From 39ba1c55caa4f125841f04d54d8d082718276a25 Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Thu, 12 Oct 2023 02:59:56 +0200
Subject: [PATCH] Add FoundryVTT

---
 flake.lock           | 41 ++++++++++++++++++++++++++++++++++++++---
 flake.nix            |  6 ++++--
 profiles/storage.nix | 25 ++++++++++++++++++++++++-
 terraform/dns.tf     |  8 ++++++++
 4 files changed, 74 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 77ebd16..27fb0db 100644
--- a/flake.lock
+++ b/flake.lock
@@ -68,6 +68,24 @@
         "type": "github"
       }
     },
+    "foundryvtt": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1696777017,
+        "narHash": "sha256-yCqwecHKXGXjAlS5JrtVO2EAkFCYWqvLF+ER0WebZ6g=",
+        "owner": "reckenrode",
+        "repo": "nix-foundryvtt",
+        "rev": "9b880a901139a65bebb72d359425d45c7f5224b2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "reckenrode",
+        "repo": "nix-foundryvtt",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1671417167,
@@ -147,6 +165,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1694304580,
+        "narHash": "sha256-5tIpNodDpEKT8mM/F5zCzWEAnidOg8eb1/x3SRaaBLs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "4c8cf44c5b9481a4f093f1df3b8b7ba997a7c760",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1695825837,
         "narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=",
@@ -162,7 +196,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1670751203,
         "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
@@ -180,7 +214,8 @@
     "root": {
       "inputs": {
         "deploy-rs": "deploy-rs",
-        "nixpkgs": "nixpkgs_2",
+        "foundryvtt": "foundryvtt",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "simple-nixos-mailserver": "simple-nixos-mailserver",
         "sops-nix": "sops-nix"
@@ -190,7 +225,7 @@
       "inputs": {
         "blobs": "blobs",
         "flake-compat": "flake-compat_2",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
         "nixpkgs-22_11": "nixpkgs-22_11",
         "nixpkgs-23_05": "nixpkgs-23_05",
         "utils": "utils_2"
diff --git a/flake.nix b/flake.nix
index 33be47a..44a843d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,10 +7,11 @@
     deploy-rs.url = "github:serokell/deploy-rs";
     simple-nixos-mailserver.url =
       "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
+    foundryvtt.url = "github:reckenrode/nix-foundryvtt";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix
-    , simple-nixos-mailserver }:
+  outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix
+    , simple-nixos-mailserver, foundryvtt }:
     let
       pkgs = nixpkgs.legacyPackages.x86_64-linux;
       pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;
@@ -77,6 +78,7 @@
             defaultModuleArgs
             sops-nix.nixosModules.sops
             simple-nixos-mailserver.nixosModule
+            foundryvtt.nixosModules.foundryvtt
             ./profiles/storage.nix
             ({
               sops.defaultSopsFile = ./secrets.enc.yml;
diff --git a/profiles/storage.nix b/profiles/storage.nix
index 46bdcbd..5d6d5fe 100644
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, pkgs-unstable, ... }: {
+{ config, lib, pkgs, pkgs-unstable, inputs, ... }: {
   imports = [
     ../environment.nix
     ../hardware/hetzner-dedicated-storage1.nix
@@ -34,6 +34,7 @@
     services.backup-job = {
       enable = true;
       repoName = "bl";
+      additionalPaths = [ config.services.foundryvtt.dataDir ];
       patterns = [
         "- /nix/var/data/media"
         "- /nix/var/data/transmission/downloads"
@@ -191,6 +192,28 @@
   #   };
   # };
 
+  services.foundryvtt = {
+    enable = true;
+    hostName = "vtt.${config.networking.domain}";
+    language = "fr.core";
+    proxyPort = 443;
+    proxySSL = true;
+  };
+
+  services.nginx.virtualHosts."vtt.${config.networking.domain}" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass =
+        "http://127.0.0.1:${toString config.services.foundryvtt.port}";
+      extraConfig = ''
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+      '';
+    };
+  };
+
   services.borgbackup.repos = {
     epicerie_du_cellier = {
       authorizedKeys = [
diff --git a/terraform/dns.tf b/terraform/dns.tf
index 6ab52fd..848bdb5 100644
--- a/terraform/dns.tf
+++ b/terraform/dns.tf
@@ -152,6 +152,14 @@ resource "hetznerdns_record" "lidarr_a" {
   ttl     = 600
 }
 
+resource "hetznerdns_record" "vtt_a" {
+  zone_id = data.hetznerdns_zone.banditlair_zone.id
+  name    = "vtt"
+  value   = local.storage1_ip
+  type    = "A"
+  ttl     = 600
+}
+
 resource "hetznerdns_record" "monero_a" {
   zone_id = data.hetznerdns_zone.banditlair_zone.id
   name    = "monero"