diff options
Diffstat (limited to 'nixos')
29 files changed, 0 insertions, 1717 deletions
diff --git a/nixos/general.nix b/nixos/general.nix deleted file mode 100644 index cc400d2..0000000 --- a/nixos/general.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - inputs, - outputs, - lib, - config, - pkgs, - ... -}: { - imports = [ - ./nixosModules - ]; - - nixpkgs = { - overlays = [ - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.truly-unstable-packages - ]; - config = { - allowUnfree = true; - }; - }; - - nix = { - # This will add each flake input as a registry - # To make nix3 commands consistent with your flake - registry = lib.mapAttrs (_: value: {flake = value;}) inputs; - - # This will additionally add your inputs to the system's legacy channels - # Making legacy nix commands consistent as well, awesome! - nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - - gc = { - automatic = true; - dates = "weekly"; - }; - - settings = { - # Enable flakes and new 'nix' command - experimental-features = "nix-command flakes"; - # Deduplicate and optimize nix store - auto-optimise-store = true; - - trusted-users = ["root" "@wheel"]; - }; - }; - - # from nixosModules - disks.enable = true; - user.enable = true; - # greetd.enable = true; - ly.enable = true; - stylixConfig.enable = true; - kanata.enable = true; - - networking = { - networkmanager = { - enable = true; - }; - nftables.enable = true; - hosts = { - "127.0.0.1" = ["v2raya.local"]; - }; - }; - - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - defaultNetwork.settings.dns_enabled = true; - }; - - services.postgresql = { - enable = true; - }; - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - security.rtkit.enable = true; - security.polkit.enable = true; - - services.pipewire = { - enable = true; - audio.enable = true; - wireplumber.enable = true; - alsa.enable = true; - pulse.enable = true; - jack.enable = true; - }; - - programs.gamemode = { - enable = true; - settings = { - gpu.apply_gpu_optimizations = "accept-responsibility"; - }; - }; - - services.udev.packages = with pkgs; [platformio-core.udev]; - - environment.systemPackages = with pkgs; [ - neovim - git - nh - home-manager - docker-compose - ]; - - services.v2raya = { - enable = true; - cliPackage = pkgs.xray; - }; - - services.tailscale.enable = true; - - fonts = { - packages = with pkgs; [ - # icon fonts - material-design-icons - - # normal fonts - noto-fonts - noto-fonts-cjk-sans - noto-fonts-emoji - rubik - - # code font - nerd-fonts.fira-code - ]; - - enableDefaultPackages = false; - - # user defined fonts - # the reason there's Noto Color Emoji everywhere is to override DejaVu's - # B&W emojis that would sometimes show instead of some Color emojis - fontconfig.defaultFonts = { - serif = ["Noto Serif" "Noto Color Emoji"]; - sansSerif = ["Noto Sans" "Noto Color Emoji"]; - monospace = ["Sauce Code Pro Nerd Font"]; - emoji = ["Noto Color Emoji"]; - }; - }; - - programs.dconf.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; -} diff --git a/nixos/laptop/configuration.nix b/nixos/laptop/configuration.nix deleted file mode 100644 index 302d305..0000000 --- a/nixos/laptop/configuration.nix +++ /dev/null @@ -1,42 +0,0 @@ -{pkgs, ...}: { - # You can import other NixOS modules here - imports = [ - # If you want to use modules your own flake exports (from modules/nixos): - # outputs.nixosModules.example - - # Or modules from other flakes (such as nixos-hardware): - # inputs.hardware.nixosModules.common-cpu-amd - # inputs.hardware.nixosModules.common-ssd - - ../general.nix - ./hardware-configuration.nix - ../nixosModules/powerbutton.nix - ../nixosModules/docker.nix - ../nixosModules/greetd.nix - ./disk-config.nix - ]; - - # from nixosModules - pbutton.disable = true; - greetd.command = "Hyprland"; - - programs.gamescope = { - enable = true; - capSysNice = false; - }; - - time.timeZone = "Europe/Moscow"; - networking.hostName = "ltrr-mini"; - networking.hosts = { - "127.0.0.1" = ["mr.local" "local.oneln.ru"]; - "127.0.0.3" = ["local-api.oneln.ru"]; - }; - - programs.adb.enable = true; - services.udev.packages = [ - pkgs.android-udev-rules - ]; - - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "23.05"; -} diff --git a/nixos/laptop/disk-config.nix b/nixos/laptop/disk-config.nix deleted file mode 100644 index 825a147..0000000 --- a/nixos/laptop/disk-config.