diff --git a/configurations/hardware/server.nix b/configurations/hardware/server.nix
index c36f2e9..a4c066f 100644
--- a/configurations/hardware/server.nix
+++ b/configurations/hardware/server.nix
@@ -51,9 +51,9 @@
};
};
- swapDevices = [
- { device = "/dev/disk/by-partlabel/disk-main-swap"; }
- ];
+ # swapDevices = [
+ # { device = "/dev/disk/by-partlabel/disk-main-swap"; }
+ # ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/configurations/hardware/vds.nix b/configurations/hardware/vds.nix
index cfee706..cdbee5a 100644
--- a/configurations/hardware/vds.nix
+++ b/configurations/hardware/vds.nix
@@ -13,9 +13,9 @@
};
};
- swapDevices = [
- { device = "/dev/disk/by-partlabel/disk-main-swap"; }
- ];
+ # swapDevices = [
+ # { device = "/dev/disk/by-partlabel/disk-main-swap"; }
+ # ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
diff --git a/configurations/vds-new.nix b/configurations/vds-new.nix
index d34bc85..b40dc99 100644
--- a/configurations/vds-new.nix
+++ b/configurations/vds-new.nix
@@ -46,53 +46,6 @@ let
SystemMaxUse=512M
'';
};
- samba = {
- enable = true;
- openFirewall = true;
- settings = {
- global = {
- "invalid users" = [ ];
- "passwd program" = "/run/wrappers/bin/passwd %u";
- security = "user";
- };
- nixos = {
- "path" = "/etc/nixos";
- "browseable" = "yes";
- "read only" = "no";
- "valid users" = "${xlib.device.username}";
- "guest ok" = "no";
- "writable" = "yes";
- "create mask" = 755;
- "directory mask" = 755;
- "force user" = "${xlib.device.username}";
- "force group" = "users";
- };
- root = {
- "path" = "/";
- "browseable" = "yes";
- "read only" = "no";
- "valid users" = "${xlib.device.username}";
- "guest ok" = "no";
- "writable" = "yes";
- #"create mask" = 0644;
- #"directory mask" = 0644;
- "force user" = "root";
- "force group" = "root";
- };
- "${xlib.device.username}" = {
- "path" = "/home/${xlib.device.username}";
- "browseable" = "yes";
- "read only" = "no";
- "valid users" = "${xlib.device.username}";
- "guest ok" = "no";
- "writable" = "yes";
- "create mask" = 700;
- "directory mask" = 700;
- "force user" = "${xlib.device.username}";
- "force group" = "users";
- };
- };
- };
openssh = {
enable = true;
allowSFTP = true;
diff --git a/configurations/vds.nix b/configurations/vds.nix
index 97d114a..7a9cf9c 100644
--- a/configurations/vds.nix
+++ b/configurations/vds.nix
@@ -46,53 +46,6 @@ let
SystemMaxUse=512M
'';
};
- samba = {
- enable = true;
- openFirewall = true;
- settings = {
- global = {
- "invalid users" = [ ];
- "passwd program" = "/run/wrappers/bin/passwd %u";
- security = "user";
- };
- nixos = {
- "path" = "/etc/nixos";
- "browseable" = "yes";
- "read only" = "no";
- "valid users" = "${xlib.device.username}";
- "guest ok" = "no";
- "writable" = "yes";
- "create mask" = 755;
- "directory mask" = 755;
- "force user" = "${xlib.device.username}";
- "force group" = "users";
- };
- root = {
- "path" = "/";
- "browseable" = "yes";
- "read only" = "no";
- "valid users" = "${xlib.device.username}";
- "guest ok" = "no";
- "writable" = "yes";
- #"create mask" = 0644;
- #"directory mask" = 0644;
- "force user" = "root";
- "force group" = "root";
- };
- "${xlib.device.username}" = {
- "path" = "/home/${xlib.device.username}";
- "browseable" = "yes";
- "read only" = "no";
- "valid users" = "${xlib.device.username}";
- "guest ok" = "no";
- "writable" = "yes";
- "create mask" = 700;
- "directory mask" = 700;
- "force user" = "${xlib.device.username}";
- "force group" = "users";
- };
- };
- };
openssh = {
enable = true;
allowSFTP = true;
diff --git a/flake.lock b/flake.lock
index 7da5653..9b3c13a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -173,13 +173,29 @@
"type": "github"
}
},
- "nixpkgs-master": {
+ "nixpkgs-calibre": {
"locked": {
- "lastModified": 1774276957,
- "narHash": "sha256-9LOxM/xgYXLuL/BkfusCcQh0kQKbCv97DzIi+bslzzc=",
