1 files changed, 139 insertions, 0 deletions

diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
new file mode 100644
index 0000000..385f5bd
--- /dev/null
+++ b/hosts/p-body/default.nix
@@ -0,0 +1,139 @@
+{
+  config,
+  modulesPath,
+  pkgs,
+  guzzle-api-server,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/virtualisation/digital-ocean-image.nix")
+  ];
+
+  base = {
+    documentation.enable = false;
+    defaultPackages.enable = false;
+  };
+
+  networking = {
+    hostName = "p-body";
+    firewall = let
+      ports = [80 420];
+    in {
+      allowedUDPPorts = ports;
+      allowedTCPPorts = ports;
+    };
+  };
+
+  programs = {
+    git.enable = true;
+    vim.defaultEditor = true;
+  };
+
+  security = {
+    pam.enableSSHAgentAuth = true;
+  };
+
+  services = {
+    caddy = {
+      enable = true;
+
+      email = "[email protected]";
+
+      logFormat = ''
+        output stdout
+        format json
+      '';
+
+      extraConfig = ''
+        (strip-www) {
+        	redir https://{args.0}{uri}
+        }
+
+        (common_domain) {
+        	encode gzip
+
+        	handle {
+        		try_files {path} {path}/
+        	}
+
+        	handle_errors {
+        		@404 {
+        			expression {http.error.status_code} == 404
+        		}
+        		rewrite @404 /404.html
+        		file_server
+        	}
+        }
+
+        (no_embeds) {
+        	header /{args.0} X-Frame-Options DENY
+        }
+
+        (container_proxy) {
+        	handle_path /{args.0}/* {
+        		reverse_proxy {args.1}
+        	}
+        }
+      '';
+
+      globalConfig = ''
+        auto_https off
+      '';
+
+      virtualHosts = {
+        guzzle = rec {
+          hostName = "198.199.68.30";
+          serverAliases = [
+            "www.${hostName}"
+          ];
+          extraConfig = ''
+            root * /var/www
+            import common_domain
+
+            file_server
+
+            import container_proxy api :8000
+          '';
+        };
+      };
+    };
+
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
+
+    guzzle-api = {
+      enable = true;
+      url = "http://198.199.68.30/api/api";
+      port = "8000";
+      package = guzzle-api-server;
+    };
+
+    hercules-ci-agent.enable = true;
+
+    openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      ports = [420];
+    };
+  };
+
+  system.stateVersion = "22.11";
+
+  users.users = let
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeEbjzzzwf9Qyl0JorokhraNYG4M2hovyAAaA6jPpM7 seth@glados"
+    ];
+  in {
+    root = {inherit openssh;};
+    p-body = {
+      extraGroups = ["wheel"];
+      isNormalUser = true;
+      shell = pkgs.bash;
+      passwordFile = config.age.secrets.pbodyPassword.path;
+      inherit openssh;
+    };
+  };
+}