update website

2026-02-16 23:34:42 +04:00 · 2025-04-12 23:39:07 +04:00 · 2025-04-12 23:39:07 +04:00 · 47ac57a230
commit 47ac57a230
parent 5057d037cb
9 changed files with 188 additions and 27 deletions
--- a/nix/common.nix
+++ b/nix/common.nix
@ -13,6 +13,13 @@
 		dates = "weekly";
 	};

+	boot = {
+		tmp.useTmpfs = true;
+	};
+	systemd.services.nix-daemon = {
+		environment.TMPDIR = "/var/tmp";
+	};
+
 	networking = {
 		firewall = {
 			enable = true;
--- a/nix/hardware/server.nix
+++ b/nix/hardware/server.nix
@ -53,4 +53,6 @@
 			"8.8.8.8"
 		];
 	};
+
+	nix.settings.trusted-users = [ "root" "kp2pml30-serv" ];
 }
--- a/nix/personal/tui.nix
+++ b/nix/personal/tui.nix
@ -13,5 +13,10 @@ in {
 			yazi.enable = true;
 			htop.enable = true;
 		};
+
+			environment.systemPackages = with pkgs; [
+			ncdu
+		];
+
 	};
 }
--- a/nix/server/default.nix
+++ b/nix/server/default.nix
@ -37,7 +37,7 @@ in {
 		users.users."${cfg.username}" = {
 			isNormalUser = true;
 			openssh.authorizedKeys.keys = [
-				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
+				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2dRBDECmIuKt+2B2q9cmFudKga+EzbD4pCX6x3JNLB kp2pml30@kp2pml30-personal-pc"
 			];
 			extraGroups = [ "wheel" "networkmanager" "acme" ];
 			hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/";
--- a/nix/server/nginx.nix
+++ b/nix/server/nginx.nix
@ -14,7 +14,7 @@ in lib.mkIf cfg.nginx {
 		defaults.email = "kp2pml30@gmail.com";
 		#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
 		certs."${cfg.hostname}" = {
-			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ];
+			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" ];
 			webroot = acmeRoot;
 			group = "nginx";
 		};
@ -36,6 +36,19 @@ in lib.mkIf cfg.nginx {
 			};
 		};

+		virtualHosts."backend.${cfg.hostname}" = {
+			enableACME = true;
+			acmeRoot = acmeRoot;
+
+			listen = [
+				{ addr = "0.0.0.0"; port = 80; }
+			];
+
+			locations."/" = {
+				proxyPass = "http://127.0.0.1:8001";
+			};
+		};
+
 		virtualHosts."${cfg.hostname}" = {
 			# addSSL = true;
 			# forceSSL = true;
--- a/nix/server/site.nix
+++ b/nix/server/site.nix
@ -1,16 +1,51 @@
 { config
 , pkgs
 , lib
+, self
+, nixpkgs
+, kp2pml30-moe
+, system
 , ...
 }@args:
 let
 	cfg = config.kp2pml30.server;
-	src = builtins.fetchGit {
-		url = "https://github.com/kp2pml30/kp2pml30.github.io.git";
-		rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023";
-	};
-	pack = (import "${src}/release.nix" args);
+	backend = kp2pml30-moe.packages.${system}.kp2pml30-moe-backend;
+	frontend = kp2pml30-moe.packages.${system}.kp2pml30-moe-frontend;
 in lib.mkIf cfg.nginx {
-	environment.systemPackages = [ pack ];
-	kp2pml30.server.sitePath = pack.outPath;
+	environment.systemPackages = [
+		frontend
+	];
+	kp2pml30.server.sitePath = frontend.outPath;
+
+	users.users.kp2pml30-moe-backend = {
+		home = "/home/kp2pml30-moe-backend";
+		isNormalUser = true;
+
+		packages = [
+			backend
+			pkgs.bash
+		];
+	};
+
+	systemd.services.kp2pml30-moe-backend-service = {
+		enable = true;
+
+		after = [ "network-online.target" ];
+		wantedBy = [ "multi-user.target" ];
+
+
+		serviceConfig = {
+			User = "kp2pml30-moe-backend";
+
+			ProtectSystem = "full";
+			ProtectHostname = "true";
+			ProtectKernelTunables = "true";
+			ProtectControlGroups = "true";
+
+			Restart = "on-failure";
+			RestartSec = "3";
+
+			ExecStart = ''${pkgs.bash}/bin/bash -c "source /home/kp2pml30-moe-backend/env.sh && touch /home/kp2pml30-moe-backend/db.json && ${backend}/bin/kp2pml30-moe-backend --port 8001 --moderated-path /home/kp2pml30-moe-backend/chatbox-db.json"'';
+		};
+	};
 }
--- a/nix/server/stream.nginx
+++ b/nix/server/stream.nginx
@ -70,10 +70,6 @@ upstream self {
 	server 127.0.0.1:80;
 }

-upstream forgejo {
-	server 127.0.0.1:3000;
-}
-
 server {
 	listen          443 ssl;
 	server_name     pr.kp2pml30.moe;
@ -87,7 +83,7 @@ server {

 server {
 	listen          443 ssl;
-	server_name     kp2pml30.moe git.kp2pml30.moe;
+	server_name     kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe;
 	proxy_pass      self;

 	ssl_certificate         /var/lib/acme/kp2pml30.moe/fullchain.pem;