host Qubit-Quilt on nuOS

hosts/nuos/configuration.nix

@@ -10,9 +10,6 @@
   config,
   ...
 }:
-let
-  enableFlurry = true;
-in
 {
   imports = [
     # Include the results of the hardware scan.
@@ -23,6 +20,7 @@ in
     (modulesPath + "/profiles/qemu-guest.nix")
 
     ./home-assistant.nix
+    ./nginx.nix
 
     ../../common
   ];
@@ -216,7 +214,7 @@ in
       };
 
       "flurry" = {
-        enable = enableFlurry;
+        enable = (import ./toggles.nix).enableFlurry;
         description = "Pixelflut server";
         serviceConfig = {
           ExecStart = "${
@@ -337,19 +335,6 @@ in
   };
 
   services = {
-    authentik = {
-      enable = true;
-      environmentFile = config.age.secrets."authentik/env".path;
-      nginx = {
-        enable = true;
-        enableACME = true;
-        host = "auth.itepastra.nl";
-      };
-      settings = {
-        disable_startup_analytics = true;
-        avatars = "initials";
-      };
-    };
     factorio = {
       enable = false;
       # package = pkgs.factorio-headless.override {
@@ -404,76 +389,6 @@ in
         };
       };
     };
-    nginx =
-      let
-
-        extra = ''
-          client_max_body_size 50000M;
-
-          proxy_redirect     off;
-
-          proxy_read_timeout 600s;
-          proxy_send_timeout 600s;
-          send_timeout       600s;'';
-        proxy = name: url: {
-          forceSSL = true;
-          useACMEHost = name;
-          extraConfig = extra;
-          locations."/" = {
-            proxyWebsockets = true;
-            proxyPass = url;
-          };
-        };
-      in
-      {
-        enable = true;
-        package = pkgs.nginx.override {
-          modules = [ pkgs.nginxModules.brotli ];
-        };
-
-        recommendedOptimisation = true;
-        recommendedProxySettings = true;
-        recommendedTlsSettings = true;
-        recommendedBrotliSettings = true;
-        sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
-        virtualHosts = lib.mkMerge [
-          ({
-            "noa.voorwaarts.nl" = {
-              forceSSL = true;
-              enableACME = true;
-              extraConfig = extra;
-              locations."/" = {
-                proxyWebsockets = true;
-                proxyPass = "http://192.168.42.5:8000";
-              };
-            };
-
-            "images.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:2283/";
-            "maintenance.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:5000/";
-            "map.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://127.0.0.1:8123/";
-
-            "itepastra.nl" = {
-              forceSSL = true;
-              enableACME = true;
-              extraConfig = extra;
-              locations."/" = {
-                proxyWebsockets = true;
-                proxyPass = "http://192.168.42.5:9001/";
-              };
-            };
-
-            "calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341";
-
-            # home-assistant proxy
-            "home.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:8123";
-          })
-
-          (lib.mkIf enableFlurry {
-            "flurry.itepastra.nl" = proxy "itepastra.nl" "http://127.0.0.1:3000";
-          })
-        ];
-      };
   };
 
   security.acme = {
@@ -491,7 +406,7 @@ in
         "home.itepastra.nl"
       ]
       ++ [
-        (lib.mkIf enableFlurry "flurry.itepastra.nl")
+        (lib.mkIf (import ./toggles.nix).enableFlurry "flurry.itepastra.nl")
       ];
     };
   };

hosts/nuos/nginx.nix

@@ -0,0 +1,91 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+let
+  enableFlurry = true;
+  enableQubitQuilt = true;
+in
+{
+  services.nginx =
+    let
+
+      extra = ''
+        client_max_body_size 50000M;
+
+        proxy_redirect     off;
+
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        send_timeout       600s;'';
+      proxy = name: url: {
+        forceSSL = true;
+        useACMEHost = name;
+        extraConfig = extra;
+        locations."/" = {
+          proxyWebsockets = true;
+          proxyPass = url;
+        };
+      };
+    in
+    {
+      enable = true;
+      package = pkgs.nginx.override {
+        modules = [ pkgs.nginxModules.brotli ];
+      };
+
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedBrotliSettings = true;
+      sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+      virtualHosts = lib.mkMerge [
+        ({
+          "noa.voorwaarts.nl" = {
+            forceSSL = true;
+            enableACME = true;
+            extraConfig = extra;
+            locations."/" = {
+              proxyWebsockets = true;
+              proxyPass = "http://192.168.42.5:8000";
+            };
+          };
+
+          "images.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:2283/";
+          "maintenance.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://192.168.42.5:5000/";
+          "map.noa.voorwaarts.nl" = proxy "noa.voorwaarts.nl" "http://127.0.0.1:8123/";
+
+          "itepastra.nl" = {
+            forceSSL = true;
+            enableACME = true;
+            extraConfig = extra;
+            locations."/" = {
+              proxyWebsockets = true;
+              proxyPass = "http://192.168.42.5:9001/";
+            };
+          };
+
+          "geenit.nl" = {
+            forceSSL = true;
+            enableACME = true;
+            extraConfig = extra;
+            locations."/" = {
+              root = inputs.qubit-quilt.packages."x86_64-linux".default;
+            };
+          };
+
+          "calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341";
+
+          # home-assistant proxy
+          "home.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:8123";
+        })
+
+        (lib.mkIf (import ./toggles.nix).enableFlurry {
+          "flurry.itepastra.nl" = proxy "itepastra.nl" "http://127.0.0.1:3000";
+        })
+      ];
+    };
+}

hosts/nuos/toggles.nix

@@ -0,0 +1,4 @@
+{
+  enableFlurry = true;
+  enableQubitQuilt = true;
+}