From 3d698f86319c318265867f10f46e65d6d3564d79 Mon Sep 17 00:00:00 2001 From: OCbwoy3 Date: Sun, 21 Dec 2025 23:31:03 +0200 Subject: [PATCH] server: do stuff --- flake.nix | 4 + hosts/server/configuration.nix | 159 ++++++++++++++++----------- hosts/server/modules/atproto-pds.nix | 47 ++++---- hosts/server/modules/cloudflare.nix | 37 ++++--- hosts/server/modules/gitea.nix | 34 ++++++ hosts/server/modules/spacebar.nix | 17 +++ hosts/server/modules/tangled.nix | 39 ++++--- modules/nixos/nvidia.nix | 112 ++++++++++--------- 8 files changed, 278 insertions(+), 171 deletions(-) create mode 100644 hosts/server/modules/gitea.nix create mode 100644 hosts/server/modules/spacebar.nix diff --git a/flake.nix b/flake.nix index db03c4b..303b66b 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,10 @@ # Extras tangled.url = "git+https://tangled.sh/@tangled.sh/core"; vscode-server.url = "github:nix-community/nixos-vscode-server"; + spacebar = { + url = "github:spacebarchat/server"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; # Required by NixOS: diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index b87bd5b..c49c1a3 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,84 +1,109 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - imports = [ - ./modules/atproto-pds.nix - ./modules/cloudflare.nix - ./modules/tangled.nix - ../../modules/force.nix - ]; + imports = [ + ./modules/atproto-pds.nix + ./modules/cloudflare.nix + ./modules/tangled.nix + ../../modules/force.nix + ./modules/gitea.nix + ./modules/spacebar.nix + ]; - # gcc. shit breaks. wtf - environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib"; + # gcc. shit breaks. wtf + environment.sessionVariables.LD_LIBRARY_PATH = "${pkgs.gcc15}/lib"; - services.vscode-server.enable = true; + services.vscode-server.enable = true; - systemd.services.ocbwoy3-start-pm2 = { - enable = true; - description = "Start PM2"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "forking"; - User = "ocbwoy3"; - LimitNOFILE = "infinity"; - LimitNPROC = "infinity"; - LimitCORE = "infinity"; - Environment = "PM2_HOME=/home/ocbwoy3/.pm2"; - PIDFile = "/home/ocbwoy3/.pm2/pm2.pid"; - Restart = "on-failure"; + systemd.services.ocbwoy3-start-pm2 = { + enable = true; + description = "Start PM2"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "forking"; + User = "ocbwoy3"; + LimitNOFILE = "infinity"; + LimitNPROC = "infinity"; + LimitCORE = "infinity"; + Environment = "PM2_HOME=/home/ocbwoy3/.pm2"; + PIDFile = "/home/ocbwoy3/.pm2/pm2.pid"; + Restart = "on-failure"; - ExecStart = "${pkgs.pm2}/bin/pm2 resurrect"; - ExecReload = "${pkgs.pm2}/bin/pm2 reload all"; - ExecStop = "${pkgs.pm2}/bin/pm2 kill"; - }; - }; + ExecStart = "${pkgs.pm2}/bin/pm2 resurrect"; + ExecReload = "${pkgs.pm2}/bin/pm2 reload all"; + ExecStop = "${pkgs.pm2}/bin/pm2 kill"; + }; + }; - services.openssh.settings = { - PubkeyAuthentication = "yes"; - TrustedUserCAKeys = "/etc/ssh/ca.pub"; - }; + services.openssh.settings = { + PubkeyAuthentication = "yes"; + TrustedUserCAKeys = "/etc/ssh/ca.pub"; + }; - services.openssh = { - enable = lib.mkForce true; - }; + services.openssh = { + enable = lib.mkForce true; + }; - environment.systemPackages = with pkgs; [ - fastfetch - hyfetch - pm2 - steam-run - ]; + environment.systemPackages = with pkgs; [ + fastfetch + hyfetch + pm2 + steam-run + ]; - users.users.ocbwoy3 = { - initialPassword = "thisisapassword42069!"; # not the type passwords i use - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; - shell = pkgs.zsh; - }; + users.users.ocbwoy3 = { + initialPassword = "thisisapassword42069!"; # not the type passwords i use + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + ]; + shell = pkgs.zsh; + }; - virtualisation.docker.enable = true; + virtualisation.docker.enable = true; - services.mongodb = { - enable = true; - enableAuth = false; - package = pkgs.mongodb-ce; - replSetName = "rs0"; # dangerous - bind_ip = "0.0.0.0"; - }; + services.mongodb = { + enable = true; + enableAuth = false; + package = pkgs.mongodb-ce; + replSetName = "rs0"; # dangerous + bind_ip = "0.0.0.0"; + }; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 22 443 3000 3001 8080 25565 ]; - allowedUDPPorts = [ 22 443 3000 3001 8080 25565 ]; - }; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 443 + 3000 + 3001 + 8080 + 25565 + ]; + allowedUDPPorts = [ + 22 + 443 + 3000 + 3001 + 8080 + 25565 + ]; + }; - catppuccin = { - enable = true; - flavor = "mocha"; - accent = "blue"; - }; + catppuccin = { + enable = true; + flavor = "mocha"; + accent = "blue"; + gitea.enable = false; + }; - system.stateVersion = "23.05"; # DO NOT TOUCH + system.stateVersion = "23.05"; # DO NOT TOUCH } diff --git a/hosts/server/modules/atproto-pds.nix b/hosts/server/modules/atproto-pds.nix index 58f2c2d..2e3d825 100644 --- a/hosts/server/modules/atproto-pds.nix +++ b/hosts/server/modules/atproto-pds.nix @@ -1,26 +1,31 @@ -{ config, inputs, pkgs, ... }: +{ + config, + inputs, + pkgs, + ... +}: { - - # TODO: - # Upload PDS backup to /var/lib/pds - # and specify secrets in /private/atproto-pds.env - services.bluesky-pds = { - enable = true; - pdsadmin.enable = true; - environmentFiles = [ "/private/atproto-pds.env" ]; - settings = { - PDS_CRAWLERS = "https://bsky.network"; - LOG_ENABLED = "true"; - PDS_HOSTNAME = "pds.ocbwoy3.dev"; - # PDS_VERSION = "\"ATProto PDS v69420\""; - PDS_DID_PLC_URL = "https://plc.directory"; - PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev"; - PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev"; - PDS_TERMS_OF_SERVICE_URL = "https://ocbwoy3.dev"; - PDS_ACCEPTING_REPO_IMPORTS = "true"; - }; - }; + # TODO: + # Upload PDS backup to /var/lib/pds + # and specify secrets in /private/atproto-pds.env + + services.bluesky-pds = { + enable = true; + pdsadmin.enable = true; + environmentFiles = [ "/private/atproto-pds.env" ]; + settings = { + PDS_CRAWLERS = "https://bsky.network"; + LOG_ENABLED = "true"; + PDS_HOSTNAME = "pds.ocbwoy3.dev"; + # PDS_VERSION = "\"ATProto PDS v69420\""; + PDS_DID_PLC_URL = "https://plc.directory"; + PDS_CONTACT_EMAIL_ADDRESS = "ocbwoy3@ocbwoy3.dev"; + PDS_PRIVACY_POLICY_URL = "https://ocbwoy3.dev"; + PDS_TERMS_OF_SERVICE_URL = "https://ocbwoy3.dev"; + PDS_ACCEPTING_REPO_IMPORTS = "true"; + }; + }; } diff --git a/hosts/server/modules/cloudflare.nix b/hosts/server/modules/cloudflare.nix index 7d790a8..805e0f2 100644 --- a/hosts/server/modules/cloudflare.nix +++ b/hosts/server/modules/cloudflare.nix @@ -1,21 +1,26 @@ -{ config, inputs, pkgs, ... }: +{ + config, + inputs, + pkgs, + ... +}: { - environment.systemPackages = with pkgs; [ - cloudflared - ]; - - # lib.mkIf (isOCbwoy3 == true) - services.cloudflared = { - enable = true; - tunnels = { - "selfhost" = { - # 2f83f704-e9f7-49fb-a6c4-d4a8f85d87e4 - default = "http_status:404"; - credentialsFile = "/private/cloudflared/selfhost.json"; - }; - }; - }; + environment.systemPackages = with pkgs; [ + cloudflared + ]; + + # lib.mkIf (isOCbwoy3 == true) + services.cloudflared = { + enable = true; + tunnels = { + "selfhost" = { + # 2f83f704-e9f7-49fb-a6c4-d4a8f85d87e4 + default = "http_status:404"; + credentialsFile = "/private/cloudflared/selfhost.json"; + }; + }; + }; } diff --git a/hosts/server/modules/gitea.nix b/hosts/server/modules/gitea.nix new file mode 100644 index 0000000..f55f805 --- /dev/null +++ b/hosts/server/modules/gitea.nix @@ -0,0 +1,34 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + services.gitea = { + enable = true; + + database = { + type = "postgres"; + }; + + settings = { + server = { + DOMAIN = "git.ocbwoy3.dev"; + ROOT_URL = "https://git.ocbwoy3.dev/"; + HTTP_PORT = 2222; + DISABLE_SSH = true; + MAX_UPLOAD_FILE_SIZE = 5242880; + }; + + attachment = { + MAX_SIZE = 5; # MB (this is the one causing the 1024 KiB error) + }; + + service = { + DISABLE_REGISTRATION = true; + }; + }; + }; +} diff --git a/hosts/server/modules/spacebar.nix b/hosts/server/modules/spacebar.nix new file mode 100644 index 0000000..1143020 --- /dev/null +++ b/hosts/server/modules/spacebar.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: + +{ + imports = [ inputs.spacebar.nixosModules.default ]; + + services.spacebarchat-server = { + enable = true; + package = inputs.spacebar.packages.${pkgs.stdenv.hostPlatform.system}.default; + extraEnvironment.PORT = 4067; + }; +} diff --git a/hosts/server/modules/tangled.nix b/hosts/server/modules/tangled.nix index d93ffa2..ae13ce0 100644 --- a/hosts/server/modules/tangled.nix +++ b/hosts/server/modules/tangled.nix @@ -1,21 +1,26 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - services.tangled-knot = { - enable = true; - server = { - listenAddr = "0.0.0.0:3003"; - owner = "did:plc:s7cesz7cr6ybltaryy4meb6y"; - hostname = "knot.ocbwoy3.dev"; - }; - }; + services.tangled.knot = { + enable = true; + server = { + listenAddr = "0.0.0.0:3003"; + owner = "did:plc:s7cesz7cr6ybltaryy4meb6y"; + hostname = "knot.ocbwoy3.dev"; + }; + }; - services.tangled-spindle = { - enable = true; - server = { - listenAddr = "0.0.0.0:3004"; - owner = "did:plc:s7cesz7cr6ybltaryy4meb6y"; - hostname = "spindle.ocbwoy3.dev"; - }; - }; + services.tangled.spindle = { + enable = true; + server = { + listenAddr = "0.0.0.0:3004"; + owner = "did:plc:s7cesz7cr6ybltaryy4meb6y"; + hostname = "spindle.ocbwoy3.dev"; + }; + }; } diff --git a/modules/nixos/nvidia.nix b/modules/nixos/nvidia.nix index f60a903..6e230f2 100644 --- a/modules/nixos/nvidia.nix +++ b/modules/nixos/nvidia.nix @@ -1,63 +1,75 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - # options nvidia NVreg_PreserveVideoMemoryAllocations=1 - boot.extraModprobeConfig = '' - options nvidia_drm modeset=1 fbdev=1 - ''; + # options nvidia NVreg_PreserveVideoMemoryAllocations=1 + boot.extraModprobeConfig = '' + options nvidia_drm modeset=1 fbdev=1 + ''; - environment.variables = { - LIBVA_DRIVER_NAME = "nvidia"; - GBM_BACKEND = "nvidia-drm"; - __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - NVD_BACKEND = "direct"; - EGL_PLATFORM = "wayland"; - VDPAU_DRIVER = "va_gl"; - WAYLAND_DISPLAY = "wayland-1"; - DISPLAY = ":0"; - XDG_CURRENT_DESKTOP = "Hyprland"; - MOZ_ENABLE_WAYLAND = "1"; # Enable Wayland for Firefox - CHROMIUM_FLAGS = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-gpu-rasterization --enable-zero-copy"; # Enable Wayland and hardware acceleration for Chromium - }; + environment.variables = { + LIBVA_DRIVER_NAME = "nvidia"; + GBM_BACKEND = "nvidia-drm"; + __GLX_VENDOR_LIBRARY_NAME = "nvidia"; + NVD_BACKEND = "direct"; + EGL_PLATFORM = "wayland"; + VDPAU_DRIVER = "va_gl"; + WAYLAND_DISPLAY = "wayland-1"; + DISPLAY = ":0"; + XDG_CURRENT_DESKTOP = "Hyprland"; + MOZ_ENABLE_WAYLAND = "1"; # Enable Wayland for Firefox + CHROMIUM_FLAGS = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-gpu-rasterization --enable-zero-copy"; # Enable Wayland and hardware acceleration for Chromium + }; - environment.sessionVariables = { - NIXOS_OZONE_WL = 1; - LIBVA_DRIVER_NAME = "nvidia"; - GBM_BACKEND = "nvidia-drm"; - __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - NVD_BACKEND = "direct"; - EGL_PLATFORM = "wayland"; - }; + environment.sessionVariables = { + NIXOS_OZONE_WL = 1; + LIBVA_DRIVER_NAME = "nvidia"; + GBM_BACKEND = "nvidia-drm"; + __GLX_VENDOR_LIBRARY_NAME = "nvidia"; + NVD_BACKEND = "direct"; + EGL_PLATFORM = "wayland"; + }; - # obs moment - # nixpkgs.config.cudaSupport = true; + # obs moment + # nixpkgs.config.cudaSupport = true; - hardware.graphics = { # hardware.graphics since NixOS 24.11 - enable = true; - # driSupport = true; - extraPackages = with pkgs; [ - nvidia-vaapi-driver - libvdpau-va-gl - vaapiVdpau - libvdpau - ]; - }; + hardware.graphics = { + # hardware.graphics since NixOS 24.11 + enable = true; + # driSupport = true; + extraPackages = with pkgs; [ + nvidia-vaapi-driver + libvdpau-va-gl + libva-vdpau-driver + libvdpau + ]; + }; - hardware.nvidia = { - modesetting.enable = true; - powerManagement.enable = false; - powerManagement.finegrained = false; - open = true; - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.beta; - }; + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + powerManagement.finegrained = false; + open = true; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.beta; + }; - boot.kernelModules = [ "nvidia-uvm" "nvidia-drm" ]; - boot.blacklistedKernelModules = [ "nouveau" ]; + boot.kernelModules = [ + "nvidia-uvm" + "nvidia-drm" + ]; + boot.blacklistedKernelModules = [ "nouveau" ]; - boot.kernelParams = [ "nvidia-drm.modeset=1" "nvidia-drm.fbdev=1" ]; + boot.kernelParams = [ + "nvidia-drm.modeset=1" + "nvidia-drm.fbdev=1" + ]; - services.xserver.videoDrivers = ["nvidia"]; + services.xserver.videoDrivers = [ "nvidia" ]; }