From 884d02f00340015a1b891bed34b1d74977754a0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Thu, 26 Oct 2023 11:27:09 -0300
Subject: [PATCH] ghost: split config

---
 flake.nix                       |   2 +-
 hosts/ghost.nix                 | 154 --------------------------------
 hosts/ghost/default.nix         |  30 +++++++
 hosts/ghost/hardware-config.nix |  13 +++
 hosts/ghost/mastodon.nix        |  15 ++++
 hosts/ghost/nextcloud.nix       |  22 +++++
 hosts/ghost/nginx.nix           |  15 ++++
 hosts/ghost/syncthing.nix       |  24 +++++
 hosts/ghost/users.nix           |  38 ++++++++
 hosts/ghost/writefreely.nix     |  25 ++++++
 10 files changed, 183 insertions(+), 155 deletions(-)
 delete mode 100644 hosts/ghost.nix
 create mode 100644 hosts/ghost/default.nix
 create mode 100644 hosts/ghost/hardware-config.nix
 create mode 100644 hosts/ghost/mastodon.nix
 create mode 100644 hosts/ghost/nextcloud.nix
 create mode 100644 hosts/ghost/nginx.nix
 create mode 100644 hosts/ghost/syncthing.nix
 create mode 100644 hosts/ghost/users.nix
 create mode 100644 hosts/ghost/writefreely.nix

diff --git a/flake.nix b/flake.nix
index b3ccf03..cecca31 100644
--- a/flake.nix
+++ b/flake.nix
@@ -146,7 +146,7 @@
         };
         ghost = lib.nixosSystem {
           inherit system specialArgs;
-          modules = [ ./hosts/ghost.nix ];
+          modules = [ ./hosts/ghost ];
         };
       };
 
