Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

shitcoding moment

Browse source
This commit is contained in:
AlmiriQ 2025-12-01 13:47:27 +07:00
parent 8e31bd6c02
commit 58475e433e
28 changed files with 703 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

16
desktops/aqore-nix/bootloader.nix
View file

@ -2,25 +2,13 @@
{ {
boot = { boot = {
supportedFilesystems = [ "bcachefs" ];
initrd.kernelModules = [ "amdgpu" ]; initrd.kernelModules = [ "amdgpu" ];
loader = { loader = {
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
enable = true;
device = "nodev";
efiSupport = true;
configurationLimit = 8;
gfxmodeEfi = "1920x1080";
forceInstall = true;
extraEntries = ''
menuentry "UEFI Firmware Setup" {
fwsetup
}
'';
}; };
}; };
loader.systemd-boot.enable = true;
}; };
} }

1
desktops/aqore-nix/hardware/deco01-v3-driver.nix
View file

@ -5,7 +5,6 @@
libusb1, libusb1,
glibc, glibc,
libGL, libGL,
xorg,
makeWrapper, makeWrapper,
qtx11extras, qtx11extras,
wrapQtAppsHook, wrapQtAppsHook,

43
desktops/aqore-nix/hardware/graphics.nix
View file

@ -1,23 +1,40 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
hardware.graphics.enable = true; hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true; hardware.graphics.enable32Bit = true;
hardware.amdgpu.opencl.enable = true; hardware.amdgpu.opencl.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.graphics.extraPackages = with pkgs; [
rocmPackages.clr.icd
];
hardware.amdgpu.overdrive.enable = true; hardware.amdgpu.overdrive.enable = true;
hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff"; hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
environment.systemPackages = with pkgs; [ lact ]; programs.corectrl.enable = true;
systemd.packages = with pkgs; [ lact ];
systemd.services.lact.wantedBy = [ "multi-user.target" ]; environment.systemPackages = with pkgs.rocmPackages; [
systemd.services.lact.enable = true; rocblas
hipblas
clr
rocm-runtime
rocminfo
clr
hipcc
];
systemd.tmpfiles.rules =
let
rocmEnv = pkgs.symlinkJoin {
name = "rocm-combined";
paths = with pkgs.rocmPackages; [
rocblas
hipblas
clr
rocm-runtime
rocminfo
clr
hipcc
];
};
in [
"L+ /opt/rocm - - - - ${rocmEnv}"
];
} }

58
desktops/aqore-nix/hardware/hardware-configuration.nix
View file

@ -4,35 +4,45 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/a0aed18c-fc58-4285-96eb-7f169f79fd32"; { device = "UUID=997643ea-122d-447e-99a6-5409579bff71";
fsType = "btrfs"; fsType = "bcachefs";
options = [ "subvol=@" "compress=zstd" ]; };
};
fileSystems."/boot/efi" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/D950-5ABC"; { device = "/dev/disk/by-uuid/24F0-6DE2";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "/dev/disk/by-uuid/d2a83fff-f8db-4b53-ab01-40ccfaf0dc3e"; { device = "UUID=d2d6508b-3660-486a-b3bf-91c05dbedf2f";
fsType = "btrfs"; fsType = "bcachefs";
options = [ "compress=zstd" ]; };
};
swapDevices = [ ]; fileSystems."/mnt/ssd" =
{ device = "UUID=940782e8-eb09-4453-bbaf-5892564af55e";
fsType = "bcachefs";
};
networking.useDHCP = lib.mkDefault true; swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

7
desktops/aqore-nix/main.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { ... }:
{ {
imports = [ imports = [
@ -7,6 +7,7 @@
./packages.nix ./packages.nix
./services/ssh.nix ./services/ssh.nix
./services/sudo.nix ./services/sudo.nix
./services/syncthing.nix
./hardware/hardware-configuration.nix ./hardware/hardware-configuration.nix
./hardware/audio.nix ./hardware/audio.nix
./hardware/graphics.nix ./hardware/graphics.nix
@ -16,7 +17,9 @@
networking.hostName = "aqore-nix"; networking.hostName = "aqore-nix";
system.stateVersion = "25.05"; home-manager.backupFileExtension = "backup";
system.stateVersion = "25.11";
nix = { nix = {
settings = { settings = {

26
desktops/aqore-nix/packages.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, pkgs-unstable, ... }: { pkgs, pkgs-unstable, ... }:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -9,12 +9,13 @@
services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enable = true;
programs = { programs = {
amnezia-vpn.enable = true; nix-ld.enable = true;
appimage = { appimage = {
enable = true; enable = true;
binfmt = true; binfmt = true;
}; };
nekoray = { throne = {
enable = true; enable = true;
tunMode.enable = true; tunMode.enable = true;
}; };
@ -34,9 +35,6 @@
git.enable = true; git.enable = true;
}; };
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Internet # Internet
telegram-desktop telegram-desktop
@ -47,14 +45,12 @@
# media # media
gimp gimp
krita krita
jellyfin-media-player
vlc vlc
audacity
qpwgraph qpwgraph
kdePackages.kdenlive kdePackages.kdenlive
cava cava
# programming # programming
sublime4 pkgs-unstable.zed-editor
firebase-tools firebase-tools
bun bun
nodejs nodejs
@ -64,6 +60,7 @@
gnumake gnumake
cmake cmake
gcc gcc
nixd
# games # games
prismlauncher prismlauncher
vcmi vcmi
@ -83,19 +80,18 @@
# wine, wayland and other crutches # wine, wayland and other crutches
wineWowPackages.stable wineWowPackages.stable
wineWowPackages.waylandFull wineWowPackages.waylandFull
xwayland-satellite
pciutils pciutils
kdePackages.wallpaper-engine-plugin kdePackages.wallpaper-engine-plugin
kdePackages.qtwebengine (python3.withPackages (ps: with ps; [
kdePackages.xwaylandvideobridge websockets
(pkgs.libsForQt5.callPackage ./hardware/deco01-v3-driver.nix {}) (ps.torch.override { rocmSupport = true; })
(python3.withPackages (ps: with ps; [ websockets ])) ]))
]; ];
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-emoji noto-fonts-color-emoji
nerd-fonts.fira-code nerd-fonts.fira-code
]; ];
} }

36
desktops/aqore-nix/services/syncthing.nix Normal file
View file

@ -0,0 +1,36 @@
{ ... }:
{
services = {
syncthing = {
enable = true;
group = "users";
user = "in5ar";
dataDir = "/home/in5ar/Documents";
configDir = "/home/in5ar/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"likho" = { id = "FGFH7II-IX7RTPY-VNDJRDJ-CILUQMZ-W3KVCNW-MPWCNZD-RJI4O54-G5HSQAN"; };
"reine" = { id = "6IJXCEC-SYB7HYK-CP6SVB2-SQI55YX-IYHBDWM-TIP3F6S-4CSXT4O-72YTWA3"; };
"lucren" = { id = "SRWLK27-BQ65MC3-QKUHDV2-UMSF2XH-5GZSSVL-NLKXV7X-R6DPUZY-Y2GQFQR"; };
};
folders = {
"albzx-qw9rs" = {
path = "/mnt/ssd/replica/Models/";
devices = [ "likho" ];
};
"alteya-music" = {
path = "/home/in5ar/Alteya/Music/";
devices = [ "reine" ];
};
"persona5" = {
path = "/home/in5ar/P5R/archives/";
devices = [ "lucren" ];
};
};
};
};
};
}

12
desktops/aqore-nix/users.nix
View file

@ -1,23 +1,19 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
users.groups.remote = {}; users.groups.remote = {};
users.users = { users.users = {
almiriqi = { in5ar = {
isNormalUser = true; isNormalUser = true;
description = "Almiriq!Iwasaki"; description = "IN5-AR";
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
initialPassword = "iqirimla"; shell = pkgs.fish;
}; };
maria = { maria = {
isNormalUser = true; isNormalUser = true;
description = "Maria Arusu"; description = "Maria Arusu";
extraGroups = [ "wheel" "remote" ]; extraGroups = [ "wheel" "remote" ];
initialPassword = "airam";
};
root = {
initialPassword = "toor";
}; };
}; };
} }

