chore: update

2026-02-16 23:34:42 +04:00 · 2025-09-22 18:37:19 +09:00 · 2025-09-22 18:37:19 +09:00 · bbacfb100e
commit bbacfb100e
parent 8f90650888
11 changed files with 198 additions and 65 deletions
--- a/flake.nix
+++ b/flake.nix
@ -44,6 +44,7 @@
 								hostname = "kp2pml30.moe";
 								nginx = true;
 								forgejo = true;
+								nix-cache = true;
 							};
 						}

--- a/nix/hardware/mini.nix
+++ b/nix/hardware/mini.nix
@ -1,4 +1,3 @@
-
 { pkgs
 , inputs
 , lib
@ -6,7 +5,10 @@
 , ...
 }:
 {
-	imports = [ ./common.nix ];
+	imports = [
+		./common.nix
+		# ./nvidia.nix
+	];

 	fileSystems."/" = {
 		device = "/dev/disk/by-uuid/1ec7bbd6-cb83-427a-a901-d5fb7a4ef3ba";
@ -19,15 +21,15 @@
 		options = [ "fmask=0077" "dmask=0077" ];
 	};

-	fileSystems."/mnt/d" = {
-		device = "/dev/sda1";
-		fsType = "exfat";
-		options = [
-			"users"
-			"exec"
-			"nofail"
-		];
-	};
+#	fileSystems."/mnt/d" = {
+#		device = "/dev/sda1";
+#		fsType = "exfat";
+#		options = [
+#			"users"
+#			"exec"
+#			"nofail"
+#		];
+#	};

 	swapDevices = [ { device = "/dev/disk/by-uuid/c68daa9f-f165-4e23-8710-2aab0ad8d282"; } ];

--- a/nix/hardware/nvidia.nix
+++ b/nix/hardware/nvidia.nix
@ -0,0 +1,16 @@
+{ pkgs
+, inputs
+, lib
+, config
+, ...
+}:
+{
+	services.xserver.videoDrivers = ["nvidia"];
+
+	hardware.nvidia = {
+		package = config.boot.kernelPackages.nvidiaPackages.production;
+		modesetting.enable = true;
+		open = false;
+		nvidiaSettings = true;
+	};
+}
--- a/nix/personal/graphical/messengers.nix
+++ b/nix/personal/graphical/messengers.nix
@ -8,10 +8,27 @@
 let
 	cfg = config.kp2pml30;
 	signalSuffix = if system == "x86_64-linux" then "amd64" else "arm64";
+	discord-version = "0.0.160";
 in lib.mkIf cfg.messengers.personal {
 	users.users.${cfg.username}.packages = with pkgs; [
 		discord-ptb
+		#(discord-ptb.overrideAttrs(finalAttrs: previousAttrs: {
+		#	src = fetchurl {
+		#		url = "https://ptb.dl2.discordapp.net/apps/linux/${discord-version}/discord-ptb-${discord-version}.tar.gz";
+		#		hash = lib.fakeHash;
+		#	};
+		#}))
 		telegram-desktop
-		pkgs.signal-desktop
+#		(pkgs.callPackage "${pkgs.path}/pkgs/by-name/si/signal-desktop/generic.nix" { } rec {
+#			pname = "signal-desktop";
+#			version = "7.65.0";
+#
+#			libdir = "opt/Signal";
+#			bindir = libdir;
+#			extractPkg = "dpkg-deb -x $downloadedFile $out";
+#
+#			url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_${version}_amd64.deb";
+#			hash = lib.fakeHash;
+#		})
 	];
 }
--- a/nix/personal/graphical/opera.nix
+++ b/nix/personal/graphical/opera.nix
@ -6,10 +6,16 @@
 }:
 let
 	cfg = config.kp2pml30;
+	version = "122.0.5643.51";
 in lib.mkIf cfg.opera {
 	home-manager.users.${cfg.username}.home = {
 		packages = with pkgs; [
-			(opera.override { proprietaryCodecs = true; })
+			((opera.override { proprietaryCodecs = true; }).overrideAttrs (finalAttrs: previousAttrs: {
+				src = fetchurl {
+					url = "https://get.geo.opera.com/pub/opera/desktop/${version}/linux/opera-stable_${version}_amd64.deb";
+					hash = "sha256-l/NG3UEI1MEu7yVte0wkxsMsIhpCsAT7292u/IsqUL0=";
+				};
+			}))
 		];
 	};
 }
--- a/nix/personal/graphical/vscode.nix
+++ b/nix/personal/graphical/vscode.nix
@ -10,30 +10,36 @@ in lib.mkIf cfg.vscode {
 	home-manager.users.${cfg.username} = {
 		programs.vscode = {
 			enable = true;
-			package = pkgs.vscode;
+			package = (pkgs.vscode.overrideAttrs (oldAttrs: rec {
+				src = (builtins.fetchTarball {
+				url = "https://update.code.visualstudio.com/1.104.1/linux-x64/stable";
+				sha256 = "sha256:109mdk1v323dyhzrq0444gjjhfpjxbllkqkhsapfj44ypjzdjcy8";
+				});
+				version = "1.102.2";
+			}));
 			mutableExtensionsDir = false;
 			userSettings = lib.importJSON("${rootPath}/vscode/settings.json");
-			extensions = with pkgs; [
-				vscode-extensions.eamodio.gitlens
-				vscode-extensions.editorconfig.editorconfig
+#			extensions = with pkgs; [
+#				vscode-extensions.eamodio.gitlens
+#				vscode-extensions.editorconfig.editorconfig
+#
+#				vscode-extensions.bierner.markdown-mermaid

