Move ponthirtaekwondo.co.uk

hosts/nixedo/modules/nginx/default.nix

@@ -53,6 +53,5 @@ in
 
   imports = [
     ./oliverdavies.uk
-    ./ponthirtaekwondo.co.uk.nix
   ];
 }

hosts/nixedo/modules/nginx/ponthirtaekwondo.co.uk.nix

@@ -1,51 +0,0 @@
-{ config, ... }:
-
-let
-  name = "ponthirtaekwondo.co.uk";
-  ports = config.homelab.ports;
-  port = ports.nginx.ponthir-taekwondo;
-in
-{
-  security.acme.certs = {
-    "ponthirtaekwondo.co.uk" = {
-      domain = "ponthirtaekwondo.co.uk";
-      dnsProvider = "cloudflare";
-      email = "oliver@oliverdavies.uk";
-      environmentFile = config.age.secrets.cloudflare.path;
-      webroot = null;
-
-      extraDomainNames = [
-        "www.ponthirtaekwondo.co.uk"
-      ];
-    };
-  };
-
-  services = {
-    nginx.virtualHosts = {
-      "www.${name}" = {
-        root = "/var/www/vhosts/${name}";
-
-        listen = [
-          {
-            inherit port;
-
-            addr = "localhost";
-          }
-        ];
-
-        locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
-
-        extraConfig = ''
-          port_in_redirect off;
-
-          # Remove trailing slashes.
-          rewrite ^/(.*)/$ /$1 permanent;
-        '';
-      };
-    };
-
-    cloudflared.tunnels."e1514105-327f-4984-974e-e2fbaca76466".ingress = {
-      "www.ponthirtaekwondo.co.uk" = "http://localhost:${toString port}";
-    };
-  };
-}

modules/hosts/homelab/home02/configuration.nix

@@ -1,5 +1,29 @@
+{ inputs, ... }:
+
 {
   flake.modules.nixos."nixosConfigurations/home02" = {
+    imports = with inputs.self.modules.nixos; [
+      inputs.agenix.nixosModules.default
+
+      nginx-ponthir-taekwondo
+    ];
+
+    nix.settings = {
+      auto-optimise-store = true;
+
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+
+      warn-dirty = false;
+    };
+
+    age.secrets = {
+      cloudflare.file = ../../../../secrets/cloudflare.age;
+      cloudflared.file = ../../../../secrets/cloudflared-credentials2.age;
+    };
+
     networking.hostName = "home02";
 
     system.stateVersion = "25.05";

modules/hosts/homelab/home02/nginx.nix

@@ -1,5 +0,0 @@
-{
-  flake.modules.nixos."nixosConfigurations/home02".services.nginx = {
-    enable = true;
-  };
-}

modules/nixos-configurations.nix

@@ -32,7 +32,7 @@
             ++ (
               # TODO: remove once everything has bee moved to modules.
               if builtins.pathExists "${self}/hosts/${hostname}/configuration.nix" then
-                "${self}/hosts/${hostname}/configuration.nix"
+                [ "${self}/hosts/${hostname}/configuration.nix" ]
               else
                 [ ]
             )

modules/server/home02/ponthir-taekwondo.nix

@@ -0,0 +1,57 @@
+{
+  flake.modules.nixos.nginx-ponthir-taekwondo =
+    { config, ... }:
+    let
+      domain = "ponthirtaekwondo.co.uk";
+      port = 9099;
+    in
+    {
+      security.acme = {
+        acceptTerms = true;
+
+        certs.${domain} = {
+          dnsProvider = "cloudflare";
+          domain = "${domain}";
+          email = "oliver@oliverdavies.uk";
+          environmentFile = config.age.secrets.cloudflare.path;
+          extraDomainNames = [ "www.${domain}" ];
+          webroot = null;
+        };
+      };
+
+      services.nginx = {
+        enable = true;
+
+        virtualHosts."www.${domain}" = {
+          root = "/var/www/vhosts/${domain}";
+
+          listen = [
+            {
+              inherit port;
+
+              addr = "localhost";
+            }
+          ];
+
+          locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
+
+          extraConfig = ''
+            port_in_redirect off;
+
+            # Remove trailing slashes.
+            rewrite ^/(.*)/$ /$1 permanent;
+          '';
+        };
+      };
+
+      services.cloudflared = {
+        enable = true;
+
+        tunnels."c1537889-81ac-4d41-b80d-9657f8db30c7" = {
+          credentialsFile = config.age.secrets.cloudflared.path;
+          default = "http_status:404";
+          ingress."www.${domain}" = "http://localhost:${toString port}";
+        };
+      };
+    };
+}

