From 926884f6bf9c1183254a60e5de692de10156db93 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Mon, 5 May 2025 22:11:11 +0200
Subject: [PATCH] feat(servers): add loki, the tricker.

---
 flake.nix                        |  20 ++++++++++++
 hosts/loki/configuration.nix     |  27 ++++++++++++++++
 hosts/loki/disk-config.nix       |  54 +++++++++++++++++++++++++++++++
 modules/servers/loki/default.nix |   5 +++
 modules/servers/loki/rimgo.nix   |  26 +++++++++++++++
 secrets/secrets.nix              |   3 +-
 secrets/traefik.age              | Bin 499 -> 609 bytes
 secrets/wg-desktop.age           | Bin 675 -> 785 bytes
 secrets/wg-heimdall.age          | Bin 876 -> 986 bytes
 9 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 hosts/loki/configuration.nix
 create mode 100644 hosts/loki/disk-config.nix
 create mode 100644 modules/servers/loki/default.nix
 create mode 100644 modules/servers/loki/rimgo.nix

diff --git a/flake.nix b/flake.nix
index 2de254e..281a08d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,6 +107,15 @@
           path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
         };
       };
+
+      loki = {
+        hostname = "loki";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki;
+        };
+      };
     };
 
     homeConfigurations = {
@@ -162,6 +171,17 @@
         ];
       };
 
+      loki = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/loki/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/loki
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [
diff --git a/hosts/loki/configuration.nix b/hosts/loki/configuration.nix
new file mode 100644
index 0000000..dfdd076
--- /dev/null
+++ b/hosts/loki/configuration.nix
@@ -0,0 +1,27 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "loki";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/loki/disk-config.nix b/hosts/loki/disk-config.nix
new file mode 100644
index 0000000..ff82562
--- /dev/null
+++ b/hosts/loki/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/vda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/servers/loki/default.nix b/modules/servers/loki/default.nix
new file mode 100644
index 0000000..c043cd8
--- /dev/null
+++ b/modules/servers/loki/default.nix
@@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./rimgo.nix
+  ];
+}
diff --git a/modules/servers/loki/rimgo.nix b/modules/servers/loki/rimgo.nix
new file mode 100644
index 0000000..82787c4
--- /dev/null
+++ b/modules/servers/loki/rimgo.nix
@@ -0,0 +1,26 @@
+{...}: {
+  services.rimgo = {
+    enable = true;
+    settings = {
+      PORT = 3000;
+      ADDRESS = "127.0.0.1";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.rimgo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3000";
+      }
+    ];
+
+    routers.rimgo = {
+      rule = "Host(`rimgo.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "rimgo";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 33dcced..16ceaf6 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,6 +1,7 @@
 let
   # SYSTEMS
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
+  loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -8,7 +9,7 @@ let
   users = [
     root
   ];
-  systems = [heimdall];
+  systems = [heimdall loki];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
diff --git a/secrets/traefik.age b/secrets/traefik.age
index 75660d9bea0a0146d4622a64dfe7e8688840046b..adffe366b9e0f790fa434d951fb1fa86b23e5b8b 100644
GIT binary patch
delta 576
zcmey&{E%gWPJK>9aZtLaYide(fon){db)+Lmv2~JiHS#QhGV*sMX-lip+!c9kG^l9
zE0=3lR!~8Cu4$2<V`_v?u48e4wvTCkP+(42WOAlyp=UsTNtHomak6EiE0?aFLUD11
zZfc5=si~o*f|+(kU_qcla7IM1TUnaBrBjl3scS)YdVO|EN@7(-U`dvlV_0f|MWKI1
zRH1Q*Ns6HfS59J<MYgFyXi|#1ua}{>K}u?-qkCw1VPR2DnTe5qcABAKsY{BfbD2{l
zx^-zO`cXcC3Wc6YCPft?7DYzI{yy2orHSVHKADygIThO8QC^PvZoZcFzRBUG8OcE&
zo?On_+Tq@whVG6=g<kp|1!-BX?p`7JMi~_)Ip+D!CSgH7*`7hk$>ttjj$FFBx(c~I
z;bjKtxfXtwj_IY&;dvER6&}IP8U99DS!R_6$&UI#K`w4pAtss5j$Dy8KV&%#O-m<h
z94-F4*YaR;lE$UpZy!`t>u2taDm9fl(CXa2L|sg3{<}MpYfjdFd;5y-&ao8h-4oic
zrLdf>lQCLs_0PQdS5WimxJj02vqF3Wed?K5rBj5iJ~DsaV{bG0-46-bRKu>lPVIW<
z><#9)%PL)c6_>`tdw0sq?~2~5R*JWJHBb2ZX?8{Z(m5|4EV#Tj%Su?E?SHzZ-kp|o
zm8gxYUg+<xmv|{y;8nS5O`>^Lf}?#=Qd$tNa(?ti?OjL8^_DF*2yt4m+CceQ&2v@h
Hxl;824B6N3

