From 926884f6bf9c1183254a60e5de692de10156db93 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Mon, 5 May 2025 22:11:11 +0200
Subject: [PATCH] feat(servers): add loki, the tricker.

---
 flake.nix                        |  20 ++++++++++++
 hosts/loki/configuration.nix     |  27 ++++++++++++++++
 hosts/loki/disk-config.nix       |  54 +++++++++++++++++++++++++++++++
 modules/servers/loki/default.nix |   5 +++
 modules/servers/loki/rimgo.nix   |  26 +++++++++++++++
 secrets/secrets.nix              |   3 +-
 secrets/traefik.age              | Bin 499 -> 609 bytes
 secrets/wg-desktop.age           | Bin 675 -> 785 bytes
 secrets/wg-heimdall.age          | Bin 876 -> 986 bytes
 9 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 hosts/loki/configuration.nix
 create mode 100644 hosts/loki/disk-config.nix
 create mode 100644 modules/servers/loki/default.nix
 create mode 100644 modules/servers/loki/rimgo.nix

diff --git a/flake.nix b/flake.nix
index 2de254e..281a08d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,6 +107,15 @@
           path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
         };
       };
+
+      loki = {
+        hostname = "loki";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki;
+        };
+      };
     };
 
     homeConfigurations = {
@@ -162,6 +171,17 @@
         ];
       };
 
+      loki = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/loki/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/loki
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [
diff --git a/hosts/loki/configuration.nix b/hosts/loki/configuration.nix
new file mode 100644
index 0000000..dfdd076
--- /dev/null
+++ b/hosts/loki/configuration.nix
@@ -0,0 +1,27 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "loki";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/loki/disk-config.nix b/hosts/loki/disk-config.nix
new file mode 100644
index 0000000..ff82562
--- /dev/null
+++ b/hosts/loki/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/vda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/servers/loki/default.nix b/modules/servers/loki/default.nix
new file mode 100644
index 0000000..c043cd8
--- /dev/null
+++ b/modules/servers/loki/default.nix
@@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./rimgo.nix
+  ];
+}
diff --git a/modules/servers/loki/rimgo.nix b/modules/servers/loki/rimgo.nix
new file mode 100644
index 0000000..82787c4
--- /dev/null
+++ b/modules/servers/loki/rimgo.nix
@@ -0,0 +1,26 @@
+{...}: {
+  services.rimgo = {
+    enable = true;
+    settings = {
+      PORT = 3000;
+      ADDRESS = "127.0.0.1";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.rimgo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3000";
+      }
+    ];
+
+    routers.rimgo = {
+      rule = "Host(`rimgo.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "rimgo";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 33dcced..16ceaf6 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,6 +1,7 @@
 let
   # SYSTEMS
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
+  loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -8,7 +9,7 @@ let
   users = [
     root
   ];
-  systems = [heimdall];
+  systems = [heimdall loki];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
diff --git a/secrets/traefik.age b/secrets/traefik.age
index 75660d9bea0a0146d4622a64dfe7e8688840046b..adffe366b9e0f790fa434d951fb1fa86b23e5b8b 100644
GIT binary patch
delta 576
zcmey&{E%gWPJK>9aZtLaYide(fon){db)+Lmv2~JiHS#QhGV*sMX-lip+!c9kG^l9
zE0=3lR!~8Cu4$2<V`_v?u48e4wvTCkP+(42WOAlyp=UsTNtHomak6EiE0?aFLUD11
zZfc5=si~o*f|+(kU_qcla7IM1TUnaBrBjl3scS)YdVO|EN@7(-U`dvlV_0f|MWKI1
zRH1Q*Ns6HfS59J<MYgFyXi|#1ua}{>K}u?-qkCw1VPR2DnTe5qcABAKsY{BfbD2{l
zx^-zO`cXcC3Wc6YCPft?7DYzI{yy2orHSVHKADygIThO8QC^PvZoZcFzRBUG8OcE&
zo?On_+Tq@whVG6=g<kp|1!-BX?p`7JMi~_)Ip+D!CSgH7*`7hk$>ttjj$FFBx(c~I
z;bjKtxfXtwj_IY&;dvER6&}IP8U99DS!R_6$&UI#K`w4pAtss5j$Dy8KV&%#O-m<h
z94-F4*YaR;lE$UpZy!`t>u2taDm9fl(CXa2L|sg3{<}MpYfjdFd;5y-&ao8h-4oic
zrLdf>lQCLs_0PQdS5WimxJj02vqF3Wed?K5rBj5iJ~DsaV{bG0-46-bRKu>lPVIW<
z><#9)%PL)c6_>`tdw0sq?~2~5R*JWJHBb2ZX?8{Z(m5|4EV#Tj%Su?E?SHzZ-kp|o
zm8gxYUg+<xmv|{y;8nS5O`>^Lf}?#=Qd$tNa(?ti?OjL8^_DF*2yt4m+CceQ&2v@h
Hxl;824B6N3