-				vscode-extensions.bierner.markdown-mermaid
+#				vscode-extensions.tamasfe.even-better-toml

-				vscode-extensions.tamasfe.even-better-toml
-
-				vscode-extensions.streetsidesoftware.code-spell-checker
-				(pkgs.vscode-utils.buildVscodeMarketplaceExtension {
-					mktplcRef = {
-						name = "code-spell-checker-russian";
-						publisher = "streetsidesoftware";
-						version = "0.2.2";
-						sha256 = "a3b00c76a4aafecb962d6c292a3b9240a27d84b17de2119bb8007d0ad90ab443";
-					};
-					meta = {
-						license = lib.licenses.mit;
-					};
-				})
-			];
+#				vscode-extensions.streetsidesoftware.code-spell-checker
+#				(pkgs.vscode-utils.buildVscodeMarketplaceExtension {
+#					mktplcRef = {
+#						name = "code-spell-checker-russian";
+#						publisher = "streetsidesoftware";
+#						version = "0.2.2";
+#						sha256 = "a3b00c76a4aafecb962d6c292a3b9240a27d84b17de2119bb8007d0ad90ab443";
+#					};
+#					meta = {
+#						license = lib.licenses.mit;
+#					};
+#				})
+#			];
 		};
 	};
 }
--- a/nix/server/default.nix
+++ b/nix/server/default.nix
@ -20,6 +20,9 @@ in {

 		forgejo = lib.mkEnableOption "";

+		dns = lib.mkEnableOption "";
+		nix-cache = lib.mkEnableOption "";
+
 		sitePath = lib.mkOption {
 			type = lib.types.str;
 		};
@ -31,6 +34,8 @@ in {
 		./boot.nix
 		./site.nix
 		./forgejo.nix
+		./dns.nix
+		./nix-cache.nix
 	];

 	config = {
--- a/nix/server/dns.nix
+++ b/nix/server/dns.nix
@ -0,0 +1,34 @@
+
+{ config
+, pkgs
+, lib
+, self
+, nixpkgs
+, kp2pml30-moe
+, system
+, ...
+}@args:
+let
+	cfg = config.kp2pml30.server;
+in lib.mkIf cfg.nginx {
+	services.coredns.enable = true;
+	services.coredns.config = ''
+		dns://.:53 {
+			forward . tls://1.1.1.1 {
+				tls
+				tls_servername cloudflare-dns.com
+			}
+			cache
+		}
+
+		https://.:8003 {
+			forward . dns://127.0.0.1:53 {
+				tls
+				tls_servername cloudflare-dns.com
+				policy random
+			}
+			cache
+		}
+	'';
+	# networking.networkmanager.insertNameservers = [ "127.0.0.1" ];
+}
--- a/nix/server/nginx.nix
+++ b/nix/server/nginx.nix
@ -14,7 +14,7 @@ in lib.mkIf cfg.nginx {
 		defaults.email = "kp2pml30@gmail.com";
 		#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
 		certs."${cfg.hostname}" = {
-			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" ];
+			extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" "dns.${cfg.hostname}" "cache.nix.${cfg.hostname}" ];
 			webroot = acmeRoot;
 			group = "nginx";
 		};
@ -23,47 +23,74 @@ in lib.mkIf cfg.nginx {
 	services.nginx = {
 		enable = true;

