many updates to lio and o001

hosts/oracle/o001/mods/atuin.nix

@@ -0,0 +1,24 @@
+{
+  config,
+  ...
+}:
+{
+  services.atuin = {
+    enable = true;
+    openRegistration = false;
+    openFirewall = false;
+    host = "127.0.0.1";
+    port = 8888;
+  };
+
+  services.nginx.virtualHosts."atuin.joshuabell.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:${builtins.toString config.services.atuin.port}";
+      };
+    };
+  };
+}

hosts/oracle/o001/mods/postgresql.nix

@@ -0,0 +1,28 @@
+{
+  pkgs,
+  ...
+}:
+{
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_17.withJIT;
+    enableJIT = true;
+    extensions = with pkgs.postgresql17Packages; [
+      # NOTE add extensions here
+      pgvector
+      postgis
+      pgsodium
+      pg_squeeze
+    ];
+    authentication = ''
+      local all all trust
+      host all all 127.0.0.1/8 trust
+      host all all ::1/128 trust
+      host all all 192.168.100.0/24 trust
+    '';
+  };
+
+  services.postgresqlBackup = {
+    enable = true;
+  };
+}

hosts/oracle/o001/mods/rustdesk-server.nix

@@ -0,0 +1,31 @@
+{
+  ...
+}:
+let
+  TailscaleInterface = "tailscale0";
+  TCPPorts = [
+    21115
+    21116
+    21117
+    21118
+    21119
+  ];
+  UDPPorts = [ 21116 ];
+in
+{
+  services = {
+    rustdesk-server = {
+      enable = true;
+      relay.enable = true;
+      signal.enable = true;
+      # Instead we only allow this on the tailnet IP range
+      openFirewall = false;
+      signal.relayHosts = [ "localhost" ];
+    };
+  };
+
+  networking.firewall.interfaces."${TailscaleInterface}" = {
+    allowedTCPPorts = TCPPorts;
+    allowedUDPPorts = UDPPorts;
+  };
+}