temporary chaos
This commit is contained in:
emptyynes
parent
3032768cc9
commit
8e31bd6c02
27 changed files with 490 additions and 106 deletions
27
servers/kristine/hardware-configuration.nix
Normal file
27
servers/kristine/hardware-configuration.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
|
||||
|
||||
networking = {
|
||||
hostName = "kristine";
|
||||
interfaces.ens3 = {
|
||||
useDHCP = false;
|
||||
ipv4 = {
|
||||
addresses = [{
|
||||
address = "147.45.49.65";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
};
|
||||
defaultGateway = "147.45.49.1";
|
||||
nameservers = ["1.1.1.1"];
|
||||
};
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
system.stateVersion = "25.05";
|
||||
}
|
||||
34
servers/kristine/main.nix
Normal file
34
servers/kristine/main.nix
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
{ config, pkgs, secret, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [];
|
||||
|
||||
services.yggdrasil.persistentKeys = true;
|
||||
marzban = {
|
||||
env = {
|
||||
UVICORN_HOST = "kristine.project-a.space";
|
||||
UVICORN_PORT = secret.marzban.port;
|
||||
SUDO_USERNAME = secret.marzban.sudo-username;
|
||||
SUDO_PASSWORD = secret.marzban.sudo-password;
|
||||
DOCS = true;
|
||||
};
|
||||
cert = true;
|
||||
domain = "kristine.project-a.space";
|
||||
xray = import ../common/xray.nix {
|
||||
server-domain = "kristine.project-a.space";
|
||||
port = secret.marzban.vless-port;
|
||||
dest = secret.marzban.dest;
|
||||
privateKey = secret.marzban.privateKey;
|
||||
shortId = secret.marzban.shortId;
|
||||
spiderX = secret.marzban.spiderX;
|
||||
sni = secret.marzban.sni;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
|
||||
}
|
||||
30
servers/kristine/nginx.nix
Normal file
30
servers/kristine/nginx.nix
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
security.acme.defaults.email = "project-a@project-a.space";
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
defaultSSLListenPort = 444;
|
||||
|
||||
streamConfig = ''
|
||||
map $ssl_preread_server_name $name {
|
||||
default marzban;
|
||||
}
|
||||
|
||||
upstream marzban {
|
||||
server 127.0.0.1:1080;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:443;
|
||||
proxy_pass $name;
|
||||
ssl_preread on;
|
||||
|
||||
proxy_connect_timeout 5s;
|
||||
proxy_timeout 60s;
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue