From 433f4b76ef0447f69401e1657f4cee16b88643c7 Mon Sep 17 00:00:00 2001
From: Schrottkatze <git@schrottkatze.de>
Date: Tue, 21 Nov 2023 08:09:07 +0100
Subject: [PATCH] to be perfectly honest this is a mess and I lost overview.

---
 flake.nix                            |  3 +--
 justfile                             |  8 ++++++++
 modules/base-stuff.nix               | 22 +++++++++++-----------
 modules/conduit.nix                  |  2 +-
 modules/containers/calckey.nix       |  2 +-
 modules/containers/phtanumb-wiki.nix |  1 +
 modules/hedgedoc.nix                 | 13 +++++++++++++
 modules/proxy.nix                    | 20 ++++++++++++++++++++
 modules/vaultwarden.nix              | 28 ++++++++++++++++++++++++++++
 9 files changed, 84 insertions(+), 15 deletions(-)
 create mode 100644 justfile
 create mode 100644 modules/hedgedoc.nix
 create mode 100644 modules/vaultwarden.nix

diff --git a/flake.nix b/flake.nix
index f84c77b..f855f30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,7 +41,6 @@
         katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
           deployment = {
             targetHost = "katzen.cafe";
-            #targetHost = "2a01:4f8:c17:c51f::";
             buildOnTarget = true;
           };
           imports = [
@@ -55,9 +54,9 @@
             ./modules/forgejo.nix
             ./modules/mumble.nix
             ./modules/modded-mc.nix
-            #./modules/prosody.nix
             ./modules/monitoring.nix
             ./modules/mailserver.nix
+            ./modules/vaultwarden.nix
           ];
 
           system.stateVersion = "22.11";
diff --git a/justfile b/justfile
new file mode 100644
index 0000000..6351c1a
--- /dev/null
+++ b/justfile
@@ -0,0 +1,8 @@
+deploy:
+	colmena apply
+
+build:
+	colmena build
+
+update: 
+	nix flake update --commit-lock-file
diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix
index 7555eb0..41114df 100644
--- a/modules/base-stuff.nix
+++ b/modules/base-stuff.nix
@@ -69,16 +69,16 @@
   #networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
   #networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
 
-  users.users.april = {
-   isNormalUser = true;
-   packages = with pkgs; [ git ];
-   createHome = true;
-   extraGroups = [ "docker" ];
-   openssh.authorizedKeys.keys = [
-    #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
-   ];
-  };
+  # users.users.april = {
+  #  isNormalUser = true;
+  #  packages = with pkgs; [ git ];
+  #  createHome = true;
+  #  extraGroups = [ "docker" ];
+  #  openssh.authorizedKeys.keys = [
+  #   #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
+  #   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
+  #  ];
+  # };
   services.cron.systemCronJobs = [
     "0 0 * * *  april  cd /home/april && ./build.sh"
   ];
@@ -90,7 +90,7 @@
   };
 
   environment.systemPackages = with pkgs; [
-    vim wget neofetch btop
+    vim wget neofetch btop arion
   ];
 
   fileSystems."/" = { 
diff --git a/modules/conduit.nix b/modules/conduit.nix
index ce3f83d..0bdc80f 100644
--- a/modules/conduit.nix
+++ b/modules/conduit.nix
@@ -152,7 +152,7 @@ in
     upstreams = {
       "backend_conduit" = {
         servers = {
-          "localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
+          "[::1]:${toString config.services.matrix-conduit.settings.global.port}" = { };
         };
       };
     };
diff --git a/modules/containers/calckey.nix b/modules/containers/calckey.nix
index 1acc1ea..0e3dcab 100644
--- a/modules/containers/calckey.nix
+++ b/modules/containers/calckey.nix
@@ -8,7 +8,7 @@
       networks.calcnet.name = "calcnet";
       services = {
         "web".service = {
-          image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
+          image = "iceshrimp.dev/iceshrimp/iceshrimp:latest";
           container_name = "calckey_web";
           restart = "unless-stopped";
           depends_on = [ "db" "redis" ];
diff --git a/modules/containers/phtanumb-wiki.nix b/modules/containers/phtanumb-wiki.nix
index 1045599..0d69c08 100644
--- a/modules/containers/phtanumb-wiki.nix
+++ b/modules/containers/phtanumb-wiki.nix
@@ -33,6 +33,7 @@
             {
               ip = "10.0.1.2";
               port = 80;
+              # TODO for when not in train: set this true and deploy
               ssl = false;
             }
           ];
diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix
new file mode 100644
index 0000000..1d51ffa
--- /dev/null
+++ b/modules/hedgedoc.nix
@@ -0,0 +1,13 @@
+{ ... }:
+{
+  services.hedgedoc = {
+    enable = true;
+    domain = "pad.katzen.cafe";
+    settings = {
+      oauth2 = {
+        userProfileURL = "";
+        
+      };
+    };
+  };
+}
diff --git a/modules/proxy.nix b/modules/proxy.nix
index b2fa152..84e2733 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -11,6 +11,10 @@
         group = "nginx";
         keyType = "rsa4096";
       };
+      "vw.katzen.cafe" = {
+        group = "nginx";
+        keyType = "rsa4096";
+      };
       "miau.katzen.cafe" = {
         group = "nginx";
         keyType = "rsa4096";
@@ -104,6 +108,22 @@
           proxyWebsockets = true;
         };
       };
+      "vw.katzen.cafe" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:8812"; 
+          proxyWebsockets = true;
+        };
+        locations."/notifications/hub" = {
+          proxyPass = "http://localhost:3012";
+          proxyWebsockets = true;
+        };
+        locations."/notifications/hub/negotiate" = {
+          proxyPass = "http://localhost:8812";
+          proxyWebsockets = true;
+        };
+      };
       "ck.katzen.cafe" = {
         forceSSL = true;
         enableACME = true;
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
new file mode 100644
index 0000000..bd131d6
--- /dev/null
+++ b/modules/vaultwarden.nix
@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    environmentFile = "/var/lib/secrets/vaultwarden.env";
+    config = {
+      WEBSOCKET_ENABLED = true;
+      WEBSOCKET_ADDRESS = "127.0.0.1";
+      WEBSOCKET_PORT = 3012;
+      SMTP_HOST = "mail.katzen.cafe";
+      SMTP_FROM = "noreply@katzen.cafe";
+      SMTP_FROM_NAME = "Katzen.cafe Vaultwarden";
+      SMTP_PORT = "465";
+      SMTP_USERNAME = "noreply@katzen.cafe";
+      SMTP_SECURITY = "force_tls";
+      DOMAIN = "https://vw.katzen.cafe";
+      SIGNUPS_ALLOWED = false;
+      ROCKET_PORT = 8812;
+    };
+  };
+  deployment.keys = {
+    "vaultwarden.env" = {
+      keyCommand = [ "pass" "vaultwarden/envfile" ];
+      destDir = "/var/lib/secrets";
+      user = "vaultwarden"; 
+    };
+  };
+}