From b33a358d89073a3bdbba87de89e4c1df62204a07 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 01/10] chore (hosts/mystra)!: relocate web root

---
 hosts/mystra/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index 4a33466..e0ad441 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -11,7 +11,7 @@
     virtualHosts."henri-saudubray.fr" = {
       enableACME = true;
       forceSSL = true;
-      root = "/home/hms/www";
+      root = "/home/hms/dev/web";
     };
   };
 

From 06bd84ac86ca234995d7ad556cd65c862fb76f4d Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 02/10] chore (hosts/mystra)!: change html root

---
 hosts/mystra/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index e0ad441..5575a0d 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -11,7 +11,7 @@
     virtualHosts."henri-saudubray.fr" = {
       enableACME = true;
       forceSSL = true;
-      root = "/home/hms/dev/web";
+      root = "/var/www/html";
     };
   };
 

From 2bbad716366fb1b4ae66acee115696a1e8b09b1d Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 03/10] chore (hosts/mystra): remove ssl requirement
 (temporary)

---
 hosts/mystra/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index 5575a0d..ce44efa 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -10,7 +10,7 @@
     enable = true;
     virtualHosts."henri-saudubray.fr" = {
       enableACME = true;
-      forceSSL = true;
+      # forceSSL = true;
       root = "/var/www/html";
     };
   };

From a7c598fe42d0ccdece4a348ef62acd0689a596a9 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 04/10] feat (hosts/mystra): taskd

---
 hosts/mystra/default.nix | 22 +++++++---------------
 hosts/mystra/nginx.nix   | 16 ++++++++++++++++
 hosts/mystra/taskd.nix   |  9 +++++++++
 3 files changed, 32 insertions(+), 15 deletions(-)
 create mode 100644 hosts/mystra/nginx.nix
 create mode 100644 hosts/mystra/taskd.nix

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index ce44efa..c0144c9 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -4,23 +4,15 @@
     ./hardware-configuration.nix
     ./disk-config.nix
     ../../nixos/server.nix
+    ./nginx.nix
+    ./taskd.nix
   ];
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."henri-saudubray.fr" = {
-      enableACME = true;
-      # forceSSL = true;
-      root = "/var/www/html";
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "henri.saudubray@proton.me";
-  };
+  networking.firewall.allowedTCPPorts = [
+    80 # HTTP (nginx)
+    443 # HTTPS (nginx)
+    53589 # Taskserver
+  ];
 
   networking.hostName = "mystra";
   system.stateVersion = "25.11";
diff --git a/hosts/mystra/nginx.nix b/hosts/mystra/nginx.nix
new file mode 100644
index 0000000..629367e
--- /dev/null
+++ b/hosts/mystra/nginx.nix
@@ -0,0 +1,16 @@
+{ ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."henri-saudubray.fr" = {
+      enableACME = true;
+      # forceSSL = true;
+      root = "/var/www/html";
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "henri.saudubray@proton.me";
+  };
+}
diff --git a/hosts/mystra/taskd.nix b/hosts/mystra/taskd.nix
new file mode 100644
index 0000000..bc06cef
--- /dev/null
+++ b/hosts/mystra/taskd.nix
@@ -0,0 +1,9 @@
+{ ... }:
+{
+  services.taskserver = {
+    enable = true;
+    fqdn = "henri-saudubray.fr";
+    listenHost = "::";
+    organisations.personal.users = [ "hms" ];
+  };
+}

From 0749cecceac0e26953c69e46d625e77c0a6e2ed1 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 05/10] feat (hosts/mystra): fqdn

---
 hosts/mystra/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index c0144c9..d306cf5 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -15,5 +15,6 @@
   ];
 
   networking.hostName = "mystra";
+  networking.fqdn = "henri-saudubray.fr";
   system.stateVersion = "25.11";
 }

From cebab715b2072f1057b353b6f433cf8f1517c6c8 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 06/10] feat (home/taskwarrior): taskd config

