oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-16 06:51:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: oqyude/nixos:old
Branches Tags
oqyude/nixos:master oqyude/nixos:dev oqyude/nixos:old
..
compare: oqyude/nixos:master
Branches Tags
oqyude/nixos:dev oqyude/nixos:master oqyude/nixos:old

55 Commits
old .. master

Author SHA1 Message Date
oqyude 3120ceaf40 n8n added 2026-06-14 18:31:49 +03:00
oqyude 544aafd919 step-ca added 2026-06-14 01:59:39 +03:00
oqyude 6468c6583e nix flake update 2026-06-13 00:11:38 +03:00
oqyude b2b4883627 try to setup gitea 2026-06-10 12:38:23 +03:00
oqyude ebd2e99066 try to fix onlyoffice 
now its working in lan)
 2026-06-09 23:13:35 +03:00
oqyude 7514df3df3 cpp tools in wsl 2026-06-08 21:56:04 +03:00
oqyude 8ca46a632c nix flake update 2026-06-05 16:50:35 +03:00
oqyude aee5162344 nextcloud for lan 2026-06-04 20:40:17 +03:00
oqyude b001652162 bentopdf added 2026-05-31 14:26:24 +03:00
oqyude e0e908c79d nix flake update 2026-05-30 18:15:23 +03:00
oqyude f6027f7b9a nix flake update 2026-05-25 20:18:58 +03:00
oqyude 4820c7d745 systemd units for rsync rewrite 2026-05-18 15:11:27 +03:00
oqyude 52e88c1da1 systemd-routine - prebuild 2026-05-18 14:19:51 +03:00
oqyude 98c923f98f nix flake update 2026-05-16 12:40:20 +03:00
oqyude cde8866383 win+space 
староверим)
 2026-05-06 13:01:22 +03:00
oqyude acf2452b84 beets env update 2026-05-06 12:39:54 +03:00
oqyude 81ab80c94a fixes 2026-05-05 20:30:00 +03:00
oqyude c752cb2e7f pcbu-desktop try 2026-05-04 20:23:20 +03:00
oqyude 397bf49326 nix-serve added 2026-05-04 09:19:53 +03:00
oqyude 2df6ee7c3a nix flake update and changed to nixos-unstable 2026-05-03 19:00:04 +03:00
oqyude 1d84fb7354 nix flake update 2026-05-02 11:27:32 +03:00
oqyude 86e20597a7 refact, beets 3.14py 2026-04-21 12:24:54 +03:00
oqyude 58d631c0fb something 2026-04-17 20:46:49 +03:00
oqyude da6aad4fcd beets changes 2026-04-17 12:57:49 +03:00
oqyude a319150b99 nix flake update 2026-04-17 11:56:10 +03:00
oqyude 94b7d30c02 syn ddos defence 2026-04-13 11:13:54 +03:00
oqyude 7f1f714e8c glances added 2026-04-11 12:54:52 +03:00
oqyude f5c6d40c89 systemd-mounts... 
lix frozen-removed, rovr frozen-removed
 2026-04-10 14:07:07 +03:00
oqyude fb1637c44e nix flake update 2026-04-10 11:31:20 +03:00
oqyude a5a2763f66 new domain 2026-04-10 10:57:20 +03:00
oqyude bcd4bcffd5 beets fixed 2026-04-07 01:05:23 +03:00
oqyude c17d01c3a1 nix flake update 2026-04-06 16:11:57 +03:00
oqyude 557351e27b remnawave setup pause 2026-04-06 15:57:45 +03:00
oqyude c4b52f942c try to setup peerix and removed 2026-04-06 15:53:31 +03:00
oqyude 4d54a3b6fb remnawave editing 2026-04-05 02:37:56 +03:00
oqyude c3f8acad12 remnawave init 2026-04-05 02:28:14 +03:00
oqyude cf77fa88bf n8n enable 2026-04-01 12:50:28 +03:00
oqyude efcb4232a5 try to setup onlyoffice 2026-03-31 01:47:42 +03:00
oqyude 5909a72654 sops and onlyoffice evolution 2026-03-30 15:50:00 +03:00
oqyude 7d731bd1c4 ref 2026-03-29 14:46:01 +03:00
oqyude 713bccc3b1 nix flake update 2026-03-29 12:57:26 +03:00
oqyude c8c7c68c04 some fix 2026-03-27 17:56:12 +03:00
oqyude 6297df804e nix flake update 2026-03-23 17:52:28 +03:00
oqyude 8797821d94 rovr package added 2026-03-16 23:22:18 +03:00
oqyude 6f278b36e7 disable unused 2026-03-16 18:22:17 +03:00
oqyude ce19d10585 try to setup tuckr 2026-03-16 18:21:24 +03:00
oqyude e7daeccb27 netdata enabled 2026-03-12 11:40:58 +03:00
oqyude be816fe3bd turn on swap 2026-03-10 15:43:16 +03:00
oqyude af373baecc refind is rofl 
121

1

12

12

1

12

12

12

1

asd
 2026-03-09 22:07:18 +03:00
oqyude efa1ca2f0f beets channel change 2026-03-09 20:06:00 +03:00
oqyude e36db0e4ed nix flake update 2026-03-09 19:44:12 +03:00
oqyude a24f20cefb unused flake inputs removed 2026-03-09 19:44:12 +03:00
oqyude 40d2d29055 refind bootloader appear 2026-03-09 19:44:12 +03:00
oqyude 3d3baf1780 try to setup fresh-editor, no result 
1

1

1

1

1

12
 2026-03-09 12:08:59 +03:00
oqyude f1a81a6408 Init 2026-03-09 10:50:12 +03:00
87 changed files with 2322 additions and 1102 deletions
Expand all files Collapse all files
.gitattributes
+1
View File
@@ -0,0 +1 @@
* text=auto eol=lf
.gitignore
+1
View File
@@ -0,0 +1 @@
.vscode
README.md
+1 -1
View File
@@ -1 +1 @@
I'm a super newbie who just posted my stuff here. Now maybe simple newbie
I'm a super newbie who just posted my stuff here. Now maybe about intermediate
configurations/disko/server.nix
+1 -1
View File
@@ -18,7 +18,7 @@
};
};
swap = {
size = "2G";
size = "6G";
content = {
type = "swap";
};
configurations/disko/vds.nix
+1 -1
View File
@@ -20,7 +20,7 @@
};
};
swap = {
size = "1G";
size = "4G";
content = {
type = "swap";
};
configurations/hardware/mini-laptop.nix
+5 -5
View File
@@ -14,11 +14,11 @@
boot = {
initrd = {
supportedFilesystems = [
"nfs"
"nfsv4"
"overlay"
];
# supportedFilesystems = [
# "nfs"
# "nfsv4"
# "overlay"
# ];
availableKernelModules = [
"nvme"
"xhci_pci"
configurations/hardware/server.nix
+7 -3
View File
@@ -51,9 +51,13 @@
};
};
# swapDevices = [
# { device = "/dev/disk/by-partlabel/disk-main-swap"; }
# ];
zramSwap = {
enable = true;
};
swapDevices = [
{ device = "/dev/disk/by-partlabel/disk-main-swap"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
configurations/hardware/vds.nix
+7 -3
View File
@@ -13,9 +13,13 @@
};
};
# swapDevices = [
# { device = "/dev/disk/by-partlabel/disk-main-swap"; }
# ];
swapDevices = [
{ device = "/dev/disk/by-partlabel/disk-main-swap"; }
];
zramSwap = {
enable = true;
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
configurations/mini-laptop.nix
+5 -5
View File
@@ -69,11 +69,11 @@ let
};
services = {
xserver = {
videoDrivers = [
"nomodeset"
];
};
# xserver = {
# videoDrivers = [
# "nomodeset"
# ];
# };
syncthing = {
enable = true;
systemService = true;
configurations/server.nix
+5 -11
View File
@@ -20,7 +20,7 @@ let
];
boot = {
kernelPackages = pkgs.linuxPackages_xanmod_stable;
# kernelPackages = pkgs.linuxPackages_xanmod_stable;
hardwareScan = true;
loader = {
systemd-boot.enable = lib.mkDefault true;
@@ -41,10 +41,6 @@ let
intel-gpu-tools.enable = true;
};
# swapDevices = [
# { device = "/dev/disk/by-partlabel/disk-main-swap"; }
# ];
fileSystems = {
# External drive
"${xlib.dirs.server-home}" = {
@@ -52,7 +48,7 @@ let
fsType = "ext4";
};
# Archive drive
"/mnt/archive" = {
"${xlib.dirs.archive-drive}" = {
device = "/dev/disk/by-label/archive";
fsType = "exfat";
options = [
@@ -62,7 +58,7 @@ let
];
};
# Mobile SD-Card
"/mnt/mobile" = {
"${xlib.dirs.mobile-drive}" = {
device = "/dev/disk/by-uuid/7EB1-DC99";
fsType = "exfat";
options = [
@@ -71,15 +67,13 @@ let
"gid=1000"
];
};
# Services in /mnt folder
"${xlib.dirs.services-mnt-folder}" = {
device = "${xlib.dirs.services-folder}";
fsType = "none";
options = [
"bind"
"nofail"
# "uid=1000"
# "gid=1000"
# "fmask=0000"
# "dmask=0000"
];
};
};
configurations/vds-new.nix
-47
View File
@@ -46,53 +46,6 @@ let
SystemMaxUse=512M
'';
};
samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"invalid users" = [ ];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
nixos = {
"path" = "/etc/nixos";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
"create mask" = 755;
"directory mask" = 755;
"force user" = "${xlib.device.username}";
"force group" = "users";
};
root = {
"path" = "/";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
#"create mask" = 0644;
#"directory mask" = 0644;
"force user" = "root";
"force group" = "root";
};
"${xlib.device.username}" = {
"path" = "/home/${xlib.device.username}";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
"create mask" = 700;
"directory mask" = 700;
"force user" = "${xlib.device.username}";
"force group" = "users";
};
};
};
openssh = {
enable = true;
allowSFTP = true;
configurations/vds.nix
+35 -55
View File
@@ -26,7 +26,7 @@ let
];
boot = {
kernelPackages = pkgs.linuxPackages_xanmod_stable;
# kernelPackages = pkgs.linuxPackages_xanmod_stable;
hardwareScan = true;
loader = {
grub = {
@@ -37,6 +37,12 @@ let
};
systemd-boot.enable = lib.mkDefault false;
};
kernel.sysctl = {
"net.ipv4.tcp_syncookies" = 1;
"net.ipv4.tcp_max_syn_backlog" = 4096;
"net.ipv4.tcp_synack_retries" = 3;
"net.ipv4.tcp_syn_retries" = 3;
};
};
services = {
@@ -46,53 +52,6 @@ let
SystemMaxUse=512M
'';
};
samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"invalid users" = [ ];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
nixos = {
"path" = "/etc/nixos";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
"create mask" = 755;
"directory mask" = 755;
"force user" = "${xlib.device.username}";
"force group" = "users";
};
root = {
"path" = "/";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
#"create mask" = 0644;
#"directory mask" = 0644;
"force user" = "root";
"force group" = "root";
};
"${xlib.device.username}" = {
"path" = "/home/${xlib.device.username}";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
"create mask" = 700;
"directory mask" = 700;
"force user" = "${xlib.device.username}";
"force group" = "users";
};
};
};
openssh = {
enable = true;
allowSFTP = true;
@@ -114,28 +73,49 @@ let
openFirewall = true;
};
};
networking = {
nameservers = [
"1.1.1.1"
"8.8.8.8"
"2001:4860:4860::8844"
"2001:4860:4860::8888"
"2606:4700:4700::1111"
"2606:4700:4700::1001"
# "2001:4860:4860::8844"
# "2001:4860:4860::8888"
# "2606:4700:4700::1111"
# "2606:4700:4700::1001"
];
hostName = "${xlib.device.hostname}";
networkmanager.enable = true;
tempAddresses = "disabled";
dhcpcd = {
enable = true;
IPv6rs = true;
IPv6rs = false;
};
firewall = {
enable = true;
allowPing = true;
};
enableIPv6 = true;
nftables = {
enable = true;
ruleset = ''
table inet filter {
chain input {
type filter hook input priority 0;
# loopback
iif lo accept
# уже установленные
ct state established,related accept
# РЕЖЕМ SYN СРАЗУ
tcp flags syn tcp dport {80,443} limit rate 20/second burst 40 packets accept
tcp flags syn tcp dport {80,443} drop
# остальное по необходимости
}
}
'';
};
enableIPv6 = false;
interfaces.ens3 = {
useDHCP = true;
# ipv4.addresses = [
flake.lock
Generated
+75 -170
View File
@@ -1,26 +1,5 @@
{
"nodes": {
"compose2nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"onchg": "onchg"
},
"locked": {
"lastModified": 1768176895,
"narHash": "sha256-GvcYMsrvQ1yjehcKmnlniBQM8HP9U/v7qSvfnxj3VtA=",
"owner": "aksiksi",
"repo": "compose2nix",
"rev": "e36aecd3649f43d745a5f837bf91c27c4499e203",
"type": "github"
},
"original": {
"owner": "aksiksi",
"repo": "compose2nix",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": [
@@ -34,11 +13,11 @@
]
},
"locked": {
"lastModified": 1770019181,
"narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=",
"lastModified": 1781023725,
"narHash": "sha256-Gt+qFANcrDRjl3xzidLYrAUQCd3808iuAsLwZbYYAEU=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
"rev": "2ce9051767ee4d1a3c43b52ba327431783bfd463",
"type": "github"
},
"original": {
@@ -54,11 +33,11 @@
]
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"lastModified": 1781152676,
"narHash": "sha256-RxWs5ND31KzTG7wvMM+PMfUjyNpmIEr999lqNARaM5o=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"rev": "ff8702b4de27f72b4c78573dfb89ec74e36abdf1",
"type": "github"
},
"original": {
@@ -82,21 +61,6 @@
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1652776076,
"narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"grub2-themes": {
"inputs": {
"nixpkgs": [
@@ -124,11 +88,11 @@
]
},
"locked": {
"lastModified": 1771037579,
"narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=",
"lastModified": 1781189114,
"narHash": "sha256-5inaamLgUMWy+MOBE9ChF9QAF1o/74LFuHkI0W/9rqc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150",
"rev": "486595d2cf49cfcd649b58a284fa11ac0e34da22",
"type": "github"
},
"original": {
@@ -137,56 +101,16 @@
"type": "github"
}
},
"musnix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1767232402,
"narHash": "sha256-li+h6crnhc5Zqs+M6pn7D7M0W9M63ECNennDjRgzioE=",
"owner": "musnix",
"repo": "musnix",
"rev": "d65f98e0b1f792365f1705653d7b2d266ceeff6e",
"type": "github"
},
"original": {
"owner": "musnix",
"repo": "musnix",
"type": "github"
}
},
"nix-pre-commit": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"compose2nix",
"onchg",
"nixpkgs"
]
},
"locked": {
"lastModified": 1653259102,
"narHash": "sha256-XfCEu4zur/N2Dk4v8wFiQAgJ7bgNqPqwWp1vBXkeczM=",
"owner": "jmgilman",
"repo": "nix-pre-commit",
"rev": "6a99b2711c7eac9960939d8eb91e84322b22d50c",
"type": "github"
},
"original": {
"owner": "jmgilman",
"repo": "nix-pre-commit",
"type": "github"
}
},
"nixos-hardware": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1770882871,
"narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=",
"lastModified": 1781168557,
"narHash": "sha256-LOnLQ2tpYF9gqIDDr3+j3DbpJJr/QCH6zPRT2GzEUOE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b",
"rev": "6358ff76821101c178e3ab4919a62799bfe3652e",
"type": "github"
},
"original": {
@@ -206,11 +130,11 @@
]
},
"locked": {
"lastModified": 1770657009,
"narHash": "sha256-v/LA5ZSJ+JQYzMSKB4sySM0wKfsAqddNzzxLLnbsV/E=",
"lastModified": 1781182279,
"narHash": "sha256-V5EQQbDnmdiXGQXrEF1PEL7QYsFqfH8N1E89Z5ONwFk=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "5b50ea1aaa14945d4794c80fcc99c4aa1db84d2d",
"rev": "5675822ba756e6e56f8f6a5a76e90e0da2ece94d",
"type": "github"
},
"original": {
@@ -222,27 +146,56 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1770843696,
"narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
"lastModified": 1767892417,
"narHash": "sha256-8bW3q88CEg2u4hSP66Vf4lpbLonHz7hqDNBMcCY7E9U=",
"rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre924538.3497aa5c9457/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
}
},
"nixpkgs-beets": {
"locked": {
"lastModified": 1774610258,
"narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
"rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
"type": "github"
}
},
"nixpkgs-calibre": {
"locked": {
"lastModified": 1776255774,
"narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "566acc07c54dc807f91625bb286cb9b321b5f42a",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1771056776,
"narHash": "sha256-0l776LxthDY08ujQ1h83k9z6K5vBg1bGc415AWeFOOI=",
"lastModified": 1781298072,
"narHash": "sha256-p7sszdPeM3Gm7LA+NrWlxn5Rp6Qp+TGbt2qC/XBCxgI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d22fe1660f1f1ccbd52c9d2c09e92fe3861dd691",
"rev": "633f0c001a27731ee16cc504e831a4a9ccf071d6",
"type": "github"
},
"original": {
@@ -254,11 +207,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1770770419,
"narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
"lastModified": 1780952837,
"narHash": "sha256-Fwd1+spDtQ0hDyBwme6ufG3n4mY0UrjjFdYHv+G/Hds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
"rev": "e820eb4a444b46a19b2e03e8dfd2359439ff30fe",
"type": "github"
},
"original": {
@@ -268,65 +221,19 @@
"type": "github"
}
},
"noctalia": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"nixpkgs_2": {
"locked": {
"lastModified": 1771045170,
"narHash": "sha256-esBQIlClWRgYYvtYW27N79fCbOUkuFj3gxwJrb8WFX4=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "92612c09a9dce53d5dd60e53f066160f1cdf13b4",
"lastModified": 1781074563,
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"type": "github"
}
},
"nypkgs": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761401328,
"narHash": "sha256-1Mylp3ZHkft5Sg5VzMpRRvSNsuuO/Oj+cBqjkFoOnRg=",
"owner": "yunfachi",
"repo": "nypkgs",
"rev": "193c13630997d000e72e9ae6f6bfe9b71f5c4b3f",
"type": "github"
},
"original": {
"owner": "yunfachi",
"repo": "nypkgs",
"type": "github"
}
},
"onchg": {
"inputs": {
"nix-pre-commit": "nix-pre-commit",
"nixpkgs": [
"compose2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1720368454,
"narHash": "sha256-NUSw3G2gsQX8/G64/pDBb1oitM+x13m7nFRvpiI4a+s=",
"owner": "aksiksi",
"repo": "onchg-rs",
"rev": "c42b693d10920874b3644ef1502e33318409d69c",
"type": "github"
},
"original": {
"owner": "aksiksi",
"repo": "onchg-rs",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
@@ -340,11 +247,11 @@
]
},
"locked": {
"lastModified": 1770766818,
"narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=",
"lastModified": 1775856943,
"narHash": "sha256-b7Mp7P+q2Md5AGt4rjHfMcBykzMumFTen10ST++AuTU=",
"owner": "nix-community",
"repo": "plasma-manager",
"rev": "44b928068359b7d2310a34de39555c63c93a2c90",
"rev": "a524a6160e6df89f7673ba293cf7d78b559eb1a5",
"type": "github"
},
"original": {
@@ -355,20 +262,18 @@
},
"root": {
"inputs": {
"compose2nix": "compose2nix",
"deploy-rs": "deploy-rs",
"disko": "disko",
"flake-compat": "flake-compat",
