Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

shitcoding moment

Browse source
This commit is contained in:
AlmiriQ 2025-12-01 13:47:27 +07:00
parent 8e31bd6c02
commit 58475e433e
28 changed files with 703 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

18
desktops/aqore-nix/bootloader.nix
View file

@ -2,25 +2,13 @@
{
boot = {
supportedFilesystems = [ "bcachefs" ];
initrd.kernelModules = [ "amdgpu" ];
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
enable = true;
device = "nodev";
efiSupport = true;
configurationLimit = 8;
gfxmodeEfi = "1920x1080";
forceInstall = true;
extraEntries = ''
menuentry "UEFI Firmware Setup" {
fwsetup
}
'';
};
};
loader.systemd-boot.enable = true;
};
}
}

3
desktops/aqore-nix/hardware/deco01-v3-driver.nix
View file

@ -5,7 +5,6 @@
libusb1,
glibc,
libGL,
xorg,
makeWrapper,
qtx11extras,
wrapQtAppsHook,
@ -78,4 +77,4 @@ in
platforms = [ "x86_64-linux" ];
license = licenses.unfree;
};
}
}

43
desktops/aqore-nix/hardware/graphics.nix
View file

@ -1,23 +1,40 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
hardware.amdgpu.opencl.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.graphics.extraPackages = with pkgs; [
rocmPackages.clr.icd
];
hardware.amdgpu.overdrive.enable = true;
hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
environment.systemPackages = with pkgs; [ lact ];
systemd.packages = with pkgs; [ lact ];
systemd.services.lact.wantedBy = [ "multi-user.target" ];
systemd.services.lact.enable = true;
programs.corectrl.enable = true;
environment.systemPackages = with pkgs.rocmPackages; [
rocblas
hipblas
clr
rocm-runtime
rocminfo
clr
hipcc
];
systemd.tmpfiles.rules =
let
rocmEnv = pkgs.symlinkJoin {
name = "rocm-combined";
paths = with pkgs.rocmPackages; [
rocblas
hipblas
clr
rocm-runtime
rocminfo
clr
hipcc
];
};
in [
"L+ /opt/rocm - - - - ${rocmEnv}"
];
}

60
desktops/aqore-nix/hardware/hardware-configuration.nix
View file

@ -4,35 +4,45 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a0aed18c-fc58-4285-96eb-7f169f79fd32";
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" ];
};
fileSystems."/" =
{ device = "UUID=997643ea-122d-447e-99a6-5409579bff71";
fsType = "bcachefs";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/D950-5ABC";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/24F0-6DE2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/d2a83fff-f8db-4b53-ab01-40ccfaf0dc3e";
fsType = "btrfs";
options = [ "compress=zstd" ];
};
fileSystems."/home" =
{ device = "UUID=d2d6508b-3660-486a-b3bf-91c05dbedf2f";
fsType = "bcachefs";
};
swapDevices = [ ];
fileSystems."/mnt/ssd" =
{ device = "UUID=940782e8-eb09-4453-bbaf-5892564af55e";
fsType = "bcachefs";
};
networking.useDHCP = lib.mkDefault true;
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

7
desktops/aqore-nix/main.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ ... }:
{
imports = [
@ -7,6 +7,7 @@
./packages.nix
./services/ssh.nix
./services/sudo.nix
./services/syncthing.nix
./hardware/hardware-configuration.nix
./hardware/audio.nix
./hardware/graphics.nix
@ -16,7 +17,9 @@
networking.hostName = "aqore-nix";
system.stateVersion = "25.05";
home-manager.backupFileExtension = "backup";
system.stateVersion = "25.11";
nix = {
settings = {

