diff --git a/flake.lock b/flake.lock index d50afc0..2eeb036 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,27 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": [ + "kp2pml30-moe", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -23,11 +44,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1744117652, + "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "type": "github" }, "original": { @@ -37,6 +58,30 @@ "type": "github" } }, + "kp2pml30-moe": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay", + "systems": "systems" + }, + "locked": { + "lastModified": 1744493823, + "narHash": "sha256-GBadamNxakZitu7zMNHJTaDpSe3ZcRyZAtBuB8mKdhI=", + "owner": "kp2pml30", + "repo": "kp2pml30.github.io", + "rev": "fa9019733540a9569fd6c678c358c8b7a61f435c", + "type": "github" + }, + "original": { + "owner": "kp2pml30", + "repo": "kp2pml30.github.io", + "rev": "fa9019733540a9569fd6c678c358c8b7a61f435c", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -60,11 +105,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -81,11 +126,11 @@ ] }, "locked": { - "lastModified": 1736095716, - "narHash": "sha256-csysw/Szu98QDiA2lhWk9seYOyCebeVEWL89zh1cduM=", + "lastModified": 1744290088, + "narHash": "sha256-/X9XVEl0EiyisNbF5srrxXRSVoRqdwExuqyspYqqEjQ=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "63c3b4ed1712a3a0621002cd59bfdc80875ecbb0", + "rev": "60b4904a1390ac4c89e93d95f6ed928975e525ed", "type": "github" }, "original": { @@ -97,11 +142,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736200483, - "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "lastModified": 1736320768, + "narHash": "sha256-nIYdTAiKIGnFNugbomgBJR+Xv5F1ZQU+HfaBqJKroC0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", + "rev": "4bc9c909d9ac828a039f288cf872d16d38185db8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1744309437, + "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", "type": "github" }, "original": { @@ -114,9 +175,44 @@ "root": { "inputs": { "home-manager": "home-manager", + "kp2pml30-moe": "kp2pml30-moe", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", + "nixpkgs": "nixpkgs_2" + } + }, + "rust-overlay": { + "inputs": { "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", + "type": "github" + }, + "original": { + "owner": "oxalica", + "ref": "stable", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 83b2b68..3cae21b 100644 --- a/flake.nix +++ b/flake.nix @@ -17,9 +17,14 @@ # url = "github:nix-community/nixos-vscode-server"; # inputs.nixpkgs.follows = "nixpkgs"; #}; + + kp2pml30-moe = { + url = "github:kp2pml30/kp2pml30.github.io/fa9019733540a9569fd6c678c358c8b7a61f435c"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, ... }: + outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, kp2pml30-moe, ... }: let rootPath = self; additionalArgs = { inherit inputs rootPath; }; @@ -50,6 +55,8 @@ nixos-generators.nixosModules.all-formats ]; + + specialArgs = { inherit kp2pml30-moe; system = "x86_64-linux"; }; }; personal-pc = nixpkgs.lib.nixosSystem rec { diff --git a/nix/common.nix b/nix/common.nix index bdce525..ad64fec 100644 --- a/nix/common.nix +++ b/nix/common.nix @@ -13,6 +13,13 @@ dates = "weekly"; }; + boot = { + tmp.useTmpfs = true; + }; + systemd.services.nix-daemon = { + environment.TMPDIR = "/var/tmp"; + }; + networking = { firewall = { enable = true; diff --git a/nix/hardware/server.nix b/nix/hardware/server.nix index 1be50df..0645cbe 100644 --- a/nix/hardware/server.nix +++ b/nix/hardware/server.nix @@ -53,4 +53,6 @@ "8.8.8.8" ]; }; + + nix.settings.trusted-users = [ "root" "kp2pml30-serv" ]; } diff --git a/nix/personal/tui.nix b/nix/personal/tui.nix index 48efd13..64f0b9a 100644 --- a/nix/personal/tui.nix +++ b/nix/personal/tui.nix @@ -13,5 +13,10 @@ in { yazi.enable = true; htop.enable = true; }; + + environment.systemPackages = with pkgs; [ + ncdu + ]; + }; } diff --git a/nix/server/default.nix b/nix/server/default.nix index cdab9bd..bc666ff 100644 --- a/nix/server/default.nix +++ b/nix/server/default.nix @@ -37,7 +37,7 @@ in { users.users."