From 174e7c7d5904388bce82d70f9144314d5fd39230 Mon Sep 17 00:00:00 2001
From: Daniel Olsen <daniel.olsen99@gmail.com>
Date: Sun, 3 Sep 2023 01:06:48 +0200
Subject: [PATCH] init grzegorzes

---
 flake.nix                                   |  2 +
 hosts/brzeczyszczykiewicz/configuration.nix | 36 ++++++++++++
 modules/grzegorz.nix                        | 62 +++++++++++++++++++++
 values.nix                                  |  4 ++
 4 files changed, 104 insertions(+)
 create mode 100644 hosts/brzeczyszczykiewicz/configuration.nix
 create mode 100644 modules/grzegorz.nix

diff --git a/flake.nix b/flake.nix
index 775ad5b..aad4922 100644
--- a/flake.nix
+++ b/flake.nix
@@ -66,6 +66,8 @@
       ildkule = stableNixosConfig "ildkule" { };
       #ildkule-unstable = unstableNixosConfig "ildkule" { };
       shark = stableNixosConfig "shark" { };
+
+      brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { };
     };
 
     devShells = forAllSystems (system: {
diff --git a/hosts/brzeczyszczykiewicz/configuration.nix b/hosts/brzeczyszczykiewicz/configuration.nix
new file mode 100644
index 0000000..80ad098
--- /dev/null
+++ b/hosts/brzeczyszczykiewicz/configuration.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, values, ... }:
+{
+  imports = [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../base.nix
+      ../../misc/metrics-exporters.nix
+
+      ../../modules/grzegorz.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "brzeczyszczykiewicz";
+
+  systemd.network.networks."30-eno1" = values.defaultNetworkConfig // {
+    matchConfig.Name = "eno1";
+    address = with values.hosts.brzeczyszczykiewicz; [ (ipv4 + "/25") (ipv6 + "/64") ];
+  };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # List services that you want to enable:
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}
diff --git a/modules/grzegorz.nix b/modules/grzegorz.nix
new file mode 100644
index 0000000..26223c4
--- /dev/null
+++ b/modules/grzegorz.nix
@@ -0,0 +1,62 @@
+{config, lib, pkgs, ...}:
+let
+  grg = config.services.grzegorz = true;
+  grgw = config.services.grzegorz-webui;
+in {
+  services.pipewire.enable = true;
+  services.pipewire.alsa.enable = true;
+  services.pipewire.alsa.support32Bit = true;
+  services.pipewire.pulse.enable = true;
+
+  users.users.pvv = {
+    isNormalUser = true;
+    description = "pvv";
+  };
+
+  services.grzegorz.enable = true;
+  services.grzegorz.listenAddr = "localhost";
+  services.grzegorz.listenPort = 31337;
+
+  services.grzegorz-webui.enable = true;
+  services.grzegorz-webui.listenAddr = "localhost";
+  services.grzegorz-webui.listenPort = 42069;
+  services.grzegorz-webui.listenWebsocketPort = 42042;
+  services.grzegorz-webui.hostName = "${config.networking.fqdn}";
+  services.grzegorz-webui.apiBase = "http://${toString grg.listenAddr}:${toString grg.listenPort}/api";
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "pederbs@pvv.ntnu.no";
+
+  services.nginx.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx.virtualHosts."${config.networking.fqdn}" = {
+    forceSSL = true;
+    enableACME = true;
+    serverAliases = [
+      "${config.networking.hostName}.pvv.org"
+    ];
+    extraConfig = ''
+      allow 129.241.210.128/25;
+      allow 2001:700:300:1900::/64;
+      deny all;
+    '';
+
+    locations."/" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}";
+    };
+    # https://github.com/rawpython/remi/issues/216
+    locations."/websocket" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenWebsocketPort}";
+      proxyWebsockets = true;
+    };
+    locations."/api" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
+    };
+    locations."/docs" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
+    };
+  };
+
+}
+
diff --git a/values.nix b/values.nix
index c3a1fb7..3d8dcc6 100644
--- a/values.nix
+++ b/values.nix
@@ -41,6 +41,10 @@ in rec {
       ipv4 = pvv-ipv4 196;
       ipv6 = pvv-ipv6 196;
     };
+    brzeczyszczykiewicz = {
+      ipv4 = pvv-ipv4 205;
+      ipv6 = pvv-ipv6 "1:50"; # Wtf peder why
+    };
   };
 
   defaultNetworkConfig = {