From ed7df6b9c365821b0036b0af2228930163ba8afc Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Sat, 18 May 2024 22:04:14 +0200
Subject: [PATCH] feat: add photos to tower

---
 lib/luj.nix                |  1 -
 machines/tower/default.nix | 77 +++++++++++++++++++++++++-------------
 2 files changed, 51 insertions(+), 27 deletions(-)

diff --git a/lib/luj.nix b/lib/luj.nix
index b83b93c..8fe814c 100644
--- a/lib/luj.nix
+++ b/lib/luj.nix
@@ -94,7 +94,6 @@ let
           tower = {
             inherit tld;
             arch = "x86_64-linux";
-            subdomains = [ "photos.julienmalka.me" ];
             nixpkgs_version = inputs.nixpkgs;
             hm_version = inputs.home-manager;
             ipv4 = {
diff --git a/machines/tower/default.nix b/machines/tower/default.nix
index 7ea4b02..6772510 100644
--- a/machines/tower/default.nix
+++ b/machines/tower/default.nix
@@ -1,11 +1,10 @@
 { pkgs, lib, ... }:
 
 {
-  imports =
-    [
-      ./hardware.nix
-      ./home-julien.nix
-    ];
+  imports = [
+    ./hardware.nix
+    ./home-julien.nix
+  ];
 
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
@@ -20,7 +19,11 @@
   luj.buildbot.enable = true;
   luj.nginx.enable = true;
 
-  environment.systemPackages = with pkgs; [ tailscale colmena git ];
+  environment.systemPackages = with pkgs; [
+    tailscale
+    colmena
+    git
+  ];
 
   services.tailscale.enable = true;
 
@@ -40,9 +43,13 @@
 
   services.openssh.enable = true;
 
-  programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
+  programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
 
+  services.nginx.virtualHosts."photos.julienmalka.me" = {
+    enableACME = true;
+    forceSSL = true;
+    root = "/srv/photos";
+  };
 
   nix = {
     package = lib.mkForce pkgs.nix;
@@ -51,10 +58,18 @@
       {
         hostName = "epyc.infra.newtype.fr";
         maxJobs = 100;
-        systems = [ "x86_64-linux" "aarch64-linux" ];
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+        ];
         sshUser = "root";
         sshKey = "/home/julien/.ssh/id_ed25519";
-        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+        ];
         speedFactor = 2;
       }
       {
@@ -62,7 +77,10 @@
         maxJobs = 4;
         sshKey = "/home/julien/.ssh/id_ed25519";
         sshUser = "julienmalka";
-        systems = [ "aarch64-darwin" "x86_64-darwin" ];
+        systems = [
+          "aarch64-darwin"
+          "x86_64-darwin"
+        ];
       }
     ];
   };
@@ -75,15 +93,17 @@
       Port 45
   '';
 
-
   services.nix-gitlab-runner = {
     enable = true;
     registrationConfigFile = "/var/lib/gitlab-runner/gitlab_runner";
-    packages = with pkgs; [ coreutils su bash git ];
+    packages = with pkgs; [
+      coreutils
+      su
+      bash
+      git
+    ];
   };
 
-
-
   services.nginx.virtualHosts."phd.julienmalka.me" = {
     basicAuthFile = "/home/gitlab-runner/nginx_auth";
     enableACME = true;
@@ -98,7 +118,6 @@
   systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
   systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ];
 
-
   services.grafana.enable = true;
   services.grafana.settings.server.http_port = 3000;
   services.prometheus = {
@@ -107,9 +126,7 @@
     scrapeConfigs = [
       {
         job_name = "push";
-        static_configs = [{
-          targets = [ "127.0.0.1:9091" ];
-        }];
+        static_configs = [ { targets = [ "127.0.0.1:9091" ]; } ];
       }
     ];
   };
@@ -123,7 +140,6 @@
     };
   };
 
-
   services.nginx.virtualHosts."prometheus.julienmalka.me" = {
     forceSSL = true;
     enableACME = true;
@@ -140,7 +156,6 @@
     };
   };
 
-
   services.syncthing = {
     enable = true;
     user = "julien";
@@ -149,7 +164,9 @@
     overrideFolders = true;
     settings = {
       devices = {
-        "fischer" = { id = "MHV2PGN-GAHQMV5-ITXGNQS-IRJC3XL-OQIHVUX-JVKBZ6Z-33XHE7H-NC6H5AE"; };
+        "fischer" = {
+          id = "MHV2PGN-GAHQMV5-ITXGNQS-IRJC3XL-OQIHVUX-JVKBZ6Z-33XHE7H-NC6H5AE";
+        };
       };
       folders = {
         "dev" = {
@@ -163,10 +180,18 @@
 
   systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing";
 
-
-  networking.firewall.allowedTCPPorts = [ 80 443 1810 9989 ];
-  networking.firewall.allowedUDPPorts = [ 80 443 1810 9989 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    1810
+    9989
+  ];
+  networking.firewall.allowedUDPPorts = [
+    80
+    443
+    1810
+    9989
+  ];
 
   system.stateVersion = "22.11"; # Did you read the comment?
-
 }