From d12274102a2d50ea440e8991982213122309b2fe Mon Sep 17 00:00:00 2001
From: emptyynes <admin@codenrock.com>
Date: Wed, 17 Sep 2025 16:45:03 +0700
Subject: [PATCH 1/3] added gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..301d47e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+flake.lock

From 694a4e7605f606e58e8c68fdd0b473ec11dbf07b Mon Sep 17 00:00:00 2001
From: emptyynes <admin@codenrock.com>
Date: Fri, 19 Sep 2025 10:08:16 +0700
Subject: [PATCH 2/3] increased nginx proxy parameters

---
 secret.nix                   | 5 ++++-
 servers/artemisia/main.nix   | 4 +++-
 servers/artemisia/nginx.nix  | 4 ++--
 servers/common/yggdrasil.nix | 3 +--
 servers/mio/nginx.nix        | 4 ++--
 servers/reine/main.nix       | 9 +++++++++
 servers/vanessa/nginx.nix    | 4 ++--
 7 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/secret.nix b/secret.nix
index 7d03f6f..615d97c 100644
--- a/secret.nix
+++ b/secret.nix
@@ -25,6 +25,7 @@ in {
 		secret = {
 			artemisia = {
 				marzban = marzban-config;
+				yggdrasil.PrivateKey = mkOption { type = str; default = ""; };
 			};
 			mio = {
 				marzban = marzban-config;
@@ -38,8 +39,10 @@ in {
 			common = {
 				yggdrasil = {
 					reine = mkOption { type = str; default = ""; };
+					artemisia = mkOption { type = str; default = ""; };
+					password = mkOption { type = str; default = ""; };
 				};
 			};
 		};
 	};
-}
+}
\ No newline at end of file
diff --git a/servers/artemisia/main.nix b/servers/artemisia/main.nix
index ed7ea97..9ae7e9d 100644
--- a/servers/artemisia/main.nix
+++ b/servers/artemisia/main.nix
@@ -9,7 +9,9 @@
 	networking.hostName = "artemisia";
 	system.stateVersion = "25.05";
 
-	services.yggdrasil.persistentKeys = true;
+	services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
+	services.yggdrasil.persistentKeys = false;
+	
 	marzban = {
 		env = {
 			UVICORN_HOST = "artemisia.project-a.space";
diff --git a/servers/artemisia/nginx.nix b/servers/artemisia/nginx.nix
index cacd924..54b652c 100644
--- a/servers/artemisia/nginx.nix
+++ b/servers/artemisia/nginx.nix
@@ -39,9 +39,9 @@
 				listen [::0]:443;
 				proxy_pass $name;
 				ssl_preread on;
-				proxy_connect_timeout 1s;
+				proxy_connect_timeout 30s;
 				proxy_timeout 1h;
-				proxy_buffer_size 16k;
+				proxy_buffer_size 64k;
 			}
 		'';
 	};
diff --git a/servers/common/yggdrasil.nix b/servers/common/yggdrasil.nix
index f16f76a..d7d1fe9 100644
--- a/servers/common/yggdrasil.nix
+++ b/servers/common/yggdrasil.nix
@@ -5,8 +5,7 @@
 		enable = true;
 		settings = {
 			Peers = [
-				"tls://kuber.project-a.space:666"
-				"tls://arti.project-a.space:666"
+				"tls://artemisia.project-a.space:666"
 				"tls://reine.project-a.space:666"
 			];
 			Listen = [
diff --git a/servers/mio/nginx.nix b/servers/mio/nginx.nix
index 2b272dd..1ca9108 100644
--- a/servers/mio/nginx.nix
+++ b/servers/mio/nginx.nix
@@ -28,9 +28,9 @@
 				listen [::0]:443;
 				proxy_pass $name;
 				ssl_preread on;
-				proxy_connect_timeout 1s;
+				proxy_connect_timeout 30s;
 				proxy_timeout 1h;
-				proxy_buffer_size 16k;
+				proxy_buffer_size 64k;
 			}
 		'';
 	};
diff --git a/servers/reine/main.nix b/servers/reine/main.nix
index 5b7be0c..51c9b47 100644
--- a/servers/reine/main.nix
+++ b/servers/reine/main.nix
@@ -11,5 +11,14 @@
 	services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
 	services.yggdrasil.persistentKeys = false;
 	hardware.amdgpu.opencl.enable = true;
+	hardware.graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
+	systemd.tmpfiles.rules = [
+		"L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
+    ];
+	hardware.graphics.enable = true;
+	hardware.graphics.enable32Bit = true;
+	hardware.amdgpu.overdrive.enable = true;
+	hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
+	environment.systemPackages = with pkgs; [ clinfo mesa.opencl ];
 	system.stateVersion = "25.05";
 }
diff --git a/servers/vanessa/nginx.nix b/servers/vanessa/nginx.nix
index 2b272dd..1ca9108 100644
--- a/servers/vanessa/nginx.nix
+++ b/servers/vanessa/nginx.nix
@@ -28,9 +28,9 @@
 				listen [::0]:443;
 				proxy_pass $name;
 				ssl_preread on;
-				proxy_connect_timeout 1s;
+				proxy_connect_timeout 30s;
 				proxy_timeout 1h;
-				proxy_buffer_size 16k;
+				proxy_buffer_size 64k;
 			}
 		'';
 	};

