feat: add the actual server configuration

4 files changed, 170 insertions, 59 deletions

diff --git a/flake.lock b/flake.lock
index d8b5098..ee4757c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -116,6 +116,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745812220,
+        "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
@@ -911,6 +931,7 @@
     "root": {
       "inputs": {
         "betterfox": "betterfox",
+        "disko": "disko",
         "home-manager": "home-manager",
         "hyprland": "hyprland",
         "nh": "nh",
diff --git a/flake.nix b/flake.nix
index 8eff9d0..67fc683 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,10 +38,15 @@
     # Hardware configs for my laptop
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     zen-browser = {
-    url = "github:0xc000022070/zen-browser-flake";
-    inputs.nixpkgs.follows = "nixpkgs";
-  };
+      url = "github:0xc000022070/zen-browser-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     niri.url = "github:sodiboo/niri-flake";
 
@@ -58,11 +63,11 @@
 
   outputs = { self
             , nixpkgs
-            # , lix-module
             , home-manager
             , nurpkgs
             , nixos-hardware
             , hyprland
+            , disko
             , ... }@inputs:
     let
       inherit (self) outputs;
@@ -110,8 +115,9 @@
           ];
         };
         ltrr-cloud = nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs outputs; };
+          system = "x86_64-linux";
           modules = [
+            disko.nixosModules.disko
             ./nixos/server/configuration.nix
           ];
         };
diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix
index 6e14300..2a5afa4 100644
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -1,71 +1,100 @@
-{ pkgs, inputs, outputs, lib, config, ... }:
+{ modulesPath, config, lib, pkgs, ... }: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
 
-{
-  nixpkgs = {
-    overlays = [
-      outputs.overlays.additions
-      outputs.overlays.modifications
-      outputs.overlays.unstable-packages
-    ];
-    config = {
-      allowUnfree = true;
+  networking = {
+    interfaces.ens3 = {
+      ipv4.addresses = [{
+        address = "147.45.40.6";
+        prefixLength = 32;
+      }];
+    };
+    defaultGateway = {
+      address = "10.0.0.1";
+      interface = "ens3";
     };
   };
 
-  nix = {
-    # This will add each flake input as a registry
-    # To make nix3 commands consistent with your flake
-    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+  networking.useDHCP = lib.mkDefault false;
 
-    # This will additionally add your inputs to the system's legacy channels
-    # Making legacy nix commands consistent as well, awesome!
-    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
+  networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
+  networking.hosts = {
+    "192.168.100.100" = ["stereotyped-sheet.aeza.network"];
+    "147.45.40.6" = ["stereotyped-sheet.aeza.network" "stereotyped-sheet"];
+  };
+  
+  services.openssh = {
+    enable = true;
+  };
+  
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.gitMinimal
+  ];
 
-    gc = {
-      automatic = true;
-      dates = "weekly";
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru"
+      ];
     };
-
-    settings = {
-      # Enable flakes and new 'nix' command
-      experimental-features = "nix-command flakes";
-      # Deduplicate and optimize nix store
-      auto-optimise-store = true;
-
-      trusted-users = [ "root" "@wheel" ];
+    fimoz = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ//SNTK/qZmoT0YH7tHxXg6VGEbxbxPLXQVC1zsBPb4 90ts@mail.ru"
+      ];
     };
   };
 
-  virtualisation.docker.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 57625 ];
 
-  # services.nginx = {
-  #   enable = true;
-  #   virtualHosts."kcu.su" = {
-  #     forceSSL = true;
-  #     enableACME = true;
-  #     locations."/xray" = {
-  #       proxyPass = "http://127.0.0.1:42069";
-  #       extraConfig = "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  #         proxy_set_header X-Forwarded-Proto $scheme;
-  #         proxy_set_header Host $http_host;
-  #         proxy_set_header X-Real-IP $remote_addr;
-  #         proxy_set_header Range $http_range;
-  #         proxy_set_header If-Range $http_if_range; 
-  #         proxy_redirect off;";
-  #     };
-  #   };
-  # };
+  
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "notspl3g+acme@duck.com";
+  };
 
-  services.k3s = {
+  services.nginx = {
     enable = true;
-    role = "server";
+    virtualHosts = {
+      "xray.kcu.su" = {
+        forceSSL = true;
+        enableACME = true;
+
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:2053";
+          extraConfig = "
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header Range $http_range;
+          proxy_set_header If-Range $http_if_range; 
+          proxy_redirect off;
+        ";
+        };
+      };
+    };
   };
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "notspl3g@duck.com";
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers.xui = {
+      image = "ghcr.io/mhsanaei/3x-ui:latest";
+      ports = ["127.0.0.1:2053:2053" "57625:57625"];
+      volumes = [
+        "/root/x-ui:/etc/x-ui"
+      ];
+    };
   };
-  
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "24.04";
+
+
+  system.stateVersion = "24.05";
 }
diff --git a/nixos/server/disk-config.nix b/nixos/server/disk-config.nix
new file mode 100644
index 0000000..a51111a
--- /dev/null
+++ b/nixos/server/disk-config.nix
@@ -0,0 +1,55 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/vda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}