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
+        (n: ips: map (ip: { address = ip; prefixLength = 32; }) (ips.ip4 or []))
+        (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips));
     interfaces."eth0".ipv6.addresses =
       [ { address = "2a01:4f8:141:53e7::"; prefixLength = 64; } ]
       ++ pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
@@ -88,10 +89,10 @@
     isSystemUser = true;
     group = "libvirtd";
     packages = [ pkgs.netcat-openbsd ];
-    openssh.authorizedKeys.keyFiles = [
-      "${privateFiles}/buildbot_ssh_key.pub"
+    openssh.authorizedKeys.keys = [
+      config.myEnv.buildbot.ssh_key.public
+      config.myEnv.sshd.rootKeys.ismael_flony
     ];
-    openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.ismael_flony ];
   };
 
   users.users.backup = {
@@ -172,8 +173,17 @@
     user = config.services.nginx.user;
     group = config.services.nginx.group;
     extraDomains = {
-      "dev.immae.eu" = null;
-      "caldance.immae.eu" = null;
+      "dilion.immae.dev" = null;
+      "caldance.cs.immae.dev" = null;
+      "zulip.carpentier.earth" = null;
+      "zulip.tof.carpentier.earth" = null;
+      "zulip.dine.carpentier.earth" = null;
+      "zulip.quentin.carpentier.earth" = null;
+      "zulip.agnes.carpentier.earth" = null;
+
+      "ofn.nc.immae.dev" = null;
+
+      "bookstack.cc.immae.dev" = null;
     };
   };
   services.nginx = {
@@ -185,13 +195,13 @@
       caldance.servers."caldance:3031" = {};
     };
     virtualHosts = {
-      "dev.immae.eu" = {
+      "dilion.immae.dev" = {
         acmeRoot = config.myServices.certificates.webroot;
         useACMEHost = name;
         forceSSL = true;
         root = "/home/immae/www";
       };
-      "caldance.immae.eu" = {
+      "caldance.cs.immae.dev" = {
         acmeRoot = config.myServices.certificates.webroot;
         useACMEHost = name;
         forceSSL = true;
@@ -205,6 +215,48 @@
           auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
         '';
       };
+      "bookstack.cc.immae.dev" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:4003";
+      };
+      "ofn.nc.immae.dev" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:3000";
+      };
+      "zulip.carpentier.earth" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:4002";
+      };
+      "zulip.tof.carpentier.earth" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:4002";
+      };
+      "zulip.dine.carpentier.earth" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:4002";
+      };
+      "zulip.quentin.carpentier.earth" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:4002";
+      };
+      "zulip.agnes.carpentier.earth" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:4002";
+      };
     };
   };