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/nvme0n1"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/laptop/hardware-configuration.nix b/nixos/laptop/hardware-configuration.nix deleted file mode 100644 index e63527d..0000000 --- a/nixos/laptop/hardware-configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - # boot.kernelParams = ["amdgpu.sg_display=0" "amdgpu.dcdebugmask=0x10"]; - boot.kernelParams = []; - boot.extraModulePackages = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - hardware.graphics = { - enable = true; - enable32Bit = true; - }; - hardware.amdgpu.initrd.enable = true; - - hardware.bluetooth.enable = true; -} diff --git a/nixos/nixosModules/default.nix b/nixos/nixosModules/default.nix deleted file mode 100644 index b6e02b4..0000000 --- a/nixos/nixosModules/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - imports = [ - ./user.nix - ./disks.nix - ./docker.nix - ./greetd.nix - ./stylix.nix - ./powerbutton.nix - ./printing.nix - ./kanata.nix - ./ly.nix - ]; -} diff --git a/nixos/nixosModules/disks.nix b/nixos/nixosModules/disks.nix deleted file mode 100644 index e7a374a..0000000 --- a/nixos/nixosModules/disks.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, config, lib, ... }: - -{ - options = { - disks.enable = lib.mkEnableOption "auto disk mount"; - }; - config = lib.mkIf config.disks.enable { - services = { - devmon.enable = true; - gvfs.enable = true; - udisks2 = { - enable = true; - mountOnMedia = true; - }; - }; - }; -} diff --git a/nixos/nixosModules/docker.nix b/nixos/nixosModules/docker.nix deleted file mode 100644 index 0536d7e..0000000 --- a/nixos/nixosModules/docker.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, config, lib, ... }: - -{ - options = { - docker.enable = lib.mkEnableOption "enable docker"; - }; - config = lib.mkIf config.docker.enable { - virtualisation.docker = { - enable = true; - liveRestore = true; - daemon.settings = { - bip = "172.20.0.1/16"; - default-address-pools = [{ - base = "172.20.0.0/8"; - size = 16; - }]; - }; - }; - }; -} diff --git a/nixos/nixosModules/exwm.nix b/nixos/nixosModules/exwm.nix deleted file mode 100644 index 84ed9c1..0000000 --- a/nixos/nixosModules/exwm.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, ... }: - -{ - options = { - exwm.enable = lib.mkEnableOption "enable exwm"; - }; - - config = lib.mkIf config.exwm.enable { - services.xserver = { - enable = true; - updateDbusEnvironment = true; - xkb = { - layout = "us,ru"; - options = "grp:win_space_toggle"; - }; - - displayManager.startx.enable = true; - }; - - services.libinput = { - enable = true; - touchpad = { - naturalScrolling = true; - disableWhileTyping = true; - }; - }; - # Hide the cursor when typing. - services.xbanish.enable = true; - }; -} diff --git a/nixos/nixosModules/greetd.nix b/nixos/nixosModules/greetd.nix deleted file mode 100644 index 305510f..0000000 --- a/nixos/nixosModules/greetd.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, config, lib, ... }: - -{ - options = { - greetd = { - enable = lib.mkEnableOption "enable greetd"; - command = lib.mkOption { type = lib.types.str; }; - }; - }; - config = lib.mkIf config.greetd.enable { - services.greetd = { - enable = true; - settings = { - terminal = { - vt = "next"; - }; - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -r --asterisks --user-menu -c ${config.greetd.command}"; - user = "jerpo"; - }; - }; - }; - }; -} diff --git a/nixos/nixosModules/kanata.nix b/nixos/nixosModules/kanata.nix deleted file mode 100644 index e6578f6..0000000 --- a/nixos/nixosModules/kanata.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, ... }: - -{ - options = { - kanata.enable = lib.mkEnableOption "enable kanata"; - }; - - config = lib.mkIf config.kanata.enable { - services.kanata = { - enable = true; - keyboards = { - board = { - config = '' - (defsrc - caps) - (defalias - caps lctrl) - (deflayer base - @caps) - ''; - }; - }; - }; - }; -} diff --git a/nixos/nixosModules/ly.nix b/nixos/nixosModules/ly.nix deleted file mode 100644 index c126493..0000000 --- a/nixos/nixosModules/ly.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, ... }: - -{ - options = { - ly.enable = lib.mkEnableOption "enable ly desktop manager"; - }; - - config = lib.mkIf config.ly.enable { - services.displayManager.ly = { - enable = true; - settings = { - save = true; - }; - }; - }; -} diff --git a/nixos/nixosModules/powerbutton.nix b/nixos/nixosModules/powerbutton.nix deleted file mode 100644 index 92ad60c..0000000 --- a/nixos/nixosModules/powerbutton.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, config, lib, ... }: - -{ - options = { - pbutton.disable = lib.mkEnableOption "enable pbutton"; - }; - config = lib.mkIf config.pbutton.disable { - services.logind.settings.Login = { - HandlePowerKey = "ignore"; - HandleLidSwitch = "suspend"; - HandleLidSwitchExternalPower = "suspend"; - }; - }; -} diff --git a/nixos/nixosModules/printing.nix b/nixos/nixosModules/printing.nix deleted file mode 100644 index 610e335..0000000 --- a/nixos/nixosModules/printing.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, config, lib, ... }: - -{ - options = { - printing.enable = lib.mkEnableOption "enable printing"; - }; - config = lib.mkIf config.printing.enable { - hardware.sane = { - enable = true; - extraBackends = [ pkgs.hplipWithPlugin ]; - }; - services = { - printing.enable = true; - printing.drivers = [ pkgs.hplipWithPlugin ]; - avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - }; - }; -} diff --git a/nixos/nixosModules/stylix.nix b/nixos/nixosModules/stylix.nix deleted file mode 100644 index 5969c4d..0000000 --- a/nixos/nixosModules/stylix.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, inputs, outputs, ... }: - -{ - imports = [ - inputs.stylix.nixosModules.stylix - ]; - - options = { - stylixConfig.enable = lib.mkEnableOption "enable stylix"; - }; - config = lib.mkIf config.stylixConfig.enable { - stylix = with outputs.homeConfigurations."jerpo@ltrr-mini".config.stylix; { - enable = true; - image = image; - base16Scheme = base16Scheme; - autoEnable = false; - targets.console.enable = true; - fonts = with fonts; { - serif = serif; - sansSerif = sansSerif; - monospace = monospace; - emoji = emoji; - }; - }; - }; -} diff --git a/nixos/nixosModules/user.nix b/nixos/nixosModules/user.nix deleted file mode 100644 index 2cfd597..0000000 --- a/nixos/nixosModules/user.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, config, lib, ... }: - -{ - options = { - user.enable = lib.mkEnableOption "default user configuration"; - }; - config = lib.mkIf config.user.enable { - programs.fish.enable = true; - users.users = { - jerpo = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" "input" "adbusers" "dialout" "uinput" "podman" ]; - }; - }; - - }; -} diff --git a/nixos/pc/configuration.nix b/nixos/pc/configuration.nix deleted file mode 100644 index 02a87e5..0000000 --- a/nixos/pc/configuration.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs, ... }: { - imports = [ - ../general.nix - ./hardware-configuration.nix - ../nixosModules/printing.nix - ../nixosModules/greetd.nix - ]; - - time.timeZone = "Asia/Yekaterinburg"; - networking.hostName = "ltrr"; - - - programs.adb.enable = true; - services.udev.packages = [ - pkgs.android-udev-rules - ]; - - services.xserver = { - enable = true; - displayManager.startx.enable = true; - }; - - services.openssh.enable = true; - security.polkit = { - enable = true; - }; - environment.systemPackages = with pkgs; [ - lxqt.lxqt-policykit - ]; - - greetd.command = "startx"; - - system.stateVersion = "24.11"; -} - - diff --git a/nixos/pc/configuration.nix~ b/nixos/pc/configuration.nix~ deleted file mode 100644 index b6fa0a7..0000000 --- a/nixos/pc/configuration.nix~ +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, outputs, lib, config, pkgs, ... }: { - imports = [ - ../general.nix - inputs.home-manager.nixosModules.home-manager - ]; - - time.timeZone = "Europe/Yekaterinburg"; - - services.xserver = { - enable = true; - }; -} diff --git a/nixos/pc/hardware-configuration.nix b/nixos/pc/hardware-configuration.nix deleted file mode 100644 index fd9ebda..0000000 --- a/nixos/pc/hardware-configuration.nix +++ /dev/null @@ -1,51 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/2560c5f6-6891-49b1-bc2d-6129b588da28"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/39A8-FADA"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/73feafe1-b069-41b0-b004-2f84dbbc3b51"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.graphics = { - enable = true; - enable32Bit = true; - }; - - # nvidia drivers - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia = { - modesetting.enable = true; - nvidiaSettings = true; - open = false; - }; -} diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix deleted file mode 100644 index 3ae272c..0000000 --- a/nixos/server/configuration.nix +++ /dev/null @@ -1,242 +0,0 @@ -{ - modulesPath, - lib, - pkgs, - config, - inputs, - outputs, - ... -}: let - domain = "kcu.su"; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - "${inputs.nixpkgs}/nixos/modules/services/web-apps/filebrowser.nix" - ./disk-config.nix - ../serverModules/nginx.nix - ../serverModules/directories.nix - ]; - - nixpkgs = { - overlays = [ - outputs.overlays.unstable-packages - ]; - config.allowUnfree = true; - }; - - sops = { - defaultSopsFile = ../../secrets/ltrr-home/secrets.yaml; - defaultSopsFormat = "yaml"; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - }; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - environment.systemPackages = with pkgs; [ - curl - gitMinimal - beets - ]; - - users.users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - }; - }; - - users.files = { - isNormalUser = true; - group = "files"; - extraGroups = [ - "music" - "images" - ]; - }; - createPaths = { - "/srv/files" = { - owner = "files"; - permissions = "0770"; - group = "files"; - subPaths = { - "music".group = "music"; - "images".group = "images"; - }; - }; - }; - - networking.hostName = "ltrr-home"; - networking.firewall = { - allowedTCPPorts = [80 5030 2049]; - allowedUDPPorts = [51820]; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "notspl3g+acme@duck.com"; - }; - - nginx = { - enable = true; - domain = domain; - - recommendedProxySettings = false; - subdomains = { - "slskd" = { - proxyPass = "http://127.0.0.1:${toString config.services.slskd.settings.web.port}"; - proxyWebsockets = true; - }; - "immich" = { - proxyPass = "http://localhost:${toString config.services.immich.port}"; - proxyWebsockets = true; - recommendedProxySettings = true; - extraConfig = '' - client_max_body_size 50000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - - "music".proxyPass = "http://127.0.0.1:5692"; - "navidrome".proxyPass = "http://127.0.0.1:4533"; - "files".proxyPass = "http://127.0.0.1:${toString config.services.filebrowser.settings.port}"; - "track".proxyPass = "http://127.0.0.1:7093"; - "tube".proxyPass = "http://127.0.0.1:5410"; - }; - }; - - sops.secrets.wg-private-key = { - restartUnits = ["wg-quick-wg0.service"]; - }; - networking.wg-quick = { - interfaces.wg0 = { - address = ["10.1.1.2/32"]; - listenPort = 51820; - - privateKeyFile = config.sops.secrets.wg-private-key.path; - - peers = [ - { - endpoint = "${domain}:51820"; - publicKey = "1RwEOL8br97Mujhz3fkfYKcxUFNHYAmt5JbWTbR3ihE="; - allowedIPs = ["10.1.1.1/32"]; - persistentKeepalive = 25; - } - ]; - }; - }; - - services.tailscale.enable = true; - - users.users.filebrowser.extraGroups = ["music" "images"]; - systemd.services.filebrowser.serviceConfig.SupplementaryGroups = ["music" "images"]; - services.filebrowser = { - enable = true; - group = "files"; - settings = { - root = "/srv/files"; - port = 9337; - }; - }; - - systemd.tmpfiles.rules = [ - "d /srv/files/slskd 0740 slskd music" - "d /opt/traggo/data" - "d /var/lib/traggo" - ]; - users.users.slskd.extraGroups = ["files"]; - services.slskd = { - enable = true; - environmentFile = "/var/lib/slskd/env"; - group = "music"; - settings = { - shares.directories = ["/srv/files/music"]; - directories.downloads = "/srv/files/slskd"; - }; - openFirewall = true; - domain = null; - }; - - sops.secrets.navidrome-env = { - restartUnits = ["navidrome.service"]; - }; - users.users.navidrome.extraGroups = ["files" "music"]; - services.navidrome = { - enable = true; - package = pkgs.unstable.navidrome; - settings = { - BaseUrl = "https://navidrome.${domain}"; - MusicFolder = "/srv/files/music"; - PlaylistsPath = "playlists"; - Scanner.PurgeMissing = "always"; - EnableSharing = true; - }; - environmentFile = config.sops.secrets.navidrome-env.path; - }; - - sops.secrets.xray-config = { - restartUnits = ["xray.service"]; - }; - services.xray = { - enable = true; - settingsFile = config.sops.secrets.xray-config.path; - }; - - services.invidious = { - enable = true; - address = "127.0.0.1"; - port = 5410; - domain = "tube.