-		virtualHosts."git.${cfg.hostname}" = {
-			enableACME = true;
-			acmeRoot = acmeRoot;
+		virtualHosts = {
+			"git.${cfg.hostname}" = {
+				enableACME = true;
+				acmeRoot = acmeRoot;

-			listen = [
-				{ addr = "0.0.0.0"; port = 80; }
-			];
+				listen = [
+					{ addr = "0.0.0.0"; port = 80; }
+				];

-			locations."/" = {
-				proxyPass = "http://127.0.0.1:8002";
+				locations."/" = {
+					proxyPass = "http://127.0.0.1:8002";
+				};
 			};
-		};

-		virtualHosts."backend.${cfg.hostname}" = {
-			enableACME = true;
-			acmeRoot = acmeRoot;
+			"backend.${cfg.hostname}" = {
+				enableACME = true;
+				acmeRoot = acmeRoot;

-			listen = [
-				{ addr = "0.0.0.0"; port = 80; }
-			];
+				listen = [
+					{ addr = "0.0.0.0"; port = 80; }
+				];

-			locations."/" = {
-				proxyPass = "http://127.0.0.1:8001";
+				locations."/" = {
+					proxyPass = "http://127.0.0.1:8001";
+				};
 			};
-		};

-		virtualHosts."${cfg.hostname}" = {
-			# addSSL = true;
-			# forceSSL = true;
-			enableACME = true;
-			acmeRoot = acmeRoot;
+			"dns.${cfg.hostname}" = {
+				enableACME = true;
+				acmeRoot = acmeRoot;

-			listen = [
-				{ addr = "0.0.0.0"; port = 80; }
-			];
+				listen = [
+					{ addr = "0.0.0.0"; port = 80; }
+				];

-			locations."/" = {
-				root = cfg.sitePath;
-				tryFiles = "$uri $uri/ /index.html";
+				locations."/" = {
+					proxyPass = "http://127.0.0.1:8003";
+				};
 			};
-		};
+
+
+			"${cfg.hostname}" = {
+				# addSSL = true;
+				# forceSSL = true;
+				enableACME = true;
+				acmeRoot = acmeRoot;
+
+				listen = [
+					{ addr = "0.0.0.0"; port = 80; }
+				];
+
+				locations."/" = {
+					root = cfg.sitePath;
+					tryFiles = "$uri $uri/ /index.html";
+				};
+			};
+		} // (if cfg.nix-cache then {
+			"cache.nix.${cfg.hostname}" = {
+				enableACME = true;
+				acmeRoot = acmeRoot;
+				listen = [
+					{ addr = "0.0.0.0"; port = 80; }
+				];
+				locations."/" = {
+					proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+				};
+			};
+		} else {});

 		streamConfig = (builtins.readFile ./stream.nginx);
 	};
--- a/nix/server/nix-cache.nix
+++ b/nix/server/nix-cache.nix
@ -0,0 +1,18 @@
+
+{ config
+, pkgs
+, lib
+, self
+, nixpkgs
+, kp2pml30-moe
+, system
+, ...
+}@args:
+let
+	cfg = config.kp2pml30.server;
+in lib.mkIf cfg.nix-cache {
+	services.nix-serve = {
+		enable = true;
+		secretKeyFile = "/var/cache-priv-key.pem";
+	};
+}
--- a/nix/server/stream.nginx
+++ b/nix/server/stream.nginx
@ -14,6 +14,7 @@ map $ssl_preread_server_name $name {

 	kp2pml30.moe                            self;
 	git.kp2pml30.moe                        self;
+	cache.nix.kp2pml30.moe                        self;

 	default                                 deny;
 }
@ -83,7 +84,7 @@ server {

 server {
 	listen          443 ssl;
-	server_name     kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe;
+	server_name     kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe dns.kp2pml30.moe cache.nix.kp2pml30.moe;
 	proxy_pass      self;

 	ssl_certificate         /var/lib/acme/kp2pml30.moe/fullchain.pem;