Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

temporary chaos

Browse source
This commit is contained in:
emptyynes 2025-10-19 11:14:51 +07:00
parent 3032768cc9
commit 8e31bd6c02
27 changed files with 490 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

6
servers/artemisia/main.nix
View file

@ -33,5 +33,9 @@
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port ];
environment.systemPackages = with pkgs; [
temurin-jre-bin-24
];
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ];
}

6
servers/artemisia/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -36,9 +36,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

4
servers/common/ssh.nix
View file

@ -6,7 +6,7 @@
ports = [ 1004 ];
settings = {
AllowGroups = [ "remote" ];
PasswordAuthentication = false;
PasswordAuthentication = true;
};
};
}
}

5
servers/common/xray.nix
View file

@ -33,11 +33,8 @@
show = false;
dest = dest;
xver = 0;
serverNames = [
sni
];
serverNames = sni;
privateKey = privateKey;
SpiderX = spiderX;
shortIds = [
shortId
];

4
servers/ivan/nginx.nix
View file

@ -19,9 +19,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

4
servers/vanessa/hardware-configuration.nix → servers/kotori/hardware-configuration.nix
View file

@ -7,12 +7,12 @@
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "vanessa";
hostName = "kotori";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "138.124.112.127";
address = "82.117.84.90";
prefixLength = 32;
}];
routes = [{

11
servers/kotori/hysteria.nix Normal file
View file

@ -0,0 +1,11 @@
# { config, pkgs, secret, ... }:
# {
# # services.hysteria = {
# # enable = true;
# # server = {
# # enable = true;
# # openFirewall = true;
# # };
# # };
# }

37
servers/kotori/main.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
# ./hysteria.nix
];
environment.systemPackages = with pkgs; [
hysteria
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "kotori.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "kotori.project-a.space";
xray = import ../common/xray.nix {
server-domain = "kotori.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

35
servers/kotori/nginx.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
defaultSSLListenPort = 444;
streamConfig = ''
map $ssl_preread_server_name $name {
nya.project-a.space hysteria;
default marzban;
}
upstream marzban {
server 127.0.0.1:1080;
}
upstream hysteria {
server 127.0.0.1:445;
}
server {
listen 0.0.0.0:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};
}

27
servers/kristine/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "kristine";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "147.45.49.65";
prefixLength = 24;
}];
};
};
defaultGateway = "147.45.49.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

8
servers/vanessa/main.nix → servers/kristine/main.nix
View file

@ -5,20 +5,22 @@
./hardware-configuration.nix
./nginx.nix
];
environment.systemPackages = with pkgs; [];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "vanessa.project-a.space";
UVICORN_HOST = "kristine.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "vanessa.project-a.space";
domain = "kristine.project-a.space";
xray = import ../common/xray.nix {
server-domain = "vanessa.project-a.space";
server-domain = "kristine.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;

8
servers/vanessa/nginx.nix → servers/kristine/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -10,7 +10,7 @@
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
default marzban;
}
upstream marzban {
@ -19,9 +19,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

27
servers/mio/hardware-configuration.nix
View file

@ -1,8 +1,31 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "mio";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "62.60.177.69";
prefixLength = 32;
}];
routes = [{
address = "10.0.0.1";
prefixLength = 32;
}];
};
};
defaultGateway = "10.0.0.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

47
servers/mio/main.nix
View file

@ -1,50 +1,15 @@
{ config, pkgs, secret, ... }:
{ config, pkgs, pkgs-unstable, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
];
networking = {
hostName = "mio";
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [{
address = "66.78.40.227";
prefixLength = 24;
}];
};
defaultGateway = "66.78.40.1";
nameservers = ["1.1.1.1"];
};
environment.systemPackages = with pkgs; [
pkgs-unstable.sing-box
];
services.openssh.enable = true;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "mio.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "mio.project-a.space";
xray = import ../common/xray.nix {
server-domain = "mio.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
networking.firewall.allowedTCPPorts = [ 443 ];
}

12
servers/mio/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -10,11 +10,7 @@
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
}
upstream git {
server 127.0.0.1:444;
default marzban;
}
upstream marzban {
@ -23,9 +19,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

