3 files changed, 145 insertions, 0 deletions
diff --git a/hosts/cloud/bkk/configuration.nix b/hosts/cloud/bkk/configuration.nix
new file mode 100644
index 0000000..42f6b2c
--- /dev/null
+++ b/hosts/cloud/bkk/configuration.nix
@@ -0,0 +1,49 @@
+{ modulesPath, lib, pkgs, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./nginx.nix
+    ];
+     boot = {
+      loader.grub = {
+        enable = true;
+        device = "/dev/vda";
+      };
+    }; 
+     users.users.root.openssh.authorizedKeys.keys = 
+          [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ];
+
+       # enable flakes
+      nix = {
+        package = pkgs.nixFlakes;
+        extraOptions = ''
+          experimental-features = nix-command flakes
+        '';
+        settings = {
+          keep-outputs = true;
+          keep-derivations = true;
+        };
+      };
+     
+      services.openssh = {
+        enable = true;
+        passwordAuthentication = false;
+        # ports = [5522];
+      };
+      networking = {
+        hostName =  "yn-bkk"; # use Digital Ocean metadata server
+      };
+      networking.firewall = {
+        enable = false;
+      #   allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ];
+      #   allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ];
+      };
+      services.ntfy-sh = {
+        enable = true;
+        settings = {
+          base-url = "https://n.urbit.men";
+          listen-http = ":8090";
+        };
+      };
+  system.stateVersion = "24.05"; # Did you read the comment?
+}
diff --git a/hosts/cloud/bkk/hardware-configuration.nix b/hosts/cloud/bkk/hardware-configuration.nix
new file mode 100644
index 0000000..736857a
--- /dev/null
+++ b/hosts/cloud/bkk/hardware-configuration.nix
@@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/22436064-dc92-4aea-8e58-0dc2ce872baa";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/9726a4b6-5c40-4863-9a21-07f0100dea8d"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens7.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/hosts/cloud/bkk/nginx.nix b/hosts/cloud/bkk/nginx.nix
new file mode 100644
index 0000000..f948e0e
--- /dev/null
+++ b/hosts/cloud/bkk/nginx.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, ... }: {
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "security@urbit.cam";
+  services.nginx = {
+    enable = true;
+    virtualHosts."u.urbit.men" =  {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        # proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header Forwarded $proxy_add_x_forwarded_for;
+        '';
+      };
+      extraConfig = ''
+        chunked_transfer_encoding off;
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_cache off;      
+      '';
+    };
+    virtualHosts."n.urbit.men" =  {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8090";
+        # proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header Forwarded $proxy_add_x_forwarded_for;
+        '';
+      };
+      extraConfig = ''
+        chunked_transfer_encoding off;
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_cache off;      
+      '';
+    };
+    # virtualHosts."t.urbit.men" =  {
+    #   enableACME = true;
+    #   forceSSL = true;
+    #   locations."/" = {
+    #     proxyPass = "http://127.0.0.1:8081";
+    #     # proxyWebsockets = true; # needed if you need to use WebSocket
+    #     extraConfig = ''
+    #       proxy_set_header Host $host;
+    #       proxy_set_header Forwarded $proxy_add_x_forwarded_for;
+    #     '';
+    #   };
+    #   extraConfig = ''
+    #     chunked_transfer_encoding off;
+    #     proxy_http_version 1.1;
+    #     proxy_buffering off;
+    #     proxy_cache off;      
+    #   '';
+    # };
+  };
+}