delta 445
zcmaFJ@|k&pPI!c2W_q%-VR>;-c4@LfL7tJLXRvc#g<*)BUx0~ofOon_ly6y9d1Pfy
zB$snUk+ZW;N{OMPX{L9iYmuj;X-RUvMM$opM}S#gK}d?3i%E&Ie^y9p_Qa3k^-;zZ
z?ygZeRocbHxsE0-#U6%X6{S&m#;Hlpx%npMu8}U<k;&T5*?CTZT+V6X-WgQ}si79Z
zRmK^KzGX>;Mvl(T1_p*9UY_Ny0p58YDan4?Q6(A4T)Mit3MD!IX5odF*-0rTnGpf{
zJ|2OFk;&niDPF#b!5$TbiDtRJ^~T1*p&6xV`CQ8-USIBstKJ~?*X@DiH0Qev9!=i0
zajTDs&hh<z;OHes5B-Tzvn?lW*ut#r_4m)ZKZ;TZA8(Z^Q4$t+5w)rdIb5>(1gGU=
zMvG4^3&V68Dxb>lxOFHb@=D?QrQ2>lh)j0(ofXyjzkZkf=iJ%yS}%I}ZCPV{bF!kR
zv2-tG4C#Az`h#%e&Gr2qqTk+~veuaW^385pW|b?fHm4f8m$DwY@WS)s=1VWMpRh3;
w5La1XBU&!+u66obR&mUn$4?*Mv*^2}eqD1(ykLy-g8$0(|C@DHj@t+U0K0#*n*aa+

diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index bb91178822d4cd9682a07910398beaa656827dce..a1cadec6032d8015ccf5f40ee44682fda37bc644 100644
GIT binary patch
delta 753
zcmZ3?I+1OHPJMA&W?GSZl$o1ZrE!FDig{R2aEME&X@O66lu5Ezw!2fRcfO;ct3g(I
zGM9E}glUq2L8+x@L12cTho@nRX?nh^XJJ)odY+k~zl*y|Qifw$d6t()K9{bYLUD11
zZfc5=si~o*f|+(kU_qdQdy0=|PJm-lR8&x?Z=i93XT5uYS!BMUaaEF2u49>Nep#fM
zhmmn;u~~3AmzREJd5&Xnsk5a=dWCz1pJS@ItGB*sL7qiuaAv57Z>F(!o@J%Bv1_m^
zx^-zO`cXcC3O*s3j)_HSr6Gxq{zY!urcpW0S>ag$iOGS6?v>$@>0V*=S^lLtsX^`@
z23&;^6_x>+=2eyv#l{)l-a#SxA>K}2DIVS_krqBaiT>FxNs%S#5y_F+p<KGUx(Z3!
zp{c2vk)?$x*;%=6o{15T?!^(QhA!zI`H^KMm06*ghGuE$`5umykz7kzZR6Y-_`?^z
zi`%qvx@PVvdHuNt-Y;A(*2lBHFYGsAsS>$-VeN5?_-QW$c+_XGc-=5&cy8usVWgVb
z;PmW^L78K#`Ux(ri+;LNdmMvi)w^Er{#&hhlHpFqq+n~_js*qtFWybrTwJ<Gb>@Zx
zG2i}Io~itD_5Yda{5i~KpY=R<YwUc--@Gg~cSYiv)A=X2E1D$5zdW0Hy6{$gZL3eK
zi?{t0J;7&xln%VU5)?3b_L_=S=BH)9D4k#J;kEp<*SS9lD}`0s&x_T~j4M5MV49h}
z<IA5jlsF|e*iKkH_xz8Zid*}-AAIwi*1E`X(kF%6=4&rmXx6aFPON><!&zE)+b1qa
z)rObzsm11VCDLC-g4~X$J`8-b=D~J@ldM^DuSHaZeqGFYz;MICj+K?F5o^@m-Q2c7
zrE=k%FAC3}g*ndecaJUJIdjH>dF<;eLU(WPSiSD{0<GS!e|(&eOT2GfmG{spNW0uc
nqSM#R{m8+cuKMx?KK^h1)jd2DD0o=ebaE!=-ppzZ?TS1A^cgdl

