diff --git a/desktops/aqore-nix/bootloader.nix b/desktops/aqore-nix/bootloader.nix index 36227f6..20a1b45 100644 --- a/desktops/aqore-nix/bootloader.nix +++ b/desktops/aqore-nix/bootloader.nix @@ -2,25 +2,13 @@ { boot = { + supportedFilesystems = [ "bcachefs" ]; initrd.kernelModules = [ "amdgpu" ]; loader = { efi = { canTouchEfiVariables = true; - efiSysMountPoint = "/boot/efi"; - }; - grub = { - enable = true; - device = "nodev"; - efiSupport = true; - configurationLimit = 8; - gfxmodeEfi = "1920x1080"; - forceInstall = true; - extraEntries = '' - menuentry "UEFI Firmware Setup" { - fwsetup - } - ''; }; }; + loader.systemd-boot.enable = true; }; -} \ No newline at end of file +} diff --git a/desktops/aqore-nix/hardware/deco01-v3-driver.nix b/desktops/aqore-nix/hardware/deco01-v3-driver.nix index 19dcddd..14b9446 100644 --- a/desktops/aqore-nix/hardware/deco01-v3-driver.nix +++ b/desktops/aqore-nix/hardware/deco01-v3-driver.nix @@ -5,7 +5,6 @@ libusb1, glibc, libGL, - xorg, makeWrapper, qtx11extras, wrapQtAppsHook, @@ -78,4 +77,4 @@ in platforms = [ "x86_64-linux" ]; license = licenses.unfree; }; - } \ No newline at end of file + } diff --git a/desktops/aqore-nix/hardware/graphics.nix b/desktops/aqore-nix/hardware/graphics.nix index 3dfaf98..070426d 100644 --- a/desktops/aqore-nix/hardware/graphics.nix +++ b/desktops/aqore-nix/hardware/graphics.nix @@ -1,23 +1,40 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { hardware.graphics.enable = true; hardware.graphics.enable32Bit = true; hardware.amdgpu.opencl.enable = true; - systemd.tmpfiles.rules = [ - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" - ]; - - hardware.graphics.extraPackages = with pkgs; [ - rocmPackages.clr.icd - ]; - hardware.amdgpu.overdrive.enable = true; hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff"; - environment.systemPackages = with pkgs; [ lact ]; - systemd.packages = with pkgs; [ lact ]; - systemd.services.lact.wantedBy = [ "multi-user.target" ]; - systemd.services.lact.enable = true; + programs.corectrl.enable = true; + + environment.systemPackages = with pkgs.rocmPackages; [ + rocblas + hipblas + clr + rocm-runtime + rocminfo + clr + hipcc + ]; + + systemd.tmpfiles.rules = + let + rocmEnv = pkgs.symlinkJoin { + name = "rocm-combined"; + paths = with pkgs.rocmPackages; [ + rocblas + hipblas + clr + rocm-runtime + rocminfo + clr + hipcc + ]; + }; + in [ + "L+ /opt/rocm - - - - ${rocmEnv}" + ]; } diff --git a/desktops/aqore-nix/hardware/hardware-configuration.nix b/desktops/aqore-nix/hardware/hardware-configuration.nix index b259967..9e1c055 100644 --- a/desktops/aqore-nix/hardware/hardware-configuration.nix +++ b/desktops/aqore-nix/hardware/hardware-configuration.nix @@ -4,35 +4,45 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/a0aed18c-fc58-4285-96eb-7f169f79fd32"; - fsType = "btrfs"; - options = [ "subvol=@" "compress=zstd" ]; - }; + fileSystems."/" = + { device = "UUID=997643ea-122d-447e-99a6-5409579bff71"; + fsType = "bcachefs"; + }; - fileSystems."/boot/efi" = { - device = "/dev/disk/by-uuid/D950-5ABC"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/24F0-6DE2"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/d2a83fff-f8db-4b53-ab01-40ccfaf0dc3e"; - fsType = "btrfs"; - options = [ "compress=zstd" ]; - }; + fileSystems."/home" = + { device = "UUID=d2d6508b-3660-486a-b3bf-91c05dbedf2f"; + fsType = "bcachefs"; + }; - swapDevices = [ ]; + fileSystems."/mnt/ssd" = + { device = "UUID=940782e8-eb09-4453-bbaf-5892564af55e"; + fsType = "bcachefs"; + }; - networking.useDHCP = lib.mkDefault true; + swapDevices = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} \ No newline at end of file + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/desktops/aqore-nix/main.nix b/desktops/aqore-nix/main.nix index 04de1ed..85103f7 100644 --- a/desktops/aqore-nix/main.nix +++ b/desktops/aqore-nix/main.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ @@ -7,6 +7,7 @@ ./packages.nix ./services/ssh.nix ./services/sudo.nix + ./services/syncthing.nix ./hardware/hardware-configuration.nix ./hardware/audio.nix ./hardware/graphics.nix @@ -16,7 +17,9 @@ networking.hostName = "aqore-nix"; - system.stateVersion = "25.05"; + home-manager.backupFileExtension = "backup"; + + system.stateVersion = "25.11"; nix = { settings = { diff --git a/desktops/aqore-nix/packages.nix b/desktops/aqore-nix/packages.nix index 24bfccf..709431e 100644 --- a/desktops/aqore-nix/packages.nix +++ b/desktops/aqore-nix/packages.nix @@ -1,4 +1,4 @@ -{ config, pkgs, pkgs-unstable, ... }: +{ pkgs, pkgs-unstable, ... }: { nixpkgs.config.allowUnfree = true; @@ -9,12 +9,13 @@ services.desktopManager.plasma6.enable = true; programs = { - amnezia-vpn.enable = true; + nix-ld.enable = true; + appimage = { enable = true; binfmt = true; }; - nekoray = { + throne = { enable = true; tunMode.enable = true; }; @@ -34,11 +35,8 @@ git.enable = true; }; - nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1w" - ]; environment.systemPackages = with pkgs; [ - # Internet + # Internet telegram-desktop qbittorrent nicotine-plus @@ -47,14 +45,12 @@ # media gimp krita - jellyfin-media-player vlc - audacity qpwgraph kdePackages.kdenlive cava # programming - sublime4 + pkgs-unstable.zed-editor firebase-tools bun nodejs @@ -64,6 +60,7 @@ gnumake cmake gcc + nixd # games prismlauncher vcmi @@ -83,19 +80,18 @@ # wine, wayland and other crutches wineWowPackages.stable wineWowPackages.waylandFull - xwayland-satellite pciutils kdePackages.wallpaper-engine-plugin - kdePackages.qtwebengine - kdePackages.xwaylandvideobridge - (pkgs.libsForQt5.callPackage ./hardware/deco01-v3-driver.nix {}) - (python3.withPackages (ps: with ps; [ websockets ])) + (python3.withPackages (ps: with ps; [ + websockets + (ps.torch.override { rocmSupport = true; }) + ])) ]; fonts.packages = with pkgs; [ noto-fonts noto-fonts-cjk-sans - noto-fonts-emoji + noto-fonts-color-emoji nerd-fonts.fira-code ]; -} \ No newline at end of file +} diff --git a/desktops/aqore-nix/services/syncthing.nix b/desktops/aqore-nix/services/syncthing.nix new file mode 100644 index 0000000..54a68b3 --- /dev/null +++ b/desktops/aqore-nix/services/syncthing.nix @@ -0,0 +1,36 @@ +{ ... }: + +{ + services = { + syncthing = { + enable = true; + group = "users"; + user = "in5ar"; + dataDir = "/home/in5ar/Documents"; + configDir = "/home/in5ar/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + "likho" = { id = "FGFH7II-IX7RTPY-VNDJRDJ-CILUQMZ-W3KVCNW-MPWCNZD-RJI4O54-G5HSQAN"; }; + "reine" = { id = "6IJXCEC-SYB7HYK-CP6SVB2-SQI55YX-IYHBDWM-TIP3F6S-4CSXT4O-72YTWA3"; }; + "lucren" = { id = "SRWLK27-BQ65MC3-QKUHDV2-UMSF2XH-5GZSSVL-NLKXV7X-R6DPUZY-Y2GQFQR"; }; + }; + folders = { + "albzx-qw9rs" = { + path = "/mnt/ssd/replica/Models/"; + devices = [ "likho" ]; + }; + "alteya-music" = { + path = "/home/in5ar/Alteya/Music/"; + devices = [ "reine" ]; + }; + "persona5" = { + path = "/home/in5ar/P5R/archives/"; + devices = [ "lucren" ]; + }; + }; + }; + }; + }; +} diff --git a/desktops/aqore-nix/users.nix b/desktops/aqore-nix/users.nix index cac6239..8f3ad8f 100644 --- a/desktops/aqore-nix/users.nix +++ b/desktops/aqore-nix/users.nix @@ -1,23 +1,19 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { users.groups.remote = {}; users.users = { - almiriqi = { + in5ar = { isNormalUser = true; - description = "Almiriq!Iwasaki"; + description = "IN5-AR"; extraGroups = [ "wheel" ]; - initialPassword = "iqirimla"; + shell = pkgs.fish; }; maria = { isNormalUser = true; description = "Maria Arusu"; extraGroups = [ "wheel" "remote" ]; - initialPassword = "airam"; - }; - root = { - initialPassword = "toor"; }; }; -} \ No newline at end of file +} diff --git a/desktops/users/almiriqi/home.nix b/desktops/users/in5ar/home.nix similarity index 54% rename from desktops/users/almiriqi/home.nix rename to desktops/users/in5ar/home.nix index bed7a97..a10cc55 100644 --- a/desktops/users/almiriqi/home.nix +++ b/desktops/users/in5ar/home.nix @@ -1,20 +1,22 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { home.stateVersion = "25.05"; - home.username = "almiriqi"; - home.homeDirectory = "/home/almiriqi"; + home.username = "in5ar"; + home.homeDirectory = "/home/in5ar"; home.packages = (import ./packages.nix) pkgs; fonts.fontconfig.enable = true; - + programs.home-manager.enable = true; programs.git = { enable = true; - userName = "AlmiriQ"; - userEmail = "al.quali.4ef@gmail.com"; + settings.user = { + email = "al.quali.4ef@gmail.com"; + name = "AlmiriQ"; + }; }; -} \ No newline at end of file +} diff --git a/desktops/users/almiriqi/packages.nix b/desktops/users/in5ar/packages.nix similarity index 100% rename from desktops/users/almiriqi/packages.nix rename to desktops/users/in5ar/packages.nix diff --git a/flake.nix b/flake.nix index dd94908..0f3fda0 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Project-A flake!"; inputs = { - nixpkgs.url = "nixpkgs/nixos-25.05"; + nixpkgs.url = "nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; secret.url = "git+ssh://forgejo@git.project-a.space/Project-A/project-secret.git"; @@ -16,11 +16,7 @@ inputs.nixpkgs-unstable.follows = "nixpkgs-unstable"; }; home-manager = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - winapps = { - url = "github:winapps-org/winapps"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -32,7 +28,6 @@ project-a-software, deploy-rs, home-manager, - winapps, secret, ... }: let @@ -56,14 +51,13 @@ artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.nixosModules.marzban ]; }; reine = nixosServer { name = "reine"; modules = [ project-a-software.nixosModules.affine ]; }; ivan = nixosServer { name = "ivan"; modules = [ project-a-software.nixosModules.marzban ]; }; - kotori = nixosServer { name = "kotori"; modules = [ project-a-software.nixosModules.marzban ]; }; - mio = nixosServer { name = "mio"; modules = [ ]; }; + wise = nixosServer { name = "wise"; modules = [ project-a-software.nixosModules.marzban ]; }; + mio = nixosServer { name = "mio"; modules = [ project-a-software.nixosModules.marzban ]; }; kristine = nixosServer { name = "kristine"; modules = [ project-a-software.nixosModules.marzban ]; }; aqore-nix = nixpkgs.lib.nixosSystem { system = linux64; specialArgs = { - inherit winapps; pkgs-unstable = import nixpkgs-unstable { system = linux64; config.allowUnfree = true; }; }; modules = [ @@ -71,12 +65,10 @@ home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.almiriqi = ./desktops/users/almiriqi/home.nix; + home-manager.users.in5ar = ./desktops/users/in5ar/home.nix; } - ({ pkgs, ... }: { + ({ ... }: { environment.systemPackages = [ - winapps.packages."${linux64}".winapps - winapps.packages."${linux64}".winapps-launcher deploy-rs.packages."