add server

2026-02-16 23:34:42 +04:00 · 2025-01-26 19:33:07 +04:00 · 2025-01-26 19:33:07 +04:00 · 95f65d9c03
commit 95f65d9c03
parent 284b131058
18 changed files with 358 additions and 112 deletions
--- a/default-configurations/.pre-commit-config.yaml
+++ b/default-configurations/.pre-commit-config.yaml
@ -31,7 +31,7 @@ repos:
    hooks:
    - id: clang-format
      types_or: [c++, c]
-      exclude: ^runners/py-libs
+      # exclude: <regex>

  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
    rev: 3.0.3
--- a/flake.lock
+++ b/flake.lock
@ -37,6 +37,42 @@
        "type": "github"
      }
    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1737057290,
+        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
    "nixos-wsl": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -78,6 +114,7 @@
    "root": {
      "inputs": {
        "home-manager": "home-manager",
+        "nixos-generators": "nixos-generators",
        "nixos-wsl": "nixos-wsl",
        "nixpkgs": "nixpkgs"
      }
--- a/flake.nix
+++ b/flake.nix
@ -9,13 +9,17 @@
 			url = "github:nix-community/home-manager/release-24.11";
 			inputs.nixpkgs.follows = "nixpkgs";
 		};
+		nixos-generators = {
+			url = "github:nix-community/nixos-generators";
+			inputs.nixpkgs.follows = "nixpkgs";
+		};
 		#vscode-server = {
 		#	url = "github:nix-community/nixos-vscode-server";
 		#	inputs.nixpkgs.follows = "nixpkgs";
 		#};
 	};

-	outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, ... }:
+	outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, ... }:
 		let
 			rootPath = self;
 			additionalArgs = { inherit inputs rootPath; };
@ -23,6 +27,29 @@
 		in
 		{
 			nixosConfigurations = {
+				server = nixpkgs.lib.nixosSystem {
+					system = "x86_64-linux";
+
+					modules = [
+						{
+							networking.hostId = "e31a5cc1";
+							time.timeZone = "Asia/Yerevan";
+
+							kp2pml30.server = {
+								hostname = "kp2pml30.moe";
+							};
+						}
+
+						./nix/common.nix
+
+						./nix/server
+
+						./nix/hardware/server.nix
+
+						nixos-generators.nixosModules.all-formats
+					];
+				};
+
 				personal-laptop = nixpkgs.lib.nixosSystem {
 					system = "x86_64-linux";
 					modules = [
@ -46,6 +73,8 @@
 								kitty = true;
 								opera = true;
 								steam = true;
+
+								boot.efiGrub = true;
 							};
 						}
 					];
@ -60,7 +89,7 @@
 						}
 						./nix/wsl.nix
 						./nix/common.nix
-						./nix/personal.nix
+						./nix/personal
 					];
 					specialArgs = additionalArgs;
 				};
--- a/nix/hardware/common.nix
+++ b/nix/hardware/common.nix
@ -4,25 +4,23 @@
 , ...
 }:
 {
-	hardware.enableRedistributableFirmware = true;
-
-	boot = {
-		loader.grub = {
-			enable = true;
-			devices = [ "nodev" ];
-			efiSupport = true;
-			useOSProber = true;
-		};
-
-		loader.efi.canTouchEfiVariables = true;
-
-		initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
-		initrd.kernelModules = [ ];
-		extraModulePackages = [ ];
+	options.kp2pml30.boot = {
+		efiGrub = lib.mkEnableOption "";
 	};

-	networking = {
-		networkmanager.enable = true;
-		useDHCP = lib.mkDefault true;
+	imports = [
+		./efiGrub.nix
+	];
+
+	config = {
+		hardware.enableRedistributableFirmware = true;
+
+		boot = {
+			loader.efi.canTouchEfiVariables = true;
+
+			initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "uas" "usbcore" ];
+			initrd.kernelModules = [ ];
+			extraModulePackages = [ ];
+		};
 	};
 }
--- a/nix/hardware/efiGrub.nix
+++ b/nix/hardware/efiGrub.nix
@ -0,0 +1,17 @@
+{ pkgs
+, config
+, lib
+, inputs
+, rootPath
+, ...
+}:
+let
+	cfg = config.kp2pml30.boot;
+in lib.mkIf cfg.efiGrub {
+	boot.loader.grub = {
+		enable = true;
+		devices = [ "nodev" ];
+		efiSupport = true;
+		useOSProber = true;
+	};
+}
--- a/nix/hardware/ideapad.nix
+++ b/nix/hardware/ideapad.nix
@ -39,4 +39,9 @@
 			support32Bit.enable = true;
 		};
 	};
+
+	networking = {
+		networkmanager.enable = true;
+		useDHCP = lib.mkDefault true;
+	};
 }
--- a/nix/hardware/server.nix
+++ b/nix/hardware/server.nix
@ -0,0 +1,58 @@
+{ pkgs
+, inputs
+, lib
+, ...
+}:
+{
+	imports = [
+		./common.nix
+	];
+
+	boot.initrd.availableKernelModules = [
+		"xhci_pci"
+		"ehci_pci"
+		"ahci"
+		"usbhid"
+		"usb_storage"
+		"sd_mod"
+		"virtio_balloon"
+		"virtio_blk"
+		"virtio_pci"
+		"virtio_ring"
+	];
+
+	fileSystems."/" = {
+		device = "/dev/disk/by-uuid/4a450f44-a611-4f12-9628-8d5da7cf0180";
+		fsType = "ext4";
+	};
+
+	fileSystems."/boot" = {
+		device = "/dev/disk/by-uuid/985D-9086";
+		fsType = "vfat";
+		options = [ "fmask=0077" "dmask=0077" ];
+	};
+
+	boot = {
+		loader.grub = {
+			enable = true;
+			#efiSupport = true;
+			#efiInstallAsRemovable = true;
+			devices = [ "/dev/vda" ];
+		};
+	};
+
+	services.qemuGuest.enable = true;
+
+	networking = {
+		hostName = "v168671";
+		interfaces.ens3.ipv4.addresses = [ {
+			prefixLength = 24;
+			address = "185.121.233.63";
+		} ];
+		defaultGateway = "185.121.233.1";
+		nameservers = [
+			"1.1.1.1"
+			"8.8.8.8"
+		];
+	};
+}
--- a/nix/personal/default.nix
+++ b/nix/personal/default.nix
@ -54,10 +54,6 @@ in {
 			fishPlugins.bass

 			grc
-
-			fira-code
-			fira-code-nerdfont
-			#nerd-fonts.fira-code
 		];

 		nixpkgs.config.allowUnfreePredicate = pkg:
--- a/nix/personal/graphical/default.nix
+++ b/nix/personal/graphical/default.nix
@ -14,4 +14,9 @@ in {
 		./opera.nix
 		./steam.nix
 	];
+
+	environment.systemPackages = with pkgs; [
+		fira-code
+		fira-code-nerdfont
+	];
 }
--- a/nix/personal/graphical/vscode.nix
+++ b/nix/personal/graphical/vscode.nix
@ -13,11 +13,15 @@ in lib.mkIf cfg.vscode {
 			package = pkgs.vscode;
 			mutableExtensionsDir = false;
 			userSettings = lib.importJSON("${rootPath}/vscode/settings.json");
-			extensions = [
-				pkgs.vscode-extensions.eamodio.gitlens
+			extensions = with pkgs; [
+				vscode-extensions.eamodio.gitlens
+				vscode-extensions.editorconfig.editorconfig

-				pkgs.vscode-extensions.streetsidesoftware.code-spell-checker
+				vscode-extensions.bierner.markdown-mermaid

+				vscode-extensions.tamasfe.even-better-toml
+
+				vscode-extensions.streetsidesoftware.code-spell-checker
 				(pkgs.vscode-utils.buildVscodeMarketplaceExtension {
 					mktplcRef = {
 						name = "code-spell-checker-russian";
@ -29,18 +33,6 @@ in lib.mkIf cfg.vscode {
 						license = lib.licenses.mit;
 					};
 				})
-
-				(pkgs.vscode-utils.buildVscodeMarketplaceExtension {
-					mktplcRef = {
-						name = "vscode-lldb";
-						publisher = "vadimcn";
-						version = "1.11.1";
-						sha256 = "urWkXVwD6Ad7DFVURc6sLQhhc6iKCgY89IovIWByz9U=";
-					};
-					meta = {
-						license = lib.licenses.mit;
-					};
-				})
 			];
 		};
 	};
--- a/nix/server.nix
+++ b/nix/server.nix
@ -1,45 +0,0 @@
-{ config, pkgs, ... }:
-let
-	mhostname = "example.org" ;
-in
-{
-	services.openssh = {
-		enable = true;
-		ports = [ 22 ];
-		openFirewall = true;
-		settings = {
-			PasswordAuthentication = false;
-			KbdInteractiveAuthentication = false;
-			AllowUsers = [ "kp2pml30-serv" ];
-		};
-	};
-
-	users.users.kp2pml30-serv = import ./user.nix;
-	users.users.nginx.extraGroups = [ "acme" ];
-
-	security.acme = {
-		acceptTerms = true;
-		defaults.email = "kp2pml30@gmail.com";
-		certs."${mhostname}" = {
-			serverAliases = [ "*.${mhostname}" ];
-			webroot = "/var/lib/acme/.challenges";
-			group = "nginx";
-			#extraDomainNames = [ "mail.example.org" ];
-		};
-	};
-	services.nginx = {
-		virtualHosts."${mhostname}" = {
-			enableACME = true;
-			listen = [
-				{ port = 80; }
-			];
-			locations."/.well-known/acme-challenge/" = {
-				root = "/var/lib/acme/.challenges";
-			};
-			locations."/" = {
-				return = 404;
-			};
-		};
-		streamConfig = (builtins.readFile ./stream.nginx);
-	};
-}
--- a/nix/server/boot.nix
+++ b/nix/server/boot.nix
@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+let
+	cfg = config.kp2pml30.server;
+in {
+}
--- a/nix/server/default.nix
+++ b/nix/server/default.nix
@ -0,0 +1,38 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+	cfg = config.kp2pml30.server;
+in {
+	options.kp2pml30.server = {
+		username = lib.mkOption {
+			type = lib.types.str;
+			default = "kp2pml30-serv";
+		};
+		hostname = lib.mkOption {
+			type = lib.types.str;
+			default = null;
+		};
+
+		nginx = lib.mkEnableOption "";
+	};
+
+	imports =  [
+		./ssh.nix
+		./nginx.nix
+		./boot.nix
+	];
+
+	config = {
+		users.users."${cfg.username}" = {
+			isNormalUser = true;
+			openssh.authorizedKeys.keys = [
+				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
+			];
+			extraGroups = [ "wheel" "networkmanager" "acme" ];
+			hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/";
+		};
+	};
+}
--- a/nix/server/nginx.nix
+++ b/nix/server/nginx.nix
@ -0,0 +1,38 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+	cfg = config.kp2pml30.server;
+in lib.mkIf cfg.nginx {
+	security.acme = {
+		acceptTerms = true;
+		defaults.email = "kp2pml30@gmail.com";
+		certs."${cfg.hostname}" = {
+			serverAliases = [ "*.${cfg.hostname}" ];
+			webroot = "/var/lib/acme/.challenges";
+			group = "nginx";
+		};
+	};
+
+	services.nginx = {
+		enable = true;
+
+		virtualHosts."${cfg.hostname}" = {
+			addSSL = true;
+			enableACME = true;
+			listen = [
+				{ port = 80; }
+			];
+			locations."/.well-known/acme-challenge/" = {
+				root = "/var/lib/acme/.challenges";
+			};
+			locations."/" = {
+				return = 404;
+			};
+		};
+
+		streamConfig = (builtins.readFile ./stream.nginx);
+	};
+}
--- a/nix/server/ssh.nix
+++ b/nix/server/ssh.nix
@ -0,0 +1,20 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+	cfg = config.kp2pml30.server;
+in {
+	services.openssh = {
+		enable = true;
+		ports = [ 22 ];
+		openFirewall = true;
+		settings = {
+			PasswordAuthentication = false;
+			KbdInteractiveAuthentication = false;
+			PermitRootLogin = lib.mkForce "no";
+			AllowUsers = [ cfg.username ];
+		};
+	};
+}
--- a/nix/server/user.nix
+++ b/nix/server/user.nix
@ -1,8 +0,0 @@
-{ config, pkgs, ... }:
-{
-	isNormalUser = true;
-	openssh.authorizedKeys.keys = [
-		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
-	];
-	extraGroups = [ "wheel" "networkmanager" ];
-}
--- a/vscode/settings.json
+++ b/vscode/settings.json
@ -1,21 +1,28 @@
 {
-    "window.titleBarStyle": "custom",
-    "editor.renderWhitespace": "all",
-    "files.trimTrailingWhitespace": true,
-    "editor.renderFinalNewline": "off",
-    "files.insertFinalNewline": true,
-    "C_Cpp.autocomplete": "disabled",
-    "clangd.detectExtensionConflicts": false,
-    "editor.fontFamily": "Fira Code, FiraCode, Consolas, 'monospace', monospace",
-    "editor.fontLigatures": true,
-    "extensions.ignoreRecommendations": true,
-    "editor.accessibilitySupport": "off",
-    "files.trimFinalNewlines": true,
-    "editor.padding.top": 64,
-    "explorer.confirmDragAndDrop": false,
-    "git.openRepositoryInParentFolders": "always",
-    "cmake.preferredGenerators": [
-        "Ninja"
-    ],
-    "cSpell.language": "en,ru"
+	"window.titleBarStyle": "custom",
+
+	"editor.fontFamily": "Fira Code, FiraCode, Consolas, 'monospace', monospace",
+	"editor.fontLigatures": true,
+
+	"files.trimTrailingWhitespace": true,
+	"files.insertFinalNewline": true,
+	"files.trimFinalNewlines": true,
+	"editor.padding.top": 64,
+	"editor.renderWhitespace": "all",
+	"editor.renderFinalNewline": "off",
+
+	"editor.accessibilitySupport": "off",
+	"explorer.confirmDragAndDrop": false,
+
+	"extensions.ignoreRecommendations": true,
+
+	"C_Cpp.autocomplete": "disabled",
+	"clangd.detectExtensionConflicts": false,
+
+	"git.openRepositoryInParentFolders": "always",
+
+	"cmake.preferredGenerators": [
+		"Ninja"
+	],
+	"cSpell.language": "en,ru"
 }
--- a/vscode/words.txt
+++ b/vscode/words.txt
@ -0,0 +1,54 @@
+# architectures
+aarch
+simd
+
+# build systems
+cflags
+cxxflags
+ldflags
+sysroot
+depfile
+codegen
+
+# bash
+pushd
+popd
+
+# language abbreviations
+errno
+syscall
+callconv
+noreturn
+orelse
+defer
+threadlocal
+
+# compiler
+klass
+iface
+zelf
+
+# python
+kwargs
+mkpath
+pathlib
+itertools
+
+# common abbreviations
+incref
+decref
+uninit
+
+# terms
+keccak
+
+# well known projects
+zlib
+bzlib
+lzma
+neovim
+cpython
+rustc
+wasm*
+wasi
+witx