feat: Gonna use the space left behind Optimus to test this out

Relates to #76

applications/restic.nix

@@ -83,6 +83,9 @@ with lib; let
   ));
 in {
   imports = [
+    ./dns.nix
+    ./nginx.nix
+    ./acme.nix
   ];
 
   # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
@@ -142,6 +145,20 @@ in {
         default = false;
       };
     };
+
+    nuked = {
+      enable = mkEnableOption "Nuked Backup server";
+
+      port = mkOption {
+        type = types.port;
+        default = 8765;
+      };
+
+      appendOnly = mkOption {
+        type = types.bool;
+        default = false;
+      };
+    };
   };
 
   config = mkMerge [
@@ -195,5 +212,58 @@ in {
         }
       ];
     })
+
+    # restic -r rest:https://skynet:testing@nuked.skynet.ie/ init
+    (mkIf cfg.nuked.enable {
+      assertions = [
+        {
+          assertion = !cfg.server.enable;
+          message = "Our backup and Nuked backup cannot co-exist";
+        }
+      ];
+
+      services.skynet.acme.domains = [
+        "nuked.skynet.ie"
+      ];
+
+      services.skynet.dns.records = [
+        {
+          record = "nuked";
+          r_type = "CNAME";
+          value = config.services.skynet.host.name;
+        }
+      ];
+
+      services.nginx.virtualHosts = {
+        "nuked.skynet.ie" = {
+          forceSSL = true;
+          useACMEHost = "skynet";
+          locations."/" = {
+            proxyPass = "http://${config.services.restic.server.listenAddress}";
+            proxyWebsockets = true;
+          };
+        };
+      };
+
+      networking.firewall.allowedTCPPorts = [
+        cfg.nuked.port
+      ];
+
+      age.secrets.restic_pw = {
+        file = ../secrets/backup/nuked.age;
+        path = "${config.services.restic.server.dataDir}/.htpasswd";
+        symlink = false;
+        mode = "770";
+        owner = "restic";
+        group = "restic";
+      };
+
+      services.restic.server = {
+        enable = true;
+        listenAddress = "${config.services.skynet.host.ip}:${toString cfg.server.port}";
+        appendOnly = cfg.nuked.appendOnly;
+        privateRepos = true;
+      };
+    })
   ];
 }

flake.nix

@@ -164,6 +164,8 @@
 
       # Public Services
       calculon = import ./machines/calculon.nix;
+
+      deepthought = import ./machines/deepthought.nix;
     };
   };
 }

machines/deepthought.nix

@@ -0,0 +1,42 @@
+/*
+
+Name:     https://hitchhikers.fandom.com/wiki/Deep_Thought
+Why:      Our home(page)
+Type:     VM
+Hardware: -
+From:     2023
+Role:     Public Backup
+Notes:
+*/
+{
+  pkgs,
+  lib,
+  nodes,
+  inputs,
+  ...
+}: let
+  name = "deepthought";
+  ip_pub = "193.1.99.112";
+  hostname = "${name}.skynet.ie";
+  host = {
+    ip = ip_pub;
+    name = name;
+    hostname = hostname;
+  };
+in {
+  imports = [
+  ];
+
+  deployment = {
+    targetHost = ip_pub;
+    targetPort = 22;
+    targetUser = null;
+
+    tags = ["active-core"];
+  };
+
+  services.skynet = {
+    host = host;
+    backup.nuked.enable = true;
+  };
+}

secrets/secrets.nix

@@ -109,6 +109,10 @@ let
   bitwarden = [
     kitt
   ];
+
+  nuked = [
+    optimus
+  ];
 in {
   # nix run github:ryantm/agenix -- -e secret1.age
 
@@ -136,6 +140,7 @@ in {
   # everyone has access to this
   "backup/restic.age".publicKeys = users ++ systems;
   "backup/restic_pw.age".publicKeys = users ++ restic;
+  "backup/nuked.age".publicKeys = users ++ nuked;
 
   # discord bot and discord
   "discord/ldap.age".publicKeys = users ++ ldap ++ discord;