+ "lastModified": 1772956932,
+ "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "3605980cfb31e415cae5cf57d0552dd4158ae7f1",
+ "rev": "608d0cadfed240589a7eea422407a547ad626a14",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "608d0cadfed240589a7eea422407a547ad626a14",
+ "type": "github"
+ }
+ },
+ "nixpkgs-master": {
+ "locked": {
+ "lastModified": 1774284444,
+ "narHash": "sha256-w0UscE/s+KYqgZzdh3yWVzSBqEvSzByHUrIdGFf25PA=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "27298c9e6596851fe781e04e54704d705d91f38b",
"type": "github"
},
"original": {
@@ -191,11 +207,11 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1773964973,
- "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=",
+ "lastModified": 1774244481,
+ "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25",
+ "rev": "4590696c8693fea477850fe379a01544293ca4e2",
"type": "github"
},
"original": {
@@ -299,6 +315,7 @@
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs",
"nixpkgs-beets": "nixpkgs-beets",
+ "nixpkgs-calibre": "nixpkgs-calibre",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable",
"noctalia": "noctalia",
diff --git a/flake.nix b/flake.nix
index 95bce01..6950f20 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,7 +8,7 @@
# nixpkgs
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
# nixpkgs-last-unstable.url = "github:NixOS/nixpkgs/6b4955211758ba47fac850c040a27f23b9b4008f";
- # nixpkgs-calibre.url = "github:NixOS/nixpkgs/e6f23dc08d3624daab7094b701aa3954923c6bbb";
+ nixpkgs-calibre.url = "github:NixOS/nixpkgs/608d0cadfed240589a7eea422407a547ad626a14";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-beets.url = "github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16";
diff --git a/home/home.nix b/home/home.nix
index dcac69f..599dce4 100644
--- a/home/home.nix
+++ b/home/home.nix
@@ -15,7 +15,7 @@ let
];
home = {
username = username;
- stateVersion = lib.mkDefault "25.05";
+ stateVersion = lib.mkDefault "26.05";
homeDirectory =
if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
enableNixpkgsReleaseCheck = false;
@@ -24,7 +24,7 @@ let
mkRootModule = username: {
home = {
username = username;
- stateVersion = lib.mkDefault "25.05";
+ stateVersion = lib.mkDefault "26.05";
homeDirectory =
if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
enableNixpkgsReleaseCheck = false;
@@ -36,7 +36,7 @@ let
];
home = {
username = username;
- stateVersion = lib.mkDefault "25.05";
+ stateVersion = lib.mkDefault "26.05";
homeDirectory =
if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
enableNixpkgsReleaseCheck = false;
diff --git a/modules/essentials/packages.nix b/modules/essentials/packages.nix
index 73741a0..a87e566 100644
--- a/modules/essentials/packages.nix
+++ b/modules/essentials/packages.nix
@@ -53,7 +53,9 @@ in
wget
tree
dust
- flow-control
+ tuckr
+ fresh-editor
+ #flow-control
# Net Diagnostic
mtr
@@ -86,24 +88,19 @@ in
# To save
tuios
-
- # Test
+ bluetui
jocalsend
- lazydocker
- dtop
tlrc
lazyssh
mcat
- framework-tool-tui
- bluetui
snitch
- devenv
whosthere
+ devenv
- # tree-sitter
- tree-sitter-grammars.tree-sitter-nix
- fresh-editor
- tuckr
+ # Test
+ # lazydocker
+ # dtop
+ # framework-tool-tui
];
};
environment.variables.EDITOR = "fresh";
diff --git a/modules/essentials/settings.nix b/modules/essentials/settings.nix
index 8ca2973..ffe9293 100644
--- a/modules/essentials/settings.nix
+++ b/modules/essentials/settings.nix
@@ -32,7 +32,7 @@
connect-timeout = 4;
auto-optimise-store = true;
fallback = true;
- allow-import-from-derivation = false;
+ allow-import-from-derivation = true;
keep-derivations = false;
keep-outputs = false;
experimental-features = [
diff --git a/modules/server/calibre-web.nix b/modules/server/calibre-web.nix
index 958a827..fabaf6b 100644
--- a/modules/server/calibre-web.nix
+++ b/modules/server/calibre-web.nix
@@ -6,13 +6,13 @@
...
