Ingress quasar configurations

2025-10-08 17:47:10 -07:00 · 2025-10-08 17:47:10 -07:00 · ae246349e1
commit ae246349e1
parent 9eb0949e60
4 changed files with 106 additions and 0 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -14,4 +14,12 @@ in {
    modules = [ ./astral ];
    specialArgs = { inherit (self) nixosModules; };
  };
+  quasar = nixosSystem {
+    system = "x86_64-linux";
+    modules = [ ./quasar ];
+    specialArgs = {
+      inherit (self) nixosModules;
+      inherit agenix;
+    };
+  };
 }
--- a/hosts/quasar/default.nix
+++ b/hosts/quasar/default.nix
@ -0,0 +1,89 @@
+{ modulesPath, nixosModules, agenix, pkgs, config, ... }: {
+  imports = [
+    "${modulesPath}/virtualisation/amazon-image.nix"
+    nixosModules.nettika
+    nixosModules.promptmoji
+    agenix.nixosModules.default
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  nix.settings = {
+    experimental-features = [ "nix-command" "flakes" ];
+    trusted-users = [ "@wheel" ];
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  environment.variables.EDITOR = "nano";
+
+  networking = {
+    hostName = "quasar";
+    networkmanager.enable = true;
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
+
+  environment.systemPackages = [ pkgs.htop ];
+
+  age.secrets = {
+    matrix-synapse-secrets.file = ./secrets/matrix-synapse-secrets.age;
+  };
+
+  services.postgresql = { enable = true; };
+
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "consortium.chat".extraConfig = ''
+        reverse_proxy localhost:8008
+        header Strict-Transport-Security "max-age=63072000; includeSubDomains"
+      '';
+      "matrix.consortium.chat".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:8008
+        reverse_proxy /_synapse/client/* localhost:8008
+      '';
+      "admin.consortium.chat".extraConfig = ''
+        root * ${pkgs.synapse-admin}
+        file_server
+      '';
+    };
+  };
+
+  services.matrix-synapse = {
+    enable = true;
+    settings = {
+      server_name = "consortium.chat";
+      serve_server_wellknown = true;
+    };
+    extraConfigFiles = [ config.age.secrets.matrix-synapse-secrets.path ];
+  };
+
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+    config = {
+      init.defaultBranch = "master";
+      user = {
+        email = "git@nettika.cat";
+        name = "Nettika";
+      };
+      credential.helper = "store";
+    };
+  };
+
+  programs.nano = {
+    enable = true;
+    nanorc = ''
+      set autoindent
+      set linenumbers
+    '';
+  };
+
+  programs.fish.enable = true;
+
+  promptSymbol = "🌟";
+
+  time.timeZone = "America/Los_Angeles";
+
+  system.stateVersion = "24.05";
+}
--- a/hosts/quasar/secrets/matrix-synapse-secrets.age
+++ b/hosts/quasar/secrets/matrix-synapse-secrets.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 f+PJrQ Iv9sdO33a3P4MqwsqV9fG1pZo2qflmlKYr2oDI/guwQ
+oUUIBdg9Ey5RTBDFTKTvAdQGxKWtdlBluBE2Urosc7Y
+--- pAqz01P0OJOGhl/nM09oFU+f447+O7K1lFRlkhcv740
+¡¯÷©ó¬Hub¸ò~à*:ž9z¦l…÷/€«^o#<23>Åˆ3¢Ô~§z(56¤µÃ+¯<þTxàM5`F`[-£¦3"×Ï¨-
+h? å@4gÞ³$€æsûè2„Ïbí[ÊY÷üã·)ã sÜƒ_ûœYI¯ñ†…í{4µ²ë¦ŸC<C5B8>RÝA°Ðô$‡kâŸQð,
+ž˜¦<CB9C>óoŠÂigÃr¹ë<'lžƒ‚$ôÊS2½s®<73>Á<EFBFBD>8ƒ…àž}EùÓ+é\.¶rèy"k¸Â}ŽÔ,Óæê<C3A6>ˆ0=t<yÎ|[ã+xœ{Ê³<C38A>ÔØ(‹S4uë¯
--- a/secrets.nix
+++ b/secrets.nix
@ -5,4 +5,6 @@ in {
  "hosts/marauder/secrets/restic-env.age".publicKeys = [ marauder.nettika ];
  "hosts/marauder/secrets/restic-password.age".publicKeys =
    [ marauder.nettika ];
+  "hosts/quasar/secrets/matrix-synapse-secrets.age".publicKeys =
+    [ marauder.nettika ];
 }