Add host bekkalokk

`bekkalokk` is a new machine, meant to host web services and eventually
miscellaneous services.

hosts/bekkalokk/services/website/gitea.nix

@@ -0,0 +1,26 @@
+{ config, values, ... }:
+{
+  sops.secrets."postgres/gitea/password" = { };
+
+  services.gitea = {
+    enable = true;
+    rootUrl = "https://git2.pvv.ntnu.no/";
+    stateDir = "/data/gitea";
+    appName = "PVV Git";
+
+    enableUnixSocket = true;
+
+    database = {
+      type = "postgres";
+      host = values.bicep.ipv4;
+      port = config.services.postgresql.port;
+      passwordFile = config.sops.secrets."postgres/gitea/password".path;
+      createDatabase = false;
+    };
+
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+      session.COOKIE_SECURE = true;
+    };
+  };
+}

hosts/bekkalokk/services/website/mediawiki.nix

@@ -0,0 +1,23 @@
+{ values, config, ... }:
+{
+  sops.secrets = {
+    "mediawiki/password" = { };
+    "postgres/mediawiki/password" = { };
+  };
+
+  services.mediawiki = {
+    enable = true;
+    name = "PVV";
+    passwordFile = config.sops.secrets."mediawiki/password".path;
+
+    virtualHost = {
+    };
+
+    database = {
+      type = "postgres";
+      host = values.bicep.ipv4;
+      port = config.services.postgresql.port;
+      passwordFile = config.sops.secrets."postgres/mediawiki/password".path;
+    };
+  };
+}

hosts/bekkalokk/services/website/nginx.nix

@@ -0,0 +1,30 @@
+{ config, ... }:
+{
+  services.nginx = {
+    enable = true;
+
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+
+    virtualHosts = {
+      "www.pvv.ntnu.no" = {
+        forceSSL = true;
+
+        locations = {
+          "/pvv" = {
+            proxyPass = "http://localhost:${config.services.mediawiki.virtualHost.listen.pvv.port}";
+          };
+        };
+      };
+
+      "git.pvv.ntnu.no" = {
+        locations."/" = {
+          proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}

hosts/bekkalokk/services/website/website.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+
+}