added aqore-nix & changed nginx settings ebat ego v rot

desktops/aqore-nix/bootloader.nix

@@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+
+{
+	boot = {
+		initrd.kernelModules = [ "amdgpu" ];
+		loader = {
+			efi = {
+				canTouchEfiVariables = true;
+				efiSysMountPoint = "/boot/efi";
+			};
+			grub = {
+				enable = true;
+				device = "nodev";
+				efiSupport = true;
+				configurationLimit = 8;
+				gfxmodeEfi = "1920x1080";
+				forceInstall = true;
+				extraEntries = ''
+					menuentry "UEFI Firmware Setup" {
+						fwsetup
+					}
+				'';
+			};
+		};
+
+		binfmt.registrations.appimage = {
+			wrapInterpreterInShell = false;
+			interpreter = "${pkgs.appimage-run}/bin/appimage-run";
+			recognitionType = "magic";
+			offset = 0;
+			mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
+			magicOrExtension = ''\x7fELF....AI\x02'';
+		};
+	};
+}

desktops/aqore-nix/hardware/audio.nix

@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+
+{
+	services.pulseaudio.enable = false;
+	security.rtkit.enable = true;
+	services.pipewire = {
+		enable = true;
+		audio.enable = true;
+		alsa.enable = true;
+		alsa.support32Bit = true;
+		pulse.enable = true;
+		jack.enable = true;
+		extraConfig.pipewire = {
+			"00-rnnoise.conf" = {
+				"context.modules" = [
+					{
+						"name" = "libpipewire-module-filter-chain";
+						"args" = {
+							"node.description" = "Noise Cancelling source";
+							"media.name" = "Noise Cancelling source";
+							"filter.graph" = {
+								"nodes" = [
+									{
+										"type" = "ladspa";
+										"name" = "rnnoise";
+										"plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so";
+										"label" = "noise_suppressor_stereo";
+										"control" = {
+											"VAD Threshold (%)" = 50.0;
+											"VAD Grace Period (ms)" = 200;
+											"Retroactive VAD Grace (ms)" = 0;
+										};
+									}
+								];
+							};
+							"audio.position" = [
+								"FR"
+								"FL"
+							];
+							"capture.props" = {
+								"node.name" = "capture.rnnoise_source";
+								"node.passive" = true;
+								"audio.rate" = 96000;
+							};
+							"playback.props" = {
+								"node.name" = "rnnoise_source";
+								"media.class" = "Audio/Source";
+								"media.role" = "Communication";
+								"audio.rate" = 96000;
+							};
+						};
+					}
+				];
+			};
+
+			"10-clock-rate" = {
+				"context.properties" = {
+					"default.clock.rate" = 96000;
+					"default.clock.allowed-rates" = [ 44100 48000 96000 ];
+					"audio.format" = "FLOAT32LE";
+				};
+			};
+		};
+	};
+}

desktops/aqore-nix/hardware/deco01-v3-driver.nix

@@ -0,0 +1,81 @@
+{
+	lib,
+	stdenv,
+	fetchzip,
+	libusb1,
+	glibc,
+	libGL,
+	xorg,
+	makeWrapper,
+	qtx11extras,
+	wrapQtAppsHook,
+	autoPatchelfHook,
+	libX11,
+	libXtst,
+	libXi,
+	libXrandr,
+	libXinerama
+}:
+
+let
+	dataDir = "var/lib/xppend1v3";
+in
+	stdenv.mkDerivation rec {
+		pname = "xp-pen-deco-01-v3-driver";
+		version = "4.0.7-250117";
+
+		src = fetchzip {
+			url = "https://download01.xp-pen.com/file/2025/02/XPPenLinux4.0.7-250117.tar.gz";
+			name = "xp-pen-deco-01-v3-driver-${version}.tar.gz";
+			sha256 = "sha256-sH05Qquo2u0npSlv8Par/mn1w/ESO9g42CCGwBauHhU=";
+		};
+
+		nativeBuildInputs = [
+			wrapQtAppsHook
+			autoPatchelfHook
+			makeWrapper
+		];
+
+		dontBuild = true;
+
+		dontWrapQtApps = true;
+
+		buildInputs = [
+			libusb1
+			libX11
+			libXtst
+			libXi
+			libXrandr
+			libXinerama
+			glibc
+			libGL
+			(lib.getLib stdenv.cc.cc)
+			qtx11extras
+		];
+
+		installPhase = ''
+			runHook preInstall
+
+			mkdir -p $out/{opt,bin}
+			cp -r App/usr/lib/pentablet/* $out/opt
+			chmod +x $out/opt/PenTablet
+			cp -r App/lib $out/lib
+			sed -i 's#usr/lib/pentablet#${dataDir}#g' $out/opt/PenTablet
+
+			runHook postInstall
+		'';
+
+		postFixup = ''
+			makeWrapper $out/opt/PenTablet $out/bin/xp-pen-deco-01-v3-driver \
+			"''${qtWrapperArgs[@]}" \
+			--run 'if [ "$EUID" -ne 0 ]; then echo "Please run as root."; exit 1; fi' \
+			--run 'if [ ! -d /${dataDir} ]; then mkdir -p /${dataDir}; cp -r '$out'/opt/conf /${dataDir}; chmod u+w -R /${dataDir}; fi'
+		'';
+
+		meta = with lib; {
+			homepage = "https://www.xp-pen.com/product/deco-01-v3.html";
+			description = "Drivers for the XP-PEN Deco 01 v3 drawing tablet";
+			platforms = [ "x86_64-linux" ];
+			license = licenses.unfree;
+		};
+	}

desktops/aqore-nix/hardware/graphics.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+	hardware.graphics.enable = true;
+	hardware.graphics.enable32Bit = true;
+	hardware.amdgpu.opencl.enable = true;
+
+	systemd.tmpfiles.rules = [
+		"L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
+    ];
+
+    hardware.graphics.extraPackages = with pkgs; [
+    	rocmPackages.clr.icd
+	];
+
+	hardware.amdgpu.overdrive.enable = true;
+	hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
+
+	environment.systemPackages = with pkgs; [ lact ];
+	systemd.packages = with pkgs; [ lact ];
+	systemd.services.lact.wantedBy = [ "multi-user.target" ];
+	systemd.services.lact.enable = true;
+}

desktops/aqore-nix/hardware/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+	imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+	boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+	boot.initrd.kernelModules = [ ];
+	boot.kernelModules = [ ];
+	boot.extraModulePackages = [ ];
+
+	fileSystems."/" = { 
+		device = "/dev/disk/by-uuid/a0aed18c-fc58-4285-96eb-7f169f79fd32";
+		fsType = "btrfs";
+		options = [ "subvol=@" "compress=zstd" ];
+	};
+
+	fileSystems."/boot/efi" = {
+		device = "/dev/disk/by-uuid/D950-5ABC";
+		fsType = "vfat";
+		options = [ "fmask=0077" "dmask=0077" ];
+	};
+
+	fileSystems."/home" = {
+		device = "/dev/disk/by-uuid/d2a83fff-f8db-4b53-ab01-40ccfaf0dc3e";
+		fsType = "btrfs";
+		options = [ "compress=zstd" ];
+	};
+
+	swapDevices = [ ];
+
+	networking.useDHCP = lib.mkDefault true;
+
+	nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+	hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

desktops/aqore-nix/hardware/network.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+{
+	networking = {
+		networkmanager.enable = false;
+		useDHCP = false;
+		firewall.enable = false;
+		interfaces = {
+			eno1 = {
+				ipv4.addresses = [{
+					address = "192.168.0.2";
+					prefixLength = 24;
+				}];
+			};
+		};
+		defaultGateway  = "192.168.0.1";
+		nameservers  = [
+			"9.9.9.9"
+			"1.1.1.1"
+			"8.8.8.8"
+		];
+		interfaces.eno1.wakeOnLan.enable = true;
+	};
+	
+	services.yggdrasil = {
+		enable = true;
+		persistentKeys = true;
+		settings = {
+			Peers = [
+				"tls://arti.project-a.space:666"
+				"tls://reine.project-a.space:666"
+			];
+			IfName = "ygg0";
+		};
+	};
+}

desktops/aqore-nix/locale.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+{
+	time.timeZone = "Asia/Novosibirsk";
+
+	i18n.defaultLocale = "en_US.UTF-8";
+
+	i18n.extraLocaleSettings = {
+		LC_ADDRESS = "en_US.UTF-8";
+		LC_IDENTIFICATION = "en_US.UTF-8";
+		LC_MEASUREMENT = "en_US.UTF-8";
+		LC_MONETARY = "en_US.UTF-8";
+		LC_NAME = "en_US.UTF-8";
+		LC_NUMERIC = "en_US.UTF-8";
+		LC_PAPER = "en_US.UTF-8";
+		LC_TELEPHONE = "en_US.UTF-8";
+		LC_TIME = "en_US.UTF-8";
+	};
+}

