diff --git a/flake.nix b/flake.nix index 032fdec..fba3c52 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ hostname = "kp2pml30.moe"; nginx = true; forgejo = true; + nix-cache = true; }; } diff --git a/nix/hardware/mini.nix b/nix/hardware/mini.nix index 4c58a19..e8954bc 100644 --- a/nix/hardware/mini.nix +++ b/nix/hardware/mini.nix @@ -1,4 +1,3 @@ - { pkgs , inputs , lib @@ -6,7 +5,10 @@ , ... }: { - imports = [ ./common.nix ]; + imports = [ + ./common.nix + # ./nvidia.nix + ]; fileSystems."/" = { device = "/dev/disk/by-uuid/1ec7bbd6-cb83-427a-a901-d5fb7a4ef3ba"; @@ -19,15 +21,15 @@ options = [ "fmask=0077" "dmask=0077" ]; }; - fileSystems."/mnt/d" = { - device = "/dev/sda1"; - fsType = "exfat"; - options = [ - "users" - "exec" - "nofail" - ]; - }; +# fileSystems."/mnt/d" = { +# device = "/dev/sda1"; +# fsType = "exfat"; +# options = [ +# "users" +# "exec" +# "nofail" +# ]; +# }; swapDevices = [ { device = "/dev/disk/by-uuid/c68daa9f-f165-4e23-8710-2aab0ad8d282"; } ]; diff --git a/nix/hardware/nvidia.nix b/nix/hardware/nvidia.nix new file mode 100644 index 0000000..bed6b44 --- /dev/null +++ b/nix/hardware/nvidia.nix @@ -0,0 +1,16 @@ +{ pkgs +, inputs +, lib +, config +, ... +}: +{ + services.xserver.videoDrivers = ["nvidia"]; + + hardware.nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.production; + modesetting.enable = true; + open = false; + nvidiaSettings = true; + }; +} diff --git a/nix/personal/graphical/messengers.nix b/nix/personal/graphical/messengers.nix index a9ab1ce..6805b0c 100644 --- a/nix/personal/graphical/messengers.nix +++ b/nix/personal/graphical/messengers.nix @@ -8,10 +8,27 @@ let cfg = config.kp2pml30; signalSuffix = if system == "x86_64-linux" then "amd64" else "arm64"; + discord-version = "0.0.160"; in lib.mkIf cfg.messengers.personal { users.users.${cfg.username}.packages = with pkgs; [ discord-ptb + #(discord-ptb.overrideAttrs(finalAttrs: previousAttrs: { + # src = fetchurl { + # url = "https://ptb.dl2.discordapp.net/apps/linux/${discord-version}/discord-ptb-${discord-version}.tar.gz"; + # hash = lib.fakeHash; + # }; + #})) telegram-desktop - pkgs.signal-desktop +# (pkgs.callPackage "${pkgs.path}/pkgs/by-name/si/signal-desktop/generic.nix" { } rec { +# pname = "signal-desktop"; +# version = "7.65.0"; +# +# libdir = "opt/Signal"; +# bindir = libdir; +# extractPkg = "dpkg-deb -x $downloadedFile $out"; +# +# url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_${version}_amd64.deb"; +# hash = lib.fakeHash; +# }) ]; } diff --git a/nix/personal/graphical/opera.nix b/nix/personal/graphical/opera.nix index 66d4807..bb26e2f 100644 --- a/nix/personal/graphical/opera.nix +++ b/nix/personal/graphical/opera.nix @@ -6,10 +6,16 @@ }: let cfg = config.kp2pml30; + version = "122.0.5643.51"; in lib.mkIf cfg.opera { home-manager.users.${cfg.username}.home = { packages = with pkgs; [ - (opera.override { proprietaryCodecs = true; }) + ((opera.override { proprietaryCodecs = true; }).overrideAttrs (finalAttrs: previousAttrs: { + src = fetchurl { + url = "https://get.geo.opera.com/pub/opera/desktop/${version}/linux/opera-stable_${version}_amd64.deb"; + hash = "sha256-l/NG3UEI1MEu7yVte0wkxsMsIhpCsAT7292u/IsqUL0="; + }; + })) ]; }; } diff --git a/nix/personal/graphical/vscode.nix b/nix/personal/graphical/vscode.nix index 7704879..5f28a48 100644 --- a/nix/personal/graphical/vscode.nix +++ b/nix/personal/graphical/vscode.nix @@ -10,30 +10,36 @@ in lib.mkIf cfg.vscode { home-manager.users.