30
desktops/aqore-nix/packages.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, pkgs-unstable, ... }:
{ pkgs, pkgs-unstable, ... }:
{
nixpkgs.config.allowUnfree = true;
@ -9,12 +9,13 @@
services.desktopManager.plasma6.enable = true;
programs = {
amnezia-vpn.enable = true;
nix-ld.enable = true;
appimage = {
enable = true;
binfmt = true;
};
nekoray = {
throne = {
enable = true;
tunMode.enable = true;
};
@ -34,11 +35,8 @@
git.enable = true;
};
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
];
environment.systemPackages = with pkgs; [
# Internet
# Internet
telegram-desktop
qbittorrent
nicotine-plus
@ -47,14 +45,12 @@
# media
gimp
krita
jellyfin-media-player
vlc
audacity
qpwgraph
kdePackages.kdenlive
cava
# programming
sublime4
pkgs-unstable.zed-editor
firebase-tools
bun
nodejs
@ -64,6 +60,7 @@
gnumake
cmake
gcc
nixd
# games
prismlauncher
vcmi
@ -83,19 +80,18 @@
# wine, wayland and other crutches
wineWowPackages.stable
wineWowPackages.waylandFull
xwayland-satellite
pciutils
kdePackages.wallpaper-engine-plugin
kdePackages.qtwebengine
kdePackages.xwaylandvideobridge
(pkgs.libsForQt5.callPackage ./hardware/deco01-v3-driver.nix {})
(python3.withPackages (ps: with ps; [ websockets ]))
(python3.withPackages (ps: with ps; [
websockets
(ps.torch.override { rocmSupport = true; })
]))
];
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-color-emoji
nerd-fonts.fira-code
];
}
}

36
desktops/aqore-nix/services/syncthing.nix Normal file
View file

@ -0,0 +1,36 @@
{ ... }:
{
services = {
syncthing = {
enable = true;
group = "users";
user = "in5ar";
dataDir = "/home/in5ar/Documents";
configDir = "/home/in5ar/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"likho" = { id = "FGFH7II-IX7RTPY-VNDJRDJ-CILUQMZ-W3KVCNW-MPWCNZD-RJI4O54-G5HSQAN"; };
"reine" = { id = "6IJXCEC-SYB7HYK-CP6SVB2-SQI55YX-IYHBDWM-TIP3F6S-4CSXT4O-72YTWA3"; };
"lucren" = { id = "SRWLK27-BQ65MC3-QKUHDV2-UMSF2XH-5GZSSVL-NLKXV7X-R6DPUZY-Y2GQFQR"; };
};
folders = {
"albzx-qw9rs" = {
path = "/mnt/ssd/replica/Models/";
devices = [ "likho" ];
};
"alteya-music" = {
path = "/home/in5ar/Alteya/Music/";
devices = [ "reine" ];
};
"persona5" = {
path = "/home/in5ar/P5R/archives/";
devices = [ "lucren" ];
};
};
};
};
};
}

14
desktops/aqore-nix/users.nix
View file

@ -1,23 +1,19 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
users.groups.remote = {};
users.users = {
almiriqi = {
in5ar = {
isNormalUser = true;
description = "Almiriq!Iwasaki";
description = "IN5-AR";
extraGroups = [ "wheel" ];
initialPassword = "iqirimla";
shell = pkgs.fish;
};
maria = {
isNormalUser = true;
description = "Maria Arusu";
extraGroups = [ "wheel" "remote" ];
initialPassword = "airam";
};
root = {
initialPassword = "toor";
};
};
}
}

16
desktops/users/almiriqi/home.nix → desktops/users/in5ar/home.nix
View file

@ -1,20 +1,22 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
home.stateVersion = "25.05";
home.username = "almiriqi";
home.homeDirectory = "/home/almiriqi";
home.username = "in5ar";
home.homeDirectory = "/home/in5ar";
home.packages = (import ./packages.nix) pkgs;
fonts.fontconfig.enable = true;
programs.home-manager.enable = true;
programs.git = {
enable = true;
userName = "AlmiriQ";
userEmail = "al.quali.4ef@gmail.com";
settings.user = {
email = "al.quali.4ef@gmail.com";
name = "AlmiriQ";
};
};
}
}

0
desktops/users/almiriqi/packages.nix → desktops/users/in5ar/packages.nix
View file

