From 34622a05cbf2308e27f692efc8f3e04aa84b3942 Mon Sep 17 00:00:00 2001
From: William <baduhai@proton.me>
Date: Sat, 8 Nov 2025 21:47:16 -0300
Subject: [PATCH] Move forgejo from alexandria to trantor

Migrated forgejo service and configuration to trantor. Added nginx reverse
proxy support on trantor with ACME configuration for SSL certificates.

Fixed vaultwarden domain in shared services from vault.baduhai.dev to
pass.baduhai.dev to match actual nginx configuration.
---
 hosts/{alexandria => trantor}/forgejo.nix |  1 -
 hosts/trantor/nginx.nix                   | 50 +++++++++++++++++++++++
 shared/services.nix                       |  2 +-
 3 files changed, 51 insertions(+), 2 deletions(-)
 rename hosts/{alexandria => trantor}/forgejo.nix (96%)
 create mode 100644 hosts/trantor/nginx.nix

diff --git a/hosts/alexandria/forgejo.nix b/hosts/trantor/forgejo.nix
similarity index 96%
rename from hosts/alexandria/forgejo.nix
rename to hosts/trantor/forgejo.nix
index 909d1d1..c11573e 100644
--- a/hosts/alexandria/forgejo.nix
+++ b/hosts/trantor/forgejo.nix
@@ -28,7 +28,6 @@ in
   };
 
   services.nginx.virtualHosts = mkNginxVHosts {
-    acmeHost = "baduhai.dev";
     domains."git.baduhai.dev".locations."/".proxyPass =
       "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
   };
diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix
new file mode 100644
index 0000000..6879bfc
--- /dev/null
+++ b/hosts/trantor/nginx.nix
@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+
+let
+  utils = import ../../utils.nix { inherit inputs lib; };
+  inherit (utils) mkNginxVHosts;
+in
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "baduhai@proton.me";
+      dnsResolver = "1.1.1.1:53";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.cloudflare.path;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "_" = {
+        default = true;
+        locations."/".return = "444";
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  age.secrets.cloudflare = {
+    file = ../../secrets/cloudflare.age;
+    owner = "nginx";
+    group = "nginx";
+  };
+}
diff --git a/shared/services.nix b/shared/services.nix
index f55e4d2..fd4e440 100644
--- a/shared/services.nix
+++ b/shared/services.nix
@@ -6,7 +6,7 @@
   services = [
     {
       name = "vaultwarden";
-      domain = "vault.baduhai.dev";
+      domain = "pass.baduhai.dev";
       host = "alexandria";
       lanIP = "192.168.15.142";
       tailscaleIP = "100.76.19.50";