From 530dbe25b9b7f6f4cda1f7cd2d5ef9ffc4b462e1 Mon Sep 17 00:00:00 2001
From: sadan <117494111+sadan4@users.noreply.github.com>
Date: Sun, 23 Feb 2025 14:31:53 -0500
Subject: [PATCH] pray

---
 boxes/serverpc/configuration.nix    |  1 +
 common/systemModules/cloudflare.env | 17 +++++++++++++++
 common/systemModules/nginx.nix      | 33 +++++++++++++++++++++++++++++
 common/users/docker/vw/nginx.nix    | 18 ++++++++++++++++
 common/users/meyer/default.nix      | 10 ++++++++-
 5 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 common/systemModules/cloudflare.env
 create mode 100644 common/systemModules/nginx.nix
 create mode 100644 common/users/docker/vw/nginx.nix

diff --git a/boxes/serverpc/configuration.nix b/boxes/serverpc/configuration.nix
index 59a1701..2384d08 100644
--- a/boxes/serverpc/configuration.nix
+++ b/boxes/serverpc/configuration.nix
@@ -16,6 +16,7 @@
     ../../common/systemModules/crypt.nix
     ../../common/systemModules/nix.nix
     ../../common/systemModules/sshd.nix
+    ../../common/systemModules/nginx.nix
     ../../common/systemModules/tailscaleServer.nix
     # USERS
     ../../common/users/meyer-server
diff --git a/common/systemModules/cloudflare.env b/common/systemModules/cloudflare.env
new file mode 100644
index 0000000..0e9e74d
--- /dev/null
+++ b/common/systemModules/cloudflare.env
@@ -0,0 +1,17 @@
+#ENC[AES256_GCM,data:v6rE8b0fnEx/DH7rbjqJ4ADp4GZFjBFAC2wyxVZ8w75BUia9riY/8CDfK1OxfHAFmOHNBR+BuGtmVge7/pl+fIJIp4nNVAKO8A==,iv:illJEsGoPVpAY7OOh+7UAuJ8KZwHk832YlzSlrDGIBI=,tag:nibfzrb0QpOqlAxUExbm5A==,type:comment]
+#ENC[AES256_GCM,data:EeqjEsR3wqNT7lmH1+Hvi9DldA==,iv:SZ+An3x99mEDBg7gAR2IzgE/cR1cxvv1w4xtKL+hDi0=,tag:gyWhiWX0hd0pA32NMrByhQ==,type:comment]
+CF_ZONE_API_TOKEN=ENC[AES256_GCM,data:UlODZYshxVd81Dq8PAFMHJyYvIA7RvB9WE5wyXHicj4oAXTqOWHSyQ==,iv:hIPLSn+364jrH/410JsPDzb99M2VgdjnV5ZcTt5GlS4=,tag:VYVGKRw+NeWSO6cM1xwYtQ==,type:str]
+#ENC[AES256_GCM,data:1Uccwewa6HNN/gmdBpUVI4yw,iv:oOd5aDfvtMl7/jInkPEq2niJKakvQ9/L/s9+QhilPDw=,tag:1NPZuwSnePqs4/Icxaa4Lw==,type:comment]
+CF_DNS_API_TOKEN=ENC[AES256_GCM,data:1uHf8XqCwI31y8+BrB+R8HNB9PlX9fSqJbScsWz0Cv0xuoK8YSDqBg==,iv:oFXmRUl6j84w4pp6H2eezf/0fvYZnf26Y0E3x3EBam8=,tag:xu3fP0EWSlCxZaivceSG6Q==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUDJGYXdBeDlya1Q5ZGp2\neVppc2FOTHovODh2d3RuNFJMNXpvR2NGcGlBCitqdy9PQUVKeHd4NHhqekwxZXJ0\nN0kxWEJCaG53Y0M1bUdLdlFmelJPeHMKLS0tIGpMcXpsb2Q4YTdCZ3UrNGh2a3Jl\nemhsV0t6cWtBaWE5WkREbm9JY1B6U1UKLuD5Q3i6+TKTJJtqncTFstJtXLX8LuT4\nqS6YVzhfE9Das4lUY+Drrlv0+Ijq6b+RD5rLUhkyEYNAWt6CjW6dAw==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1xsuyaeehzv4ar4f6xpc6tfp9pttzjf7qdyl3x2tj42vjc8szlqpq834e3d
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb2dWS1B6bGY4aEdiU3dy\nMzFWbThjZTQrckgwNDhVTTVjUjBLTmNla0ZnCnlUNmx0ZGlwcm82bE1YRVZwWTV3\nYXlZcHJiNWxib3laSXVkUzQzVzVqejgKLS0tIFhKd3NEWFg0T0dGOWNqUnVrNkt4\nVFhEQVREUFpQQ0JYd04yazdCYjdHTkEK9+PBolaT2Ef3RKaendBXTRO1YvMb9YzA\n5+/aAHY7vtr0tfYw6RmsiTwN3ELTHDIduKeH6J7WYBc8BIKWTw7g5w==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age1tq8zaaqe8t4u2jgyf7usngtzyql0ymyxq6hntmu04vt5ypwhxensmzynhl
+sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSytsK1JtYnlVY2dBZUFh\nSGw3bDl4NG5PWEc5OURLVnhGNU5BNGV3ZURzCkMxY3A1aC9xSlloSHVvM2hyeTQ5\nNmd3OElpOWpNMVU0TWFxYjFSa1EzODQKLS0tIHcrcXVaUTNMZUJWenBLSU12Sm90\nSXZVdHNCWjhXcDNRb0FTZ1BxK0dsbk0Kws6KSYEe5Og4TSwKZ6Z33O+0E1oLoUMZ\nIrB/7PI9XJM591KuMcDpE/vuavIdT5hQHpYWSAIN4dW25hALUacJiw==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_2__map_recipient=age1cz006hex596lmj88kkhrkvq89luqk59hxuq83q4kvhz82ltwpe4ss8gm3t
+sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1cjIzSEwrR3F3RzdZenpX\nNFRBekFGTmhCV1dtZTVRQWtXUEJteSthNzNVCmhIa001YWkwMUgyZTZxNmlHbVVk\nTTk2dDlMNDA3MHJLTFNGeTRCMlhub3cKLS0tIC90UTlqbndFM0E2d3QxRE5kNHc0\nQTByZ2lHT0hYRk13ZUVvU0ZQUFJJWlEKFHH0o5nHp0yIKaasdj7j243GnClUlwA+\nxhGdyt3jR1fk728eP8jg3EWIzcSG4mo4ch1lTu8lc4QvsB9Xld4NvA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_3__map_recipient=age1sn4uu6r6wrylpznx75jcw7ww58r9cut35n40gu4scpt9xy79rgrq2d7wga
+sops_lastmodified=2025-02-23T19:23:02Z
+sops_mac=ENC[AES256_GCM,data:yK1tua3jAU1vNbkOVekl5cO13TSAE6C9j1PBpkwkWAdJJWnskI7hg/SGleScqTUvVnrdjDFJkC9SbGi1/HtXZ8kExwkGqtAOaD178Di2/7SqdDRZ2bT3fKix9FRk+PJN3K+eCoO+DDnNz5GahFmDO/FYavsF36CXnc0fS6OqiKo=,iv:YYLSBal9qWj+MW+26XWeeBV7te/W9NdJzbPDQAjtlPU=,tag:0kiPK1+wu770Z1Uohof0FA==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.9.4
diff --git a/common/systemModules/nginx.nix b/common/systemModules/nginx.nix
new file mode 100644
index 0000000..fbf1539
--- /dev/null
+++ b/common/systemModules/nginx.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+{
+  services = {
+    nginx = {
+      user = "root";
+      enable = true;
+      logError = "syslog:warn";
+      statusPage = true;
+    };
+  };
+  sops = {
+    secrets = {
+      cloudflare_env = {
+        format = "dotenv";
+        sopsFile = ./cloudflare.env;
+      };
+    };
+  };
+  security = {
+    acme = {
+      certs = {
+        "sadan.zip" = {
+          dnsProvider = "cloudflare";
+          extraDomains = [
+            "*.sadan.zip"
+          ];
+          environmentFile = config.sops.secrets.cloudflare_env.path;
+        };
+      };
+      acceptTerms = true;
+    };
+  };
+}
diff --git a/common/users/docker/vw/nginx.nix b/common/users/docker/vw/nginx.nix
new file mode 100644
index 0000000..c83b51f
--- /dev/null
+++ b/common/users/docker/vw/nginx.nix
@@ -0,0 +1,18 @@
+{ ... }:
+{
+  services = {
+    nginx = {
+      virtualHosts = {
+        "vw.sadan.zip" = {
+          forceSSL = true;
+          useACMEHost = "sadan.zip";
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:3231";
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/common/users/meyer/default.nix b/common/users/meyer/default.nix
index 9c4a618..af34ebe 100644
--- a/common/users/meyer/default.nix
+++ b/common/users/meyer/default.nix
@@ -18,6 +18,7 @@ in
     (import ../../systemModules/nixHelper.nix { inherit NAME; })
     (import ../../programs/wireshark.nix { inherit NAME; })
     (import ../../programs/kanata.nix { inherit NAME; })
+    import ./docker/vw/nginx.nix
   ];
   users = {
     users = {
@@ -39,7 +40,14 @@ in
   home-manager = {
     extraSpecialArgs = { inherit inputs stable unstable; };
     users = {
-      "${NAME}" = import ./home.nix;
+      "${NAME}" =
+        { ... }:
+        {
+          imports = [
+            ../docker/vw
+            ./home.nix
+          ];
+        };
     };
   };
 }