s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

treewide: upstreaming changes

Browse source 
Signed-off-by: s0me1newithhand7s <117505144+s0me1newithhand7s@users.noreply.github.com>
This commit is contained in:
s0me1newithhand7s 2025-10-24 20:48:35 +03:00
parent d159232b37
commit e4e1b03c7e
No known key found for this signature in database
160 changed files with 3408 additions and 5474 deletions
Download patch file Download diff file Expand all files Collapse all files

55
s0mev1rtn0de-nix/services/caddy.nix Normal file
View file

@ -0,0 +1,55 @@
{pkgs, ...}: {
services = {
caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [
"github.com/mholt/caddy-l4@v0.0.0-20250902102621-4a517a98d7fa"
"github.com/caddy-dns/cloudflare@v0.2.1"
];
hash = "sha256-1/jRWotKCvx7QncjVSVGYXb2gAmIiokC/ZbCUelG5Rc=";
};
globalConfig = ''
debug
email me@hand7s.org
acme_ca https://acme-v02.api.letsencrypt.org/directory
'';
# acme_ca https://api.zerossl.com/directory
virtualHosts = {
"hand7s.org" = {
extraConfig = ''
respond "hi! :D WIP btw"
'';
};
"git.hand7s.org" = {
extraConfig = ''
reverse_proxy ${homeIP}:53350
'';
};
"bin.hand7s.org" = {
extraConfig = ''
reverse_proxy ${homeIP}:80
'';
};
"zitadel.hand7s.org" = {
extraConfig = ''
reverse_proxy ${homeIP}:8443
'';
};
};
};
};
}

14
s0mev1rtn0de-nix/services/fail2ban.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
services = {
fail2ban = {
enable = true;
bantime-increment = {
enable = true;
factor = "10";
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
overalljails = true;
maxtime = "500h";
};
};
};
}

7
s0mev1rtn0de-nix/services/netbird.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
services = {
netbird = {
enable = true;
};
};
}

20
s0mev1rtn0de-nix/services/openssh.nix Normal file
View file

@ -0,0 +1,20 @@
{...}: {
services = {
openssh = {
enable = true;
settings = {
PrintMotd = false;
PermitRootLogin = "no";
PasswordAuthentication = false;
MaxAuthTries = 3;
LoginGraceTime = 10;
PermitEmptyPasswords = "no";
ChallengeResponseAuthentication = "no";
KerberosAuthentication = "no";
GSSAPIAuthentication = "no";
X11Forwarding = false;
};
};
};
}

7
s0mev1rtn0de-nix/services/qemuGuest.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
services = {
qemuGuest = {
enable = true;
};
};
}

91
s0mev1rtn0de-nix/services/sing-box.nix Normal file
View file

@ -0,0 +1,91 @@
{
# config,
...
}: {
services = {
sing-box = {
enable = true;
settings = {
log = {
level = "debug";
};
dns = {
servers = [
{
type = "local";
tag = "local";
}
];
final = "local";
strategy = "prefer_ipv6";
};
route = {
final = "direct-out";
auto_detect_interface = true;
};
outbounds = [
{
tag = "direct-out";
type = "direct";
}
];
inbounds = [
{
type = "vless";
tag = "vless-inbound";
listen = "::";
listen_port = 53570;
users = [
{
name = "hand7s_1";
uuid = "${singboxUUID2}";
flow = "xtls-rprx-vision";
}
{
name = "hand7s_2";
uuid = "${singboxUUID2}";
flow = "xtls-rprx-vision";
}
];
tls = rec {
enabled = true;
server_name = "vk.com";
reality = {
enabled = true;
max_time_difference = "5m";
handshake = {
server = server_name;
server_port = 443;
};
private_key = "${singboxKey}";
short_id = [
"${singboxId}"
];
};
};
transport = {
type = "httpupgrade";
};
multiplex = {
enabled = true;
padding = false;
};
}
];
};
};
};
}