${cfg.username} = { programs.vscode = { enable = true; - package = pkgs.vscode; + package = (pkgs.vscode.overrideAttrs (oldAttrs: rec { + src = (builtins.fetchTarball { + url = "https://update.code.visualstudio.com/1.104.1/linux-x64/stable"; + sha256 = "sha256:109mdk1v323dyhzrq0444gjjhfpjxbllkqkhsapfj44ypjzdjcy8"; + }); + version = "1.102.2"; + })); mutableExtensionsDir = false; userSettings = lib.importJSON("${rootPath}/vscode/settings.json"); - extensions = with pkgs; [ - vscode-extensions.eamodio.gitlens - vscode-extensions.editorconfig.editorconfig +# extensions = with pkgs; [ +# vscode-extensions.eamodio.gitlens +# vscode-extensions.editorconfig.editorconfig +# +# vscode-extensions.bierner.markdown-mermaid - vscode-extensions.bierner.markdown-mermaid +# vscode-extensions.tamasfe.even-better-toml - vscode-extensions.tamasfe.even-better-toml - - vscode-extensions.streetsidesoftware.code-spell-checker - (pkgs.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - name = "code-spell-checker-russian"; - publisher = "streetsidesoftware"; - version = "0.2.2"; - sha256 = "a3b00c76a4aafecb962d6c292a3b9240a27d84b17de2119bb8007d0ad90ab443"; - }; - meta = { - license = lib.licenses.mit; - }; - }) - ]; +# vscode-extensions.streetsidesoftware.code-spell-checker +# (pkgs.vscode-utils.buildVscodeMarketplaceExtension { +# mktplcRef = { +# name = "code-spell-checker-russian"; +# publisher = "streetsidesoftware"; +# version = "0.2.2"; +# sha256 = "a3b00c76a4aafecb962d6c292a3b9240a27d84b17de2119bb8007d0ad90ab443"; +# }; +# meta = { +# license = lib.licenses.mit; +# }; +# }) +# ]; }; }; } diff --git a/nix/server/default.nix b/nix/server/default.nix index a3eadd9..423fa05 100644 --- a/nix/server/default.nix +++ b/nix/server/default.nix @@ -20,6 +20,9 @@ in { forgejo = lib.mkEnableOption ""; + dns = lib.mkEnableOption ""; + nix-cache = lib.mkEnableOption ""; + sitePath = lib.mkOption { type = lib.types.str; }; @@ -31,6 +34,8 @@ in { ./boot.nix ./site.nix ./forgejo.nix + ./dns.nix + ./nix-cache.nix ]; config = { diff --git a/nix/server/dns.nix b/nix/server/dns.nix new file mode 100644 index 0000000..0ba5290 --- /dev/null +++ b/nix/server/dns.nix @@ -0,0 +1,34 @@ + +{ config +, pkgs +, lib +, self +, nixpkgs +, kp2pml30-moe +, system +, ... +}@args: +let + cfg = config.kp2pml30.server; +in lib.mkIf cfg.nginx { + services.coredns.enable = true; + services.coredns.config = '' + dns://.:53 { + forward . tls://1.1.1.1 { + tls + tls_servername cloudflare-dns.com + } + cache + } + + https://.:8003 { + forward . dns://127.0.0.1:53 { + tls + tls_servername cloudflare-dns.com + policy random + } + cache + } + ''; + # networking.networkmanager.insertNameservers = [ "127.0.0.1" ]; +} diff --git a/nix/server/nginx.nix b/nix/server/nginx.nix index b2ffa75..57d10fc 100644 --- a/nix/server/nginx.nix +++ b/nix/server/nginx.nix @@ -14,7 +14,7 @@ in lib.mkIf cfg.nginx { defaults.email = "kp2pml30@gmail.com"; #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; certs."