Ingress quasar configurations

2025-10-08 17:47:10 -07:00 · 2025-10-08 17:47:10 -07:00 · ae246349e1
commit ae246349e1
parent 9eb0949e60
4 changed files with 106 additions and 0 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -14,4 +14,12 @@ in {
    modules = [ ./astral ];
    specialArgs = { inherit (self) nixosModules; };
  };
  quasar = nixosSystem {
    system = "x86_64-linux";
    modules = [ ./quasar ];
    specialArgs = {
      inherit (self) nixosModules;
      inherit agenix;
    };
  };
 }
--- a/hosts/quasar/default.nix
+++ b/hosts/quasar/default.nix
@ -0,0 +1,89 @@
 { modulesPath, nixosModules, agenix, pkgs, config, ... }: {
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    nixosModules.nettika
    nixosModules.promptmoji
    agenix.nixosModules.default
  ];
  nixpkgs.config.allowUnfree = true;
  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
    trusted-users = [ "@wheel" ];
  };
  security.sudo.wheelNeedsPassword = false;
  environment.variables.EDITOR = "nano";
  networking = {
    hostName = "quasar";
    networkmanager.enable = true;
    firewall.allowedTCPPorts = [ 80 443 ];
  };
  environment.systemPackages = [ pkgs.htop ];
  age.secrets = {
    matrix-synapse-secrets.file = ./secrets/matrix-synapse-secrets.age;
  };
  services.postgresql = { enable = true; };
  services.caddy = {
    enable = true;
    virtualHosts = {
      "consortium.chat".extraConfig = ''
        reverse_proxy localhost:8008
        header Strict-Transport-Security "max-age=63072000; includeSubDomains"
      '';
      "matrix.consortium.chat".extraConfig = ''
        reverse_proxy /_matrix/* localhost:8008
        reverse_proxy /_synapse/client/* localhost:8008
      '';
      "admin.consortium.chat".extraConfig = ''
        root * ${pkgs.synapse-admin}
        file_server
      '';
    };
  };
  services.matrix-synapse = {
    enable = true;
    settings = {
      server_name = "consortium.chat";
      serve_server_wellknown = true;
    };
    extraConfigFiles = [ config.age.secrets.matrix-synapse-secrets.path ];
  };
  programs.git = {
    enable = true;
    lfs.enable = true;
    config = {
      init.defaultBranch = "master";
      user = {
        email = "git@nettika.cat";
        name = "Nettika";
      };
      credential.helper = "store";
    };
  };
  programs.nano = {
    enable = true;
    nanorc = ''
      set autoindent
      set linenumbers
    '';
  };
  programs.fish.enable = true;
  promptSymbol = "🌟";
  time.timeZone = "America/Los_Angeles";
  system.stateVersion = "24.05";
 }
--- a/hosts/quasar/secrets/matrix-synapse-secrets.age
+++ b/hosts/quasar/secrets/matrix-synapse-secrets.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 f+PJrQ Iv9sdO33a3P4MqwsqV9fG1pZo2qflmlKYr2oDI/guwQ
 oUUIBdg9Ey5RTBDFTKTvAdQGxKWtdlBluBE2Urosc7Y
 --- pAqz01P0OJOGhl/nM09oFU+f447+O7K1lFRlkhcv740
 ¡¯÷©ó¬Hub¸ò~à*:ž9z¦l…÷/€«^o#<23>Åˆ3¢Ô~§z(56¤µÃ+¯<þTxàM5`F`[-£¦3"×Ï¨-
 h? å@4gÞ³$€æsûè2„Ïbí[ÊY÷üã·)ã sÜƒ_ûœYI¯ñ†…í{4µ²ë¦ŸC<C5B8>RÝA°Ðô$‡kâŸQð,
 ž˜¦<CB9C>óoŠÂigÃr¹ë<'lžƒ‚$ôÊS2½s®<73>Á<EFBFBD>8ƒ…àž}EùÓ+é\.¶rèy"k¸Â}ŽÔ,Óæê<C3A6>ˆ0=t<yÎ|[ã+xœ{Ê³<C38A>ÔØ(‹S4uë¯
--- a/secrets.nix
+++ b/secrets.nix
@ -5,4 +5,6 @@ in {
  "hosts/marauder/secrets/restic-env.age".publicKeys = [ marauder.nettika ];
  "hosts/marauder/secrets/restic-password.age".publicKeys =
    [ marauder.nettika ];
  "hosts/quasar/secrets/matrix-synapse-secrets.age".publicKeys =
    [ marauder.nettika ];
 }