${linux64}".deploy-rs ]; }) @@ -105,7 +97,14 @@ sshOpts = [ "-p" "1004" ]; }; ivan = serverNode "ivan"; - kotori = serverNode "kotori"; + wise = { + hostname = "${"wise"}.project-a.space"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${"wise"}; + }; + sshUser = "root"; + }; mio = serverNode "mio"; kristine = serverNode "kristine"; }; @@ -130,4 +129,4 @@ } ); }; -} \ No newline at end of file +} diff --git a/servers/artemisia/hardware-configuration.nix b/servers/artemisia/hardware-configuration.nix index 9d700d3..7cb8b51 100644 --- a/servers/artemisia/hardware-configuration.nix +++ b/servers/artemisia/hardware-configuration.nix @@ -1,17 +1,8 @@ { modulesPath, ... }: - { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - loader.grub.device = "/dev/vda"; - initrd = { - kernelModules = [ "nvme" ]; - availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - }; - tmp.cleanOnBoot = true; - }; - - fileSystems."/" = { device = "/dev/mapper/debian12--vg-root"; fsType = "ext4"; }; - swapDevices = [ { device = "/dev/dm-1"; } ]; -} \ No newline at end of file + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/vda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; }; +} diff --git a/servers/artemisia/main.nix b/servers/artemisia/main.nix index b78e38d..6e060ab 100644 --- a/servers/artemisia/main.nix +++ b/servers/artemisia/main.nix @@ -11,7 +11,7 @@ services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey; services.yggdrasil.persistentKeys = false; - + marzban = { env = { UVICORN_HOST = "artemisia.project-a.space"; @@ -22,14 +22,106 @@ }; cert = true; domain = "artemisia.project-a.space"; - xray = import ../common/xray.nix { - server-domain = "artemisia.project-a.space"; - port = secret.marzban.vless-port; - dest = secret.marzban.dest; - privateKey = secret.marzban.privateKey; - shortId = secret.marzban.shortId; - spiderX = secret.marzban.spiderX; - sni = secret.marzban.sni; + xray = { + log.loglevel = "warning"; + dns = { + servers = [ "1.1.1.1" ]; + queryStrategy = "UseIPv4"; + }; + routing = { + rules = [ + { + ip = [ "geoip:private" ]; + outboundTag = "BLOCK"; + type = "field"; + } + { + user = ["sayhex"]; + outboundTag = "proxy"; + type = "field"; + } + ]; + }; + inbounds = [ + { + tag = "VLESS TCP REALITY"; + listen = "0.0.0.0"; + port = secret.marzban.vless-port; + protocol = "vless"; + settings = { + clients = []; + decryption = "none"; + }; + streamSettings = { + network = "tcp"; + tcpSettings = {}; + security = "reality"; + realitySettings = { + show = false; + dest = secret.marzban.dest; + xver = 0; + serverNames = secret.marzban.sni; + privateKey = secret.marzban.privateKey; + shortIds = [ + secret.marzban.shortId + ]; + }; + }; + sniffing = { + enabled = true; + destOverride = [ "http" "tls" "quic" ]; + }; + } + { + tag = "VMESS WS NOTLS"; + listen = "0.0.0.0"; + port = 8080; + protocol = "vmess"; + settings = { + clients = []; + decryption = "none"; + }; + streamSettings = { + network = "ws"; + wsSettings = { + path = "/"; + }; + security = "none"; + }; + sniffing = { + enabled = true; + destOverride = [ + "http" + "tls" + "quic" + ]; + }; + } + ]; + outbounds = [ + { + protocol = "freedom"; + tag = "DIRECT"; + } + { + protocol = "blackhole"; + tag = "BLOCK"; + } + { + protocol = "shadowsocks"; + tag = "proxy"; + settings = { + servers = [ + { + address = "62.60.177.69"; + port = 8443; + method = "aes-256-gcm"; + password = "sosal?"; + } + ]; + }; + } + ]; }; }; @@ -37,5 +129,9 @@ temurin-jre-bin-24 ]; - networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ]; -} \ No newline at end of file + programs = { + nix-ld.enable = true; + }; + + networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 8080 ]; +} diff --git a/servers/common/sudo.nix b/servers/common/sudo.nix index 81cc759..080eff0 100644 --- a/servers/common/sudo.nix +++ b/servers/common/sudo.nix @@ -7,4 +7,4 @@ commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; -} \ No newline at end of file +} diff --git a/servers/common/xray.nix b/servers/common/xray.nix index 71d6741..3314a04 100644 --- a/servers/common/xray.nix +++ b/servers/common/xray.nix @@ -17,34 +17,62 @@ }; inbounds = [ { - tag = "VLESS TCP REALITY"; + tag = "VMESS WS Header NoTLS"; listen = "0.0.0.0"; - port = port; - protocol = "vless"; + port = 1080; + protocol = "vmess"; settings = { clients = []; decryption = "none"; }; streamSettings = { - network = "tcp"; - tcpSettings = {}; - security = "reality"; - realitySettings = { - show = false; - dest = dest; - xver = 0; - serverNames = sni; - privateKey = privateKey; - shortIds = [ - shortId - ]; + network = "ws"; + wsSettings = { + path = "/"; + headers = { + Host = "cloudflare.com"; + }; }; + security = "none"; }; sniffing = { - enabled = true; - destOverride = [ "http" "tls" "quic" ]; + enabled = true; + destOverride = [ + "http" + "tls" + "quic" + ]; }; } + # { + # tag = "VLESS TCP REALITY"; + # listen = "0.0.0.0"; + # port = port; + # protocol = "vless"; + # settings = { + # clients = []; + # decryption = "none"; + # }; + # streamSettings = { + # network = "tcp"; + # tcpSettings = {}; + # security = "reality"; + # realitySettings = { + # show = false; + # dest = dest; + # xver = 0; + # serverNames = sni; + # privateKey = privateKey; + # shortIds = [ + # shortId + # ]; + # }; + # }; + # sniffing = { + # enabled = true; + # destOverride = [ "http" "tls" "quic" ]; + # }; + # } ]; outbounds = [ { diff --git a/servers/ivan/main.nix b/servers/ivan/main.nix index 02bd6b4..7ed8f52 100644 --- a/servers/ivan/main.nix +++ b/servers/ivan/main.nix @@ -5,7 +5,7 @@ ./hardware-configuration.nix ./nginx.nix ]; - + services.yggdrasil.persistentKeys = true; marzban = { env = { @@ -17,16 +17,94 @@ }; cert = true; domain = "ivan.project-a.space"; - xray = import ../common/xray.nix { - server-domain = "ivan.project-a.space"; - port = secret.marzban.vless-port; - dest = secret.marzban.dest; - privateKey = secret.marzban.privateKey; - shortId = secret.marzban.shortId; - spiderX = secret.marzban.spiderX; - sni = secret.marzban.sni; + xray = { + log.loglevel = "warning"; + dns = { + servers = [ "1.1.1.1" ]; + queryStrategy = "UseIPv4"; + }; + routing = { + rules = [ + { + ip = [ "geoip:private" ]; + outboundTag = "BLOCK"; + type = "field"; + } + { + user = ["sayhex"]; + outboundTag = "proxy"; + type = "field"; + } + ]; + }; + inbounds = [ + { + tag = "VLESS TCP REALITY"; + listen = "0.0.0.0"; + port = secret.marzban.vless-port; + protocol = "vless"; + settings = { + clients = []; + decryption = "none"; + }; + streamSettings = { + network = "tcp"; + tcpSettings = {}; + security = "reality"; + realitySettings = { + show = false; + dest = secret.marzban.dest; + xver = 0; + serverNames = secret.marzban.sni; + privateKey = secret.marzban.privateKey; + shortIds = [ + secret.marzban.shortId + ]; + }; + }; + sniffing = { + enabled = true; + destOverride = [ "http" "tls" "quic" ]; + }; + } + { + tag = "VMESS WS NOTLS"; + listen = "0.0.0.0"; + port = 8080; + protocol = "vmess"; + settings = { + clients = []; + decryption = "none"; + }; + streamSettings = { + network = "ws"; + wsSettings = { + path = "/"; + }; + security = "none"; + }; + sniffing = { + enabled = true; + destOverride = [ + "http" + "tls" + "quic" + ]; + }; + } + ]; + outbounds = [ + { + protocol = "freedom"; + tag = "DIRECT"; + } + { + protocol = "blackhole"; + tag = "BLOCK"; + } + ]; }; }; - networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ]; -} \ No newline at end of file + networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port 8080 ]; +} diff --git a/servers/kotori/hardware-configuration.nix b/servers/kotori/hardware-configuration.nix deleted file mode 100644 index b25b7e7..0000000 --- a/servers/kotori/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub.device = "/dev/vda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; }; - - networking = { - hostName = "kotori"; - interfaces.ens3 = { - useDHCP = false; - ipv4 = { - addresses = [{ - address = "82.117.84.90"; - prefixLength = 32; - }]; - routes = [{ - address = "10.0.0.1"; - prefixLength = 32; - }]; - }; - }; - defaultGateway = "10.0.0.1"; - nameservers = ["1.1.1.1"]; - }; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - system.stateVersion = "25.05"; -} \ No newline at end of file diff --git a/servers/kotori/hysteria.nix b/servers/kotori/hysteria.nix deleted file mode 100644 index 0208769..0000000 --- a/servers/kotori/hysteria.nix +++ /dev/null @@ -1,11 +0,0 @@ -# { config, pkgs, secret, ... }: - -# { -# # services.hysteria = { -# # enable = true; -# # server = { -# # enable = true; -# # openFirewall = true; -# # }; -# # }; -# } \ No newline at end of file diff --git a/servers/kotori/main.nix b/servers/kotori/main.nix deleted file mode 100644 index 62f4dd6..0000000 --- a/servers/kotori/main.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, secret, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ./nginx.nix - # ./hysteria.nix - ]; - - environment.systemPackages = with pkgs; [ - hysteria - ]; - - services.yggdrasil.persistentKeys = true; - marzban = { - env = { - UVICORN_HOST = "kotori.project-a.space"; - UVICORN_PORT = secret.marzban.port; - SUDO_USERNAME = secret.marzban.sudo-username; - SUDO_PASSWORD = secret.marzban.sudo-password; - DOCS = true; - }; - cert = true; - domain = "kotori.project-a.space"; - xray = import ../common/xray.nix { - server-domain = "kotori.project-a.space"; - port = secret.marzban.vless-port; - dest = secret.marzban.dest; - privateKey = secret.marzban.privateKey; - shortId = secret.marzban.shortId; - spiderX = secret.marzban.spiderX; - sni = secret.marzban.sni; - }; - }; - - networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ]; -} \ No newline at end of file diff --git a/servers/mio/main.nix b/servers/mio/main.nix index 3fcb0f0..23e510a 100644 --- a/servers/mio/main.nix +++ b/servers/mio/main.nix @@ -9,7 +9,58 @@ environment.systemPackages = with pkgs; [ pkgs-unstable.sing-box ]; - + + marzban = { + env = { + UVICORN_HOST = "mio.project-a.space"; + UVICORN_PORT = secret.marzban.port; + SUDO_USERNAME = secret.marzban.sudo-username; + SUDO_PASSWORD = secret.marzban.sudo-password; + DOCS = true; + }; + cert = true; + domain = "mio.project-a.space"; + xray = { + log.loglevel = "warning"; + dns = { + servers = [ "1.1.1.1" ]; + queryStrategy = "UseIPv4"; + }; + routing = { + rules = [ + { + ip = [ "geoip:private" ]; + outboundTag = "BLOCK"; + type = "field"; + } + ]; + }; + inbounds = [ + { + port = 8443; + tag = "Mr Penis Network"; + protocol = "shadowsocks"; + settings = { + method = "aes-128-gcm"; + password = "sosal?"; + network = "tcp,udp"; + }; + } + ]; + outbounds = [ + { + protocol = "freedom"; + tag = "DIRECT"; + } + { + protocol = "blackhole"; + tag = "BLOCK"; + } + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ secret.marzban.port 8443 ]; + services.yggdrasil.persistentKeys = true; - networking.firewall.allowedTCPPorts = [ 443 ]; -} \ No newline at end of file +} diff --git a/servers/mio/nginx.nix b/servers/mio/nginx.nix index 2af6b61..bd21fb1 100644 --- a/servers/mio/nginx.nix +++ b/servers/mio/nginx.nix @@ -10,7 +10,7 @@ streamConfig = '' map $ssl_preread_server_name $name { - default marzban; + default marzban; } upstream marzban { diff --git a/servers/reine/jellyfin.nix b/servers/reine/jellyfin.nix index e7c0570..9dea039 100644 --- a/servers/reine/jellyfin.nix +++ b/servers/reine/jellyfin.nix @@ -6,10 +6,33 @@ openFirewall = true; }; - # services.jellyseerr = { - # enable = true; - # port = 5055; - # openFirewall = true; - # package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date - # }; + hardware.graphics.enable = true; + + hardware.graphics.extraPackages = with pkgs; [ + libva + libvdpau + libva-vdpau-driver + libvdpau-va-gl + vaapiVdpau + mesa + libva-utils + vdpauinfo + ]; + environment.systemPackages = with pkgs; [ + nvtopPackages.amd + jellyfin + jellyfin-web + jellyfin-ffmpeg + ]; + + systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "radeonsi"; + environment.sessionVariables = { LIBVA_DRIVER_NAME = "radeonsi"; }; + + users.users = { + jellyfin = { + isNormalUser = false; + description = "Jellyfin"; + extraGroups = [ "render" "video" ]; + }; + }; } \ No newline at end of file diff --git a/servers/reine/main.nix b/servers/reine/main.nix index b4a6d8e..9626993 100644 --- a/servers/reine/main.nix +++ b/servers/reine/main.nix @@ -8,6 +8,7 @@ ./qbittorrent.nix ./firewall.nix ./n8n.nix + ./syncthing.nix ]; networking.hostName = "reine"; services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey; @@ -35,8 +36,8 @@ revision = secret.affine.revision; }; - networking.firewall.allowedTCPPorts = [ 4001 ]; - networking.firewall.allowedUDPPorts = [ 4001 ]; + networking.firewall.allowedTCPPorts = [ 4001 8384 ]; + networking.firewall.allowedUDPPorts = [ 4001 8384 ]; nixpkgs.config.allowUnfree = true; } \ No newline at end of file diff --git a/servers/reine/nginx.nix b/servers/reine/nginx.nix index 6a5ee43..6e42052 100644 --- a/servers/reine/nginx.nix +++ b/servers/reine/nginx.nix @@ -27,7 +27,29 @@ "cinema.project-a.space" = { forceSSL = true; enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; + + locations."/" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; + }; + }; + "dnd.project-a.space" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://localhost:7070"; + proxyWebsockets = true; + }; + }; + "sd.project-a.space" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://192.168.0.2:7860"; + proxyWebsockets = true; + }; }; }; }; diff --git a/servers/reine/syncthing.nix b/servers/reine/syncthing.nix new file mode 100644 index 0000000..6ece8a7 --- /dev/null +++ b/servers/reine/syncthing.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + services = { + syncthing = { + enable = true; + group = "root"; + user = "root"; + dataDir = "/root/Documents"; + configDir = "/root/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; + guiAddress = "0.0.0.0:8384"; + settings = { + devices = { + "guk" = { id = "AIM3KDW-FGUUPPN-NCQUJTL-ZG6QUN7-JRXFAMF-Q2JVBT7-BMTWL2R-BNHWWAW"; }; + "aqore" = { id = "EN6MNT4-Y5WV2RG-L36OHCH-DJCXPKA-KAV4RZS-GP4OZNQ-OPBZ5XJ-QUFJCA7"; }; + }; + folders = { + "alteya-music" = { + path = "/home/jellyfin/Music/Alteya"; + devices = [ "guk" "aqore" ]; + }; + }; + }; + }; + }; +} diff --git