try to migrate to nix

nix/common.nix

@@ -0,0 +1,56 @@
+{  pkgs
+, ...
+}:
+{
+	system.stateVersion = "24.05";
+
+	users.mutableUsers = false;
+
+	nix.gc = {
+		automatic = true;
+		dates = "weekly";
+	};
+
+	networking = {
+		firewall = {
+			enable = true;
+			allowedTCPPorts = [ 80 443 ];
+		};
+	};
+
+	nix.settings.experimental-features = [ "nix-command" "flakes" ];
+	environment.systemPackages = with pkgs; [
+		curl
+		neovim
+		bash
+		git
+
+		zip unzip
+		xz
+		zstd
+		gnutar
+
+		diffutils
+		file
+		tree
+		gnused
+		gnugrep
+		stow
+
+		killall
+		gnupg
+	];
+
+	programs = {
+		neovim.enable = true;
+		neovim.defaultEditor = true;
+
+		git = {
+			enable = true;
+			lfs.enable = true;
+			config = {
+				init.defaultBranch = "main";
+			};
+		};
+	};
+}

nix/personal.nix

@@ -0,0 +1,29 @@
+{ pkgs
+, inputs
+, ...
+}@args:
+{
+	imports = [
+		inputs.home-manager.nixosModules.home-manager
+	];
+
+	home-manager.useGlobalPkgs = true;
+	home-manager.useUserPackages = true;
+	home-manager.users.kp2pml30 = import ./personal/home.nix args;
+
+	users.users.kp2pml30 = import ./personal/user.nix args;
+
+	programs = {
+		fish.enable = true;
+		tmux.enable = true;
+	};
+
+	environment.systemPackages = with pkgs; [
+		fish
+		fishPlugins.grc
+		grc
+
+		fira-code
+		nerd-fonts.fira-code
+	];
+}

nix/personal/home.nix

@@ -0,0 +1,50 @@
+{ pkgs
+, ...
+}@args:
+{
+	home.stateVersion = "24.05";
+
+	home = {
+		username = "kp2pml30";
+		homeDirectory = "/home/kp2pml30";
+		packages = with pkgs; [
+			starship
+			jq
+		];
+	};
+
+	nix.gc = {
+		automatic = true;
+		frequency = "weekly";
+	};
+
+	programs = {
+		git = {
+			enable = true;
+			userName = "kp2pml30";
+			userEmail = "kp2pml30@gmail.com";
+			lfs.enable = true;
+			extraConfig = {
+				init.defaultBranch = "main";
+			};
+		};
+
+		fish = {
+			enable = true;
+		};
+
+		starship = {
+			enable = true;
+			settings = {
+				add_newline = false;
+				format = "$cmd_duration$username$hostname$git_branch$git_commit$git_state$git_status$directory$status\n$character";
+				hostname.ssh_only = true;
+				cmd_duration.format = "took [$duration]($style)\n";
+			};
+		};
+
+		home-manager.enable = true;
+
+		neovim = import ./neovim.nix args;
+	};
+}

nix/personal/neovim.nix

@@ -0,0 +1,33 @@
+{ pkgs
+, lib
+, rootPath
+, ...
+}:
+let
+	fromGitHub = rev: repo: pkgs.vimUtils.buildVimPlugin {
+		pname = "${lib.strings.sanitizeDerivationName repo}";
+		version = rev;
+		src = builtins.fetchGit {
+			url = "https://github.com/${repo}.git";
+			rev = rev;
+		};
+	};
+	nvimConfig = builtins.readFile (rootPath + "/home/.config/nvim/base.vim");
+in
+{
+	enable = true;
+	defaultEditor = true;
+	
+	plugins = with pkgs.vimPlugins; [
+		nvim-treesitter.withAllGrammars
+		nvim-autopairs
+		nerdtree
+		tokyonight-nvim
+		barbar-nvim
+		feline-nvim
+		(fromGitHub "d63c811337b2f75de52f16efee176695f31e7fbc" "timakro/vim-yadi")
+		(fromGitHub "aafa5c187a15701a7299a392b907ec15d9a7075f" "nvim-tree/nvim-web-devicons")
+	];
+
+	extraConfig = nvimConfig;
+}

