nixos: backend server

nixos/backend/backend.nix

@@ -0,0 +1,59 @@
+{ config, lib, pkgs, ... }:
+{
+  imports = [
+    ./db.nix
+    ./fic-admin.nix
+    ./fic-backend.nix
+    ./fic-dashboard.nix
+    ./fic-evdist.nix
+    ./fic-synchro.nix
+  ];
+
+  config.sops = {
+    defaultSopsFile = ../secrets/phobos.yml; # We are currently in /nix/store/...-source/backend/
+    secrets.phobos_ssh = { mode = "0400"; };
+    # You may need to manualy remove `/run/secrets` if modified
+  };
+
+  config.system.activationScripts = {
+    # Create /var/lib/fic/** directories
+    makeFicDirs = lib.stringAfter [ "var" ] ''
+      mkdir -p /var/lib/fic/dashboard;
+      mkdir -p /var/lib/fic/files;
+      mkdir -p /var/lib/fic/pki;
+      mkdir -p /var/lib/fic/raw_files;
+      mkdir -p /var/lib/fic/settings;
+      mkdir -p /var/lib/fic/settingsdist;
+      mkdir -p /var/lib/fic/ssh;
+      mkdir -p /var/lib/fic/submissions;
+      mkdir -p /var/lib/fic/sync;
+      mkdir -p /var/lib/fic/teams;
+      mkdir -p /var/log/frontend;
+    '';
+    # Create docker network
+    createDockerNetworkPhobos =
+      let
+        docker = config.virtualisation.oci-containers.backend;
+        dockerBin = "${pkgs.${docker}}/bin/${docker}";
+      in
+      ''
+        ${dockerBin} network inspect phobos-lan >/dev/null 2>&1 \
+          || ${dockerBin} network create phobos-lan --subnet 172.18.0.0/24
+      '';
+  };
+
+  config = {
+    networking.hostName = "phobos";
+
+    # This is needed to install fic related pkgs
+    nixpkgs.config.allowUnfree = true;
+
+    # To switch, remove `phobos-lan` from the networks before running nixos-rebuild
+    # ```
+    # ${dockerBin} network rm phobos-lan
+    # ```
+    virtualisation.docker.enable = true;
+    virtualisation.podman.enable = false;
+    virtualisation.oci-containers.backend = "docker";
+  };
+}