a/servers/wise/hardware-configuration.nix b/servers/wise/hardware-configuration.nix new file mode 100644 index 0000000..b6c6941 --- /dev/null +++ b/servers/wise/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/mapper/hk-root"; fsType = "ext4"; }; + swapDevices = [ { device = "/dev/dm-0"; } ]; +} \ No newline at end of file diff --git a/servers/wise/main.nix b/servers/wise/main.nix new file mode 100644 index 0000000..c2c80d5 --- /dev/null +++ b/servers/wise/main.nix @@ -0,0 +1,156 @@ +{ config, pkgs, secret, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + networking.hostName = "wise"; + system.stateVersion = "25.05"; + + services.yggdrasil.persistentKeys = true; + + marzban = { + env = { + UVICORN_HOST = "wise.project-a.space"; + UVICORN_PORT = 1488; + SUDO_USERNAME = "wise-admin"; + SUDO_PASSWORD = "ZgUrEmg3m#U5t+ryhbac"; + DOCS = true; + }; + cert = true; + domain = "wise.project-a.space"; + xray = { + log.loglevel = "warning"; + dns = { + servers = [ "1.1.1.1" ]; + queryStrategy = "UseIPv4"; + }; + routing = { + rules = [ + { + ip = [ "geoip:private" ]; + outboundTag = "BLOCK"; + type = "field"; + } + { + user = ["sayhex"]; + outboundTag = "proxy"; + type = "field"; + } + ]; + }; + inbounds = [ + { + tag = "VLESS TCP REALITY"; + listen = "0.0.0.0"; + port = 443; + protocol = "vless"; + settings = { + clients = []; + decryption = "none"; + }; + streamSettings = { + network = "tcp"; + tcpSettings = {}; + security = "reality"; + realitySettings = { + show = false; + dest = "vk.com:443"; + xver = 0; + serverNames = [ + "*.vk.com" + "*.vk.ru" + "*.userapi.com" + "*.vk-portal.net" + "*.yandex.net" + "*.yandex.ru" + "*.mail.ru" + "*.ozone.ru" + "*.ozon.ru" + "*.wildberries.ru" + "*.tbank.ru" + "*.alfabank.ru" + "*.sberbank.ru" + "*.2gis.ru" + "*.kinopoisk.ru" + "*.rutube.ru" + "*.mts.ru" + "*.beeline.ru" + "*.t2.ru" + "*.megafon.ru" + "*.mindbox.ru" + "*.yandexcloud.net" + "*.max.ru" + "dzen.ru" + "ok.ru" + "servicepipe.ru" + "nspk.ru" + "statad.ru" + "get4click.ru" + "tns-counter.ru" + "cdn.uxfeedback.ru" + "speller.yandex.net" + "widgets.cbonds.ru" + "www.magnit.com" + "vk.com" + "vk.ru" + "userapi.com" + "vk-portal.net" + "yandex.net" + "yandex.ru" + "mail.ru" + "ozone.ru" + "ozon.ru" + "wildberries.ru" + "tbank.ru" + "alfabank.ru" + "sberbank.ru" + "2gis.ru" + "kinopoisk.ru" + "rutube.ru" + "mts.ru" + "beeline.ru" + "t2.ru" + "megafon.ru" + "mindbox.ru" + "yandexcloud.net" + "cloudflare.com" + "max.ru" + ]; + privateKey = "uMLrAwrkba7AZ040JWwgX3lsCJFWAICW9diA5OIyOiI"; + shortIds = [ + "12f1c52fdfb49461" + ]; + }; + }; + sniffing = { + enabled = true; + destOverride = [ "http" "tls" "quic" ]; + }; + } + { + port = 8443; + tag = "Mr Penis Network"; + protocol = "shadowsocks"; + settings = { + method = "aes-128-gcm"; + password = "sosal?"; + network = "tcp,udp"; + }; + } + ]; + outbounds = [ + { + protocol = "freedom"; + tag = "DIRECT"; + } + { + protocol = "blackhole"; + tag = "BLOCK"; + } + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ 1488 443 8443 ]; +} \ No newline at end of file diff --git a/servers/kotori/nginx.nix b/servers/wise/nginx.nix similarity index 84% rename from servers/kotori/nginx.nix rename to servers/wise/nginx.nix index 22e08cd..bd21fb1 100644 --- a/servers/kotori/nginx.nix +++ b/servers/wise/nginx.nix @@ -10,7 +10,6 @@ streamConfig = '' map $ssl_preread_server_name $name { - nya.project-a.space hysteria; default marzban; } @@ -18,10 +17,6 @@ server 127.0.0.1:1080; } - upstream hysteria { - server 127.0.0.1:445; - } - server { listen 0.0.0.0:443; proxy_pass $name;