12
desktops/users/almiriqi/home.nix → desktops/users/in5ar/home.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
home.stateVersion = "25.05"; home.stateVersion = "25.05";
home.username = "almiriqi"; home.username = "in5ar";
home.homeDirectory = "/home/almiriqi"; home.homeDirectory = "/home/in5ar";
home.packages = (import ./packages.nix) pkgs; home.packages = (import ./packages.nix) pkgs;
@ -14,7 +14,9 @@
programs.git = { programs.git = {
enable = true; enable = true;
userName = "AlmiriQ"; settings.user = {
userEmail = "al.quali.4ef@gmail.com"; email = "al.quali.4ef@gmail.com";
name = "AlmiriQ";
};
}; };
} }

0
desktops/users/almiriqi/packages.nix → desktops/users/in5ar/packages.nix
View file

29
flake.nix
View file

@ -2,7 +2,7 @@
description = "Project-A flake!"; description = "Project-A flake!";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs.url = "nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
secret.url = "git+ssh://forgejo@git.project-a.space/Project-A/project-secret.git"; secret.url = "git+ssh://forgejo@git.project-a.space/Project-A/project-secret.git";
@ -16,11 +16,7 @@
inputs.nixpkgs-unstable.follows = "nixpkgs-unstable"; inputs.nixpkgs-unstable.follows = "nixpkgs-unstable";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
winapps = {
url = "github:winapps-org/winapps";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@ -32,7 +28,6 @@
project-a-software, project-a-software,
deploy-rs, deploy-rs,
home-manager, home-manager,
winapps,
secret, secret,
... ...
}: let }: let
@ -56,14 +51,13 @@
artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.nixosModules.marzban ]; }; artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.nixosModules.marzban ]; };
reine = nixosServer { name = "reine"; modules = [ project-a-software.nixosModules.affine ]; }; reine = nixosServer { name = "reine"; modules = [ project-a-software.nixosModules.affine ]; };
ivan = nixosServer { name = "ivan"; modules = [ project-a-software.nixosModules.marzban ]; }; ivan = nixosServer { name = "ivan"; modules = [ project-a-software.nixosModules.marzban ]; };
kotori = nixosServer { name = "kotori"; modules = [ project-a-software.nixosModules.marzban ]; }; wise = nixosServer { name = "wise"; modules = [ project-a-software.nixosModules.marzban ]; };
mio = nixosServer { name = "mio"; modules = [ ]; }; mio = nixosServer { name = "mio"; modules = [ project-a-software.nixosModules.marzban ]; };
kristine = nixosServer { name = "kristine"; modules = [ project-a-software.nixosModules.marzban ]; }; kristine = nixosServer { name = "kristine"; modules = [ project-a-software.nixosModules.marzban ]; };
aqore-nix = nixpkgs.lib.nixosSystem { aqore-nix = nixpkgs.lib.nixosSystem {
system = linux64; system = linux64;
specialArgs = { specialArgs = {
inherit winapps;
pkgs-unstable = import nixpkgs-unstable { system = linux64; config.allowUnfree = true; }; pkgs-unstable = import nixpkgs-unstable { system = linux64; config.allowUnfree = true; };
}; };
modules = [ modules = [
@ -71,12 +65,10 @@
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.almiriqi = ./desktops/users/almiriqi/home.nix; home-manager.users.in5ar = ./desktops/users/in5ar/home.nix;
} }
({ pkgs, ... }: { ({ ... }: {
environment.systemPackages = [ environment.systemPackages = [
winapps.packages."${linux64}".winapps
winapps.packages."${linux64}".winapps-launcher
deploy-rs.packages."${linux64}".deploy-rs deploy-rs.packages."${linux64}".deploy-rs
]; ];
}) })
@ -105,7 +97,14 @@
sshOpts = [ "-p" "1004" ]; sshOpts = [ "-p" "1004" ];
}; };
ivan = serverNode "ivan"; ivan = serverNode "ivan";
kotori = serverNode "kotori"; wise = {
hostname = "${"wise"}.project-a.space";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${"wise"};
};
sshUser = "root";
};
mio = serverNode "mio"; mio = serverNode "mio";
kristine = serverNode "kristine"; kristine = serverNode "kristine";
}; };

19
servers/artemisia/hardware-configuration.nix
View file

@ -1,17 +1,8 @@
{ modulesPath, ... }: { modulesPath, ... }:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot = { boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
loader.grub.device = "/dev/vda"; boot.initrd.kernelModules = [ "nvme" ];
initrd = { fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
kernelModules = [ "nvme" ];
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
};
tmp.cleanOnBoot = true;
};
fileSystems."/" = { device = "/dev/mapper/debian12--vg-root"; fsType = "ext4"; };
swapDevices = [ { device = "/dev/dm-1"; } ];
} }

