Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Project-A:7e2f7a341acab90c6060aa4ec1e3f229ff722f2b
Branches Tags
Project-A:master
...
compare: Project-A:8e31bd6c02c81b38e762762f6977404775151856
Branches Tags
Project-A:master

3 commits
7e2f7a341a ... 8e31bd6c02

Author SHA1 Message Date
emptyynes
8e31bd6c02 temporary chaos 2025-10-19 11:14:51 +07:00
emptyynes
3032768cc9 added ivan 2025-09-24 17:51:19 +07:00
emptyynes
841dbc5bfc added nix optimizations 2025-09-24 17:05:50 +07:00
30 changed files with 579 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

1
debug.sh
View file

@ -1 +0,0 @@
nix repl --extra-experimental-features 'flakes' .

9
desktops/aqore-nix/bootloader.nix
View file

@ -22,14 +22,5 @@
'';
};
};
binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
magicOrExtension = ''\x7fELF....AI\x02'';
};
};
}

9
desktops/aqore-nix/packages.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, emptypkgs, ... }:
{ config, pkgs, pkgs-unstable, ... }:
{
nixpkgs.config.allowUnfree = true;
@ -10,6 +10,10 @@
programs = {
amnezia-vpn.enable = true;
appimage = {
enable = true;
binfmt = true;
};
nekoray = {
enable = true;
tunMode.enable = true;
@ -22,9 +26,7 @@
};
firefox = {
enable = true;
preferencesStatus = "user";
};
chromium.enable = true;
fish.enable = true;
screen.enable = true;
bat.enable = true;
@ -41,6 +43,7 @@
qbittorrent
nicotine-plus
mumble
chromium
# media
gimp
krita

68
docker-compose.yml Normal file
View file

@ -0,0 +1,68 @@
name: mythictable
version: '3.8'
services:
mythictable-backend:
build:
context: .
dockerfile: server/src/MythicTable/Dockerfile
ports:
- "5000:80"
environment:
- NODE_ENV=development
- MTT_AUTH_SERVICE_URL=http://keycloak:80
- MTT_MONGODB_CONNECTIONSTRING=mongodb://admin:abc123!@mongodb:28017
- MTT_MONGODB_DATABASENAME=mythictable
- MTT_REDIS_CONN_STRING=redis://redis:6479
depends_on:
- mongodb
- redis
- keycloak
mythictable-frontend:
build:
context: .
dockerfile: html/Dockerfile
ports:
- "3000:3000"
environment:
- NODE_ENV=development
depends_on:
- mythictable-backend
keycloak:
build:
context: ./mythic-key
dockerfile: Dockerfile
ports:
- "5002:80"
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
depends_on:
- mongodb
mongodb:
image: mongo:latest
ports:
- "28017:27017"
- "28018:27018"
- "28019:27019"
volumes:
- mongodb_data:/data/db
environment:
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=abc123!
command: ["--auth"]
redis:
image: redis:latest
ports:
- "6479:6379"
volumes:
- redis_data:/data
volumes:
mongodb_data:
redis_data:

79
flake.nix
View file

@ -5,8 +5,16 @@
nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
secret.url = "git+ssh://forgejo@git.project-a.space/Project-A/project-secret.git";
project-a-software.url = "git+ssh://forgejo@git.project-a.space/Project-A/project-software.git";
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
project-a-software = {
url = "git+ssh://forgejo@git.project-a.space/Project-A/project-software.git";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-unstable.follows = "nixpkgs-unstable";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
@ -22,6 +30,7 @@
nixpkgs,
nixpkgs-unstable,
project-a-software,
deploy-rs,
home-manager,
winapps,
secret,
@ -31,9 +40,12 @@
nixosServer = { name, system ? linux64, modules ? [] }:
nixpkgs.lib.nixosSystem {
system = system;
specialArgs.pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
specialArgs.secret = secret.${name};
specialArgs.common-secret = secret.common;
specialArgs = {
pkgs-unstable = import nixpkgs-unstable { system = linux64; config.allowUnfree = true; };
pkgs-projecta = project-a-software.packages.${system};
secret = secret.${name};
common-secret = secret.common;
};
modules = [
./servers/common/main.nix
./servers/${name}/main.nix
@ -41,16 +53,18 @@
};
in {
nixosConfigurations = {
artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.marzban ]; };
reine = nixosServer { name = "reine"; modules = [ project-a-software.affine ]; };
mio = nixosServer { name = "mio"; modules = [ project-a-software.marzban ]; };
vanessa = nixosServer { name = "vanessa"; modules = [ project-a-software.marzban ]; };
artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.nixosModules.marzban ]; };
reine = nixosServer { name = "reine"; modules = [ project-a-software.nixosModules.affine ]; };
ivan = nixosServer { name = "ivan"; modules = [ project-a-software.nixosModules.marzban ]; };
kotori = nixosServer { name = "kotori"; modules = [ project-a-software.nixosModules.marzban ]; };
mio = nixosServer { name = "mio"; modules = [ ]; };
kristine = nixosServer { name = "kristine"; modules = [ project-a-software.nixosModules.marzban ]; };
aqore-nix = nixpkgs.lib.nixosSystem {
system = linux64;
specialArgs = {
inherit winapps;
pkgs-unstable = nixpkgs-unstable.legacyPackages.${linux64};
pkgs-unstable = import nixpkgs-unstable { system = linux64; config.allowUnfree = true; };
};
modules = [
./desktops/aqore-nix/main.nix
@ -63,10 +77,57 @@
environment.systemPackages = [
winapps.packages."${linux64}".winapps
winapps.packages."${linux64}".winapps-launcher
deploy-rs.packages."${linux64}".deploy-rs
];
})
];
};
};
deploy.nodes = let serverNode = name: {
hostname = "${name}.project-a.space";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${name};
};
sshUser = "in5ar";
sshOpts = [ "-p" "1004" ];
};
in {
artemisia = serverNode "artemisia";
reine = {
hostname = "192.168.0.3";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.reine;
};
sshUser = "in5ar";
sshOpts = [ "-p" "1004" ];
};
ivan = serverNode "ivan";
kotori = serverNode "kotori";
mio = serverNode "mio";
kristine = serverNode "kristine";
};
devShells = nixpkgs.lib.genAttrs [ "x86_64-linux" ] (system: {
default = let
pkgs = nixpkgs.legacyPackages.${system};
prompt = ''function fish_prompt; set_color red; echo -n "Project-A/debug> "; set_color normal; end'';
inspect = ''function inspect; nix repl .; end;'';
inspect-nixpkgs = ''function inspect-nixpkgs; nix repl nixpkgs; end;'';
included-functions = "${inspect} ${inspect-nixpkgs}";
in pkgs.mkShell {
buildInputs = [];
shellHook = ''
printf "Welcome to the \033[1;31mProject-A\033[0m dev shell!\n"
if [ -z "$FISH_VERSION" ] && [ -x "${pkgs.fish}/bin/fish" ]; then
exec ${pkgs.fish}/bin/fish --init-command '${prompt}; ${included-functions}'
fi
'';
};
}
);
};
}

1
secret.nix
View file

@ -37,6 +37,7 @@ in {
reine = {
yggdrasil.PrivateKey = mkOption { type = str; default = ""; };
affine = affine-config;
qbt-password = mkOption { type = str; default = ""; };
};
common = {
yggdrasil = {

6
servers/artemisia/main.nix
View file

@ -33,5 +33,9 @@
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port ];
environment.systemPackages = with pkgs; [
temurin-jre-bin-24
];
networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ];
}

8
servers/artemisia/nginx.nix
View file

@ -1,11 +1,13 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
defaultSSLListenPort = 444;
virtualHosts = {
@ -34,9 +36,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

17
servers/common/main.nix
View file

@ -11,6 +11,19 @@
];
programs.fish.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "root" "@wheel" ];
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "root" "@wheel" ];
auto-optimise-store = true;
};
optimise = {
automatic = true;
dates = [ "weekly" ];
};
gc = {
automatic = true;
dates = "weekly";
};
};
}

4
servers/common/ssh.nix
View file

@ -6,7 +6,7 @@
ports = [ 1004 ];
settings = {
AllowGroups = [ "remote" ];
PasswordAuthentication = false;
PasswordAuthentication = true;
};
};
}
}

5
servers/common/xray.nix
View file

@ -33,11 +33,8 @@
show = false;
dest = dest;
xver = 0;
serverNames = [
sni
];
serverNames = sni;
privateKey = privateKey;
SpiderX = spiderX;
shortIds = [
shortId
];

14
servers/ivan/hardware-configuration.nix Normal file
View file

@ -0,0 +1,14 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
networking.hostName = "ivan";
system.stateVersion = "25.05";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg2GEI2xcR0E1LzJWDvF5eHNt93TcYy7W/qEI3XoVWr almiriqi@aqore-nix'' ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
}

