LucianU/configuration.nix

## configuration.nix
{ config, pkgs, lib, ... }:
  let
    knowledgeStorePort = 8080;
    publicWikiPort = 9000;
  in
    {
      imports = [
        ./hardware-configuration.nix
        ./networking.nix # generated at runtime by nixos-infect
        ./service.nix
      ];

      boot.cleanTmpDir = true;
      networking.hostName = "knowledge-store";
      networking.firewall.allowPing = true;
      networking.firewall.allowedTCPPorts = [ 80 443 ];
      services.openssh.enable = true;
      users.users.root.openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1tiiUHIsJo2jlbpIz9pIubI9EPgyvdwiNmiZ6uDk9p3ut/OHWJYNGOqCMQkkohZPEdIXqipbWj8u3BAGr1quHKlPj+dJ+cB6OOqQdra9lpE6ZW1c7ezAqE7e1JPo5ad1VBEy7LNrCNNPMpT1W31TIuy5f+iHerSReCfI0SMOXFQm2UNnO0uN6YYShCezF5M+4QceEqBZdtzp0tnC24e4gnhe9iwulJQVIU/MzXIYWwUoEhdFuF8X8fkyHiJ2N+h85bj8fH7L1Iq+ocDrh4JeNqcq3gOsDOE8YjA+SL840x2ktFSkh1YLefyLbTOmqi2tJ8N5vbHm0idrgX1Y8KmJx lucian.ursu@gmail.com"
      ];

      boot.loader.systemd-boot.enable = true;
      boot.loader.efi.canTouchEfiVariables = true;
      documentation.nixos.enable = false;

      services.knowledge-store = {
        enable = true;
      };

      services.nginx = {
        enable = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedTlsSettings = true;
        logError = "syslog";
        appendHttpConfig = "access_log syslog;";

        virtualHosts = let
          common = locations: {
            # TODO: Set these to true when deploying the actual sites
            enableACME = false;
            forceSSL = false;

            inherit locations;
          };

          proxy = port:
            common {
              "/" = {
                proxyPass = "http://127.0.0.1:" + toString(port) + "/";
                extraConfig = ''
                  proxy_set_header        Host             $host;
                  proxy_set_header        X-Real-IP        $remote_addr;
                  proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
                '';
              };
            };
          in
            {
              "161.35.218.192" = proxy knowledgeStorePort;
              #"public.elbear.com" = proxy publicWikiPort;
            };
      };
    }
	{ config, pkgs, lib, ... }:
	let
	knowledgeStorePort = 8080;
	publicWikiPort = 9000;
	in
	{
	imports = [
	./hardware-configuration.nix
	./networking.nix # generated at runtime by nixos-infect
	./service.nix
	];

	boot.cleanTmpDir = true;
	networking.hostName = "knowledge-store";
	networking.firewall.allowPing = true;
	networking.firewall.allowedTCPPorts = [ 80 443 ];
	services.openssh.enable = true;
	users.users.root.openssh.authorizedKeys.keys = [
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1tiiUHIsJo2jlbpIz9pIubI9EPgyvdwiNmiZ6uDk9p3ut/OHWJYNGOqCMQkkohZPEdIXqipbWj8u3BAGr1quHKlPj+dJ+cB6OOqQdra9lpE6ZW1c7ezAqE7e1JPo5ad1VBEy7LNrCNNPMpT1W31TIuy5f+iHerSReCfI0SMOXFQm2UNnO0uN6YYShCezF5M+4QceEqBZdtzp0tnC24e4gnhe9iwulJQVIU/MzXIYWwUoEhdFuF8X8fkyHiJ2N+h85bj8fH7L1Iq+ocDrh4JeNqcq3gOsDOE8YjA+SL840x2ktFSkh1YLefyLbTOmqi2tJ8N5vbHm0idrgX1Y8KmJx lucian.ursu@gmail.com"
	];

	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;
	documentation.nixos.enable = false;

	services.knowledge-store = {
	enable = true;
	};

	services.nginx = {
	enable = true;
	recommendedGzipSettings = true;
	recommendedOptimisation = true;
	recommendedTlsSettings = true;
	logError = "syslog";
	appendHttpConfig = "access_log syslog;";

	virtualHosts = let
	common = locations: {
	# TODO: Set these to true when deploying the actual sites
	enableACME = false;
	forceSSL = false;

	inherit locations;
	};

	proxy = port:
	common {
	"/" = {
	proxyPass = "http://127.0.0.1:" + toString(port) + "/";
	extraConfig = ''
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	'';
	};
	};
	in
	{
	"161.35.218.192" = proxy knowledgeStorePort;
	#"public.elbear.com" = proxy publicWikiPort;
	};
	};
	}