From ea8ff67b73819c04c58f16c7f77f944f680d8c8c Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Tue, 17 Jun 2025 15:58:25 +0200
Subject: [PATCH] chore: init garage config on tower

---
 machines/biblios/garage.nix | 59 +++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/machines/biblios/garage.nix b/machines/biblios/garage.nix
index 8fffad5..afe2feb 100644
--- a/machines/biblios/garage.nix
+++ b/machines/biblios/garage.nix
@@ -37,6 +37,18 @@ in
   };
 
   age.secrets."garage-env-file".file = ../../secrets/garage-env-file.age;
+  age.secrets."book-auth" = {
+    file = ../../secrets/book-auth.age;
+    owner = "nginx";
+  };
+  age.secrets."notes-phd-auth" = {
+    file = ../../secrets/notes-phd-auth.age;
+    owner = "nginx";
+  };
+  age.secrets."notes-perso-auth" = {
+    file = ../../secrets/notes-perso-auth.age;
+    owner = "nginx";
+  };
 
   services.nginx.virtualHosts."${api_domain}" = {
     enableACME = true;
@@ -61,6 +73,53 @@ in
     '';
   };
 
+  services.nginx.virtualHosts."hownix.works" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".extraConfig = ''
+      proxy_pass http://127.0.0.1:3902;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $host;
+    '';
+    locations."/book" = {
+      basicAuthFile = config.age.secrets.book-auth.path;
+      extraConfig = ''
+        proxy_pass http://127.0.0.1:3902;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+      '';
+
+    };
+  };
+
+  services.nginx.virtualHosts."notes.luj.fr" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      basicAuthFile = config.age.secrets.notes-perso-auth.path;
+      proxyPass = "http://127.0.0.1:3902";
+
+      extraConfig = ''
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+      '';
+    };
+  };
+
+  services.nginx.virtualHosts."phd.luj.fr" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      basicAuthFile = config.age.secrets.notes-phd-auth.path;
+      proxyPass = "http://127.0.0.1:3902";
+
+      extraConfig = ''
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+      '';
+    };
+  };
+
   machine.meta.zones."luj.fr".A = [
     config.machine.meta.ips.public.ipv4
   ];