From a9848996969fa24ffcc8116917739bde288900c4 Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Wed, 10 Jan 2024 19:06:54 +0000
Subject: [PATCH] nix-cache -> stream

---
 flake.lock                                    | 48 +++++++++----------
 flake.nix                                     |  4 +-
 .../configuration.nix                         | 46 +++++-------------
 .../hardware.nix                              |  0
 4 files changed, 37 insertions(+), 61 deletions(-)
 rename nix/{oracle-nix-cache => oracle-stream}/configuration.nix (70%)
 rename nix/{oracle-nix-cache => oracle-stream}/hardware.nix (100%)

diff --git a/flake.lock b/flake.lock
index 382183c..b400a31 100644
--- a/flake.lock
+++ b/flake.lock
@@ -223,11 +223,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703368619,
-        "narHash": "sha256-ZGPMYL7FMA6enhuwby961bBANmoFX14EA86m2/Jw5Jo=",
+        "lastModified": 1704498488,
+        "narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a2523ea0343b056ba240abbac90ab5f116a7aa7b",
+        "rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
         "type": "github"
       },
       "original": {
@@ -263,11 +263,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1702814943,
-        "narHash": "sha256-tNKSDbtoEDfCTs30dyW0Fcj4KJpjzTRASL6f2BbuSKE=",
+        "lastModified": 1704629345,
+        "narHash": "sha256-cWrno5kSY2cCaWIl97Ae4/iZ9rnMLlm0VrwRqdzIESk=",
         "owner": "nix-community",
         "repo": "lib-aggregate",
-        "rev": "ac8b1c4cfb2f9111e709aaf503511df354e86733",
+        "rev": "3e408e7391e9d778f48861bb9da08ac54e01441a",
         "type": "github"
       },
       "original": {
@@ -284,11 +284,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1702815315,
-        "narHash": "sha256-LEpv7kvB7KPj/6BoNYWMcVjRezTJe6FNmg5kCKZQxMk=",
+        "lastModified": 1703466376,
+        "narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=",
         "owner": "nix-community",
         "repo": "nix-eval-jobs",
-        "rev": "3c6e1234af3aa26fc60d0969619cf6806ec51639",
+        "rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7",
         "type": "github"
       },
       "original": {
@@ -391,11 +391,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1702774034,
-        "narHash": "sha256-M0IsUA89EKHL8IDx9bf+e2W2l1kMRpaZ4h08navMXig=",
+        "lastModified": 1704588527,
+        "narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "9b4f1493009b8d2f55a525a01de10addc9a0a752",
+        "rev": "be8e58791dcfa2b98b512c2a1bdf3bd94a38790b",
         "type": "github"
       },
       "original": {
@@ -414,11 +414,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703373312,
-        "narHash": "sha256-kVmScLYGHsdAUDn0m3LcE0lIgCH4O+0LSZzPvr3z64w=",
+        "lastModified": 1704684968,
+        "narHash": "sha256-h+lSV/cfnfE5//dHefL154mgvaEmTz13ehI7eb/Hph0=",
         "owner": "nix-community",
         "repo": "nixpkgs-wayland",
-        "rev": "5f8175aebc87daabacc564c26614c1241a1c6e76",
+        "rev": "17d7827cd61e7e6bdc732c4817ea4da26ab0b47b",
         "type": "github"
       },
       "original": {
@@ -477,11 +477,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1703134684,
-        "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
+        "lastModified": 1704626572,
+        "narHash": "sha256-VwRTEKzK4wSSv64G+g3RLF3t6yBHrhR2VK3kZ5UWisU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
+        "rev": "24fe8bb4f552ad3926274d29e083b79d84707da6",
         "type": "github"
       },
       "original": {
@@ -493,11 +493,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1702539185,
-        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
+        "lastModified": 1703134684,
+        "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
+        "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
         "type": "github"
       },
       "original": {
@@ -631,11 +631,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1702461037,
-        "narHash": "sha256-ssyGxfGHRuuLHuMex+vV6RMOt7nAo07nwufg9L5GkLg=",
+        "lastModified": 1702979157,
+        "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "d06b70e5163a903f19009c3f97770014787a080f",
+        "rev": "2961375283668d867e64129c22af532de8e77734",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 33b3cd2..4b33a6c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -148,10 +148,10 @@
             }
           ];
         };
-        oracle-tunnel = nixpkgs.lib.nixosSystem {
+        oracle-stream = nixpkgs.lib.nixosSystem {
           system = "aarch64-linux";
           modules = [
-            (import ./nix/oracle-nix-cache/configuration.nix)
+            (import ./nix/oracle-stream/configuration.nix)
             {
               _module.args.nixinate = {
                 host = "100.98.25.34";
diff --git a/nix/oracle-nix-cache/configuration.nix b/nix/oracle-stream/configuration.nix
similarity index 70%
rename from nix/oracle-nix-cache/configuration.nix
rename to nix/oracle-stream/configuration.nix
index 9a93062..62f3cea 100644
--- a/nix/oracle-nix-cache/configuration.nix
+++ b/nix/oracle-stream/configuration.nix
@@ -29,7 +29,7 @@
   };
 
   networking = {
-    hostName = "nix-cache";
+    hostName = "stream";
     domain = "gmem.ca";
     firewall = {
       trustedInterfaces = ["tailscale0"];
@@ -71,6 +71,11 @@
     rpcbind.enable = true;
     openssh.enable = true;
     tailscale.enable = true;
+    owncast = {
+      enable = true;
+      port = 8080;
+      openFirewall = false;
+    };
     nginx = {
       enable = true;
       recommendedProxySettings = true;
@@ -80,49 +85,20 @@
       recommendedOptimisation = true;
       recommendedTlsSettings = true;
       virtualHosts = {
-        "git.gmem.ca" = {
+        "stream.gmem.ca" = {
           enableACME = true;
           forceSSL = true;
           locations."/" = {
-            proxyPass = "http://100.116.48.47";
+            proxyPass = "http://127.0.0.1:8080";
+            proxyWebsockets = true;
+            
             extraConfig =
               ''
               client_max_body_size 100M;
+              proxy_pass_header Authorization;
               '';
           };
         };
-        "food.gmem.ca" = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://100.77.43.133";
-            extraConfig =
-              ''
-              client_max_body_size 100M;
-              '';
-          };
-        };
-        "authentik.gmem.ca" = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/" = {
-            proxyWebsockets = true;
-            proxyPass = "https://pi.gmem.ca";
-            recommendedProxySettings = true;
-          };
-        };
-        "photos.gmem.ca" = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/" = {
-            proxyWebsockets = true;
-            proxyPass = "https://pi.gmem.ca";
-            recommendedProxySettings = true;
-            extraConfig = ''
-              client_max_body_size 50000M;
-            '';
-          };
-        };
       };
     };
   };
diff --git a/nix/oracle-nix-cache/hardware.nix b/nix/oracle-stream/hardware.nix
similarity index 100%
rename from nix/oracle-nix-cache/hardware.nix
rename to nix/oracle-stream/hardware.nix