From fad346d5a754459f1433b378c15e120a28195de8 Mon Sep 17 00:00:00 2001 From: oqyude Date: Wed, 23 Jul 2025 13:43:10 +0300 Subject: [PATCH] 123 --- devices/vds.nix | 188 +++++++++++++++--------------------------------- 1 file changed, 59 insertions(+), 129 deletions(-) mode change 100644 => 100755 devices/vds.nix diff --git a/devices/vds.nix b/devices/vds.nix old mode 100644 new mode 100755 index 0e652f3..067ab25 --- a/devices/vds.nix +++ b/devices/vds.nix @@ -2,6 +2,7 @@ let nixosModule = { + modulesPath, config, lib, pkgs, @@ -9,32 +10,32 @@ let }: { imports = with inputs; [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + #./hardware/vds.nix self.nixosModules.default - - #self.nixosModules.desktop - # self.nixosModules.server.cloudflared - # self.nixosModules.server.immich - # self.nixosModules.server.nextcloud - # self.nixosModules.server.nginx - # self.nixosModules.server.zerotier - # self.nixosModules.software.beets - #self.nixosModules.extra.self.zapret - #self.homeConfigurations.server.nixosModule # home-manager configuration module ]; - #boot = { - #kernelPackages = pkgs.linuxPackages_xanmod_stable; # pkgs.linuxPackages_xanmod_stable - #hardwareScan = true; - #loader = { - # systemd-boot.enable = lib.mkDefault true; - # efi.canTouchEfiVariables = lib.mkDefault true; - #}; - #}; + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.gitMinimal + ]; - #hardware = { - # bluetooth.enable = true; + boot.loader.grub = { + # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + #boot = { + #kernelPackages = pkgs.linuxPackages_xanmod_stable; # pkgs.linuxPackages_xanmod_stable + #hardwareScan = true; + #loader = { + # systemd-boot.enable = lib.mkDefault true; + # efi.canTouchEfiVariables = lib.mkDefault true; + #}; #}; #swapDevices = @@ -43,6 +44,13 @@ let users = { users = { + root = { + openssh.authorizedKeys.keys = [ + # change this to your ssh key + "# CHANGE" + ] + ++ (args.extraPublicKeys or [ ]); # this is used for unit-testing this module and can be removed if not needed + }; "${inputs.zeroq.devices.admin}" = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKduJia+unaQQdN6X5syaHvnpIutO+yZwvfiCP4qKQ/P" @@ -51,104 +59,52 @@ let }; }; - # fileSystems = { - # # External drive - # "${inputs.zeroq.dirs.server-home}" = { - # device = "/dev/disk/by-uuid/37e53ebc-5343-a94d-9fe2-0ca39e13a8de"; - # fsType = "ext4"; - # options = [ - # #"nofail" - # "x-systemd.device-timeout=0" - # ]; - # }; - # # Archive drive - # "/mnt/archive" = { - # device = "/dev/disk/by-label/archive"; - # fsType = "exfat"; - # options = [ - # "nofail" - # "x-systemd.device-timeout=0" - # "uid=1000" - # "gid=1000" - # ]; - # }; - # # beets - # "/mnt/beets/music" = { - # device = "${inputs.zeroq.dirs.server-home}/Music"; - # options = [ - # "bind" - # "uid=1000" - # "gid=1000" - # "fmask=0007" - # "dmask=0007" - # "nofail" - # "x-systemd.device-timeout=0" - # ]; - # }; - # }; - services = { - #power-profiles-daemon.enable = lib.mkForce false; earlyoom.enable = true; preload.enable = true; - #auto-cpufreq.enable = true; throttled.enable = true; journald = { extraConfig = '' SystemMaxUse=128M ''; }; - samba = { - enable = true; - settings = { - global = { - "invalid users" = [ ]; - "passwd program" = "/run/wrappers/bin/passwd %u"; - security = "user"; - }; - nixos = { - "path" = "/etc/nixos"; - "browseable" = "yes"; - "read only" = "no"; - "valid users" = "${inputs.zeroq.devices.admin}"; - "guest ok" = "no"; - "writable" = "yes"; - "create mask" = 644; - "directory mask" = 644; - "force user" = "${inputs.zeroq.devices.admin}"; - "force group" = "users"; - }; - root = { - "path" = "/"; - "browseable" = "yes"; - "read only" = "no"; - "valid users" = "${inputs.zeroq.devices.admin}"; - "guest ok" = "no"; - "writable" = "yes"; - #"create mask" = 0644; - #"directory mask" = 0644; - "force user" = "root"; - "force group" = "root"; - }; - }; - }; - # calibre-web = { + # samba = { # enable = true; - # group = "users"; - # user = "${inputs.zeroq.devices.admin}"; - # options = { - # calibreLibrary = "${inputs.zeroq.dirs.calibre-library}"; - # enableBookUploading = true; - # enableKepubify = false; + # settings = { + # global = { + # "invalid users" = [ ]; + # "passwd program" = "/run/wrappers/bin/passwd %u"; + # security = "user"; + # }; + # nixos = { + # "path" = "/etc/nixos"; + # "browseable" = "yes"; + # "read only" = "no"; + # "valid users" = "${inputs.zeroq.devices.admin}"; + # "guest ok" = "no"; + # "writable" = "yes"; + # "create mask" = 644; + # "directory mask" = 644; + # "force user" = "${inputs.zeroq.devices.admin}"; + # "force group" = "users"; + # }; + # root = { + # "path" = "/"; + # "browseable" = "yes"; + # "read only" = "no"; + # "valid users" = "${inputs.zeroq.devices.admin}"; + # "guest ok" = "no"; + # "writable" = "yes"; + # #"create mask" = 0644; + # #"directory mask" = 0644; + # "force user" = "root"; + # "force group" = "root"; + # }; # }; - # listen.ip = "0.0.0.0"; - # listen.port = 8083; - # openFirewall = true; # }; openssh = { enable = true; allowSFTP = true; - #knownHosts.otreca.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpMaD143EZqhRlpAgNINLrH/qXkN3zXmKgFJlhbhGwg"; hostKeys = [ { path = "/etc/ssh/id_ed25519"; @@ -161,32 +117,6 @@ let UsePAM = true; }; }; - # transmission = { - # enable = false; - # credentialsFile = "${inputs.zeroq.dirs.server-home}/server/transmission/settings.json"; - # openRPCPort = true; - # package = pkgs.transmission_4; - # user = "${inputs.zeroq.devices.admin}"; - # group = "users"; - # settings = { - # download-dir = "${inputs.zeroq.dirs.server-home}/Downloads"; - # incomplete-dir = "${inputs.zeroq.dirs.server-home}/Downloads/Temp"; - # incomplete-dir-enabled = true; - # rpc-bind-address = "0.0.0.0"; - # rpc-port = 9091; - # rpc-whitelist-enabled = false; - # umask = 0; - # }; - # }; - # syncthing = { - # enable = true; - # systemService = true; - # guiAddress = "0.0.0.0:8384"; - # configDir = "${inputs.zeroq.dirs.storage}/Syncthing/${inputs.zeroq.devices.server.hostname}"; - # dataDir = "${inputs.zeroq.dirs.server-home}"; - # group = "users"; - # user = "${inputs.zeroq.devices.admin}"; - # }; tailscale.enable = true; };