From 0e81fa14d0e5b7bdccad289cb5f1a92fcf627666 Mon Sep 17 00:00:00 2001
From: Trevor Vallender <trevor@tsvallender.co.uk>
Date: Fri, 29 Sep 2023 10:38:28 +0100
Subject: [PATCH] Setting up Kamal

---
 system/kernighan/kernighan.nix         | 16 ++++++++++++++++
 system/shared/services/nginx.nix       | 17 +++++++++++++++++
 system/shared/shared-configuration.nix |  2 +-
 users/tsv/ssh/config                   |  7 +++++++
 4 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/system/kernighan/kernighan.nix b/system/kernighan/kernighan.nix
index eee2fc5..fc9615a 100644
--- a/system/kernighan/kernighan.nix
+++ b/system/kernighan/kernighan.nix
@@ -35,4 +35,20 @@
     gnupg
     vim
   ];
+
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "btrfs";
+    logDriver = "json-file";
+  };
+
+  users.users.kamal = {
+    isNormalUser = true;
+    extraGroups = [
+      "docker"
+    ];
+    openssh.authorizedKeys.keyFiles = [
+      ../../users/tsv/authorized_keys
+    ];
+  };
 }
diff --git a/system/shared/services/nginx.nix b/system/shared/services/nginx.nix
index de94187..57ad818 100644
--- a/system/shared/services/nginx.nix
+++ b/system/shared/services/nginx.nix
@@ -19,6 +19,23 @@
       enableACME = true;
     };
 
+    virtualHosts."tsvallender.co.uk" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8000";
+        extraConfig =
+          "proxy_set_header X-Real-IP $remote_addr;" +
+          "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
+          "proxy_set_header X-Forwarded-Proto https;" +
+          "proxy_set_header X-Forwarded-Server $host;" +
+          "proxy_set_header X-Forwarded-Ssl on;" +
+          "proxy_set_header Host $host;" +
+          "proxy_redirect off;"
+        ;
+      };
+    };
+
     virtualHosts."syncthing.tsvallender.co.uk" = {
       forceSSL = true;
       enableACME = true;
diff --git a/system/shared/shared-configuration.nix b/system/shared/shared-configuration.nix
index 568ee38..d9ca045 100644
--- a/system/shared/shared-configuration.nix
+++ b/system/shared/shared-configuration.nix
@@ -49,7 +49,7 @@
     package = pkgs.nixFlakes;
     settings = {
       auto-optimise-store = true;
-      trusted-users = [ "root" "tsv" "nixremote" ];
+      trusted-users = [ "root" "tsv" "kamal" ];
     };
     gc = {
       automatic = true;
diff --git a/users/tsv/ssh/config b/users/tsv/ssh/config
index 8fff986..5c29f69 100644
--- a/users/tsv/ssh/config
+++ b/users/tsv/ssh/config
@@ -18,6 +18,13 @@ Host git.tsvallender.co.uk
   User tsv
   IdentitiesOnly yes
 
+Host tsvallender.co.uk
+  HostName tsvallender.co.uk
+  IdentityFile /home/tsv/.ssh/personal
+  Port 2222
+  User kamal
+  IdentitiesOnly yes
+
 Host github.com
   HostName github.com
   IdentityFile /home/tsv/.ssh/foxsoft