commit 979b78bafcf552b543b57a03718de5b2993146c5
Author: Jade <git@schrottkatze.de>
Date:   Tue Apr 25 15:57:59 2023 +0200

    init

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..6352a03
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1682362401,
+        "narHash": "sha256-/UMUHtF2CyYNl4b60Z2y4wwTTdIWGKhj9H301EDcT9M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "884ac294018409e0d1adc0cae185439a44bd6b0b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "utils": "utils"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..4bf2843
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,35 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, utils, ... }: 
+    let
+      pkgs = import nixpkgs { system = "x86_64-linux"; };
+    in {
+      devShell."x86_64-linux" = with pkgs; mkShell {
+        buildInputs = [ colmena ];
+      };
+      colmena = {
+        meta = {
+          nixpkgs = import nixpkgs {
+            system = "aarch64-linux";
+            overlays = [];
+          };
+        };
+
+        katzencafe = { name, nodes, pkgs, ... }: {
+          deployment = {
+            targetHost = "katzen.cafe";
+            buildOnTarget = true;
+          };
+          imports = [
+            ./modules/proxy.nix
+            ./modules/jitsi.nix
+          ];
+          system.stateVersion = "22.11";
+        };
+      };
+    };
+}
diff --git a/modules/jitsi.nix b/modules/jitsi.nix
new file mode 100644
index 0000000..e71e66b
--- /dev/null
+++ b/modules/jitsi.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }: 
+{
+  services.jitsi-meet = {
+    enable = true;
+    hostName = "meet.katzen.cafe";
+  };
+  services.jitsi-videobridge.openFirewall = true;
+}
diff --git a/modules/proxy.nix b/modules/proxy.nix
new file mode 100644
index 0000000..224ca77
--- /dev/null
+++ b/modules/proxy.nix
@@ -0,0 +1,17 @@
+{ pkgs, ... }: 
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "jade@schrottkatze.de";
+      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      webroot = "/var/lib/acme/acme-challenge";
+    };
+    certs = {
+      "meet.katzen.cafe" = {
+        group = "nginx";
+        keyType = "rsa4096";
+      };
+    };
+  };
+}