6
servers/vanessa/main.nix → servers/ivan/main.nix
View file

@ -9,16 +9,16 @@
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "vanessa.project-a.space";
UVICORN_HOST = "ivan.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "vanessa.project-a.space";
domain = "ivan.project-a.space";
xray = import ../common/xray.nix {
server-domain = "vanessa.project-a.space";
server-domain = "ivan.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;

6
servers/vanessa/nginx.nix → servers/ivan/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -19,9 +19,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

4
servers/vanessa/hardware-configuration.nix → servers/kotori/hardware-configuration.nix
View file

@ -7,12 +7,12 @@
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "vanessa";
hostName = "kotori";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "138.124.112.127";
address = "82.117.84.90";
prefixLength = 32;
}];
routes = [{

11
servers/kotori/hysteria.nix Normal file
View file

@ -0,0 +1,11 @@
# { config, pkgs, secret, ... }:
# {
# # services.hysteria = {
# # enable = true;
# # server = {
# # enable = true;
# # openFirewall = true;
# # };
# # };
# }

37
servers/kotori/main.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
# ./hysteria.nix
];
environment.systemPackages = with pkgs; [
hysteria
];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "kotori.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "kotori.project-a.space";
xray = import ../common/xray.nix {
server-domain = "kotori.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

35
servers/kotori/nginx.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
defaultSSLListenPort = 444;
streamConfig = ''
map $ssl_preread_server_name $name {
nya.project-a.space hysteria;
default marzban;
}
upstream marzban {
server 127.0.0.1:1080;
}
upstream hysteria {
server 127.0.0.1:445;
}
server {
listen 0.0.0.0:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};
}

27
servers/kristine/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "kristine";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "147.45.49.65";
prefixLength = 24;
}];
};
};
defaultGateway = "147.45.49.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

34
servers/kristine/main.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, pkgs, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
];
environment.systemPackages = with pkgs; [];
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "kristine.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "kristine.project-a.space";
xray = import ../common/xray.nix {
server-domain = "kristine.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}

30
servers/kristine/nginx.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
defaultSSLListenPort = 444;
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
}
upstream marzban {
server 127.0.0.1:1080;
}
server {
listen 0.0.0.0:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};
}

27
servers/mio/hardware-configuration.nix
View file

@ -1,8 +1,31 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
networking = {
hostName = "mio";
interfaces.ens3 = {
useDHCP = false;
ipv4 = {
addresses = [{
address = "62.60.177.69";
prefixLength = 32;
}];
routes = [{
address = "10.0.0.1";
prefixLength = 32;
}];
};
};
defaultGateway = "10.0.0.1";
nameservers = ["1.1.1.1"];
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
}

47
servers/mio/main.nix
View file

@ -1,50 +1,15 @@
{ config, pkgs, secret, ... }:
{ config, pkgs, pkgs-unstable, secret, ... }:
{
imports = [
./hardware-configuration.nix
./nginx.nix
];
networking = {
hostName = "mio";
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [{
address = "66.78.40.227";
prefixLength = 24;
}];
};
defaultGateway = "66.78.40.1";
nameservers = ["1.1.1.1"];
};
environment.systemPackages = with pkgs; [
pkgs-unstable.sing-box
];
services.openssh.enable = true;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
system.stateVersion = "25.05";
services.yggdrasil.persistentKeys = true;
marzban = {
env = {
UVICORN_HOST = "mio.project-a.space";
UVICORN_PORT = secret.marzban.port;
SUDO_USERNAME = secret.marzban.sudo-username;
SUDO_PASSWORD = secret.marzban.sudo-password;
DOCS = true;
};
cert = true;
domain = "mio.project-a.space";
xray = import ../common/xray.nix {
server-domain = "mio.project-a.space";
port = secret.marzban.vless-port;
dest = secret.marzban.dest;
privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
};
};
networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
networking.firewall.allowedTCPPorts = [ 443 ];
}

12
servers/mio/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -10,11 +10,7 @@
streamConfig = ''
map $ssl_preread_server_name $name {
default marzban;
}
upstream git {
server 127.0.0.1:444;
default marzban;
}
upstream marzban {
@ -23,9 +19,11 @@
server {
listen 0.0.0.0:443;
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_timeout 60s;
}
'';
};