From 032a5f4b045c59f21ee168e83091ceadcd563992 Mon Sep 17 00:00:00 2001
From: emptyynes <admin@codenrock.com>
Date: Fri, 19 Sep 2025 11:33:48 +0700
Subject: [PATCH 3/3] xray and nginx improvements

---
 secret.nix                 | 1 +
 servers/artemisia/main.nix | 1 +
 servers/common/xray.nix    | 4 ++--
 servers/mio/main.nix       | 1 +
 servers/vanessa/main.nix   | 1 +
 servers/vanessa/nginx.nix  | 6 +-----
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/secret.nix b/secret.nix
index 615d97c..2c0a5d2 100644
--- a/secret.nix
+++ b/secret.nix
@@ -10,6 +10,7 @@ let
 		privateKey = mkOption { type = types.str; default = ""; };
 		shortId = mkOption { type = types.str; default = ""; };
 		spiderX = mkOption { type = types.str; default = "/"; };
+		sni = mkOption { type = types.str; default = "/"; };
 	};
 	affine-config =  with lib; {
 		env = {
diff --git a/servers/artemisia/main.nix b/servers/artemisia/main.nix
index 9ae7e9d..7f8aa8d 100644
--- a/servers/artemisia/main.nix
+++ b/servers/artemisia/main.nix
@@ -29,6 +29,7 @@
 			privateKey = secret.marzban.privateKey;
 			shortId = secret.marzban.shortId;
 			spiderX = secret.marzban.spiderX;
+			sni = secret.marzban.sni;
 		};
 	};
 
diff --git a/servers/common/xray.nix b/servers/common/xray.nix
index 999cf5f..f3940fc 100644
--- a/servers/common/xray.nix
+++ b/servers/common/xray.nix
@@ -1,4 +1,4 @@
-{ server-domain, port, dest, privateKey, shortId, spiderX }:
+{ server-domain, port, dest, privateKey, shortId, spiderX, sni }:
 
 {
 	log.loglevel = "warning";
@@ -34,7 +34,7 @@
 					dest = dest;
 					xver = 0;
 					serverNames = [
-						server-domain
+						sni
 					];
 					privateKey = privateKey;
 					SpiderX = spiderX;
diff --git a/servers/mio/main.nix b/servers/mio/main.nix
index 34c4659..684b0d7 100644
--- a/servers/mio/main.nix
+++ b/servers/mio/main.nix
@@ -42,6 +42,7 @@
 			privateKey = secret.marzban.privateKey;
 			shortId = secret.marzban.shortId;
 			spiderX = secret.marzban.spiderX;
+			sni = secret.marzban.sni;
 		};
 	};
 
diff --git a/servers/vanessa/main.nix b/servers/vanessa/main.nix
index a5d9334..b1ed2dc 100644
--- a/servers/vanessa/main.nix
+++ b/servers/vanessa/main.nix
@@ -24,6 +24,7 @@
 			privateKey = secret.marzban.privateKey;
 			shortId = secret.marzban.shortId;
 			spiderX = secret.marzban.spiderX;
+			sni = secret.marzban.sni;
 		};
 	};
 
diff --git a/servers/vanessa/nginx.nix b/servers/vanessa/nginx.nix
index 1ca9108..7a29989 100644
--- a/servers/vanessa/nginx.nix
+++ b/servers/vanessa/nginx.nix
@@ -15,10 +15,6 @@
 				default                marzban;
 			}
 
-			upstream git {
-				server 127.0.0.1:444;
-			}
-
 			upstream marzban {
 				server 127.0.0.1:1080;
 			}
@@ -30,7 +26,7 @@
 				ssl_preread on;
 				proxy_connect_timeout 30s;
 				proxy_timeout 1h;
-				proxy_buffer_size 64k;
+				proxy_buffer_size 16k;
 			}
 		'';
 	};