s0melapt0p-nix -> isla: rename

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-02-08 22:16:49 +03:00 · 2026-02-08 22:16:49 +03:00 · cbd0c3661c
commit cbd0c3661c
parent c1445349f0
50 changed files with 377 additions and 278 deletions
--- a/flake.nix
+++ b/flake.nix
@ -468,7 +468,10 @@
            ];
          };
-          "s0mev1rtn0de-nix" = inputs.nixpkgs.lib.nixosSystem {
+          # my VPSes:
          # VPS 1
          "hazel" = inputs.nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            specialArgs = {
              inherit
@ -478,11 +481,92 @@
            };
            modules = [
-              "${self}/s0mev1rtn0de-nix/"
+              {
                networking.hostName = inputs.nixpkgs.lib.mkDefault "hazel";
              }
              "${self}/kyra/"
              inputs.agenix.nixosModules.default
              inputs.disko.nixosModules.disko
              inputs.home-manager.nixosModules.default
              inputs.sops-nix.nixosModules.sops
              inputs.nix-index-database.nixosModules.nix-index
              inputs.nix-mineral.nixosModules.nix-mineral
            ];
          };
          # VPS 2
          "lynn" = inputs.nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            specialArgs = {
              inherit
                inputs
                self
                ;
            };
            modules = [
              {
                networking.hostName = inputs.nixpkgs.lib.mkDefault "lynn";
              }
              "${self}/kyra/"
              inputs.agenix.nixosModules.default
              inputs.disko.nixosModules.disko
              inputs.home-manager.nixosModules.default
              inputs.sops-nix.nixosModules.sops
              inputs.nix-index-database.nixosModules.nix-index
              inputs.nix-mineral.nixosModules.nix-mineral
            ];
          };
          # VPS 3
          "ivy" = inputs.nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            specialArgs = {
              inherit
                inputs
                self
                ;
            };
            modules = [
              {
                networking.hostName = inputs.nixpkgs.lib.mkDefault "ivy";
              }
              "${self}/kyra/"
              inputs.agenix.nixosModules.default
              inputs.disko.nixosModules.disko
              inputs.home-manager.nixosModules.default
              inputs.sops-nix.nixosModules.sops
              inputs.nix-index-database.nixosModules.nix-index
              inputs.nix-mineral.nixosModules.nix-mineral
            ];
          };
          # VPS 4
          "mel" = inputs.nixpkgs.lib.nixosSystem {
            system = "x86_64-linux";
            specialArgs = {
              inherit
                inputs
                self
                ;
            };
            modules = [
              {
                networking.hostName = inputs.nixpkgs.lib.mkDefault "mel";
              }
              "${self}/kyra/"
              inputs.agenix.nixosModules.default
              inputs.disko.nixosModules.disko
              inputs.home-manager.nixosModules.default
              inputs.sops-nix.nixosModules.sops
              inputs.nix-index-database.nixosModules.nix-index
              inputs.nix-mineral.nixosModules.nix-mineral
            ];
          };
--- a/s0mev1rtn0de-nix/boot/initrd/availableKernelModules.nix
+++ b/s0mev1rtn0de-nix/boot/initrd/availableKernelModules.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  boot = {
    initrd = {
      availableKernelModules = [
--- a/s0mev1rtn0de-nix/boot/initrd/kernelModules.nix
+++ b/s0mev1rtn0de-nix/boot/initrd/kernelModules.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  boot = {
    initrd = {
      kernelModules = [
