4 files changed, 31 insertions, 22 deletions

diff --git a/nix/hosts/caladan/darwin-configuration.nix b/nix/hosts/caladan/darwin-configuration.nix
index 597ee1a..9931b08 100644
--- a/nix/hosts/caladan/darwin-configuration.nix
+++ b/nix/hosts/caladan/darwin-configuration.nix
@@ -31,8 +31,8 @@
     package = pkgs.nixFlakes;
     extraOptions =
       ''
-        		builders-use-substitutes = true
-            auto-optimise-store = true
+    		builders-use-substitutes = true
+        auto-optimise-store = true
       ''
       + lib.optionalString (pkgs.system == "aarch64-darwin") ''
         extra-platforms = x86_64-darwin aarch64-darwin
@@ -49,11 +49,13 @@
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        "nix-cache.emile.space:3xzJknXMsR/EL3SBTu6V6oCOkjxe6MgJm0nOrElW33A="
       ];
       substituters = [
         "https://cache.nixos.org"
         "https://nix-community.cachix.org"
         "https://cache.garnix.io"
+        "https://nix-cache.emile.space"
       ];
 
       experimental-features = [
diff --git a/nix/hosts/corrino/secrets/harmonia-signkey.age b/nix/hosts/corrino/secrets/harmonia-signkey.age
new file mode 100644
index 0000000..9449938
--- /dev/null
+++ b/nix/hosts/corrino/secrets/harmonia-signkey.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 gvwQ2Q UkXoEYf4nrxwdvrC6B+dURG7kafDVB9Lh3aCbJRFKHg
+S3D22FpX0dx2ZV8VpHTHcv3+GHDlO9nlhMkjbUStxhg
+-> ssh-ed25519 m8VklA NgtepHZ+T6Dh5FYtWXD0lURiQZ8PW1iXzyB63bgsJFQ
+yWohEl1Vxs2OKoMwEJVdVagJTo4oEIPBXmotkhCMogs
+--- BKqrH3vC5mxTvjE8Zc819ZUoxCG8uj5R6ppbzby9biM
+�Ȼ3��#����׻��ׁ;9�������l}0��xk���c^c�e!$<Wa�O�U���q~��fu�[���xЇ	�E,��_���MlͿ�ض~��1��zK��:0M]�h!2V���uk&ʺy=����81du�
\ No newline at end of file
diff --git a/nix/hosts/corrino/www/nix-cache/index.txt b/nix/hosts/corrino/www/nix-cache/index.txt
index 514b288..6e3353b 100644
--- a/nix/hosts/corrino/www/nix-cache/index.txt
+++ b/nix/hosts/corrino/www/nix-cache/index.txt
@@ -11,7 +11,7 @@ NixOS Configuration:
       "https://nix-cache.emile.space"
     ];
     trusted-public-keys = [
-			"nix-cache.emile.space:3xzJknXMsR/EL3SBTu6V6oCOkjxe6MgJm0nOrElW33A="
+	  "nix-cache.emile.space:3xzJknXMsR/EL3SBTu6V6oCOkjxe6MgJm0nOrElW33A="
     ];
   }
 
diff --git a/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix b/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix
index c8f7264..cbb6a0d 100644
--- a/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix
+++ b/nix/hosts/corrino/www/nix-cache/nix-cache.emile.space.nix
@@ -1,18 +1,26 @@
-{ ... }:
+{ config, ... }:
 
 {
   services.nginx.virtualHosts."nix-cache.emile.space" = {
-    forceSSL = false;
-    enableACME = false;
+    forceSSL = true;
+    enableACME = true;
+
+    locations = {
+      "/" = {
+        proxyPass = "http://${config.services.harmonia.settings.bind}";
+      };
+    };
   };
-  #   locations = {
-  #     "/" = {
-  #       root = "/var/www/emile.space";
-  #       extraConfig = ''
-  #         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-  #       ''; 
-  #     };
-  # };
+  services.harmonia = {
+    enable = true;
+
+    # TODO(emile): manage this using age
+    # signKeyPath = "/var/lib/secrets/harmonia.secret";
+    signKeyPath = config.age.secrets.harmonia-signkey.path;
+
+    settings.bind = "[::1]:${toString config.emile.ports.harmonia}";
+  };
+
   # locations."= /" = {
   # 	index = "/index.txt";
   # };
@@ -47,12 +55,4 @@
   # };
   # };
 
-  #  services.harmonia = {
-  # 	enable = true;
-
-  # 	# TODO(emile): manage this using age
-  # 	signKeyPath = "/var/lib/secrets/harmonia.secret";
-
-  #    settings.bind = "[::1]:${toString config.emile.ports.harmonia}";
-  # };
 }