114
servers/artemisia/main.nix
View file

@ -22,14 +22,106 @@
}; };
cert = true; cert = true;
domain = "artemisia.project-a.space"; domain = "artemisia.project-a.space";
xray = import ../common/xray.nix { xray = {
server-domain = "artemisia.project-a.space"; log.loglevel = "warning";
port = secret.marzban.vless-port; dns = {
dest = secret.marzban.dest; servers = [ "1.1.1.1" ];
privateKey = secret.marzban.privateKey; queryStrategy = "UseIPv4";
shortId = secret.marzban.shortId; };
spiderX = secret.marzban.spiderX; routing = {
sni = secret.marzban.sni; rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = secret.marzban.vless-port;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = secret.marzban.dest;
xver = 0;
serverNames = secret.marzban.sni;
privateKey = secret.marzban.privateKey;
shortIds = [
secret.marzban.shortId
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
tag = "VMESS WS NOTLS";
listen = "0.0.0.0";
port = 8080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "ws";
wsSettings = {
path = "/";
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
{
protocol = "shadowsocks";
tag = "proxy";
settings = {
servers = [
{
address = "62.60.177.69";
port = 8443;
method = "aes-256-gcm";
password = "sosal?";
}
];
};
}
];
}; };
}; };
@ -37,5 +129,9 @@
temurin-jre-bin-24 temurin-jre-bin-24
]; ];
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ]; programs = {
nix-ld.enable = true;
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 8080 ];
} }

62
servers/common/xray.nix
View file

@ -17,34 +17,62 @@
}; };
inbounds = [ inbounds = [
{ {
tag = "VLESS TCP REALITY"; tag = "VMESS WS Header NoTLS";
listen = "0.0.0.0"; listen = "0.0.0.0";
port = port; port = 1080;
protocol = "vless"; protocol = "vmess";
settings = { settings = {
clients = []; clients = [];
decryption = "none"; decryption = "none";
}; };
streamSettings = { streamSettings = {
network = "tcp"; network = "ws";
tcpSettings = {}; wsSettings = {
security = "reality"; path = "/";
realitySettings = { headers = {
show = false; Host = "cloudflare.com";
dest = dest; };
xver = 0;
serverNames = sni;
privateKey = privateKey;
shortIds = [
shortId
];
}; };
security = "none";
}; };
sniffing = { sniffing = {
enabled = true; enabled = true;
destOverride = [ "http" "tls" "quic" ]; destOverride = [
"http"
"tls"
"quic"
];
}; };
} }
# {
# tag = "VLESS TCP REALITY";
# listen = "0.0.0.0";
# port = port;
# protocol = "vless";
# settings = {
# clients = [];
# decryption = "none";
# };
# streamSettings = {
# network = "tcp";
# tcpSettings = {};
# security = "reality";
# realitySettings = {
# show = false;
# dest = dest;
# xver = 0;
# serverNames = sni;
# privateKey = privateKey;
# shortIds = [
# shortId
# ];
# };
# };
# sniffing = {
# enabled = true;
# destOverride = [ "http" "tls" "quic" ];
# };
# }
]; ];
outbounds = [ outbounds = [
{ {

96
servers/ivan/main.nix
View file

@ -17,16 +17,94 @@
}; };
cert = true; cert = true;
domain = "ivan.project-a.space"; domain = "ivan.project-a.space";
xray = import ../common/xray.nix { xray = {
server-domain = "ivan.project-a.space"; log.loglevel = "warning";
port = secret.marzban.vless-port; dns = {
dest = secret.marzban.dest; servers = [ "1.1.1.1" ];
privateKey = secret.marzban.privateKey; queryStrategy = "UseIPv4";
shortId = secret.marzban.shortId; };
spiderX = secret.marzban.spiderX; routing = {
sni = secret.marzban.sni; rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = secret.marzban.vless-port;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = secret.marzban.dest;
xver = 0;
serverNames = secret.marzban.sni;
privateKey = secret.marzban.privateKey;
shortIds = [
secret.marzban.shortId
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
tag = "VMESS WS NOTLS";
listen = "0.0.0.0";
port = 8080;
protocol = "vmess";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "ws";
wsSettings = {
path = "/";
};
security = "none";
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
}; };
}; };
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ]; networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port 8080 ];
} }