"grub2-themes": "grub2-themes",
"home-manager": "home-manager",
"musnix": "musnix",
"nixos-hardware": "nixos-hardware",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-beets": "nixpkgs-beets",
"nixpkgs-calibre": "nixpkgs-calibre",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable",
"noctalia": "noctalia",
"nypkgs": "nypkgs",
"plasma-manager": "plasma-manager",
"sops-nix": "sops-nix",
"utils": "utils",
@@ -383,11 +288,11 @@
]
},
"locked": {
"lastModified": 1770683991,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"lastModified": 1780547341,
"narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
"type": "github"
},
"original": {
flake.nix
+22 -29
View File
@@ -6,11 +6,12 @@
zapret.url = "github:oqyude/zapret-easyflake"; # stupid flake of zapret
# nixpkgs
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# nixpkgs-last-unstable.url = "github:NixOS/nixpkgs/6b4955211758ba47fac850c040a27f23b9b4008f";
# nixpkgs-calibre.url = "github:NixOS/nixpkgs/e6f23dc08d3624daab7094b701aa3954923c6bbb";
nixpkgs-calibre.url = "github:NixOS/nixpkgs/566acc07c54dc807f91625bb286cb9b321b5f42a";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-beets.url = "github:NixOS/nixpkgs/832efc09b4caf6b4569fbf9dc01bec3082a00611"; # 2343bbb58f99267223bc2aac4fc9ea301a155a16
#nixpkgs-fingerprint.url = "github:NixOS/nixpkgs/nixos-24.11";
# nix-community
@@ -36,14 +37,10 @@
# nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
# flake-utils.url = "github:numtide/flake-utils";
# flake-parts.url = "github:hercules-ci/flake-parts";
# nur = {
# url = "github:nix-community/NUR";
# noctalia = {
# url = "github:noctalia-dev/noctalia-shell";
# inputs.nixpkgs.follows = "nixpkgs";
# };
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager"; # flake:home-manager
inputs.nixpkgs.follows = "nixpkgs";
@@ -60,14 +57,18 @@
home-manager.follows = "home-manager";
};
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
grub2-themes = {
url = "github:vinceliuice/grub2-themes";
inputs.nixpkgs.follows = "nixpkgs";
};
# nix-index-database = {
# url = "github:nix-community/nix-index-database";
# inputs.nixpkgs.follows = "nixpkgs";
# };
compose2nix = {
url = "github:aksiksi/compose2nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# extras
# nix-gaming.url = "github:fufexan/nix-gaming";
@@ -78,23 +79,15 @@
# flake-compat.follows = "flake-compat";
# };
# };
musnix = {
url = "github:musnix/musnix";
inputs.nixpkgs.follows = "nixpkgs";
};
grub2-themes = {
url = "github:vinceliuice/grub2-themes";
inputs.nixpkgs.follows = "nixpkgs";
};
nypkgs = {
# https://github.com/yunfachi/nypkgs
url = "github:yunfachi/nypkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# musnix = {
# url = "github:musnix/musnix";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# nypkgs = {
# # https://github.com/yunfachi/nypkgs
# url = "github:yunfachi/nypkgs";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# stylix = {
# url = "github:danth/stylix";
# inputs = {
home/apps/default.nix
+1 -1
View File
@@ -5,7 +5,7 @@
imports = [
./gramps.nix
./streamrip.nix
./v2rayn.nix
# ./v2rayn.nix
./yt-dlp.nix
];
}
home/apps/streamrip.nix
-11
View File
@@ -4,18 +4,7 @@
xlib,
...
}:
let
streamripPath = "${xlib.dirs.wsl-storage}/streamrip";
in
{
xdg = {
configFile = {
"streamrip" = {
source = config.lib.file.mkOutOfStoreSymlink streamripPath;
target = "streamrip";
};
};
};
home.packages = [
pkgs.streamrip
];
home/home.nix
+3 -3
View File
@@ -15,7 +15,7 @@ let
];
home = {
username = username;
stateVersion = lib.mkDefault "25.05";
stateVersion = lib.mkDefault "26.05";
homeDirectory =
if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
enableNixpkgsReleaseCheck = false;
@@ -24,7 +24,7 @@ let
mkRootModule = username: {
home = {
username = username;
stateVersion = lib.mkDefault "25.05";
stateVersion = lib.mkDefault "26.05";
homeDirectory =
if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
enableNixpkgsReleaseCheck = false;
@@ -36,7 +36,7 @@ let
];
home = {
username = username;
stateVersion = lib.mkDefault "25.05";
stateVersion = lib.mkDefault "26.05";
homeDirectory =
if username == "root" then lib.mkDefault "/${username}" else lib.mkDefault "/home/${username}";
enableNixpkgsReleaseCheck = false;
home/modules/packages.nix
-1
View File
@@ -75,7 +75,6 @@
# Games
#ludusavi
#prismlauncher
steam
#lutris
# AI
home/primary.nix
-4
View File
@@ -8,12 +8,8 @@
let
symlinksPaths = {
# cfg
"${xlib.dirs.user-storage}/ssh/config" = ".ssh/config";
"${xlib.dirs.user-storage}/beets" = ".config/beets";
"${xlib.dirs.user-storage}/ludusavi" = ".config/ludusavi";
"${xlib.dirs.user-storage}/solaar" = ".config/solaar";
"${xlib.dirs.user-storage}/easyeffects" = ".config/easyeffects";
"${xlib.dirs.user-storage}/KeePassXC" = ".config/keepassxc";
"${xlib.dirs.user-storage}/v2rayN" = ".local/share/v2rayN";
"/etc/nixos" = "Configuration";
home/secondary.nix
+1 -6
View File
@@ -8,18 +8,13 @@
let
symlinksPaths = {
# cfg
"${xlib.dirs.user-storage}/ssh/config" = ".ssh/config";
"${xlib.dirs.user-storage}/beets" = ".config/beets";
"${xlib.dirs.user-storage}/ludusavi" = ".config/ludusavi";
"${xlib.dirs.user-storage}/solaar" = ".config/solaar";
"${xlib.dirs.user-storage}/easyeffects" = ".config/easyeffects";
"${xlib.dirs.user-storage}/KeePassXC" = ".config/keepassxc";
"${xlib.dirs.user-storage}/v2rayN" = ".local/share/v2rayN";
"/etc/nixos" = "Configuration";
"${config.home.homeDirectory}/Games/PrismLaunchers/${config.home.username}" =
".local/share/PrismLauncher";
#"${xlib.dirs.lamet-drive}/Users/oqyude/Music" = "Music";
"${xlib.dirs.lamet-drive}/Users/oqyude/Music" = "Music";
};
mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
name = targetPath;
home/server.nix
-3
View File
@@ -8,9 +8,6 @@
let
symlinksPaths = {
"${config.home.homeDirectory}/External/Music" = "Music";
"${xlib.dirs.storage}/beets" = ".config/beets";
"${xlib.dirs.storage}/ssh/config" = ".ssh/config";
"${xlib.dirs.storage}/ssh/known_hosts" = ".ssh/known_hosts";
};
mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
name = targetPath;
home/wsl.nix
+1 -4
View File
@@ -9,10 +9,7 @@ let
symlinksPaths = {
"${config.home.homeDirectory}/External/Music" = "Music";
"${xlib.dirs.wsl-home}" = "External";
"${xlib.dirs.wsl-storage}/beets" = ".config/beets";
"${xlib.dirs.wsl-storage}/ssh/config" = ".ssh/config";
"${xlib.dirs.wsl-storage}/ssh/known_hosts" = ".ssh/known_hosts";
"${xlib.dirs.wsl-storage}/flow" = ".config/flow";
"${xlib.dirs.wsl-storage}" = "Storage";
};
mkLinks = lib.mapAttrs' (sourcePath: targetPath: {
name = targetPath;
modules/containers/3x-ui.nix
+131
View File
@@ -0,0 +1,131 @@
{
config,
lib,
pkgs,
xlib,
...
}:
{
virtualisation = {
podman = {
enable = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
};
dockerCompat = true;
};
oci-containers = {
backend = "podman";
containers."3xui_app" = {
image = "ghcr.io/mhsanaei/3x-ui:latest";
environment = {
"XRAY_VMESS_AEAD_FORCED" = "false";
"XUI_ENABLE_FAIL2BAN" = "true";
"TZ" = "Europe/Moscow";
};
volumes = [
"${xlib.dirs.services-mnt-folder}/containers/3x-ui/cert/:/root/cert:rw"
"${xlib.dirs.services-mnt-folder}/containers/3x-ui/db/:/etc/x-ui:rw"
];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
};
};
systemd = {
services = {
"podman-3xui_app" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
partOf = [
"podman-compose-3x-ui-root.target"
];
wantedBy = [
"podman-compose-3x-ui-root.target"
];
};
# Update
"podman-update-3xui_app" = {
path = [
pkgs.podman
];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
podman pull ghcr.io/mhsanaei/3x-ui:latest
systemctl restart podman-3xui_app.service
'';
};
# Builds
# "podman-build-3xui_app" = {
# path = [
# pkgs.podman
# pkgs.git
# ];
# serviceConfig = {
# Type = "oneshot";
# TimeoutSec = 300;
# };
# script = ''
# cd /mnt/containers/3x-ui
# podman build -t compose2nix/3xui_app -f ./Dockerfile .
# '';
# };
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
targets."podman-compose-3x-ui-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
timers."podman-update-3xui_app" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
};
};
# Folders
tmpfiles.rules = [
"d /mnt 0755 root root -"
"d /mnt/containers 0755 root root -"
"d /mnt/services/containers 0755 root root -"
"d /mnt/services/containers/3x-ui 0755 root root -"
"d /mnt/services/containers/3x-ui/cert 0755 root root -"
"d /mnt/services/containers/3x-ui/db 0755 root root -"
];
};
# Enable container name DNS for all Podman networks.
networking.firewall = {
allowedUDPPortRanges = [
{
from = 14380;
to = 15380;
}
];
allowedTCPPortRanges = [
{
from = 14380;
to = 15380;
}
];
interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
};
}
modules/containers/openhands.nix
+121
View File
@@ -0,0 +1,121 @@
{
pkgs,
lib,
config,
xlib,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."openhands-app" = {
image = "ghcr.io/openhands/openhands:latest";
environment = {
"AGENT_SERVER_IMAGE_REPOSITORY" = "ghcr.io/openhands/agent-server";
"AGENT_SERVER_IMAGE_TAG" = "31536c8-python";
"WORKSPACE_MOUNT_PATH" = "${xlib.dirs.services-mnt-folder}/containers/openhands/workspace";
};
volumes = [
"${xlib.dirs.services-mnt-folder}/containers/openhands/userspace:/.openhands:rw"
"${xlib.dirs.services-mnt-folder}/containers/openhands/workspace:/opt/workspace_base:rw"
"/run/podman/podman.sock:/var/run/docker.sock:rw"
];
ports = [
"3000:3000/tcp"
];
log-driver = "journald";
extraOptions = [
# "--network=host"
"--add-host=host.docker.internal:host-gateway"
"--network-alias=openhands"
"--network=openhands_default"
];
};
systemd.services."podman-openhands-app" = {
serviceConfig = {
Restart = lib.mkOverride 90 "no";
};
after = [
"podman-network-openhands_default.service"
];
requires = [
"podman-network-openhands_default.service"
];
partOf = [
"podman-compose-openhands-root.target"
];
wantedBy = [
"podman-compose-openhands-root.target"
];
};
# Networks
systemd.services."podman-network-openhands_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f openhands_default";
};
script = ''
podman network inspect openhands_default || podman network create openhands_default
'';
partOf = [ "podman-compose-openhands-root.target" ];
wantedBy = [ "podman-compose-openhands-root.target" ];
};
# Builds
# systemd.services."podman-build-openhands-app" = {
# enable = false;
# path = [
# pkgs.podman
# pkgs.git
# ];
# serviceConfig = {
# Type = "oneshot";
# TimeoutSec = 300;
# };
# script = ''
# cd ${xlib.dirs.services-mnt-folder}/containers/openhands/source
# podman build -t openhands:latest -f ./containers/app/Dockerfile .
# '';
# };
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-openhands-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.rules = [
"d ${xlib.dirs.services-mnt-folder} 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers/openhands 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers/openhands/userspace 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers/openhands/workspace 0755 root root -"
];
}
modules/containers/remnanode.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
inputs,
xlib,
...
}:
{
systemd.tmpfiles.rules = [
"d ${xlib.dirs.services-mnt-folder} 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers/remnanode 0755 root root -"
];
}
modules/containers/remnawave-examples/docker-compose-local.nix
+115
View File
@@ -0,0 +1,115 @@
# Auto-generated by compose2nix.
{
pkgs,
lib,
config,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."remnawave-panel-1" = {
image = "localhost/compose2nix/remnawave-panel-1";
environment = {
"API_INSTANCES" = "1";
"APP_PORT" = "3000";
"BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
"BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
"CLOUDFLARE_TOKEN" = "ey...";
"DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
"FRONT_END_DOMAIN" = "*";
"IS_DOCS_ENABLED" = "false";
"IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
"JWT_API_TOKENS_SECRET" =
"787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
"JWT_AUTH_SECRET" =
"2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
"METRICS_PASS" = "admin";
"METRICS_PORT" = "3001";
"METRICS_USER" = "admin";
"NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
"NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
"PANEL_DOMAIN" = "rw.zeroq.ru";
"POSTGRES_DB" = "remnawave";
"POSTGRES_PASSWORD" = "gQLqOm2jK/Z1oBXCD18XSgr76M8ZqkVhHZbNKvZQXnY=";
"POSTGRES_USER" = "remnawave";
"REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
"SCALAR_PATH" = "/scalar";
"SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
"SWAGGER_PATH" = "/docs";