secrets.nix

@@ -1,5 +1,6 @@
 let
   hosts = {
+    home02 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUdENIYMFFiWzqOylh6/IVa9GGMwCpxPldbbX3wUttaQZ71qy4yoVN069DSDjlg0zbyYPzcfrR1d+DKAlJWH4FCOHXAO/mZtweGYSP1OP3Gdk1P7l8WWBTQqop7SkOQ4IT/dYl6QI7M2Oix1cKJvKSog/d/tp0B2x28me/bcDNzqgz8UtC6Y+gClqbpUeoNZfieovUt0N8vt/Z2LLIeXfhTnWz/PHtQ/Nn8pL5uO6CFOETojSa1JOwCVwvPzmmG2j8t+SdQEGW5bU6dIHZecMrCPDoXid+saC6zhlSPeWwI9Oamy5WxRd2wa3AkKbMqQj91AAxsjdSO93qMhoKeVugoyncT/CD9+bAXbFInegsszUiJNJE6Ua0H8okGxhW/ptLPjvhQXJmAmWyF9gTeiAlENpqQ2Zo5XjaMbkopAXLAd3/dgt0t0K7IRbsMVlb09nQpLU65ADodofUJ2R7GU972IFyvLu8CBkGjVYrVIbbXRNgO4ZI4CN212W8dkB/uRkgrEfAyM4nkcho8CuwCBS5vObQS/DC0TAokHJMAR/7cCSjD4L2dUIkbwa2FOsSRJXW9mU6J/EmYTj9M3OOKlvOsCVBkiSNaH6KOtZk+NY059n9KWPNKeAdqg0bh42BZKueIj3fa2V0rWSuFcVdbG77NiUAIYb8qycfZMiFcRbV5Q==";
     nixedo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
     t480 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
   };
@@ -10,6 +11,7 @@ let
 in
 {
   "secrets/cloudflare.age".publicKeys = [
+    hosts.home02
     hosts.nixedo
     hosts.t480
   ]
@@ -20,6 +22,11 @@ in
   ]
   ++ [ users.opdavies ];
 
+  "secrets/cloudflared-credentials2.age".publicKeys = [
+    hosts.home02
+  ]
+  ++ [ users.opdavies ];
+
   "secrets/forgejo-runner-token.age".publicKeys = [
     hosts.nixedo
   ]

