From c013c4323a43cd53c46519b8f4fe91a080e14686 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Wed, 25 Oct 2023 21:45:38 +0200
Subject: [PATCH 1/2] hosts/web-2: add install.nix.clerie.de

---
 hosts/web-2/configuration.nix |  1 +
 hosts/web-2/nix-install.nix   | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 hosts/web-2/nix-install.nix

diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix
index ecf3c11..2bf471f 100644
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@@ -18,6 +18,7 @@
       ./meow.nix
       ./milchinsel.nix
       ./mitel-ommclient2.nix
+      ./nix-install.nix
       ./ping.nix
       ./public.nix
       ./radicale.nix
diff --git a/hosts/web-2/nix-install.nix b/hosts/web-2/nix-install.nix
new file mode 100644
index 0000000..b5aa79e
--- /dev/null
+++ b/hosts/web-2/nix-install.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+
+let
+  install_script = pkgs.writeTextDir "web/install" ''
+    #!/usr/bin/env bash
+    set -euo pipefail
+
+    which nix 2>1 > /dev/null || { echo "nix command not found. Install nix and try again"; exit 1; }
+
+    nix --extra-experimental-features "nix-command" \
+      --substituters "https://nix-cache.clerie.de" \
+      --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \
+      copy --from "https://nix-cache.clerie.de" \
+      ${pkgs.nixfiles-auto-install}
+    ${pkgs.nixfiles-auto-install}/bin/nixfiles-auto-install
+  '';
+in {
+  services.nginx.virtualHosts = {
+    "install.nix.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        root = install_script + "/web/";
+        extraConfig = ''
+          index install;
+          types { } default_type "text/plain; charset=utf-8";
+        '';
+      };
+    };
+  };
+}

From 43335679edffc96dc9e05e264e59205d16449eb7 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 29 Oct 2023 20:06:30 +0100
Subject: [PATCH 2/2] hosts/astatine: add user criese-nethinks

---
 flake.nix                            |  3 +++
 hosts/astatine/configuration.nix     |  1 +
 hosts/astatine/users.nix             | 10 ++++++++++
 users/criese-nethinks/default.nix    | 10 ++++++++++
 users/criese-nethinks/ssh-criese.pub |  1 +
 5 files changed, 25 insertions(+)
 create mode 100644 hosts/astatine/users.nix
 create mode 100644 users/criese-nethinks/default.nix
 create mode 100644 users/criese-nethinks/ssh-criese.pub

diff --git a/flake.nix b/flake.nix
index 0bebde9..53bfe6a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,6 +37,9 @@
       astatine = {
         name = "astatine";
         group = "event";
+        modules = [
+          ./users/criese-nethinks
+        ];
       };
       backup-4 = { name = "backup-4"; };
       beryllium = {
diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix
index 831426f..b42c453 100644
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -6,6 +6,7 @@
       ./hardware-configuration.nix
 
       ./isa.nix
+      ./users.nix
     ];
 
   boot.kernelParams = [ "console=ttyS0,115200n8" ];
diff --git a/hosts/astatine/users.nix b/hosts/astatine/users.nix
new file mode 100644
index 0000000..3ccf4ad
--- /dev/null
+++ b/hosts/astatine/users.nix
@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  users.users.criese-nethinks = {
+    extraGroups = [
+      "wheel"
+    ];
+  };
+
+}
diff --git a/users/criese-nethinks/default.nix b/users/criese-nethinks/default.nix
new file mode 100644
index 0000000..ed4850f
--- /dev/null
+++ b/users/criese-nethinks/default.nix
@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  users.users.criese-nethinks = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ./ssh-criese.pub)
+    ];
+  };
+}
diff --git a/users/criese-nethinks/ssh-criese.pub b/users/criese-nethinks/ssh-criese.pub
new file mode 100644
index 0000000..6583f3c
--- /dev/null
+++ b/users/criese-nethinks/ssh-criese.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCXduKo8ZksOerEvN4y8SrMqz1G1B8Ibav7Jf1ELBNnQUEOBrRQFMDWgltPySEB0C4lq6rdkkIs6669PSmQp2KLW+aP1Ch/tvIv2mgWk7/XVbzUQgA8nDa2j9fHdiQ7dW7tE9ccgBsZlVX5VYHnq+P1Birkp6RJF+Wiizy6mvDEsHnSdI0INWX1+ffCjCwCRuxABxG3usqYZdSYIFQaFdw7wsz8sqXs8uEb57+y+ZTfZpZj7FnoN+sHZwBcCbCdhs50P/3Q3zsWeK66rXJC83mKCsVOGU0Ls9gslDNDBrAZhbBNOgUkbQmH8yuuAVUu807B7cR5jsK6NrfRwnnyBK1nAiKJNZU0Y8VPkhTsa1XYAxU91QGLtPbhnhBisCSMLD0Le/fOnU3I6dsKtg8sVwdL1jn/c6vU2t4lEi3Eczcc316OVH5+b+L7JuplDBQH8dN6PkxuYBEp9/zl77n7gIH/1MfhmDBZfkVHZX8NKM72QtSwgu4U/vgMsZ6fSDYM58E= criese