From a17791658a40133560c0958e8f080cdf6aba08fb Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Tue, 14 Nov 2023 16:12:48 +0100
Subject: [PATCH] catering WIP

---
 machines/catering/configuration.nix          | 123 +++++++++++++++++++
 machines/catering/hardware-configuration.nix |  54 ++++++++
 machines/default.nix                         |   5 +
 3 files changed, 182 insertions(+)
 create mode 100644 machines/catering/configuration.nix
 create mode 100644 machines/catering/hardware-configuration.nix

diff --git a/machines/catering/configuration.nix b/machines/catering/configuration.nix
new file mode 100644
index 0000000..9b28560
--- /dev/null
+++ b/machines/catering/configuration.nix
@@ -0,0 +1,123 @@
+# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules
+  ];
+
+  sbruder = {
+    nginx.hardening.enable = true;
+    full = false;
+  };
+
+  networking.hostName = "catering";
+
+  system.stateVersion = "23.05";
+
+  services.nginx = {
+    enable = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "catering.salespointframework.org" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:8080";
+            extraConfig = ''
+              sub_filter '</script>' '</script><script src="/dev.js"></script>';
+              sub_filter_once on;
+            '';
+          };
+          "= /dev.js".alias = pkgs.writeText "dev.js" ''
+            addEventListener("load", event => {
+              document.querySelector("footer").appendChild((() => {
+                let el = document.createElement("p")
+                el.classList.add("text-center", "fw-bold")
+                el.innerText = "Alle Angebot sind fiktiv!"
+                return el
+              })())
+
+              if (localStorage.getItem("devAck") !== "true") {
+                if (confirm("Alle hier präsentierten Angebote sind fiktiv, es können keine rechtsverbindlichen Verträge geschlossen werden. Mit dem Fortfahren bestätigen Sie, dies verstanden zu haben.")) {
+                  localStorage.setItem("devAck", "true")
+                } else {
+                  location = "about:blank"
+                }
+              }
+            })
+          '';
+        };
+      };
+
+      "www.mampf.shop" = {
+        forceSSL = true;
+        enableACME = true;
+        globalRedirect = "catering.salespointframework.org";
+      };
+
+      "mampf.shop" = {
+        forceSSL = true;
+        enableACME = true;
+        globalRedirect = "catering.salespointframework.org";
+      };
+
+      "presi.catering.salespointframework.org" = {
+        enableACME = true;
+        forceSSL = true;
+
+        root = "/var/www/presi.catering.salespointframework.org";
+
+        locations."/".tryFiles = "/main.pdf =404";
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/www/presi.catering.salespointframework.org 0755 catering catering - -"
+  ];
+
+  users.users.catering = {
+    isSystemUser = true;
+    group = "catering";
+    useDefaultShell = true;
+    home = "/var/lib/catering";
+    createHome = true;
+
+    openssh.authorizedKeys.keys = config.sbruder.pubkeys.trustedKeys;
+  };
+  users.groups.catering = { };
+
+  sbruder.static-webserver.vhosts = {
+    "salespointframework.org" = {
+      redirects = [ "www.salespointframework.org" "salespointframe.work" "www.salespointframe.work" ];
+      user = {
+        name = "salespoint";
+        keys = config.sbruder.pubkeys.trustedKeys;
+      };
+    };
+    "verkaufspunktrahmenwerk.de" = {
+      redirects = [ "www.verkaufspunktrahmenwerk.de" "verkaufspuntrahmenwerk.de" "www.verkaufspuntrahmenwerk.de" ];
+      user = {
+        name = "verkaufspunkt";
+        keys = config.sbruder.pubkeys.trustedKeys;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}
diff --git a/machines/catering/hardware-configuration.nix b/machines/catering/hardware-configuration.nix
new file mode 100644
index 0000000..e3b1a84
--- /dev/null
+++ b/machines/catering/hardware-configuration.nix
@@ -0,0 +1,54 @@
+# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  sbruder.machine.isVm = true;
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ];
+    };
+    loader = {
+      grub.enable = false;
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/c39bdb61-2e4c-464b-8c4c-bb6bb7f342a2";
+      fsType = "btrfs";
+      options = [ "compress=zstd" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/D976-BBAF";
+      fsType = "vfat";
+    };
+  };
+
+  networking.useDHCP = false;
+  networking.usePredictableInterfaceNames = false;
+  systemd.network = {
+    enable = true;
+    networks = {
+      eth0 = {
+        name = "eth0";
+        DHCP = "yes";
+        domains = [ "salespointframework.org" ];
+        address = [ "2a01:4f9:c011:9c01::1/64" ];
+        gateway = [ "fe80::1" ];
+      };
+    };
+  };
+
+  # no smart on qemu disk
+  services.smartd.enable = false;
+}
diff --git a/machines/default.nix b/machines/default.nix
index 34641e0..3e33657 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -76,4 +76,9 @@ in
 
     targetHost = "yuzuru.sbruder.de";
   };
+  catering = {
+    system = "aarch64-linux";
+
+    targetHost = "catering.salespointframework.org";
+  };
 }