}:
let
- stable = import inputs.nixpkgs-beets {
+ stable = import inputs.nixpkgs-calibre {
system = "x86_64-linux";
};
in
{
services.calibre-web = {
- # package = stable.calibre-web;
+ package = stable.calibre-web;
enable = true;
# dataDir = "${xlib.dirs.services-mnt-folder}/calibre-web";
options = {
diff --git a/modules/server/immich.nix b/modules/server/immich.nix
index 20ac9c1..f2fac54 100644
--- a/modules/server/immich.nix
+++ b/modules/server/immich.nix
@@ -22,10 +22,6 @@ in
accelerationDevices = null;
machine-learning.enable = true;
mediaLocation = "${xlib.dirs.services-mnt-folder}/immich";
- database = {
- enableVectors = false;
- enableVectorChord = true;
- };
};
};
diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix
index 761d53a..733102e 100644
--- a/modules/server/nextcloud.nix
+++ b/modules/server/nextcloud.nix
@@ -18,14 +18,14 @@ in
nextcloud-whiteboard-server = {
enable = true;
settings = {
- NEXTCLOUD_URL = "http://nextcloud.local";
+ NEXTCLOUD_URL = "http://nextcloud-private.local";
};
secrets = [ "${inputs.zeroq-credentials}/services/nextcloud/jwt-secret.txt" ];
};
nextcloud = {
enable = true;
package = pkgs.nextcloud33;
- hostName = "nextcloud.local";
+ hostName = "nextcloud-private.local";
database.createLocally = true;
home = "${xlib.dirs.services-mnt-folder}/nextcloud";
configureRedis = true;
@@ -49,11 +49,12 @@ in
"192.168.1.20"
"localhost"
"nextcloud.local"
+ "nextcloud-private.local"
];
trusted_proxies = [
"100.64.1.0"
];
- overwriteprotocol = "https";
+ overwriteprotocol = "";
};
extraAppsEnable = true;
appstoreEnable = false;
@@ -86,7 +87,6 @@ in
impersonate
mail
music
- #tasks?
tasks
# news
notes
@@ -142,7 +142,7 @@ in
# fonts.packages = [ work.corefonts ];
networking.hosts = {
- "localhost" = [ "nextcloud.local" ];
+ "localhost" = [ "nextcloud-private.local" ];
};
systemd.services.nextcloud-config-collabora =
diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix
index 60be649..c8b59d7 100644
--- a/modules/server/nginx.nix
+++ b/modules/server/nginx.nix
@@ -5,6 +5,9 @@
xlib,
...