delta 623
zcmbQpwwQH-PIy3WV5OUOO1Zy#afMTkrE`)+T7aXQQE^qWsYO7AlS^P^phuubR+e!{
zK9`A?vw?m^X=bQ)Mqp66kyn7Zo4#XGV32ugxnE^^h-Y%7OOd5zc2H2U=fscV^%YfV
z!IjSCnYo6}F6F`6u9*cnrC!AaW&v)2i3O(4j*el4$!=N6xrIjMT!v+4E>XUIF2+Hj
z6&6X6K7Og`ZqB7So@OOxkzV1+=0S!g2KlCurCxsJT)Mit3h5z6zLhSHMUI{oW%@2j
znTY{@sl`bp9$8L7{>}xarrsrC^$~{2foY+Bfn2<&+BS7=`;(wrR~z>|U`|&`68GV#
zEhme=@=B;>&R_P=xP6M=58lAzQ;J_Dmzdh?L@zK52r6utxO<PmADwWK^u$Vu77s6(
zcLKX!B%S}zT2gZP0YBTV)GD?R#+-x6X3sYr`0$GN{JOKpxBRHOtdaR}!`ncM4-@O3
z+bI}-Ww)GsH$Y#q*t`9(-NLsm7d_9dpO_&%F(`BMVz0dmYf_Z`ZOqU4%@Vo%_^IN7
z+xKI&(+{q-TC`)g|H7(2jJXyIuD+jipu>B=Tj!hZ_p5x$bPp8oPgB)>o&Krn!GHB*
z*Cv~L*d=e~Qe7us^x(p*ZC_pHcq^{_bKUKEWqmzI=l=<csns98OpnSm2-zE#W>8Yt
z%oCpDsb}_V%aTn_)?CV#QgM9$*^|74I=;Fj?zdI^)v@zgtM;M1{BMdP&-iC>tutIO
z<!a1^gYAZ|y_K~SO={ILUwpKkt{!;o<GO;QJq7ifnDZsn7a5%n&^!6y{iPT)^O`i1
av)iUm&~K>YJ=3bP)xK5D`H{W%-{k<>sSMlz

diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age
index 1dbfa81c8a001d87714e5c59dd686a7c3e44403c..3af4512a715cff5202e0be90dcb283d6d8c58999 100644
GIT binary patch
delta 956
zcmaFEc8h(2PJM{6S*CApvUZ}cV^nEgXqu;UL~f~1X{fnhl73dcxnXvMm%B+;l0k;C
z0hgIcq-lU}m~%*Saf(TBN>OT+g<HBsU{s`|xtpOyMp0NuMovg>j!S-~BbTn7LUD11
zZfc5=si~o*f|+(kU_qclqHlgdNqTmso4c`ox@)FqZoR38UtoE*QEEj-g+XLcVpVRU
zMObE)nWeEKmv^>vlyQoOzq7GxgoTTCM6g9@d7^%#Ym%>Do?AhAiBptsetCsuq=~5k
zx^-zO`cXcC3hu#{9_E3G<~c@QMJ6dh0Zvs;CHg+4Vfu+aRhdo^xdqzwo>k_RAs)`g
z23+PADPgH@IVnClroqlt&Q+md`d;a&d1=|9u35<?X5ke^5rLiohEC<q>0G+Hx(a^Y
zL17W4l^Mp4=6=PNAvw;*g}GH>j+X8P!KOu_1(_v|$@xzDS%LZaCR~$DAMKlU=v}_?
zY`vNL7Ddkcd*Xath<m__!1}0=Imc(-&Y8buww`R<?t)&QnzI@OcWrhZxGkQ%xlftt
z#l2)HiNN1MGp6}%t~_ZQ9H9{RO;l%6+|iqEbE928W*p|c_)`DA(&rDXPsP8j=X??+
zb|mqvXTR2y)hpk<@!<S$De2_8%0rUvuczEP*L(k`dWTY7)$9{LzLdZ3Jw8bxpxz_-
zV3>06vaZ-S5`VgDUQ{f%7uo!FL*m(;U#<7enkzSN|Dpp0uRfodF)wbx7A8r7ca1%&
zw;b(ccpaWCh>YyeUmI_{Alb-kW_86xhxHd;Ek9pyRgb@Tots3p=sZ@Q%9E2%-ku^Z
zslqz(gR|7PvrL7ryGk=fPqUeC{~7+@&b2GDo{2rZ|Hz_q(<C;y&u+heMvBXOnZ1G5
zMG@ERCW-%l4DF}Pm(lV!R!fyyJeT`#Q`x5F5(~FY=bNu*yYn57@1{=^Z(iR0^oF&)
z5Yxwmydahr(ti(XhLj$<FBLlfUQdP8RIbD%(~lKZ0#_@-OzYpJme};geTh!6`&DoE
zy?CnNv`_WTD>ukzlqbd*EL_jOOZl0)+cN`(IVx3}hdcbY*w5mr3Jf)E&5Bh#(WbWS
zfRRT>?jPPz%df9p6xYS<pRxVr1HO)TPohJDcBZ-s-TwAd_r|&Uwo^}fSDjj16#FNc
z<%`>k4-M8LTMh{SPIA-YEKxpr=|hsd!G*-*6O}yQc&%Q0)bzRChPr3IjMr9g`1Rz6
v-m|m1m0mN2FW9sBEPTG^i*4(HuxZ8-Guy*Y-wnE#`|tUxtydy~Bjy7DoJ5}S