desktops/aqore-nix/main.nix

@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+
+{
+	imports = [
+		./bootloader.nix
+		./users.nix
+		./packages.nix
+		./services/ssh.nix
+		./services/sudo.nix
+		./hardware/hardware-configuration.nix
+		./hardware/audio.nix
+		./hardware/graphics.nix
+		./hardware/network.nix
+		./locale.nix
+	];
+
+	networking.hostName = "aqore-nix";
+
+	system.stateVersion = "25.05";
+
+	nix = {
+		settings = {
+			experimental-features = [ "nix-command" "flakes" ];
+			trusted-users = [ "root" "@wheel" ];
+			download-buffer-size = 524288000;
+			auto-optimise-store = true;
+		};
+		optimise = {
+			automatic = true;
+			dates = [ "weekly" ];
+		};
+		gc = {
+			automatic = true;
+			dates = "weekly";
+		};
+	};
+
+	virtualisation.docker.enable = true;
+
+	nixpkgs.config.allowUnfree = true;
+}

desktops/aqore-nix/packages.nix

@@ -0,0 +1,98 @@
+{ config, pkgs, emptypkgs, ... }:
+
+{
+	nixpkgs.config.allowUnfree = true;
+
+	services.displayManager.sddm.enable = true;
+	services.displayManager.sddm.wayland.enable = true;
+
+	services.desktopManager.plasma6.enable = true;
+
+	programs = {
+		amnezia-vpn.enable = true;
+		nekoray = {
+			enable = true;
+			tunMode.enable = true;
+		};
+		steam = {
+			enable = true;
+			remotePlay.openFirewall = true;
+			dedicatedServer.openFirewall = true;
+			localNetworkGameTransfers.openFirewall = true;
+		};
+		firefox = {
+			enable = true;
+			preferencesStatus = "user";
+		};
+		chromium.enable = true;
+		fish.enable = true;
+		screen.enable = true;
+		bat.enable = true;
+		zoxide.enable = true;
+		git.enable = true;
+	};
+
+	nixpkgs.config.permittedInsecurePackages = [
+		"openssl-1.1.1w"
+	];
+	environment.systemPackages = with pkgs; [
+		# Internet 
+		telegram-desktop
+		qbittorrent
+		nicotine-plus
+		mumble
+		# media
+		gimp
+		krita
+		jellyfin-media-player
+		vlc
+		audacity
+		qpwgraph
+		kdePackages.kdenlive
+		cava
+		# programming
+		sublime4
+		firebase-tools
+		bun
+		nodejs
+		lua54Packages.lua
+		lua54Packages.luacheck
+		love
+		gnumake
+		cmake
+		gcc
+		# games
+		prismlauncher
+		vcmi
+		# cli utils
+		nvtopPackages.amd
+		btop
+		ncdu
+		file
+		tree
+		wget
+		unzip
+		zip
+		unrar
+		fastfetch
+		ffmpeg
+		vulkan-tools
+		# wine, wayland and other crutches
+		wineWowPackages.stable
+		wineWowPackages.waylandFull
+		xwayland-satellite
+		pciutils
+		kdePackages.wallpaper-engine-plugin
+		kdePackages.qtwebengine
+		kdePackages.xwaylandvideobridge
+		(pkgs.libsForQt5.callPackage ./hardware/deco01-v3-driver.nix {})
+		(python3.withPackages (ps: with ps; [ websockets ]))
+	];
+
+	fonts.packages = with pkgs; [
+		noto-fonts
+		noto-fonts-cjk-sans
+		noto-fonts-emoji
+		nerd-fonts.fira-code
+	];
+}

desktops/aqore-nix/services/ssh.nix

@@ -0,0 +1,6 @@
+{ config, pkgs, ... }:
+
+{
+	services.openssh.enable = true;
+	services.openssh.settings.AllowGroups = [ "remote" ];
+}

desktops/aqore-nix/services/sudo.nix

@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+
+{
+	security.sudo = {
+		enable = true;
+
+		extraRules = [{
+			commands = [
+				{
+					command = "/run/current-system/sw/bin/xp-pen-deco-01-v3-driver";
+					options = [ "NOPASSWD" ];
+				}
+			];
+			groups = [ "users" ];
+		}];
+	};
+}