2
servers/reine/firewall.nix
View file

@ -2,4 +2,4 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
}
}

18
servers/reine/jellyfin.nix
View file

@ -1,17 +1,15 @@
{config, pkgs, pkgs-unstable, ...}:
{ config, pkgs, pkgs-unstable, ... }:
{
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.jellyseerr = {
enable = true;
port = 5055;
openFirewall = true;
package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date
};
}
# services.jellyseerr = {
# enable = true;
# port = 5055;
# openFirewall = true;
# package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date
# };
}

22
servers/reine/main.nix
View file

@ -1,11 +1,13 @@
{ config, pkgs, secret, ... }:
{ config, pkgs, pkgs-projecta, secret, ... }:
{
imports = [
./hardware-configuration.nix
./jellyfin.nix
./nginx.nix
./qbittorrent.nix
./firewall.nix
./n8n.nix
];
networking.hostName = "reine";
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
@ -19,6 +21,22 @@
hardware.graphics.enable32Bit = true;
hardware.amdgpu.overdrive.enable = true;
hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
environment.systemPackages = with pkgs; [ clinfo mesa.opencl ];
time.timeZone = "Asia/Novosibirsk";
environment.systemPackages = with pkgs; [
clinfo
mesa.opencl
temurin-jre-bin-24
];
system.stateVersion = "25.05";
services.affine = {
enable = true;
env = secret.affine.env;
revision = secret.affine.revision;
};
networking.firewall.allowedTCPPorts = [ 4001 ];
networking.firewall.allowedUDPPorts = [ 4001 ];
nixpkgs.config.allowUnfree = true;
}

108
servers/reine/n8n.nix Normal file
View file

@ -0,0 +1,108 @@
{ pkgs, lib, ... }:
{
services.n8n = {
enable = true;
openFirewall = true;
webhookUrl = "https://n8n.project-a.space/";
settings.port = 3030;
};
systemd.services.n8n.environment.GENERIC_TIMEZONE = "Asia/Novosibirsk";
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers."mongodb" = {
image = "mongo:latest";
environment = {
"MONGO_INITDB_ROOT_PASSWORD" = "maria";
"MONGO_INITDB_ROOT_USERNAME" = "admin";
};
volumes = [ "/var/lib/n8n_mongodb_data:/data/db:rw" ];
ports = [
"27017:27017/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=mongodb"
"--network=n8n_default"
];
};
systemd.services."docker-mongodb" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [ "docker-network-n8n_default.service" ];
requires = [ "docker-network-n8n_default.service" ];
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
virtualisation.oci-containers.containers."redis" = {
image = "redis:latest";
volumes = [ "n8n_redis_data:/data:rw" ];
ports = [ "6379:6379/tcp" ];
cmd = [ "redis-server" "--requirepass" "maria" ];
log-driver = "journald";
extraOptions = [
"--network-alias=redis"
"--network=n8n_default"
];
};
systemd.services."docker-redis" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-n8n_default.service"
"docker-volume-n8n_redis_data.service"
];
requires = [
"docker-network-n8n_default.service"
"docker-volume-n8n_redis_data.service"
];
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
systemd.services."docker-network-n8n_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f n8n_default";
};
script = ''
docker network inspect n8n_default || docker network create n8n_default
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
systemd.services."docker-volume-n8n_redis_data" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect n8n_redis_data || docker volume create n8n_redis_data
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
systemd.targets."docker-compose-n8n-root" = {
unitConfig.Description = "Root target generated by compose2nix.";
wantedBy = [ "multi-user.target" ];
};
}

15
servers/reine/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -12,12 +12,23 @@
virtualHosts = {
"affine.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:3010";
};
"n8n.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3010";
proxyPass = "http://localhost:5678";
proxyWebsockets = true;
};
};
"cinema.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
};
};
};
}

22
servers/reine/qbittorrent.nix Normal file
View file

@ -0,0 +1,22 @@
{ secret, pkgs-unstable, ... }:
{
# services.qbittorrent = {
# enable = true;
# package = pkgs-unstable.qbittorrent;
# openFirewall = true;
# webuiPort = 7777;
# user = "in5ar";
# group = "users";
# serverConfig = {
# LegalNotice.Accepted = true;
# Preferences = {
# WebUI = {
# Username = "in5ar";
# Password_PBKDF2 = secret.qbt-password;
# };
# General.Locale = "en";
# };
# };
# };
}