feat: add c2 and fix code-server

flake.nix

@@ -11,6 +11,7 @@
     nixos-x86_64-hosts = [
       "g1"
       "c1"
+      "c2"
     ];
     nasp = (import ./modules/nasp {
       lib = nixpkgs.lib;

hosts/c2/configuration.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =[
+    ./hardware-configuration.nix
+  ];
+  nasp = {
+    enable = true;
+    cSeries = {
+      enable = true;
+      serial = 2;
+      ethLanName = "ens16f0";
+    };
+  };
+  system.stateVersion = "25.05";
+}

hosts/c2/hardware-configuration.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "smartpqi" "nvme" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  networking.hostId = "8529b8ea";
+
+  fileSystems."/" = {
+    device = "root/system";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home2" = {
+    device = "data/home2";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/01A3-4293";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/32b1a7d9-e65a-4212-b278-e0602c9392eb"; }
+      { device = "/dev/disk/by-uuid/3d2e1ae9-3110-43eb-b553-cf91eb7d711d"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

modules/nasp/main.nix

@@ -129,8 +129,12 @@ in
       networking.networkmanager.enable = false;
       networking.useDHCP = false;
       systemd.network.enable = true;
-      networking.firewall.allowedTCPPorts = [ 12022 ];
       networking.nftables.enable = true;
+      networking.firewall.allowedTCPPorts = [ 12022 ];
+      networking.firewall.extraInputRules = ''
+        ip saddr 192.168.16.0/21 accept
+        ip6 saddr fd01:da8:bf::/48 accept
+      '';
       networking.extraHosts = ''
         192.168.16.1 ssh.nasp.fit git.nasp.fit jump.nasp.fit
         192.168.16.115 g15.nasp g15 lm1
@@ -264,12 +268,9 @@ in
           serverName = "proxy.nasp.fit";
           locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)"  = {
             proxyWebsockets = true;
+            proxyPass = "http://unix:/home2/run/$1.sock";
             extraConfig = ''
               rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
-              proxy_pass "http://unix:/home2/run/$1.sock";
-              proxy_set_header Host $host;
-              proxy_set_header Upgrade $http_upgrade;
-              proxy_set_header Connection upgrade;
               proxy_set_header Accept-Encoding gzip;
             '';
           };
@@ -462,10 +463,6 @@ in
     (lib.mkIf (cCfg.enable) {
       networking.hostName = "c" + (builtins.toString cCfg.serial);
       networking.nameservers = [ "192.168.20.1" ];
-      networking.firewall.extraInputRules = ''
-        ip saddr 192.168.20.0/24 accept
-        ip6 saddr fd01:da8:bf:14::/64 accept
-      '';
       nasp.docker.enable = lib.mkDefault true;
       nasp.registry.enable = lib.mkDefault true;
       nasp.nginx.enable = lib.mkDefault true;