diff --git a/hosts/ghost.nix b/hosts/ghost.nix
deleted file mode 100644
index 74e7eb6..0000000
--- a/hosts/ghost.nix
+++ /dev/null
@@ -1,154 +0,0 @@
-{ config, pkgs, inputs, ... }: {
-  imports = [
-    "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
-    inputs.agenix.nixosModules.default
-    ../system/nix.nix
-  ];
-
-  # Use more aggressive compression then the default.
-  virtualisation.digitalOceanImage.compressionMethod = "bzip2";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "America/Sao_Paulo";
-  # Select internationalisation properties.
-  i18n.defaultLocale = "pt_BR.utf8";
-
-  security.rtkit.enable = true;
-  services.openssh = {
-    enable = true;
-    ports = [ 9022 ];
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-    };
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.mutableUsers = false;
-  users.users.lelgenio = {
-    isNormalUser = true;
-    description = "Leonardo Eugênio";
-    hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
-    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
-    shell = pkgs.fish;
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
-    ];
-  };
-  users.users.root = {
-    shell = pkgs.fish;
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
-    ];
-    initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
-  };
-  security.sudo.wheelNeedsPassword = false;
-
-  programs.fish.enable = true;
-
-  environment.systemPackages = with pkgs; [
-    git
-  ];
-
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud27;
-    hostName = "cloud.lelgenio.xyz";
-    https = true;
-    config = {
-      adminpassFile = config.age.secrets.ghost-nextcloud.path;
-    };
-  };
-
-  services.mastodon = {
-    enable = true;
-    localDomain = "social.lelgenio.xyz";
-    configureNginx = true;
-    smtp.fromAddress = "lelgenio@disroot.org";
-    extraConfig.SINGLE_USER_MODE = "true";
-  };
-
-  services.writefreely = {
-    enable = true;
-    acme.enable = true;
-    nginx.enable = true;
-    nginx.forceSSL = true;
-    host = "blog.lelgenio.xyz";
-    admin.name = "lelgenio";
-    admin.initialPasswordFile = config.age.secrets.ghost-writefreely.path;
-    settings.app = {
-      site_name = "Leo's blog";
-      single_user = true;
-    };
-  };
-
-  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
-    forceSSL = true;
-    enableACME = true;
-  };
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "lelgenio@disroot.org";
-  };
-
-  services.syncthing = {
-    enable = true;
-    dataDir = "/var/lib/syncthing-data";
-    guiAddress = "0.0.0.0:8384";
-    openDefaultPorts = true;
-  };
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-  };
-  services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8384";
-      extraConfig =
-        # required when the target is also TLS server with multiple hosts
-        "proxy_ssl_server_name on;" +
-        # required when the server wants to use HTTP Authentication
-        "proxy_pass_header Authorization;"
-      ;
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  swapDevices = [{
-    device = "/swap/swapfile";
-    size = (1024 * 2); # 2 GB
-  }];
-
-  age = {
-    identityPaths = [ "/root/.ssh/id_rsa" ];
-    secrets.ghost-nextcloud = {
-      file = ../secrets/ghost-nextcloud.age;
-      mode = "400";
-      owner = "nextcloud";
-      group = "nextcloud";
-    };
-    secrets.ghost-writefreely = {
-      file = ../secrets/ghost-writefreely.age;
-      mode = "400";
-      owner = "writefreely";
-      group = "writefreely";
-    };
-  };
-
-  fileSystems."/var" = {
-    device = "/dev/disk/by-uuid/b19e7272-8fd1-4999-93eb-abc6d5c0a1cc";
-    fsType = "btrfs";
-    options = [ "subvol=@var" ];
-  };
-
-  system.stateVersion = "23.05"; # Never change this
-}
-
diff --git a/hosts/ghost/default.nix b/hosts/ghost/default.nix
new file mode 100644
index 0000000..d333ff4
--- /dev/null
+++ b/hosts/ghost/default.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, inputs, ... }: {
+  imports = [
+    "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
+    inputs.agenix.nixosModules.default
+    ../../system/nix.nix
+    ./hardware-config.nix
+    ./mastodon.nix
+    ./nextcloud.nix
+    ./nginx.nix
+    ./syncthing.nix
+    ./users.nix
+    ./writefreely.nix
+  ];
+
+  # Use more aggressive compression then the default.
+  virtualisation.digitalOceanImage.compressionMethod = "bzip2";
+  # Enable networking
+  networking.networkmanager.enable = true;
+  # Set your time zone.
+  time.timeZone = "America/Sao_Paulo";
+  # Select internationalisation properties.
+  i18n.defaultLocale = "pt_BR.utf8";
+
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
+  };
+
+  system.stateVersion = "23.05"; # Never change this
+}
+
diff --git a/hosts/ghost/hardware-config.nix b/hosts/ghost/hardware-config.nix
new file mode 100644
index 0000000..62a744f
--- /dev/null
+++ b/hosts/ghost/hardware-config.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, inputs, ... }: {
+  swapDevices = [{
+    device = "/swap/swapfile";
+    size = (1024 * 2); # 2 GB
+  }];
+
+  fileSystems."/var" = {
+    device = "/dev/disk/by-uuid/b19e7272-8fd1-4999-93eb-abc6d5c0a1cc";
+    fsType = "btrfs";
+    options = [ "subvol=@var" ];
+  };
+}
+
diff --git a/hosts/ghost/mastodon.nix b/hosts/ghost/mastodon.nix
new file mode 100644
index 0000000..4786136
--- /dev/null
+++ b/hosts/ghost/mastodon.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, inputs, ... }: {
+  services.mastodon = {
+    enable = true;
+    localDomain = "social.lelgenio.xyz";
+    configureNginx = true;
+    smtp.fromAddress = "lelgenio@disroot.org";
+    extraConfig.SINGLE_USER_MODE = "true";
+  };
+
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+    forceSSL = true;
+    enableACME = true;
+  };
+}
+
diff --git a/hosts/ghost/nextcloud.nix b/hosts/ghost/nextcloud.nix
new file mode 100644
index 0000000..db6b04c
--- /dev/null
+++ b/hosts/ghost/nextcloud.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, inputs, ... }: {
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud27;
+    hostName = "cloud.lelgenio.xyz";
+    https = true;
+    config = {
+      adminpassFile = config.age.secrets.ghost-nextcloud.path;
+    };
+  };
+
+  age = {
+    secrets.ghost-nextcloud = {
+      file = ../../secrets/ghost-nextcloud.age;
+      mode = "400";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+  };
+
+}
+
diff --git a/hosts/ghost/nginx.nix b/hosts/ghost/nginx.nix
new file mode 100644
index 0000000..7a795d7
--- /dev/null
+++ b/hosts/ghost/nginx.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, inputs, ... }: {
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "lelgenio@disroot.org";
+  };
+  
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
+
diff --git a/hosts/ghost/syncthing.nix b/hosts/ghost/syncthing.nix
new file mode 100644
index 0000000..a971b86
--- /dev/null
+++ b/hosts/ghost/syncthing.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, inputs, ... }: {
+
+  services.syncthing = {
+    enable = true;
+    dataDir = "/var/lib/syncthing-data";
+    guiAddress = "0.0.0.0:8384";
+    openDefaultPorts = true;
+  };
+
+  services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8384";
+      extraConfig =
+        # required when the target is also TLS server with multiple hosts
+        "proxy_ssl_server_name on;" +
+        # required when the server wants to use HTTP Authentication
+        "proxy_pass_header Authorization;"
+      ;
+    };
+  };
+}
+
diff --git a/hosts/ghost/users.nix b/hosts/ghost/users.nix
new file mode 100644
index 0000000..5cc853a
--- /dev/null
+++ b/hosts/ghost/users.nix
@@ -0,0 +1,38 @@
+{ pkgs, ... }: {
+  security.rtkit.enable = true;
+  services.openssh = {
+    enable = true;
+    ports = [ 9022 ];
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.mutableUsers = false;
+  users.users.lelgenio = {
+    isNormalUser = true;
+    description = "Leonardo Eugênio";
+    hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
+    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
+    ];
+  };
+  users.users.root = {
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
+    ];
+    initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  programs.fish.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+}
diff --git a/hosts/ghost/writefreely.nix b/hosts/ghost/writefreely.nix
new file mode 100644
index 0000000..b5cee3b
--- /dev/null
+++ b/hosts/ghost/writefreely.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, inputs, ... }: {
+  services.writefreely = {
+    enable = true;
+    acme.enable = true;
+    nginx.enable = true;
+    nginx.forceSSL = true;
+    host = "blog.lelgenio.xyz";
+    admin.name = "lelgenio";
+    admin.initialPasswordFile = config.age.secrets.ghost-writefreely.path;
+    settings.app = {
+      site_name = "Leo's blog";
+      single_user = true;
+    };
+  };
+
+  age = {
+    secrets.ghost-writefreely = {
+      file = ../../secrets/ghost-writefreely.age;
+      mode = "400";
+      owner = "writefreely";
+      group = "writefreely";
+    };
+  };
+}
+