From af53784181f764458f3ad0aaf13b6d878d4b44c7 Mon Sep 17 00:00:00 2001
From: Matei Adriel <rafaeladriel11@gmail.com>
Date: Mon, 12 Feb 2024 17:39:27 +0100
Subject: [PATCH] Set up smos server

---
 flake.nix                               |  2 +-
 hosts/nixos/lapetus/default.nix         |  1 +
 hosts/nixos/lapetus/secrets.yaml        |  5 +-
 hosts/nixos/lapetus/services/intray.nix |  2 -
 hosts/nixos/lapetus/services/smos.nix   | 62 +++++++++++++++++++++++++
 5 files changed, 66 insertions(+), 6 deletions(-)
 create mode 100644 hosts/nixos/lapetus/services/smos.nix

diff --git a/flake.nix b/flake.nix
index 6a52b0f..cdb2c19 100644
--- a/flake.nix
+++ b/flake.nix
@@ -63,7 +63,7 @@
     # }}}
     # {{{ Self management
     # Smos
-    smos.url = "github:NorfairKing/smos";
+    smos.url = "github:Mateiadrielrafael/smos";
     # REASON: smos fails to build this way
     # smos.inputs.nixpkgs.follows = "nixpkgs";
     # smos.inputs.home-manager.follows = "home-manager";
diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index c5fc0f0..cac8a7b 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -8,6 +8,7 @@
     ./services/whoogle.nix
     ./services/pounce.nix
     ./services/intray.nix
+    ./services/smos.nix
     ./services/vaultwarden.nix
     ./services/zfs.nix
     ./filesystems
diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml
index 8dc3c6b..d7fef50 100644
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@@ -1,5 +1,4 @@
 tilde_irc_pass: ENC[AES256_GCM,data:+pw/g0pffo1zF++1H/+iFXQDCDw=,iv:zTBvaUCwt78dgv1jF9EmrTuHMnM2S+GUGpQZWY828tA=,tag:umqaQOWqy8aMOxWR0CNGHQ==,type:str]
-zed_smtp_pass: ENC[AES256_GCM,data:Y6pPbs5amgZIvoIJZUM=,iv:vbvA9u8Snv4tCzguabrWg1osy/LOr8PmO/02f9ZajOY=,tag:8tlrMCZBqtjGfiuqSOOplw==,type:str]
 vaultwarden_env: ENC[AES256_GCM,data:39gY2J+AFTwIRar7tbF6D9WadTzw1xiqPE9T204Z,iv:k9m6wQIPh1qScCjgLnULjVxVmDxxmotd/xzVuH6ju/w=,tag:+xIkwguOwYryO4rgsyMOsQ==,type:str]
 sops:
     kms: []
@@ -25,8 +24,8 @@ sops:
             RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
             lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-12T13:56:45Z"
-    mac: ENC[AES256_GCM,data:Rz6m7xNjfFAz6zkyMb1hqPHNxQ0I5bo9jN/AO24TaepI2dJMTmRUDT9ezsiQHfjitTrfX1EVRccPRGFDUVCaxSKu11CY3oMw6IZgeJclJRs5skp7382S5cu+LGyg5EsVSJM4tFl3XboxvHX2/8sqBqmkuTVxjVHW1hWNU0ok/T4=,iv:j7Hc4KpeXcMc5QqkDpmwJLJxkjMHiTrX+zL4EtzLFPg=,tag:hB6ek9hnpNqgWamK0MwhPQ==,type:str]
+    lastmodified: "2024-02-12T16:10:16Z"
+    mac: ENC[AES256_GCM,data:kYPlAH/LZiA6UJPgRgj6MBWHDWx21unyWj/qtJ1dmaoW8UXi8AnZt+/PT53rvRgzPYGnDgaxTugFH+kYflMQ7wOJpmie/VcsA0kJ+KVAg1Z7awjCBeqSQn+yuS+/ngqLRxHd3gBjmV32NOg6hlmBCJPhWUzqn9WiItq5ut3Da2w=,iv:W0Bg6PBiFtdwN6xuu8kE9x860T2LuTRv+ARF/EOUf4g=,tag:r30t606ttqT9qEjresPKbA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/nixos/lapetus/services/intray.nix b/hosts/nixos/lapetus/services/intray.nix
index 308469c..e177150 100644
--- a/hosts/nixos/lapetus/services/intray.nix
+++ b/hosts/nixos/lapetus/services/intray.nix
@@ -16,13 +16,11 @@ in
     enable = true;
     api-server = {
       enable = true;
-      openFirewall = false;
       port = apiPort;
       admins = [ username ];
     };
     web-server = {
       enable = true;
-      openFirewall = false;
       port = webPort;
       api-url = "https://${apiHost}";
     };
diff --git a/hosts/nixos/lapetus/services/smos.nix b/hosts/nixos/lapetus/services/smos.nix
new file mode 100644
index 0000000..9ef88a1
--- /dev/null
+++ b/hosts/nixos/lapetus/services/smos.nix
@@ -0,0 +1,62 @@
+{ inputs, config, ... }:
+let
+  username = "prescientmoon";
+  docsHost = "docs.smos.moonythm.dev";
+  apiHost = "api.smos.moonythm.dev";
+  webHost = "smos.moonythm.dev";
+  docsPort = 8404;
+  apiPort = 8405;
+  webPort = 8406;
+
+  https = host: "https://${host}";
+in
+{
+  imports = [
+    ../../common/optional/services/nginx.nix
+    inputs.smos.nixosModules.x86_64-linux.default
+  ];
+
+  # {{{ Configure smos 
+  services.smos.production = {
+    enable = true;
+
+    # {{{ Docs server 
+    docs-site = {
+      enable = true;
+      port = docsPort;
+      api-url = https apiHost;
+      web-url = https webHost;
+    };
+    # }}}
+    # {{{ Api server
+    api-server = {
+      enable = true;
+      port = apiPort;
+      admin = username;
+
+      max-backups-per-user = 5;
+      backup-interval = 3600;
+      local-backup.enable = true;
+    };
+    # }}}
+    # {{{ Web server
+    web-server = {
+      enable = true;
+      port = webPort;
+      docs-url = https docsHost;
+      api-url = https apiHost;
+      web-url = https webHost;
+    };
+    # }}}
+  };
+  # }}}
+  # {{{ Networking & storage
+  services.nginx.virtualHosts.${docsHost} = config.satellite.proxy docsPort { };
+  services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort { };
+  services.nginx.virtualHosts.${webHost} = config.satellite.proxy webPort { };
+
+  environment.persistence."/persist/state".directories = [
+    "/www/smos/production"
+  ];
+  # }}}
+}