added ivan
This commit is contained in:
emptyynes
parent
841dbc5bfc
commit
3032768cc9
5 changed files with 77 additions and 0 deletions
|
|
@ -6,6 +6,8 @@
|
|||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
defaultSSLListenPort = 444;
|
||||
|
||||
virtualHosts = {
|
||||
|
|
|
|||
14
servers/ivan/hardware-configuration.nix
Normal file
14
servers/ivan/hardware-configuration.nix
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
networking.hostName = "ivan";
|
||||
system.stateVersion = "25.05";
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg2GEI2xcR0E1LzJWDvF5eHNt93TcYy7W/qEI3XoVWr almiriqi@aqore-nix'' ];
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
}
|
||||
32
servers/ivan/main.nix
Normal file
32
servers/ivan/main.nix
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
{ config, pkgs, secret, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
services.yggdrasil.persistentKeys = true;
|
||||
marzban = {
|
||||
env = {
|
||||
UVICORN_HOST = "ivan.project-a.space";
|
||||
UVICORN_PORT = secret.marzban.port;
|
||||
SUDO_USERNAME = secret.marzban.sudo-username;
|
||||
SUDO_PASSWORD = secret.marzban.sudo-password;
|
||||
DOCS = true;
|
||||
};
|
||||
cert = true;
|
||||
domain = "ivan.project-a.space";
|
||||
xray = import ../common/xray.nix {
|
||||
server-domain = "ivan.project-a.space";
|
||||
port = secret.marzban.vless-port;
|
||||
dest = secret.marzban.dest;
|
||||
privateKey = secret.marzban.privateKey;
|
||||
shortId = secret.marzban.shortId;
|
||||
spiderX = secret.marzban.spiderX;
|
||||
sni = secret.marzban.sni;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
|
||||
}
|
||||
28
servers/ivan/nginx.nix
Normal file
28
servers/ivan/nginx.nix
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
security.acme.defaults.email = "project-a@project-a.space";
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
defaultSSLListenPort = 444;
|
||||
|
||||
streamConfig = ''
|
||||
map $ssl_preread_server_name $name {
|
||||
default marzban;
|
||||
}
|
||||
|
||||
upstream marzban {
|
||||
server 127.0.0.1:1080;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:443;
|
||||
listen [::0]:443;
|
||||
proxy_pass $name;
|
||||
ssl_preread on;
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue