From b3e5b24569bb36e7758e6a709faa425da2e3b49c Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 7 Oct 2021 23:00:50 +0200
Subject: [PATCH] sdrweb: refactor from radiobert

---
 flake.nix                           |  8 +++++++
 hosts/containers/sdrweb/default.nix | 32 ++++++++++++++++++++++++++++
 hosts/radiobert/default.nix         | 33 -----------------------------
 3 files changed, 40 insertions(+), 33 deletions(-)
 create mode 100644 hosts/containers/sdrweb/default.nix

diff --git a/flake.nix b/flake.nix
index fd9dc4f2..410273dd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -390,6 +390,14 @@
           system = "x86_64-linux";
         };
 
+        sdrweb = nixosSystem' {
+          modules = [
+            ./lib/lxc-container.nix
+            ./hosts/containers/sdrweb
+          ];
+          system = "x86_64-linux";
+        };
+
       };
 
       nixosModule = import ./lib;
diff --git a/hosts/containers/sdrweb/default.nix b/hosts/containers/sdrweb/default.nix
new file mode 100644
index 00000000..e38d76aa
--- /dev/null
+++ b/hosts/containers/sdrweb/default.nix
@@ -0,0 +1,32 @@
+{ hostRegistry, config, ... }:
+{
+  networking.hostName = "sdrweb";
+  networking.useNetworkd = true;
+  networking.interfaces.eth0.ipv4.addresses = [{
+    address = hostRegistry.hosts.${config.networking.hostName}.ip4;
+    prefixLength = 26;
+  }];
+  networking.defaultGateway = "172.20.73.1";
+
+  # http https
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts."sdr.hq.c3d2.de" = {
+      default = true;
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:8073";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  services.openwebrx.enable = true;
+
+  # noXlibs breaks cairo:
+  environment.noXlibs = false;
+}
diff --git a/hosts/radiobert/default.nix b/hosts/radiobert/default.nix
index 76f2cae8..37fbbfd9 100644
--- a/hosts/radiobert/default.nix
+++ b/hosts/radiobert/default.nix
@@ -76,20 +76,10 @@
       prefixLength = 26;
     }];
     defaultGateway = "172.20.73.1";
-    firewall.allowedTCPPorts = [
-      # SSH
-      22
-      # Web
-      80 443
-      # SoapySDRServer
-      55132
-    ];
     firewall.enable = false;
     nameservers = [ "172.20.73.8" "9.9.9.9" ];
   };
 
-  # services.openwebrx.enable = true;
-
   users.users.soapysdr = {
     isSystemUser = true;
     group = "soapysdr";
@@ -158,29 +148,6 @@
   services.openssh = {
     enable = true;
   };
-  security.sudo = {
-    enable = true;
-    wheelNeedsPassword = false;
-  };
-
-  users.users.k-ot = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "audio" ];
-  };
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    virtualHosts."sdr.hq.c3d2.de" = {
-      default = true;
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:8073";
-        proxyWebsockets = true;
-      };
-    };
-  };
 
   # Allow access to USB
   services.udev.extraRules = ''