From dea9032530f80b8defd4251f23277f947aec9901 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Wed, 12 Oct 2022 13:11:11 +0100
Subject: [PATCH 1/3] flake.nix: Add app to start VM through `nix run`

---
 flake.nix | 46 +++++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/flake.nix b/flake.nix
index e1f2353..852694f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -92,6 +92,32 @@
       };
     };
 
+    apps.${system}.default = let
+      inherit (self.nixosConfigurations.vm.config.system.build) vm;
+      inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
+      inherit (nixpkgs.lib.attrsets) mapAttrsToList;
+      inherit (nixpkgs.lib.strings) concatStringsSep;
+      ports = {
+        "2222" = "2222";
+        "3080" = "80";
+        "3443" = "443";
+        "2221" = "2221";
+        "21025" = "21025"; # Starbound
+      };
+      QEMU_NET_OPTS =
+        concatStringsSep ","
+        (mapAttrsToList
+          (host: vm: "hostfwd=::${host}-:${vm}")
+          ports);
+    in {
+      type = "app";
+      program = builtins.toString (writeShellScript "run-vm" ''
+        export QEMU_OPTS="-m 3941 -smp 2 -curses"
+        export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
+        "${vm}/bin/run-tlaternet-vm"
+      '');
+    };
+
     devShells.${system}.default = pkgs.mkShell {
       sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
       nativeBuildInputs = [
@@ -103,25 +129,7 @@
         sops-pkgs.sops-init-gpg-key
       ];
 
-      shellHook = let
-        inherit (pkgs.lib.attrsets) mapAttrsToList;
-        inherit (pkgs.lib.strings) concatStringsSep;
-        ports = {
-          "2222" = "2222";
-          "3080" = "80";
-          "3443" = "443";
-          "2221" = "2221";
-          "21025" = "21025"; # Starbound
-        };
-        QEMU_NET_OPTS =
-          concatStringsSep ","
-          (mapAttrsToList
-            (host: vm: "hostfwd=::${host}-:${vm}")
-            ports);
-      in ''
-        export QEMU_OPTS="-m 3941 -smp 2 -curses"
-        export QEMU_NET_OPTS="${QEMU_NET_OPTS}"
-
+      shellHook = ''
         # Work around sudo requiring a full terminal when deploying to
         # a remote host
         export NIX_SSHOPTS="-t"

From 1ccc91921554ceb87474e2b9c8ca85ed4066b80d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Wed, 12 Oct 2022 01:24:54 +0100
Subject: [PATCH 2/3] treewide: Perform another nitpicking sweep

---
 configuration/default.nix |  8 ++++----
 configuration/linode.nix  |  7 +------
 modules/default.nix       | 11 +++++------
 3 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/configuration/default.nix b/configuration/default.nix
index b008454..e722628 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -71,7 +71,7 @@
     domain = "tlater.net";
 
     virtualHosts = let
-      host = port: extra:
+      proxyPassToPort = port: extra:
         lib.recursiveUpdate {
           forceSSL = true;
           enableACME = true;
@@ -83,9 +83,9 @@
         extra;
       domain = config.services.nginx.domain;
     in {
-      "${domain}" = host 3002 {serverAliases = ["www.${domain}"];};
-      "gitea.${domain}" = host 3000 {};
-      "nextcloud.${domain}" = host 3001 {};
+      "${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];};
+      "gitea.${domain}" = proxyPassToPort 3000 {};
+      "nextcloud.${domain}" = proxyPassToPort 3001 {};
     };
   };
 
diff --git a/configuration/linode.nix b/configuration/linode.nix
index 4224cfe..df1935f 100644
--- a/configuration/linode.nix
+++ b/configuration/linode.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
+{...}: {
   # Required for the lish console
   boot.kernelParams = ["console=ttyS0,19200n8"];
 
diff --git a/modules/default.nix b/modules/default.nix
index 46f5e10..55e356c 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,9 +1,8 @@
-{lib, ...}:
-with lib; {
-  imports = [./virtualisation/pods.nix];
-
-  options.services.nginx.domain = mkOption {
-    type = types.str;
+{lib, ...}: let
+  inherit (lib) mkOption types;
+in {
+  options.services.nginx.domain = lib.mkOption {
+    type = lib.types.str;
     description = "The base domain name to append to virtual domain names";
   };
 }

From 7e5e975f432887c0a62638ec493c6dcc8bddc2c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Wed, 12 Oct 2022 02:03:22 +0100
Subject: [PATCH 3/3] WIP: Add nextcloud admin password

---
 keys/internal.yaml | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 keys/internal.yaml

diff --git a/keys/internal.yaml b/keys/internal.yaml
new file mode 100644
index 0000000..316e6f5
--- /dev/null
+++ b/keys/internal.yaml
@@ -0,0 +1,48 @@
+nextcloud:
+    tlater: ENC[AES256_GCM,data:zNsPm4uFaIRe3LjcwmayRg==,iv:5wam6bP5zP708jC9UrLV0s8qspl3Pm4fPzbMFYBUyPQ=,tag:apnJUMeJwMn9q0NhO4ptmA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-10-12T00:50:02Z"
+    mac: ENC[AES256_GCM,data:6EIC9W7If1c2OnP6j3u4SOcG26v/aScfRWyZeofhtM6Wkw52sonaBp3IsOkp/Jn/WWYKdNgffpBwMYfxI6JumsiZzb9cdED6Tr/fxjminoz8dopZTMgIYHj3ocIyU2M35SlsYE3iPEb4eHrmP/dIhExEQp2Hkin3afLHbmDV1Rs=,iv:kQ+OGNg3p/3i9d0Xlr/vp1ac14GYvg4GZqeXOt+9jZE=,tag:NYqyLUn9pTjSlrTAC/ke8g==,type:str]
+    pgp:
+        - created_at: "2022-10-12T00:46:51Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA7x7stsXx45CAQf9Hivg5x2NEKp3icdAIXKoBVTp5jnqJ2S5xDpK4cbCUwRd
+            Z2VyNjxAXdTgKsviXseWbtsEbqo41oqjtpZwXK36gT/miKSPYyBSLb689L70RpWR
+            aC4QzOHbYr1Trr1whkTVaQG1vd2u9ZEyxsi13ItiYVylu7tgMqaDqzE4Y47RPZtz
+            FWFY4chO5Tq/DL0blP8oCTLFx4LSL82JbZswCfqrSHX44HGZ/OELHqNhYNF6hkCr
+            DgYYh7l7s08farE+PnTbWt808Kd3kP8fCRaLm9nt1X1c5QQElaWBjGIscK9fOsV4
+            iVFQfPBdwBi8aawCmwvXOcg6sX050Ow3NeYQBJVICtJeAeHyetxxEYip6CrADsiq
+            UG1Np+p6Pcbq/k6E1vT6bsRrhUWPYC4yuh6Edg5p/jxa4DAlsq/OgDI9pquE9aIt
+            F8cQMHfIkNP8/HiM/KwmdHoTJiy8YCwqP/UalSJdVw==
+            =lnlW
+            -----END PGP MESSAGE-----
+          fp: 535B61015823443941C744DD12264F6BBDFABA89
+        - created_at: "2022-10-12T00:46:51Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA9ahl2ynTH87AQ/+ID/6Dcbat+YRvT8VpfKpZf2O6EFbI3dlPDkZ+f4yFW0R
+            uGKkLR69utM8FoEn1XUkPG3klDk5t/gQikS/d1lPZ6cPOsVzY4P2Te6LizP25vCE
+            cHkztZG/IuBCBfLp8xsEjF1OXEDnb7Klqd3aJuYrvJNm3SreNydRAGyM1E94+iQL
+            zLrHF0WbD+dVdVG+ZoHKouGHVVmcxTkfi8Ce63pHKxOiMgqJLnImC357mle4DlJV
+            1My0CPV9Y1ElY+W5s+a7sRgursR0AVOkuvWYT39VW+RmFpUZyRCgyW+L6ilCEcOV
+            VXJHf0IFylkqevh11BssIetHAtT8anqZ+wo3ON4gEHjcahufc1h8rOxEEsWe/qUC
+            XZzfwilOsY/vKJ+GTz5Cp8XAviozQL5o2O5H9PiHxQl019QHZgprJclGMlukCBkR
+            Uo3h1Rl2na8JqcolAlFGQ1/QxsOnJ/KAmOpUZ7fZqG2qnsXnFjXcuqo+0e58odaT
+            sZLIspvsEHBHKzsvUa6BT8bTc+GlsB3hFolBVdX4y9kTWuzxy0K6bKA9HMTf4FPW
+            w2hIlvYhlgEx9MVqKLbemN3ye2rC3GRUBXxVXmlXBmb7nXPZCOGqL6nrvtsQ1E4h
+            D9+sN+cvYh5lYPByjXYinT8TqFVpqX++qnpgHC+5c6WtDHlhRAyfIQK51wCyiZbS
+            UAG6iDEbCWwD7uHZjDmVycC2R/0HnO+o9xMBI6teKYziFhvn8m7R9gzr7zn/0x3t
+            dVMXtojhfbMPzYK0gT6xOn8SbYGH0MV7ddOm7+Kl3Z8Y
+            =zDer
+            -----END PGP MESSAGE-----
+          fp: 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b
+    unencrypted_suffix: _unencrypted
+    version: 3.7.2