WIP: Add nextcloud admin password

configuration/default.nix

@@ -71,7 +71,7 @@
     domain = "tlater.net";
 
     virtualHosts = let
-      host = port: extra:
+      proxyPassToPort = port: extra:
         lib.recursiveUpdate {
           forceSSL = true;
           enableACME = true;
@@ -83,9 +83,9 @@
         extra;
       domain = config.services.nginx.domain;
     in {
-      "${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
-      "gitea.${domain}" = host 3000 {};
-      "nextcloud.${domain}" = host 3001 {};
+      "${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];};
+      "gitea.${domain}" = proxyPassToPort 3000 {};
+      "nextcloud.${domain}" = proxyPassToPort 3001 {};
     };
   };
 

configuration/linode.nix

@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
+{...}: {
   # Required for the lish console
   boot.kernelParams = ["console=ttyS0,19200n8"];
 

flake.nix

@@ -92,6 +92,32 @@
       };
     };
 
+    apps.${system}.default = let
+      inherit (self.nixosConfigurations.vm.config.system.build) vm;
+      inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
+      inherit (nixpkgs.lib.attrsets) mapAttrsToList;
+      inherit (nixpkgs.lib.strings) concatStringsSep;
+      ports = {
+        "2222" = "2222";
+        "3080" = "80";
+        "3443" = "443";
+        "2221" = "2221";
+        "21025" = "21025"; # Starbound
+      };
+      QEMU_NET_OPTS =
+        concatStringsSep ","
+        (mapAttrsToList
+          (host: vm: "hostfwd=::${host}-:${vm}")
+          ports);
+    in {
+      type = "app";
+      program = builtins.toString (writeShellScript "run-vm" ''
+        export QEMU_OPTS="-m 3941 -smp 2 -curses"
+        export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
+        "${self.nixosConfigurations.vm.config.system.build.vm}/bin/run-tlaternet-vm"
+      '');
+    };
+
     devShells.${system}.default = pkgs.mkShell {
       sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
       nativeBuildInputs = [
@@ -103,25 +129,7 @@
         sops-pkgs.sops-init-gpg-key
       ];
 
-      shellHook = let
-        inherit (pkgs.lib.attrsets) mapAttrsToList;
-        inherit (pkgs.lib.strings) concatStringsSep;
-        ports = {
-          "2222" = "2222";
-          "3080" = "80";
-          "3443" = "443";
-          "2221" = "2221";
-          "21025" = "21025"; # Starbound
-        };
-        QEMU_NET_OPTS =
-          concatStringsSep ","
-          (mapAttrsToList
-            (host: vm: "hostfwd=::${host}-:${vm}")
-            ports);
-      in ''
-        export QEMU_OPTS="-m 3941 -smp 2 -curses"
-        export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
-
+      shellHook = ''
         # Work around sudo requiring a full terminal when deploying to
         # a remote host
         export NIX_SSHOPTS="-t"

keys/internal.yaml

@@ -0,0 +1,48 @@
+nextcloud:
+    tlater: ENC[AES256_GCM,data:zNsPm4uFaIRe3LjcwmayRg==,iv:5wam6bP5zP708jC9UrLV0s8qspl3Pm4fPzbMFYBUyPQ=,tag:apnJUMeJwMn9q0NhO4ptmA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-10-12T00:50:02Z"
+    mac: ENC[AES256_GCM,data:6EIC9W7If1c2OnP6j3u4SOcG26v/aScfRWyZeofhtM6Wkw52sonaBp3IsOkp/Jn/WWYKdNgffpBwMYfxI6JumsiZzb9cdED6Tr/fxjminoz8dopZTMgIYHj3ocIyU2M35SlsYE3iPEb4eHrmP/dIhExEQp2Hkin3afLHbmDV1Rs=,iv:kQ+OGNg3p/3i9d0Xlr/vp1ac14GYvg4GZqeXOt+9jZE=,tag:NYqyLUn9pTjSlrTAC/ke8g==,type:str]
+    pgp:
+        - created_at: "2022-10-12T00:46:51Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA7x7stsXx45CAQf9Hivg5x2NEKp3icdAIXKoBVTp5jnqJ2S5xDpK4cbCUwRd
+            Z2VyNjxAXdTgKsviXseWbtsEbqo41oqjtpZwXK36gT/miKSPYyBSLb689L70RpWR
+            aC4QzOHbYr1Trr1whkTVaQG1vd2u9ZEyxsi13ItiYVylu7tgMqaDqzE4Y47RPZtz
+            FWFY4chO5Tq/DL0blP8oCTLFx4LSL82JbZswCfqrSHX44HGZ/OELHqNhYNF6hkCr
+            DgYYh7l7s08farE+PnTbWt808Kd3kP8fCRaLm9nt1X1c5QQElaWBjGIscK9fOsV4
+            iVFQfPBdwBi8aawCmwvXOcg6sX050Ow3NeYQBJVICtJeAeHyetxxEYip6CrADsiq
+            UG1Np+p6Pcbq/k6E1vT6bsRrhUWPYC4yuh6Edg5p/jxa4DAlsq/OgDI9pquE9aIt
+            F8cQMHfIkNP8/HiM/KwmdHoTJiy8YCwqP/UalSJdVw==
+            =lnlW
+            -----END PGP MESSAGE-----
+          fp: 535B61015823443941C744DD12264F6BBDFABA89
+        - created_at: "2022-10-12T00:46:51Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA9ahl2ynTH87AQ/+ID/6Dcbat+YRvT8VpfKpZf2O6EFbI3dlPDkZ+f4yFW0R
+            uGKkLR69utM8FoEn1XUkPG3klDk5t/gQikS/d1lPZ6cPOsVzY4P2Te6LizP25vCE
+            cHkztZG/IuBCBfLp8xsEjF1OXEDnb7Klqd3aJuYrvJNm3SreNydRAGyM1E94+iQL
+            zLrHF0WbD+dVdVG+ZoHKouGHVVmcxTkfi8Ce63pHKxOiMgqJLnImC357mle4DlJV
+            1My0CPV9Y1ElY+W5s+a7sRgursR0AVOkuvWYT39VW+RmFpUZyRCgyW+L6ilCEcOV
+            VXJHf0IFylkqevh11BssIetHAtT8anqZ+wo3ON4gEHjcahufc1h8rOxEEsWe/qUC
+            XZzfwilOsY/vKJ+GTz5Cp8XAviozQL5o2O5H9PiHxQl019QHZgprJclGMlukCBkR
+            Uo3h1Rl2na8JqcolAlFGQ1/QxsOnJ/KAmOpUZ7fZqG2qnsXnFjXcuqo+0e58odaT
+            sZLIspvsEHBHKzsvUa6BT8bTc+GlsB3hFolBVdX4y9kTWuzxy0K6bKA9HMTf4FPW
+            w2hIlvYhlgEx9MVqKLbemN3ye2rC3GRUBXxVXmlXBmb7nXPZCOGqL6nrvtsQ1E4h
+            D9+sN+cvYh5lYPByjXYinT8TqFVpqX++qnpgHC+5c6WtDHlhRAyfIQK51wCyiZbS
+            UAG6iDEbCWwD7uHZjDmVycC2R/0HnO+o9xMBI6teKYziFhvn8m7R9gzr7zn/0x3t
+            dVMXtojhfbMPzYK0gT6xOn8SbYGH0MV7ddOm7+Kl3Z8Y
+            =zDer
+            -----END PGP MESSAGE-----
+          fp: 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b
+    unencrypted_suffix: _unencrypted
+    version: 3.7.2

modules/default.nix

@@ -1,9 +1,8 @@
-{lib, ...}:
-with lib; {
-  imports = [./virtualisation/pods.nix];
-
-  options.services.nginx.domain = mkOption {
-    type = types.str;
+{lib, ...}: let
+  inherit (lib) mkOption types;
+in {
+  options.services.nginx.domain = lib.mkOption {
+    type = lib.types.str;
     description = "The base domain name to append to virtual domain names";
   };
 }