31
flake.nix
View file

@ -2,7 +2,7 @@
description = "Project-A flake!";
inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs.url = "nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
secret.url = "git+ssh://forgejo@git.project-a.space/Project-A/project-secret.git";
@ -16,11 +16,7 @@
inputs.nixpkgs-unstable.follows = "nixpkgs-unstable";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
winapps = {
url = "github:winapps-org/winapps";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@ -32,7 +28,6 @@
project-a-software,
deploy-rs,
home-manager,
winapps,
secret,
...
}: let
@ -56,14 +51,13 @@
artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.nixosModules.marzban ]; };
reine = nixosServer { name = "reine"; modules = [ project-a-software.nixosModules.affine ]; };
ivan = nixosServer { name = "ivan"; modules = [ project-a-software.nixosModules.marzban ]; };
kotori = nixosServer { name = "kotori"; modules = [ project-a-software.nixosModules.marzban ]; };
mio = nixosServer { name = "mio"; modules = [ ]; };
wise = nixosServer { name = "wise"; modules = [ project-a-software.nixosModules.marzban ]; };
mio = nixosServer { name = "mio"; modules = [ project-a-software.nixosModules.marzban ]; };
kristine = nixosServer { name = "kristine"; modules = [ project-a-software.nixosModules.marzban ]; };
aqore-nix = nixpkgs.lib.nixosSystem {
system = linux64;
specialArgs = {
inherit winapps;
pkgs-unstable = import nixpkgs-unstable { system = linux64; config.allowUnfree = true; };
};
modules = [
@ -71,12 +65,10 @@
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.almiriqi = ./desktops/users/almiriqi/home.nix;
home-manager.users.in5ar = ./desktops/users/in5ar/home.nix;
}
({ pkgs, ... }: {
({ ... }: {
environment.systemPackages = [
winapps.packages."${linux64}".winapps
winapps.packages."${linux64}".winapps-launcher
deploy-rs.packages."${linux64}".deploy-rs
];
})
@ -105,7 +97,14 @@
sshOpts = [ "-p" "1004" ];
};
ivan = serverNode "ivan";
kotori = serverNode "kotori";
wise = {
hostname = "${"wise"}.project-a.space";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${"wise"};
};
sshUser = "root";
};
mio = serverNode "mio";
kristine = serverNode "kristine";
};
@ -130,4 +129,4 @@
}
);
};
}
}

21
servers/artemisia/hardware-configuration.nix
View file

@ -1,17 +1,8 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.grub.device = "/dev/vda";
initrd = {
kernelModules = [ "nvme" ];
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
};
tmp.cleanOnBoot = true;
};
fileSystems."/" = { device = "/dev/mapper/debian12--vg-root"; fsType = "ext4"; };
swapDevices = [ { device = "/dev/dm-1"; } ];
}
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
}

118
servers/artemisia/main.nix
View file

@ -11,7 +11,7 @@
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
services.yggdrasil.persistentKeys = false;
marzban = {
env = {
UVICORN_HOST = "artemisia.project-a.space";
@ -22,14 +22,106 @@
};
cert = true;
domain = "artemisia.project-a.space";
xray = import ../common/xray.nix {
server-domain = "artemisia.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = secret.marzban.vless-port;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = secret.marzban.dest;
xver = 0;
serverNames = secret.marzban.sni;
privateKey = secret.marzban.privateKey;
shortIds = [
secret.marzban.shortId
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
tag = "VMESS WS NOTLS";
listen = "0.0.0.0";
port = 8080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "ws";
wsSettings = {
path = "/";
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
{
protocol = "shadowsocks";
tag = "proxy";
settings = {
servers = [
{
address = "62.60.177.69";
port = 8443;
method = "aes-256-gcm";
password = "sosal?";
}
];
};
}
];
};
};
@ -37,5 +129,9 @@
temurin-jre-bin-24
];
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ];
}
programs = {
nix-ld.enable = true;
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 8080 ];
}

2
servers/common/sudo.nix
View file

@ -7,4 +7,4 @@
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
}
];
}
}

62
servers/common/xray.nix
View file

@ -17,34 +17,62 @@
};
inbounds = [
{
tag = "VLESS TCP REALITY";
tag = "VMESS WS Header NoTLS";
listen = "0.0.0.0";
port = port;
protocol = "vless";
port = 1080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = dest;
xver = 0;
serverNames = sni;
privateKey = privateKey;
shortIds = [
shortId
];
network = "ws";
wsSettings = {
path = "/";
headers = {
Host = "cloudflare.com";
};
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
# {
# tag = "VLESS TCP REALITY";
# listen = "0.0.0.0";
# port = port;
# protocol = "vless";
# settings = {
# clients = [];
# decryption = "none";
# };
# streamSettings = {
# network = "tcp";
# tcpSettings = {};
# security = "reality";
# realitySettings = {
# show = false;
# dest = dest;
# xver = 0;
# serverNames = sni;
# privateKey = privateKey;
# shortIds = [
# shortId
# ];
# };
# };
# sniffing = {
# enabled = true;
# destOverride = [ "http" "tls" "quic" ];
# };
# }
];
outbounds = [
{

