feat: add c2 and fix code-server

2025-10-28 23:35:46 +08:00 · 2025-10-28 23:35:46 +08:00 · 123e1cc5e0
commit 123e1cc5e0
parent 3f63ea2c43
4 changed files with 63 additions and 9 deletions
--- a/flake.nix
+++ b/flake.nix
@ -11,6 +11,7 @@
    nixos-x86_64-hosts = [
      "g1"
      "c1"
+      "c2"
    ];
    nasp = (import ./modules/nasp {
      lib = nixpkgs.lib;
--- a/hosts/c2/configuration.nix
+++ b/hosts/c2/configuration.nix
@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =[
+    ./hardware-configuration.nix
+  ];
+  nasp = {
+    enable = true;
+    cSeries = {
+      enable = true;
+      serial = 2;
+      ethLanName = "ens16f0";
+    };
+  };
+  system.stateVersion = "25.05";
+}
--- a/hosts/c2/hardware-configuration.nix
+++ b/hosts/c2/hardware-configuration.nix
@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "smartpqi" "nvme" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  networking.hostId = "8529b8ea";
+
+  fileSystems."/" = {
+    device = "root/system";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home2" = {
+    device = "data/home2";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/01A3-4293";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/32b1a7d9-e65a-4212-b278-e0602c9392eb"; }
+      { device = "/dev/disk/by-uuid/3d2e1ae9-3110-43eb-b553-cf91eb7d711d"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/modules/nasp/main.nix
+++ b/modules/nasp/main.nix
@ -129,8 +129,12 @@ in
      networking.networkmanager.enable = false;
      networking.useDHCP = false;
      systemd.network.enable = true;
-      networking.firewall.allowedTCPPorts = [ 12022 ];
      networking.nftables.enable = true;
+      networking.firewall.allowedTCPPorts = [ 12022 ];
+      networking.firewall.extraInputRules = ''
+        ip saddr 192.168.16.0/21 accept
+        ip6 saddr fd01:da8:bf::/48 accept
+      '';
      networking.extraHosts = ''
        192.168.16.1 ssh.nasp.fit git.nasp.fit jump.nasp.fit
        192.168.16.115 g15.nasp g15 lm1
@ -264,12 +268,9 @@ in
          serverName = "proxy.nasp.fit";
          locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)"  = {
            proxyWebsockets = true;
+            proxyPass = "http://unix:/home2/run/$1.sock";
            extraConfig = ''
              rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
-              proxy_pass "http://unix:/home2/run/$1.sock";
-              proxy_set_header Host $host;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection upgrade;
              proxy_set_header Accept-Encoding gzip;
            '';
          };
@ -462,10 +463,6 @@ in
    (lib.mkIf (cCfg.enable) {
      networking.hostName = "c" + (builtins.toString cCfg.serial);
      networking.nameservers = [ "192.168.20.1" ];
-      networking.firewall.extraInputRules = ''
-        ip saddr 192.168.20.0/24 accept
-        ip6 saddr fd01:da8:bf:14::/64 accept
-      '';
      nasp.docker.enable = lib.mkDefault true;
      nasp.registry.enable = lib.mkDefault true;
      nasp.nginx.enable = lib.mkDefault true;