secrets/forgejo-runner-token.age

@@ -1,17 +1,17 @@
 age-encryption.org/v1
--> ssh-ed25519 IsVD3g VZRQKGdeV/lghsgN7xSWAuxOsThIU4cpBPEA5jRU/Ro
-rlVrONsaGdSAW7jk04RbmxqBRr1nIpZi/QYJdhZNF8A
+-> ssh-ed25519 IsVD3g sjknkZ8QTfjiEJyjZvB119raHM09HrSLiio4jjztHRs
+erSXR3WzpvxUgY2VUJ89bl62BtW/71JbUCGD6SOfy/s
 -> ssh-rsa +vTWQw
-igGVvcUh30WG4jDQcXL906pmEk6NCDt0Fl0XC6q3ZuAeJHK1wZ70XKPTehb1JM4U
-YSb5vsVW0J6Fv9kWbpfuSGo/eDoLwm45bP5OT+L3hThG8VRYlt4GuPt+BTdxBfcA
-sLiQNBo/c+NeozLwsx39uwGZlBPXEiCWy2GR0tBpl97mpQgyLIvRleRMxzTtfN7Y
-vreEbsOqo4kHMsAykGoOwMDVJpGArJBLNlm5cd9I0iHOvk9ugu919tNeiZ4vHyye
-QKuoeAE24wqW/QXj98sFxz9SHi9UHJpqLMsgh2tCfvG6J65DItBzhWi7OKlgTUjy
-7nhNOGMHtc4XBR/kjdt4z55ryb7t5DPdy6VIurJ3YAcZRm44o4LusHLw7llcNa20
-bXTiwZaICwK6Zi3deAASK4+DgbvThuKa6Ir0vaEK7Mik39ZanrIXDoFBv80ufBiq
-tsFZex7Z/ZqqDR/WPnQKF92tz+Kqs7Jkka60ajYwkDdS6WnkOFPpKPJKayfutdF1
-9r6jzBUZEZ1E9avShow8ccw/FVhSnDzl9851TXZRyDrqFJ26s7484zHV9KpHPflh
-qveux0fqB65vGl2ZvcsRawGVOw8G567s2HED6tuArdU98eEGC5Z/UdXPUYGpUSCK
-zB9AQNtdS5IHY9CNKb7YqJFtvyaA7wlrd9Csp0UWVSY
---- i4UTmANM0HP3f9MKXDJZKyP2lod+E2dK8sNzHcm3y/o
-¸©ZÄ•¯pB†Ïl®¤@—ñDp嬨('u.ëXò
T£Oåò"RÚrr¡ª=÷|â·Þ®Û:ç§SåæQCDCbÞ~ÑàáVþÃûê2í–
+LM8id7bb+4010W3AssFgxCB9j6Xth1LDGieMp52ywAACQPothIeyB1BwXdYMyYzp
+UVVguRJUN6AjFuIhXBe5+gtK7xvS0ToIpeZmTQlgfehzQWIbwCTzs3Py/XYyRUth
+x6LT6Qru0pNP/zPVWh4EOPwpi12BfNB7tDxPI3vQCR5mL1zw/Uciufu+ku91c/Rr
+s2wXjinDSqHgKOjNxvP6RpzjhkpvrV7cnir7JxRC2gFpyTHeDVishjqu3D4WbAPy
+Qgk10DNv86nQvPdexdWF8C44GBc69DBXnaQQSsgcUs4awG4zNz6IJFMG0FdUA2lR
+ac5zcaUl76SrwvXPHyiFNs6f0wkFZQt3Cu6/QiHWWXNuuIGMv6mouBW4lQqiZQRC
+2pMS1IxuyHPHx2Bun8m1CPAuFCUt+ur9vYbofpJrWoXz1zg6tIL+KnUWkN29cd07
+OppiaOrk50fVqJvodS5HhPqJnKGAzNpji0a72OWQtIHvcNYwAKv+P3Copg5jWt6z
+9QKay17p1v2YuPYpxzqI6VzB76UxG2T0mm/C10+xedPDo1NyXDT2b3c/uFm3bR6K
+Lc5sM/togbA23YJNDRGQpgQNtZi2ovSMdU5ZDBq1txsGB5sP3ITUSv7bbAWHTv6K
+E2uckvASLlAlFgCePDPyM2StMwcK7xGuG49jtdY85Hw
+--- pjoGZ9rZfhR6fBIshg2pYfELHCmYewf1LvNAvyXm9Do
+èVïí
§?ù§ý‚yV¦2CקX05Ís(¢A¤&=0­€ý‡§]¦7öç4Jaäà]£­•<C2AD>@UµbñæààÑÝÍ8lJ®=À,ŠÁ

