update website

flake.lock

@@ -16,6 +16,27 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": [
+          "kp2pml30-moe",
+          "systems"
+        ]
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -23,11 +44,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736373539,
+        "lastModified": 1744117652,
-        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
+        "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
+        "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f",
         "type": "github"
       },
       "original": {
@@ -37,6 +58,30 @@
         "type": "github"
       }
     },
+    "kp2pml30-moe": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1744493823,
+        "narHash": "sha256-GBadamNxakZitu7zMNHJTaDpSe3ZcRyZAtBuB8mKdhI=",
+        "owner": "kp2pml30",
+        "repo": "kp2pml30.github.io",
+        "rev": "fa9019733540a9569fd6c678c358c8b7a61f435c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kp2pml30",
+        "repo": "kp2pml30.github.io",
+        "rev": "fa9019733540a9569fd6c678c358c8b7a61f435c",
+        "type": "github"
+      }
+    },
     "nixlib": {
       "locked": {
         "lastModified": 1736643958,
@@ -60,11 +105,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737057290,
+        "lastModified": 1742568034,
-        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
+        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
+        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
         "type": "github"
       },
       "original": {
@@ -81,11 +126,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736095716,
+        "lastModified": 1744290088,
-        "narHash": "sha256-csysw/Szu98QDiA2lhWk9seYOyCebeVEWL89zh1cduM=",
+        "narHash": "sha256-/X9XVEl0EiyisNbF5srrxXRSVoRqdwExuqyspYqqEjQ=",
         "owner": "nix-community",
         "repo": "NixOS-WSL",
-        "rev": "63c3b4ed1712a3a0621002cd59bfdc80875ecbb0",
+        "rev": "60b4904a1390ac4c89e93d95f6ed928975e525ed",
         "type": "github"
       },
       "original": {
@@ -97,11 +142,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1736200483,
+        "lastModified": 1736320768,
-        "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
+        "narHash": "sha256-nIYdTAiKIGnFNugbomgBJR+Xv5F1ZQU+HfaBqJKroC0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
+        "rev": "4bc9c909d9ac828a039f288cf872d16d38185db8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1744309437,
+        "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7",
         "type": "github"
       },
       "original": {
@@ -114,9 +175,44 @@
     "root": {
       "inputs": {
         "home-manager": "home-manager",
+        "kp2pml30-moe": "kp2pml30-moe",
         "nixos-generators": "nixos-generators",
         "nixos-wsl": "nixos-wsl",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
         "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1743682350,
+        "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "ref": "stable",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -17,9 +17,14 @@
 		#	url = "github:nix-community/nixos-vscode-server";
 		#	inputs.nixpkgs.follows = "nixpkgs";
 		#};
+
+		kp2pml30-moe = {
+			url = "github:kp2pml30/kp2pml30.github.io/fa9019733540a9569fd6c678c358c8b7a61f435c";
+			inputs.nixpkgs.follows = "nixpkgs";
+		};
 	};
 
-	outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, ... }:
+	outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, kp2pml30-moe, ... }:
 		let
 			rootPath = self;
 			additionalArgs = { inherit inputs rootPath; };
@@ -50,6 +55,8 @@
 
 						nixos-generators.nixosModules.all-formats
 					];
+
+					specialArgs = { inherit kp2pml30-moe; system = "x86_64-linux"; };
 				};
 
 				personal-pc = nixpkgs.lib.nixosSystem rec {

nix/common.nix

@@ -13,6 +13,13 @@
 		dates = "weekly";
 	};
 
