add blogbox target

nixos/hosts/alisceon-core/configuration.nix

@@ -1,38 +1,11 @@
 { lib, pkgs, modulesPath, ... }:
-let
-  forgejoDomain = "git.alisceon.com";
-  syncthingDomain = "syncthing.alisceon.com";
-
-  fetchOciAuthorizedKeys = pkgs.writeShellApplication {
-    name = "fetch-oci-authorized-keys";
-    runtimeInputs = [
-      pkgs.coreutils
-      pkgs.curl
-    ];
-    text = ''
-      install -d -m 0700 -o alisceon -g users /home/alisceon/.ssh
-
-      if [ -s /home/alisceon/.ssh/authorized_keys ]; then
-        echo "OCI authorized_keys already present for alisceon"
-        exit 0
-      fi
-
-      curl --fail --silent --show-error --location \
-        --header "Authorization: Bearer Oracle" \
-        --output /home/alisceon/.ssh/authorized_keys \
-        http://169.254.169.254/opc/v2/instance/metadata/ssh_authorized_keys
-
-      chown alisceon:users /home/alisceon/.ssh/authorized_keys
-      chmod 0600 /home/alisceon/.ssh/authorized_keys
-    '';
-  };
-
-in
 {
   imports = [
     "${modulesPath}/virtualisation/oci-image.nix"
+    ../../modules/services/cloud-init.nix
     ../../modules/services/forgejo.nix
     ../../modules/services/nginx.nix
+    ../../modules/services/oci-authorized-keys.nix
     ../../modules/services/tor.nix
   ];
 
@@ -90,6 +63,14 @@ in
 
   users.users.alisceon.extraGroups = [ "systemd-journal" ];
 
+  alisceon = {
+    cloud-init = {
+      enable = true;
+      defaultShell = "/run/current-system/sw/bin/xonsh";
+    };
+    ociAuthorizedKeys.enable = true;
+  };
+
   security = {
     acme = {
       acceptTerms = true;
@@ -129,7 +110,7 @@ in
     };
   };
 
-  alisceon.forgejo.domain = forgejoDomain;
+  alisceon.forgejo.domain = "forgejo.alisceon.com";
 
   services.gitea-actions-runner.instances.alisceon-core-podman.labels = [
     "podman"
@@ -138,8 +119,8 @@ in
   ];
 
   services.nginx.virtualHosts = {
-    ${forgejoDomain} = {
-      serverName = forgejoDomain;
+    ${"forgejo.alisceon.com"} = {
+      serverName = "forgejo.alisceon.com";
       forceSSL = true;
       enableACME = true;
       locations."/" = {
@@ -147,8 +128,8 @@ in
         recommendedProxySettings = true;
       };
     };
-    ${syncthingDomain} = {
-      serverName = syncthingDomain;
+    ${"syncthing.alisceon.com"} = {
+      serverName = "syncthing.alisceon.com";
       forceSSL = true;
       enableACME = true;
       locations."/" = {
@@ -167,39 +148,6 @@ in
     };
   };
 
-  services.cloud-init = {
-    enable = true;
-    network.enable = true;
-    settings = {
-      datasource_list = [ "Oracle" "ConfigDrive" "NoCloud" ];
-      users = [ "default" ];
-      system_info.default_user = {
-        name = "alisceon";
-        gecos = "Alisceon";
-        groups = [ "wheel" "systemd-journal" ];
-        shell = "/run/current-system/sw/bin/xonsh";
-        lock_passwd = true;
-      };
-    };
-  };
-
-  systemd.services.fetch-oci-authorized-keys = {
-    description = "Fetch OCI metadata authorized_keys for alisceon";
-    wantedBy = [ "sshd.service" ];
-    before = [ "sshd.service" ];
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-      StandardError = "journal+console";
-      StandardOutput = "journal+console";
-    };
-    script = lib.getExe fetchOciAuthorizedKeys;
-  };
-
-  systemd.services.fetch-ssh-keys.enable = false;
-
   systemd.services.syncthing = {
     serviceConfig = {
       LockPersonality = true;