--- a/s0mev1rtn0de-nix/boot/kernel.nix
+++ b/s0mev1rtn0de-nix/boot/kernel.nix
@ -1,9 +1,11 @@
-{...}: {
+_: {
  boot = {
    kernel = {
      sysctl = {
        "net.ipv4.ip_forward" = 1;
        "net.ipv6.conf.all.forwarding" = 1;
        "net.ipv4.ip_nonlocal_bind" = 1;
        "net.ipv6.ip_nonlocal_bind" = 1;
      };
    };
  };
--- a/s0mev1rtn0de-nix/boot/loader/grub.nix
+++ b/s0mev1rtn0de-nix/boot/loader/grub.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  boot = {
    loader = {
      grub = {
--- a/s0mev1rtn0de-nix/boot/tmp.nix
+++ b/s0mev1rtn0de-nix/boot/tmp.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  boot = {
    tmp = {
      cleanOnBoot = true;
--- a/kyra/default.nix
+++ b/kyra/default.nix
@ -0,0 +1,57 @@
 {self, ...}: {
  imports = [
    "${self}/kyra/disko/disk.nix"
    "${self}/kyra/disko/lvm_vg.nix"
    "${self}/kyra/boot/initrd/availableKernelModules.nix"
    "${self}/kyra/boot/initrd/kernelModules.nix"
    "${self}/kyra/boot/loader/grub.nix"
    "${self}/kyra/boot/kernel.nix"
    "${self}/kyra/boot/tmp.nix"
    "${self}/kyra/environment/systemPackages.nix"
    "${self}/kyra/hardware/zram.nix"
    "${self}/kyra/home-manager/users.nix"
    "${self}/kyra/networking/interfaces/ens3.nix"
    "${self}/kyra/networking/firewall/ens3.nix"
    "${self}/kyra/networking/firewall.nix"
    "${self}/kyra/networking/dns.nix"
    "${self}/kyra/networking/wireguard.nix"
    "${self}/kyra/networking/defaultGateway.nix"
    "${self}/kyra/nix/settings/allowed-users.nix"
    "${self}/kyra/nix/settings/experimental-features.nix"
    "${self}/kyra/nix/settings/substituters.nix"
    "${self}/kyra/nix/settings/trusted-public-keys.nix"
    "${self}/kyra/nix/settings/trusted-users.nix"
    "${self}/kyra/nix/settings/auto-optimise-store.nix"
    "${self}/kyra/nixpkgs/config.nix"
    "${self}/kyra/nixpkgs/platform.nix"
    "${self}/kyra/programs/nh.nix"
    "${self}/kyra/services/openssh.nix"
    "${self}/kyra/services/fail2ban.nix"
    "${self}/kyra/services/netbird.nix"
    "${self}/kyra/services/qemuGuest.nix"
    "${self}/kyra/services/caddy.nix"
    "${self}/kyra/services/sing-box.nix"
    "${self}/kyra/sops/age.nix"
    "${self}/kyra/sops/defaults.nix"
    "${self}/kyra/sops/secrets.nix"
    "${self}/kyra/system/stateVersion.nix"
    "${self}/kyra/users/users.nix"
    "${self}/kyra/users/users/alep0u.nix"
    "${self}/kyra/users/users/hand7s.nix"
    "${self}/kyra/users/users/root.nix"
    "${self}/kyra/virtualisation/docker.nix"
  ];
 }
--- a/s0mev1rtn0de-nix/disko/disk.nix
+++ b/s0mev1rtn0de-nix/disko/disk.nix
--- a/s0mev1rtn0de-nix/disko/lvm_vg.nix
+++ b/s0mev1rtn0de-nix/disko/lvm_vg.nix
--- a/s0mev1rtn0de-nix/environment/systemPackages.nix
+++ b/s0mev1rtn0de-nix/environment/systemPackages.nix
--- a/s0mev1rtn0de-nix/hardware/zram.nix
+++ b/s0mev1rtn0de-nix/hardware/zram.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  zramSwap = {
    enable = true;
    algorithm = "zstd";
--- a/kyra/home-manager/users.nix
+++ b/kyra/home-manager/users.nix
@ -0,0 +1,27 @@
 {self, ...}: {
  home-manager = {
    users = {
      "hand7s" = {
        imports = [
          "${self}/hand7s/"
          self.inputs.agenix.homeManagerModules.default
          self.inputs.spicetify-nix.homeManagerModules.default
          self.inputs.hyprland.homeManagerModules.default
          self.inputs.chaotic.homeManagerModules.default
          self.inputs.sops-nix.homeManagerModules.sops
          self.inputs.nix-index-database.homeModules.nix-index
          self.inputs.noctalia.homeModules.default
        ];
      };
    };
    backupFileExtension = "force";
    extraSpecialArgs = {
      inherit
        self
        ;
    };
  };
 }
--- a/kyra/networking/defaultGateway.nix
+++ b/kyra/networking/defaultGateway.nix
@ -0,0 +1,17 @@
 {
  lib,
  config,
  ...
 }: {
  networking = {
    defaultGateway = lib.mkIf (config.networking.hostName == "mel") {
      address = "45.11.229.1";
      interface = "ens3";
    };
    defaultGateway6 = lib.mkIf (config.networking.hostName == "mel") {
      address = "2a0e:97c0:3e3:2Oa::1";
      interface = "ens3";
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/dns.nix
+++ b/s0mev1rtn0de-nix/networking/dns.nix
@ -1,14 +1,27 @@
-{...}: {
+_: {
  networking = {
    nameservers = [
      # cf dns
      "1.1.1.1"
      "1.0.0.1"
      "8.8.8.8"
      "8.8.4.4"
      "2606:4700:4700::1111"
      "2606:4700:4700::1001"
      # google dns
      "8.8.8.8"
      "8.8.4.4"
      "2001:4860:4860::8888"
      "2001:4860:4860::8844"
      # q9 dns
      "9.9.9.9"
      "149.112.112.112"
      "2620:fe::fe"
      "2620:fe::9"
      # open dns
      "208.67.222.222"
      "208.67.220.220"
      "2620:119:35::35"
      "2620:119:53::53"
    ];
--- a/s0mev1rtn0de-nix/networking/firewall.nix
+++ b/s0mev1rtn0de-nix/networking/firewall.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  networking = {
    firewall = {
      enable = true;
--- a/kyra/networking/firewall/ens3.nix
+++ b/kyra/networking/firewall/ens3.nix
@ -0,0 +1,57 @@
 {
  config,
  lib,
  ...
 }: {
  networking = {
    firewall = {
      interfaces = {
        ens3 = {
          allowedUDPPorts =
            [
              53580
              53590
            ]
            ++ lib.optionals (config.networking.hostName == "hazel") [
              443
              25565
              24
              25
              110
              143
              465
              587
              993
              995
              4190
              53570
            ];
          allowedTCPPorts =
            [
              53580
              53590
            ]
            ++ lib.optionals (config.networking.hostName == "hazel") [
              443
              25565
              24
              25
              110
              143
              465
              587
              993
              995
              4190
              53570
            ];
        };
      };
    };
  };
 }
--- a/kyra/networking/hostname.nix
+++ b/kyra/networking/hostname.nix
@ -0,0 +1,5 @@
 _: {
  networking = {
    hostName = "kyra";
  };
 }
--- a/kyra/networking/interfaces/ens3.nix
+++ b/kyra/networking/interfaces/ens3.nix
@ -0,0 +1,36 @@
 {
  config,
  lib,
  ...
 }: {
  networking = {
    interfaces = {
      ens3 = {
        ipv4 = {
          addresses = lib.optionals (config.networking.hostName == "mel") [
            {
              address = "45.11.229.254";
              prefixLength = 24;
            }
          ];
        };
        ipv6 = {
          addresses =
            lib.optionals (config.networking.hostName == "hazel") [
              {
                address = "2a03:6f01:1:2::cb1e";
                prefixLength = 64;
              }
            ]
            ++ lib.optionals (config.networking.hostName == "mel") [
              {
                address = "2a0e:97c0:3e3:2Oa::1";
                prefixLength = 64;
              }
            ];
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/wireguard.nix
+++ b/s0mev1rtn0de-nix/networking/wireguard.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  networking = {
    wireguard = {
      enable = true;
--- a/s0mev1rtn0de-nix/nix/settings/allowed-users.nix
+++ b/s0mev1rtn0de-nix/nix/settings/allowed-users.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nix = {
    settings = {
      sandbox = true;
--- a/s0mev1rtn0de-nix/nix/settings/auto-optimise-store.nix
+++ b/s0mev1rtn0de-nix/nix/settings/auto-optimise-store.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nix = {
    settings = {
      auto-optimise-store = true;
--- a/s0mev1rtn0de-nix/nix/settings/experimental-features.nix
+++ b/s0mev1rtn0de-nix/nix/settings/experimental-features.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nix = {
    settings = {
      experimental-features = [
--- a/s0mev1rtn0de-nix/nix/settings/substituters.nix
+++ b/s0mev1rtn0de-nix/nix/settings/substituters.nix
@ -1,18 +1,18 @@
-{...}: {
+_: {
  nix = {
    settings = {
      substituters = [
        # cache.nixos.org
        "https://nixos-cache-proxy.cofob.dev"
        "https://cache.nixos.org"
        # cache.garnix.org
        "https://cache.garnix.io"
        # cachix
        "https://nix-community.cachix.org/"
        "https://chaotic-nyx.cachix.org/"
        "https://ags.cachix.org"
        "https://hyprland.cachix.org"
        "https://chaotic-nyx.cachix.org/"
        # nix-community
        "https://hydra.nix-community.org/"
      ];
    };
  };
--- a/s0mev1rtn0de-nix/nix/settings/trusted-public-keys.nix
+++ b/s0mev1rtn0de-nix/nix/settings/trusted-public-keys.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nix = {
    settings = {
      trusted-public-keys = [
--- a/s0mev1rtn0de-nix/nix/settings/trusted-users.nix
+++ b/s0mev1rtn0de-nix/nix/settings/trusted-users.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nix = {
    settings = {
      trusted-users = [
--- a/s0mev1rtn0de-nix/nixpkgs/config.nix
+++ b/s0mev1rtn0de-nix/nixpkgs/config.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nixpkgs = {
    config = {
      allowBroken = true;
--- a/s0mev1rtn0de-nix/nixpkgs/platform.nix
+++ b/s0mev1rtn0de-nix/nixpkgs/platform.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  nixpkgs = {
    system = "x86_64-linux";
    hostPlatform = "x86_64-linux";
--- a/s0mev1rtn0de-nix/programs/nh.nix
+++ b/s0mev1rtn0de-nix/programs/nh.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  programs = {
    nh = {
      enable = true;
--- a/s0mev1rtn0de-nix/services/caddy.nix
+++ b/s0mev1rtn0de-nix/services/caddy.nix
@ -1,7 +1,16 @@
-{pkgs, ...}: {
+{
  config,
  pkgs,
  lib,
  ...
 }: {
  services = {
    caddy = {
-      enable = true;
+      enable =
        lib.mkIf (
          config.networking.hostName == "hazel"
        )
        true;
      package = pkgs.caddy.withPlugins {
        plugins = [
@ -24,28 +33,24 @@
      virtualHosts = {
        "hand7s.org" = {
          extraConfig = ''
            respond "hi! :D WIP btw"
          '';
        };
        "git.hand7s.org" = {
          extraConfig = ''
            reverse_proxy ${homeIP}:53350
          '';
        };
        "bin.hand7s.org" = {
          extraConfig = ''
            reverse_proxy ${homeIP}:80
          '';
        };
        "zitadel.hand7s.org" = {
          extraConfig = ''
            reverse_proxy ${homeIP}:8443
          '';
        };
--- a/s0mev1rtn0de-nix/services/fail2ban.nix
+++ b/s0mev1rtn0de-nix/services/fail2ban.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  services = {
    fail2ban = {
      enable = true;
--- a/s0mev1rtn0de-nix/services/netbird.nix
+++ b/s0mev1rtn0de-nix/services/netbird.nix
--- a/s0mev1rtn0de-nix/services/openssh.nix
+++ b/s0mev1rtn0de-nix/services/openssh.nix
@ -1,7 +1,10 @@
-{...}: {
+_: {
  services = {
    openssh = {
      enable = true;
      ports = [
        58693
      ];
      settings = {
        PrintMotd = false;
--- a/s0mev1rtn0de-nix/services/qemuGuest.nix
+++ b/s0mev1rtn0de-nix/services/qemuGuest.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  services = {
    qemuGuest = {
      enable = true;
--- a/s0mev1rtn0de-nix/services/sing-box.nix
+++ b/s0mev1rtn0de-nix/services/sing-box.nix
@ -1,7 +1,4 @@
-{
+{...}: {
  # config,
  ...
 }: {
  services = {
    sing-box = {
      enable = true;
--- a/s0mev1rtn0de-nix/system/stateVersion.nix
+++ b/s0mev1rtn0de-nix/system/stateVersion.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  system = {
    stateVersion = "23.11";
  };
--- a/s0mev1rtn0de-nix/users/users.nix
+++ b/s0mev1rtn0de-nix/users/users.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  users = {
    mutableUsers = false;
  };
--- a/kyra/users/users/alep0u.nix
+++ b/kyra/users/users/alep0u.nix
@ -0,0 +1,23 @@
 _: {
  users = {
    users = {
      "alep0u" = {
        description = "alep0u";
        isNormalUser = true;
        password = "alep0u";
        extraGroups = [
          "wheel"
          "docker"
        ];
        openssh = {
          authorizedKeys = {
            keys = [
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItDketCj5COoCvAPLhqOcBhWC1H50MApP2gDt/lkW7E alep0u@alep0u"
            ];
          };
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/users/users/hand7s.nix
+++ b/s0mev1rtn0de-nix/users/users/hand7s.nix
@ -1,7 +1,7 @@
-{...}: {
+_: {
  users = {
    users = {
-      hand7s = {
+      "hand7s" = {
        description = "hands";
        isNormalUser = true;
        hashedPassword = "$y$j9T$eHfq328GBp7Ga8xsbOTV/0$kcihv7zWLqSkj2jKAhI1pdbTSwvaf2RY5Rokm69XTL/";
@ -9,6 +9,14 @@
          "wheel"
          "docker"
        ];
        openssh = {
          authorizedKeys = {
            keys = [
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com"
            ];
          };
        };
      };
    };
  };
--- a/s0mev1rtn0de-nix/users/users/root.nix
+++ b/s0mev1rtn0de-nix/users/users/root.nix
@ -1,7 +1,7 @@
 {pkgs, ...}: {
  users = {
    users = {
-      root = {
+      "root" = {
        shell = "${pkgs.util-linux}/bin/nologin";
      };
    };