desktops/aqore-nix/users.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+	users.groups.remote = {};
+
+	users.users = {
+		almiriqi = {
+			isNormalUser = true;
+			description = "Almiriq!Iwasaki";
+			extraGroups = [ "wheel" ];
+			initialPassword = "iqirimla";
+		};
+		maria = {
+			isNormalUser = true;
+			description = "Maria Arusu";
+			extraGroups = [ "wheel" "remote" ];
+			initialPassword = "airam";
+		};
+		root = {
+			initialPassword = "toor";
+		};
+	};
+}

desktops/users/almiriqi/home.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{
+	home.stateVersion = "25.05";
+
+	home.username = "almiriqi";
+	home.homeDirectory = "/home/almiriqi";
+
+	home.packages = (import ./packages.nix) pkgs;
+
+	fonts.fontconfig.enable = true;
+	
+	programs.home-manager.enable = true;
+
+	programs.git = {
+		enable = true;
+		userName  = "AlmiriQ";
+		userEmail = "al.quali.4ef@gmail.com";
+	};
+}

desktops/users/almiriqi/packages.nix

@@ -0,0 +1,4 @@
+pkgs: with pkgs; [
+	inter
+	kode-mono
+]

flake.nix

@@ -11,10 +11,22 @@
 			url = "github:nix-community/home-manager/release-25.05";
 			inputs.nixpkgs.follows = "nixpkgs";
 		};
+		winapps = {
+			url = "github:winapps-org/winapps";
+			inputs.nixpkgs.follows = "nixpkgs";
+		};
 	};
 
-	outputs = { self, nixpkgs, nixpkgs-unstable, project-a-software, home-manager, secret, ... }:
-	let
+	outputs = {
+		self,
+		nixpkgs,
+		nixpkgs-unstable,
+		project-a-software,
+		home-manager,
+		winapps,
+		secret,
+		...
+	}: let
 		linux64 = "x86_64-linux";
 		nixosServer = { name, system ? linux64, modules ? [] }:
 			nixpkgs.lib.nixosSystem {
@@ -30,9 +42,31 @@
 	in {
 		nixosConfigurations = {
 			artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.marzban ]; };
-			reine = nixosServer { name = "reine"; };
+			reine = nixosServer { name = "reine"; modules = [ project-a-software.affine ]; };
 			mio = nixosServer { name = "mio"; modules = [ project-a-software.marzban ]; };
 			vanessa = nixosServer { name = "vanessa"; modules = [ project-a-software.marzban ]; };
+
+			aqore-nix = nixpkgs.lib.nixosSystem {
+				system = linux64;
+				specialArgs = {
+					inherit winapps;
+					pkgs-unstable = nixpkgs-unstable.legacyPackages.${linux64};
+				};
+				modules = [
+					./desktops/aqore-nix/main.nix
+					home-manager.nixosModules.home-manager {
+						home-manager.useGlobalPkgs = true;
+						home-manager.useUserPackages = true;
+						home-manager.users.almiriqi = ./desktops/users/almiriqi/home.nix;
+					}
+					({ pkgs, ... }: {
+						environment.systemPackages = [
+							winapps.packages."${linux64}".winapps
+							winapps.packages."${linux64}".winapps-launcher
+						];
+					})
+				];
+			};
 		};
 	};
 }

secret.nix

@@ -12,14 +12,14 @@ let
 		spiderX = mkOption { type = types.str; default = "/"; };
 		sni = mkOption { type = types.str; default = "/"; };
 	};
-	affine-config =  with lib; {
+	affine-config = with lib; {
 		env = {
 			PORT = mkOption { type = int; default = 3010; };
 			DB_USERNAME = mkOption { type = str; default = "affine"; };
 			DB_PASSWORD = mkOption { type = str; default = "affine"; };
 			DB_DATABASE = mkOption { type = str; default = "affine"; };
 		};
-		revision = mkOption { type = str; default = "stable"; }; 
+		revision = mkOption { type = str; default = "stable"; };
 	};
 in {
 	options = with lib; {
@@ -36,6 +36,7 @@ in {
 			};
 			reine = {
 				yggdrasil.PrivateKey = mkOption { type = str; default = ""; };
+				affine = affine-config;
 			};
 			common = {
 				yggdrasil = {

servers/artemisia/nginx.nix

@@ -6,8 +6,6 @@
 
 	services.nginx = {
 		enable = true;
-		recommendedTlsSettings = true;
-		recommendedOptimisation = true;
 		defaultSSLListenPort = 444;
 
 		virtualHosts = {
@@ -39,9 +37,6 @@
 				listen [::0]:443;
 				proxy_pass $name;
 				ssl_preread on;
-				proxy_connect_timeout 30s;
-				proxy_timeout 1h;
-				proxy_buffer_size 64k;
 			}
 		'';
 	};

servers/common/main.nix

@@ -12,5 +12,5 @@
 	programs.fish.enable = true;
 
 	nix.settings.experimental-features = [ "nix-command" "flakes" ];
-	nix.settings.trusted-users = [ "root" "@wheel"  ];
+	nix.settings.trusted-users = [ "root" "@wheel" ];
 }

servers/mio/nginx.nix

@@ -6,8 +6,6 @@
 
 	services.nginx = {
 		enable = true;
-		recommendedTlsSettings = true;
-		recommendedOptimisation = true;
 		defaultSSLListenPort = 444;
 
 		streamConfig = ''
@@ -28,9 +26,6 @@
 				listen [::0]:443;
 				proxy_pass $name;
 				ssl_preread on;
-				proxy_connect_timeout 30s;
-				proxy_timeout 1h;
-				proxy_buffer_size 64k;
 			}
 		'';
 	};

servers/reine/firewall.nix

@@ -1,5 +1,5 @@
 {config, pkgs, ... }:
 
 {
-	networking.firewall.allowedTCPPorts = [ 8080 ];
+	networking.firewall.allowedTCPPorts = [ 80 443 ];
 }

servers/reine/main.nix

@@ -4,7 +4,7 @@
 	imports =  [
 		./hardware-configuration.nix
 		./jellyfin.nix
-		./traefik.nix
+		./nginx.nix
 		./firewall.nix
 	];
 	networking.hostName = "reine";
@@ -21,4 +21,4 @@
 	hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
 	environment.systemPackages = with pkgs; [ clinfo mesa.opencl ];
 	system.stateVersion = "25.05";
-}
+}

servers/reine/nginx.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+	security.acme.defaults.email = "porject-a@project-a.space";
+	security.acme.acceptTerms = true;
+
+	services.nginx = {
+		enable = true;
+		recommendedTlsSettings = true;
+		recommendedOptimisation = true;
+		defaultSSLListenPort = 443;
+
+		virtualHosts = {
+			"affine.project-a.space" = {
+				forceSSL = true;
+				enableACME = true;
+				locations."/" = {
+					proxyPass = "http://localhost:3010";
+				};
+			};
+		};
+	};
+}

servers/reine/traefik.nix

@@ -1,66 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.traefik = {
-    enable = true;
-    staticConfigOptions = {
-      entryPoints = {
-        web = {
-          address = ":80";
-          http.redirections.entryPoint = {
-            to = "websecure";
-            scheme = "https";
-          };
-        };
-        websecure = {
-          address = ":443";
-          http.tls = {
-            certResolver = "letsencrypt";
-          };
-        };
-      };
-
-      api = {
-        dashboard = false;
-        insecure = false;  # Включить только для отладки, лучше использовать безопасный доступ
-      };
-
-      certificatesResolvers.letsencrypt.acme = {
-        email = "luc_ren@blnt-cult.ru";
-        storage = "${config.services.traefik.dataDir}/acme.json";
-        httpChallenge.entryPoint = "web";
-      };
-    };
-
-    dynamicConfigOptions = {
-      http = {
-        routers = {
-          jellyfin = {
-            rule = "Host(`jellyfin.project-a.space`)";
-            service = "jellyfin";
-            entryPoints = ["websecure"];
-            tls = {
-              certResolver = "letsencrypt";
-            };
-          };
-          jellyseerr = {
-            rule = "Host(`jellyseerr.project-a.space`)";
-            service = "jellyseerr";
-            entryPoints = ["websecure"];
-            tls = {
-              certResolver = "letsencrypt";
-            };
-          };
-        };
-        services = {
-          jellyfin.loadBalancer.servers = [
-            { url = "http://127.0.0.1:8096"; }
-          ];
-          jellyseerr.loadBalancer.servers = [
-            { url = "http://127.0.0.1:5055"; }
-          ];
-        };
-      };
-    };
-  };
-}

servers/vanessa/nginx.nix

@@ -6,8 +6,6 @@
 
 	services.nginx = {
 		enable = true;
-		recommendedTlsSettings = true;
-		recommendedOptimisation = true;
 		defaultSSLListenPort = 444;
 
 		streamConfig = ''
@@ -24,9 +22,6 @@
 				listen [::0]:443;
 				proxy_pass $name;
 				ssl_preread on;
-				proxy_connect_timeout 30s;
-				proxy_timeout 1h;
-				proxy_buffer_size 16k;
 			}
 		'';
 	};