nixos-config/sites/sunflower/configuration.nix

{ config, lib, pkgs, ... }:

{
  imports = [ ./hardware-configuration.nix ];

  boot.initrd.supportedFilesystems = [ "zfs" ];
  boot.initrd.systemd.enable = true;
  services.zfs.autoScrub.enable = true;
  services.zfs.trim.enable = true;

  networking.hostName = "sunflower";
  networking.hostId = "77d68c52";

  system.stateVersion = "24.11";

  security.sudo.wheelNeedsPassword = false;

  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 ];
  networking.firewall.allowedUDPPorts = [ 1337 1338 ];

  security.acme = {
    acceptTerms = true;
    defaults.email = "audrey@rhelmot.io";
  };

  services.bingosync = {
    enable = true;
    domain = "celestebingo.rhelmot.io";
    socketsDomain = "sockets-celestebingo.rhelmot.io";
    databaseUrl = "postgres://%2Frun%2Fpostgresql/bingosync";
    extraPythonPackages = p: [ p.psycopg2 ];
  };

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "bingosync" ];
    ensureUsers = [
      { name = "bingosync"; ensureDBOwnership = true; }
    ];
  };

  services.nginx = {
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {
      "rhelmot.io" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          root = "/var/www/rhelmot.io/";
        };
        locations."/secret/" = {
          basicAuthFile = "/var/lib/rhelmot.io/secret";
          root = "/var/www/rhelmot.io/";
        };
      };
      "www.rhelmot.io" = {
        globalRedirect = "rhelmot.io";
        enableACME = true;
      };
      "blog.rhelmot.io" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          root = "/nix/var/nix/profiles/blog-rhelmot-io";
        };
      };
      "www.blog.rhelmot.io" = {
        globalRedirect = "blog.rhelmot.io";
        enableACME = true;
      };

      "bingosync.rhelmot.io" = {
        locations."/" = {
          proxyPass = "https://bingosync.com/";
          proxyWebsockets = true;
        };
      };
      # proxy conf generated by services.bingosync
      "celestebingo.rhelmot.io" = {
        forceSSL = true;
        enableACME = true;
      };
      "sockets-celestebingo.rhelmot.io" = {
        forceSSL = true;
        enableACME = true;
      };
      "www.celestebingo.rhelmot.io" = {
        globalRedirect = "celestebingo.rhelmot.io";
        enableACME = true;
      };

      "minal.rhelmot.io" = {
        forceSSL = true;
        enableACME = true;
        locations."/".root = "/var/www/minal.rhelmot.io/";
      };
      "www.minal.rhelmot.io" = {
        globalRedirect = "minal.rhelmot.io";
        enableACME = true;
      };
      "mimispastrypost.com" = {
        forceSSL = true;
        enableACME = true;
        locations."/".root = "/var/www/mimispastrypost.com/";
      };
      "www.mimispastrypost.com" = {
        globalRedirect = "mimispastrypost.com";
        enableACME = true;
      };
    };
  };
}