oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-11 04:30:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

some clean

Browse Source
This commit is contained in:
Jor Oqyude
2025-10-10 20:08:23 +03:00
parent 4c57551ff8
commit fced475e86
101 changed files with 19 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/vds/3x-ui.nix
+81
View File
@@ -0,0 +1,81 @@
# Auto-generated using compose2nix v0.3.3-pre.
{
pkgs,
lib,
config,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."3xui_app" = {
image = "localhost:7443/compose2nix/3xui_app";
environment = {
"XRAY_VMESS_AEAD_FORCED" = "false";
"XUI_ENABLE_FAIL2BAN" = "true";
};
volumes = [
"/mnt/containers/3x-ui/cert/:/root/cert:rw"
"/mnt/containers/3x-ui/db/:/etc/x-ui:rw"
];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."podman-3xui_app" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
partOf = [
"podman-compose-3x-ui-root.target"
];
wantedBy = [
"podman-compose-3x-ui-root.target"
];
};
# Builds
systemd.services."podman-build-3xui_app" = {
path = [
pkgs.podman
pkgs.git
];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /mnt/containers/3x-ui
podman build -t compose2nix/3xui_app -f ./Dockerfile .
'';
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-3x-ui-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}
modules/vds/default.nix
+13
View File
@@ -0,0 +1,13 @@
{
lib,
...
}:
{
imports = [
./docker.nix
# ../services/uptime-kuma.nix
# ./netbird.nix
./nginx.nix
./xray.nix
];
}
modules/vds/docker.nix
+19
View File
@@ -0,0 +1,19 @@
{
config,
pkgs,
inputs,
...
}:
{
imports = [
# ./3x-ui.nix
];
# virtualisation = {
# docker.enable = true;
# };
environment.systemPackages = [
# inputs.compose2nix.packages.x86_64-linux.default
];
}
modules/vds/netbird.nix
+40
View File
@@ -0,0 +1,40 @@
{
config,
pkgs,
...
}:
{
services.netbird.server = {
enable = false;
enableNginx = true;
domain = "netbird.zeroq.ru";
dashboard = {
enable = false;
domain = "netbird.zeroq.ru";
settings = {
#AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
};
};
management = {
enable = false;
domain = "netbird.zeroq.ru";
};
};
# networking.firewall = {
# allowedTCPPorts = [
# 80
# 443
# 33073
# 10000
# 33080
# ];
# allowedUDPPorts = [ 3478 ];
# allowedUDPPortRanges = [
# {
# from = 49152;
# to = 65535;
# }
# ];
# };
}
modules/vds/nginx.nix
+151
View File
@@ -0,0 +1,151 @@
{
config,
inputs,
...
}:
let
server = "100.64.0.0";
in
{
users.users.nginx.extraGroups = [ "acme" ];
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"kuma.zeroq.ru" = {
forceSSL = true;
enableACME = true;
# kTLS = true;
locations."/" = {
proxyPass = "http://${server}:4001";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
# "node-red.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# kTLS = true;
# locations."/" = {
# proxyPass = "http://${server}:1880";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
"flux.zeroq.ru" = {
forceSSL = true;
enableACME = true;
# kTLS = true;
locations."/" = {
proxyPass = "http://${server}:6061";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"office.zeroq.ru" = {
enableACME = true;
forceSSL = true;
# kTLS = true;
locations = {
"/" = {
proxyPass = "http://${server}:9980"; # API и coauthoring
proxyWebsockets = true;
};
};
extraConfig = ''
client_max_body_size 5G;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
''; # absolute_redirect off;
};
"immich.zeroq.ru" = {
forceSSL = true;