${cfg.hostname}" = { - extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" ]; + extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" "backend.${cfg.hostname}" "dns.${cfg.hostname}" "cache.nix.${cfg.hostname}" ]; webroot = acmeRoot; group = "nginx"; }; @@ -23,47 +23,74 @@ in lib.mkIf cfg.nginx { services.nginx = { enable = true; - virtualHosts."git.${cfg.hostname}" = { - enableACME = true; - acmeRoot = acmeRoot; + virtualHosts = { + "git.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; - listen = [ - { addr = "0.0.0.0"; port = 80; } - ]; + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; - locations."/" = { - proxyPass = "http://127.0.0.1:8002"; + locations."/" = { + proxyPass = "http://127.0.0.1:8002"; + }; }; - }; - virtualHosts."backend.${cfg.hostname}" = { - enableACME = true; - acmeRoot = acmeRoot; + "backend.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; - listen = [ - { addr = "0.0.0.0"; port = 80; } - ]; + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; - locations."/" = { - proxyPass = "http://127.0.0.1:8001"; + locations."/" = { + proxyPass = "http://127.0.0.1:8001"; + }; }; - }; - virtualHosts."${cfg.hostname}" = { - # addSSL = true; - # forceSSL = true; - enableACME = true; - acmeRoot = acmeRoot; + "dns.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; - listen = [ - { addr = "0.0.0.0"; port = 80; } - ]; + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; - locations."/" = { - root = cfg.sitePath; - tryFiles = "$uri $uri/ /index.html"; + locations."/" = { + proxyPass = "http://127.0.0.1:8003"; + }; }; - }; + + + "${cfg.hostname}" = { + # addSSL = true; + # forceSSL = true; + enableACME = true; + acmeRoot = acmeRoot; + + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; + + locations."/" = { + root = cfg.sitePath; + tryFiles = "$uri $uri/ /index.html"; + }; + }; + } // (if cfg.nix-cache then { + "cache.nix.${cfg.hostname}" = { + enableACME = true; + acmeRoot = acmeRoot; + listen = [ + { addr = "0.0.0.0"; port = 80; } + ]; + locations."/" = { + proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + }; + } else {}); streamConfig = (builtins.readFile ./stream.nginx); }; diff --git a/nix/server/nix-cache.nix b/nix/server/nix-cache.nix new file mode 100644 index 0000000..14beb5a --- /dev/null +++ b/nix/server/nix-cache.nix @@ -0,0 +1,18 @@ + +{ config +, pkgs +, lib +, self +, nixpkgs +, kp2pml30-moe +, system +, ... +}@args: +let + cfg = config.kp2pml30.server; +in lib.mkIf cfg.nix-cache { + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; +} diff --git a/nix/server/stream.nginx b/nix/server/stream.nginx index 3075273..a77c4b2 100644 --- a/nix/server/stream.nginx +++ b/nix/server/stream.nginx @@ -14,6 +14,7 @@ map $ssl_preread_server_name $name { kp2pml30.moe self; git.kp2pml30.moe self; + cache.nix.kp2pml30.moe self; default deny; } @@ -83,7 +84,7 @@ server { server { listen 443 ssl; - server_name kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe; + server_name kp2pml30.moe git.kp2pml30.moe backend.kp2pml30.moe dns.kp2pml30.moe cache.nix.kp2pml30.moe; proxy_pass self; ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem;