From 7e2f7a341acab90c6060aa4ec1e3f229ff722f2b Mon Sep 17 00:00:00 2001 From: emptyynes Date: Wed, 24 Sep 2025 16:59:35 +0700 Subject: [PATCH] added aqore-nix & changed nginx settings ebat ego v rot --- desktops/aqore-nix/bootloader.nix | 35 +++++++ desktops/aqore-nix/hardware/audio.nix | 65 ++++++++++++ .../aqore-nix/hardware/deco01-v3-driver.nix | 81 +++++++++++++++ desktops/aqore-nix/hardware/graphics.nix | 23 +++++ .../hardware/hardware-configuration.nix | 38 +++++++ desktops/aqore-nix/hardware/network.nix | 36 +++++++ desktops/aqore-nix/locale.nix | 19 ++++ desktops/aqore-nix/main.nix | 41 ++++++++ desktops/aqore-nix/packages.nix | 98 +++++++++++++++++++ desktops/aqore-nix/services/ssh.nix | 6 ++ desktops/aqore-nix/services/sudo.nix | 17 ++++ desktops/aqore-nix/users.nix | 23 +++++ desktops/users/almiriqi/home.nix | 20 ++++ desktops/users/almiriqi/packages.nix | 4 + flake.nix | 40 +++++++- secret.nix | 5 +- servers/artemisia/nginx.nix | 5 - servers/common/main.nix | 2 +- servers/mio/nginx.nix | 5 - servers/reine/firewall.nix | 2 +- servers/reine/main.nix | 4 +- servers/reine/nginx.nix | 23 +++++ servers/reine/traefik.nix | 66 ------------- servers/vanessa/nginx.nix | 5 - 24 files changed, 573 insertions(+), 90 deletions(-) create mode 100644 desktops/aqore-nix/bootloader.nix create mode 100644 desktops/aqore-nix/hardware/audio.nix create mode 100644 desktops/aqore-nix/hardware/deco01-v3-driver.nix create mode 100644 desktops/aqore-nix/hardware/graphics.nix create mode 100644 desktops/aqore-nix/hardware/hardware-configuration.nix create mode 100644 desktops/aqore-nix/hardware/network.nix create mode 100644 desktops/aqore-nix/locale.nix create mode 100644 desktops/aqore-nix/main.nix create mode 100644 desktops/aqore-nix/packages.nix create mode 100644 desktops/aqore-nix/services/ssh.nix create mode 100644 desktops/aqore-nix/services/sudo.nix create mode 100644 desktops/aqore-nix/users.nix create mode 100644 desktops/users/almiriqi/home.nix create mode 100644 desktops/users/almiriqi/packages.nix create mode 100644 servers/reine/nginx.nix delete mode 100644 servers/reine/traefik.nix diff --git a/desktops/aqore-nix/bootloader.nix b/desktops/aqore-nix/bootloader.nix new file mode 100644 index 0000000..c0c1fb1 --- /dev/null +++ b/desktops/aqore-nix/bootloader.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + boot = { + initrd.kernelModules = [ "amdgpu" ]; + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + configurationLimit = 8; + gfxmodeEfi = "1920x1080"; + forceInstall = true; + extraEntries = '' + menuentry "UEFI Firmware Setup" { + fwsetup + } + ''; + }; + }; + + binfmt.registrations.appimage = { + wrapInterpreterInShell = false; + interpreter = "${pkgs.appimage-run}/bin/appimage-run"; + recognitionType = "magic"; + offset = 0; + mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; + magicOrExtension = ''\x7fELF....AI\x02''; + }; + }; +} \ No newline at end of file diff --git a/desktops/aqore-nix/hardware/audio.nix b/desktops/aqore-nix/hardware/audio.nix new file mode 100644 index 0000000..7a52604 --- /dev/null +++ b/desktops/aqore-nix/hardware/audio.nix @@ -0,0 +1,65 @@ +{ config, pkgs, ... }: + +{ + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + audio.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + extraConfig.pipewire = { + "00-rnnoise.conf" = { + "context.modules" = [ + { + "name" = "libpipewire-module-filter-chain"; + "args" = { + "node.description" = "Noise Cancelling source"; + "media.name" = "Noise Cancelling source"; + "filter.graph" = { + "nodes" = [ + { + "type" = "ladspa"; + "name" = "rnnoise"; + "plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"; + "label" = "noise_suppressor_stereo"; + "control" = { + "VAD Threshold (%)" = 50.0; + "VAD Grace Period (ms)" = 200; + "Retroactive VAD Grace (ms)" = 0; + }; + } + ]; + }; + "audio.position" = [ + "FR" + "FL" + ]; + "capture.props" = { + "node.name" = "capture.rnnoise_source"; + "node.passive" = true; + "audio.rate" = 96000; + }; + "playback.props" = { + "node.name" = "rnnoise_source"; + "media.class" = "Audio/Source"; + "media.role" = "Communication"; + "audio.rate" = 96000; + }; + }; + } + ]; + }; + + "10-clock-rate" = { + "context.properties" = { + "default.clock.rate" = 96000; + "default.clock.allowed-rates" = [ 44100 48000 96000 ]; + "audio.format" = "FLOAT32LE"; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/desktops/aqore-nix/hardware/deco01-v3-driver.nix b/desktops/aqore-nix/hardware/deco01-v3-driver.nix new file mode 100644 index 0000000..19dcddd --- /dev/null +++ b/desktops/aqore-nix/hardware/deco01-v3-driver.nix @@ -0,0 +1,81 @@ +{ + lib, + stdenv, + fetchzip, + libusb1, + glibc, + libGL, + xorg, + makeWrapper, + qtx11extras, + wrapQtAppsHook, + autoPatchelfHook, + libX11, + libXtst, + libXi, + libXrandr, + libXinerama +}: + +let + dataDir = "var/lib/xppend1v3"; +in + stdenv.mkDerivation rec { + pname = "xp-pen-deco-01-v3-driver"; + version = "4.0.7-250117"; + + src = fetchzip { + url = "https://download01.xp-pen.com/file/2025/02/XPPenLinux4.0.7-250117.tar.gz"; + name = "xp-pen-deco-01-v3-driver-${version}.tar.gz"; + sha256 = "sha256-sH05Qquo2u0npSlv8Par/mn1w/ESO9g42CCGwBauHhU="; + }; + + nativeBuildInputs = [ + wrapQtAppsHook + autoPatchelfHook + makeWrapper + ]; + + dontBuild = true; + + dontWrapQtApps = true; + + buildInputs = [ + libusb1 + libX11 + libXtst + libXi + libXrandr + libXinerama + glibc + libGL + (lib.getLib stdenv.cc.cc) + qtx11extras + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/{opt,bin} + cp -r App/usr/lib/pentablet/* $out/opt + chmod +x $out/opt/PenTablet + cp -r App/lib $out/lib + sed -i 's#usr/lib/pentablet#${dataDir}#g' $out/opt/PenTablet + + runHook postInstall + ''; + + postFixup = '' + makeWrapper $out/opt/PenTablet $out/bin/xp-pen-deco-01-v3-driver \ + "''${qtWrapperArgs[@]}" \ + --run 'if [ "$EUID" -ne 0 ]; then echo "Please run as root."; exit 1; fi' \ + --run 'if [ ! -d /${dataDir} ]; then mkdir -p /${dataDir}; cp -r '$out'/opt/conf /${dataDir}; chmod u+w -R /${dataDir}; fi' + ''; + + meta = with lib; { + homepage = "https://www.xp-pen.com/product/deco-01-v3.html"; + description = "Drivers for the XP-PEN Deco 01 v3 drawing tablet"; + platforms = [ "x86_64-linux" ]; + license = licenses.unfree; + }; + } \ No newline at end of file diff --git a/desktops/aqore-nix/hardware/graphics.nix b/desktops/aqore-nix/hardware/graphics.nix new file mode 100644 index 0000000..3dfaf98 --- /dev/null +++ b/desktops/aqore-nix/hardware/graphics.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + hardware.amdgpu.opencl.enable = true; + + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + + hardware.graphics.extraPackages = with pkgs; [ + rocmPackages.clr.icd + ]; + + hardware.amdgpu.overdrive.enable = true; + hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff"; + + environment.systemPackages = with pkgs; [ lact ]; + systemd.packages = with pkgs; [ lact ]; + systemd.services.lact.wantedBy = [ "multi-user.target" ]; + systemd.services.lact.enable = true; +} diff --git a/desktops/aqore-nix/hardware/hardware-configuration.nix b/desktops/aqore-nix/hardware/hardware-configuration.nix new file mode 100644 index 0000000..b259967 --- /dev/null +++ b/desktops/aqore-nix/hardware/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/a0aed18c-fc58-4285-96eb-7f169f79fd32"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" ]; + }; + + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/D950-5ABC"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/d2a83fff-f8db-4b53-ab01-40ccfaf0dc3e"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/desktops/aqore-nix/hardware/network.nix b/desktops/aqore-nix/hardware/network.nix new file mode 100644 index 0000000..900b7df --- /dev/null +++ b/desktops/aqore-nix/hardware/network.nix @@ -0,0 +1,36 @@ +{ config, pkgs, ... }: + +{ + networking = { + networkmanager.enable = false; + useDHCP = false; + firewall.enable = false; + interfaces = { + eno1 = { + ipv4.addresses = [{ + address = "192.168.0.2"; + prefixLength = 24; + }]; + }; + }; + defaultGateway = "192.168.0.1"; + nameservers = [ + "9.9.9.9" + "1.1.1.1" + "8.8.8.8" + ]; + interfaces.eno1.wakeOnLan.enable = true; + }; + + services.yggdrasil = { + enable = true; + persistentKeys = true; + settings = { + Peers = [ + "tls://arti.project-a.space:666" + "tls://reine.project-a.space:666" + ]; + IfName = "ygg0"; + }; + }; +} diff --git a/desktops/aqore-nix/locale.nix b/desktops/aqore-nix/locale.nix new file mode 100644 index 0000000..fcc3220 --- /dev/null +++ b/desktops/aqore-nix/locale.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: + +{ + time.timeZone = "Asia/Novosibirsk"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/desktops/aqore-nix/main.nix b/desktops/aqore-nix/main.nix new file mode 100644 index 0000000..04de1ed --- /dev/null +++ b/desktops/aqore-nix/main.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./bootloader.nix + ./users.nix + ./packages.nix + ./services/ssh.nix + ./services/sudo.nix + ./hardware/hardware-configuration.nix + ./hardware/audio.nix + ./hardware/graphics.nix + ./hardware/network.nix + ./locale.nix + ]; + + networking.hostName = "aqore-nix"; + + system.stateVersion = "25.05"; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ "root" "@wheel" ]; + download-buffer-size = 524288000; + auto-optimise-store = true; + }; + optimise = { + automatic = true; + dates = [ "weekly" ]; + }; + gc = { + automatic = true; + dates = "weekly"; + }; + }; + + virtualisation.docker.enable = true; + + nixpkgs.config.allowUnfree = true; +} diff --git a/desktops/aqore-nix/packages.nix b/desktops/aqore-nix/packages.nix new file mode 100644 index 0000000..7a83a8b --- /dev/null +++ b/desktops/aqore-nix/packages.nix @@ -0,0 +1,98 @@ +{ config, pkgs, emptypkgs, ... }: + +{ + nixpkgs.config.allowUnfree = true; + + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + + services.desktopManager.plasma6.enable = true; + + programs = { + amnezia-vpn.enable = true; + nekoray = { + enable = true; + tunMode.enable = true; + }; + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + }; + firefox = { + enable = true; + preferencesStatus = "user"; + }; + chromium.enable = true; + fish.enable = true; + screen.enable = true; + bat.enable = true; + zoxide.enable = true; + git.enable = true; + }; + + nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1w" + ]; + environment.systemPackages = with pkgs; [ + # Internet + telegram-desktop + qbittorrent + nicotine-plus + mumble + # media + gimp + krita + jellyfin-media-player + vlc + audacity + qpwgraph + kdePackages.kdenlive + cava + # programming + sublime4 + firebase-tools + bun + nodejs + lua54Packages.lua + lua54Packages.luacheck + love + gnumake + cmake + gcc + # games + prismlauncher + vcmi + # cli utils + nvtopPackages.amd + btop + ncdu + file + tree + wget + unzip + zip + unrar + fastfetch + ffmpeg + vulkan-tools + # wine, wayland and other crutches + wineWowPackages.stable + wineWowPackages.waylandFull + xwayland-satellite + pciutils + kdePackages.wallpaper-engine-plugin + kdePackages.qtwebengine + kdePackages.xwaylandvideobridge + (pkgs.libsForQt5.callPackage ./hardware/deco01-v3-driver.nix {}) + (python3.withPackages (ps: with ps; [ websockets ])) + ]; + + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + nerd-fonts.fira-code + ]; +} \ No newline at end of file diff --git a/desktops/aqore-nix/services/ssh.nix b/desktops/aqore-nix/services/ssh.nix new file mode 100644 index 0000000..b92697b --- /dev/null +++ b/desktops/aqore-nix/services/ssh.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: + +{ + services.openssh.enable = true; + services.openssh.settings.AllowGroups = [ "remote" ]; +} \ No newline at end of file diff --git a/desktops/aqore-nix/services/sudo.nix b/desktops/aqore-nix/services/sudo.nix new file mode 100644 index 0000000..e530a8a --- /dev/null +++ b/desktops/aqore-nix/services/sudo.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + security.sudo = { + enable = true; + + extraRules = [{ + commands = [ + { + command = "/run/current-system/sw/bin/xp-pen-deco-01-v3-driver"; + options = [ "NOPASSWD" ]; + } + ]; + groups = [ "users" ]; + }]; + }; +} \ No newline at end of file diff --git a/desktops/aqore-nix/users.nix b/desktops/aqore-nix/users.nix new file mode 100644 index 0000000..cac6239 --- /dev/null +++ b/desktops/aqore-nix/users.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + users.groups.remote = {}; + + users.users = { + almiriqi = { + isNormalUser = true; + description = "Almiriq!Iwasaki"; + extraGroups = [ "wheel" ]; + initialPassword = "iqirimla"; + }; + maria = { + isNormalUser = true; + description = "Maria Arusu"; + extraGroups = [ "wheel" "remote" ]; + initialPassword = "airam"; + }; + root = { + initialPassword = "toor"; + }; + }; +} \ No newline at end of file diff --git a/desktops/users/almiriqi/home.nix b/desktops/users/almiriqi/home.nix new file mode 100644 index 0000000..bed7a97 --- /dev/null +++ b/desktops/users/almiriqi/home.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + home.stateVersion = "25.05"; + + home.username = "almiriqi"; + home.homeDirectory = "/home/almiriqi"; + + home.packages = (import ./packages.nix) pkgs; + + fonts.fontconfig.enable = true; + + programs.home-manager.enable = true; + + programs.git = { + enable = true; + userName = "AlmiriQ"; + userEmail = "al.quali.4ef@gmail.com"; + }; +} \ No newline at end of file diff --git a/desktops/users/almiriqi/packages.nix b/desktops/users/almiriqi/packages.nix new file mode 100644 index 0000000..e9d1417 --- /dev/null +++ b/desktops/users/almiriqi/packages.nix @@ -0,0 +1,4 @@ +pkgs: with pkgs; [ + inter + kode-mono +] diff --git a/flake.nix b/flake.nix index 7b913dd..277ab8b 100644 --- a/flake.nix +++ b/flake.nix @@ -11,10 +11,22 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + winapps = { + url = "github:winapps-org/winapps"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, project-a-software, home-manager, secret, ... }: - let + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + project-a-software, + home-manager, + winapps, + secret, + ... + }: let linux64 = "x86_64-linux"; nixosServer = { name, system ? linux64, modules ? [] }: nixpkgs.lib.nixosSystem { @@ -30,9 +42,31 @@ in { nixosConfigurations = { artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.marzban ]; }; - reine = nixosServer { name = "reine"; }; + reine = nixosServer { name = "reine"; modules = [ project-a-software.affine ]; }; mio = nixosServer { name = "mio"; modules = [ project-a-software.marzban ]; }; vanessa = nixosServer { name = "vanessa"; modules = [ project-a-software.marzban ]; }; + + aqore-nix = nixpkgs.lib.nixosSystem { + system = linux64; + specialArgs = { + inherit winapps; + pkgs-unstable = nixpkgs-unstable.legacyPackages.${linux64}; + }; + modules = [ + ./desktops/aqore-nix/main.nix + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.almiriqi = ./desktops/users/almiriqi/home.nix; + } + ({ pkgs, ... }: { + environment.systemPackages = [ + winapps.packages."${linux64}".winapps + winapps.packages."${linux64}".winapps-launcher + ]; + }) + ]; + }; }; }; } \ No newline at end of file diff --git a/secret.nix b/secret.nix index 2c0a5d2..e0269bd 100644 --- a/secret.nix +++ b/secret.nix @@ -12,14 +12,14 @@ let spiderX = mkOption { type = types.str; default = "/"; }; sni = mkOption { type = types.str; default = "/"; }; }; - affine-config = with lib; { + affine-config = with lib; { env = { PORT = mkOption { type = int; default = 3010; }; DB_USERNAME = mkOption { type = str; default = "affine"; }; DB_PASSWORD = mkOption { type = str; default = "affine"; }; DB_DATABASE = mkOption { type = str; default = "affine"; }; }; - revision = mkOption { type = str; default = "stable"; }; + revision = mkOption { type = str; default = "stable"; }; }; in { options = with lib; { @@ -36,6 +36,7 @@ in { }; reine = { yggdrasil.PrivateKey = mkOption { type = str; default = ""; }; + affine = affine-config; }; common = { yggdrasil = { diff --git a/servers/artemisia/nginx.nix b/servers/artemisia/nginx.nix index 54b652c..a4f1152 100644 --- a/servers/artemisia/nginx.nix +++ b/servers/artemisia/nginx.nix @@ -6,8 +6,6 @@ services.nginx = { enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; defaultSSLListenPort = 444; virtualHosts = { @@ -39,9 +37,6 @@ listen [::0]:443; proxy_pass $name; ssl_preread on; - proxy_connect_timeout 30s; - proxy_timeout 1h; - proxy_buffer_size 64k; } ''; }; diff --git a/servers/common/main.nix b/servers/common/main.nix index 5fdfc8d..22be3fe 100644 --- a/servers/common/main.nix +++ b/servers/common/main.nix @@ -12,5 +12,5 @@ programs.fish.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.trusted-users = [ "root" "@wheel" ]; + nix.settings.trusted-users = [ "root" "@wheel" ]; } \ No newline at end of file diff --git a/servers/mio/nginx.nix b/servers/mio/nginx.nix index 1ca9108..47e6014 100644 --- a/servers/mio/nginx.nix +++ b/servers/mio/nginx.nix @@ -6,8 +6,6 @@ services.nginx = { enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; defaultSSLListenPort = 444; streamConfig = '' @@ -28,9 +26,6 @@ listen [::0]:443; proxy_pass $name; ssl_preread on; - proxy_connect_timeout 30s; - proxy_timeout 1h; - proxy_buffer_size 64k; } ''; }; diff --git a/servers/reine/firewall.nix b/servers/reine/firewall.nix index 9a38616..793ae67 100644 --- a/servers/reine/firewall.nix +++ b/servers/reine/firewall.nix @@ -1,5 +1,5 @@ {config, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/servers/reine/main.nix b/servers/reine/main.nix index 51c9b47..60ad402 100644 --- a/servers/reine/main.nix +++ b/servers/reine/main.nix @@ -4,7 +4,7 @@ imports = [ ./hardware-configuration.nix ./jellyfin.nix - ./traefik.nix + ./nginx.nix ./firewall.nix ]; networking.hostName = "reine"; @@ -21,4 +21,4 @@ hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff"; environment.systemPackages = with pkgs; [ clinfo mesa.opencl ]; system.stateVersion = "25.05"; -} +} \ No newline at end of file diff --git a/servers/reine/nginx.nix b/servers/reine/nginx.nix new file mode 100644 index 0000000..efc7f08 --- /dev/null +++ b/servers/reine/nginx.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + security.acme.defaults.email = "porject-a@project-a.space"; + security.acme.acceptTerms = true; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + defaultSSLListenPort = 443; + + virtualHosts = { + "affine.project-a.space" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:3010"; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/servers/reine/traefik.nix b/servers/reine/traefik.nix deleted file mode 100644 index 5a3c774..0000000 --- a/servers/reine/traefik.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.traefik = { - enable = true; - staticConfigOptions = { - entryPoints = { - web = { - address = ":80"; - http.redirections.entryPoint = { - to = "websecure"; - scheme = "https"; - }; - }; - websecure = { - address = ":443"; - http.tls = { - certResolver = "letsencrypt"; - }; - }; - }; - - api = { - dashboard = false; - insecure = false; # Включить только для отладки, лучше использовать безопасный доступ - }; - - certificatesResolvers.letsencrypt.acme = { - email = "luc_ren@blnt-cult.ru"; - storage = "${config.services.traefik.dataDir}/acme.json"; - httpChallenge.entryPoint = "web"; - }; - }; - - dynamicConfigOptions = { - http = { - routers = { - jellyfin = { - rule = "Host(`jellyfin.project-a.space`)"; - service = "jellyfin"; - entryPoints = ["websecure"]; - tls = { - certResolver = "letsencrypt"; - }; - }; - jellyseerr = { - rule = "Host(`jellyseerr.project-a.space`)"; - service = "jellyseerr"; - entryPoints = ["websecure"]; - tls = { - certResolver = "letsencrypt"; - }; - }; - }; - services = { - jellyfin.loadBalancer.servers = [ - { url = "http://127.0.0.1:8096"; } - ]; - jellyseerr.loadBalancer.servers = [ - { url = "http://127.0.0.1:5055"; } - ]; - }; - }; - }; - }; -} diff --git a/servers/vanessa/nginx.nix b/servers/vanessa/nginx.nix index 7a29989..0441481 100644 --- a/servers/vanessa/nginx.nix +++ b/servers/vanessa/nginx.nix @@ -6,8 +6,6 @@ services.nginx = { enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; defaultSSLListenPort = 444; streamConfig = '' @@ -24,9 +22,6 @@ listen [::0]:443; proxy_pass $name; ssl_preread on; - proxy_connect_timeout 30s; - proxy_timeout 1h; - proxy_buffer_size 16k; } ''; };