enableACME = true;
# kTLS = true;
locations."/" = {
proxyPass = "http://${server}:2283";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"nextcloud.zeroq.ru" = {
forceSSL = true;
enableACME = true;
# kTLS = true;
locations = {
"/" = {
proxyPass = "http://${server}:10000";
proxyWebsockets = true;
};
"/whiteboard" = {
proxyPass = "http://${server}:3002";
proxyWebsockets = true;
};
# "/onlyoffice" = {
# proxyPass = "http://${server}:8000";
# proxyWebsockets = true;
# };
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"calibre.zeroq.ru" = {
forceSSL = true;
enableACME = true;
# kTLS = true;
locations."/" = {
proxyPass = "http://${server}:8083";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"pdf.zeroq.ru" = {
forceSSL = true;
enableACME = true;
# kTLS = true;
locations."/" = {
proxyPass = "http://${server}:6060";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
# "llm.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://100.86.62.4:11112";
# proxyWebsockets = true;
# };
# };
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "go.bin043120@gmail.com";
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}
modules/vds/secrets/xray.yaml
+17
View File
@@ -0,0 +1,17 @@
uuid: ENC[AES256_GCM,data:ISIVGVI2ILnxIGQBZi84cM7sTCOgh6JX6kugxwB+QOBhhvD5,iv:X17MqGOZ69ioW6P5lVx6cyyILaMuPCpZOXimp9JpYHs=,tag:99sGk20v3tEGHlqhbbT+DQ==,type:str]
private-key: ENC[AES256_GCM,data:u0kQ41APPlasPx9pcp6xOBDxTO2FiMDQKicylYJKO4RJwLkoESpbUZOB4g==,iv:HKEvSczfqJ5VEGQEJ3BCVUvAdqodRG6rK2VqV4jOQLk=,tag:9qw+6uA7QoJ68vK1FArn3A==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZy8zTEI2YzZtMTZ3enAw
SDRxZHZRSEY3YVA3blllRUlzd0syN3pLK0RvCk5mUy9zR3Q4TS9jWm1SbE5GOVdI
c0hYbnJxVlY0TnRicHFOYXEwYUxwVFEKLS0tIE5EOW9Wanp5YXN1YjF2TnFYSzFL
eTVHTVpEKzBIZllheXM5WkFERi9vUXMKzcA4e8aBvUwxgBzAwH/ZkphpMVVJl3NO
o5kgbaKyLw5C2jjLiYj8+vapFGV0O1HaTUfwSQ/wh2qh+ltlYot1xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-10T07:50:55Z"
mac: ENC[AES256_GCM,data:19bVxUtE2QR+o497vof7UeRIbA+Ki3tX1iNMUHdtWbZkvSZbjh6eAp1OSk8d+syo1TkTZdYYWdmbsUmJq/q4cfEvCvOJpoCW6JOTooRoC3xYfJLsxs3QSn9HTM/FBEaAFfqpzemyaulk7AVbFy5Fl5Ta13hz/YIJcxNa4Q9kGbA=,iv:6tu0HWo1aIhlxf4RnK1PeujLDPg1yxNOclRUXA2bxEQ=,tag:O/+x8taMuE5mvw1+rqkcsw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
modules/vds/xray.nix
+91
View File
@@ -0,0 +1,91 @@
{
config,
inputs,
pkgs,
...
}:
let
xraySettings = {
log = {
loglevel = "warning";
};
inbounds = [
{
port = 8443;
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
flow = "xtls-rprx-vision";
}
];
decryption = "none";
};
streamSettings = {
network = "tcp";
security = "reality";
realitySettings = {
dest = "cloudflare.com:443";
serverNames = [
"cloudflare.com"
];
privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
shortIds = [
"0a381e1fa219"
"be0ce04754dc"
"41beec74f4bc"
];
};
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "direct";
}
{
protocol = "blackhole";
tag = "block";
}
];
};
in
{
services.xray = {
enable = true;
settings = inputs.zeroq-credentials.services.xray;
};
networking.firewall = {
allowedTCPPorts = [ 8443 ];
allowedUDPPorts = [ 8443 ];
};
environment.systemPackages = [ pkgs.xray ];
sops.secrets = {
xray_uuid = {
key = "uuid";
mode = "0444";
format = "yaml";
sopsFile = ./secrets/xray.yaml;
path = "/etc/xray/uuid";
};
xray_private-key = {
path = "/etc/xray/private-key";
key = "private-key";
mode = "0444";
format = "yaml";
sopsFile = ./secrets/xray.yaml;
};
};
}