${cfg.username}" = { isNormalUser = true; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2dRBDECmIuKt+2B2q9cmFudKga+EzbD4pCX6x3JNLB kp2pml30@kp2pml30-personal-pc" ]; extraGroups = [ "wheel" "networkmanager" "acme" ]; hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/"; diff --git a/nix/server/nginx.nix b/nix/server/nginx.nix index 8de8b85..b2ffa75 100644 --- a/nix/server/nginx.nix +++ b/nix/server/nginx.nix @@ -14,7 +14,7 @@ in lib.mkIf cfg.nginx { defaults.email = "kp2pml30@gmail.com"; #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; certs."${cfg.hostname}" = { - extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ]; + extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" ]; webroot = acmeRoot; group = "nginx"; }; @@ -36,6 +36,19 @@ in lib.mkIf cfg.nginx { }; }; + virtualHosts."backend.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; + + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:8001"; + }; + }; + virtualHosts."${cfg.hostname}" = { # addSSL = true; # forceSSL = true; diff --git a/nix/server/site.nix b/nix/server/site.nix index 880f724..243074d 100644 --- a/nix/server/site.nix +++ b/nix/server/site.nix @@ -1,16 +1,51 @@ { config , pkgs , lib +, self +, nixpkgs +, kp2pml30-moe +, system , ... }@args: let cfg = config.kp2pml30.server; - src = builtins.fetchGit { - url = "https://github.com/kp2pml30/kp2pml30.github.io.git"; - rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023"; - }; - pack = (import "${src}/release.nix" args); + backend = kp2pml30-moe.packages.${system}.kp2pml30-moe-backend; + frontend = kp2pml30-moe.packages.${system}.kp2pml30-moe-frontend; in lib.mkIf cfg.nginx { - environment.systemPackages = [ pack ]; - kp2pml30.server.sitePath = pack.outPath; + environment.systemPackages = [ + frontend + ]; + kp2pml30.server.sitePath = frontend.outPath; + + users.users.kp2pml30-moe-backend = { + home = "/home/kp2pml30-moe-backend"; + isNormalUser = true; + + packages = [ + backend + pkgs.bash + ]; + }; + + systemd.services.kp2pml30-moe-backend-service = { + enable = true; + + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + + serviceConfig = { + User = "kp2pml30-moe-backend"; + + ProtectSystem = "full"; + ProtectHostname = "true"; + ProtectKernelTunables = "true"; + ProtectControlGroups = "true"; + + Restart = "on-failure"; + RestartSec = "3"; + + ExecStart = ''${pkgs.bash}/bin/bash -c "source /home/kp2pml30-moe-backend/env.sh && touch /home/kp2pml30-moe-backend/db.json && ${backend}/bin/kp2pml30-moe-backend --port 8001 --moderated-path /home/kp2pml30-moe-backend/chatbox-db.json"''; + }; + }; } diff --git a/nix/server/stream.nginx b/nix/server/stream.nginx index 5d33c56..3075273 100644 --- a/nix/server/stream.nginx +++ b/nix/server/stream.nginx @@ -70,10 +70,6 @@ upstream self { server 127.0.0.1:80; } -upstream forgejo { - server 127.0.0.1:3000; -} - server { listen 443 ssl; server_name pr.kp2pml30.moe; @@ -87,7 +83,7 @@ server { server { listen 443 ssl; - server_name kp2pml30.moe git.kp2pml30.moe; + server_name kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe; proxy_pass self; ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem;