diff options
| -rw-r--r-- | nixos/server/configuration.nix | 203 | ||||
| -rw-r--r-- | nixos/server/disk-config.nix | 70 | ||||
| -rw-r--r-- | nixos/server/hardware-configuration.nix | 26 |
3 files changed, 194 insertions, 105 deletions
diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix index 2a5afa4..97b06c2 100644 --- a/nixos/server/configuration.nix +++ b/nixos/server/configuration.nix @@ -1,39 +1,29 @@ -{ modulesPath, config, lib, pkgs, ... }: { +{ + modulesPath, + lib, + pkgs, + config, + ... +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") ./disk-config.nix + ../serverModules/nginx.nix + ../serverModules/files.nix + ../serverModules/nfs.nix ]; + + nixpkgs.config.allowUnfree = true; + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; }; - networking = { - interfaces.ens3 = { - ipv4.addresses = [{ - address = "147.45.40.6"; - prefixLength = 32; - }]; - }; - defaultGateway = { - address = "10.0.0.1"; - interface = "ens3"; - }; - }; - - networking.useDHCP = lib.mkDefault false; + services.openssh.enable = true; - networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; - networking.hosts = { - "192.168.100.100" = ["stereotyped-sheet.aeza.network"]; - "147.45.40.6" = ["stereotyped-sheet.aeza.network" "stereotyped-sheet"]; - }; - - services.openssh = { - enable = true; - }; - environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal @@ -41,60 +31,151 @@ users.users = { root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - }; - fimoz = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ//SNTK/qZmoT0YH7tHxXg6VGEbxbxPLXQVC1zsBPb4 90ts@mail.ru" - ]; + openssh.authorizedKeys.keys = + [ + # change this to your ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" + ]; + hashedPassword = "$y$j9T$v3n61T5.hOGZUgzeHKOp41$qli1X0.ewVopbLcMrqUX/rKggtvsYAKz2VwsSE/7pAA"; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 57625 ]; + filesDir = { + enable = true; + subPaths = [ + { + path = "music"; + group = "music"; + } + { + path = "images"; + group = "images"; + } + ]; + }; + + networking.hostName = "ltrr-server"; + networking.firewall = { + allowedTCPPorts = [ 80 5030 2049 ]; + allowedUDPPorts = [ 51820 ]; + }; - security.acme = { acceptTerms = true; defaults.email = "notspl3g+acme@duck.com"; }; - services.nginx = { + nginx = { enable = true; - virtualHosts = { - "xray.kcu.su" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:2053"; - extraConfig = " - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - proxy_redirect off; - "; - }; + domain = "kcu.su"; + + recommendedProxySettings = false; + subdomains = { + # "cloud" = { + # proxyPass = "http://127.0.0.1:9200"; + # extraConfig = '' + # proxy_set_header Host $host; + # ''; + # }; + "slskd" = { + proxyPass = "http://127.0.0.1:5030"; + proxyWebsockets = true; }; + + "files".proxyPass = "http://127.0.0.1:9337"; + "track".proxyPass = "http://127.0.0.1:7093"; }; }; - virtualisation.oci-containers = { - backend = "docker"; - containers.xui = { - image = "ghcr.io/mhsanaei/3x-ui:latest"; - ports = ["127.0.0.1:2053:2053" "57625:57625"]; - volumes = [ - "/root/x-ui:/etc/x-ui" + networking.wg-quick = { + interfaces.wg0 = { + address = [ "10.1.1.2/32" ]; + listenPort = 51820; + + privateKeyFile = "/root/wireguard-keys/private"; + + peers = [ + { + endpoint = "147.45.40.6:51820"; + publicKey = "12UX8icwCjIfADoX1zhv6QvKrSjMcuoSsKbn51Mr/D8="; + allowedIPs = ["10.1.1.1/32"]; + persistentKeepalive = 25; + } ]; }; }; + # services.opencloud = { + # enable = true; + # group = "files"; + # url = "https://cloud.kcu.su"; + # environment = { + # OC_INSECURE = "true"; + # PROXY_TLS = "false"; + # }; + # }; + users.users.filebrowser.extraGroups = [ "music" "images" ]; + services.filebrowser = { + enable = true; + group = "files"; + settings = { + root = "/srv/files"; + port = 9337; + }; + }; + + systemd.tmpfiles.rules = [ + "d /srv/files/slskd 0740 slskd music" + "d /opt/traggo/data" + "d /var/lib/traggo" + ]; + users.users.slskd.extraGroups = [ "files" ]; + services.slskd = { + enable = true; + environmentFile = "/var/lib/slskd/env"; + group = "music"; + settings = { + shares.directories = [ "/srv/files/music" ]; + directories.downloads = "/srv/files/slskd"; + }; + openFirewall = true; + domain = null; + }; + + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers.traggo = { + image = "traggo/server"; + ports = [ + "127.0.0.1:7093:3030" + ]; + environmentFiles = [ "/var/lib/traggo/env" ]; + workdir = "/opt/traggo/"; + volumes = [ + "/opt/traggo/data:/opt/traggo/data" + ]; + }; + + nfs.server = { + enable = true; + defaultExportIps = ["10.1.1.0/24"]; + + exportDirs = [ + {path = "/srv/files/music";} + ]; + }; + services.nfs.idmapd = { + settings = { + General = { + Domain = "kcu.su"; + }; + Mapping = { + Nobody-User = "nobody"; + Nobody-Group = "nogroup"; + }; + }; + }; + system.stateVersion = "24.05"; } + diff --git a/nixos/server/disk-config.nix b/nixos/server/disk-config.nix index a51111a..2495ada 100644 --- a/nixos/server/disk-config.nix +++ b/nixos/server/disk-config.nix @@ -1,51 +1,33 @@ -{ lib, ... }: { disko.devices = { - disk.disk1 = { - device = lib.mkDefault "/dev/vda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; + disk = { + main = { + device = "/dev/sdb"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; }; }; }; diff --git a/nixos/server/hardware-configuration.nix b/nixos/server/hardware-configuration.nix new file mode 100644 index 0000000..926b7d7 --- /dev/null +++ b/nixos/server/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s29u1u3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} |