secrets/peertube-env.age

@@ -1,18 +1,17 @@
 age-encryption.org/v1
--> ssh-ed25519 IsVD3g kyLYyMMYENXy2F1cnjVyptUhci5xfC8yrhvBtH8THUw
-Q8sXfg7Wm4UMZ6jWGiBLgEKOqVvlCrHy8IthdpjRS/8
+-> ssh-ed25519 IsVD3g 5GyBUVIjEFXXSaKHdMJz+VQrzFQbGjI1rN9v+tEw9Ro
+3TPH9ELgR7KIZT/3qUQ74dtP00Iki3VqwIv5CHV4HnY
 -> ssh-rsa +vTWQw
-i0sLs+iG1P7pvUAHCn1StChdaMlT+ze4qkI0beSzTbWm6+qoC7X9tBoJoBJbNGmQ
-vIaJpYncYUn04r4WrYcjhBaYKYoECPGR0z/i9EtPT67DG6zuNEJLTclMStdudv4P
-Y5uHDku3CoEF6l1nBabQmYtA6/7RT/wqQf+yYICp8pJX9fPtgkjbUtwx/EBOTz29
-t1Y6USjHI45IW9Od3G7XcZGuNkLkeV3clBEqWiFeck7+x3/SU8f8sv63M++Bitqb
-F/ZXiLd/JDrlRhcgO0XsfKX+M6eodUg3ZQ7/0GFAjfYyiQp6uA5p/srIuTq40W1f
-i7zzs0dewz75GjSKIWyivcYvQQzeobxDd6/1nhgtdjHCYyL5HV3QnE7Ew/ZoQPss
-kIr25ftZ/sA87wg77J0c7koZneycSV1PioB2RyuW7cXP4ptMUOEaM0KjkLABBWNF
-+WxIdGVd8d8E/zBbVnNNPNuKZYHEb6+eCo61Z8x7VAZhz61ziXOdOzeaN1Obgv+2
-Banoulrje4oF1L4KgO64NckVpYi6Od0Cl9W0hOxSt1BafokHYi4yxYiB2rmv/cdO
-Q2IR10fKCd1BNYKvMPFia8j3Uv+OYJnilSNUi0bs+42UfFGcURZEgsSGluSIWP3W
-ag1ENk3Y0tLR1WMj2mjbybk9JpEAWJ0oxT+oBOV2g9Q
---- iraOjJc4e+c1tH/YoiRIoEyyLVPgRx2xWaM5BUO1Fes
-ÜŔ%—UžČck	!ÓX÷Ew–+¦1¬±ę¸‘;+ŔÁ
-Úw& Đ&óĹşřm^uÜsś_<C59B><5F>nLâĚë<í^,›¤UÎé
+Cg5+HmQdohbndJi0gMs+LV6KnNiLWjPJB1MOD/bG+Oa3n9tdyLBHFe/m3rHtXz02
+bLDYt/YgKMieuC8AGZsOD/d+KV7dfJ5dLzVDDHZYawuxWUEX/jk3etozlqcWWqLr
+/uLJ0TPp56hL0zDqTPJfmKzxvSBTKYtbhEEF00UlfYte7DOeQGa6zF/R2mbWJAzV
+xNXLB+l1Cng+zR9zO/0GEbHaEZBBtvJn4uDVmMBTRtqyPV2U3H40HxOg0Jg66R3e
+D2Bs3VBqXK1Pdg5MPbu5Exjrmr1HiH/SodJ8tZfQuVRSQO/2Vb+J7KanOYIwAxN1
+DlmNV5wBxoibapViiZrRGOgKOM2Nd7kCeNLnpzl4kVQSHo7jWABBl/GPIlN59zNA
+qu1cluK8txoJu4xXJsbNFBqmfdUPVrvJobNG9hyH4zu81rBfoEoHZRQaH0/ZHh03
+PSWw6Vv1wmHVp9yij3PrMGkF/kEF5Z1MYBP1j4mDSqIsvww0yEeC0RRp8Ud0UMmi
+v55O5ImOMUrhUiXFZbk7miv7wi+9LWZwtqCMbflOBklC6SGcHt0Xt76gQVVQCsMv
+eVpPBwY8tGz+cYT8zmO77/bRmz2eGuCfiAdMN3AkNDelS5LXz2ydmGYyCmOlKabV
+VfYWsHJcYtlpbDzpa2sCrl71b3PTC7LnjDDIQopIPDM
+--- 4zZpdSkiIb11Fo7yHZYhFoQRt+iANwW5LURpE61JMac
+-`²Ûøô…¬'k–ÔBæ?[Í›
Žl#ž4÷<34>Ýü|î·dbü>›X‹
t‡õQnÍoFs3çhWµ4À嬎i¤§µ$

secrets/tubearchivist-env.age

@@ -1,20 +1,19 @@
 age-encryption.org/v1
--> ssh-ed25519 IsVD3g JcpSuBgBp3nnPscb55121KL2XeCkBnwRwr57rFYE+nE
-o0nLbL0tQWZIwOECYb+/zQsGo9/uoEpuaPqdxoZqY/Y
--> ssh-ed25519 IsVD3g fYyG89/0d3WO+aG9SaZ5+QMGrayd0y6EdnpjEx7mOTM
-nbP/TlK5goWZe6ObIvqaRYTa7XPKprVoOeOZBPARON4
+-> ssh-ed25519 IsVD3g jadSxkPYEHq3Eft9cjnjSpZCOYPIv4iUL5UZ2oZBF3A
+9c5RlPpzZChKsPA3CYVH/QQDQgztkaawbzj/urxog5M
+-> ssh-ed25519 IsVD3g MHiWFQh6775rJh0JObOSWP3LqyIi6SvYcQ1FhIZtZRI
+G5Y+jenOV7RdL05owbQYp0zzu7/6X+q/KzWCECST0Lk
 -> ssh-rsa +vTWQw
-mrS2MJwu/XgQd0y+bE9pa4iCZk8m1l6WQrnLb7tOaPXiVBObh03k6y9uWsfVSgmh
-gnXHBQIAGXtdJ6qabt5jLDQrDxMZw1jxAr5QONR8Y+zmcw3BTvKYmVQRfsRlOM0O
-qC4VG7CXcq7tcOEHKi3VliyUZW3R1SzXVhr72VXsug2IbWsNp/plusiA8MmLR3Mf
-0N6z8ye1ZKRFHs4Q9ShyLad5JcJtkjrNmhbhQdZlNUQfOf+jrTEFrgKII96pCWqI
-2eqpUbA1ameSUXgRknaZjIYQBmJd5ejvClGV5cojlD+DdX0W85mRW/Xj1CinUsGk
-QZ+RFQ9GWGLLV8Uba707nbS1yMlnc2afJyG8dWGaH9m2E/9NnsFxCIbcQTrK28Yu
-yabdui1sXG8stVWGK4FqCTuxNLv/bWC37IcFQQai9wgZhziyO07QR1jQ2xiMXLBZ
-cw3KT8y8yYROzhZCuKoW/FAIrlsQv3ePBv+YEpnLF++2Pa25d1jmJXryAooDpBLd
-5gi/hKvBeDPwtgStS0BjPYRM37tQ0UlHkcCqq8v2xeTX7VZpqWrzUcGX4DXCgxxX
-Qrj5eDdomUfFH5NE8LWWNfpAlP1SOkM3ebCoa9e1sfEdJUzubIbSuRL/VFTm0SJe
-WaUbIuTPOo7Sda6ZgM7lPFylqJNC8bHI5Ch6AH7UWX0
---- GcN2m5Td0aMEWTrH6ZOyjplhvkHsHrCJfoyyfsbJHZo
-ßýÂx¾üéÿñLÕú}÷va1„éé»Ô(tùäß1$„òC<C3B2>nÎ߇;ftO@]y½çcv‡úd
-Äûã¬VQ†‰±X¢S;à.OÒÏס?H‹º±ÉŠ©‹ÔJ˜áŸêÆD÷|ö¯'!w¥9ègüv“âRâ½uÆN<C386>S¢Ãº9ð
+Q84pQ3wLcYpAYpSIuAb5cGxpfVPuYN7EwY5pd825/kigYRVaPEO4uBF9OVCZ4MiG
+V2ejWOCpKyC3Xmx6zBkGgpHw98YMngPZJtKfkqs8hZVLAYuKBIEbCEyWKPCBErmX
+u8hdZdR9IiY2X2kjvK+/QctpPnHv5Y+VXOIagiu3a1y2VUqG7wZa5MZvC7WF6gtH
+JUoDAzg2zpvL9TngNi9gapnisr1JDSoYkgQCXgiczfqcO5Xb1OtSh1ofHy+zjlfe
+46ByskSWW+Zc5rdDFeZaKOPraxUMbqEXYM8XpL70vbe65vEa7foiMSRgyvtasOSn
+xSzxBQgBVkh/1aHGGg1I2NYPx3NHogwDFSedZKuocYMEVYtcEICDgr00yFr29w0k
+m1jac5fA1qQrt8bAIiHVCHhXXFiREFGqAUBJKPhlgCYlhYrIxIzv8M5B0cAYbtsY
+HL9oXAq9+WFkx+QqCzvN+NSEXNzSgSuecPgvWnz+f/d+st2f/QaxtT/tHk3thDsS
+pC7wGq8IwvzNYOD8WUfIkI+BiFxqMb8sQprBBDLeOpeVgWoKf1TYyxsNjiuCuIIM
+1BGnD0A6SUPt+QDnPgb1ZP5bHLTr0Mzkh3m8jRFkqBk4bVvacW44SqBBYOfog1nf
+mbbv8GxRNuZwqY83vloV3EMa27ziCXTKeX8ZephgUqg
+--- mH7HBWGpojAv8p68tUk86c6ri2P2PxZi+fWxl5QC8qE
+˜?Æ}¶Ä¤`LGþç†t:G]PIÄ<49>h&­¥ëÊŒ¨<p.r’ŽzÅlø9'}´ëH¢˜<7F>P4÷Ó+Æáîˆ*À¿áš}<7D>Vã<56>Í<EFBFBD>ôt$è“ÛB(‹ÉBwå‘$²åoîEÓ:;ò¬Œ<ÂUºF–DÏÛSr¾GH¬:FZËÓ]‹Ž„˜