From 28c459868f7f27c135732615ebd3e65d60133d84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98ystein=20Tveit?= <oysteikt@pvv.ntnu.no>
Date: Sat, 11 Jan 2025 19:52:03 +0100
Subject: [PATCH] WIP

---
 flake.lock           | 21 ++++++++++
 flake.nix            |  6 +++
 modules/grzegorz.nix | 92 +++++++++++++++++++++++++++++++-------------
 3 files changed, 93 insertions(+), 26 deletions(-)

diff --git a/flake.lock b/flake.lock
index df6ce58..e33b9c0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,6 +20,26 @@
         "type": "github"
       }
     },
+    "gergle": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736621371,
+        "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
+        "ref": "refs/heads/main",
+        "rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
+        "revCount": 20,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
+      }
+    },
     "greg-ng": {
       "inputs": {
         "nixpkgs": [
@@ -192,6 +212,7 @@
     "root": {
       "inputs": {
         "disko": "disko",
+        "gergle": "gergle",
         "greg-ng": "greg-ng",
         "grzegorz-clients": "grzegorz-clients",
         "matrix-next": "matrix-next",
diff --git a/flake.nix b/flake.nix
index de6b27f..069c2fc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -25,6 +25,8 @@
 
     greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
     greg-ng.inputs.nixpkgs.follows = "nixpkgs";
+    gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git";
+    gergle.inputs.nixpkgs.follows = "nixpkgs";
     grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
     grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -124,19 +126,23 @@
       brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
         modules = [
           inputs.grzegorz-clients.nixosModules.grzegorz-webui
+          inputs.gergle.nixosModules.default
           inputs.greg-ng.nixosModules.default
         ];
         overlays = [
           inputs.greg-ng.overlays.default
+          inputs.gergle.overlays.default
         ];
       };
       georg = stableNixosConfig "georg" {
         modules = [
           inputs.grzegorz-clients.nixosModules.grzegorz-webui
+          inputs.gergle.nixosModules.default
           inputs.greg-ng.nixosModules.default
         ];
         overlays = [
           inputs.greg-ng.overlays.default
+          inputs.gergle.overlays.default
         ];
       };
     };
diff --git a/modules/grzegorz.nix b/modules/grzegorz.nix
index 230dc46..6bf0143 100644
--- a/modules/grzegorz.nix
+++ b/modules/grzegorz.nix
@@ -16,37 +16,77 @@ in {
     listenAddr = "localhost";
     listenPort = 42069;
     listenWebsocketPort = 42042;
-    hostName = "${config.networking.fqdn}";
-    apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api";
+    hostName = "georg-old.pvv.ntnu.no";
+    apiBase = "http://georg-backend.pvv.ntnu.no/api";
+  };
+
+  services.gergle = {
+    enable = true;
+    virtualHost = config.networking.fqdn;
   };
 
   services.nginx.enable = true;
-  services.nginx.virtualHosts."${config.networking.fqdn}" = {
-    forceSSL = true;
-    enableACME = true;
-    kTLS = true;
-    serverAliases = [
-      "${config.networking.hostName}.pvv.org"
-    ];
-    extraConfig = ''
-      allow 129.241.210.128/25;
-      allow 2001:700:300:1900::/64;
-      deny all;
-    '';
+  services.nginx.virtualHosts = {
+    ${config.networking.fqdn} = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${config.networking.hostName}.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+    };
 
-    locations."/" = {
-      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
+    "georg-backend.pvv.ntnu.no" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "georg-backend.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+        proxyWebsockets = true;
+      };
     };
-    # https://github.com/rawpython/remi/issues/216
-    locations."/websocket" = {
-      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
-      proxyWebsockets = true;
-    };
-    locations."/api" = {
-      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
-    };
-    locations."/docs" = {
-      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+
+    "georg-old.pvv.ntnu.no" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "georg-old.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
+      };
+      # https://github.com/rawpython/remi/issues/216
+      locations."/websocket" = {
+        proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
+        proxyWebsockets = true;
+      };
+      locations."/api" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+      };
+      locations."/docs" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+      };
     };
   };
 }