From af6dc4897132bb646f5740bd15a570cd50744c15 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@tvl.su>
Date: Sun, 15 Sep 2024 01:24:34 +0300
Subject: [PATCH] feat(tazjin/nixos): run Radicle seed node & httpd on koptevo

Change-Id: Icd433f433c0abe8f54735ab45a636b4561fe8d3e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12486
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
---
 users/tazjin/nixos/koptevo/default.nix | 41 ++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix
index a8c98427d..7c94afe9f 100644
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@@ -225,6 +225,47 @@ in
     };
   };
 
+  # TODO(tazjin): move this to a module for radicle stuff
+  services.radicle = {
+    enable = true;
+    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHs6jSvMdtu9oJCt48etEs8ExjfGY5PmWQsRzFleogS";
+    privateKeyFile = "/etc/secrets/radicle"; # TODO: to manage, or not to manage ...
+
+    settings = {
+      web.pinned.repositories = [
+        "rad:z2mdnBK1tX6pibdBfRct3ThCgheHu" # tvix-go
+      ];
+
+      node = {
+        alias = "rad.tazj.in";
+        seedingPolicy.default = "block";
+      };
+    };
+
+    node = {
+      openFirewall = true;
+      listenAddress = "[::]";
+    };
+
+    httpd = {
+      enable = true;
+      listenAddress = "127.0.0.1";
+      listenPort = 7235; # radl
+    };
+  };
+
+  services.nginx.virtualHosts."rad.tazj.in" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://127.0.0.1:7235";
+  };
+
+  services.nginx.virtualHosts."rad.y.tazj.in" = {
+    enableSSL = true;
+    useACMEHost = "y.tazj.in";
+    locations."/".proxyPass = "http://127.0.0.1:7235";
+  };
+
   programs.mtr.enable = true;
   programs.mosh.enable = true;
   zramSwap.enable = true;