# "TELEGRAM_BOT_TOKEN" = "change_me";
# "TELEGRAM_NOTIFY_CRM" = "change_me";
# "TELEGRAM_NOTIFY_NODES" = "change_me";
# "TELEGRAM_NOTIFY_SERVICE" = "change_me";
# "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
# "TELEGRAM_NOTIFY_USERS" = "change_me";
"WEBHOOK_ENABLED" = "false";
"WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
"WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
};
ports = [
"3003:3003/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=remnawave-panel-1"
"--network=remnawavebackend_default"
];
};
systemd.services."podman-remnawave-panel-1" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
partOf = [
"podman-compose-remnawave-root.target"
];
wantedBy = [
"podman-compose-remnawave-root.target"
];
};
# Builds
systemd.services."podman-build-remnawave-panel-1" = {
path = [
pkgs.podman
pkgs.git
];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /mnt/s/Deploy/remnawave-backend
podman build -t compose2nix/remnawave-panel-1 .
'';
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-remnawave-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}
modules/containers/remnawave-examples/docker-compose-prod.nix
+290
View File
@@ -0,0 +1,290 @@
# Auto-generated by compose2nix.
{
pkgs,
lib,
config,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."remnawave" = {
image = "remnawave/backend:2";
environment = {
"API_INSTANCES" = "1";
"APP_PORT" = "3000";
"BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
"BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
"CLOUDFLARE_TOKEN" = "ey...";
"DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
"FRONT_END_DOMAIN" = "*";
"IS_DOCS_ENABLED" = "false";
"IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
"JWT_API_TOKENS_SECRET" =
"787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
"JWT_AUTH_SECRET" =
"2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
"METRICS_PASS" = "admin";
"METRICS_PORT" = "3001";
"METRICS_USER" = "admin";
"NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
"NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
"PANEL_DOMAIN" = "rw.zeroq.ru";
"POSTGRES_DB" = "remnawave";
"POSTGRES_PASSWORD" = "gQLqOm2jK/Z1oBXCD18XSgr76M8ZqkVhHZbNKvZQXnY=";
"POSTGRES_USER" = "remnawave";
"REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
"SCALAR_PATH" = "/scalar";
"SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
"SWAGGER_PATH" = "/docs";
"TELEGRAM_BOT_TOKEN" = "change_me";
"TELEGRAM_NOTIFY_CRM" = "change_me";
"TELEGRAM_NOTIFY_NODES" = "change_me";
"TELEGRAM_NOTIFY_SERVICE" = "change_me";
"TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
"TELEGRAM_NOTIFY_USERS" = "change_me";
"WEBHOOK_ENABLED" = "false";
"WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
"WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
};
volumes = [
"valkey-socket:/var/run/valkey:rw"
];
ports = [
"127.0.0.1:3000:3000/tcp"
"127.0.0.1:3001:3001/tcp"
];
dependsOn = [
"remnawave-db"
"remnawave-redis"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=curl -f http://localhost:3001/health"
"--health-interval=30s"
"--health-retries=3"
"--health-start-period=30s"
"--health-timeout=5s"
"--hostname=remnawave"
"--network-alias=remnawave"
"--network=remnawave-network"
];
};
systemd.services."podman-remnawave" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
after = [
"podman-network-remnawave-network.service"
"podman-volume-valkey-socket.service"
];
requires = [
"podman-network-remnawave-network.service"
"podman-volume-valkey-socket.service"
];
partOf = [
"podman-compose-remnawave-root.target"
];
wantedBy = [
"podman-compose-remnawave-root.target"
];
};
virtualisation.oci-containers.containers."remnawave-db" = {
image = "postgres:17.6";
environment = {
"API_INSTANCES" = "1";
"APP_PORT" = "3000";
"BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
"BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
"CLOUDFLARE_TOKEN" = "ey...";
"DATABASE_URL" = "postgresql://remnawave:remnawave@remnawave-db:5432/postgres";
"FRONT_END_DOMAIN" = "*";
"IS_DOCS_ENABLED" = "false";
"IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
"JWT_API_TOKENS_SECRET" =
"787aa44c10130a9fa17ea3ea50c1248dd3e868f74941b96c09d608051399f88b95b67cd68d045aa39658b4b3fe933bf2b2c1437522498976f39f85ae1eab40da";
"JWT_AUTH_SECRET" =
"2bc14bacb6b82ce9e3ef69f8dd7bfb6b8a531f4f516902735d1d8f1bac8ff9b5077398f95b942b1adafc0ca1da4cdfd24a18539fa6eb26bee3f597a45deac94a";
"METRICS_PASS" = "admin";
"METRICS_PORT" = "3001";
"METRICS_USER" = "admin";
"NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
"NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
"PANEL_DOMAIN" = "rw.zeroq.ru";
"POSTGRES_DB" = "";
"POSTGRES_PASSWORD" = "";
"POSTGRES_USER" = "";
"REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
"SCALAR_PATH" = "/scalar";
"SUB_PUBLIC_DOMAIN" = "rw.zeroq.ru/api/sub";
"SWAGGER_PATH" = "/docs";
"TELEGRAM_BOT_TOKEN" = "change_me";
"TELEGRAM_NOTIFY_CRM" = "change_me";
"TELEGRAM_NOTIFY_NODES" = "change_me";
"TELEGRAM_NOTIFY_SERVICE" = "change_me";
"TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
"TELEGRAM_NOTIFY_USERS" = "change_me";
"TZ" = "UTC";
"WEBHOOK_ENABLED" = "false";
"WEBHOOK_SECRET_HEADER" = "vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ";
"WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
};
volumes = [
"remnawave-db-data:/var/lib/postgresql/data:rw"
];
ports = [
"127.0.0.1:6767:5432/tcp"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -U \${POSTGRES_USER} -d \${POSTGRES_DB}"
"--health-interval=3s"
"--health-retries=3"
"--health-timeout=10s"
"--hostname=remnawave-db"
"--network-alias=remnawave-db"
"--network=remnawave-network"
];
};
systemd.services."podman-remnawave-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
after = [
"podman-network-remnawave-network.service"
"podman-volume-remnawave-db-data.service"
];
requires = [
"podman-network-remnawave-network.service"
"podman-volume-remnawave-db-data.service"
];
partOf = [
"podman-compose-remnawave-root.target"
];
wantedBy = [
"podman-compose-remnawave-root.target"
];
};
virtualisation.oci-containers.containers."remnawave-redis" = {
image = "valkey/valkey:9-alpine";
volumes = [
"valkey-socket:/var/run/valkey:rw"
];
cmd = [
"valkey-server"
"--save"
""
"--appendonly"
"no"
"--maxmemory-policy"
"noeviction"
"--loglevel"
"warning"
"--unixsocket"
"/var/run/valkey/valkey.sock"
"--unixsocketperm"
"777"
"--port"
"0"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=[\"valkey-cli\", \"-s\", \"/var/run/valkey/valkey.sock\", \"ping\"]"
"--health-interval=3s"
"--health-retries=3"
"--health-timeout=3s"
"--hostname=remnawave-redis"
"--network-alias=remnawave-redis"
"--network=remnawave-network"
];
};
systemd.services."podman-remnawave-redis" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
after = [
"podman-network-remnawave-network.service"
"podman-volume-valkey-socket.service"
];
requires = [
"podman-network-remnawave-network.service"
"podman-volume-valkey-socket.service"
];
partOf = [
"podman-compose-remnawave-root.target"
];
wantedBy = [
"podman-compose-remnawave-root.target"
];
};
# Networks
systemd.services."podman-network-remnawave-network" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f remnawave-network";
};
script = ''
podman network inspect remnawave-network || podman network create remnawave-network --driver=bridge
'';
partOf = [ "podman-compose-remnawave-root.target" ];
wantedBy = [ "podman-compose-remnawave-root.target" ];
};
# Volumes
systemd.services."podman-volume-remnawave-db-data" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect remnawave-db-data || podman volume create remnawave-db-data --driver=local
'';
partOf = [ "podman-compose-remnawave-root.target" ];
wantedBy = [ "podman-compose-remnawave-root.target" ];
};
systemd.services."podman-volume-valkey-socket" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect valkey-socket || podman volume create valkey-socket --driver=local
'';
partOf = [ "podman-compose-remnawave-root.target" ];
wantedBy = [ "podman-compose-remnawave-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-remnawave-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}
modules/containers/remnawave.nix
+198
View File
@@ -0,0 +1,198 @@
{
config,
lib,
pkgs,
inputs,
xlib,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."remnawave-panel-1" = {
image = "ghcr.io/remnawave/backend:latest";
environment = {
"API_INSTANCES" = "1";
"APP_PORT" = "3000";
"BANDWIDTH_USAGE_NOTIFICATIONS_ENABLED" = "false";
"BANDWIDTH_USAGE_NOTIFICATIONS_THRESHOLD" = "[60, 80]";
"FRONT_END_DOMAIN" = "*";
"IS_DOCS_ENABLED" = "false";
"IS_TELEGRAM_NOTIFICATIONS_ENABLED" = "false";
"METRICS_PASS" = "admin";
"METRICS_PORT" = "3001";
"METRICS_USER" = "admin";
"NOT_CONNECTED_USERS_NOTIFICATIONS_AFTER_HOURS" = "[6, 24, 48]";
"NOT_CONNECTED_USERS_NOTIFICATIONS_ENABLED" = "false";
"PANEL_DOMAIN" = "rw.zeroq.su";
"POSTGRES_DB" = "remnawave";
"POSTGRES_USER" = "remnawave";
"REDIS_SOCKET" = "/var/run/valkey/valkey.sock";
"SCALAR_PATH" = "/scalar";
"SUB_PUBLIC_DOMAIN" = "rw.zeroq.su/api/sub";
"SWAGGER_PATH" = "/docs";
# "TELEGRAM_BOT_TOKEN" = "change_me";
# "TELEGRAM_NOTIFY_CRM" = "change_me";
# "TELEGRAM_NOTIFY_NODES" = "change_me";
# "TELEGRAM_NOTIFY_SERVICE" = "change_me";
# "TELEGRAM_NOTIFY_TBLOCKER" = "change_me";
# "TELEGRAM_NOTIFY_USERS" = "change_me";
"WEBHOOK_ENABLED" = "false";
# "WEBHOOK_URL" = "https://your-webhook-url.com/endpoint";
};
environmentFiles = [
"/run/secrets/remnawave-env"
];
ports = [
"3003:3003/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=remnawave-panel-1"
"--network=host" # "--network=remnawavebackend_default"
];
};
systemd.services."podman-remnawave-panel-1" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
partOf = [
"podman-compose-remnawave-root.target"
];
wantedBy = [
"podman-compose-remnawave-root.target"
];
};
# Builds
# systemd.services."podman-build-remnawave-panel-1" = {
# path = [ pkgs.podman pkgs.git ];
# serviceConfig = {
# Type = "oneshot";
# TimeoutSec = 300;
# };
# script = ''
# cd /mnt/s/Deploy/remnawave-backend
# podman build -t compose2nix/remnawave-panel-1 .
# '';
# };
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-remnawave-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
services = {
postgresql = {
ensureDatabases = [ "remnawave" ];
ensureUsers = [
{
name = "remnawave";
ensureDBOwnership = true;
}
];
};
};
systemd.services = {
remnawave-env = {
description = "Generate remnawave env file";
requiredBy = [ "podman-remnawave-panel-1.service" ];
before = [ "podman-remnawave-panel-1.service" ];
serviceConfig = {
Type = "oneshot";
User = "root";
};
script = ''
cat > /run/secrets/remnawave-env <<EOF
DATABASE_URL=$(cat ${config.sops.secrets.DATABASE_URL.path})
DATABASE_PASSWORD=$(cat ${config.sops.secrets.DATABASE_PASSWORD.path})
JWT_AUTH_SECRET=$(cat ${config.sops.secrets.JWT_AUTH_SECRET.path})
JWT_API_TOKENS_SECRET=$(cat ${config.sops.secrets.JWT_API_TOKENS_SECRET.path})
WEBHOOK_SECRET_HEADER=$(cat ${config.sops.secrets.WEBHOOK_SECRET_HEADER.path})
EOF
chmod 600 /run/secrets/remnawave-env
'';
wantedBy = [ "multi-user.target" ];
};
remnawave-db-init = {
description = "Initialize Remnawave DB user";
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
};
script = ''
PASSWORD=$(cat ${config.sops.secrets.DATABASE_PASSWORD.path})
${pkgs.postgresql}/bin/psql -v ON_ERROR_STOP=1 <<EOF
DO \$\$
BEGIN
IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname='remnawave') THEN
EXECUTE format('ALTER ROLE remnawave WITH PASSWORD %L', '$PASSWORD');
END IF;
END
\$\$ LANGUAGE plpgsql;
EOF
'';
wantedBy = [ "multi-user.target" ];
};
};
sops.secrets = {
DATABASE_PASSWORD = {
key = "DATABASE_PASSWORD";
sopsFile = ./secrets/remnawave.yaml;
owner = "postgres";
group = "postgres";
mode = "0400";
};
WEBHOOK_SECRET_HEADER = {
key = "WEBHOOK_SECRET_HEADER";
sopsFile = ./secrets/remnawave.yaml;
mode = "0400";
};
DATABASE_URL = {
key = "DATABASE_URL";
sopsFile = ./secrets/remnawave.yaml;
mode = "0400";
};
JWT_AUTH_SECRET = {
key = "JWT_AUTH_SECRET";
sopsFile = ./secrets/remnawave.yaml;
mode = "0400";
};
JWT_API_TOKENS_SECRET = {
key = "JWT_API_TOKENS_SECRET";
sopsFile = ./secrets/remnawave.yaml;
mode = "0400";
};
};
systemd.tmpfiles.rules = [
"d ${xlib.dirs.services-mnt-folder} 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers 0755 root root -"
"d ${xlib.dirs.services-mnt-folder}/containers/remnawave 0755 root root -"
];
}
modules/containers/secrets/remnawave.yaml
+20
View File
@@ -0,0 +1,20 @@
DATABASE_PASSWORD: ENC[AES256_GCM,data:DRactR3j13q9zHFO0puGhBv09CX9YJc9KtFSLuOUVV/U7O/Nmh5Hb4ID0+A=,iv:5ErptccuQIVxfZKIcpfO5yVtcM0zE7kPn4v7kHctTP8=,tag:e3w8Rz+wGLTrxDSNftmkLw==,type:str]
WEBHOOK_SECRET_HEADER: ENC[AES256_GCM,data:ZJYKwG1a8JH0ODeRnrv395plPN7PA18+gi3R/ueGd/r8OrtbVGL8UnZ/6HgW9M+/jCGWNclD5mZfyRg3He6hDg==,iv:PIYCD2n5ED5T24JfG6xhrvStd6jySCoBHhA8hUFIEMk=,tag:WWpfI1q9l9R44FRNaqIiaA==,type:str]
DATABASE_URL: ENC[AES256_GCM,data:6plSDBUKyZVAO/djw3bPTthtS11yljwCGfQcIUqQetxROk5hwwVEGNMd1e6nGgS7eTtqJHW6uStkw58=,iv:RDjCVPDgPhMEbCriW0xjrxzcAolmyD55fbkD95LZMlE=,tag:ovH2D3eTXtHFmZba6u+IZg==,type:str]
JWT_AUTH_SECRET: ENC[AES256_GCM,data:rzsOoIwJwwzCd+QbelcWYjfe1Bt7Y1ihrEn9tsxNyZnfmVVIkpFC948ne3YhUZ0CXYEDJYen/SFQgyyWsPwTwZgcy11mIZnROh4vlOJvPWILB1IlVQF/JDDts3fvXfe9HQ7ujBwkw5uR/33Rm+yxeLHMWTsn644DZSyKFi53QqY=,iv:aB3meC8BeEsLmiF0UMjQ60xipjGTJ0Qg1XqRHNujPFE=,tag:s/YcehFUrArknqHlXo3MYw==,type:str]
JWT_API_TOKENS_SECRET: ENC[AES256_GCM,data:m6EtsdMNDRJk99LEYRgTk5rFNUYux4I2UWo/8AWy+2HJI8tRiOrBO284T3W/N+2/3fbty96sVB/SD8bjIIsxHij51sZTYi4+hdU7VxANGPdiMckKAXtvj3FMsVwrtW4MgRbH0j7taiDtnxVp6F3Cl7Sb0GamKFJjgAZnA3weN/8=,iv:rnNB1AzosstyF3c2pUcvYVTyUWcmo8Du+/b09OgcN9w=,tag:O81gnP2nXJ3JvgkivzVgkw==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dWxEUDdhV2Z4V3JpNzNL
T0ZkYjlLWTNFV2c0Vm5Vb05xK09sQ0RxU0ZVCjhaSVhsSmoyZCtLYlNOVlNnTGFv
TTU1Y3I5U3UrcXhOOGt6U0hoSGw0YlUKLS0tIEJIbnJwNUk4Z0ZGNTRQRVFjWFhv
d0sreEpsMjV5M2JoRHFnVkpqeGhMM1EKX7K3Q2yj8EZuzCIxWIc+6Xeo+0lidPse
wstbeHV8ygWvOjIxjRGPOETQ17GLLl3eNEsk6P2gytZchmLkLYKKsA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-04T23:08:05Z"
mac: ENC[AES256_GCM,data:vWNFqNiWleqvRItVB0X5W/7e/F+LEWmfIKtnjbV5xwgyZ1jkP2N2wkw8CpzDNN5xwrkTdKfziGt+Psg8p72uMfvqns1lgQzvSbT3W8Di7bbIxgvwyBV8qCCpYn95ra/KRmV+oefhhr/1RlBN8wNb3oZI/m7sH8lv9d0sKw5SrE8=,iv:UAOifm4itrG6M3VKi7zelxL73lcpQkGXLSa/dk/hbvM=,tag:rzCK7Id3zQVF8VSDJV3nhg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2
modules/default.nix
+3 -4
View File
@@ -3,9 +3,9 @@ let
defaultModule =
{
config,
deviceType,
lib,
xlib,
deviceType,
...
}:
{
@@ -21,10 +21,9 @@ let
sops-nix.nixosModules.sops # sops module
self.homeConfigurations.default.nixosModule # default homeConfigurations
disko.nixosModules.disko # disko module
noctalia.nixosModules.default
];
nixpkgs.overlays = [
inputs.self.nixosOverlays.default
nixpkgs.overlays = with inputs; [
self.nixosOverlays.default
];
_module.args = {
inputs = inputs;
modules/desktop/default.nix
+10 -4
View File
@@ -1,5 +1,6 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -49,7 +50,7 @@
programs = {
dconf.enable = true;
gamemode.enable = true;
# steam.enable = true;
steam.enable = true;
xwayland.enable = true;
};
services = {
@@ -58,7 +59,7 @@
xkb = {
layout = "us,ru";
variant = "";
options = "grp:alt_shift_toggle";
# options = "grp:alt_shift_toggle";
};
};
libinput.enable = true;
@@ -68,7 +69,12 @@
cups-pdf.enable = true;
};
};
# environment.sessionVariables = {
# NIXOS_OZONE_WL = "1";
# environment = {
# systemPackages = [
# pkgs.pcbu-desktop
# ];
# # sessionVariables = {
# # NIXOS_OZONE_WL = "1";
# # };
# };
}
modules/essentials/default.nix
+1 -1
View File
@@ -7,7 +7,7 @@
./packages.nix
./services.nix
./settings.nix
# ./systemd-routine.nix
./systemd-routines.nix
./shell.nix
];
}
modules/essentials/packages.nix
+24 -14
View File
@@ -16,7 +16,7 @@ in
btop
broot
bottom
fastfetchMinimal
fastfetch
# Encrypt
age
@@ -38,6 +38,12 @@ in
lazyjournal
systemctl-tui
# IDE
yaml-language-server
nil
fresh-editor
#flow-control
# Base
curl
# efibootmgr
@@ -53,7 +59,7 @@ in
wget
tree
dust
flow-control
tuckr
# Net Diagnostic
mtr
@@ -72,7 +78,7 @@ in
exfatprogs # for gparted exfat support
# Archivers
rar
# rar
unzip
zstd
zip
@@ -86,20 +92,22 @@ in
# To save
tuios
fresh-editor
# Test
jocalsend
lazydocker
dtop
bluetui
speedtest-cli
# jocalsend
tlrc
lazyssh
mcat
framework-tool-tui
bluetui
snitch
devenv
whosthere
devenv
# Test
rgx
net-tools
# lazydocker
# dtop
# framework-tool-tui
];
};
environment.variables.EDITOR = "fresh";
@@ -118,7 +126,6 @@ in
enable = false;
plugins = {
inherit (pkgs.yaziPlugins)
gitui
git
sudo
ouch
@@ -181,6 +188,9 @@ in
name = "oqyude";
email = "oqyude@gmail.com";
};
pull = {
rebase = true;
};
};
};
lazygit.enable = true;
@@ -192,7 +202,7 @@ in
flake = "/etc/nixos";
clean = {
enable = true;
extraArgs = "--keep 3 --keep-since 2d";
extraArgs = "--keep 2 --keep-since 2d";
dates = "daily";
};
};
modules/essentials/services.nix
+1
View File
@@ -1,5 +1,6 @@
{
config,
inputs,
lib,
pkgs,
xlib,
modules/essentials/settings.nix
+16 -14
View File
@@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{
@@ -8,33 +9,34 @@
system.nixos.label = "default";
nix = {
channel = {
enable = true;
};
# nixPath = [ "nixpkgs=flake:nixpkgs" ];
# package = pkgs.lixPackageSets.stable.lix; # maybe unstable
channel.enable = false;
nixPath = [ "nixpkgs=flake:nixpkgs" ];
settings = {
require-sigs = false;
substituters = [
"http://100.64.0.0:5000"
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://mirror.yandex.ru/nixos"
"https://cache.nixos.kz"
"https://cache.xd0.zip"
# "https://cache.xd0.zip"
"https://nixos-cache-proxy.cofob.dev"
# "https://nixos-cache-proxy.sweetdogs.ru"
# "https://nixos-cache-proxy.elxreno.com"
# "https://nixos.snix.store" # https://nixos.snix.store/
];
trusted-public-keys = [
"cache.local:be5jFLkiwNyOep/McxSafB3jguBmztxx+oJ46ySyc/s="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
stalled-download-timeout = 4;
connect-timeout = 4;
stalled-download-timeout = 8;
connect-timeout = 8;
auto-optimise-store = true;
fallback = true;
# allow-import-from-derivation = false;
# keep-derivations = true;
# keep-outputs = true;
allow-import-from-derivation = true;
keep-derivations = false;
keep-outputs = false;
experimental-features = [
"flakes"
"nix-command"
@@ -43,10 +45,10 @@
};
nixpkgs = {
# flake = {
# setFlakeRegistry = false;
# setNixPath = false;
# };
flake = {
setFlakeRegistry = false;
setNixPath = false;
};
config.allowUnfree = true;
};
modules/essentials/shell.nix
+4
View File
@@ -39,6 +39,7 @@
gp = "git pull";
ns = "nh os switch";
gp-ns = "gp && ns";
gc = "git add . && git commit -m 'dev: автокоммит $(date +'%Y-%m-%d %H:%M:%S')'";
y = "yazi";
nix-shellp = "nix-shell --run $SHELL -p";
z-proxy = "export ALL_PROXY=socks5://localhost:10808";
@@ -66,4 +67,7 @@
json2nix = "nix run github:sempruijs/json2nix";
};
};
environment.sessionVariables = {
TUCKR_HOME = "$HOME/Storage/dotfiles";
};
}
modules/essentials/systemd-routine.nix
-26
View File
@@ -1,26 +0,0 @@
{
config,
xlib,
...
}:
{
systemd = {
services.nixos-auto-rebuild = {
description = "Auto rebuild NixOS config";
serviceConfig = {
Type = "oneshot";
User = "${xlib.device.username}";
WorkingDirectory = "/etc/nixos";
ExecStart = "gp-ns";
};
};
timers.nixos-auto-rebuild = {
description = "Run NixOS auto rebuild at 4am daily";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 04:00:00";
Persistent = true;
};
};
};
}
modules/essentials/systemd-routines.nix
+39
View File
@@ -0,0 +1,39 @@
{
config,
pkgs,
xlib,
...
}:
{
systemd = {
services = {
nixos-prebuild = {
description = "Prebuild NixOS closure";
serviceConfig = {
CPUQuota = "20%";
User = "oqyude";
Group = "users";
Nice = 10;
Type = "oneshot";
WorkingDirectory = "/tmp";
Environment = [
"HOME=/home/oqyude"
];
ExecStart = ''
${pkgs.nix}/bin/nix build --no-link /etc/nixos#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel
'';
};
wantedBy = [ "multi-user.target" ];
};
};
timers = {
nixos-prebuild = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 04:00:00";
Persistent = true;
};
};
};
};
}
modules/server/bentopdf.nix
+16
View File
@@ -0,0 +1,16 @@
{
config,
inputs,
...
}:
# let
# pkgs-stable = import inputs.nixpkgs-stable { system = "x86_64-linux"; };
# in
{
services.bentopdf = {
enable = true;
domain = "bentopdf.local";
nginx.enable = true;
# package = pkgs-stable.bentopdf;
};
}
modules/server/calibre-web.nix
+19 -4
View File
@@ -1,16 +1,22 @@
{
config,
xlib,
inputs,
pkgs,
xlib,
...
}:
let
stable = import inputs.nixpkgs-calibre {
system = "x86_64-linux";
};
in
{
services.calibre-web = {
package = stable.calibre-web;
enable = true;
group = "users";
user = "${xlib.device.username}";
# dataDir = "${xlib.dirs.services-mnt-folder}/calibre-web";
options = {
calibreLibrary = "${xlib.dirs.calibre-library}";
calibreLibrary = "${xlib.dirs.services-mnt-folder}/calibre-web-library";
enableBookUploading = true;
enableKepubify = true;
enableBookConversion = false;
@@ -19,4 +25,13 @@
listen.port = 8083;
openFirewall = true;
};
fileSystems."/var/lib/calibre-web" = {
device = "${xlib.dirs.services-mnt-folder}/calibre-web";
fsType = "none";
options = [
"bind"
"nofail"
];
};
}
modules/server/containers/remnawave.nix
-28
View File
@@ -1,28 +0,0 @@
{
config,
lib,
pkgs,
inputs,
xlib,
...
}:
{
# fileSystems."${config.services.immich.mediaLocation}" = {
# device = "${xlib.dirs.services-folder}/immich";
# options = [
# "bind"
# "nofail"
# ];
# };
# systemd.tmpfiles.rules = [
# "z ${config.services.immich.mediaLocation} 0755 immich immich -"
# ];
# environment = {
# systemPackages = with pkgs; [
# immich-cli
# ];
# };
}
modules/server/default.nix
+9 -1
View File
@@ -5,20 +5,28 @@
{
imports = [
../software/beets
./bentopdf.nix
./calibre-web.nix
./containers
./gitea.nix
./glances.nix
./immich.nix
./miniflux.nix
./n8n.nix
./navidrome.nix
./netdata.nix
./nextcloud.nix
./nginx.nix
./nix-serve.nix
./open-webui.nix
./postgresql.nix
./samba.nix
./step-ca.nix
./stirling-pdf.nix
./syncthing.nix
./systemd.nix
./transmission.nix
./uptime-kuma.nix
# ../containers/remnawave.nix
# ./mealie.nix
# ./memos.nix
# ./nfs.nix
modules/server/gitea.nix
+28
View File
@@ -0,0 +1,28 @@
{
config,
inputs,
lib,
pkgs,
xlib,
...
}:
{
services = {
gitea = {
enable = true;
stateDir = "${xlib.dirs.services-mnt-folder}/gitea";
appName = "ZeroQ Gitea Service";
settings = {
server = {
DOMAIN = "gitea.local";
HTTP_PORT = 3000;
};
service.DISABLE_REGISTRATION = true;
};
};
};
systemd.tmpfiles.rules = [
"z ${config.services.gitea.stateDir} 0755 gitea gitea -"
];
}
modules/server/glances.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
{
services = {
glances = {
enable = true;
openFirewall = true;
port = 61208;
};
};
}
modules/server/immich.nix
+1 -13
View File
@@ -1,8 +1,8 @@
{
config,
inputs,
lib,
pkgs,
inputs,
xlib,
...
}:
@@ -22,21 +22,9 @@ in
accelerationDevices = null;
machine-learning.enable = true;
mediaLocation = "${xlib.dirs.services-mnt-folder}/immich";
database = {
enableVectors = false;
enableVectorChord = true;
};
};
};
# fileSystems."${config.services.immich.mediaLocation}" = {
# device = "${xlib.dirs.services-folder}/immich";
# options = [
# "bind"
# "nofail"
# ];
# };
systemd.tmpfiles.rules = [
"z ${config.services.immich.mediaLocation} 0755 immich immich -"
];
modules/server/mealie.nix
+1 -1
View File
@@ -4,7 +4,7 @@
}:
{
services.mealie = {
enable = true;
enable = false;
listenAddress = "0.0.0.0";
port = 9000;
database.createLocally = true;
modules/server/memos.nix
+1 -1
View File
@@ -5,7 +5,7 @@
}:
{
services.memos = {
enable = true;
enable = false;
openFirewall = true;
settings = {
MEMOS_MODE = "prod";
modules/server/n8n.nix
+37
View File
@@ -0,0 +1,37 @@
{
config,
lib,
pkgs,
xlib,
inputs,
...
}:
let
configDir = "${xlib.dirs.services-mnt-folder}/n8n";
varDir = "/var/lib/n8n";
in
{
services.n8n = {
enable = true;
environment = {
# N8N_USER_FOLDER = lib.mkForce "${configDir}";
N8N_SECURE_COOKIE = "false";
N8N_PORT = 5678;
};
openFirewall = true;
};
systemd.tmpfiles.rules = [
"d ${configDir} 0755 nobody nogroup -"
"z ${configDir} 0755 nobody nogroup -"
];
fileSystems.${varDir} = {
device = "${configDir}";
fsType = "none";
options = [
"bind"
"nofail"
];
};
}
modules/server/navidrome.nix
+22
View File
@@ -0,0 +1,22 @@
{
config,
inputs,
lib,
pkgs,
xlib,
...
}:
{
services = {
navidrome = {
enable = false;
openFirewall = true;
# environmentFile = "";
settings = {
Address = "0.0.0.0";
Port = "4533";
MusicFolder = "/mnt/beets/music";
};
};
};
}
modules/server/netdata.nix
+32
View File
@@ -0,0 +1,32 @@
{
config,
inputs,
lib,
pkgs,
...
}:
{
services = {
netdata = {
enable = false;
package = pkgs.netdata.override {
withCloudUi = true;
};
config = {
web = {
"allow connections from" = "localhost *";
"default port" = "19999";
"bind to" = "0.0.0.0";
};
};
# python = {
# enable = true;
# recommendedPythonPackages = true;
# };
};
};
networking.firewall.allowedTCPPorts = [
19999
];
}
modules/server/nextcloud.nix
+124 -81
View File
@@ -18,14 +18,14 @@ in
nextcloud-whiteboard-server = {
enable = true;
settings = {
NEXTCLOUD_URL = "http://nextcloud.local";
NEXTCLOUD_URL = "http://nextcloud.private";
};
secrets = [ "${inputs.zeroq-credentials}/services/nextcloud/jwt-secret.txt" ];
secrets = [ config.sops.secrets.nextcloud-whiteboard-jwt.path ];
};
nextcloud = {
enable = true;
package = pkgs.nextcloud32;
hostName = "nextcloud.local";
package = pkgs.nextcloud33;
hostName = "nextcloud.private";
database.createLocally = true;
home = "${xlib.dirs.services-mnt-folder}/nextcloud";
configureRedis = true;
@@ -39,30 +39,42 @@ in
dbuser = "nextcloud";
dbname = "nextcloud";
adminuser = "oqyude";
adminpassFile = "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt";
adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
};
settings = {
log_type = "file";
trusted_domains = [
"nextcloud.zeroq.ru"
"100.64.0.0"
"192.168.1.20"
"localhost"
"nextcloud.local"
"nextcloud.private"
"nextcloud.zeroq.su"
"office.local"
"office.zeroq.su"
];
trusted_proxies = [
"100.64.1.0"
"109.248.161.5"
];
overwriteprotocol = "https";
overwriteprotocol = ""; # maybe no
};
extraAppsEnable = true;
appstoreEnable = false;
notify_push = {
enable = false;
bendDomainToLocalhost = true;
};
# phpPackage = pkgs.php85;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) # (config.services.nextcloud.package.packages.apps)
inherit (config.services.nextcloud.package.packages.apps)
# richdocuments
# gpoddersync
# integration_paperless
# memories
# news
# nextpod
# onlyoffice
# notify_push
# phonetrack
# repod
# sociallogin
@@ -80,96 +92,92 @@ in
impersonate
mail
music
# news
notes
notify_push
onlyoffice
polls
previewgenerator
richdocuments
spreed
tables
tasks
user_oidc
user_saml
whiteboard
;
inherit (pkgs.nextcloud31Packages.apps)
# end_to_end_encryption
# maps
tasks
;
};
};
collabora-online = {
enable = true;
port = 9980;
# package = master.collabora-online;
settings = {
server_name = "office.zeroq.ru";
ssl = {
enable = false;
termination = true;
ssl_verification = false;
};
net = {
listen = "0.0.0.0";
post_allow.host = [
"0.0.0.0"
];
};
storage.wopi = {
"@allow" = true;
host = [
"0.0.0.0/0"
];
};
# inherit (pkgs.nextcloud31Packages.apps)
# # end_to_end_encryption
# # maps
# tasks
# ;
};
};
# collabora-online = {
# enable = false;
# port = 9980;
# # package = master.collabora-online;
# settings = {
# server_name = "office.zeroq.su";
# ssl = {
# enable = false;
# termination = true;
# ssl_verification = false;
# };
# net = {
# listen = "0.0.0.0";
# post_allow.host = [
# "0.0.0.0"
# ];
# };
# storage.wopi = {
# "@allow" = true;
# host = [
# "0.0.0.0/0"
# ];
# };
# };
# };
onlyoffice = {
enable = false;
hostname = "0.0.0.0";
jwtSecretFile = "${inputs.zeroq-credentials}/services/onlyoffice/jwt.txt";
enable = true;
hostname = "office.local";
port = 8090;
allowLocalConnections = true;
wopi = true;
jwtSecretFile = config.sops.secrets.onlyoffice-jwt.path;
securityNonceFile = config.sops.secrets.onlyoffice-nonce.path;
};
};
# fonts.packages = [ work.corefonts ];
# networking.hosts = {
# };
# networking.hosts = {
# "localhost" = [ "nextcloud-private.local" ];
# };
systemd.services.nextcloud-config-collabora =
let
inherit (config.services.nextcloud) occ;
wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
public_wopi_url = "https://office.zeroq.ru";
wopi_allowlist = lib.concatStringsSep "," [
"0.0.0.0/0"
];
in
{
wantedBy = [ "multi-user.target" ];
after = [
"nextcloud-setup.service"
"coolwsd.service"
];
requires = [ "coolwsd.service" ];
script = ''
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
};
# fileSystems."${config.services.nextcloud.home}" = {
# device = "${xlib.dirs.services-folder}/nextcloud";
# options = [
# "bind"
# "nofail"
# ];
# };
# systemd.services.nextcloud-config-collabora =
# let
# inherit (config.services.nextcloud) occ;
# wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
# public_wopi_url = "https://office.zeroq.su";
# wopi_allowlist = lib.concatStringsSep "," [
# "0.0.0.0/0"
# ];
# in
# {
# wantedBy = [ "multi-user.target" ];
# after = [
# "nextcloud-setup.service"
# "coolwsd.service"
# ];
# requires = [ "coolwsd.service" ];
# script = ''
# ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
# ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
# ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
# ${occ}/bin/nextcloud-occ richdocuments:setup
# '';
# serviceConfig = {
# Type = "oneshot";
# };
# };
systemd.tmpfiles.rules = [
"z ${config.services.nextcloud.home} 0750 nextcloud nextcloud -"
@@ -178,4 +186,39 @@ in
environment.systemPackages = [
pkgs.nc4nix # Packaging helper for Nextcloud apps
];
sops.secrets = {
nextcloud-adminpass = {
format = "yaml";
key = "adminpass";
sopsFile = ./secrets/nextcloud.yaml;
owner = "nextcloud";
group = "nextcloud";
mode = "0650";
};
nextcloud-whiteboard-jwt = {
format = "yaml";
key = "whiteboard-jwt";
sopsFile = ./secrets/nextcloud.yaml;
owner = "nextcloud";
group = "nextcloud";
mode = "0650";
};
onlyoffice-nonce = {
format = "yaml";
key = "nonce";
sopsFile = ./secrets/onlyoffice.yaml;
owner = "onlyoffice";
group = "onlyoffice";
mode = "0650";
};
onlyoffice-jwt = {
format = "yaml";
key = "jwt";
sopsFile = ./secrets/onlyoffice.yaml;
owner = "onlyoffice";
group = "onlyoffice";
mode = "0650";
};
};
}
modules/server/nginx.nix
+170 -45
View File
@@ -5,6 +5,9 @@
xlib,
...
}:
let
server = "192.168.1.20";
in
{
services = {
nginx = {
@@ -14,70 +17,192 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"nextcloud.private" = {
forceSSL = false;
enableACME = false;
listen = [
{
addr = "100.64.0.0";
port = 10000;
}
{
addr = "192.168.1.20";
port = 10000;
}
];
};
"office.local" = {
forceSSL = false;
enableACME = false;
# locations = {
# "/" = {
# proxyPass = "http://localhost:8090";
# proxyWebsockets = true;
# };
# };
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# '';
};
"bentopdf.local" = {
forceSSL = false;
enableACME = false;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "100.64.0.0";
port = 8446;
}
{
addr = "192.168.1.20";
port = 8446;
}
];
extraConfig = ''
client_max_body_size 5G;
'';
};
"nextcloud.local" = {
forceSSL = false;
enableACME = false;
listen = [
{
addr = "100.64.0.0";
port = 10000;
}
{
addr = "192.168.1.20";
port = 10000;
}
];
locations = {
"/" = {
proxyPass = "http://${server}:10000";
proxyWebsockets = true;
};
"/whiteboard" = {
proxyPass = "http://${server}:3002";
proxyWebsockets = true;
};
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"zeroq.local" = {
"gitea.local" = {
forceSSL = false;
enableACME = false;
root = pkgs.writeTextDir "index.html" ''
<!doctype html>
<html>
<body>
<pre>This server is running in backend.</pre>
</body>
</html>
locations."/" = {
proxyPass = "http://${server}:3000";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
listen = [
{
addr = "100.64.0.0";
port = 80;
}
{
addr = "192.168.1.20";
port = 80;
}
];
};
# "localhost:8000" = {
"n8n.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:5678";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"kuma.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:4001";
proxyWebsockets = true;
};
};
"health.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:19999";
proxyWebsockets = true;
};
};
"agent.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:3000";
proxyWebsockets = true;
};
};
"flux.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:6061";
proxyWebsockets = true;
};
};
"immich.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:2283";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
# "office.local" = {
# enableACME = false;
# forceSSL = false;
# locations = {
# "/" = {
# proxyPass = "http://${server}:8000"; # 9980
# proxyWebsockets = true;
# };
# };
# extraConfig = ''
# client_max_body_size 5G;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# ''; # absolute_redirect off;
# };
"calibre.local" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://${server}:8083";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
# "zeroq.local" = {
# forceSSL = false;
# enableACME = false;
# root = pkgs.writeTextDir "index.html" ''
# <!doctype html>
# <html>
# <body>
# <pre>This server is running in backend.</pre>
# </body>
# </html>
# '';
# listen = [
# {
# addr = "100.64.0.0";
# port = 9980;
# port = 80;
# }
# {
# addr = "192.168.1.20";
# port = 9980;
# port = 80;
# }
# ];
# };
# "office.zeroq.ru" = {
# forceSSL = false;
# enableACME = false;
# locations."/" = {
# proxyPass = "http://onlyoffice.local:8000";
# proxyWebsockets = true;
# };
# extraConfig = ''
# # Force nginx to return relative redirects. This lets the browser
# # figure out the full URL. This ends up working better because it's in
# # front of the reverse proxy and has the right protocol, hostname & port.
# absolute_redirect off;
# '';
# };
};
};
};
modules/server/nix-serve.nix
+24
View File
@@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
{
services = {
nix-serve = {
enable = true;
openFirewall = true;
port = 5000;
bindAddress = "0.0.0.0";
secretKeyFile = config.sops.secrets.private-key.path;
};
};
sops.secrets = {
private-key = {
key = "private-key";
sopsFile = ./secrets/nix-serve.yaml;
mode = "0600";
};
};
}
modules/server/postgresql.nix
+1
View File
@@ -23,6 +23,7 @@ in
fileSystems."/var/lib/postgresql" = {
device = "${xlib.dirs.services-mnt-folder}/postgresql";
fsType = "none";
options = [
"bind"
"nofail"
modules/server/samba.nix
+3
View File
@@ -6,6 +6,9 @@
{
services.samba = {
enable = true;
nmbd = {
enable = false;
};
settings = {
global = {
"invalid users" = [ ];
modules/server/secrets/ca.json
+46
View File
@@ -0,0 +1,46 @@
{
"root": "/root/.step/certs/root_ca.crt",
"federatedRoots": null,
"crt": "/root/.step/certs/intermediate_ca.crt",
"key": "/root/.step/secrets/intermediate_ca_key",
"address": "0.0.0.0:9000",
"insecureAddress": "",
"dnsNames": [
"ca.zeroq.su"
],
"logger": {
"format": "text"
},
"db": {
"type": "badgerv2",
"dataSource": "/root/.step/db",
"badgerFileLoadingMode": ""
},
"authority": {
"provisioners": [
{
"type": "JWK",
"name": "oqyude@zeroq.su",
"key": {
"use": "sig",
"kty": "EC",
"kid": "vhOaaOVnwo0MtJVP13ZM60ckirLUqq-5WEbq2PQTQ-w",
"crv": "P-256",
"alg": "ES256",
"x": "0WXy0B9DHwz4POacxrSiml7bbOPFYPKVvyUlm18M5ro",
"y": "AptaeuzpC2TV9_hHAx8s2afDmCa_QJSzke23kCYzKfU"
},
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiVTBRS24wUHFJUUZiNTRyRkVYeDVwZyJ9.Xc96u-JxlKELcawpLmyrzqp4_UUY1sAqUo7PX6hBWL8_Ix2RzS8ZwA.fs5K5A9kXmp3KEUu.J1s016RTlqKbfRzQJB1bdz8v93S9PLpU3DqlEvIVnOIEhovL9vG5dzPLAfLApZ_MArHhubVkirHhZHB4fYd3KvbFpCRaYQomB4vP0V188zclL7gyatiQ36R_fTG_oiRiKHeP0nPubVpL-I-ESdtXR05pMQtit5A1luLGm3H78FuTF883Hiz-hc84v8E-nq0Z5l5zQeV-fy4QaCFzg1_5s7MacNlgplDLopzbfJIhp3SDKiwWjsotPjsuKMSQ-blawbBL5skf44t23hDelSaRvASq8-Dq-hkBLsKssMX7SzccHPWpxazZ07Ug8PKc8_o2kxc6k5-K0Xr5tY4h8VI.YSsnw_InABsga1SCjLtq1g"
}
]
},
"tls": {
"cipherSuites": [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
],
"minVersion": 1.2,
"maxVersion": 1.3,
"renegotiation": false
}
}
modules/server/secrets/nextcloud.yaml
+17
View File
@@ -0,0 +1,17 @@
adminpass: ENC[AES256_GCM,data:Fm+Q6YWXxouP5cX2WHU05Jr49FU=,iv:Exf/li6bL6xpR9HQ8XDDSprjx4ltHkJFl99Ga+gXwmQ=,tag:iB9d5O4982tr7lPu1nWccQ==,type:str]
whiteboard-jwt: ENC[AES256_GCM,data:5i+x8VODrBIhGEWS5Ua6lrk7tsfk6xTa/1qm1rXe4A==,iv:2gFEeudip7BxJh553QtZ1CZo9T8jro3Q/Afdo8ouHtw=,tag:HgBM9ta41rhXJlsQJ+asFg==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNWFiUlZXMEEvNll0aFFk
UldxNitqaDgyenBFeWRhLzUxSVVhQk55Q1FBCkdLU3p4S0NTOVhERkRoaWVwbWVB
cUxwdkJnQ1IyNzFTaVJvVXRwbElYbVkKLS0tIDQ5ejZvRks5U0tPU0w0WXdtM0ht
WGVQYjZtaHhaeC9pMzYxYmxTcVNtYk0KKxXXNA9h0fs+mA6U/Vsyg+q1CPl5hFrI
Ozjqh+dzwajQeqkCPUdCsoeIWsvBY2Cyabvs+f0zj8S00faXb8rVQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-30T12:49:45Z"
mac: ENC[AES256_GCM,data:1EkbMGa6nK53GqGWYvXZP+sqy91AldGKy/32CVPshZwvTzJtk/VeK3W9A3fIGwvo7gl+QVWJmSiqrOTql4v+U4Yi3jVLEXsHXA5Bh28aJ7Ng9nkZmI10K7oaYF1xWNxzwss4gcDNIuomK+wG1WNLaiLbxwCBkN6xHugWQ4F+DLs=,iv:UmI6nC7dIHGeas54taf5kTIINvyd8YXyOVdIYghwHmE=,tag:VxdJLXRYin8D07r6CCA00A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2
modules/server/secrets/nix-serve.yaml
+16
View File
@@ -0,0 +1,16 @@
private-key: ENC[AES256_GCM,data:VTj1cmhYLbBuUnIgtXI3CZtULaNZ5XOpoheJB0gUwrWrH5B0rmxcvZLlJWX7xhGs4oqcC3Wwmo+TBPhcgGylLVdCuhJG5A94UwOa9ZIV4s3x3IJ4RU3UcHTsA0xdtw7XxBfryw==,iv:8oZCojIU0JXWJgE5t+fNNW9trC109yOJp1UGAV76FbU=,tag:S74cHFy9B8C29npdcoVBeg==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MHBkYzZneEdhUlN5MEpx
NGxud1BkVU1NUFdyVFE2VDJWb1M2cW9IcUVFCm9QZ3RvNHFaeWpFbnZ3Q1dKSDdn
RHQvUDgrZHRiUHpSR3FrWXRkQUxXWGMKLS0tIERsemNuL1BwR2xYYUpmbVFROWtN
RGI1WlRGMzlkS2tqQ0JPSFJHTUY1TUkKDeaivc+ST8MYtnJEDx07Y+IhtpvblR47
SLZf6WKQ8WNY4Bb5VeMWiCABPP/2L+VwoACqkOdZ01yGUVQSc9X6tw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-03T17:05:41Z"
mac: ENC[AES256_GCM,data:6jNp7N7lIvsLez3zQbDKTWPyvkL8u9g34I3q27GudgXzYw8B3Pb26jc9dCYCxCylCZxN5IeWWyHvUt4PadQABI4jrrIKnIfVV1A2c+A90chu+xSyE/B9OhkSC7yYVOnCURJPYku8799RIRkpHAWeKawkydbOiszCiC3qIKZDSTQ=,iv:xXivLDNnTABlNeWOOWsCESDUOnFv+9Lh0o029r7rk+A=,tag:vUoIZjcNtE3xJX/jNCao7Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2
modules/server/secrets/onlyoffice.yaml
+17
View File
@@ -0,0 +1,17 @@
jwt: ENC[AES256_GCM,data:Mp+eAh0Nle0QDfo92isNLwvHn/E=,iv:0FLK/8QpmX5Mv7IXMy04AJAgUknp5DATpD0acyPqrUg=,tag:rP9x3G8WIDG6KWSjqPXulQ==,type:str]
nonce: ENC[AES256_GCM,data:IGIo74eaE1vppWmLJt8C1cmpUm8eozumLXU5ecJJIolpKlC85H39l6oGmw==,iv:YwLbgbkOxpChwLTbknCii66LMVwD61sr7gXsbv3t/NI=,tag:YFfLkO5b55/AcJKTpSyslQ==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSzIwWlBrWFJWVHpIUVJk
eHh1MkYza28yeU54OWczY1ZjYmJHOFI3dXc4ClVKUVpoUWZTR0g5L2FTd0l4NzUr
R0xlYTJVQ1VLQXJuSGZJUE1Bd3Jsa00KLS0tIExPSi9Ob0ErSTRZQlhlTGN5WUV0
dm4xa25tSmN3VjlPaWpBWnhJdklqWEEK+sD+lvwQGjNkOic3ZCo2VGQ/+p2Nhmm+
g846YrGljYOib6hNryEhZWe0KmaDhn24vnEK5NS4WtqqwV+IhCZbmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-30T21:55:57Z"
mac: ENC[AES256_GCM,data:Ff8KB0O7sDE4GL8kccuA3s8DSallp5aOsy+T60FLCxsZN1m7m6Cql+3Hb3IS0M/nLRZMoZre8kztnzSbWs8ZK0e5wZoQjb6KMESZaXPOfjjbPWjMKiRCAQZUJNZy5P067qoxOIQ3t25kPNolmHkSyicpLoLRIB4Adn8+M79/RLk=,iv:LfVbDH8JVbgkVk5cFpr/lbvtSu8waLhn9XHwPW/8jBE=,tag:ll5JQbyr84vI8V154ZE/wQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2
modules/server/secrets/step-ca.yaml
+16
View File
@@ -0,0 +1,16 @@
intermediate-password: ENC[AES256_GCM,data:SvV5uYVXVTuhh/dhzXIDJw69dJ3s33a0ibKCyDWnfyA=,iv:S9VydNWm4PL+quWQ7arCmSFXa6YO1/hL+xrYty/2IPE=,tag:zHJ6/ZNRfs9w9vrt77xdow==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5K3YyYkRkVkxwamMybWRj
WGxEZnc3TGRYRHNtTXRZYlZKQ2hBK0YrQjNZCndVQVhYcTJqRitCdUdmMjduTk1M
azNnMUhHKzB1M25vZGFScjZBcHJOaUEKLS0tIHJBRnZwamhvYU1ybFVFMFZsTmVS
ZmN3NTVnZ1RwRkNzTUxJTjVGMU4yUHMKMEZdpDBm6pdZmrFidkOdivnnd2/b8OO/
IUYmiWPlPd1IDV1NeMtlSYtO8exzB22XL9DqW4x/tJ7DeSZaBsjcOw==
-----END AGE ENCRYPTED FILE-----
recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
lastmodified: "2026-06-13T22:59:34Z"
mac: ENC[AES256_GCM,data:72E73xauS1Xrfw6tcyN/PHSJZ4ZZnIeKp8JVUPFGPBvIzaD6ZThYZwQ10FDD4JF+YOwn3QhCEh3t0ozcSNNnJFkyBgSqFtRMkym0ede12VAOPu2wQFoNvMdkT7+n14lJ/9OOz6KDyMf0BQDJKlSfDBkt+mLi61zte5iUxPsWsp4=,iv:xuOwFBEnlRgbaVdMq4O6w9T2edpS6uEPh9yhNbYBJIk=,tag:Y+dtcU17Q83o/9Nt1LGCcg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.13.1
modules/server/step-ca.nix
+83
View File
@@ -0,0 +1,83 @@
{
config,
inputs,
pkgs,
xlib,
...
}:
let
configDir = "${xlib.dirs.services-mnt-folder}/step-ca";
varDir = "/var/lib/step-ca";
in
{
services.step-ca = {
enable = true;
address = "0.0.0.0";
port = 9000;
openFirewall = true;
intermediatePasswordFile = config.sops.secrets.intermediate-password.path;
settings = {
root = "${varDir}/certs/root_ca.crt";
crt = "${varDir}/certs/intermediate_ca.crt";
key = "${varDir}/secrets/intermediate_ca_key";
# address = "0.0.0.0:9000";
dnsNames = [
"ca.zeroq.su"
];
db = {
type = "badgerv2";
dataSource = "${varDir}/db";
};
authority = {
provisioners = [
{
type = "JWK";
name = "oqyude@zeroq.su";
key = {
use = "sig";
kty = "EC";
kid = "XEpzFJA-sedFf0ANCiEH1UDaSvrHiZabLahQOyoAYmc";
crv = "P-256";
alg = "ES256";
x = "AGHevH0UU7_abhE6d8JhNuNRgXBeVI7qCldZrFfkn5o";
y = "pLKOpAwUiGRv4HRQUyiXFAMqsywTjrjazeEkDOr29Sk";
};
encryptedKey = "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoibFlONzBwMWJiVzc0MDlGaS1EOEZVUSJ9.zBEsf2hAaj4yyy_Lk1Jss7h5Hn68kz6UMeg3Jz3X_VVeMWLvcoRVaw.tpY50S9CSzmcfWXz.u5ta_Yd3GLMz19RKA2WondVIwTGbGs3is5v7_D0aUOtQ0158d4GcjrOHFD2PexaackbTNuUPtqa2X38ypnFq5wh1uq3udWu-qWRjRSd_YkY4YJt_GWFvUHQ_jldx0NSfMDNGndU2IakR62-9WklEjU3UGmUeaPGP9DTuzmdJa36t2aLuPuNnmV-tEJIH3eQ5huU8nLy1ROZjdkrF-agHh78EG_Ss8P4vHuqOtTAjZW3YCtfSfb57iKAsbrk3nUTo6zhPc0ds8cPB7Rva0K8Rj2Pf3apB7qZnCVF5zBiu1icvhOYIfwVQAiqpdz6qMi42QSBWZ4ROu4Db2q5a6D0.AS7Dr3v_Niiwy7aHIR-0bw";
}
];
};
};
};
fileSystems."${varDir}" = {
device = "${configDir}";
fsType = "none";
options = [
"bind"
"nofail"
];
};
environment = {
systemPackages = with pkgs; [
step-cli
];
};
systemd.tmpfiles.rules = [
"d ${configDir} 0755 nobody nogroup -"
"z ${configDir} 0755 nobody nogroup -"
"Z ${configDir}/ 0700 nobody nogroup -"
];
sops.secrets = {
intermediate-password = {
format = "yaml";
key = "intermediate-password";
sopsFile = ./secrets/step-ca.yaml;
# owner = "nobody";
# group = "nogroup";
mode = "0600";
};
};
}
modules/server/systemd.nix
+23 -7
View File
@@ -11,31 +11,47 @@
rsync-archivesta = {
# Archivesta
description = "Backup data using rsync";
requisite = [ "mnt-archive.mount" ]; # hard-code
unitConfig.RequiresMountsFor = [
"${xlib.dirs.archive-drive}"
"${xlib.dirs.server-home}"
"${xlib.dirs.services-mnt-folder}"
];
script = ''
${pkgs.rsync}/bin/rsync -rtv --delete ${xlib.dirs.services-folder}/ ${xlib.dirs.archive-drive}/Services/
${pkgs.rsync}/bin/rsync -rtv --delete \
${xlib.dirs.services-mnt-folder}/ \
${xlib.dirs.archive-drive}/Services/
'';
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
Nice = 19;
Nice = 10;
CPUQuota = "5%";
IOSchedulingClass = "idle";
};
};
rsync-archivesta-lite = {
# Archivesta Lite
description = "Backup data using rsync";
requisite = [ "mnt-mobile.mount" ]; # hard-code
unitConfig.RequiresMountsFor = [
"${xlib.dirs.server-home}"
"${xlib.dirs.mobile-drive}"
];
script = ''
${pkgs.rsync}/bin/rsync -rtv --delete ${xlib.dirs.server-home}/Music/ ${xlib.dirs.mobile-drive}/Music/
${pkgs.rsync}/bin/rsync -rtv --delete "${xlib.dirs.server-home}/Hosts/epral/Neo Backup/" "${xlib.dirs.mobile-drive}/Neo Backup/"
${pkgs.rsync}/bin/rsync -rtv --delete \
${xlib.dirs.server-home}/Music/ \
${xlib.dirs.mobile-drive}/Music/
${pkgs.rsync}/bin/rsync -rtv --delete \
"${xlib.dirs.server-home}/Hosts/epral/Neo Backup/" \
"${xlib.dirs.mobile-drive}/Neo Backup/"
'';
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
Nice = 19;
Nice = 10;
CPUQuota = "5%";
IOSchedulingClass = "idle";
};
};
modules/server/uptime-kuma.nix
+2 -1
View File
@@ -8,7 +8,7 @@
}:
{
services.uptime-kuma = {
enable = true;
enable = false;
settings = {
PORT = "4001";
HOST = "0.0.0.0";
@@ -21,6 +21,7 @@
fileSystems."/var/lib/private/uptime-kuma" = {
device = "${xlib.dirs.services-mnt-folder}/uptime-kuma";
fsType = "none";
options = [
"bind"
"nofail"
modules/software/ai.nix
-24
View File
@@ -1,24 +0,0 @@
{
config,
lib,
pkgs,
xlib,
...
}:
{
# services = {
# nextjs-ollama-llm-ui.enable = false;
# ollama = {
# enable = false;
# package = pkgs.ollama-rocm;
# environmentVariables = {
# HSA_OVERRIDE_GFX_VERSION = "11.5.0";
# HCC_AMDGPU_TARGET = "gfx1150"; # used to be necessary, but doesn't seem to anymore
# };
# user = "ollama"; # "${xlib.device.username}";
# group = "ollama";
# acceleration = "rocm";
# rocmOverrideGfx = "11.5.0";
# };
# };
}
modules/software/beets/default.nix
+82 -27
View File
@@ -1,28 +1,84 @@
{
config,
inputs,
lib,
pkgs,
xlib,
...
}:
let
depsOverlay = import ./dependencies.nix {
# ./dependencies-full.nix if broken
inherit (pkgs) fetchurl fetchgit fetchhg;
inherit pkgs;
stable = import inputs.nixpkgs-beets {
system = "x86_64-linux";
};
python3 = pkgs.python3.override {
packageOverrides = depsOverlay;
};
beetsEnv = python3.withPackages (ps: [
ps.beets
]);
in
let
# depsOverlay = import ./dependencies.nix {
# # ./dependencies-full.nix if broken
# inherit (pkgs) fetchurl fetchgit fetchhg;
# inherit pkgs;
# };
# python3 = pkgs.python3.override {
# packageOverrides = depsOverlay;
# };
beetsEnv = pkgs.python314.withPackages (
ps: with ps; [
# et-xmlfile
# exceptiongroup
# markdown-it-py
# mdurl
# munkres
# musicbrainzngs
# openpyxl
# pygments
# rich
# sniffio
anyio
beautifulsoup4
beetcamp
beets
certifi
charset-normalizer
colorama
confuse
discogs-client
filetype
h11
httpcore
httpx
httpx-socks
idna
jellyfish
langdetect
lap
llvmlite
mediafile
mutagen
numba
numpy
oauthlib
packaging
pillow
platformdirs
pycountry
pylast
pyrate-limiter
pysocks
python-dateutil
pyyaml
requests
requests-ratelimiter
scipy
# setuptools
six
socksio
soupsieve
typing-extensions
unidecode
urllib3
]
);
in
{
systemd.tmpfiles.rules = [
"z /mnt/beets 0700 ${xlib.device.username} users -" # beets absolute paths
];
users = {
users = {
"${xlib.device.username}" = {
@@ -30,21 +86,20 @@ in
beetsEnv
pkgs.mp3gain
pkgs.imagemagick
#pkgs.ffmpeg
#ffmpeg
];
};
};
};
fileSystems."/mnt/beets/music" = {
device = "/home/${xlib.device.username}/Music"; # "${xlib.dirs.vetymae-drive}/Users/User/Music"
options = [
"bind"
"uid=1000"
"gid=1000"
"fmask=0077"
"dmask=0077"
"nofail"
#"x-systemd.device-timeout=0"
];
};
systemd.mounts = [
{
enable = true;
options = "bind,x-systemd.automount,nofail";
requires = [ "local-fs.target" ];
type = "none";
wantedBy = [ "multi-user.target" ];
what = "/home/${xlib.device.username}/Music";
where = "/home/${xlib.device.username}/.config/beets";
}
];
}
modules/software/beets/dependencies.nix
+1 -1
View File
@@ -117,7 +117,7 @@ self: super: {
self."requests" # For spotify, deezer, embedart, fetchart, lyrics
self."python3-discogs-client" # For discogs
self."pylast" # For lastgenre
self."beetcamp" # Another
# self."beetcamp" # Another
];
};
"certifi" = super.buildPythonPackage rec {
modules/users.nix
+17
View File
@@ -13,6 +13,7 @@
xlib.device.username = "oqyude";
users = {
mutableUsers = false;
users = {
"${xlib.device.username}" = {
name = "${xlib.device.username}";
@@ -80,6 +81,22 @@
group = config.users.users."${xlib.device.username}".group;
mode = "0655";
};
ssh_key_private_root = {
format = "yaml";
key = "ssh_key_private";
path = "/root/.ssh/id_ed25519";
owner = "root";
group = "root";
mode = "0600";
};
ssh_key_public_root = {
format = "yaml";
key = "ssh_key_public";
path = "/root/.ssh/id_ed25519";
owner = "root";
group = "root";
mode = "0655";
};
ssh_key_public_host = {
format = "yaml";
key = "ssh_key_public";
modules/vds-new/containers/default.nix
-16
View File
@@ -1,16 +0,0 @@
{
config,
pkgs,
inputs,
...
}:
{
imports = [
./3x-ui.nix
];
environment.systemPackages = with pkgs; [
compose2nix
podman-tui
];
}
modules/vds-new/default.nix
+1 -2
View File
@@ -4,7 +4,6 @@
}:
{
imports = [
./containers
./nginx.nix
../vds
];
}
modules/vds-new/netbird.nix
-40
View File
@@ -1,40 +0,0 @@
{
config,
pkgs,
...
}:
{
services.netbird.server = {
enable = false;
enableNginx = true;
domain = "netbird.zeroq.ru";
dashboard = {
enable = false;
domain = "netbird.zeroq.ru";
settings = {
#AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
};
};
management = {
enable = false;
domain = "netbird.zeroq.ru";
};
};
# networking.firewall = {
# allowedTCPPorts = [
# 80
# 443
# 33073
# 10000
# 33080
# ];
# allowedUDPPorts = [ 3478 ];
# allowedUDPPortRanges = [
# {
# from = 49152;
# to = 65535;
# }
# ];
# };
}
modules/vds-new/nginx.nix
-202
View File
@@ -1,202 +0,0 @@
{
config,
inputs,
pkgs,
...
}:
let
server = "100.64.0.0";
in
{
environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
users.users.nginx.extraGroups = [ "acme" ];
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
virtualHosts = {
# "pubray.zeroq.ru" = {
# enableACME = true;
# forceSSL = true;
# root = "${inputs.zeroq-credentials.services.xray.subs}";
# locations."/" = {
# extraConfig = ''
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/pubray;
# if ($subfile = "") { return 403; }
# rewrite ^/$ $subfile break;
# '';
# };
# };
"x.new.zeroq.ru" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:2049";
proxyWebsockets = true;
};
"/default" = {
proxyPass = "http://localhost:2053";
proxyWebsockets = true;
};
"/subs/" = {
proxyPass = "http://localhost:2096";
proxyWebsockets = true;
};
};
};
# "kuma.new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:4001";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "node-red.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# kTLS = true;
# locations."/" = {
# proxyPass = "http://${server}:1880";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# root = pkgs.writeTextDir "index.html" ''
# <!doctype html>
# <html>
# <body>
# <pre>What are you doing here?</pre>
# </body>
# </html>
# '';
# locations = {
# "/guest/" = {
# proxyPass = "http://${server}:80";
# proxyWebsockets = true;
# };
# # "/.well-known/discord" = {
# # extraConfig = ''
# # default_type text/plain;
# # return 200 "dh=c2d103553a4cfdaa1b7952a87a7d8120a1e167cc";
# # '';
# # };
# };
# };
# "flux.new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:6061";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "office.new.zeroq.ru" = {
# enableACME = true;
# forceSSL = true;
# locations = {
# "/" = {
# proxyPass = "http://${server}:9980"; # API и coauthoring
# proxyWebsockets = true;
# };
# };
# extraConfig = ''
# client_max_body_size 5G;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# ''; # absolute_redirect off;
# };
# "immich.new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:2283";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "nextcloud.new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations = {
# "/" = {
# proxyPass = "http://${server}:10000";
# proxyWebsockets = true;
# };
# "/whiteboard" = {
# proxyPass = "http://${server}:3002";
# proxyWebsockets = true;
# };
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "calibre.new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:8083";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "pdf.new.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:6060";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "ai.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:11112";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "go.bin043120@gmail.com";
