From 3d31285ab86bde4c1d0bc26a082cbe00f3951c0a Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Sat, 24 Jan 2026 23:20:00 -0500
Subject: [PATCH] Setup nominatim

---
 .../nixos/hetznix01/post-install/default.nix  |  4 ++++
 .../nixos/hetznix01/post-install/nginx.nix    |  2 +-
 modules/hosts/nixos/nixnuc/default.nix        | 20 +++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix
index 7083fcf..9ab581b 100644
--- a/modules/hosts/nixos/hetznix01/post-install/default.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/default.nix
@@ -59,6 +59,10 @@ in {
     dawarich = {
       enable = true;
       configureNginx = true;
+      environment = {
+        NOMINATIM_API_HOST = "nominatim.home.technicalissues.us";
+        NOMINATIM_API_USE_HTTPS = "true";
+      };
       localDomain = "location.technicalissues.us";
       smtp = {
         fromAddress = "location@hetznix01.technicalissues.us";
diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix
index dfc3802..c714b31 100644
--- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix
@@ -1,4 +1,4 @@
-{ config, ... }: let 
+{ config, ... }: let
   domain = "technicalissues.us";
   http_port = 80;
   https_port = 443;
diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index c87a549..9ccddc9 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -472,6 +472,18 @@ in {
           acmeRoot = null;
           forceSSL = true;
         };
+        "nominatim.${home_domain}" = {
+          enableACME = true;
+          acmeRoot = null;
+          forceSSL = true;
+          extraConfig = ''
+            allow 127.0.0.1;
+            allow ::1;
+            allow 2600:1700:1712:880f:8eee:4ba4:75dc:f39c;
+            allow 100.64.0.0/10;
+            deny all;
+          '';
+        };
         "onlyoffice.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
           enableACME = true;
@@ -489,6 +501,14 @@ in {
         };
       };
     };
+    nominatim = {
+      enable = true;
+      hostName = "nominatim.home.technicalissues.us";
+      ui.config = ''
+        Nominatim_Config.Page_Title="Beantown's Nominatim";
+        Nominatim_Config.Nominatim_API_Endpoint='https://${config.services.nominatim.hostName}/';
+      '';
+    };
     pinchflat = {
       enable = true;
       group = "jellyfin";