Add initial working just.hosting cloud config

Crashes somewhat less than Firefox, it seems.

nalai/etc/nixos/configuration.nix

@@ -26,6 +26,12 @@
   # Configure console keymap
   console.keyMap = "us";
 
+  environment.etc."nginx/certs/sovr.crt" = {
+    source = ./certs/sovr.crt;
+  };
+  environment.etc."nginx/certs/sovr.key" = {
+    source = ./certs/sovr.key;
+  };
   # Bluetooth
   hardware.bluetooth.enable = true; # enables support for Bluetooth
   hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
@@ -33,16 +39,16 @@
     ensureDefaultPrinter = "HL-L8250CDW";
     ensurePrinters = [{
       name = "HL-L8250CDW";
-      deviceUri = "ipp://192.168.88.10/ipp";
-      model = "everywhere";
+      deviceUri = "ipps://192.168.88.10/ipp/print";
+      model = "Brother_HL-L8250CDN.ppd";
       description = "Brother HL-L8250CDW";
       location = "kids desks";
       ppdOptions = {
         PageSize = "Letter";
-	Duplex = "DuplexNoTumble"; # Double-sided along the long edge
-	Resolution = "600dpi";
-	PrintQuality = "4";
-	PwgRasterDocumentType = "Rgb_8";
+        Duplex = "DuplexNoTumble"; # Double-sided along the long edge
+        Resolution = "600dpi";
+        PrintQuality = "4";
+        PwgRasterDocumentType = "Rgb_8";
       };
     }];
   };
@@ -73,6 +79,7 @@
   };
   networking.extraHosts = ''
   192.168.1.5 pihole.home.arpa
+  127.0.0.1 sovr.home.arpa
   '';
   networking.hostName = "nalai"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@@ -106,6 +113,17 @@
   services.displayManager.sddm.enable = true;
   services.desktopManager.plasma6.enable = true;
 
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."sovr.home.arpa" = {
+    addSSL = true;
+    enableACME = false;
+    sslCertificate = "/etc/nginx/certs/sovr.crt";
+    sslCertificateKey = "/etc/nginx/certs/sovr.key";
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8080";
+    };
+  };
+
   # Enable CUPS to print documents.
   services.printing.enable = true;
   services.printing.drivers = [
@@ -114,6 +132,8 @@
     # and 'msexpand USA/brphl8250cdn.pp_' to expand it. Those tools are available in the _7zz and mscompress
     # modules, respectively: 'nix-shell -p _7zz mscompress'.
     (pkgs.writeTextDir "share/cups/model/Brother_HL-L8250CDN.ppd" (builtins.readFile ./Brother_HL-L8250CDN.ppd))
+    # See https://github.com/NixOS/nixpkgs/issues/78535#issuecomment-2200268221
+    # for an attempt at making this work when away from the printer
   ];
 
   # Enable rpcbind for nfs mounting
@@ -153,7 +173,7 @@
   users.users.eliribble = {
     isNormalUser = true;
     description = "Eli Ribble";
-    extraGroups = [ "adbusers" "networkmanager" "wheel" ];
+    extraGroups = [ "adbusers" "libvirtd" "networkmanager" "wheel" ];
     packages = with pkgs; [
       kdePackages.kate
     #  thunderbird
@@ -169,6 +189,7 @@
   # Set neovim as the default editor
   programs.neovim.enable = true;
   programs.neovim.defaultEditor = true;
+  programs.virt-manager.enable = true;
 
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
     "brgenml1lpr" "lunar-client" "spotify"
@@ -182,6 +203,7 @@
     brlaser
     cargo
     chezmoi
+    chromium
     cups-filters
     dia
     dig
@@ -196,6 +218,7 @@
     gutenprintBin
     hmcl
     hplip
+    kdePackages.plasma-browser-integration
     keychain
     lunar-client
     mosh
@@ -203,6 +226,7 @@
     ndisc6
     nfs-utils
     neovim
+    nginx
     om4
     poetry
     python3
@@ -211,6 +235,8 @@
     signal-desktop
     splix
     spotify
+    step-ca
+    step-cli
     thunderbird
     tig
     tmux
@@ -249,5 +275,6 @@
   systemd.network.wait-online.enable = false;
 
   virtualisation.docker.enable = false;
+  virtualisation.libvirtd.enable = true;
   virtualisation.podman.enable = true;
 }

sovr/etc/nixos/configuration.nix

@@ -0,0 +1,92 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = false;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+
+  environment.systemPackages = with pkgs; [
+    fish
+    tmux
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+  ];
+
+  networking = {
+    hostName = "sovr";
+    useNetworkd = true;
+  };
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  programs.neovim.enable = true;
+  programs.neovim.defaultEditor = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Phoenix";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  services.cloud-init = {
+    enable = true;
+    network.enable = true;
+  };
+  services.openssh.enable = true;
+
+  systemd.network.enable = true;
+
+  users.users.eliribble = {
+    initialHashedPassword = "$y$j9T$XYOMZR8RZEiTnpaF8lsxv1$H7YbWDpzbnYXTLN0ZMhvtKOlSMy64P7C/RdLBaeaNf/";
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  };
+  users.users.root.initialHashedPassword = "$y$j9T$Ti26ax34797JfBHz.qOF20$Ft.w/amrklqfOxs1Q44udCON6qo8Yj51CqLSksOYAQ2";
+
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}
+

sovr/etc/nixos/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/75b1c48f-8bb8-4357-8a11-1d7688787199";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}