--- a/s0mev1rtn0de-nix/virtualisation/docker.nix
+++ b/s0mev1rtn0de-nix/virtualisation/docker.nix
@ -1,4 +1,4 @@
-{...}: {
+_: {
  virtualisation = {
    oci-containers = {
      backend = "docker";
--- a/s0mev1rtn0de-nix/default.nix
+++ b/s0mev1rtn0de-nix/default.nix
@ -1,58 +0,0 @@
 {...}: {
  imports = [
    "${self}/s0mev1rtn0de/disko/disk.nix"
    "${self}/s0mev1rtn0de/disko/lvm_vg.nix"
    "${self}/s0mev1rtn0de/boot/initrd/availableKernelModules.nix"
    "${self}/s0mev1rtn0de/boot/initrd/kernelModules.nix"
    "${self}/s0mev1rtn0de/boot/loader/grub.nix"
    "${self}/s0mev1rtn0de/boot/kernel.nix"
    "${self}/s0mev1rtn0de/boot/tmp.nix"
    "${self}/s0mev1rtn0de/environment/systemPackages.nix"
    "${self}/s0mev1rtn0de/hardware/zram.nix"
    "${self}/s0mev1rtn0de/networking/firewall/ens3.nix"
    "${self}/s0mev1rtn0de/networking/firewall/wt0.nix"
    "${self}/s0mev1rtn0de/networking/firewall.nix"
    "${self}/s0mev1rtn0de/networking/hostname.nix"
    "${self}/s0mev1rtn0de/networking/dns.nix"
    "${self}/s0mev1rtn0de/networking/nftables.nix"
    "${self}/s0mev1rtn0de/networking/wireguard.nix"
    "${self}/s0mev1rtn0de/networking/wg-quick.nix"
    "${self}/s0mev1rtn0de/networking/nat.nix"
    "${self}/s0mev1rtn0de/nix/settings/allowed-users.nix"
    "${self}/s0mev1rtn0de/nix/settings/experimental-features.nix"
    "${self}/s0mev1rtn0de/nix/settings/substituters.nix"
    "${self}/s0mev1rtn0de/nix/settings/trusted-public-keys.nix"
    "${self}/s0mev1rtn0de/nix/settings/trusted-users.nix"
    "${self}/s0mev1rtn0de/nix/settings/auto-optimise-store.nix"
    "${self}/s0mev1rtn0de/nixpkgs/config.nix"
    "${self}/s0mev1rtn0de/nixpkgs/platform.nix"
    "${self}/s0mev1rtn0de/programs/nh.nix"
    "${self}/s0mev1rtn0de/services/openssh.nix"
    "${self}/s0mev1rtn0de/services/fail2ban.nix"
    "${self}/s0mev1rtn0de/services/netbird.nix"
    "${self}/s0mev1rtn0de/services/qemuGuest.nix"
    "${self}/s0mev1rtn0de/services/caddy.nix"
    "${self}/s0mev1rtn0de/services/sing-box.nix"
    "${self}/s0mev1rtn0de/sops/age.nix"
    "${self}/s0mev1rtn0de/sops/defaults.nix"
    "${self}/s0mev1rtn0de/sops/secrets.nix"
    "${self}/s0mev1rtn0de/system/stateVersion.nix"
    "${self}/s0mev1rtn0de/users/users.nix"
    "${self}/s0mev1rtn0de/users/users/askhat.nix"
    "${self}/s0mev1rtn0de/users/users/hand7s.nix"
    "${self}/s0mev1rtn0de/users/users/root.nix"
    "${self}/s0mev1rtn0de/virtualisation/docker.nix"
  ];
 }
--- a/s0mev1rtn0de-nix/networking/firewall/ens3.nix
+++ b/s0mev1rtn0de-nix/networking/firewall/ens3.nix
@ -1,21 +0,0 @@
 {...}: {
  networking = {
    firewall = {
      interfaces = {
        ens3 = {
          allowedUDPPorts = [
            443
            53590
            53570
          ];
          allowedTCPPorts = [
            443
            53590
            53570
          ];
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/firewall/wt0.nix
+++ b/s0mev1rtn0de-nix/networking/firewall/wt0.nix
@ -1,17 +0,0 @@
 {...}: {
  networking = {
    firewall = {
      interfaces = {
        wt0 = {
          allowedUDPPorts = [
            39856
          ];
          allowedTCPPorts = [
            39856
          ];
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/hostname.nix
+++ b/s0mev1rtn0de-nix/networking/hostname.nix
@ -1,5 +0,0 @@
 {...}: {
  networking = {
    hostName = "s0mev1rtn0de-nix";
  };
 }
--- a/s0mev1rtn0de-nix/networking/interfaces/ens3.nix