delta 445
zcmV;u0Yd)a1oH!sELT`DX=h_YF?VxPYjtBVaBea|NmD~^crjE)PEa&MP)lb>T1|Fp
zcUgICSqei~azjH*WOOk>HEBy(MRG|&HFRTdI8<#hNKiIza8zVAL^O0mPij<UYmxC6
ze_AtmM@3p}dMk5tZ9z0db4W2(cy(HCGi72!ZErL;MOj2ESz{|hYi>eO3PWaBOK5s9
zWmPy+dNXKYO?F~&GC@N_FfcJxN=bJ`P)lw|WMfV%T6Ab*3N0-yAara`Hdk>uYhq+H
zX;@G%Oh{2NSz}jeWJ*n8Q%HDmVK!||e={>vRcLi)ZwjXv>(h*0d$1P$M&KEiL)`#K
zf=hi~tHu?aP4~dX(m_Zsky@KMlCZP`BTD`JuKXby!Q-_WbRrWML=`%IRKs+u$O$>)
z0XXu6p;jz_dF3Ct+QL*>)N!w+w%g!YV@FMzT8aOEx<B)6n;$CZjSoEqTup3hTb2Zi
zr2$lq=F9LCf!VK*h!ytk$~!2V>Fm2510>W1Jj#HJr3J*$=t=Rj(&#JX1^~bpB%nMM
ncOOS8%l2w>T%6<O<K8%q+9%g3q+bzSBcT5yfB%CmB*#1wyMMHs

diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index bb91178822d4cd9682a07910398beaa656827dce..a1cadec6032d8015ccf5f40ee44682fda37bc644 100644
GIT binary patch
delta 753
zcmV<N0uKG71(61jEPr!mX=ZXqS~f;Dc{5luWH(k)Q&dD%HE>L8S~O!yYezz5OK(9j
zMKEf2V+t!(ST$lWFm*Xea8YPZNJ%kdHD_-{NpX60XKpqzPeeyVVrW5jcWO#VZwf6w
zAaiqQEoEdfH8n9gAT}##QE*WpM`TP%Y*0aBT3S+7O;Iy&Nq<LhHd${mGkRh|Z9#TL
zZ+2NWNHQ~3b2d|V3Q8||cWgmZbwfEwXLv_=PC;ciMN2O=aBetNQ)yL5O=&YLZaH}?
zGeuKH3N1b$b8~1dWn?lnH8D9LW@Il~Oi>_ARB1tBa%Oc@VL?xFMk_U1Y(r{SYEWTg
zQ87n(S6OFDR)1<wb!=r)M@TRVaaedcP-!=MIaqTuXiG~{RBu#ELP}&vOJrF%OiW=<
zYeZsMbZ1y&S!-1aEiEk|Vk=c;WocP;ab#<1ZAM99SV2c~SY<IpXGm{Zc651aRcSFc
zW@m3mL3vpUr3F1+M*t63q3&L?sh25j${#PCFiYq}(SKhB?{SYb1bP(H(5=TfUzX?)
z3@4ZbO4u_1=Qcq&G9_t%Lgw@^c0q+F$O<aaPAwX|K~kE3Mc0e{dm+gH+-Q<hI}M1S
zaG%lLWV3U1yd{~iz+CqKdCYnA)&I<w4{QTA^DardD7o$rgQi_=sA0^@Z^^eIG-6-r
z&1uVV+JAk8Ooc>CKa?&J=KLbS>(o+Elbft~syE9W^dirzNJ^*6O3wUXsS_lJ&lY}}
zUUkO6mNqXz>G_x<2^g?FkfWW?_>6ekzKh`YNtT78L6Y(y+c&M!I4OJv9g%(Dj0tsq
z+e}_kB|HrY<v6p>bQ|>)QbxyR;Zf|Y;I}Zz1!|qvSa?<SqY1z<u)&C_c_mn^Chpm`
zpd@*rob({)=2k(Uk4If|xtW-to(HdZRlB!{tFGIiDvkC0Ohd;Q?}4gr;W|<)cSIP8
jO*Tiw!MQ~*A8<@h?EZe?%ux};BQ=w03B751C@Xkw^cgdl

delta 623
zcmV-#0+9WY2BQU#ELTu%QF%ryWOq+Tb9h2*IYVMNW>7&!GIM%kH8@asLPSwnQAklp
zYHBl7ZwfR@LohFRb!k;AXi-vkGD=W4MlV5PQBpT$cTRa{R7qo5L~=PfYf@5kNs;jv
ze|UOkQ+Y#oX>Bn>M0ZmwMQLzsbxLz^Hc&=UVQ@7=K|xk=V@7IYZE-Sp3NdyzL|RQw
zL^D!VcsOENOipEIMniRMNj7vgSxQ%9H&QV)FmE+kbxKZm3N0-yAZJuEO?gB?azROW
zb}vL?X<<-KWpiS5NNPe-PeX7uHA{3>e^@bNQD#+6Q3?&phO&va{9q-1eO~uaoQh;(
z3&UEp$#eA$7$#|-rv5XBlrH!UQOA^X>SJ^@KP+3IF;G%*fRVerF#If66lY<17=%bl
z9PSXh=wi?Cg>-b&;134cWqJlw0c^ozHs`Xy@ahfEuFc1^_<GYQY2mQ#Q8@6Cf9F0R
zGxY~Klig4+8FNdA!#<(ygwaXPuaRgQky2^1qe{J@d}Jd}JU7lxniSLH<srb^-(4$b
z!L2%?xVulGdi()xIH1+<lE8>dzeb7di|?vTb}hhjzh)&Z>u2(M;QuGa){{3#K4Y^A
zC9WTG;Lw`3^+cRYA*uY=M(25de+Y^HkRfGz@bs5jX)sj1US=?Kaf1w3Y)LLQ=Cq`;
zLOTj0IT~IL{|9195{UIgVZS{g`iQyag)72tZ}uS+<`0+(t}&pL)m*T_hcW9*BP(Gv
zeI{w>@jaI(QO5DEaK(&pf3gE_7$>4K%TO-K;P290HaC1`G|je`kS~CK4a|ikwLgU>
JL*hS6{ioWg4BP+!

diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age
index 1dbfa81c8a001d87714e5c59dd686a7c3e44403c..3af4512a715cff5202e0be90dcb283d6d8c58999 100644
GIT binary patch
delta 956
zcmV;t14I1m2HFRZEPqrpHfc?5V=G}zL0WZgRc1*;SZ#GobyYV`VlQfMH!*8iN=Gzm
zVlZekFbXy_Sv62iRzp-{b7VAAWO8MCI7VkUQCe9+H%2iyXmVCmXlzt%Y(#HqK?*HC
zAaiqQEoEdfH8n9gAT}##QE*WpVNGvvbZ2X6Mn^L*XGLjAZGSaLPEmJjGG%yZcraN~
zVR~(0I96$THaRmv3QKE4S~FxwPeU_BSU5y0SW`GvcVRDCMPf}(Zboo-bV6E9Z+Cb(
zSu`~;3N1b$b8~1dWn?lnH8D9LW@Il~Oi>_5Q#nXCQDHZ1GD>nZWKvK<dO~zBOm$W-
zVN7~yLRf8ZD}PCPH+fV@Lo+Z6H#lTgWkzgdOl&n%LwZAcRaP%bXJu|?YgI*RV{|rG
zcrsW~Nl-CDcSC0iEiEk|PD@f&Sao@5GeI{_b2(IOLo;!0dR9R>M{rX$a#e6?bU|Zp
zLN97jZ*MdTk~QMKn!@gHGn+1%zM@&4{m9Q=R7X&#QGZ%goX45lY@f87E*)OGaE(lS
z%_wl)Ji5T!7h|)IBLe8&V;UGy`%;*ePP2K*JyTd9UiK9%l3vBxMx9$k@o2*d(djSW
zBJ=PC<rns^3FKN9#9_@zk1FJ=sqXAZ3GmWl$*y_A8HekX+RlyN`6q}XetMh8`1E)0
zjmMH8P=82c!B!)Urixwc82pQT=y<0;6tnHHVa>VqJHDEo9-hCVz;NpG%$S~DptJ%R
z5blADCE7tg91TF`pjlanFRfoQpkp#hnR|GVK(Em1r_XTJE)R3AMi_e)o&^kf$&<<3
zlouH!1(EPW8urZsaqEh8X%))`H@Ep$|2{>ES$_ftXOG09&XyRkN1KP=%o++yrav$$
z(G*2%f*Ak&F+Y@_94b#UCS@9<oeTYfcCx1!p|+O}pDsPQ?hH+`@{!royXDwBKN14*
zU~W<b=o|gPDO7dB-x^h)-i&w}l?q{EHSu_Q5Y>2AHGl49bUcn;^jly)`hPz6bCnU6
z@_&P=upel5VO%hwuMfH-<|jtxFaVq+dMU$*PqaUp40=&jHHB(jA;^X%rob{th;950
zRXO$RL?NzRznHh_;0}oH<Xcoyxn)KY+xGb_*v@~3%H)lz%A;~!{9^?4M(FT>I~26Q
z6Z>LDDhYHW$<pv*A285i$B`mQ>`JSx#Wm+Xuzu!E0oJRq`sDa7=FKg6N|_VTKL$*p
e=dAQSg}_#pGgz62SIgZ}-fjNps<qTuQ&^vzM4s^g

delta 825
zcmV-91IGN?2kZurELT%=PB2YNR#rt%L~$!Md0J*dW@~0fbxl@kHghyFMlv&GI8tmj
zb~$fsa|&TlGH*pNK~i~UZB004Mnh67Wmj23WH(S&S2s3zWJh>0S2j0uYdCCDcaiZI
ze@kIkNMUVlX>MptGelxRQ*&l9aamYsFj+}NNH277Xhd{zNmfs8Y(r5=3TsSdXLMyy
zM{YqgZ#6P(c}i+zX>M;~S#w1(FLhaBN?KAyLQG~kSTcHJ3N0-yAX0Tjb7M$iG<14&
za79K?H+EueNntQ*PjgdKFi=84S2%ZXe{wiyM`TV+I11%4AnHZWkP4|j`WP~SnBS7l
zO2o&&YQMtj{ey^Bs6Z@fPvr;24cpAMwYGPeQNNMkfish&^SpjfFwkHRt9hjg_a>|n
zU#1t@M(^7LSDiWevd7+BK9Yaw4|po3Lit3%&cS5Tk=AoJ5&FF_(c8pw%klGve>Tdc
z($?SBbpWb{NH+TF2EO@Z*&WtRf40O-0~PBe`|@n$ADBn4QP%jTUPTl;kd^0}E7KAS
z&ZRys?uN`ghDU@PUoiolL`z9VzoO{L)Dg+k7jGcBDSiXWo6Zs@f}oc8G+g_j0D((i
zk&Up(a*Pvg3QA1Waei<_3zk#~f92yGqUrT8;(>bd`grp`uN-HL#|G8(F2Eag(x~ux
zWvbU#l>KXB!K9Q=pHx<^uw>yPRm!P0q+_72Jwgu^+pn`NSoDf;y^NGo^AkxdR*?LV
zU6=8CcEa_X(KA=rfvb~67u1;#k3${Pa_t&_>E~qK4f}zK0-tJ_q?onWe|+)G+{b|)
zOrNFy7<DS5@EgLm)cmN~H9|alx2-8pLzeInXM<>cIfRI?knt1HN_sD+n#TyCAO<&j
zZ4;eY_W*^i;RuCT>sJ889qkBSH<CuvW*$|OV(^DRIy}+`0R~G0I8q!AR+ki-KDX=r
ze0Q#J&1BRn>i%0DkNOAVSHP0~(ZxO*o#<58s-|v;G{!6#`rAyEOGL}7+84RrN`7Pw
zTn8kG|Ka>n;!;+u(qp5;dbB4j!}?-p*CEuXlcr1KzEkxP!VQg73$%prB%>mpH3qoA
D{5yUT