From cbd0c3661cf43b9d1b6b7ba4cc62252ac36ebd6e Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Sun, 8 Feb 2026 22:16:49 +0300 Subject: [PATCH] s0melapt0p-nix -> isla: rename Signed-off-by: s0me1newithhand7s --- flake.nix | 88 ++++++++++++++++++- .../boot/initrd/availableKernelModules.nix | 2 +- .../boot/initrd/kernelModules.nix | 2 +- {s0mev1rtn0de-nix => kyra}/boot/kernel.nix | 4 +- .../boot/loader/grub.nix | 2 +- {s0mev1rtn0de-nix => kyra}/boot/tmp.nix | 2 +- kyra/default.nix | 57 ++++++++++++ {s0mev1rtn0de-nix => kyra}/disko/disk.nix | 0 {s0mev1rtn0de-nix => kyra}/disko/lvm_vg.nix | 0 .../environment/systemPackages.nix | 0 {s0mev1rtn0de-nix => kyra}/hardware/zram.nix | 2 +- kyra/home-manager/users.nix | 27 ++++++ kyra/networking/defaultGateway.nix | 17 ++++ {s0mev1rtn0de-nix => kyra}/networking/dns.nix | 19 +++- .../networking/firewall.nix | 2 +- kyra/networking/firewall/ens3.nix | 57 ++++++++++++ kyra/networking/hostname.nix | 5 ++ kyra/networking/interfaces/ens3.nix | 36 ++++++++ .../networking/wireguard.nix | 2 +- .../nix/settings/allowed-users.nix | 2 +- .../nix/settings/auto-optimise-store.nix | 2 +- .../nix/settings/experimental-features.nix | 2 +- .../nix/settings/substituters.nix | 6 +- .../nix/settings/trusted-public-keys.nix | 2 +- .../nix/settings/trusted-users.nix | 2 +- {s0mev1rtn0de-nix => kyra}/nixpkgs/config.nix | 2 +- .../nixpkgs/platform.nix | 2 +- {s0mev1rtn0de-nix => kyra}/programs/nh.nix | 2 +- {s0mev1rtn0de-nix => kyra}/services/caddy.nix | 17 ++-- .../services/fail2ban.nix | 2 +- .../services/netbird.nix | 0 .../services/openssh.nix | 5 +- .../services/qemuGuest.nix | 2 +- .../services/sing-box.nix | 5 +- .../system/stateVersion.nix | 2 +- {s0mev1rtn0de-nix => kyra}/users/users.nix | 2 +- kyra/users/users/alep0u.nix | 23 +++++ .../users/users/hand7s.nix | 12 ++- .../users/users/root.nix | 2 +- .../virtualisation/docker.nix | 2 +- s0mev1rtn0de-nix/default.nix | 58 ------------ s0mev1rtn0de-nix/networking/firewall/ens3.nix | 21 ----- s0mev1rtn0de-nix/networking/firewall/wt0.nix | 17 ---- s0mev1rtn0de-nix/networking/hostname.nix | 5 -- .../networking/interfaces/ens3.nix | 16 ---- s0mev1rtn0de-nix/networking/nat.nix | 12 --- s0mev1rtn0de-nix/networking/nftables.nix | 7 -- s0mev1rtn0de-nix/networking/wg-quick.nix | 50 ----------- s0mev1rtn0de-nix/users/users/askhat.nix | 23 ----- .../virtualisation/oci-containers/3x-ui.nix | 26 ------ 50 files changed, 377 insertions(+), 278 deletions(-) rename {s0mev1rtn0de-nix => kyra}/boot/initrd/availableKernelModules.nix (97%) rename {s0mev1rtn0de-nix => kyra}/boot/initrd/kernelModules.nix (95%) rename {s0mev1rtn0de-nix => kyra}/boot/kernel.nix (62%) rename {s0mev1rtn0de-nix => kyra}/boot/loader/grub.nix (94%) rename {s0mev1rtn0de-nix => kyra}/boot/tmp.nix (87%) create mode 100644 kyra/default.nix rename {s0mev1rtn0de-nix => kyra}/disko/disk.nix (100%) rename {s0mev1rtn0de-nix => kyra}/disko/lvm_vg.nix (100%) rename {s0mev1rtn0de-nix => kyra}/environment/systemPackages.nix (100%) rename {s0mev1rtn0de-nix => kyra}/hardware/zram.nix (92%) create mode 100644 kyra/home-manager/users.nix create mode 100644 kyra/networking/defaultGateway.nix rename {s0mev1rtn0de-nix => kyra}/networking/dns.nix (58%) rename {s0mev1rtn0de-nix => kyra}/networking/firewall.nix (94%) create mode 100644 kyra/networking/firewall/ens3.nix create mode 100644 kyra/networking/hostname.nix create mode 100644 kyra/networking/interfaces/ens3.nix rename {s0mev1rtn0de-nix => kyra}/networking/wireguard.nix (88%) rename {s0mev1rtn0de-nix => kyra}/nix/settings/allowed-users.nix (92%) rename {s0mev1rtn0de-nix => kyra}/nix/settings/auto-optimise-store.nix (89%) rename {s0mev1rtn0de-nix => kyra}/nix/settings/experimental-features.nix (93%) rename {s0mev1rtn0de-nix => kyra}/nix/settings/substituters.nix (81%) rename {s0mev1rtn0de-nix => kyra}/nix/settings/trusted-public-keys.nix (98%) rename {s0mev1rtn0de-nix => kyra}/nix/settings/trusted-users.nix (91%) rename {s0mev1rtn0de-nix => kyra}/nixpkgs/config.nix (91%) rename {s0mev1rtn0de-nix => kyra}/nixpkgs/platform.nix (90%) rename {s0mev1rtn0de-nix => kyra}/programs/nh.nix (87%) rename {s0mev1rtn0de-nix => kyra}/services/caddy.nix (87%) rename {s0mev1rtn0de-nix => kyra}/services/fail2ban.nix (97%) rename {s0mev1rtn0de-nix => kyra}/services/netbird.nix (100%) rename {s0mev1rtn0de-nix => kyra}/services/openssh.nix (90%) rename {s0mev1rtn0de-nix => kyra}/services/qemuGuest.nix (88%) rename {s0mev1rtn0de-nix => kyra}/services/sing-box.nix (98%) rename {s0mev1rtn0de-nix => kyra}/system/stateVersion.nix (84%) rename {s0mev1rtn0de-nix => kyra}/users/users.nix (83%) create mode 100644 kyra/users/users/alep0u.nix rename {s0mev1rtn0de-nix => kyra}/users/users/hand7s.nix (52%) rename {s0mev1rtn0de-nix => kyra}/users/users/root.nix (87%) rename {s0mev1rtn0de-nix => kyra}/virtualisation/docker.nix (95%) delete mode 100644 s0mev1rtn0de-nix/default.nix delete mode 100644 s0mev1rtn0de-nix/networking/firewall/ens3.nix delete mode 100644 s0mev1rtn0de-nix/networking/firewall/wt0.nix delete mode 100644 s0mev1rtn0de-nix/networking/hostname.nix delete mode 100644 s0mev1rtn0de-nix/networking/interfaces/ens3.nix delete mode 100644 s0mev1rtn0de-nix/networking/nat.nix delete mode 100644 s0mev1rtn0de-nix/networking/nftables.nix delete mode 100644 s0mev1rtn0de-nix/networking/wg-quick.nix delete mode 100644 s0mev1rtn0de-nix/users/users/askhat.nix delete mode 100644 s0mev1rtn0de-nix/virtualisation/oci-containers/3x-ui.nix diff --git a/flake.nix b/flake.nix index c41e060..edaf0a4 100644 --- a/flake.nix +++ b/flake.nix @@ -468,7 +468,10 @@ ]; }; - "s0mev1rtn0de-nix" = inputs.nixpkgs.lib.nixosSystem { + # my VPSes: + + # VPS 1 + "hazel" = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit @@ -478,11 +481,92 @@ }; modules = [ - "${self}/s0mev1rtn0de-nix/" + { + networking.hostName = inputs.nixpkgs.lib.mkDefault "hazel"; + } + + "${self}/kyra/" + inputs.agenix.nixosModules.default inputs.disko.nixosModules.disko inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # VPS 2 + "lynn" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + { + networking.hostName = inputs.nixpkgs.lib.mkDefault "lynn"; + } + + "${self}/kyra/" + inputs.agenix.nixosModules.default + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # VPS 3 + "ivy" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + { + networking.hostName = inputs.nixpkgs.lib.mkDefault "ivy"; + } + + "${self}/kyra/" + inputs.agenix.nixosModules.default + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # VPS 4 + "mel" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + { + networking.hostName = inputs.nixpkgs.lib.mkDefault "mel"; + } + + "${self}/kyra/" + inputs.agenix.nixosModules.default + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral ]; }; diff --git a/s0mev1rtn0de-nix/boot/initrd/availableKernelModules.nix b/kyra/boot/initrd/availableKernelModules.nix similarity index 97% rename from s0mev1rtn0de-nix/boot/initrd/availableKernelModules.nix rename to kyra/boot/initrd/availableKernelModules.nix index 271f217..b20a92e 100644 --- a/s0mev1rtn0de-nix/boot/initrd/availableKernelModules.nix +++ b/kyra/boot/initrd/availableKernelModules.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { initrd = { availableKernelModules = [ diff --git a/s0mev1rtn0de-nix/boot/initrd/kernelModules.nix b/kyra/boot/initrd/kernelModules.nix similarity index 95% rename from s0mev1rtn0de-nix/boot/initrd/kernelModules.nix rename to kyra/boot/initrd/kernelModules.nix index bb2e6e4..61c2afd 100644 --- a/s0mev1rtn0de-nix/boot/initrd/kernelModules.nix +++ b/kyra/boot/initrd/kernelModules.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { initrd = { kernelModules = [ diff --git a/s0mev1rtn0de-nix/boot/kernel.nix b/kyra/boot/kernel.nix similarity index 62% rename from s0mev1rtn0de-nix/boot/kernel.nix rename to kyra/boot/kernel.nix index 4738412..fcbd80d 100644 --- a/s0mev1rtn0de-nix/boot/kernel.nix +++ b/kyra/boot/kernel.nix @@ -1,9 +1,11 @@ -{...}: { +_: { boot = { kernel = { sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; + "net.ipv4.ip_nonlocal_bind" = 1; + "net.ipv6.ip_nonlocal_bind" = 1; }; }; }; diff --git a/s0mev1rtn0de-nix/boot/loader/grub.nix b/kyra/boot/loader/grub.nix similarity index 94% rename from s0mev1rtn0de-nix/boot/loader/grub.nix rename to kyra/boot/loader/grub.nix index b29ade0..fc1a00b 100644 --- a/s0mev1rtn0de-nix/boot/loader/grub.nix +++ b/kyra/boot/loader/grub.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { loader = { grub = { diff --git a/s0mev1rtn0de-nix/boot/tmp.nix b/kyra/boot/tmp.nix similarity index 87% rename from s0mev1rtn0de-nix/boot/tmp.nix rename to kyra/boot/tmp.nix index 98694f7..0482683 100644 --- a/s0mev1rtn0de-nix/boot/tmp.nix +++ b/kyra/boot/tmp.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { tmp = { cleanOnBoot = true; diff --git a/kyra/default.nix b/kyra/default.nix new file mode 100644 index 0000000..7624558 --- /dev/null +++ b/kyra/default.nix @@ -0,0 +1,57 @@ +{self, ...}: { + imports = [ + "${self}/kyra/disko/disk.nix" + "${self}/kyra/disko/lvm_vg.nix" + + "${self}/kyra/boot/initrd/availableKernelModules.nix" + "${self}/kyra/boot/initrd/kernelModules.nix" + "${self}/kyra/boot/loader/grub.nix" + "${self}/kyra/boot/kernel.nix" + "${self}/kyra/boot/tmp.nix" + + "${self}/kyra/environment/systemPackages.nix" + + "${self}/kyra/hardware/zram.nix" + + "${self}/kyra/home-manager/users.nix" + + "${self}/kyra/networking/interfaces/ens3.nix" + "${self}/kyra/networking/firewall/ens3.nix" + "${self}/kyra/networking/firewall.nix" + "${self}/kyra/networking/dns.nix" + "${self}/kyra/networking/wireguard.nix" + "${self}/kyra/networking/defaultGateway.nix" + + "${self}/kyra/nix/settings/allowed-users.nix" + "${self}/kyra/nix/settings/experimental-features.nix" + "${self}/kyra/nix/settings/substituters.nix" + "${self}/kyra/nix/settings/trusted-public-keys.nix" + "${self}/kyra/nix/settings/trusted-users.nix" + "${self}/kyra/nix/settings/auto-optimise-store.nix" + + "${self}/kyra/nixpkgs/config.nix" + "${self}/kyra/nixpkgs/platform.nix" + + "${self}/kyra/programs/nh.nix" + + "${self}/kyra/services/openssh.nix" + "${self}/kyra/services/fail2ban.nix" + "${self}/kyra/services/netbird.nix" + "${self}/kyra/services/qemuGuest.nix" + "${self}/kyra/services/caddy.nix" + "${self}/kyra/services/sing-box.nix" + + "${self}/kyra/sops/age.nix" + "${self}/kyra/sops/defaults.nix" + "${self}/kyra/sops/secrets.nix" + + "${self}/kyra/system/stateVersion.nix" + + "${self}/kyra/users/users.nix" + "${self}/kyra/users/users/alep0u.nix" + "${self}/kyra/users/users/hand7s.nix" + "${self}/kyra/users/users/root.nix" + + "${self}/kyra/virtualisation/docker.nix" + ]; +} diff --git a/s0mev1rtn0de-nix/disko/disk.nix b/kyra/disko/disk.nix similarity index 100% rename from s0mev1rtn0de-nix/disko/disk.nix rename to kyra/disko/disk.nix diff --git a/s0mev1rtn0de-nix/disko/lvm_vg.nix b/kyra/disko/lvm_vg.nix similarity index 100% rename from s0mev1rtn0de-nix/disko/lvm_vg.nix rename to kyra/disko/lvm_vg.nix diff --git a/s0mev1rtn0de-nix/environment/systemPackages.nix b/kyra/environment/systemPackages.nix similarity index 100% rename from s0mev1rtn0de-nix/environment/systemPackages.nix rename to kyra/environment/systemPackages.nix diff --git a/s0mev1rtn0de-nix/hardware/zram.nix b/kyra/hardware/zram.nix similarity index 92% rename from s0mev1rtn0de-nix/hardware/zram.nix rename to kyra/hardware/zram.nix index b973787..0d77537 100644 --- a/s0mev1rtn0de-nix/hardware/zram.nix +++ b/kyra/hardware/zram.nix @@ -1,4 +1,4 @@ -{...}: { +_: { zramSwap = { enable = true; algorithm = "zstd"; diff --git a/kyra/home-manager/users.nix b/kyra/home-manager/users.nix new file mode 100644 index 0000000..6590188 --- /dev/null +++ b/kyra/home-manager/users.nix @@ -0,0 +1,27 @@ +{self, ...}: { + home-manager = { + users = { + "hand7s" = { + imports = [ + "${self}/hand7s/" + self.inputs.agenix.homeManagerModules.default + self.inputs.spicetify-nix.homeManagerModules.default + self.inputs.hyprland.homeManagerModules.default + self.inputs.chaotic.homeManagerModules.default + self.inputs.sops-nix.homeManagerModules.sops + + self.inputs.nix-index-database.homeModules.nix-index + self.inputs.noctalia.homeModules.default + ]; + }; + }; + + backupFileExtension = "force"; + + extraSpecialArgs = { + inherit + self + ; + }; + }; +} diff --git a/kyra/networking/defaultGateway.nix b/kyra/networking/defaultGateway.nix new file mode 100644 index 0000000..dd70ea4 --- /dev/null +++ b/kyra/networking/defaultGateway.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + ... +}: { + networking = { + defaultGateway = lib.mkIf (config.networking.hostName == "mel") { + address = "45.11.229.1"; + interface = "ens3"; + }; + + defaultGateway6 = lib.mkIf (config.networking.hostName == "mel") { + address = "2a0e:97c0:3e3:2Oa::1"; + interface = "ens3"; + }; + }; +} diff --git a/s0mev1rtn0de-nix/networking/dns.nix b/kyra/networking/dns.nix similarity index 58% rename from s0mev1rtn0de-nix/networking/dns.nix rename to kyra/networking/dns.nix index 6c66cc5..31726b9 100644 --- a/s0mev1rtn0de-nix/networking/dns.nix +++ b/kyra/networking/dns.nix @@ -1,14 +1,27 @@ -{...}: { +_: { networking = { nameservers = [ + # cf dns "1.1.1.1" "1.0.0.1" - "8.8.8.8" - "8.8.4.4" "2606:4700:4700::1111" "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" "2001:4860:4860::8888" "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" "2620:119:35::35" "2620:119:53::53" ]; diff --git a/s0mev1rtn0de-nix/networking/firewall.nix b/kyra/networking/firewall.nix similarity index 94% rename from s0mev1rtn0de-nix/networking/firewall.nix rename to kyra/networking/firewall.nix index b7f2db8..a9a2c40 100644 --- a/s0mev1rtn0de-nix/networking/firewall.nix +++ b/kyra/networking/firewall.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { firewall = { enable = true; diff --git a/kyra/networking/firewall/ens3.nix b/kyra/networking/firewall/ens3.nix new file mode 100644 index 0000000..7df7284 --- /dev/null +++ b/kyra/networking/firewall/ens3.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: { + networking = { + firewall = { + interfaces = { + ens3 = { + allowedUDPPorts = + [ + 53580 + 53590 + ] + ++ lib.optionals (config.networking.hostName == "hazel") [ + 443 + + 25565 + + 24 + 25 + 110 + 143 + 465 + 587 + 993 + 995 + 4190 + 53570 + ]; + + allowedTCPPorts = + [ + 53580 + 53590 + ] + ++ lib.optionals (config.networking.hostName == "hazel") [ + 443 + + 25565 + + 24 + 25 + 110 + 143 + 465 + 587 + 993 + 995 + 4190 + 53570 + ]; + }; + }; + }; + }; +} diff --git a/kyra/networking/hostname.nix b/kyra/networking/hostname.nix new file mode 100644 index 0000000..7371866 --- /dev/null +++ b/kyra/networking/hostname.nix @@ -0,0 +1,5 @@ +_: { + networking = { + hostName = "kyra"; + }; +} diff --git a/kyra/networking/interfaces/ens3.nix b/kyra/networking/interfaces/ens3.nix new file mode 100644 index 0000000..3820e1f --- /dev/null +++ b/kyra/networking/interfaces/ens3.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: { + networking = { + interfaces = { + ens3 = { + ipv4 = { + addresses = lib.optionals (config.networking.hostName == "mel") [ + { + address = "45.11.229.254"; + prefixLength = 24; + } + ]; + }; + + ipv6 = { + addresses = + lib.optionals (config.networking.hostName == "hazel") [ + { + address = "2a03:6f01:1:2::cb1e"; + prefixLength = 64; + } + ] + ++ lib.optionals (config.networking.hostName == "mel") [ + { + address = "2a0e:97c0:3e3:2Oa::1"; + prefixLength = 64; + } + ]; + }; + }; + }; + }; +} diff --git a/s0mev1rtn0de-nix/networking/wireguard.nix b/kyra/networking/wireguard.nix similarity index 88% rename from s0mev1rtn0de-nix/networking/wireguard.nix rename to kyra/networking/wireguard.nix index 2ee5c02..bd2336c 100644 --- a/s0mev1rtn0de-nix/networking/wireguard.nix +++ b/kyra/networking/wireguard.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { wireguard = { enable = true; diff --git a/s0mev1rtn0de-nix/nix/settings/allowed-users.nix b/kyra/nix/settings/allowed-users.nix similarity index 92% rename from s0mev1rtn0de-nix/nix/settings/allowed-users.nix rename to kyra/nix/settings/allowed-users.nix index d483d0c..0239519 100644 --- a/s0mev1rtn0de-nix/nix/settings/allowed-users.nix +++ b/kyra/nix/settings/allowed-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { sandbox = true; diff --git a/s0mev1rtn0de-nix/nix/settings/auto-optimise-store.nix b/kyra/nix/settings/auto-optimise-store.nix similarity index 89% rename from s0mev1rtn0de-nix/nix/settings/auto-optimise-store.nix rename to kyra/nix/settings/auto-optimise-store.nix index 14f13c5..cb7a22a 100644 --- a/s0mev1rtn0de-nix/nix/settings/auto-optimise-store.nix +++ b/kyra/nix/settings/auto-optimise-store.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { auto-optimise-store = true; diff --git a/s0mev1rtn0de-nix/nix/settings/experimental-features.nix b/kyra/nix/settings/experimental-features.nix similarity index 93% rename from s0mev1rtn0de-nix/nix/settings/experimental-features.nix rename to kyra/nix/settings/experimental-features.nix index 7ce7e89..9c45bc4 100644 --- a/s0mev1rtn0de-nix/nix/settings/experimental-features.nix +++ b/kyra/nix/settings/experimental-features.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { experimental-features = [ diff --git a/s0mev1rtn0de-nix/nix/settings/substituters.nix b/kyra/nix/settings/substituters.nix similarity index 81% rename from s0mev1rtn0de-nix/nix/settings/substituters.nix rename to kyra/nix/settings/substituters.nix index 9136405..da0035f 100644 --- a/s0mev1rtn0de-nix/nix/settings/substituters.nix +++ b/kyra/nix/settings/substituters.nix @@ -1,18 +1,18 @@ -{...}: { +_: { nix = { settings = { substituters = [ # cache.nixos.org - "https://nixos-cache-proxy.cofob.dev" "https://cache.nixos.org" # cache.garnix.org "https://cache.garnix.io" # cachix "https://nix-community.cachix.org/" "https://chaotic-nyx.cachix.org/" - "https://ags.cachix.org" "https://hyprland.cachix.org" "https://chaotic-nyx.cachix.org/" + # nix-community + "https://hydra.nix-community.org/" ]; }; }; diff --git a/s0mev1rtn0de-nix/nix/settings/trusted-public-keys.nix b/kyra/nix/settings/trusted-public-keys.nix similarity index 98% rename from s0mev1rtn0de-nix/nix/settings/trusted-public-keys.nix rename to kyra/nix/settings/trusted-public-keys.nix index 62cbbde..e5cc01b 100644 --- a/s0mev1rtn0de-nix/nix/settings/trusted-public-keys.nix +++ b/kyra/nix/settings/trusted-public-keys.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-public-keys = [ diff --git a/s0mev1rtn0de-nix/nix/settings/trusted-users.nix b/kyra/nix/settings/trusted-users.nix similarity index 91% rename from s0mev1rtn0de-nix/nix/settings/trusted-users.nix rename to kyra/nix/settings/trusted-users.nix index e4a9dae..4eee825 100644 --- a/s0mev1rtn0de-nix/nix/settings/trusted-users.nix +++ b/kyra/nix/settings/trusted-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-users = [ diff --git a/s0mev1rtn0de-nix/nixpkgs/config.nix b/kyra/nixpkgs/config.nix similarity index 91% rename from s0mev1rtn0de-nix/nixpkgs/config.nix rename to kyra/nixpkgs/config.nix index 0425353..13ed34c 100644 --- a/s0mev1rtn0de-nix/nixpkgs/config.nix +++ b/kyra/nixpkgs/config.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { config = { allowBroken = true; diff --git a/s0mev1rtn0de-nix/nixpkgs/platform.nix b/kyra/nixpkgs/platform.nix similarity index 90% rename from s0mev1rtn0de-nix/nixpkgs/platform.nix rename to kyra/nixpkgs/platform.nix index 63fda3b..3cbe59a 100644 --- a/s0mev1rtn0de-nix/nixpkgs/platform.nix +++ b/kyra/nixpkgs/platform.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { system = "x86_64-linux"; hostPlatform = "x86_64-linux"; diff --git a/s0mev1rtn0de-nix/programs/nh.nix b/kyra/programs/nh.nix similarity index 87% rename from s0mev1rtn0de-nix/programs/nh.nix rename to kyra/programs/nh.nix index d641bad..f3d17d5 100644 --- a/s0mev1rtn0de-nix/programs/nh.nix +++ b/kyra/programs/nh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { nh = { enable = true; diff --git a/s0mev1rtn0de-nix/services/caddy.nix b/kyra/services/caddy.nix similarity index 87% rename from s0mev1rtn0de-nix/services/caddy.nix rename to kyra/services/caddy.nix index d978c83..fe3ad02 100644 --- a/s0mev1rtn0de-nix/services/caddy.nix +++ b/kyra/services/caddy.nix @@ -1,7 +1,16 @@ -{pkgs, ...}: { +{ + config, + pkgs, + lib, + ... +}: { services = { caddy = { - enable = true; + enable = + lib.mkIf ( + config.networking.hostName == "hazel" + ) + true; package = pkgs.caddy.withPlugins { plugins = [ @@ -24,28 +33,24 @@ virtualHosts = { "hand7s.org" = { extraConfig = '' - respond "hi! :D WIP btw" ''; }; "git.hand7s.org" = { extraConfig = '' - reverse_proxy ${homeIP}:53350 ''; }; "bin.hand7s.org" = { extraConfig = '' - reverse_proxy ${homeIP}:80 ''; }; "zitadel.hand7s.org" = { extraConfig = '' - reverse_proxy ${homeIP}:8443 ''; }; diff --git a/s0mev1rtn0de-nix/services/fail2ban.nix b/kyra/services/fail2ban.nix similarity index 97% rename from s0mev1rtn0de-nix/services/fail2ban.nix rename to kyra/services/fail2ban.nix index bb6ee40..87e2508 100644 --- a/s0mev1rtn0de-nix/services/fail2ban.nix +++ b/kyra/services/fail2ban.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { fail2ban = { enable = true; diff --git a/s0mev1rtn0de-nix/services/netbird.nix b/kyra/services/netbird.nix similarity index 100% rename from s0mev1rtn0de-nix/services/netbird.nix rename to kyra/services/netbird.nix diff --git a/s0mev1rtn0de-nix/services/openssh.nix b/kyra/services/openssh.nix similarity index 90% rename from s0mev1rtn0de-nix/services/openssh.nix rename to kyra/services/openssh.nix index 9034b10..6d54477 100644 --- a/s0mev1rtn0de-nix/services/openssh.nix +++ b/kyra/services/openssh.nix @@ -1,7 +1,10 @@ -{...}: { +_: { services = { openssh = { enable = true; + ports = [ + 58693 + ]; settings = { PrintMotd = false; diff --git a/s0mev1rtn0de-nix/services/qemuGuest.nix b/kyra/services/qemuGuest.nix similarity index 88% rename from s0mev1rtn0de-nix/services/qemuGuest.nix rename to kyra/services/qemuGuest.nix index d0c8739..7fb4eb6 100644 --- a/s0mev1rtn0de-nix/services/qemuGuest.nix +++ b/kyra/services/qemuGuest.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { qemuGuest = { enable = true; diff --git a/s0mev1rtn0de-nix/services/sing-box.nix b/kyra/services/sing-box.nix similarity index 98% rename from s0mev1rtn0de-nix/services/sing-box.nix rename to kyra/services/sing-box.nix index f7881c7..f29526c 100644 --- a/s0mev1rtn0de-nix/services/sing-box.nix +++ b/kyra/services/sing-box.nix @@ -1,7 +1,4 @@ -{ - # config, - ... -}: { +{...}: { services = { sing-box = { enable = true; diff --git a/s0mev1rtn0de-nix/system/stateVersion.nix b/kyra/system/stateVersion.nix similarity index 84% rename from s0mev1rtn0de-nix/system/stateVersion.nix rename to kyra/system/stateVersion.nix index 304a150..9d5896e 100644 --- a/s0mev1rtn0de-nix/system/stateVersion.nix +++ b/kyra/system/stateVersion.nix @@ -1,4 +1,4 @@ -{...}: { +_: { system = { stateVersion = "23.11"; }; diff --git a/s0mev1rtn0de-nix/users/users.nix b/kyra/users/users.nix similarity index 83% rename from s0mev1rtn0de-nix/users/users.nix rename to kyra/users/users.nix index 54415f1..9bb56d0 100644 --- a/s0mev1rtn0de-nix/users/users.nix +++ b/kyra/users/users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { mutableUsers = false; }; diff --git a/kyra/users/users/alep0u.nix b/kyra/users/users/alep0u.nix new file mode 100644 index 0000000..faf1630 --- /dev/null +++ b/kyra/users/users/alep0u.nix @@ -0,0 +1,23 @@ +_: { + users = { + users = { + "alep0u" = { + description = "alep0u"; + isNormalUser = true; + password = "alep0u"; + extraGroups = [ + "wheel" + "docker" + ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItDketCj5COoCvAPLhqOcBhWC1H50MApP2gDt/lkW7E alep0u@alep0u" + ]; + }; + }; + }; + }; + }; +} diff --git a/s0mev1rtn0de-nix/users/users/hand7s.nix b/kyra/users/users/hand7s.nix similarity index 52% rename from s0mev1rtn0de-nix/users/users/hand7s.nix rename to kyra/users/users/hand7s.nix index 3ad5002..497573a 100644 --- a/s0mev1rtn0de-nix/users/users/hand7s.nix +++ b/kyra/users/users/hand7s.nix @@ -1,7 +1,7 @@ -{...