}:
+let
+ server = "192.168.1.20";
+in
{
services = {
nginx = {
@@ -14,84 +17,129 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
+ "nextcloud-private.local" = {
+ forceSSL = false;
+ enableACME = false;
+ listen = [
+ {
+ addr = "100.64.0.0";
+ port = 10000;
+ }
+ {
+ addr = "192.168.1.20";
+ port = 10000;
+ }
+ ];
+ };
"nextcloud.local" = {
forceSSL = false;
enableACME = false;
- listen = [
- {
- addr = "100.64.0.0";
- port = 10000;
- }
- {
- addr = "192.168.1.20";
- port = 10000;
- }
- ];
+ locations = {
+ "/" = {
+ proxyPass = "http://${server}:10000";
+ proxyWebsockets = true;
+ };
+ "/whiteboard" = {
+ proxyPass = "http://${server}:3002";
+ proxyWebsockets = true;
+ };
+ };
+ extraConfig = ''
+ client_max_body_size 5G;
+ '';
};
- # "localhost:19999" = {
- # forceSSL = false;
- # enableACME = false;
- # listen = [
- # {
- # addr = "100.64.0.0";
- # port = 19999;
- # }
- # {
- # addr = "192.168.1.20";
- # port = 19999;
- # }
- # ];
- # };
- "zeroq.local" = {
+ "kuma.local" = {
forceSSL = false;
enableACME = false;
- root = pkgs.writeTextDir "index.html" ''
-
-
-
- This server is running in backend.
-
-
- '';
- listen = [
- {
- addr = "100.64.0.0";
- port = 80;
- }
- {
- addr = "192.168.1.20";
- port = 80;
- }
- ];
+ locations."/" = {
+ proxyPass = "http://${server}:4001";
+ proxyWebsockets = true;
+ };
};
- # "localhost:8000" = {
+ "health.local" = {
+ forceSSL = false;
+ enableACME = false;
+ locations."/" = {
+ proxyPass = "http://${server}:19999";
+ proxyWebsockets = true;
+ };
+ };
+ "agent.local" = {
+ forceSSL = false;
+ enableACME = false;
+ locations."/" = {
+ proxyPass = "http://${server}:3000";
+ proxyWebsockets = true;
+ };
+ };
+ "flux.local" = {
+ forceSSL = false;
+ enableACME = false;
+ locations."/" = {
+ proxyPass = "http://${server}:6061";
+ proxyWebsockets = true;
+ };
+ };
+ "immich.local" = {
+ forceSSL = false;
+ enableACME = false;
+ locations."/" = {
+ proxyPass = "http://${server}:2283";
+ proxyWebsockets = true;
+ };
+ extraConfig = ''
+ client_max_body_size 5G;
+ '';
+ };
+ "office.local" = {
+ enableACME = false;
+ forceSSL = false;
+ locations = {
+ "/" = {
+ proxyPass = "http://${server}:9980";
+ proxyWebsockets = true;
+ };
+ };
+ extraConfig = ''
+ client_max_body_size 5G;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ ''; # absolute_redirect off;
+ };
+ "calibre.local" = {
+ forceSSL = false;
+ enableACME = false;
+ locations."/" = {
+ proxyPass = "http://${server}:8083";
+ proxyWebsockets = true;
+ };
+ extraConfig = ''
+ client_max_body_size 5G;
+ '';
+ };
+ # "zeroq.local" = {
# forceSSL = false;
# enableACME = false;
+ # root = pkgs.writeTextDir "index.html" ''
+ #
+ #
+ #
+ # This server is running in backend.
+ #
+ #
+ # '';
# listen = [
# {
# addr = "100.64.0.0";
- # port = 9980;
+ # port = 80;
# }
# {
# addr = "192.168.1.20";
- # port = 9980;
+ # port = 80;
# }
# ];
# };
- # "office.zeroq.ru" = {
- # forceSSL = false;
- # enableACME = false;
- # locations."/" = {
- # proxyPass = "http://onlyoffice.local:8000";
- # proxyWebsockets = true;
- # };
- # extraConfig = ''
- # # Force nginx to return relative redirects. This lets the browser
- # # figure out the full URL. This ends up working better because it's in
- # # front of the reverse proxy and has the right protocol, hostname & port.