${domain}"; - settings = { - http_proxy = { - host = "127.0.0.1"; - port = 10801; - user = ""; - password = ""; - }; - }; - }; - - virtualisation.oci-containers.backend = "podman"; - virtualisation.oci-containers.containers = { - aonsoku = { - image = "ghcr.io/victoralvesf/aonsoku:latest"; - ports = [ - "127.0.0.1:5692:8080" - ]; - environment = { - SERVER_URL = "https://navidrome.${domain}"; - HIDE_SERVER = "true"; - }; - }; - - traggo = { - image = "traggo/server"; - ports = [ - "127.0.0.1:7093:3030" - ]; - environmentFiles = ["/var/lib/traggo/env"]; - workdir = "/opt/traggo/"; - volumes = [ - "/opt/traggo/data:/opt/traggo/data" - ]; - }; - }; - - services.immich = { - enable = true; - }; - - system.stateVersion = "24.05"; -} diff --git a/nixos/server/disk-config.nix b/nixos/server/disk-config.nix deleted file mode 100644 index 2495ada..0000000 --- a/nixos/server/disk-config.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sdb"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/server/hardware-configuration.nix b/nixos/server/hardware-configuration.nix deleted file mode 100644 index 926b7d7..0000000 --- a/nixos/server/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s29u1u3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/serverModules/directories.nix b/nixos/serverModules/directories.nix deleted file mode 100644 index f5c769f..0000000 --- a/nixos/serverModules/directories.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.createPaths; - pathAttrsToListRec = pathsAttrSet: parentPath: parentConfig: - lib.flatten (lib.mapAttrsToList (path: config: let - filteredConfig = lib.filterAttrs (n: v: v != null) (builtins.removeAttrs config ["subPaths"]); - out = - { - path = - if parentPath == "" - then path - else parentPath + "/" + path; - } - // parentConfig // filteredConfig; - in - if config ? subPaths - then [out] ++ (pathAttrsToListRec config.subPaths path filteredConfig) - else [out]) - pathsAttrSet); - pathConfig = { - options = { - group = mkOption { - type = types.nullOr types.str; - default = null; - }; - owner = mkOption { - type = types.nullOr types.str; - default = null; - }; - permissions = mkOption { - type = types.nullOr types.str; - default = null; - }; - subPaths = mkOption { - type = types.attrsOf (types.submodule pathConfig); - default = {}; - }; - }; - }; - pathList = pathAttrsToListRec cfg "" {}; -in rec { - options = { - createPaths = mkOption { - type = types.attrsOf (types.submodule { - options = { - group = mkOption { - type = types.nullOr types.str; - default = null; - }; - owner = mkOption { - type = types.nullOr types.str; - default = null; - }; - permissions = mkOption { - type = types.nullOr types.str; - default = null; - }; - subPaths = mkOption { - type = types.attrsOf (types.submodule pathConfig); - default = {}; - description = '' - SubPaths to create using systemd tmpfiles. - ''; - }; - }; - }); - default = {}; - description = '' - Paths to create using systemd tmpfiles. - ''; - }; - }; - - config = mkIf (cfg != {}) { - systemd.tmpfiles.rules = - map - (dir: "d ${dir.path} ${dir.permissions} ${dir.owner} ${dir.group}") - pathList; - - users = let - extraGroups = map (path: path.group) pathList; - in { - groups = genAttrs extraGroups (group: {}); - }; - }; -} diff --git a/nixos/serverModules/gonic.nix b/nixos/serverModules/gonic.nix deleted file mode 100644 index 6bdf984..0000000 --- a/nixos/serverModules/gonic.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.gonic; -in -{ - options = { - gonic = { - enable = mkEnableOption "enable gonic configuration"; - - listenAddr = mkOption { - type = types.str; - default = "127.0.0.1:4747"; - description = '' - Address that gonic will listen on. - ''; - }; - - extraGroups = mkOption { - type = types.listOf (types.str); - default = []; - description = '' - Additional groups for gonic. - ''; - }; - - musicPaths = mkOption { - type = types.listOf (types.str); - description = '' - Directories with music in it. - ''; - }; - - podcastsPath = mkOption { - type = types.str; - default = "${cfg.stateDir}/podcasts"; - description = '' - Directory for podcasts. - ''; - }; - - playlistsPath = mkOption { - type = types.str; - default = "${cfg.stateDir}/playlists"; - description = '' - Directory for playlists. - ''; - }; - - stateDir = mkOption { - type = types.str; - default = "/var/lib/gonic"; - description = '' - A directory where gonic will keep their files. - ''; - }; - - settings = mkOption { - default = {}; - description = '' - Additional gonic settings - ''; - }; - }; - }; - - config = mkIf cfg.enable { - nixpkgs.overlays = [ - (final: prev: { - ffmpeg = prev.ffmpeg-headless; - }) - ]; - - systemd.services.gonic.serviceConfig = { - SupplementaryGroups = cfg.extraGroups; - }; - - systemd.tmpfiles.rules = [ - "d ${cfg.stateDir} 0755 nobody nogroup" - "d ${cfg.podcastsPath} 0755 nobody nogroup" - "d ${cfg.playlistsPath} 0755 nobody nogroup" - ]; - - services.gonic = { - enable = true; - settings = { - listen-addr = cfg.listenAddr; - music-path = cfg.musicPaths; - playlists-path = [cfg.podcastsPath]; - podcast-path = [cfg.playlistsPath]; - db-path = ["${cfg.stateDir}/gonic.db"]; - } // cfg.settings; - }; - }; -} diff --git a/nixos/serverModules/nfs.nix b/nixos/serverModules/nfs.nix deleted file mode 100644 index f8186b6..0000000 --- a/nixos/serverModules/nfs.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.nfs; -in -{ - options = { - nfs.server = mkOption { - description = '' - NFS server configuration. - ''; - default = { enable = false; }; - type = types.submodule { - options = { - enable = mkEnableOption "Enable nfs server"; - exportsPath = mkOption { - type = types.str; - default = "/export"; - description = '' - A path to the dir, where exports will be binded. - ''; - }; - - defaultExportIps = mkOption { - type = types.listOf (types.str); - description = '' - A list of ip addresses, that will be used as default in exportDirs - ''; - }; - - defaultExportParams = mkOption { - type = types.str; - default = "rw,nohide,insecure,no_subtree_check"; - description = '' - Params, that will be used as default in exportDirs - ''; - }; - - exportDirs = mkOption { - description = '' - A list of directories to export. - ''; - type = types.listOf (types.submodule { - options = { - path = mkOption { - type = types.str; - description = '' - A path to the directory to export. - ''; - }; - exportPath = mkOption { - type = types.str; - default = ""; - description = '' - A path that will be binded to the export directory in the exportsPath. - ''; - }; - ips = mkOption { - type = types.listOf (types.str); - default = cfg.server.defaultExportIps; - description = '' - A list of ip addresses to export the dir to. - ''; - }; - params = mkOption { - type = types.str; - default = cfg.server.defaultExportParams; - description = '' - Params for the ip addresses. - ''; - }; - }; - }); - }; - }; - }; - }; - }; - - config = mkIf cfg.server.enable { - services.nfs.server = { - enable = true; - exports = "${cfg.server.exportsPath} ${concatMapStrings (ip: "${ip}(rw,fsid=0,no_subtree_check) ") cfg.server.defaultExportIps}\n" - + concatMapStrings - (dir: - let - ips = concatMapStrings (ip: "${ip}(${dir.params}) ") dir.ips; - exportPath = if dir.exportPath != "" then dir.exportPath else - baseNameOf dir.path; - in "${cfg.server.exportsPath}/${exportPath} ${ips}\n") - cfg.server.exportDirs; - }; - - systemd.tmpfiles.rules = [ - "d ${cfg.server.exportsPath} 0744 nobody nogroup" - ]; - - fileSystems = listToAttrs (map (exportDir: - let - exportPath = if exportDir.exportPath != "" then exportDir.exportPath else - baseNameOf exportDir.path; - fullExportPath = "${cfg.server.exportsPath}/${exportPath}"; - in - { - name = fullExportPath; - value = { - device = exportDir.path; - options = ["bind"]; - }; - }) cfg.server.exportDirs); - }; -} diff --git a/nixos/serverModules/nginx.nix b/nixos/serverModules/nginx.nix deleted file mode 100644 index 9e249d9..0000000 --- a/nixos/serverModules/nginx.