Setting up Kamal

system/kernighan/kernighan.nix

@@ -35,4 +35,20 @@
     gnupg
     vim
   ];
+
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "btrfs";
+    logDriver = "json-file";
+  };
+
+  users.users.kamal = {
+    isNormalUser = true;
+    extraGroups = [
+      "docker"
+    ];
+    openssh.authorizedKeys.keyFiles = [
+      ../../users/tsv/authorized_keys
+    ];
+  };
 }

system/shared/services/nginx.nix

@@ -19,6 +19,23 @@
       enableACME = true;
     };
 
+    virtualHosts."tsvallender.co.uk" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8000";
+        extraConfig =
+          "proxy_set_header X-Real-IP $remote_addr;" +
+          "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
+          "proxy_set_header X-Forwarded-Proto https;" +
+          "proxy_set_header X-Forwarded-Server $host;" +
+          "proxy_set_header X-Forwarded-Ssl on;" +
+          "proxy_set_header Host $host;" +
+          "proxy_redirect off;"
+        ;
+      };
+    };
+
     virtualHosts."syncthing.tsvallender.co.uk" = {
       forceSSL = true;
       enableACME = true;

system/shared/shared-configuration.nix

@@ -49,7 +49,7 @@
     package = pkgs.nixFlakes;
     settings = {
       auto-optimise-store = true;
-      trusted-users = [ "root" "tsv" "nixremote" ];
+      trusted-users = [ "root" "tsv" "kamal" ];
     };
     gc = {
       automatic = true;

users/tsv/ssh/config

@@ -18,6 +18,13 @@ Host git.tsvallender.co.uk
   User tsv
   IdentitiesOnly yes
 
+Host tsvallender.co.uk
+  HostName tsvallender.co.uk
+  IdentityFile /home/tsv/.ssh/personal
+  Port 2222
+  User kamal
+  IdentitiesOnly yes
+
 Host github.com
   HostName github.com
   IdentityFile /home/tsv/.ssh/foxsoft