100
servers/ivan/main.nix
View file

@ -5,7 +5,7 @@
./hardware-configuration.nix
./nginx.nix
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
@ -17,16 +17,94 @@
};
cert = true;
domain = "ivan.project-a.space";
xray = import ../common/xray.nix {
server-domain = "ivan.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = secret.marzban.vless-port;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = secret.marzban.dest;
xver = 0;
serverNames = secret.marzban.sni;
privateKey = secret.marzban.privateKey;
shortIds = [
secret.marzban.shortId
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
tag = "VMESS WS NOTLS";
listen = "0.0.0.0";
port = 8080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "ws";
wsSettings = {
path = "/";
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port 8080 ];
}

31
servers/kotori/hardware-configuration.nix
View file

@ -1,31 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "kotori";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "82.117.84.90";
prefixLength = 32;
}];
routes = [{
address = "10.0.0.1";
prefixLength = 32;
}];
};
};
defaultGateway = "10.0.0.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

11
servers/kotori/hysteria.nix
View file

@ -1,11 +0,0 @@
# { config, pkgs, secret, ... }:
# {
# # services.hysteria = {
# # enable = true;
# # server = {
# # enable = true;
# # openFirewall = true;
# # };
# # };
# }

37
servers/kotori/main.nix
View file

@ -1,37 +0,0 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
# ./hysteria.nix
];
environment.systemPackages = with pkgs; [
hysteria
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "kotori.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "kotori.project-a.space";
xray = import ../common/xray.nix {
server-domain = "kotori.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

57
servers/mio/main.nix
View file

@ -9,7 +9,58 @@
environment.systemPackages = with pkgs; [
pkgs-unstable.sing-box
];
marzban = {
env = {
UVICORN_HOST = "mio.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "mio.project-a.space";
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
];
};
inbounds = [
{
port = 8443;
tag = "Mr Penis Network";
protocol = "shadowsocks";
settings = {
method = "aes-128-gcm";
password = "sosal?";
network = "tcp,udp";
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port 8443 ];
services.yggdrasil.persistentKeys = true;
networking.firewall.allowedTCPPorts = [ 443 ];
}
}

2
servers/mio/nginx.nix
View file

@ -10,7 +10,7 @@
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
default marzban;
}
upstream marzban {

35
servers/reine/jellyfin.nix
View file

@ -6,10 +6,33 @@
openFirewall = true;
};
# services.jellyseerr = {
# enable = true;
# port = 5055;
# openFirewall = true;
# package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date
# };
hardware.graphics.enable = true;
hardware.graphics.extraPackages = with pkgs; [
libva
libvdpau
libva-vdpau-driver
libvdpau-va-gl
vaapiVdpau
mesa
libva-utils
vdpauinfo
];
environment.systemPackages = with pkgs; [
nvtopPackages.amd
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "radeonsi";
environment.sessionVariables = { LIBVA_DRIVER_NAME = "radeonsi"; };
users.users = {
jellyfin = {
isNormalUser = false;
description = "Jellyfin";
extraGroups = [ "render" "video" ];
};
};
}

5
servers/reine/main.nix
View file

@ -8,6 +8,7 @@
./qbittorrent.nix
./firewall.nix
./n8n.nix
./syncthing.nix
];
networking.hostName = "reine";
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
@ -35,8 +36,8 @@
revision = secret.affine.revision;
};
networking.firewall.allowedTCPPorts = [ 4001 ];
networking.firewall.allowedUDPPorts = [ 4001 ];
networking.firewall.allowedTCPPorts = [ 4001 8384 ];
networking.firewall.allowedUDPPorts = [ 4001 8384 ];
nixpkgs.config.allowUnfree = true;
}

