From 95f65d9c0392cb26526c27176855ef2293357bfd Mon Sep 17 00:00:00 2001 From: kp2pml30 Date: Sun, 26 Jan 2025 19:33:07 +0400 Subject: [PATCH] add server --- .../.pre-commit-config.yaml | 2 +- flake.lock | 37 ++++++++++++ flake.nix | 33 ++++++++++- nix/hardware/common.nix | 34 +++++------ nix/hardware/efiGrub.nix | 17 ++++++ nix/hardware/ideapad.nix | 5 ++ nix/hardware/server.nix | 58 +++++++++++++++++++ nix/personal/default.nix | 4 -- nix/personal/graphical/default.nix | 5 ++ nix/personal/graphical/vscode.nix | 22 +++---- nix/server.nix | 45 -------------- nix/server/boot.nix | 5 ++ nix/server/default.nix | 38 ++++++++++++ nix/server/nginx.nix | 38 ++++++++++++ nix/server/ssh.nix | 20 +++++++ nix/server/user.nix | 8 --- vscode/settings.json | 45 ++++++++------ vscode/words.txt | 54 +++++++++++++++++ 18 files changed, 358 insertions(+), 112 deletions(-) create mode 100644 nix/hardware/efiGrub.nix create mode 100644 nix/hardware/server.nix delete mode 100644 nix/server.nix create mode 100644 nix/server/boot.nix create mode 100644 nix/server/default.nix create mode 100644 nix/server/nginx.nix create mode 100644 nix/server/ssh.nix delete mode 100644 nix/server/user.nix create mode 100644 vscode/words.txt diff --git a/default-configurations/.pre-commit-config.yaml b/default-configurations/.pre-commit-config.yaml index addd627..565b0ad 100644 --- a/default-configurations/.pre-commit-config.yaml +++ b/default-configurations/.pre-commit-config.yaml @@ -31,7 +31,7 @@ repos: hooks: - id: clang-format types_or: [c++, c] - exclude: ^runners/py-libs + # exclude: - repo: https://github.com/editorconfig-checker/editorconfig-checker.python rev: 3.0.3 diff --git a/flake.lock b/flake.lock index bdb810a..d50afc0 100644 --- a/flake.lock +++ b/flake.lock @@ -37,6 +37,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": "flake-compat", @@ -78,6 +114,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs" } diff --git a/flake.nix b/flake.nix index 897bc12..15ff61b 100644 --- a/flake.nix +++ b/flake.nix @@ -9,13 +9,17 @@ url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; #vscode-server = { # url = "github:nix-community/nixos-vscode-server"; # inputs.nixpkgs.follows = "nixpkgs"; #}; }; - outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, ... }: + outputs = inputs@{ self, nixpkgs, nixos-wsl, home-manager, nixos-generators, ... }: let rootPath = self; additionalArgs = { inherit inputs rootPath; }; @@ -23,6 +27,29 @@ in { nixosConfigurations = { + server = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + { + networking.hostId = "e31a5cc1"; + time.timeZone = "Asia/Yerevan"; + + kp2pml30.server = { + hostname = "kp2pml30.moe"; + }; + } + + ./nix/common.nix + + ./nix/server + + ./nix/hardware/server.nix + + nixos-generators.nixosModules.all-formats + ]; + }; + personal-laptop = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -46,6 +73,8 @@ kitty = true; opera = true; steam = true; + + boot.efiGrub = true; }; } ]; @@ -60,7 +89,7 @@ } ./nix/wsl.nix ./nix/common.nix - ./nix/personal.nix + ./nix/personal ]; specialArgs = additionalArgs; }; diff --git a/nix/hardware/common.nix b/nix/hardware/common.nix index 00abd71..4498277 100644 --- a/nix/hardware/common.nix +++ b/nix/hardware/common.nix @@ -4,25 +4,23 @@ , ... }: { - hardware.enableRedistributableFirmware = true; - - boot = { - loader.grub = { - enable = true; - devices = [ "nodev" ]; - efiSupport = true; - useOSProber = true; - }; - - loader.efi.canTouchEfiVariables = true; - - initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - initrd.kernelModules = [ ]; - extraModulePackages = [ ]; + options.kp2pml30.boot = { + efiGrub = lib.mkEnableOption ""; }; - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; + imports = [ + ./efiGrub.nix + ]; + + config = { + hardware.enableRedistributableFirmware = true; + + boot = { + loader.efi.canTouchEfiVariables = true; + + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "uas" "usbcore" ]; + initrd.kernelModules = [ ]; + extraModulePackages = [ ]; + }; }; } diff --git a/nix/hardware/efiGrub.nix b/nix/hardware/efiGrub.nix new file mode 100644 index 0000000..47c8ceb --- /dev/null +++ b/nix/hardware/efiGrub.nix @@ -0,0 +1,17 @@ +{ pkgs +, config +, lib +, inputs +, rootPath +, ... +}: +let + cfg = config.kp2pml30.boot; +in lib.mkIf cfg.efiGrub { + boot.loader.grub = { + enable = true; + devices = [ "nodev" ]; + efiSupport = true; + useOSProber = true; + }; +} diff --git a/nix/hardware/ideapad.nix b/nix/hardware/ideapad.nix index ed36e66..8f465b8 100644 --- a/nix/hardware/ideapad.nix +++ b/nix/hardware/ideapad.nix @@ -39,4 +39,9 @@ support32Bit.enable = true; }; }; + + networking = { + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + }; } diff --git a/nix/hardware/server.nix b/nix/hardware/server.nix new file mode 100644 index 0000000..5c074de --- /dev/null +++ b/nix/hardware/server.nix @@ -0,0 +1,58 @@ +{ pkgs +, inputs +, lib +, ... +}: +{ + imports = [ + ./common.nix + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "virtio_balloon" + "virtio_blk" + "virtio_pci" + "virtio_ring" + ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/4a450f44-a611-4f12-9628-8d5da7cf0180"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/985D-9086"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + boot = { + loader.grub = { + enable = true; + #efiSupport = true; + #efiInstallAsRemovable = true; + devices = [ "/dev/vda" ]; + }; + }; + + services.qemuGuest.enable = true; + + networking = { + hostName = "v168671"; + interfaces.ens3.ipv4.addresses = [ { + prefixLength = 24; + address = "185.121.233.63"; + } ]; + defaultGateway = "185.121.233.1"; + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; +} diff --git a/nix/personal/default.nix b/nix/personal/default.nix index 6396223..d750b7b 100644 --- a/nix/personal/default.nix +++ b/nix/personal/default.nix @@ -54,10 +54,6 @@ in { fishPlugins.bass grc - - fira-code - fira-code-nerdfont - #nerd-fonts.fira-code ]; nixpkgs.config.allowUnfreePredicate = pkg: diff --git a/nix/personal/graphical/default.nix b/nix/personal/graphical/default.nix index e646bb4..c1d004e 100644 --- a/nix/personal/graphical/default.nix +++ b/nix/personal/graphical/default.nix @@ -14,4 +14,9 @@ in { ./opera.nix ./steam.nix ]; + + environment.systemPackages = with pkgs; [ + fira-code + fira-code-nerdfont + ]; } diff --git a/nix/personal/graphical/vscode.nix b/nix/personal/graphical/vscode.nix index 26cb8a6..7704879 100644 --- a/nix/personal/graphical/vscode.nix +++ b/nix/personal/graphical/vscode.nix @@ -13,11 +13,15 @@ in lib.mkIf cfg.vscode { package = pkgs.vscode; mutableExtensionsDir = false; userSettings = lib.importJSON("${rootPath}/vscode/settings.json"); - extensions = [ - pkgs.vscode-extensions.eamodio.gitlens + extensions = with pkgs; [ + vscode-extensions.eamodio.gitlens + vscode-extensions.editorconfig.editorconfig - pkgs.vscode-extensions.streetsidesoftware.code-spell-checker + vscode-extensions.bierner.markdown-mermaid + vscode-extensions.tamasfe.even-better-toml + + vscode-extensions.streetsidesoftware.code-spell-checker (pkgs.vscode-utils.buildVscodeMarketplaceExtension { mktplcRef = { name = "code-spell-checker-russian"; @@ -29,18 +33,6 @@ in lib.mkIf cfg.vscode { license = lib.licenses.mit; }; }) - - (pkgs.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - name = "vscode-lldb"; - publisher = "vadimcn"; - version = "1.11.1"; - sha256 = "urWkXVwD6Ad7DFVURc6sLQhhc6iKCgY89IovIWByz9U="; - }; - meta = { - license = lib.licenses.mit; - }; - }) ]; }; }; diff --git a/nix/server.nix b/nix/server.nix deleted file mode 100644 index 37d19f8..0000000 --- a/nix/server.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, ... }: -let - mhostname = "example.org" ; -in -{ - services.openssh = { - enable = true; - ports = [ 22 ]; - openFirewall = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - AllowUsers = [ "kp2pml30-serv" ]; - }; - }; - - users.users.kp2pml30-serv = import ./user.nix; - users.users.nginx.extraGroups = [ "acme" ]; - - security.acme = { - acceptTerms = true; - defaults.email = "kp2pml30@gmail.com"; - certs."${mhostname}" = { - serverAliases = [ "*.${mhostname}" ]; - webroot = "/var/lib/acme/.challenges"; - group = "nginx"; - #extraDomainNames = [ "mail.example.org" ]; - }; - }; - services.nginx = { - virtualHosts."${mhostname}" = { - enableACME = true; - listen = [ - { port = 80; } - ]; - locations."/.well-known/acme-challenge/" = { - root = "/var/lib/acme/.challenges"; - }; - locations."/" = { - return = 404; - }; - }; - streamConfig = (builtins.readFile ./stream.nginx); - }; -} diff --git a/nix/server/boot.nix b/nix/server/boot.nix new file mode 100644 index 0000000..60ffee3 --- /dev/null +++ b/nix/server/boot.