From d8a6cb79cd9cd7b2d3a4685d2a88437548ee8ca1 Mon Sep 17 00:00:00 2001
From: Audrey Dutcher <audrey@rhelmot.io>
Date: Mon, 14 Apr 2025 17:21:06 -0700
Subject: [PATCH] sunflower real?

---
 sites/sunflower/configuration.nix | 87 +++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)

diff --git a/sites/sunflower/configuration.nix b/sites/sunflower/configuration.nix
index 6bd0f5b..6ee25cf 100644
--- a/sites/sunflower/configuration.nix
+++ b/sites/sunflower/configuration.nix
@@ -14,4 +14,91 @@
   system.stateVersion = "24.11";
 
   security.sudo.wheelNeedsPassword = false;
+
+  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 ];
+  networking.firewall.allowedUDPPorts = [ 1337 1338 ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "audrey@rhelmot.io";
+  };
+
+  services.bingosync = {
+    enable = true;
+    domain = "celestebingo.rhelmot.io";
+    socketsDomain = "sockets-celestebingo.rhelmot.io";
+    databaseUrl = "postgres://%2Frun%2Fpostgresql/bingosync";
+    extraPythonPackages = p: [ p.psycopg2 ];
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "bingosync" ];
+    ensureUsers = [
+      { name = "bingosync"; ensureDBOwnership = true; }
+    ];
+  };
+
+  services.nginx = {
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."rhelmot.io" = {
+      default = true;
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        root = "/var/www/rhelmot.io/";
+      };
+      locations."/secret/" = {
+        basicAuthFile = "/var/lib/rhelmot.io/secret";
+        root = "/var/www/rhelmot.io/";
+      };
+    };
+    virtualHosts."www.rhelmot.io" = {
+      globalRedirect = "rhelmot.io";
+      enableACME = true;
+    };
+
+    virtualHosts."bingosync.rhelmot.io" = {
+      locations."/" = {
+        proxyPass = "https://bingosync.com/";
+        proxyWebsockets = true;
+      };
+    };
+    # proxy conf generated by services.bingosync
+    virtualHosts."celestebingo.rhelmot.io" = {
+      forceSSL = true;
+      enableACME = true;
+    };
+    virtualHosts."sockets-celestebingo.rhelmot.io" = {
+      forceSSL = true;
+      enableACME = true;
+    };
+    virtualHosts."www.celestebingo.rhelmot.io" = {
+      globalRedirect = "celestebingo.rhelmot.io";
+      enableACME = true;
+    };
+
+    virtualHosts."minal.rhelmot.io" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".root = "/var/www/minal.rhelmot.io/";
+    };
+    virtualHosts."www.minal.rhelmot.io" = {
+      globalRedirect = "minal.rhelmot.io";
+      enableACME = true;
+    };
+    virtualHosts."mimispastrypost.com" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".root = "/var/www/mimispastrypost.com/";
+    };
+    virtualHosts."www.mimispastrypost.com" = {
+      globalRedirect = "mimispastrypost.com";
+      enableACME = true;
+    };
+  };
 }