Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

shitcoding moment

Browse source
This commit is contained in:
AlmiriQ 2025-12-01 13:47:27 +07:00
parent 8e31bd6c02
commit 58475e433e
28 changed files with 703 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

21
servers/artemisia/hardware-configuration.nix
View file

@ -1,17 +1,8 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.grub.device = "/dev/vda";
initrd = {
kernelModules = [ "nvme" ];
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
};
tmp.cleanOnBoot = true;
};
fileSystems."/" = { device = "/dev/mapper/debian12--vg-root"; fsType = "ext4"; };
swapDevices = [ { device = "/dev/dm-1"; } ];
}
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
}

118
servers/artemisia/main.nix
View file

@ -11,7 +11,7 @@
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
services.yggdrasil.persistentKeys = false;
marzban = {
env = {
UVICORN_HOST = "artemisia.project-a.space";
@ -22,14 +22,106 @@
};
cert = true;
domain = "artemisia.project-a.space";
xray = import ../common/xray.nix {
server-domain = "artemisia.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = secret.marzban.vless-port;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = secret.marzban.dest;
xver = 0;
serverNames = secret.marzban.sni;
privateKey = secret.marzban.privateKey;
shortIds = [
secret.marzban.shortId
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
tag = "VMESS WS NOTLS";
listen = "0.0.0.0";
port = 8080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "ws";
wsSettings = {
path = "/";
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
{
protocol = "shadowsocks";
tag = "proxy";
settings = {
servers = [
{
address = "62.60.177.69";
port = 8443;
method = "aes-256-gcm";
password = "sosal?";
}
];
};
}
];
};
};
@ -37,5 +129,9 @@
temurin-jre-bin-24
];
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ];
}
programs = {
nix-ld.enable = true;
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 8080 ];
}

2
servers/common/sudo.nix
View file

@ -7,4 +7,4 @@
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
}
];
}
}

62
servers/common/xray.nix
View file

@ -17,34 +17,62 @@
};
inbounds = [
{
tag = "VLESS TCP REALITY";
tag = "VMESS WS Header NoTLS";
listen = "0.0.0.0";
port = port;
protocol = "vless";
port = 1080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = dest;
xver = 0;
serverNames = sni;
privateKey = privateKey;
shortIds = [
shortId
];
network = "ws";
wsSettings = {
path = "/";
headers = {
Host = "cloudflare.com";
};
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
# {
# tag = "VLESS TCP REALITY";
# listen = "0.0.0.0";
# port = port;
# protocol = "vless";
# settings = {
# clients = [];
# decryption = "none";
# };
# streamSettings = {
# network = "tcp";
# tcpSettings = {};
# security = "reality";
# realitySettings = {
# show = false;
# dest = dest;
# xver = 0;
# serverNames = sni;
# privateKey = privateKey;
# shortIds = [
# shortId
# ];
# };
# };
# sniffing = {
# enabled = true;
# destOverride = [ "http" "tls" "quic" ];
# };
# }
];
outbounds = [
{

100
servers/ivan/main.nix
View file

@ -5,7 +5,7 @@
./hardware-configuration.nix
./nginx.nix
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
@ -17,16 +17,94 @@
};
cert = true;
domain = "ivan.project-a.space";
xray = import ../common/xray.nix {
server-domain = "ivan.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = secret.marzban.vless-port;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = secret.marzban.dest;
xver = 0;
serverNames = secret.marzban.sni;
privateKey = secret.marzban.privateKey;
shortIds = [
secret.marzban.shortId
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
tag = "VMESS WS NOTLS";
listen = "0.0.0.0";
port = 8080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "ws";
wsSettings = {
path = "/";
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port 8080 ];
}

31
servers/kotori/hardware-configuration.nix
View file

@ -1,31 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "kotori";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "82.117.84.90";
prefixLength = 32;
}];
routes = [{
address = "10.0.0.1";
prefixLength = 32;
}];
};
};
defaultGateway = "10.0.0.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

11
servers/kotori/hysteria.nix
View file

@ -1,11 +0,0 @@
# { config, pkgs, secret, ... }:
# {
# # services.hysteria = {
# # enable = true;
# # server = {
# # enable = true;
# # openFirewall = true;
# # };
# # };
# }

37
servers/kotori/main.nix
View file

@ -1,37 +0,0 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
# ./hysteria.nix
];
environment.systemPackages = with pkgs; [
hysteria
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "kotori.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "kotori.project-a.space";
xray = import ../common/xray.nix {
server-domain = "kotori.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

57
servers/mio/main.nix
View file

@ -9,7 +9,58 @@
environment.systemPackages = with pkgs; [
pkgs-unstable.sing-box
];
marzban = {
env = {
UVICORN_HOST = "mio.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "mio.project-a.space";
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
];
};
inbounds = [
{
port = 8443;
tag = "Mr Penis Network";
protocol = "shadowsocks";
settings = {
method = "aes-128-gcm";
password = "sosal?";
network = "tcp,udp";
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port 8443 ];
services.yggdrasil.persistentKeys = true;
networking.firewall.allowedTCPPorts = [ 443 ];
}
}

2
servers/mio/nginx.nix
View file

@ -10,7 +10,7 @@
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
default marzban;
}
upstream marzban {

35
servers/reine/jellyfin.nix
View file

@ -6,10 +6,33 @@
openFirewall = true;
};
# services.jellyseerr = {
# enable = true;
# port = 5055;
# openFirewall = true;
# package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date
# };
hardware.graphics.enable = true;
hardware.graphics.extraPackages = with pkgs; [
libva
libvdpau
libva-vdpau-driver
libvdpau-va-gl
vaapiVdpau
mesa
libva-utils
vdpauinfo
];
environment.systemPackages = with pkgs; [
nvtopPackages.amd
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "radeonsi";
environment.sessionVariables = { LIBVA_DRIVER_NAME = "radeonsi"; };
users.users = {
jellyfin = {
isNormalUser = false;
description = "Jellyfin";
extraGroups = [ "render" "video" ];
};
};
}

5
servers/reine/main.nix
View file

@ -8,6 +8,7 @@
./qbittorrent.nix
./firewall.nix
./n8n.nix
./syncthing.nix
];
networking.hostName = "reine";
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
@ -35,8 +36,8 @@
revision = secret.affine.revision;
};
networking.firewall.allowedTCPPorts = [ 4001 ];
networking.firewall.allowedUDPPorts = [ 4001 ];
networking.firewall.allowedTCPPorts = [ 4001 8384 ];
networking.firewall.allowedUDPPorts = [ 4001 8384 ];
nixpkgs.config.allowUnfree = true;
}

24
servers/reine/nginx.nix
View file

@ -27,7 +27,29 @@
"cinema.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
locations."/" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
};
};
"dnd.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:7070";
proxyWebsockets = true;
};
};
"sd.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.0.2:7860";
proxyWebsockets = true;
};
};
};
};

28
servers/reine/syncthing.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }:
{
services = {
syncthing = {
enable = true;
group = "root";
user = "root";
dataDir = "/root/Documents";
configDir = "/root/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
guiAddress = "0.0.0.0:8384";
settings = {
devices = {
"guk" = { id = "AIM3KDW-FGUUPPN-NCQUJTL-ZG6QUN7-JRXFAMF-Q2JVBT7-BMTWL2R-BNHWWAW"; };
"aqore" = { id = "EN6MNT4-Y5WV2RG-L36OHCH-DJCXPKA-KAV4RZS-GP4OZNQ-OPBZ5XJ-QUFJCA7"; };
};
folders = {
"alteya-music" = {
path = "/home/jellyfin/Music/Alteya";
devices = [ "guk" "aqore" ];
};
};
};
};
};
}

9
servers/wise/hardware-configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/mapper/hk-root"; fsType = "ext4"; };
swapDevices = [ { device = "/dev/dm-0"; } ];
}

156
servers/wise/main.nix Normal file
View file

@ -0,0 +1,156 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
];
networking.hostName = "wise";
system.stateVersion = "25.05";
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "wise.project-a.space";
UVICORN_PORT = 1488;
SUDO_USERNAME = "wise-admin";
SUDO_PASSWORD = "ZgUrEmg3m#U5t+ryhbac";
DOCS = true;
};
cert = true;
domain = "wise.project-a.space";
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = 443;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = "vk.com:443";
xver = 0;
serverNames = [
"*.vk.com"
"*.vk.ru"
"*.userapi.com"
"*.vk-portal.net"
"*.yandex.net"
"*.yandex.ru"
"*.mail.ru"
"*.ozone.ru"
"*.ozon.ru"
"*.wildberries.ru"
"*.tbank.ru"
"*.alfabank.ru"
"*.sberbank.ru"
"*.2gis.ru"
"*.kinopoisk.ru"
"*.rutube.ru"
"*.mts.ru"
"*.beeline.ru"
"*.t2.ru"
"*.megafon.ru"
"*.mindbox.ru"
"*.yandexcloud.net"
"*.max.ru"
"dzen.ru"
"ok.ru"
"servicepipe.ru"
"nspk.ru"
"statad.ru"
"get4click.ru"
"tns-counter.ru"
"cdn.uxfeedback.ru"
"speller.yandex.net"
"widgets.cbonds.ru"
"www.magnit.com"
"vk.com"
"vk.ru"
"userapi.com"
"vk-portal.net"
"yandex.net"
"yandex.ru"
"mail.ru"
"ozone.ru"
"ozon.ru"
"wildberries.ru"
"tbank.ru"
"alfabank.ru"
"sberbank.ru"
"2gis.ru"
"kinopoisk.ru"
"rutube.ru"
"mts.ru"
"beeline.ru"
"t2.ru"
"megafon.ru"
"mindbox.ru"
"yandexcloud.net"
"cloudflare.com"
"max.ru"
];
privateKey = "uMLrAwrkba7AZ040JWwgX3lsCJFWAICW9diA5OIyOiI";
shortIds = [
"12f1c52fdfb49461"
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
port = 8443;
tag = "Mr Penis Network";
protocol = "shadowsocks";
settings = {
method = "aes-128-gcm";
password = "sosal?";
network = "tcp,udp";
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ 1488 443 8443 ];
}

5
servers/kotori/nginx.nix → servers/wise/nginx.nix
View file

@ -10,7 +10,6 @@
streamConfig = ''
map $ssl_preread_server_name $name {
nya.project-a.space hysteria;
default marzban;
}
@ -18,10 +17,6 @@
server 127.0.0.1:1080;
}
upstream hysteria {
server 127.0.0.1:445;
}
server {
listen 0.0.0.0:443;
proxy_pass $name;