From f62c36805df62b9d431f462c709ca1a5c6f717ab Mon Sep 17 00:00:00 2001
From: Sokhibjon Orzikulov <sakhib@orzklv.uz>
Date: Sat, 26 Oct 2024 21:47:01 +0500
Subject: [PATCH] build: trying out nginx configurations

---
 modules/nixos/caddy.nix                       |  2 +-
 modules/nixos/default.nix                     |  1 +
 modules/nixos/nginx.nix                       | 90 +++++++++++++++++++
 nixos/kolyma-2/services/default.nix           |  3 +
 nixos/kolyma-2/services/gitlab.nix            | 26 ++++++
 nixos/kolyma-4/services/default.nix           |  2 +-
 .../kolyma-4/services/{caddy.nix => www.nix}  |  2 +-
 7 files changed, 123 insertions(+), 3 deletions(-)
 create mode 100644 modules/nixos/nginx.nix
 create mode 100644 nixos/kolyma-2/services/gitlab.nix
 rename nixos/kolyma-4/services/{caddy.nix => www.nix} (84%)

diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix
index 1066eb5..9d39e16 100644
--- a/modules/nixos/caddy.nix
+++ b/modules/nixos/caddy.nix
@@ -44,7 +44,7 @@ let
   };
 
   extra = {
-    # Configure Caddy
+    # Extra configurations for Caddy
     services.caddy = {
       # User provided hosts
       virtualHosts = config.services.www.hosts;
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index de8ee31..ed8804c 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -12,6 +12,7 @@
   motd = import ./motd.nix;
   data = import ./data.nix;
   caddy = import ./caddy.nix;
+  nginx = import ./nginx.nix;
   network = import ./network.nix;
   nixpkgs = import ./nixpkgs.nix;
   container = import ./container.nix;
diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix
new file mode 100644
index 0000000..2ed9a4b
--- /dev/null
+++ b/modules/nixos/nginx.nix
@@ -0,0 +1,90 @@
+{ config
+, lib
+, pkgs
+, inputs
+, ...
+}:
+let
+  fallbacks = config:
+    let
+      ipv4 = if config.network.ipv4.address != null then [ "http://${config.network.ipv4.address}" ] else [ ];
+      ipv6 = if config.network.ipv6.address != null then [ "http://${config.network.ipv6.address}" ] else [ ];
+    in
+    [
+      "kolyma.uz"
+      "www.kolyma.uz"
+      "niggerlicious.uz"
+      "www.niggerlicious.uz"
+    ]
+    ++ ipv4
+    ++ ipv6
+    ++ config.services.www.alias;
+
+  default = {
+    # Configure Nginx
+    services.nginx = {
+      # Enable the Nginx web server
+      enable = true;
+
+      # Default virtual host
+      virtualHosts = {
+        "kolyma.uz" = {
+          forceSSL = true;
+          enableACME = true;
+          serverAliases = fallbacks config;
+          root = "${pkgs.personal.gate}/www";
+        };
+      };
+    };
+
+    # Accepting ACME Terms
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "admin@kolyma.uz";
+      };
+    };
+
+    # Ensure the firewall allows HTTP and HTTPS traffic
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedUDPPorts = [ 80 443 ];
+  };
+
+  extra = {
+    # Extra configurations for Nginx
+    services.nginx = {
+      # User provided hosts
+      virtualHosts = config.services.www.hosts;
+    };
+  };
+
+  cfg = lib.mkMerge [
+    default
+    extra
+  ];
+in
+{
+  options = {
+    services.www = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Enable the web server/proxy";
+      };
+
+      alias = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        description = "List of extra aliases to host.";
+      };
+
+      hosts = lib.mkOption {
+        type = lib.types.attrsOf lib.types.anything;
+        default = { };
+        description = "List of hosted container instances.";
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.www.enable cfg;
+}
diff --git a/nixos/kolyma-2/services/default.nix b/nixos/kolyma-2/services/default.nix
index bddc1a4..ae69ce7 100644
--- a/nixos/kolyma-2/services/default.nix
+++ b/nixos/kolyma-2/services/default.nix
@@ -10,5 +10,8 @@
 
     # Web server & proxy virtual hosts via caddy
     ./caddy.nix
+
+    # GitLab server
+    ./gitlab.nix
   ];
 }
diff --git a/nixos/kolyma-2/services/gitlab.nix b/nixos/kolyma-2/services/gitlab.nix
new file mode 100644
index 0000000..cc59c32
--- /dev/null
+++ b/nixos/kolyma-2/services/gitlab.nix
@@ -0,0 +1,26 @@
+{ outputs, pkgs, ... }: {
+  services.gitlab = {
+    enable = true;
+    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
+    initialRootPasswordFile = pkgs.writeText "rootPassword" "dakqdvp4ovhksxer";
+    secrets = {
+      secretFile = pkgs.writeText "secret" "xlHvN7tfexeTbFVHbkVKESQbyTZXG9v1TZ1me9Txa4GtxUMeKI";
+      otpFile = pkgs.writeText "otpsecret" "ME5h5Wh4NUjlvSqIM2tbBs9v44BVJb0BMrpGjOInGGJeJ6U7rE";
+      dbFile = pkgs.writeText "dbsecret" "HNWvNMIv9APPn9jl7K02Jh7EEpqtmPPrfgF7o0wUx4IrbmOFww";
+      jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      localhost = {
+        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+      };
+    };
+  };
+
+  systemd.services.gitlab-backup.environment.BACKUP = "dump";
+
+}
diff --git a/nixos/kolyma-4/services/default.nix b/nixos/kolyma-4/services/default.nix
index d2794d2..ee3252b 100644
--- a/nixos/kolyma-4/services/default.nix
+++ b/nixos/kolyma-4/services/default.nix
@@ -6,6 +6,6 @@
     ./container.nix
 
     # Web server & proxy virtual hosts via caddy
-    ./caddy.nix
+    ./www.nix
   ];
 }
diff --git a/nixos/kolyma-4/services/caddy.nix b/nixos/kolyma-4/services/www.nix
similarity index 84%
rename from nixos/kolyma-4/services/caddy.nix
rename to nixos/kolyma-4/services/www.nix
index 2e0c935..fadea27 100644
--- a/nixos/kolyma-4/services/caddy.nix
+++ b/nixos/kolyma-4/services/www.nix
@@ -1,6 +1,6 @@
 { outputs, ... }: {
   imports = [
-    outputs.nixosModules.caddy
+    outputs.nixosModules.nginx
   ];
 
   # Enable web server & proxy