feat(tazjin/nixos): run Radicle seed node & httpd on koptevo

Change-Id: Icd433f433c0abe8f54735ab45a636b4561fe8d3e Reviewed-on: https://cl.tvl.fyi/c/depot/+/12486 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2024-09-15 01:24:34 +03:00 · 2024-09-15 01:24:34 +03:00 · af6dc48971
commit af6dc48971
parent 0022285600
1 changed files with 41 additions and 0 deletions
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@ -225,6 +225,47 @@ in
    };
  };

+  # TODO(tazjin): move this to a module for radicle stuff
+  services.radicle = {
+    enable = true;
+    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHs6jSvMdtu9oJCt48etEs8ExjfGY5PmWQsRzFleogS";
+    privateKeyFile = "/etc/secrets/radicle"; # TODO: to manage, or not to manage ...
+
+    settings = {
+      web.pinned.repositories = [
+        "rad:z2mdnBK1tX6pibdBfRct3ThCgheHu" # tvix-go
+      ];
+
+      node = {
+        alias = "rad.tazj.in";
+        seedingPolicy.default = "block";
+      };
+    };
+
+    node = {
+      openFirewall = true;
+      listenAddress = "[::]";
+    };
+
+    httpd = {
+      enable = true;
+      listenAddress = "127.0.0.1";
+      listenPort = 7235; # radl
+    };
+  };
+
+  services.nginx.virtualHosts."rad.tazj.in" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://127.0.0.1:7235";
+  };
+
+  services.nginx.virtualHosts."rad.y.tazj.in" = {
+    enableSSL = true;
+    useACMEHost = "y.tazj.in";
+    locations."/".proxyPass = "http://127.0.0.1:7235";
+  };
+
  programs.mtr.enable = true;
  programs.mosh.enable = true;
  zramSwap.enable = true;