diff options
Diffstat (limited to 'nixos/server/configuration.nix')
| -rw-r--r-- | nixos/server/configuration.nix | 203 |
1 files changed, 142 insertions, 61 deletions
diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix index 2a5afa4..97b06c2 100644 --- a/nixos/server/configuration.nix +++ b/nixos/server/configuration.nix @@ -1,39 +1,29 @@ -{ modulesPath, config, lib, pkgs, ... }: { +{ + modulesPath, + lib, + pkgs, + config, + ... +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") ./disk-config.nix + ../serverModules/nginx.nix + ../serverModules/files.nix + ../serverModules/nfs.nix ]; + + nixpkgs.config.allowUnfree = true; + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; }; - networking = { - interfaces.ens3 = { - ipv4.addresses = [{ - address = "147.45.40.6"; - prefixLength = 32; - }]; - }; - defaultGateway = { - address = "10.0.0.1"; - interface = "ens3"; - }; - }; - - networking.useDHCP = lib.mkDefault false; + services.openssh.enable = true; - networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; - networking.hosts = { - "192.168.100.100" = ["stereotyped-sheet.aeza.network"]; - "147.45.40.6" = ["stereotyped-sheet.aeza.network" "stereotyped-sheet"]; - }; - - services.openssh = { - enable = true; - }; - environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal @@ -41,60 +31,151 @@ users.users = { root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - }; - fimoz = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ//SNTK/qZmoT0YH7tHxXg6VGEbxbxPLXQVC1zsBPb4 90ts@mail.ru" - ]; + openssh.authorizedKeys.keys = + [ + # change this to your ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" + ]; + hashedPassword = "$y$j9T$v3n61T5.hOGZUgzeHKOp41$qli1X0.ewVopbLcMrqUX/rKggtvsYAKz2VwsSE/7pAA"; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 57625 ]; + filesDir = { + enable = true; + subPaths = [ + { + path = "music"; + group = "music"; + } + { + path = "images"; + group = "images"; + } + ]; + }; + + networking.hostName = "ltrr-server"; + networking.firewall = { + allowedTCPPorts = [ 80 5030 2049 ]; + allowedUDPPorts = [ 51820 ]; + }; - security.acme = { acceptTerms = true; defaults.email = "notspl3g+acme@duck.com"; }; - services.nginx = { + nginx = { enable = true; - virtualHosts = { - "xray.kcu.su" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:2053"; - extraConfig = " - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - proxy_redirect off; - "; - }; + domain = "kcu.su"; + + recommendedProxySettings = false; + subdomains = { + # "cloud" = { + # proxyPass = "http://127.0.0.1:9200"; + # extraConfig = '' + # proxy_set_header Host $host; + # ''; + # }; + "slskd" = { + proxyPass = "http://127.0.0.1:5030"; + proxyWebsockets = true; }; + + "files".proxyPass = "http://127.0.0.1:9337"; + "track".proxyPass = "http://127.0.0.1:7093"; }; }; - virtualisation.oci-containers = { - backend = "docker"; - containers.xui = { - image = "ghcr.io/mhsanaei/3x-ui:latest"; - ports = ["127.0.0.1:2053:2053" "57625:57625"]; - volumes = [ - "/root/x-ui:/etc/x-ui" + networking.wg-quick = { + interfaces.wg0 = { + address = [ "10.1.1.2/32" ]; + listenPort = 51820; + + privateKeyFile = "/root/wireguard-keys/private"; + + peers = [ + { + endpoint = "147.45.40.6:51820"; + publicKey = "12UX8icwCjIfADoX1zhv6QvKrSjMcuoSsKbn51Mr/D8="; + allowedIPs = ["10.1.1.1/32"]; + persistentKeepalive = 25; + } ]; }; }; + # services.opencloud = { + # enable = true; + # group = "files"; + # url = "https://cloud.kcu.su"; + # environment = { + # OC_INSECURE = "true"; + # PROXY_TLS = "false"; + # }; + # }; + users.users.filebrowser.extraGroups = [ "music" "images" ]; + services.filebrowser = { + enable = true; + group = "files"; + settings = { + root = "/srv/files"; + port = 9337; + }; + }; + + systemd.tmpfiles.rules = [ + "d /srv/files/slskd 0740 slskd music" + "d /opt/traggo/data" + "d /var/lib/traggo" + ]; + users.users.slskd.extraGroups = [ "files" ]; + services.slskd = { + enable = true; + environmentFile = "/var/lib/slskd/env"; + group = "music"; + settings = { + shares.directories = [ "/srv/files/music" ]; + directories.downloads = "/srv/files/slskd"; + }; + openFirewall = true; + domain = null; + }; + + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers.traggo = { + image = "traggo/server"; + ports = [ + "127.0.0.1:7093:3030" + ]; + environmentFiles = [ "/var/lib/traggo/env" ]; + workdir = "/opt/traggo/"; + volumes = [ + "/opt/traggo/data:/opt/traggo/data" + ]; + }; + + nfs.server = { + enable = true; + defaultExportIps = ["10.1.1.0/24"]; + + exportDirs = [ + {path = "/srv/files/music";} + ]; + }; + services.nfs.idmapd = { + settings = { + General = { + Domain = "kcu.su"; + }; + Mapping = { + Nobody-User = "nobody"; + Nobody-Group = "nogroup"; + }; + }; + }; + system.stateVersion = "24.05"; } + |