From c5a440f8b243db2e6af5b864a926a7681b6477ed Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Wed, 18 Jan 2023 16:47:12 +0000
Subject: [PATCH] feat: stream server for ULFM May need to set up a reverse
 proxy once acme is set up

---
 flake.nix            |  3 ++
 machines/galatea.nix | 79 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 machines/galatea.nix

diff --git a/flake.nix b/flake.nix
index 5b13255..0ae489d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -95,6 +95,9 @@
       # wireguard
       ash = import ./machines/ash.nix;
 
+      # icecast - ULFM
+      galatea = import ./machines/galatea.nix;
+
 
     };
   };
diff --git a/machines/galatea.nix b/machines/galatea.nix
new file mode 100644
index 0000000..8ed31cb
--- /dev/null
+++ b/machines/galatea.nix
@@ -0,0 +1,79 @@
+/*
+
+  Name:     https://en.wikipedia.org/wiki/Galatea_(mythology)
+  Why:      Created as a product of artistic expression
+  Type:     VM
+  Hardware: -
+  From:     2023
+  Role:     Icecast server for ULFM
+  Notes:
+
+*/
+
+{ pkgs, lib, nodes, config, ... }:
+let
+  # name of the server, sets teh hostname and record for it
+  name      = "galatea";
+  ip_pub    = "193.1.99.111";
+  #ip_pub    = "192.168.1.157";
+  ip_priv   = "172.20.20.6";
+  # hostname  = "${name}.skynet.ie";
+  hostname  = ip_pub;
+
+  # dosent seem to be any otehr way to have it like read from a file
+  feck = "d9J4jDsJPuMPUMAAE4J4tH37HsmxEDze";
+in {
+  imports = [
+    # applications for this particular server
+    ../applications/firewall.nix
+    ../applications/dns.nix
+  ];
+
+  deployment = {
+    targetHost = hostname;
+    targetPort = 22;
+    targetUser = "root";
+  };
+
+  # these two are to be able to add the rules for firewall and dns
+  # open the firewall for this
+  skynet_firewall.forward = [
+    "ip saddr ${ip_pub} tcp dport 80 counter packets 0 bytes 0 accept"
+    "ip saddr ${ip_pub} tcp dport 443 counter packets 0 bytes 0 accept"
+    "ip saddr ${ip_pub} tcp dport 8000 counter packets 0 bytes 0 accept"
+  ];
+
+  skynet_dns.records = {
+    external = [
+      "${name}       A       ${ip_pub}"
+    ];
+    cname = [
+      # this is also the stream server
+      "stream           CNAME   ${name}"
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    22
+    80
+    443
+    8000
+  ];
+
+  age.secrets.icecast = {
+    file = ../secrets/icecast.age;
+  };
+
+  # config for icecast is smol so can have it in this
+  services.icecast = {
+    enable = true;
+    hostname = hostname;
+
+    admin = {
+      user = "admin";
+      password = feck;
+    };
+
+  };
+
+}