}: { +_: { users = { users = { - hand7s = { + "hand7s" = { description = "hands"; isNormalUser = true; hashedPassword = "$y$j9T$eHfq328GBp7Ga8xsbOTV/0$kcihv7zWLqSkj2jKAhI1pdbTSwvaf2RY5Rokm69XTL/"; @@ -9,6 +9,14 @@ "wheel" "docker" ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; }; }; }; diff --git a/s0mev1rtn0de-nix/users/users/root.nix b/kyra/users/users/root.nix similarity index 87% rename from s0mev1rtn0de-nix/users/users/root.nix rename to kyra/users/users/root.nix index 320de35..4044315 100644 --- a/s0mev1rtn0de-nix/users/users/root.nix +++ b/kyra/users/users/root.nix @@ -1,7 +1,7 @@ {pkgs, ...}: { users = { users = { - root = { + "root" = { shell = "${pkgs.util-linux}/bin/nologin"; }; }; diff --git a/s0mev1rtn0de-nix/virtualisation/docker.nix b/kyra/virtualisation/docker.nix similarity index 95% rename from s0mev1rtn0de-nix/virtualisation/docker.nix rename to kyra/virtualisation/docker.nix index df2d700..59e76bf 100644 --- a/s0mev1rtn0de-nix/virtualisation/docker.nix +++ b/kyra/virtualisation/docker.nix @@ -1,4 +1,4 @@ -{...}: { +_: { virtualisation = { oci-containers = { backend = "docker"; diff --git a/s0mev1rtn0de-nix/default.nix b/s0mev1rtn0de-nix/default.nix deleted file mode 100644 index 9962459..0000000 --- a/s0mev1rtn0de-nix/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{...}: { - imports = [ - "${self}/s0mev1rtn0de/disko/disk.nix" - "${self}/s0mev1rtn0de/disko/lvm_vg.nix" - - "${self}/s0mev1rtn0de/boot/initrd/availableKernelModules.nix" - "${self}/s0mev1rtn0de/boot/initrd/kernelModules.nix" - "${self}/s0mev1rtn0de/boot/loader/grub.nix" - "${self}/s0mev1rtn0de/boot/kernel.nix" - "${self}/s0mev1rtn0de/boot/tmp.nix" - - "${self}/s0mev1rtn0de/environment/systemPackages.nix" - - "${self}/s0mev1rtn0de/hardware/zram.nix" - - "${self}/s0mev1rtn0de/networking/firewall/ens3.nix" - "${self}/s0mev1rtn0de/networking/firewall/wt0.nix" - "${self}/s0mev1rtn0de/networking/firewall.nix" - "${self}/s0mev1rtn0de/networking/hostname.nix" - "${self}/s0mev1rtn0de/networking/dns.nix" - "${self}/s0mev1rtn0de/networking/nftables.nix" - "${self}/s0mev1rtn0de/networking/wireguard.nix" - "${self}/s0mev1rtn0de/networking/wg-quick.nix" - "${self}/s0mev1rtn0de/networking/nat.nix" - - "${self}/s0mev1rtn0de/nix/settings/allowed-users.nix" - "${self}/s0mev1rtn0de/nix/settings/experimental-features.nix" - "${self}/s0mev1rtn0de/nix/settings/substituters.nix" - "${self}/s0mev1rtn0de/nix/settings/trusted-public-keys.nix" - "${self}/s0mev1rtn0de/nix/settings/trusted-users.nix" - "${self}/s0mev1rtn0de/nix/settings/auto-optimise-store.nix" - - "${self}/s0mev1rtn0de/nixpkgs/config.nix" - "${self}/s0mev1rtn0de/nixpkgs/platform.nix" - - "${self}/s0mev1rtn0de/programs/nh.nix" - - "${self}/s0mev1rtn0de/services/openssh.nix" - "${self}/s0mev1rtn0de/services/fail2ban.nix" - "${self}/s0mev1rtn0de/services/netbird.nix" - "${self}/s0mev1rtn0de/services/qemuGuest.nix" - "${self}/s0mev1rtn0de/services/caddy.nix" - "${self}/s0mev1rtn0de/services/sing-box.nix" - - "${self}/s0mev1rtn0de/sops/age.nix" - "${self}/s0mev1rtn0de/sops/defaults.nix" - "${self}/s0mev1rtn0de/sops/secrets.nix" - - "${self}/s0mev1rtn0de/system/stateVersion.nix" - - "${self}/s0mev1rtn0de/users/users.nix" - "${self}/s0mev1rtn0de/users/users/askhat.nix" - "${self}/s0mev1rtn0de/users/users/hand7s.nix" - "${self}/s0mev1rtn0de/users/users/root.nix" - - "${self}/s0mev1rtn0de/virtualisation/docker.nix" - ]; -} diff --git a/s0mev1rtn0de-nix/networking/firewall/ens3.nix b/s0mev1rtn0de-nix/networking/firewall/ens3.nix deleted file mode 100644 index fc74f60..0000000 --- a/s0mev1rtn0de-nix/networking/firewall/ens3.nix +++ /dev/null @@ -1,21 +0,0 @@ -{...}: { - networking = { - firewall = { - interfaces = { - ens3 = { - allowedUDPPorts = [ - 443 - 53590 - 53570 - ]; - - allowedTCPPorts = [ - 443 - 53590 - 53570 - ]; - }; - }; - }; - }; -} diff --git a/s0mev1rtn0de-nix/networking/firewall/wt0.nix b/s0mev1rtn0de-nix/networking/firewall/wt0.nix deleted file mode 100644 index 564d82d..0000000 --- a/s0mev1rtn0de-nix/networking/firewall/wt0.nix +++ /dev/null @@ -1,17 +0,0 @@ -{...}: { - networking = { - firewall = { - interfaces = { - wt0 = { - allowedUDPPorts = [ - 39856 - ]; - - allowedTCPPorts = [ - 39856 - ]; - }; - }; - }; - }; -} diff --git a/s0mev1rtn0de-nix/networking/hostname.nix b/s0mev1rtn0de-nix/networking/hostname.nix deleted file mode 100644 index 1781f05..0000000 --- a/s0mev1rtn0de-nix/networking/hostname.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - networking = { - hostName = "s0mev1rtn0de-nix"; - }; -} diff --git a/s0mev1rtn0de-nix/networking/interfaces/ens3.nix b/s0mev1rtn0de-nix/networking/interfaces/ens3.nix deleted file mode 100644 index 7bebc8a..0000000 --- a/s0mev1rtn0de-nix/networking/interfaces/ens3.nix +++ /dev/null @@ -1,16 +0,0 @@ -{...}: { - networking = { - interfaces = { - ens3 = { - ipv6 = { - addresses = [ - { - address = ""; - prefixLength = 128; - } - ]; - }; - }; - }; - }; -} diff --git a/s0mev1rtn0de-nix/networking/nat.nix b/s0mev1rtn0de-nix/networking/nat.nix deleted file mode 100644 index 6ff577a..0000000 --- a/s0mev1rtn0de-nix/networking/nat.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - networking = { - nat = { - enable = true; - enableIPv6 = true; - externalInterface = "ens3"; - internalInterfaces = [ - "wg0" - ]; - }; - }; -} diff --git a/s0mev1rtn0de-nix/networking/nftables.nix b/s0mev1rtn0de-nix/networking/nftables.nix deleted file mode 100644 index d0601b3..0000000 --- a/s0mev1rtn0de-nix/networking/nftables.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - networking = { - nftables = { - enable = false; - }; - }; -} diff --git a/s0mev1rtn0de-nix/networking/wg-quick.nix b/s0mev1rtn0de-nix/networking/wg-quick.nix deleted file mode 100644 index 4bab50d..0000000 --- a/s0mev1rtn0de-nix/networking/wg-quick.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - networking = { - wg-quick = { - interfaces = { - wg0 = { - type = "wireguard"; - listenPort = 53590; - privateKeyFile = config.sops.secrets.privateWgKey; - - address = [ - "10.100.0.1/24" - ]; - - postUp = '' - ${lib.getExe' pkgs.iptables "iptables"} -A FORWARD -i wg0 -j ACCEPT - ${lib.getExe' pkgs.iptables "iptables"} -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - - preDown = '' - ${lib.getExe' pkgs.iptables "iptables"} -D FORWARD -i wg0 -j ACCEPT - ${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - - peers = [ - { - publicKey = "{}"; - presharedKeyFile = config.sops.secrets.presharedWgKey1; - allowedIPs = [ - "10.100.0.2/32" - ]; - } - - { - publicKey = "{}"; - presharedKeyFile = config.sops.secrets.presharedWgKey2; - allowedIPs = [ - "10.100.0.3/32" - ]; - } - ]; - }; - }; - }; - }; -} diff --git a/s0mev1rtn0de-nix/users/users/askhat.nix b/s0mev1rtn0de-nix/users/users/askhat.nix deleted file mode 100644 index 3fba6bc..0000000 --- a/s0mev1rtn0de-nix/users/users/askhat.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - users = { - users = { - askhat = { - description = "askhat"; - isNormalUser = true; - hashedPassword = "$y$j9T$t3G0Vj47wHY86twX2bfwr/$kUajwW8gxtu09z9btWBB7YNEcj1Ut3QfYEazWr7utgC"; - extraGroups = [ - "wheel" - "docker" - ]; - - openssh = { - authorizedKeys = { - keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfdXRE2ckx++O1lHFcmZlBMN1Sgy3aqSadOdC+ZOLj5 kixoncon33@gmail.com" - ]; - }; - }; - }; - }; - }; -} diff --git a/s0mev1rtn0de-nix/virtualisation/oci-containers/3x-ui.nix b/s0mev1rtn0de-nix/virtualisation/oci-containers/3x-ui.nix deleted file mode 100644 index 441db20..0000000 --- a/s0mev1rtn0de-nix/virtualisation/oci-containers/3x-ui.nix +++ /dev/null @@ -1,26 +0,0 @@ -{...}: { - virtualisation = { - oci-containers = { - containers = { - "3x-ui" = { - autoStart = true; - image = "ghcr.io/mhsanaei/3x-ui:latest"; - volumes = [ - "/docker/3x-ui/db/:/etc/x-ui/" - "/docker/3x-ui/certs/:/root/cert/" - ]; - - environment = { - XRAY_VMESS_AEAD_FORCED = toString false; - XUI_ENABLE_FAIL2BAN = toString false; - }; - - extraOptions = [ - "--network=host" - "--tty=true" - ]; - }; - }; - }; - }; -}