From 8f181318c0d76d85d224055f4b527920295b0209 Mon Sep 17 00:00:00 2001 From: oqyude Date: Sun, 28 Sep 2025 13:38:45 +0300 Subject: [PATCH] pub add --- nixosConfigurations/default.nix | 2 + nixosConfigurations/hosts/disko/pub-vds.nix | 33 +++++ .../hosts/hardware/pub-vds.nix | 23 +++ nixosConfigurations/hosts/hardware/vds.nix | 12 -- nixosConfigurations/hosts/pub-vds.nix | 138 ++++++++++++++++++ nixosModules/options.nix | 1 + nixosModules/pub-vds/default.nix | 9 ++ nixosModules/pub-vds/xray.nix | 19 +++ nixosModules/vds/xray.nix | 1 - 9 files changed, 225 insertions(+), 13 deletions(-) create mode 100644 nixosConfigurations/hosts/disko/pub-vds.nix create mode 100644 nixosConfigurations/hosts/hardware/pub-vds.nix create mode 100644 nixosConfigurations/hosts/pub-vds.nix create mode 100644 nixosModules/pub-vds/default.nix create mode 100644 nixosModules/pub-vds/xray.nix diff --git a/nixosConfigurations/default.nix b/nixosConfigurations/default.nix index 5fd4afe..4df4f65 100755 --- a/nixosConfigurations/default.nix +++ b/nixosConfigurations/default.nix @@ -6,5 +6,7 @@ otreca = import ./hosts/vds.nix flakeContext; # vds sapphira = import ./hosts/server.nix flakeContext; # sapphira wsl = import ./hosts/wsl.nix flakeContext; # wsl + + pub-vds = import ./hosts/pub-vds.nix flakeContext; }; } diff --git a/nixosConfigurations/hosts/disko/pub-vds.nix b/nixosConfigurations/hosts/disko/pub-vds.nix new file mode 100644 index 0000000..f097a04 --- /dev/null +++ b/nixosConfigurations/hosts/disko/pub-vds.nix @@ -0,0 +1,33 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + type = "EF02"; + size = "1M"; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + swap = { + size = "256M"; + content = { + type = "swap"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nixosConfigurations/hosts/hardware/pub-vds.nix b/nixosConfigurations/hosts/hardware/pub-vds.nix new file mode 100644 index 0000000..cdbee5a --- /dev/null +++ b/nixosConfigurations/hosts/hardware/pub-vds.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + fileSystems = { + "/" = { + device = lib.mkForce "/dev/disk/by-partlabel/disk-main-root"; # "/dev/disk/by-partlabel/disk-main-root"; + fsType = "ext4"; + }; + }; + + # swapDevices = [ + # { device = "/dev/disk/by-partlabel/disk-main-swap"; } + # ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixosConfigurations/hosts/hardware/vds.nix b/nixosConfigurations/hosts/hardware/vds.nix index 5d7f044..cdbee5a 100755 --- a/nixosConfigurations/hosts/hardware/vds.nix +++ b/nixosConfigurations/hosts/hardware/vds.nix @@ -6,10 +6,6 @@ ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - fileSystems = { "/" = { device = lib.mkForce "/dev/disk/by-partlabel/disk-main-root"; # "/dev/disk/by-partlabel/disk-main-root"; @@ -21,15 +17,7 @@ # { device = "/dev/disk/by-partlabel/disk-main-swap"; } # ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/nixosConfigurations/hosts/pub-vds.nix b/nixosConfigurations/hosts/pub-vds.nix new file mode 100644 index 0000000..a22f408 --- /dev/null +++ b/nixosConfigurations/hosts/pub-vds.nix @@ -0,0 +1,138 @@ +{ inputs, ... }@flakeContext: +let + nixosModule = + { + config, + lib, + modulesPath, + pkgs, + xlib, + ... + }: + { + xlib.device = { + type = "pub-vds"; + hostname = "pub-vds"; + }; + + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + + ./disko/pub-vds.nix + ./hardware/pub-vds.nix + + inputs.self.nixosModules.default + ]; + + boot = { + kernelPackages = pkgs.linuxPackages_xanmod_stable; + hardwareScan = true; + loader = { + grub = { + enable = true; + device = "nodev"; + useOSProber = false; + efiSupport = false; + }; + systemd-boot.enable = lib.mkDefault false; + }; + }; + + services = { + earlyoom.enable = true; + preload.enable = true; + journald = { + extraConfig = '' + SystemMaxUse=512M + ''; + }; + samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "invalid users" = [ ]; + "passwd program" = "/run/wrappers/bin/passwd %u"; + security = "user"; + }; + nixos = { + "path" = "/etc/nixos"; + "browseable" = "yes"; + "read only" = "no"; + "valid users" = "${xlib.device.username}"; + "guest ok" = "no"; + "writable" = "yes"; + "create mask" = 755; + "directory mask" = 755; + "force user" = "${xlib.device.username}"; + "force group" = "users"; + }; + root = { + "path" = "/"; + "browseable" = "yes"; + "read only" = "no"; + "valid users" = "${xlib.device.username}"; + "guest ok" = "no"; + "writable" = "yes"; + #"create mask" = 0644; + #"directory mask" = 0644; + "force user" = "root"; + "force group" = "root"; + }; + "${xlib.device.username}" = { + "path" = "/home/${xlib.device.username}"; + "browseable" = "yes"; + "read only" = "no"; + "valid users" = "${xlib.device.username}"; + "guest ok" = "no"; + "writable" = "yes"; + "create mask" = 700; + "directory mask" = 700; + "force user" = "${xlib.device.username}"; + "force group" = "users"; + }; + }; + }; + openssh = { + enable = true; + allowSFTP = true; + openFirewall = true; + hostKeys = [ + { + path = "/etc/ssh/id_ed25519"; + type = "ed25519"; + } + ]; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "yes"; + UsePAM = true; + }; + }; + tailscale = { + enable = true; + openFirewall = true; + }; + }; + + networking = { + hostName = "${xlib.device.hostname}"; + networkmanager.enable = true; + firewall.enable = true; + }; + + system = { + stateVersion = "25.05"; + }; + }; +in +inputs.nixpkgs.lib.nixosSystem { + modules = [ + nixosModule + ]; + system = "x86_64-linux"; + specialArgs = { + deviceType = "pub-vds"; + }; +} diff --git a/nixosModules/options.nix b/nixosModules/options.nix index 90f74c5..f9e5341 100755 --- a/nixosModules/options.nix +++ b/nixosModules/options.nix @@ -14,6 +14,7 @@ "server" "vds" "wsl" + "pub-vds" ]; default = "minimal"; description = "Type of device for this host."; diff --git a/nixosModules/pub-vds/default.nix b/nixosModules/pub-vds/default.nix new file mode 100644 index 0000000..bf5f51e --- /dev/null +++ b/nixosModules/pub-vds/default.nix @@ -0,0 +1,9 @@ +{ + lib, + ... +}: +{ + imports = [ + ./xray.nix + ]; +} diff --git a/nixosModules/pub-vds/xray.nix b/nixosModules/pub-vds/xray.nix new file mode 100644 index 0000000..0999d9c --- /dev/null +++ b/nixosModules/pub-vds/xray.nix @@ -0,0 +1,19 @@ +{ + config, + inputs, + pkgs, + ... +}: +{ + services.xray = { + enable = true; + settings = inputs.zeroq-credentials.public.services.xray; + }; + + networking.firewall = { + allowedTCPPorts = [ 443 ]; + allowedUDPPorts = [ 443 ]; + }; + + environment.systemPackages = [ pkgs.xray ]; +} diff --git a/nixosModules/vds/xray.nix b/nixosModules/vds/xray.nix index 00bee70..4c4d802 100755 --- a/nixosModules/vds/xray.nix +++ b/nixosModules/vds/xray.nix @@ -13,7 +13,6 @@ networking.firewall = { allowedTCPPorts = [ 8443 ]; allowedUDPPorts = [ 8443 ]; - #trustedInterfaces = [ "tailscale0" ]; }; environment.systemPackages = [ pkgs.xray ];