2
servers/reine/firewall.nix
View file

@ -2,4 +2,4 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
}
}

18
servers/reine/jellyfin.nix
View file

@ -1,17 +1,15 @@
{config, pkgs, pkgs-unstable, ...}:
{ config, pkgs, pkgs-unstable, ... }:
{
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.jellyseerr = {
enable = true;
port = 5055;
openFirewall = true;
package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date
};
}
# services.jellyseerr = {
# enable = true;
# port = 5055;
# openFirewall = true;
# package = pkgs-unstable.jellyseerr; # Use the unstable package if stable is not up-to-date
# };
}

22
servers/reine/main.nix
View file

@ -1,11 +1,13 @@
{ config, pkgs, secret, ... }:
{ config, pkgs, pkgs-projecta, secret, ... }:
{
imports = [
./hardware-configuration.nix
./jellyfin.nix
./nginx.nix
./qbittorrent.nix
./firewall.nix
./n8n.nix
];
networking.hostName = "reine";
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
@ -19,6 +21,22 @@
hardware.graphics.enable32Bit = true;
hardware.amdgpu.overdrive.enable = true;
hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
environment.systemPackages = with pkgs; [ clinfo mesa.opencl ];
time.timeZone = "Asia/Novosibirsk";
environment.systemPackages = with pkgs; [
clinfo
mesa.opencl
temurin-jre-bin-24
];
system.stateVersion = "25.05";
services.affine = {
enable = true;
env = secret.affine.env;
revision = secret.affine.revision;
};
networking.firewall.allowedTCPPorts = [ 4001 ];
networking.firewall.allowedUDPPorts = [ 4001 ];
nixpkgs.config.allowUnfree = true;
}

108
servers/reine/n8n.nix Normal file
View file

@ -0,0 +1,108 @@
{ pkgs, lib, ... }:
{
services.n8n = {
enable = true;
openFirewall = true;
webhookUrl = "https://n8n.project-a.space/";
settings.port = 3030;
};
systemd.services.n8n.environment.GENERIC_TIMEZONE = "Asia/Novosibirsk";
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers."mongodb" = {
image = "mongo:latest";
environment = {
"MONGO_INITDB_ROOT_PASSWORD" = "maria";
"MONGO_INITDB_ROOT_USERNAME" = "admin";
};
volumes = [ "/var/lib/n8n_mongodb_data:/data/db:rw" ];
ports = [
"27017:27017/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=mongodb"
"--network=n8n_default"
];
};
systemd.services."docker-mongodb" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [ "docker-network-n8n_default.service" ];
requires = [ "docker-network-n8n_default.service" ];
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
virtualisation.oci-containers.containers."redis" = {
image = "redis:latest";
volumes = [ "n8n_redis_data:/data:rw" ];
ports = [ "6379:6379/tcp" ];
cmd = [ "redis-server" "--requirepass" "maria" ];
log-driver = "journald";
extraOptions = [
"--network-alias=redis"
"--network=n8n_default"
];
};
systemd.services."docker-redis" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-n8n_default.service"
"docker-volume-n8n_redis_data.service"
];
requires = [
"docker-network-n8n_default.service"
"docker-volume-n8n_redis_data.service"
];
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
systemd.services."docker-network-n8n_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f n8n_default";
};
script = ''
docker network inspect n8n_default || docker network create n8n_default
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
systemd.services."docker-volume-n8n_redis_data" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect n8n_redis_data || docker volume create n8n_redis_data
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
systemd.targets."docker-compose-n8n-root" = {
unitConfig.Description = "Root target generated by compose2nix.";
wantedBy = [ "multi-user.target" ];
};
}

15
servers/reine/nginx.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.defaults.email = "project-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
@ -12,12 +12,23 @@
virtualHosts = {
"affine.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:3010";
};
"n8n.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3010";
proxyPass = "http://localhost:5678";
proxyWebsockets = true;
};
};
"cinema.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
};
};
};
}

22
servers/reine/qbittorrent.nix Normal file
View file

@ -0,0 +1,22 @@
{ secret, pkgs-unstable, ... }:
{
# services.qbittorrent = {
# enable = true;
# package = pkgs-unstable.qbittorrent;
# openFirewall = true;
# webuiPort = 7777;
# user = "in5ar";
# group = "users";
# serverConfig = {
# LegalNotice.Accepted = true;
# Preferences = {
# WebUI = {
# Username = "in5ar";
# Password_PBKDF2 = secret.qbt-password;
# };
# General.Locale = "en";
# };
# };
# };
}