Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added ivan

Browse source
This commit is contained in:
emptyynes 2025-09-24 17:51:19 +07:00
parent 841dbc5bfc
commit 3032768cc9
5 changed files with 77 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -44,6 +44,7 @@
artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.marzban ]; }; artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.marzban ]; };
reine = nixosServer { name = "reine"; modules = [ project-a-software.affine ]; }; reine = nixosServer { name = "reine"; modules = [ project-a-software.affine ]; };
mio = nixosServer { name = "mio"; modules = [ project-a-software.marzban ]; }; mio = nixosServer { name = "mio"; modules = [ project-a-software.marzban ]; };
ivan = nixosServer { name = "ivan"; modules = [ project-a-software.marzban ]; };
vanessa = nixosServer { name = "vanessa"; modules = [ project-a-software.marzban ]; }; vanessa = nixosServer { name = "vanessa"; modules = [ project-a-software.marzban ]; };
aqore-nix = nixpkgs.lib.nixosSystem { aqore-nix = nixpkgs.lib.nixosSystem {

2
servers/artemisia/nginx.nix
View file

@ -6,6 +6,8 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
defaultSSLListenPort = 444; defaultSSLListenPort = 444;
virtualHosts = { virtualHosts = {

14
servers/ivan/hardware-configuration.nix Normal file
View file

@ -0,0 +1,14 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
networking.hostName = "ivan";
system.stateVersion = "25.05";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg2GEI2xcR0E1LzJWDvF5eHNt93TcYy7W/qEI3XoVWr almiriqi@aqore-nix'' ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
}

32
servers/ivan/main.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "ivan.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "ivan.project-a.space";
xray = import ../common/xray.nix {
server-domain = "ivan.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

28
servers/ivan/nginx.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
defaultSSLListenPort = 444;
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
}
upstream marzban {
server 127.0.0.1:1080;
}
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
}
'';
};
}