From 83d3fff168bb67e6652cbf8ca59f0dda45c314dc Mon Sep 17 00:00:00 2001 From: kp2pml30 Date: Sat, 12 Apr 2025 23:39:07 +0400 Subject: [PATCH] update website --- flake.lock | 176 ++++++++++++++++++++++++++++++++++++++++- flake.nix | 9 ++- nix/common.nix | 7 ++ nix/personal/tui.nix | 5 ++ nix/server/default.nix | 2 +- nix/server/nginx.nix | 13 +++ nix/server/site.nix | 48 +++++++++-- 7 files changed, 250 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index d50afc0..39344b8 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,50 @@ { "nodes": { + "cargo2nix": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "kp2pml30-moe", + "nixpkgs" + ], + "rust-overlay": [ + "kp2pml30-moe", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1742755793, + "narHash": "sha256-nz3zSO5a/cB/XPcP4c3cddUceKH9V3LNMuNpfV3TDeE=", + "owner": "cargo2nix", + "repo": "cargo2nix", + "rev": "f7b2c744b1e6ee39c7b4528ea34f06db598266a6", + "type": "github" + }, + "original": { + "owner": "cargo2nix", + "repo": "cargo2nix", + "rev": "f7b2c744b1e6ee39c7b4528ea34f06db598266a6", + "type": "github" + } + }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -16,6 +60,45 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": [ + "kp2pml30-moe", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -37,6 +120,31 @@ "type": "github" } }, + "kp2pml30-moe": { + "inputs": { + "cargo2nix": "cargo2nix", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay", + "systems": "systems_2" + }, + "locked": { + "lastModified": 1744487622, + "narHash": "sha256-oiZWJHVLivpeSQqoaSCu9pX/jby6uZI3qi8C2yXPSPI=", + "owner": "kp2pml30", + "repo": "kp2pml30.github.io", + "rev": "3bccebd8303135540dae573cfe828b32cf8a21df", + "type": "github" + }, + "original": { + "owner": "kp2pml30", + "repo": "kp2pml30.github.io", + "rev": "3bccebd8303135540dae573cfe828b32cf8a21df", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -75,7 +183,7 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ] @@ -96,6 +204,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1736320768, + "narHash": "sha256-nIYdTAiKIGnFNugbomgBJR+Xv5F1ZQU+HfaBqJKroC0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4bc9c909d9ac828a039f288cf872d16d38185db8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1736200483, "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", @@ -114,9 +238,59 @@ "root": { "inputs": { "home-manager": "home-manager", + "kp2pml30-moe": "kp2pml30-moe", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", + "nixpkgs": "nixpkgs_2" + } + }, + "rust-overlay": { + "inputs": { "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", + "type": "github" + }, + "original": { + "owner": "oxalica", + "ref": "stable", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 83b2b68..3cae21b 100644 --- a/flake.nix +++ b/flake.nix @@ -17,9 +17,14 @@ # url = "github:nix-community/nixos-vscode-server"; # inputs.nixpkgs.follows = "nixpkgs"; #}; + + kp2pml30-moe = { + url = "github:kp2pml30/kp2pml30.github.io/fa9019733540a9569fd6c678c358c8b7a61f435c"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, ... }: + outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, kp2pml30-moe, ... }: let rootPath = self; additionalArgs = { inherit inputs rootPath; }; @@ -50,6 +55,8 @@ nixos-generators.nixosModules.all-formats ]; + + specialArgs = { inherit kp2pml30-moe; system = "x86_64-linux"; }; }; personal-pc = nixpkgs.lib.nixosSystem rec { diff --git a/nix/common.nix b/nix/common.nix index bdce525..ad64fec 100644 --- a/nix/common.nix +++ b/nix/common.nix @@ -13,6 +13,13 @@ dates = "weekly"; }; + boot = { + tmp.useTmpfs = true; + }; + systemd.services.nix-daemon = { + environment.TMPDIR = "/var/tmp"; + }; + networking = { firewall = { enable = true; diff --git a/nix/personal/tui.nix b/nix/personal/tui.nix index 48efd13..64f0b9a 100644 --- a/nix/personal/tui.nix +++ b/nix/personal/tui.nix @@ -13,5 +13,10 @@ in { yazi.enable = true; htop.enable = true; }; + + environment.systemPackages = with pkgs; [ + ncdu + ]; + }; } diff --git a/nix/server/default.nix b/nix/server/default.nix index cdab9bd..bc666ff 100644 --- a/nix/server/default.nix +++ b/nix/server/default.nix @@ -37,7 +37,7 @@ in { users.users."${cfg.username}" = { isNormalUser = true; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2dRBDECmIuKt+2B2q9cmFudKga+EzbD4pCX6x3JNLB kp2pml30@kp2pml30-personal-pc" ]; extraGroups = [ "wheel" "networkmanager" "acme" ]; hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/"; diff --git a/nix/server/nginx.nix b/nix/server/nginx.nix index 8de8b85..568059c 100644 --- a/nix/server/nginx.nix +++ b/nix/server/nginx.nix @@ -36,6 +36,19 @@ in lib.mkIf cfg.nginx { }; }; + virtualHosts."backend.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; + + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:8001"; + }; + }; + virtualHosts."${cfg.hostname}" = { # addSSL = true; # forceSSL = true; diff --git a/nix/server/site.nix b/nix/server/site.nix index 880f724..603f6b2 100644 --- a/nix/server/site.nix +++ b/nix/server/site.nix @@ -1,16 +1,50 @@ { config , pkgs , lib +, self +, nixpkgs +, kp2pml30-moe +, system , ... }@args: let cfg = config.kp2pml30.server; - src = builtins.fetchGit { - url = "https://github.com/kp2pml30/kp2pml30.github.io.git"; - rev = "855fb5c51c439179aeedf83e1b0ecdb0d4385023"; - }; - pack = (import "${src}/release.nix" args); + backend = kp2pml30-moe.packages.${system}.kp2pml30-moe-backend; + frontend = kp2pml30-moe.packages.${system}.kp2pml30-moe-frontend; in lib.mkIf cfg.nginx { - environment.systemPackages = [ pack ]; - kp2pml30.server.sitePath = pack.outPath; + environment.systemPackages = [ + frontend + ]; + kp2pml30.server.sitePath = frontend.outPath; + + users.users.kp2pml30-moe-backend = { + home = "/home/kp2pml30-moe-backend"; + isNormalUser = true; + + packages = [ + backend + ]; + }; + + systemd.services.kp2pml30-moe-backend-service = { + enable = true; + + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + + serviceConfig = { + User = "kp2pml30-moe-backend"; + + ProtectSystem = "full"; + ProtectHostname = "true"; + ProtectKernelTunables = "true"; + ProtectControlGroups = "true"; + + Restart = "on-failure"; + RestartSec = "3"; + + ExecStart = ''bash -c "source /home/kp2pml30-moe-backend/env.sh && touch /home/kp2pml30-moe-backend/db.json && ${backend} --port 8001 --moderated-path /home/kp2pml30-moe-backend/chatbox-db.json"''; + }; + }; }