+++ b/s0mev1rtn0de-nix/networking/interfaces/ens3.nix
@ -1,16 +0,0 @@
 {...}: {
  networking = {
    interfaces = {
      ens3 = {
        ipv6 = {
          addresses = [
            {
              address = "";
              prefixLength = 128;
            }
          ];
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/nat.nix
+++ b/s0mev1rtn0de-nix/networking/nat.nix
@ -1,12 +0,0 @@
 {...}: {
  networking = {
    nat = {
      enable = true;
      enableIPv6 = true;
      externalInterface = "ens3";
      internalInterfaces = [
        "wg0"
      ];
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/nftables.nix
+++ b/s0mev1rtn0de-nix/networking/nftables.nix
@ -1,7 +0,0 @@
 {...}: {
  networking = {
    nftables = {
      enable = false;
    };
  };
 }
--- a/s0mev1rtn0de-nix/networking/wg-quick.nix
+++ b/s0mev1rtn0de-nix/networking/wg-quick.nix
@ -1,50 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  networking = {
    wg-quick = {
      interfaces = {
        wg0 = {
          type = "wireguard";
          listenPort = 53590;
          privateKeyFile = config.sops.secrets.privateWgKey;
          address = [
            "10.100.0.1/24"
          ];
          postUp = ''
            ${lib.getExe' pkgs.iptables "iptables"} -A FORWARD -i wg0 -j ACCEPT
            ${lib.getExe' pkgs.iptables "iptables"} -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE
          '';
          preDown = ''
            ${lib.getExe' pkgs.iptables "iptables"} -D FORWARD -i wg0 -j ACCEPT
             ${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE
          '';
          peers = [
            {
              publicKey = "{}";
              presharedKeyFile = config.sops.secrets.presharedWgKey1;
              allowedIPs = [
                "10.100.0.2/32"
              ];
            }
            {
              publicKey = "{}";
              presharedKeyFile = config.sops.secrets.presharedWgKey2;
              allowedIPs = [
                "10.100.0.3/32"
              ];
            }
          ];
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/users/users/askhat.nix
+++ b/s0mev1rtn0de-nix/users/users/askhat.nix
@ -1,23 +0,0 @@
 {...}: {
  users = {
    users = {
      askhat = {
        description = "askhat";
        isNormalUser = true;
        hashedPassword = "$y$j9T$t3G0Vj47wHY86twX2bfwr/$kUajwW8gxtu09z9btWBB7YNEcj1Ut3QfYEazWr7utgC";
        extraGroups = [
          "wheel"
          "docker"
        ];
        openssh = {
          authorizedKeys = {
            keys = [
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfdXRE2ckx++O1lHFcmZlBMN1Sgy3aqSadOdC+ZOLj5 kixoncon33@gmail.com"
            ];
          };
        };
      };
    };
  };
 }
--- a/s0mev1rtn0de-nix/virtualisation/oci-containers/3x-ui.nix
+++ b/s0mev1rtn0de-nix/virtualisation/oci-containers/3x-ui.nix
@ -1,26 +0,0 @@
 {...}: {
  virtualisation = {
    oci-containers = {
      containers = {
        "3x-ui" = {
          autoStart = true;
          image = "ghcr.io/mhsanaei/3x-ui:latest";
          volumes = [
            "/docker/3x-ui/db/:/etc/x-ui/"
            "/docker/3x-ui/certs/:/root/cert/"
          ];
          environment = {
            XRAY_VMESS_AEAD_FORCED = toString false;
            XUI_ENABLE_FAIL2BAN = toString false;
          };
          extraOptions = [
            "--network=host"
            "--tty=true"
          ];
        };
      };
    };
  };
 }