system-manager-wakasu
 1{
 2  libx,
 3  lib,
 4  globals,
 5  ...
 6}:
 7{
 8  imports = [
 9    ../common/services/bind.nix
10    ../common/services/prometheus-exporters-node.nix
11    ../common/services/prometheus-exporters-bind.nix
12  ];
13
14  networking.firewall.enable = false;
15
16  # TODO make it an option ? (otherwise I'll add it for all)
17  users.users.vincent.linger = true;
18  services = {
19    wireguard = {
20      enable = true;
21      ips = libx.wg-ips globals.machines.demeter.net.vpn.ips;
22      endpoint = "${globals.net.vpn.endpoint}";
23      endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
24    };
25    nginx = {
26      enable = true;
27      recommendedGzipSettings = true;
28      recommendedTlsSettings = true;
29      recommendedOptimisation = true;
30      # TODO: should probably switch to sync.sbr.pm or something maybe ?
31      virtualHosts."demeter.sbr.pm" = {
32        locations = lib.attrsets.mapAttrs' (
33          name: value:
34          lib.attrsets.nameValuePair "/syncthing/${name}/" {
35            proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
36            recommendedProxySettings = true;
37          }
38        ) (lib.attrsets.filterAttrs (_name: value: (libx.hasVPNips value)) globals.machines);
39        # // {
40        #   "/n8n/" = {
41        #     proxyPass = "http://127.0.0.1:5678/";
42        #     recommendedProxySettings = true;
43        #   };
44        # };
45      };
46      virtualHosts."demeter.vpn" = {
47        locations = lib.attrsets.mapAttrs' (
48          name: value:
49          lib.attrsets.nameValuePair "/syncthing/${name}/" {
50            proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
51            recommendedProxySettings = true;
52          }
53        ) (lib.attrsets.filterAttrs (_name: value: (libx.hasVPNips value)) globals.machines);
54      };
55      virtualHosts."demeter.home" = {
56        locations = lib.attrsets.mapAttrs' (
57          name: value:
58          lib.attrsets.nameValuePair "/syncthing/${name}/" {
59            proxyPass = "http://${builtins.head value.net.ips}:8384/";
60            recommendedProxySettings = true;
61          }
62        ) (lib.attrsets.filterAttrs (_name: value: (libx.hasIps value)) globals.machines);
63      };
64    };
65  };
66
67  # TODO: could be enable by default for all ?
68  security.pam.enableSSHAgentAuth = true;
69}