nixos-configuration/hive/deimos/default.nix

{ system, lib, ... }:
let
  blog = builtins.getFlake
    "github:jrpotter/blog/29a44a257989ab85a38690b18debfe1b27a70674";
  portfolio = builtins.getFlake
    "github:jrpotter/portfolio/0f89bdf6c17dd7a61988f8b3629db1988e6f7357";
  bookshelf = builtins.getFlake
    "github:jrpotter/bookshelf/bf9888c050b7a62f58be0198af19a6de7c40b375";
in
{
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    ../../digital-ocean/configuration.nix
  ];

  deployment.targetHost = "24.199.110.222";

  networking = {
    hostName = "deimos";
    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
    };
  };

  programs.mosh.enable = true;

  services = {
    nginx = {
      enable = true;
      virtualHosts = {
        "www.jrpotter.com" = {
          forceSSL = true;
          enableACME = true;
          serverAliases = [ "jrpotter.com" ];
          locations."/" = {
            root = portfolio.packages.${system}.app;
          };
        };
        "blog.jrpotter.com" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            root = blog.packages.${system}.app;
          };
        };
        "bookshelf.jrpotter.com" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            root = bookshelf.packages.${system}.app;
          };
        };
        "git.jrpotter.com" = {
          locations."/" = {
            recommendedProxySettings = true;
            proxyPass = "http://127.0.0.1:3000";
          };
        };
      };
    };
    openssh.enable = true;
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "jrpotter2112@gmail.com";
  };

  system.stateVersion = "23.11";
}