sarek: intialize service config. Move firewall to base.nix

hosts/sarek/configuration.nix

@@ -7,7 +7,9 @@
       ../../base.nix
       ../../common/metrics-exporters.nix
 
+      ./services/nginx.nix
       ./services/postgresql.nix
+      ./services/flame.nix
   ];
 
   # Boot and console is handled by proxmoxLXC.
@@ -27,13 +29,10 @@
     hostId = "15dd36bc";
   };
 
-  sops.defaultSopsFile = ../../secrets/sarek/edison.yaml;
+  sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
 
-  environment.variables = { EDITOR = "vim"; };
-  environment.systemPackages = with pkgs; [
-  ];
-
-  networking.firewall.allowedTCPPorts = [ 22 ];
+  virtualisation.docker.enable = true;
+  virtualisation.oci-containers.backend = "docker";
 
   system.stateVersion = "23.05";
 }

hosts/sarek/services/flame.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = "flame.home.feal.no";
+  host = "127.0.1.2";
+  port = "5005";
+in {
+   # Flame - Homelab dashboard/linktree
+   virtualisation.oci-containers.containers = {
+     flame = {
+       image = "pawelmalak/flame";
+       ports = [ "${host}:${port}:5005" ];
+       volumes = [
+         "/var/lib/flame/data:/app/data/"
+       ];
+     };
+   };
+
+   services.nginx.virtualHosts."${domain}" = {
+     locations."/" = {
+       proxyPass = "http://${host}:${port}";
+     };
+   };
+ }
+

hosts/sarek/services/nginx.nix

@@ -0,0 +1,19 @@
+{ config, values, ... }:
+{
+  services.nginx = {
+    enable = true;
+    enableReload = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  /* security.acme = { */
+  /*   acceptTerms = true; */
+  /*   email = "felix@albrigtsen.it"; */
+  /* }; */
+}