From 39c1bc664c369c8c6ce0f31d4be56d3ade785eb0 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Tue, 9 Jul 2024 18:14:33 +0100
Subject: [PATCH 1/3] rearrange files

---
 {users => common/users}/qenya.nix |  6 +++---
 hive.nix                          |  2 +-
 keys.nix                          | 13 +++++++++++++
 secrets/secrets.nix               |  4 +---
 4 files changed, 18 insertions(+), 7 deletions(-)
 rename {users => common/users}/qenya.nix (79%)
 create mode 100644 keys.nix

diff --git a/users/qenya.nix b/common/users/qenya.nix
similarity index 79%
rename from users/qenya.nix
rename to common/users/qenya.nix
index 0dadb30..74062f7 100644
--- a/users/qenya.nix
+++ b/common/users/qenya.nix
@@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }:
 
+let keys = import ../../keys.nix;
+in
 {
   users.users.qenya = {
     isNormalUser = true;
@@ -9,9 +11,7 @@
       "networkmanager" # UI wifi configuration
       "dialout" # access to serial ports
     ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
-    ];
+    openssh.authorizedKeys.keys = keys.users.qenya;
     uid = 1001;
   };
 
diff --git a/hive.nix b/hive.nix
index 5fa0e76..685237e 100644
--- a/hive.nix
+++ b/hive.nix
@@ -27,7 +27,7 @@ in {
       ./common/ssh.nix
       ./common/sudo.nix
       ./common/utilities.nix
-      ./users/qenya.nix
+      ./common/users/qenya.nix
     ];
   };
 
diff --git a/keys.nix b/keys.nix
new file mode 100644
index 0000000..57138d7
--- /dev/null
+++ b/keys.nix
@@ -0,0 +1,13 @@
+{
+  machines = {
+    tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
+    yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
+    orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm";
+  };
+
+  users = {
+    qenya = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
+    ];
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a4a270a..c41523b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,6 +1,4 @@
 let
-  tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
-  yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
-  systems = [ tohru yevaud ];
+  keys = ../ssh-keys.nix;
 in
 { }

From 0d0b3e2d2d83353906c52fad64221f18cda249a4 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Tue, 9 Jul 2024 22:00:09 +0100
Subject: [PATCH 2/3] nginx: refactor to apply settings across all nodes

---
 common/nginx.nix         |  4 ---
 hive.nix                 |  1 +
 hosts/yevaud/forgejo.nix | 73 +++++++++++++++++++++-------------------
 3 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/common/nginx.nix b/common/nginx.nix
index a5a91c6..10e498d 100644
--- a/common/nginx.nix
+++ b/common/nginx.nix
@@ -2,8 +2,6 @@
 
 {
   services.nginx = {
-    enable = true;
-
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
@@ -28,6 +26,4 @@
     acceptTerms = true;
     defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
   };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
\ No newline at end of file
diff --git a/hive.nix b/hive.nix
index 685237e..99e29cd 100644
--- a/hive.nix
+++ b/hive.nix
@@ -24,6 +24,7 @@ in {
       (import "${sources.home-manager}/nixos")
       (import "${sources.agenix}/modules/age.nix")
       ./pinning.nix
+      ./common/nginx.nix
       ./common/ssh.nix
       ./common/sudo.nix
       ./common/utilities.nix
diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix
index 410c1d2..7c8f1ba 100644
--- a/hosts/yevaud/forgejo.nix
+++ b/hosts/yevaud/forgejo.nix
@@ -1,46 +1,49 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [
-    ../../common/nginx.nix
-  ];
-
   # TODO: email out
   # TODO: interface customisation
 
-  services.nginx.virtualHosts = {
-    "git.qenya.tel" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".proxyPass = "http://[::1]:3000/";
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        "git.qenya.tel" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".proxyPass = "http://[::1]:3000/";
+        };
+        "git.katherina.rocks" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".return = "301 https://git.qenya.tel$request_uri";
+        };
+      };
     };
-    "git.katherina.rocks" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 https://git.qenya.tel$request_uri";
+
+    forgejo = {
+      enable = true;
+      stateDir = "/data/forgejo";
+      settings = {
+        DEFAULT.APP_NAME = "git.qenya.tel";
+        cache = {
+          ADAPTER = "twoqueue";
+          HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
+        };
+        database = {
+          DB_TYPE = "sqlite3";
+          SQLITE_JOURNAL_MODE = "WAL";
+        };
+        security.LOGIN_REMEMBER_DAYS = 365;
+        server = {
+          DOMAIN = "git.qenya.tel";
+          HTTP_PORT = 3000;
+          ROOT_URL = "https://git.qenya.tel/";
+        };
+        service.DISABLE_REGISTRATION = true;
+      };
     };
   };
 
-  services.forgejo = {
-    enable = true;
-    stateDir = "/data/forgejo";
-    settings = {
-      DEFAULT.APP_NAME = "git.qenya.tel";
-      cache = {
-        ADAPTER = "twoqueue";
-        HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
-      };
-      database = {
-        DB_TYPE = "sqlite3";
-        SQLITE_JOURNAL_MODE = "WAL";
-      };
-      security.LOGIN_REMEMBER_DAYS = 365;
-      server = {
-        DOMAIN = "git.qenya.tel";
-        HTTP_PORT = 3000;
-        ROOT_URL = "https://git.qenya.tel/";
-      };
-      service.DISABLE_REGISTRATION = true;
-    };
-  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }

From bae6a97842883a01f99b69bf1bd707f488b43121 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Tue, 9 Jul 2024 22:04:00 +0100
Subject: [PATCH 3/3] users: add richard

---
 common/users/default.nix |  6 ++++++
 common/users/richard.nix | 12 ++++++++++++
 hive.nix                 |  2 +-
 keys.nix                 |  3 +++
 4 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 common/users/default.nix
 create mode 100644 common/users/richard.nix

diff --git a/common/users/default.nix b/common/users/default.nix
new file mode 100644
index 0000000..9602472
--- /dev/null
+++ b/common/users/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./qenya.nix
+    ./richard.nix
+  ];
+}
\ No newline at end of file
diff --git a/common/users/richard.nix b/common/users/richard.nix
new file mode 100644
index 0000000..f910d93
--- /dev/null
+++ b/common/users/richard.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+let keys = import ../../keys.nix;
+in
+{
+  users.users.richard = {
+    isNormalUser = true;
+    home = "/home/richard";
+    openssh.authorizedKeys.keys = keys.users.richard;
+    uid = 1002;
+  };
+}
diff --git a/hive.nix b/hive.nix
index 99e29cd..e930b29 100644
--- a/hive.nix
+++ b/hive.nix
@@ -28,7 +28,7 @@ in {
       ./common/ssh.nix
       ./common/sudo.nix
       ./common/utilities.nix
-      ./common/users/qenya.nix
+      ./common/users
     ];
   };
 
diff --git a/keys.nix b/keys.nix
index 57138d7..7573baf 100644
--- a/keys.nix
+++ b/keys.nix
@@ -9,5 +9,8 @@
     qenya = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
     ];
+    richard = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress"
+    ];
   };
 }