+	boot = {
+		tmp.useTmpfs = true;
+	};
+	systemd.services.nix-daemon = {
+		environment.TMPDIR = "/var/tmp";
+	};
+
 	networking = {
 		firewall = {
 			enable = true;

nix/hardware/server.nix

@@ -53,4 +53,6 @@
 			"8.8.8.8"
 		];
 	};
+
+	nix.settings.trusted-users = [ "root" "kp2pml30-serv" ];
 }

nix/personal/tui.nix

@@ -13,5 +13,10 @@ in {
 			yazi.enable = true;
 			htop.enable = true;
 		};
+
+			environment.systemPackages = with pkgs; [
+			ncdu
+		];
+
 	};
 }

nix/server/default.nix

@@ -37,7 +37,7 @@ in {
 		users.users."${cfg.username}" = {
 			isNormalUser = true;
 			openssh.authorizedKeys.keys = [
-				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
+				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2dRBDECmIuKt+2B2q9cmFudKga+EzbD4pCX6x3JNLB kp2pml30@kp2pml30-personal-pc"
 			];
 			extraGroups = [ "wheel" "networkmanager" "acme" ];
 			hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/";

nix/server/nginx.nix

@@ -14,7 +14,7 @@ in lib.mkIf cfg.nginx {
 		defaults.email = "kp2pml30@gmail.com";
 		#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
 		certs."${cfg.hostname}" = {
-			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ];
+			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" ];
 			webroot = acmeRoot;
 			group = "nginx";
 		};
@@ -36,6 +36,19 @@ in lib.mkIf cfg.nginx {
 			};
 		};
 
+		virtualHosts."backend.${cfg.hostname}" = {
+			enableACME = true;
+			acmeRoot = acmeRoot;
+
+			listen = [
+				{ addr = "0.0.0.0"; port = 80; }
+			];
+
+			locations."/" = {
+				proxyPass = "http://127.0.0.1:8001";
+			};
+		};
+
 		virtualHosts."${cfg.hostname}" = {
 			# addSSL = true;
 			# forceSSL = true;

nix/server/site.nix

@@ -1,16 +1,51 @@
 { config
 , pkgs
 , lib
+, self
+, nixpkgs
+, kp2pml30-moe
+, system
 , ...
 }@args:
 let
 	cfg = config.kp2pml30.server;
-	src = builtins.fetchGit {
+	backend = kp2pml30-moe.packages.${system}.kp2pml30-moe-backend;
-		url = "https://github.com/kp2pml30/kp2pml30.github.io.git";
+	frontend = kp2pml30-moe.packages.${system}.kp2pml30-moe-frontend;
-		rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023";
-	};
-	pack = (import "${src}/release.nix" args);
 in lib.mkIf cfg.nginx {
-	environment.systemPackages = [ pack ];
+	environment.systemPackages = [
-	kp2pml30.server.sitePath = pack.outPath;
+		frontend
+	];
+	kp2pml30.server.sitePath = frontend.outPath;
+
+	users.users.kp2pml30-moe-backend = {
+		home = "/home/kp2pml30-moe-backend";
+		isNormalUser = true;
+
+		packages = [
+			backend
+			pkgs.bash
+		];
+	};
+
+	systemd.services.kp2pml30-moe-backend-service = {
+		enable = true;
+
+		after = [ "network-online.target" ];
+		wantedBy = [ "multi-user.target" ];
+
+
+		serviceConfig = {
+			User = "kp2pml30-moe-backend";
+
+			ProtectSystem = "full";
+			ProtectHostname = "true";
+			ProtectKernelTunables = "true";
+			ProtectControlGroups = "true";
+
+			Restart = "on-failure";
+			RestartSec = "3";
+
+			ExecStart = ''${pkgs.bash}/bin/bash -c "source /home/kp2pml30-moe-backend/env.sh && touch /home/kp2pml30-moe-backend/db.json && ${backend}/bin/kp2pml30-moe-backend --port 8001 --moderated-path /home/kp2pml30-moe-backend/chatbox-db.json"'';
+		};
+	};
 }

nix/server/stream.nginx

@@ -70,10 +70,6 @@ upstream self {
 	server 127.0.0.1:80;
 }
 
-upstream forgejo {
-	server 127.0.0.1:3000;
-}
-
 server {
 	listen          443 ssl;
 	server_name     pr.kp2pml30.moe;
@@ -87,7 +83,7 @@ server {
 
 server {
 	listen          443 ssl;
-	server_name     kp2pml30.moe git.kp2pml30.moe;
+	server_name     kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe;
 	proxy_pass      self;
 
 	ssl_certificate         /var/lib/acme/kp2pml30.moe/fullchain.pem;