delta 825
zcmcb`{)TOWPIz#!pMkG;SeUE7OQE)DWmK9|T6UUSsc%@8S+R+sn~`yfMNp1enPq-X
zF;`-MQNF8zV^C#UuCGO!n{$wMYIvkmig`d-xVc$HihG4&xS4rzwna`*`NWUn_1=l$
z9*McRnRyvL#x6;Y!NqBYg^>{%29cgF9{ME(87?J-o?-rZInIHeT-iRU=_RQF?s<;J
z`KCrWm0npXnR)q1k;Sft`lXRcUQt1=PCjXt5k^(XT)Mit3PGi=#mOE?CM8uR1+H!Z
z=4DB_o{0uo{>8z;1_4fv;TGlj^+gux?kRpg7F<sa6<)cXpTM=!?w5p7<Ba>0&Uqa<
zejscAp;v#KJHl2t=w$joWk1S$`^?s@+sbDK?w|Oe(RlKb&wJ|p4K5_`udZCm^<8a^
zVEi)iTW;@fGl$Q${JH7)y%@Vm^)LA=w3a#jbUASDV9KS5*NV*rf9*B6c>74v>5re=
z>&;Fry>#vVwNi#vZ60R7Ua{@_nQ~M1ns5EKBR<TcuT_43%6TF`!+m|=wI9pkTt%!W
zOnp8}`?3)Cxute`@7m7Twz;>+#2Yfsb@BFe+rQ|=$t!{<FN^0Z?9{AdJ~jKCkXqA%
zX+KP2elK8X^p2m{yWvDpk8m!Rm(P{Lx&jyOX(62TPan%HdimAhQDfDoUlpJ2*2|>#
z9A~@wMel%g>7^APDpOZo51;ZkJL%w(DgN_A!q#m_d8ib6YNgqd<OS<&o%ls>uiva2
z@ujO^Z_kwA&%&NMVH5sLh@Jkis_f9$ITww?Z#1r+>?(d`CV#)P?B$}jQuQyNr`+ZJ
z-Pp-AKWoO48C$Q{*L*y4=Xj%>&-|tTB}%mxeULu1?aH4OH%*;vs<*Gz^mm^2K`^~J
zqt>#eW5a}x!WX=%^q0>%&aqH|&AcjCcy8o(hSqftIa(uLhcg_JeajJNKFRHJnq27Q
zqz~;5RyLQ|8QHv<ErMkD!lsMNvfKXpZ%z5Sg0m@Cv|jy-mhJz={wVywq<<HW+DXlQ
z5psRivb+wHV>%MQZu?C2b~(NJmiW$lUUezFG3+WG{~!JddK474=2G(F!&O_<bq@bZ
kO24jnWyR!W-jDYMe-%8$+Z)2YrR9UlVx@VeY&#AB0Q@_C5dZ)H