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}
modules/vds/containers/3x-ui.nix
-108
View File
@@ -1,108 +0,0 @@
# Auto-generated using compose2nix v0.3.3-pre.
{
pkgs,
lib,
config,
...
}:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
};
dockerCompat = true;
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
in
{
"${matchAll}".allowedUDPPorts = [ 53 ];
};
networking.firewall = {
allowedUDPPortRanges = [
{
from = 14380;
to = 15380;
}
];
allowedTCPPortRanges = [
{
from = 14380;
to = 15380;
}
];
allowedTCPPorts = [
8443
9443
13380
];
allowedUDPPorts = [
8443
9443
13380
];
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."3xui_app" = {
image = "ghcr.io/mhsanaei/3x-ui:latest";
environment = {
"XRAY_VMESS_AEAD_FORCED" = "false";
"XUI_ENABLE_FAIL2BAN" = "true";
};
volumes = [
"/mnt/containers/3x-ui/cert/:/root/cert:rw"
"/mnt/containers/3x-ui/db/:/etc/x-ui:rw"
];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."podman-3xui_app" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
};
partOf = [
"podman-compose-3x-ui-root.target"
];
wantedBy = [
"podman-compose-3x-ui-root.target"
];
};
# Builds
systemd.services."podman-build-3xui_app" = {
path = [
pkgs.podman
pkgs.git
];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /mnt/containers/3x-ui
podman build -t compose2nix/3xui_app -f ./Dockerfile .
'';
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-3x-ui-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}
modules/vds/containers/default.nix
-16
View File
@@ -1,16 +0,0 @@
{
config,
pkgs,
inputs,
...
}:
{
imports = [
./3x-ui.nix
];
environment.systemPackages = with pkgs; [
compose2nix
podman-tui
];
}
modules/vds/default.nix
+4 -3
View File
@@ -4,10 +4,11 @@
}:
{
imports = [
./containers
../containers/3x-ui.nix
./nginx.nix
./xray.nix
# ../services/uptime-kuma.nix
./samba.nix
# ./glances.nix
# ./netbird.nix
# ./xray.nix
];
}
modules/vds/glances.nix
+15
View File
@@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
{
services = {
glances = {
enable = true;
openFirewall = true;
port = 61208;
};
};
}
modules/vds/netbird.nix
+3 -3
View File
@@ -7,17 +7,17 @@
services.netbird.server = {
enable = false;
enableNginx = true;
domain = "netbird.zeroq.ru";
domain = "netbird.zeroq.su";
dashboard = {
enable = false;
domain = "netbird.zeroq.ru";
domain = "netbird.zeroq.su";
settings = {
#AUTH_AUTHORITY = "nbp_ufe0v5mbb5H1lQWL8eJfuzJ5ItPmlM46Mik0";
};
};
management = {
enable = false;
domain = "netbird.zeroq.ru";
domain = "netbird.zeroq.su";
};
};
modules/vds/nginx.nix
+78 -37
View File
@@ -8,7 +8,7 @@ let
server = "100.64.0.0";
in
{
environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
# environment.etc."nginx/pubray".text = inputs.zeroq-credentials.services.xray.auth;
users.users.nginx.extraGroups = [ "acme" ];
services = {
nginx = {
@@ -17,9 +17,9 @@ in
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
# appendHttpConfig = inputs.zeroq-credentials.services.xray.maps;
virtualHosts = {
# "pubray.zeroq.ru" = {
# "pubray.zeroq.su" = {
# enableACME = true;
# forceSSL = true;
# root = "${inputs.zeroq-credentials.services.xray.subs}";
@@ -33,7 +33,7 @@ in
# '';
# };
# };
"x.zeroq.ru" = {
"x.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations = {
@@ -45,20 +45,45 @@ in
proxyPass = "http://localhost:2096";
proxyWebsockets = true;
};
"/subsjs/" = {
proxyPass = "http://localhost:2096";
proxyWebsockets = true;
};
};
};
"kuma.zeroq.ru" = {
"kuma.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${server}:4001";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
# "node-red.zeroq.ru" = {
"health.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${server}:19999";
proxyWebsockets = true;
};
};
"git.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${server}:3000";
proxyWebsockets = true;
};
};
# "agent.zeroq.su" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:3000";
# proxyWebsockets = true;
# };
# };
# "node-red.zeroq.su" = {
# forceSSL = true;
# enableACME = true;
# kTLS = true;
@@ -70,7 +95,7 @@ in
# client_max_body_size 5G;
# '';
# };
"zeroq.ru" = {
"zeroq.su" = {
forceSSL = true;
enableACME = true;
root = pkgs.writeTextDir "index.html" ''
@@ -94,34 +119,50 @@ in
# };
};
};
"flux.zeroq.ru" = {
"flux.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${server}:6061";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
"office.zeroq.ru" = {
"n8n.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${server}:5678";
proxyWebsockets = true;
};
};
"office.zeroq.su" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://${server}:9980"; # API и coauthoring
proxyPass = "http://${server}:8090";
proxyWebsockets = true;
};
};
extraConfig = ''
client_max_body_size 5G;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
''; # absolute_redirect off;
# extraConfig = ''
# client_max_body_size 5G;
# proxy_http_version 1.1;
# proxy_buffering off;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Authorization $http_authorization;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# ''; # absolute_redirect off;
};
"immich.zeroq.ru" = {
"immich.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
@@ -132,7 +173,7 @@ in
client_max_body_size 5G;
'';
};
"nextcloud.zeroq.ru" = {
"nextcloud.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations = {
@@ -149,7 +190,7 @@ in
client_max_body_size 5G;
'';
};
"calibre.zeroq.ru" = {
"calibre.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
@@ -160,18 +201,18 @@ in
client_max_body_size 5G;
'';
};
# "pdf.zeroq.ru" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://${server}:6060";
# proxyWebsockets = true;
# };
# extraConfig = ''
# client_max_body_size 5G;
# '';
# };
# "ai.zeroq.ru" = {
"pdf.zeroq.su" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${server}:8446";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 5G;
'';
};
# "ai.zeroq.su" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
modules/vds/samba.nix
+56
View File
@@ -0,0 +1,56 @@
{
config,
xlib,
...
}:
{
services.samba = {
enable = true;
nmbd = {
enable = false;
};
settings = {
global = {
"invalid users" = [ ];
"passwd program" = "/run/wrappers/bin/passwd %u";
security = "user";
};
nixos = {
"path" = "/etc/nixos";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
"create mask" = 755;
"directory mask" = 755;
"force user" = "${xlib.device.username}";
"force group" = "users";
};
root = {
"path" = "/";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
#"create mask" = 0644;
#"directory mask" = 0644;
"force user" = "root";
"force group" = "root";
};
"${xlib.device.username}" = {
"path" = "/home/${xlib.device.username}";
"browseable" = "yes";
"read only" = "no";
"valid users" = "${xlib.device.username}";
"guest ok" = "no";
"writable" = "yes";
"create mask" = 700;
"directory mask" = 700;
"force user" = "${xlib.device.username}";
"force group" = "users";
};
};
};
}
modules/vds-new/containers/3x-ui.nix → modules/wsl/containers/3x-ui.nix
+1
View File
@@ -58,6 +58,7 @@
environment = {
"XRAY_VMESS_AEAD_FORCED" = "false";
"XUI_ENABLE_FAIL2BAN" = "true";
"TZ" = "Europe/Moscow";
};
volumes = [
"/mnt/containers/3x-ui/cert/:/root/cert:rw"
modules/wsl/containers/default.nix
+4
View File
@@ -5,6 +5,10 @@
...
}:
{
imports = [
# ./3x-ui.nix
];
environment.systemPackages = with pkgs; [
compose2nix
podman-tui
modules/wsl/default.nix
+5 -3
View File
@@ -1,15 +1,17 @@
{
inputs,
lib,
pkgs,
...
}:
{
imports = [
../software/aichat.nix
../software/beets
../software/whisper.nix
../software/aichat.nix
#../vds/docker.nix
#../services/tts.nix
./containers
./tools
#../server/open-webui.nix
#../services/tts.nix
];
}
modules/server/containers/default.nix → modules/wsl/tools/default.nix
+6 -6
View File
@@ -5,12 +5,12 @@
...
}:
{
imports = [
./remnawave.nix
];
environment.systemPackages = with pkgs; [
compose2nix
podman-tui
gcc
gdb
cmake
gnumake
nlohmann_json
];
}
overlays/pkgs.nix
+6 -1
View File
@@ -1,3 +1,8 @@
{ inputs, ... }:
{
inputs,
...
}:
self: super: {
rovr = inputs.self.packages.x86_64-linux.rovr;
pcbu-desktop = inputs.self.packages.x86_64-linux.pcbu-desktop;
}
pkgs/default.nix
+12 -4
View File
@@ -1,9 +1,17 @@
{ inputs, ... }@flakeContext:
let
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
system = "x86_64-linux";
pkgs = import inputs.nixpkgs {
inherit system;
config = {
allowUnfree = true;
};
};
in
{
# packages."x86_64-linux" = {
# immich = pkgs.callPackage ./immich/package.nix { };
# };
packages.${system} = {
rovr = pkgs.callPackage ./rovr { };
pcbu-desktop = pkgs.callPackage ./pcbu-desktop { };
# immich = pkgs.callPackage ./immich { };
};
}
pkgs/pcbu-desktop/default.nix
+54
View File
@@ -0,0 +1,54 @@
{ pkgs }:
let
pname = "pcbu-desktop";
version = "3.2.3";
src = pkgs.fetchurl {
url = "https://github.com/MeisApps/pcbu-desktop/releases/download/v${version}/PCBioUnlock-x64.AppImage";
sha256 = "sha256-+NxAm6vhMH51z6BscuFvaMidHN/3tNBR1g+i0q9hjWE=";
};
in
pkgs.appimageTools.wrapType2 {
inherit pname version src;
extraPkgs =
pkgs: with pkgs; [
glib
nss
nspr
libdrm
libGL
libxkbcommon
libX11
libXcursor
libXrandr
libXi
libXext
libXfixes
libXrender
libXtst
libxcrypt-legacy
gtk3
alsa-lib
at-spi2-atk
at-spi2-core
cups
dbus
expat
pango
cairo
];
extraInstallCommands = ''
mkdir -p $out/share/applications
cat > $out/share/applications/${pname}.desktop <<EOF
[Desktop Entry]
Name=PCBU Desktop
Exec=${pname}
Type=Application
Categories=Utility;
EOF
'';
}
pkgs/pcbu-desktop/readme.md
+20
View File
@@ -0,0 +1,20 @@
Для сервиса пригодится:
```
hardware.bluetooth.enable = true;
services.dbus.enable = true;
networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPorts = [ ... ];
```
---
pcbu-desktop-3.2.3-fhsenv-rootfs> building '/nix/store/8q029crhzkqw1vqvjbnxvmpgpwfr9sk1-pcbu-desktop-3.2.3-fhsenv-rootfs.drv'
pcbu-desktop-3.2.3-fhsenv-rootfs> structuredAttrs is enabled
pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.locale? has path ?/system/locale/?. Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy? has path ?/system/proxy/?. Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.http? has path ?/system/proxy/http/?. Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.https? has path ?/system/proxy/https/?. Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.ftp? has path ?/system/proxy/ftp/?. Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
pcbu-desktop-3.2.3-fhsenv-rootfs> Warning: Schema ?org.gnome.system.proxy.socks? has path ?/system/proxy/socks/?. Paths starting with ?/apps/?, ?/desktop/? or ?/system/? are deprecated.
pcbu-desktop-3.2.3-bwrap> building '/nix/store/6pzpm3vzia2jjfjizh8yx8v1n8l9apnr-pcbu-desktop-3.2.3-bwrap.drv'
pcbu-desktop> building '/nix/store/9jrq44m27r427rfxvbn3ym7b4y6hnnha-pcbu-desktop-3.2.3.drv'
pkgs/rovr/default.nix
+74
View File
@@ -0,0 +1,74 @@
{ pkgs }:
let
python = pkgs.python314.override {
packageOverrides = self: super: {
textual = super.textual.overridePythonAttrs (old: rec {
version = "7.1.0";
src = super.fetchPypi {
pname = "textual";
inherit version;
sha256 = "sha256-PHFI7wCpJ3tF/Xihpq3HxBnEUdPtcUoLAVsW6qKopzs=";
};
});
};
};
py = python.pkgs;
textualDeps = with py; [
textual
textual-autocomplete
textual-image
textual-speedups
];
pythonDeps = with py; [
ujson
prompt-toolkit
rich
fastjsonschema
humanize
natsort
pathvalidate
pdf2image
pillow
platformdirs
psutil
puremagic
rarfile
rich-click
send2trash
tomli
];
in
py.buildPythonApplication rec {
pname = "rovr";
version = "0.7.0";
src = py.fetchPypi {
inherit pname version;
format = "wheel";
dist = "py3";
python = "py3";
abi = "none";
platform = "any";
sha256 = "sha256-CMj3jepLSA2bMcl2r89HY/ghPXEIpF5RohkBkLj6iNw=";
};
format = "wheel";
propagatedBuildInputs = pythonDeps ++ textualDeps;
nativeBuildInputs = [ pkgs.stdenv.cc.cc.lib ];
doCheck = false;
meta = with pkgs.lib; {
description = "Terminal file manager rovr";
homepage = "https://pypi.org/project/rovr/";
license = licenses.mit;
};
}