feat(tazjin/polyanka): deploy a tgsa instance r/3966

Change-Id: I8a32c093eb0ac8f6a0c3cfbb358d46d97d0c3b17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5469
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>

3 files changed, 30 insertions, 0 deletions

diff --git a/users/tazjin/nixos/modules/default.nix b/users/tazjin/nixos/modules/default.nix
new file mode 100644
index 0000000000..d747e8e131
--- /dev/null
+++ b/users/tazjin/nixos/modules/default.nix
@@ -0,0 +1,2 @@
+# Make readTree happy at this level.
+_: { }
diff --git a/users/tazjin/nixos/modules/tgsa.nix b/users/tazjin/nixos/modules/tgsa.nix
new file mode 100644
index 0000000000..82b2bec44a
--- /dev/null
+++ b/users/tazjin/nixos/modules/tgsa.nix
@@ -0,0 +1,24 @@
+{ config, depot, lib, pkgs, ... }:
+
+{
+  systemd.services.tgsa = {
+    description = "telegram -> SA bbcode thing";
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      DynamicUser = true;
+      Restart = "always";
+      ExecStart = "${depot.users.tazjin.tgsa}/bin/tgsa";
+    };
+  };
+
+  services.nginx.virtualHosts."tgsa" = {
+    serverName = "tgsa.tazj.in";
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      proxyPass = "http://localhost:8472";
+    };
+  };
+}
diff --git a/users/tazjin/nixos/polyanka/default.nix b/users/tazjin/nixos/polyanka/default.nix
index 7d25be1487..87a36408c0 100644
--- a/users/tazjin/nixos/polyanka/default.nix
+++ b/users/tazjin/nixos/polyanka/default.nix
@@ -7,10 +7,13 @@ _: # ignore readTree options
 
 let
   mod = name: depot.path + ("/ops/modules/" + name);
+  usermod = name: depot.path + ("/users/tazjin/nixos/modules/" + name);
 in
 {
   imports = [
     (mod "quassel.nix")
+    (mod "www/base.nix")
+    (usermod "tgsa.nix")
   ];
 
   # Use the GRUB 2 boot loader.
@@ -63,6 +66,7 @@ in
     defaultGateway6.address = "2a02:750:7:3305::1";
 
     firewall.enable = true;
+    firewall.allowedTCPPorts = [ 22 80 443 ];
 
     nameservers = [
       "79.99.4.100"