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ pkgs, config, lib, ... }: -with lib; -let - vhostOptions = import (pkgs.path + "/nixos/modules/services/web-servers/nginx/vhost-options.nix"); - locationOptions = import (pkgs.path + "/nixos/modules/services/web-servers/nginx/location-options.nix"); - nginxOptions = import (pkgs.path + "/nixos/modules/services/web-servers/nginx/default.nix"); - cfg = config.nginx; -in -{ - options.nginx = { - enable = mkEnableOption "Enable nginx"; - - domain = mkOption { - type = types.str; - description = '' - Domain to use with subdomains - ''; - }; - - recommendedProxySettings = mkOption { - type = types.bool; - default = true; - description = '' - Enables global recommended proxy settings - ''; - }; - - subdomains = mkOption { - type = types.attrsOf (types.submodule (locationOptions { inherit config lib; })); - description = '' - Subdomains with nginx virtualHosts configuration - ''; - }; - - extraVirtualHosts = mkOption { - type = types.attrsOf (types.submodule (vhostOptions { inherit config lib; })); - default = {}; - }; - - home = { - virtualHosts = mkOption { - type = types.attrsOf (types.submodule (vhostOptions { inherit config lib; })); - default = {}; - description = '' - Virtual hosts from another nginx configuration, that will be used to decrypt ssl and forward traffic to another server. - Make sure that the connection between the two is secure. - ''; - }; - - subdomains = mkOption { - type = types.attrsOf (types.submodule (locationOptions { inherit config lib; })); - default = {}; - description = '' - Subdomains from another nginx configuration, that will be used to decrypt ssl and forward traffic to another server. - Make sure that the connection between the two is secure. - ''; - }; - - domain = mkOption { - type = types.str; - default = cfg.domain; - description = '' - Home domain, if no domain provided, the current will be used; - ''; - }; - - url = mkOption { - type = types.str; - default = ""; - description = '' - Url that requests would be passed to; - ''; - }; - }; - - acme = { - enable = mkEnableOption "enable acme certs"; - email = mkOption { - type = types.str; - default = "notspl3g+acme@duck.com"; - }; - }; - - extraConfig = mkOption { - type = types.attrsOf (types.submodule nginxOptions); - default = {}; - description = '' - Extra nginx config. - ''; - }; - }; - - config = mkIf cfg.enable { - security.acme = mkIf cfg.acme.enable { - acceptTerms = true; - defaults.email = cfg.acme.email; - }; - - users.groups.nginx = mkIf cfg.acme.enable {}; - users.users.nginx = mkIf cfg.acme.enable { - group = "nginx"; - extraGroups = [ "acme" ]; - isSystemUser = true; - }; - services.nginx = - let - ssl = { - forceSSL = cfg.acme.enable; - enableACME = cfg.acme.enable; - }; - - makeVhosts = (domain: subdomains: - lib.concatMapAttrs - (name: value: { ${name + "." + domain} = { locations."/" = value; } // ssl; }) - subdomains); - - homeRoutes = (homeVirtualHosts: homeUrl: - builtins.mapAttrs - (name: value: { - locations."/" = value.locations."/" // { - proxyPass = homeUrl; - recommendedProxySettings = true; - }; - } // ssl) - homeVirtualHosts); - - vhosts = (makeVhosts cfg.domain cfg.subdomains); - homeVhosts = (homeRoutes ((makeVhosts (cfg.home.domain) cfg.home.subdomains) // cfg.home.virtualHosts) cfg.home.url); - in { - enable = true; - recommendedProxySettings = cfg.recommendedProxySettings; - - virtualHosts = vhosts // homeVhosts // cfg.extraVirtualHosts; - } // cfg.extraConfig; - }; -} diff --git a/nixos/tw/configuration.nix b/nixos/tw/configuration.nix deleted file mode 100644 index 4078ba1..0000000 --- a/nixos/tw/configuration.nix +++ /dev/null @@ -1,159 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - outputs, - inputs, - ... -}: let - domain = "kcu.su"; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - "${inputs.nixpkgs}/nixos/modules/services/networking/headscale.nix" # replacing the options with ones for a newer version - ./disk-config.nix - ../serverModules/nginx.nix - ]; - - disabledModules = ["services/networking/headscale.nix"]; - - nixpkgs.overlays = [ - outputs.overlays.unstable-packages - ]; - - sops = { - defaultSopsFile = ../../secrets/ltrr-tw/secrets.yaml; - defaultSopsFormat = "yaml"; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - }; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - networking = { - interfaces.ens3 = { - ipv4.addresses = [ - { - address = "77.232.139.132"; - prefixLength = 24; - } - ]; - }; - defaultGateway = { - address = "77.232.139.1"; - interface = "ens3"; - }; - }; - - networking.nameservers = ["8.8.8.8" "1.1.1.1"]; - - networking.useDHCP = lib.mkDefault false; - - networking.hostName = "ltrr-tw"; - - services.openssh = { - enable = true; - }; - - environment.systemPackages = map lib.lowPrio [ - pkgs.curl - pkgs.gitMinimal - ]; - - users.users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - }; - }; - - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 2 * 1024; - } - ]; - - networking.nat = { - enable = true; - externalInterface = "ens3"; - internalInterfaces = ["wg0"]; - }; - - sops.secrets.wg-private-key = {}; - networking.wg-quick = { - interfaces.wg0 = { - address = ["10.1.1.1/32"]; - listenPort = 51820; - - privateKeyFile = config.sops.secrets.wg-private-key.path; - - preUp = "sysctl -w net.ipv4.ip_forward=1"; - - peers = [ - { - allowedIPs = ["10.1.1.2/32"]; - publicKey = "kzXzxJu1AdcRI5UwtGOrN6WuTZYqJo++PYRrXdOu/lY="; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - networking.firewall.allowedUDPPorts = [51820]; - - security.acme = { - acceptTerms = true; - defaults.email = "notspl3g+acme@duck.com"; - }; - - nginx = { - enable = true; - acme.enable = true; - - inherit domain; - subdomains = { - "headscale" = { - proxyPass = "http://127.0.0.1:8768"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; - - extraVirtualHosts = { - "_" = { - locations."/" = { - return = 444; - }; - }; - }; - - home = let - homeConfig = import ../server/configuration.nix {inherit modulesPath config lib pkgs;}; - in { - subdomains = homeConfig.nginx.subdomains; - url = "http://10.1.1.2"; - }; - }; - - services.headscale = { - enable = true; - package = pkgs.unstable.headscale; - port = 8768; - settings = { - server_url = "https://headscale.${domain}:443"; - dns = { - base_domain = "tailnet.${domain}"; - nameservers.global = ["8.8.8.8"]; - }; - }; - }; - - system.stateVersion = "24.05"; -} diff --git a/nixos/tw/disk-config.nix b/nixos/tw/disk-config.nix deleted file mode 100644 index 1641339..0000000 --- a/nixos/tw/disk-config.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: -{ - disko.devices = { - disk.disk1 = { - device = lib.mkDefault "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/vpn/configuration.nix b/nixos/vpn/configuration.nix deleted file mode 100644 index d7d794a..0000000 --- a/nixos/vpn/configuration.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - ... -}: let - domain = "kcu.su"; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ./disk-config.nix - ../serverModules/nginx.nix - ../serverModules/files.nix - ../serverModules/gonic.nix - ]; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - networking.firewall.allowedTCPPorts = [ - # http - 80 - 443 - # xray - 57625 - ]; - - networking.domain = domain; - networking.hostName = "ltrr-vpn"; - networking = { - interfaces.ens3 = { - ipv4.addresses = [ - { - address = "64.188.126.186"; - prefixLength = 32; - } - ]; - }; - defaultGateway = { - address = "100.64.0.1"; - interface = "ens3"; - }; - }; - - networking.useDHCP = lib.mkDefault false; - - networking.nameservers = ["8.8.8.8" "1.1.1.1"]; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - environment.systemPackages = map lib.lowPrio [ - pkgs.curl - pkgs.gitMinimal - ]; - - users.users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuQVHIGm2bfvhW16ZI/4hDK2X8W+ADbPLXwzKZIYXZL user@LAPTOP-72FMD6D0" - ]; - }; - }; - - nginx = { - enable = true; - acme.enable = true; - - inherit domain; - subdomains = { - "xray" = { - proxyPass = "http://127.0.0.1:2053"; - - extraConfig = " - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - proxy_redirect off; - "; - recommendedProxySettings = false; - }; - - "musicbrainz" = { - proxyPass = "https://musicbrainz.org"; - recommendedProxySettings = false; - extraConfig = " - proxy_set_header Host musicbrainz.org; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - "; - }; - }; - }; - - virtualisation.oci-containers = { - backend = "docker"; - containers.xui = { - image = "ghcr.io/mhsanaei/3x-ui:latest"; - ports = ["127.0.0.1:2053:2053" "57625:57625"]; - volumes = [ - "/root/x-ui:/etc/x-ui" - ]; - }; - }; - - system.stateVersion = "24.05"; -} diff --git a/nixos/vpn/disk-config.nix b/nixos/vpn/disk-config.nix deleted file mode 100644 index a51111a..0000000 --- a/nixos/vpn/disk-config.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: -{ - disko.devices = { - disk.disk1 = { - device = lib.mkDefault "/dev/vda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - }; -} |