nix/personal/user.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+	isNormalUser = true;
+	extraGroups = [ "wheel" "networkmanager" ];
+	shell = pkgs.fish;
+	hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/";
+}

nix/server.nix

@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+let
+	mhostname = "example.org" ;
+in
+{
+	services.openssh = {
+		enable = true;
+		ports = [ 22 ];
+		openFirewall = true;
+		settings = {
+			PasswordAuthentication = false;
+			KbdInteractiveAuthentication = false;
+			AllowUsers = [ "kp2pml30-serv" ];
+		};
+	};
+
+	users.users.kp2pml30-serv = import ./user.nix;
+	users.users.nginx.extraGroups = [ "acme" ];
+
+	security.acme = {
+		acceptTerms = true;
+		defaults.email = "kp2pml30@gmail.com";
+		certs."${mhostname}" = {
+			serverAliases = [ "*.${mhostname}" ];
+			webroot = "/var/lib/acme/.challenges";
+			group = "nginx";
+			#extraDomainNames = [ "mail.example.org" ];
+		};
+	};
+	services.nginx = {
+		virtualHosts."${mhostname}" = {
+			enableACME = true;
+			listen = [
+				{ port = 80; }
+			];
+			locations."/.well-known/acme-challenge/" = {
+				root = "/var/lib/acme/.challenges";
+			};
+			locations."/" = {
+				return = 404;
+			};
+		};
+		streamConfig = (builtins.readFile ./stream.nginx);
+	};
+}

nix/server/stream.nginx

@@ -0,0 +1,86 @@
+map $ssl_preread_server_name $name {
+	chat.signal.org                         signal-service;
+	ud-chat.signal.org                      signal-service;
+	storage.signal.org                      storage-service;
+	cdn.signal.org                          signal-cdn;
+	cdn2.signal.org                         signal-cdn2;
+	cdn3.signal.org                         signal-cdn3;
+	cdsi.signal.org                         cdsi;
+	contentproxy.signal.org                 content-proxy;
+	sfu.voip.signal.org                     sfu;
+	svr2.signal.org                         svr2;
+	updates.signal.org                      updates;
+	updates2.signal.org                     updates2;
+	backend1.svr3.signal.org                svr31;
+	backend2.svr3.signal.org                svr32;
+	backend3.svr3.signal.org                svr33;
+	default                                 deny;
+}
+
+upstream signal-service {
+	 server chat.signal.org:443;
+}
+
+upstream storage-service {
+	server storage.signal.org:443;
+}
+
+upstream signal-cdn {
+	server cdn.signal.org:443;
+}
+
+upstream signal-cdn2 {
+	server cdn2.signal.org:443;
+}
+
+upstream signal-cdn3 {
+	server cdn3.signal.org:443;
+}
+
+upstream cdsi {
+	server cdsi.signal.org:443;
+}
+
+upstream content-proxy {
+	server contentproxy.signal.org:443;
+}
+
+upstream sfu {
+	server sfu.voip.signal.org:443;
+}
+
+upstream svr2 {
+	server svr2.signal.org:443;
+}
+
+upstream svr31 {
+	server backend1.svr3.signal.org:443;
+}
+
+upstream svr32 {
+	server backend2.svr3.signal.org:443;
+}
+
+upstream svr33 {
+	server backend3.svr3.signal.org:443;
+}
+
+upstream updates {
+	server updates.signal.org:443;
+}
+
+upstream updates2 {
+	server updates2.signal.org:443;
+}
+
+upstream deny {
+	server 127.0.0.1:9;
+}
+
+server {
+	listen                443;
+	proxy_pass            $name;
+	ssl_preread           on;
+	error_log             /dev/null;
+	access_log            off;
+}

nix/server/user.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+{
+	isNormalUser = true;
+	openssh.authorizedKeys.keys = [
+		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
+	];
+	extraGroups = [ "wheel" "networkmanager" ];
+}

nix/wsl.nix

@@ -0,0 +1,14 @@
+{ pkgs
+, inputs
+, ...
+}:
+{
+	imports = [
+		inputs.nixos-wsl.nixosModules.default
+	];
+	wsl = {
+		enable = true;
+		defaultUser = "kp2pml30";
+		wslConf.interop.appendWindowsPath = false;
+	};
+}