31
servers/kotori/hardware-configuration.nix
View file

@ -1,31 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "kotori";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "82.117.84.90";
prefixLength = 32;
}];
routes = [{
address = "10.0.0.1";
prefixLength = 32;
}];
};
};
defaultGateway = "10.0.0.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

11
servers/kotori/hysteria.nix
View file

@ -1,11 +0,0 @@
# { config, pkgs, secret, ... }:
# {
# # services.hysteria = {
# # enable = true;
# # server = {
# # enable = true;
# # openFirewall = true;
# # };
# # };
# }

37
servers/kotori/main.nix
View file

@ -1,37 +0,0 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
# ./hysteria.nix
];
environment.systemPackages = with pkgs; [
hysteria
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "kotori.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "kotori.project-a.space";
xray = import ../common/xray.nix {
server-domain = "kotori.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

53
servers/mio/main.nix
View file

@ -10,6 +10,57 @@
pkgs-unstable.sing-box pkgs-unstable.sing-box
]; ];
marzban = {
env = {
UVICORN_HOST = "mio.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "mio.project-a.space";
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
];
};
inbounds = [
{
port = 8443;
tag = "Mr Penis Network";
protocol = "shadowsocks";
settings = {
method = "aes-128-gcm";
password = "sosal?";
network = "tcp,udp";
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port 8443 ];
services.yggdrasil.persistentKeys = true; services.yggdrasil.persistentKeys = true;
networking.firewall.allowedTCPPorts = [ 443 ];
} }

2
servers/mio/nginx.nix
View file

@ -10,7 +10,7 @@
streamConfig = '' streamConfig = ''
map $ssl_preread_server_name $name { map $ssl_preread_server_name $name {
default marzban; default marzban;
} }
upstream marzban { upstream marzban {

35
servers/reine/jellyfin.nix
View file

@ -6,10 +6,33 @@
openFirewall = true; openFirewall = true;
}; };
# services.jellyseerr = { hardware.graphics.enable = true;
# enable = true;
# port = 5055; hardware.graphics.extraPackages = with pkgs; [
# openFirewall = true; libva
# package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date libvdpau
# }; libva-vdpau-driver
libvdpau-va-gl
vaapiVdpau
mesa
libva-utils
vdpauinfo
];
environment.systemPackages = with pkgs; [
nvtopPackages.amd
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "radeonsi";
environment.sessionVariables = { LIBVA_DRIVER_NAME = "radeonsi"; };
users.users = {
jellyfin = {
isNormalUser = false;
description = "Jellyfin";
extraGroups = [ "render" "video" ];
};
};
} }

5
servers/reine/main.nix
View file

@ -8,6 +8,7 @@
./qbittorrent.nix ./qbittorrent.nix
./firewall.nix ./firewall.nix
./n8n.nix ./n8n.nix
./syncthing.nix
]; ];
networking.hostName = "reine"; networking.hostName = "reine";
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey; services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
@ -35,8 +36,8 @@
revision = secret.affine.revision; revision = secret.affine.revision;
}; };
networking.firewall.allowedTCPPorts = [ 4001 ]; networking.firewall.allowedTCPPorts = [ 4001 8384 ];
networking.firewall.allowedUDPPorts = [ 4001 ]; networking.firewall.allowedUDPPorts = [ 4001 8384 ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
} }

24
servers/reine/nginx.nix
View file

@ -27,7 +27,29 @@
"cinema.project-a.space" = { "cinema.project-a.space" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
locations."/" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
};
};
"dnd.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:7070";
proxyWebsockets = true;
};
};
"sd.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.0.2:7860";
proxyWebsockets = true;
};
}; };
}; };
}; };

28
servers/reine/syncthing.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }:
{
services = {
syncthing = {
enable = true;
group = "root";
user = "root";
dataDir = "/root/Documents";
configDir = "/root/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
guiAddress = "0.0.0.0:8384";
settings = {
devices = {
"guk" = { id = "AIM3KDW-FGUUPPN-NCQUJTL-ZG6QUN7-JRXFAMF-Q2JVBT7-BMTWL2R-BNHWWAW"; };
"aqore" = { id = "EN6MNT4-Y5WV2RG-L36OHCH-DJCXPKA-KAV4RZS-GP4OZNQ-OPBZ5XJ-QUFJCA7"; };
};
folders = {
"alteya-music" = {
path = "/home/jellyfin/Music/Alteya";
devices = [ "guk" "aqore" ];
};
};
};
};
};
}

9
servers/wise/hardware-configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/mapper/hk-root"; fsType = "ext4"; };
swapDevices = [ { device = "/dev/dm-0"; } ];
}

156
servers/wise/main.nix Normal file
View file

@ -0,0 +1,156 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
];
networking.hostName = "wise";
system.stateVersion = "25.05";
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "wise.project-a.space";
UVICORN_PORT = 1488;
SUDO_USERNAME = "wise-admin";
SUDO_PASSWORD = "ZgUrEmg3m#U5t+ryhbac";
DOCS = true;
};
cert = true;
domain = "wise.project-a.space";
xray = {
log.loglevel = "warning";
dns = {
servers = [ "1.1.1.1" ];
queryStrategy = "UseIPv4";
};
routing = {
rules = [
{
ip = [ "geoip:private" ];
outboundTag = "BLOCK";
type = "field";
}
{
user = ["sayhex"];
outboundTag = "proxy";
type = "field";
}
];
};
inbounds = [
{
tag = "VLESS TCP REALITY";
listen = "0.0.0.0";
port = 443;
protocol = "vless";
settings = {
clients = [];
decryption = "none";
};
streamSettings = {
network = "tcp";
tcpSettings = {};
security = "reality";
realitySettings = {
show = false;
dest = "vk.com:443";
xver = 0;
serverNames = [
"*.vk.com"
"*.vk.ru"
"*.userapi.com"
"*.vk-portal.net"
"*.yandex.net"
"*.yandex.ru"
"*.mail.ru"
"*.ozone.ru"
"*.ozon.ru"
"*.wildberries.ru"
"*.tbank.ru"
"*.alfabank.ru"
"*.sberbank.ru"
"*.2gis.ru"
"*.kinopoisk.ru"
"*.rutube.ru"
"*.mts.ru"
"*.beeline.ru"
"*.t2.ru"
"*.megafon.ru"
"*.mindbox.ru"
"*.yandexcloud.net"
"*.max.ru"
"dzen.ru"
"ok.ru"
"servicepipe.ru"
"nspk.ru"
"statad.ru"
"get4click.ru"
"tns-counter.ru"
"cdn.uxfeedback.ru"
"speller.yandex.net"
"widgets.cbonds.ru"
"www.magnit.com"
"vk.com"
"vk.ru"
"userapi.com"
"vk-portal.net"
"yandex.net"
"yandex.ru"
"mail.ru"
"ozone.ru"
"ozon.ru"
"wildberries.ru"
"tbank.ru"
"alfabank.ru"
"sberbank.ru"
"2gis.ru"
"kinopoisk.ru"
"rutube.ru"
"mts.ru"
"beeline.ru"
"t2.ru"
"megafon.ru"
"mindbox.ru"
"yandexcloud.net"
"cloudflare.com"
"max.ru"
];
privateKey = "uMLrAwrkba7AZ040JWwgX3lsCJFWAICW9diA5OIyOiI";
shortIds = [
"12f1c52fdfb49461"
];
};
};
sniffing = {
enabled = true;
destOverride = [ "http" "tls" "quic" ];
};
}
{
port = 8443;
tag = "Mr Penis Network";
protocol = "shadowsocks";
settings = {
method = "aes-128-gcm";
password = "sosal?";
network = "tcp,udp";
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "DIRECT";
}
{
protocol = "blackhole";
tag = "BLOCK";
}
];
};
};
networking.firewall.allowedTCPPorts = [ 1488 443 8443 ];
}

5
servers/kotori/nginx.nix → servers/wise/nginx.nix
View file

@ -10,7 +10,6 @@
streamConfig = '' streamConfig = ''
map $ssl_preread_server_name $name { map $ssl_preread_server_name $name {
nya.project-a.space hysteria;
default marzban; default marzban;
} }
@ -18,10 +17,6 @@
server 127.0.0.1:1080; server 127.0.0.1:1080;
} }
upstream hysteria {
server 127.0.0.1:445;
}
server { server {
listen 0.0.0.0:443; listen 0.0.0.0:443;
proxy_pass $name; proxy_pass $name;