- # absolute_redirect off;
- # '';
- # };
};
};
};
diff --git a/modules/server/samba.nix b/modules/server/samba.nix
index 3e6bf9d..cd7dd2f 100644
--- a/modules/server/samba.nix
+++ b/modules/server/samba.nix
@@ -6,6 +6,9 @@
{
services.samba = {
enable = true;
+ nmbd = {
+ enable = false;
+ };
settings = {
global = {
"invalid users" = [ ];
diff --git a/modules/vds/default.nix b/modules/vds/default.nix
index acae4cb..86fcbe3 100644
--- a/modules/vds/default.nix
+++ b/modules/vds/default.nix
@@ -6,6 +6,7 @@
imports = [
../containers/3x-ui.nix
./nginx.nix
+ ./samba.nix
# ./xray.nix
# ./netbird.nix
];
diff --git a/modules/vds/nginx.nix b/modules/vds/nginx.nix
index b46e3db..4849e6c 100644
--- a/modules/vds/nginx.nix
+++ b/modules/vds/nginx.nix
@@ -45,6 +45,10 @@ in
proxyPass = "http://localhost:2096";
proxyWebsockets = true;
};
+ "/subsjs/" = {
+ proxyPass = "http://localhost:2096";
+ proxyWebsockets = true;
+ };
};
};
"kuma.zeroq.ru" = {
@@ -54,9 +58,6 @@ in
proxyPass = "http://${server}:4001";
proxyWebsockets = true;
};
- extraConfig = ''
- client_max_body_size 5G;
- '';
};
"health.zeroq.ru" = {
forceSSL = true;
@@ -117,16 +118,13 @@ in
proxyPass = "http://${server}:6061";
proxyWebsockets = true;
};
- extraConfig = ''
- client_max_body_size 5G;
- '';
};
"office.zeroq.ru" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
- proxyPass = "http://${server}:9980"; # API и coauthoring
+ proxyPass = "http://${server}:9980";
proxyWebsockets = true;
};
};
diff --git a/modules/vds/samba.nix b/modules/vds/samba.nix
new file mode 100644
index 0000000..136f1c7
--- /dev/null
+++ b/modules/vds/samba.nix
@@ -0,0 +1,56 @@
+{
+ config,
+ xlib,
+ ...
+}:
+{
+ services.samba = {
+ enable = true;
+ nmbd = {
+ enable = false;
+ };
+ settings = {
+ global = {
+ "invalid users" = [ ];
+ "passwd program" = "/run/wrappers/bin/passwd %u";
+ security = "user";
+ };
+ nixos = {
+ "path" = "/etc/nixos";
+ "browseable" = "yes";
+ "read only" = "no";
+ "valid users" = "${xlib.device.username}";
+ "guest ok" = "no";
+ "writable" = "yes";
+ "create mask" = 755;
+ "directory mask" = 755;
+ "force user" = "${xlib.device.username}";
+ "force group" = "users";
+ };
+ root = {
+ "path" = "/";
+ "browseable" = "yes";
+ "read only" = "no";
+ "valid users" = "${xlib.device.username}";
+ "guest ok" = "no";
+ "writable" = "yes";
+ #"create mask" = 0644;
+ #"directory mask" = 0644;
+ "force user" = "root";
+ "force group" = "root";
+ };
+ "${xlib.device.username}" = {
+ "path" = "/home/${xlib.device.username}";
+ "browseable" = "yes";
+ "read only" = "no";
+ "valid users" = "${xlib.device.username}";
+ "guest ok" = "no";
+ "writable" = "yes";
+ "create mask" = 700;
+ "directory mask" = 700;
+ "force user" = "${xlib.device.username}";
+ "force group" = "users";
+ };
+ };
+ };
+}
diff --git a/modules/wsl/default.nix b/modules/wsl/default.nix
index ad48108..e5fc6ad 100644
--- a/modules/wsl/default.nix
+++ b/modules/wsl/default.nix
@@ -13,7 +13,7 @@
#../server/open-webui.nix
#../services/tts.nix
];
- environment.systemPackages = [
+ environment.systemPackages = [
pkgs.rovr
];
}