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: +let + cfg = config.kp2pml30.server; +in { +} diff --git a/nix/server/default.nix b/nix/server/default.nix new file mode 100644 index 0000000..2e66211 --- /dev/null +++ b/nix/server/default.nix @@ -0,0 +1,38 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.kp2pml30.server; +in { + options.kp2pml30.server = { + username = lib.mkOption { + type = lib.types.str; + default = "kp2pml30-serv"; + }; + hostname = lib.mkOption { + type = lib.types.str; + default = null; + }; + + nginx = lib.mkEnableOption ""; + }; + + imports = [ + ./ssh.nix + ./nginx.nix + ./boot.nix + ]; + + config = { + users.users."${cfg.username}" = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc" + ]; + extraGroups = [ "wheel" "networkmanager" "acme" ]; + hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/"; + }; + }; +} diff --git a/nix/server/nginx.nix b/nix/server/nginx.nix new file mode 100644 index 0000000..b9b5d4b --- /dev/null +++ b/nix/server/nginx.nix @@ -0,0 +1,38 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.kp2pml30.server; +in lib.mkIf cfg.nginx { + security.acme = { + acceptTerms = true; + defaults.email = "kp2pml30@gmail.com"; + certs."${cfg.hostname}" = { + serverAliases = [ "*.${cfg.hostname}" ]; + webroot = "/var/lib/acme/.challenges"; + group = "nginx"; + }; + }; + + services.nginx = { + enable = true; + + virtualHosts."${cfg.hostname}" = { + addSSL = true; + enableACME = true; + listen = [ + { port = 80; } + ]; + locations."/.well-known/acme-challenge/" = { + root = "/var/lib/acme/.challenges"; + }; + locations."/" = { + return = 404; + }; + }; + + streamConfig = (builtins.readFile ./stream.nginx); + }; +} diff --git a/nix/server/ssh.nix b/nix/server/ssh.nix new file mode 100644 index 0000000..b40fe6a --- /dev/null +++ b/nix/server/ssh.nix @@ -0,0 +1,20 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.kp2pml30.server; +in { + services.openssh = { + enable = true; + ports = [ 22 ]; + openFirewall = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = lib.mkForce "no"; + AllowUsers = [ cfg.username ]; + }; + }; +} diff --git a/nix/server/user.nix b/nix/server/user.nix deleted file mode 100644 index da6e4c9..0000000 --- a/nix/server/user.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: -{ - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc" - ]; - extraGroups = [ "wheel" "networkmanager" ]; -} diff --git a/vscode/settings.json b/vscode/settings.json index a77d59c..c909e6b 100644 --- a/vscode/settings.json +++ b/vscode/settings.json @@ -1,21 +1,28 @@ { - "window.titleBarStyle": "custom", - "editor.renderWhitespace": "all", - "files.trimTrailingWhitespace": true, - "editor.renderFinalNewline": "off", - "files.insertFinalNewline": true, - "C_Cpp.autocomplete": "disabled", - "clangd.detectExtensionConflicts": false, - "editor.fontFamily": "Fira Code, FiraCode, Consolas, 'monospace', monospace", - "editor.fontLigatures": true, - "extensions.ignoreRecommendations": true, - "editor.accessibilitySupport": "off", - "files.trimFinalNewlines": true, - "editor.padding.top": 64, - "explorer.confirmDragAndDrop": false, - "git.openRepositoryInParentFolders": "always", - "cmake.preferredGenerators": [ - "Ninja" - ], - "cSpell.language": "en,ru" + "window.titleBarStyle": "custom", + + "editor.fontFamily": "Fira Code, FiraCode, Consolas, 'monospace', monospace", + "editor.fontLigatures": true, + + "files.trimTrailingWhitespace": true, + "files.insertFinalNewline": true, + "files.trimFinalNewlines": true, + "editor.padding.top": 64, + "editor.renderWhitespace": "all", + "editor.renderFinalNewline": "off", + + "editor.accessibilitySupport": "off", + "explorer.confirmDragAndDrop": false, + + "extensions.ignoreRecommendations": true, + + "C_Cpp.autocomplete": "disabled", + "clangd.detectExtensionConflicts": false, + + "git.openRepositoryInParentFolders": "always", + + "cmake.preferredGenerators": [ + "Ninja" + ], + "cSpell.language": "en,ru" } diff --git a/vscode/words.txt b/vscode/words.txt new file mode 100644 index 0000000..7bf2662 --- /dev/null +++ b/vscode/words.txt @@ -0,0 +1,54 @@ +# architectures +aarch +simd + +# build systems +cflags +cxxflags +ldflags +sysroot +depfile +codegen + +# bash +pushd +popd + +# language abbreviations +errno +syscall +callconv +noreturn +orelse +defer +threadlocal + +# compiler +klass +iface +zelf + +# python +kwargs +mkpath +pathlib +itertools + +# common abbreviations +incref +decref +uninit + +# terms +keccak + +# well known projects +zlib +bzlib +lzma +neovim +cpython +rustc +wasm* +wasi +witx