From 1834713f9829ed7a6442aa48b852c9f2a0730952 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Thu, 2 Jan 2025 15:16:43 +0100
Subject: [PATCH] wip

---
 hosts/pinwheel/home.nix                 |  3 ++
 hosts/tadpole/modules/certs/default.nix |  5 ++
 hosts/tadpole/modules/whib/default.nix  | 61 +++++++++++++++++++++++++
 3 files changed, 69 insertions(+)
 create mode 100644 hosts/tadpole/modules/whib/default.nix

diff --git a/hosts/pinwheel/home.nix b/hosts/pinwheel/home.nix
index 463a63d..57bc99b 100644
--- a/hosts/pinwheel/home.nix
+++ b/hosts/pinwheel/home.nix
@@ -3,6 +3,8 @@
   imports = [ inputs.home-manager.nixosModules.home-manager ];
 
   config = {
+    hardware.saleae-logic.enable = true;
+
     home-manager = {
       useGlobalPkgs = true;
       useUserPackages = true;
@@ -25,6 +27,7 @@
           pkgs.htop
           pkgs.onlyoffice-bin
           pkgs.wdisplays
+          pkgs.saleae-logic-2
         ];
 
         home.stateVersion = "23.05";
diff --git a/hosts/tadpole/modules/certs/default.nix b/hosts/tadpole/modules/certs/default.nix
index e845a61..9d11e73 100644
--- a/hosts/tadpole/modules/certs/default.nix
+++ b/hosts/tadpole/modules/certs/default.nix
@@ -17,6 +17,11 @@
         webroot = "/var/lib/acme/acme-challenge/";
         group = "nginx";
       };
+
+      "whib-api.ppp.pm" = {
+        webroot = "/var/lib/acme/acme-challenge/";
+        group = "nginx";
+      };
     };
   };
 }
diff --git a/hosts/tadpole/modules/whib/default.nix b/hosts/tadpole/modules/whib/default.nix
new file mode 100644
index 0000000..abc00a3
--- /dev/null
+++ b/hosts/tadpole/modules/whib/default.nix
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  enabled = config.mod.whib-backend.enable;
+in
+{
+  options = {
+    mod.whib-backend = {
+      enable = lib.mkEnableOption "enable WHIB backend";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services.whib-backend = {
+      enable = true;
+
+      domain = "whib-api.ppp.pm";
+      useACMEHost = "whib-api.ppp.pm";
+
+      backend = {
+        signingKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-signing-key.path})";
+      };
+
+      postgres = {
+        database = "whib";
+        host = "postgres";
+        port = "5432";
+        user = "whib";
+        password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-postgres-password.path})";
+
+        backup = {
+          interval = "*-*-* 00:00:00 UTC";
+
+          gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
+
+          backblazeBucket = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-bucket.path})";
+          backblazeKeyID = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key-id.path})";
+          backblazeKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key.path})";
+        };
+      };
+
+      grafana = {
+        password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-grafana-password.path})";
+      };
+    };
+
+    age.secrets = {
+      "whib-signing-key".file = ../../../../secrets/tadpole/whib-signing-key.age;
+      "whib-postgres-password".file = ../../../../secrets/tadpole/whib-postgres-password.age;
+      "whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
+      "whib-backblaze-bucket".file = ../../../../secrets/tadpole/whib-backblaze-bucket.age;
+      "whib-backblaze-key-id".file = ../../../../secrets/tadpole/whib-backblaze-key-id.age;
+      "whib-backblaze-key".file = ../../../../secrets/tadpole/whib-backblaze-key.age;
+      "whib-grafana-password".file = ../../../../secrets/tadpole/whib-grafana-password.age;
+    };
+  };
+}