---
 home/cli.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/home/cli.nix b/home/cli.nix
index b1c99a7..20322a2 100644
--- a/home/cli.nix
+++ b/home/cli.nix
@@ -39,6 +39,13 @@
     dataLocation = "${config.home.homeDirectory}/.local/share/task";
     colorTheme = "light-256";
     config.editor = "hx";
+    config.taskd = {
+      server = "henri-saudubray.fr:53589";
+      certificate = "/home/hms/.task/keys/public.cert";
+      key = "/home/hms/.task/keys/private.key";
+      ca = "/home/hms/.task/keys/ca.cert";
+      credentials = "personal/hms/2f8f33f0-a0b3-4f61-aba7-4d2b8c9cfbc7";
+    };
   };
 
   programs.jujutsu = {

From 798804f3a203f44ab196357b9aa6ef35ea5b24b7 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 17:56:31 +0100
Subject: [PATCH 07/10] chore (hosts/mystra/taskd): comments

---
 hosts/mystra/taskd.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/hosts/mystra/taskd.nix b/hosts/mystra/taskd.nix
index bc06cef..cbd7594 100644
--- a/hosts/mystra/taskd.nix
+++ b/hosts/mystra/taskd.nix
@@ -1,5 +1,23 @@
 { ... }:
 {
+  # # NOTE:
+  # After server installation, you must synchronize the clients with
+  # taskd. To do so, export the user config as follows (on server):
+  # ```bash
+  # nixos-taskserver user export personal hms > hms_config.sh
+  # ```
+  # and copy it to the client machine. Run it (on client):
+  # ```bash
+  # sh hms_config.sh
+  # ```
+  # and initialize synchronization (on client):
+  # ```bash
+  # task sync init
+  # ``` 
+  # See [this link](https://wiki.kunzelma.de/taskwarrior) for more.
+  # 
+  # # TODO: find a better way than the mess above.
+
   services.taskserver = {
     enable = true;
     fqdn = "henri-saudubray.fr";

From 57fad610ad065f77488531444c8e778c3d24cce8 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Wed, 18 Feb 2026 09:06:53 +0100
Subject: [PATCH 08/10] feat (hosts/mystra/nginx)!: force ssl

---
 hosts/mystra/nginx.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/mystra/nginx.nix b/hosts/mystra/nginx.nix
index 629367e..8042052 100644
--- a/hosts/mystra/nginx.nix
+++ b/hosts/mystra/nginx.nix
@@ -4,7 +4,7 @@
     enable = true;
     virtualHosts."henri-saudubray.fr" = {
       enableACME = true;
-      # forceSSL = true;
+      forceSSL = true;
       root = "/var/www/html";
     };
   };

From 31ed4c0c5fa0e516e53f96376cd19c27489bccf2 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Wed, 18 Feb 2026 10:24:42 +0100
Subject: [PATCH 09/10] feat (hosts/mystra)!: attempt at forgejo server

---
 hosts/mystra/default.nix |  1 +
 hosts/mystra/forgejo.nix | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 hosts/mystra/forgejo.nix

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index d306cf5..81b2742 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -6,6 +6,7 @@
     ../../nixos/server.nix
     ./nginx.nix
     ./taskd.nix
+    ./forgejo.nix
   ];
 
   networking.firewall.allowedTCPPorts = [
diff --git a/hosts/mystra/forgejo.nix b/hosts/mystra/forgejo.nix
new file mode 100644
index 0000000..49535a1
--- /dev/null
+++ b/hosts/mystra/forgejo.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+let
+  cfg = config.settings.forgejo;
+  srv = cfg.settings.server;
+in
+{
+  services.nginx.virtualHosts."git.henri-saudubray.fr" = {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+    locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.henri-saudubray.fr";
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+        SSH_PORT = lib.head config.services.openssh.ports;
+      };
+
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+}

From 0c2250e47904c91181e843b48167bcca0ba0583e Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Wed, 18 Feb 2026 10:24:42 +0100
Subject: [PATCH 10/10] fix (hosts/mystra/forgejo)!: typo

---
 hosts/mystra/forgejo.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/mystra/forgejo.nix b/hosts/mystra/forgejo.nix
index 49535a1..4ee0f52 100644
--- a/hosts/mystra/forgejo.nix
+++ b/hosts/mystra/forgejo.nix
@@ -1,6 +1,6 @@
 { lib, config, ... }:
 let
-  cfg = config.settings.forgejo;
+  cfg = config.services.forgejo;
   srv = cfg.settings.server;
 in
 {