24
servers/reine/nginx.nix
View file

@ -27,7 +27,29 @@
"cinema.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
locations."/" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
};
};
"dnd.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:7070";
proxyWebsockets = true;
};
};
"sd.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.0.2:7860";
proxyWebsockets = true;
};
};
};
};

28
servers/reine/syncthing.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }:
{
services = {
syncthing = {
enable = true;
group = "root";
user = "root";
dataDir = "/root/Documents";
configDir = "/root/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
guiAddress = "0.0.0.0:8384";
settings = {
devices = {
"guk" = { id = "AIM3KDW-FGUUPPN-NCQUJTL-ZG6QUN7-JRXFAMF-Q2JVBT7-BMTWL2R-BNHWWAW"; };
"aqore" = { id = "EN6MNT4-Y5WV2RG-L36OHCH-DJCXPKA-KAV4RZS-GP4OZNQ-OPBZ5XJ-QUFJCA7"; };
};
folders = {
"alteya-music" = {
path = "/home/jellyfin/Music/Alteya";
devices = [ "guk" "aqore" ];
};
};
};
};
};
}

9
servers/wise/hardware-configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/mapper/hk-root"; fsType = "ext4"; };
swapDevices = [ { device = "/dev/dm-0"; } ];
}

156
servers/wise/main.nix Normal file
View file

@ -0,0 +1,156 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
];
networking.hostName = "wise";
system.stateVersion = "25.05";
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "wise.project-a.space";
UVICORN_PORT = 1488;
SUDO_USERNAME = "wise-admin";
SUDO_PASSWORD = "ZgUrEmg3m#U5t+ryhbac";
DOCS = true;
};
cert = true;
domain = "wise.project-a.space";
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = 443;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = "vk.com:443";
xver = 0;
serverNames = [
"*.vk.com"
"*.vk.ru"
"*.userapi.com"
"*.vk-portal.net"
"*.yandex.net"
"*.yandex.ru"
"*.mail.ru"
"*.ozone.ru"
"*.ozon.ru"
"*.wildberries.ru"
"*.tbank.ru"
"*.alfabank.ru"
"*.sberbank.ru"
"*.2gis.ru"
"*.kinopoisk.ru"
"*.rutube.ru"
"*.mts.ru"
"*.beeline.ru"
"*.t2.ru"
"*.megafon.ru"
"*.mindbox.ru"
"*.yandexcloud.net"
"*.max.ru"
"dzen.ru"
"ok.ru"
"servicepipe.ru"
"nspk.ru"
"statad.ru"
"get4click.ru"
"tns-counter.ru"
"cdn.uxfeedback.ru"
"speller.yandex.net"
"widgets.cbonds.ru"
"www.magnit.com"
"vk.com"
"vk.ru"
"userapi.com"
"vk-portal.net"
"yandex.net"
"yandex.ru"
"mail.ru"
"ozone.ru"
"ozon.ru"
"wildberries.ru"
"tbank.ru"
"alfabank.ru"
"sberbank.ru"
"2gis.ru"
"kinopoisk.ru"
"rutube.ru"
"mts.ru"
"beeline.ru"
"t2.ru"
"megafon.ru"
"mindbox.ru"
"yandexcloud.net"
"cloudflare.com"
"max.ru"
];
privateKey = "uMLrAwrkba7AZ040JWwgX3lsCJFWAICW9diA5OIyOiI";
shortIds = [
"12f1c52fdfb49461"
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
port = 8443;
tag = "Mr Penis Network";
protocol = "shadowsocks";
settings = {
method = "aes-128-gcm";
password = "sosal?";
network = "tcp,udp";
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ 1488 443 8443 ];
}

5
servers/kotori/nginx.nix → servers/wise/nginx.nix
View file

@ -10,7 +10,6 @@
streamConfig = ''
map $ssl_preread_server_name $name {
nya.project-a.space hysteria;
default marzban;
}
@ -18,10 +17,6 @@
server 127.0.0.1:1080;
}
upstream hysteria {
server 127.0.0.1:445;
}
server {
listen 0.0.0.0:443;
proxy_pass $name;