s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

viola: upstream

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-02-08 22:38:28 +03:00
parent a50ae76a23
commit e6c9d19b0f
61 changed files with 492 additions and 244 deletions
Download patch file Download diff file Expand all files Collapse all files

12
viola/services/garage.nix Normal file
View file

@ -0,0 +1,12 @@
{pkgs, ...}: {
services = {
garage = {
enable = true;
package = pkgs.garage;
logLevel = "error";
settings = {
# nope
};
};
};
}

2
viola/services/irqbalance.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
services = {
irqbalance = {
enable = true;

2
viola/services/libinput.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
services = {
libinput = {
enable = true;

2
viola/services/netbird.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
services = {
netbird = {
enable = true;

2
viola/services/pipewire.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
services = {
pipewire = {
enable = true;

56
viola/services/postgresql.nix Normal file
View file

@ -0,0 +1,56 @@
{pkgs, ...}: {
services = {
postgresql = {
enable = true;
enableTCPIP = true;
checkConfig = true;
ensureUsers = [
{
name = "forgejo";
ensureDBOwnership = true;
}
{
name = "vaultwarden";
ensureDBOwnership = true;
}
{
name = "woodpecker";
ensureDBOwnership = true;
}
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses = {
login = true;
superuser = true;
};
}
{
name = "stalwart";
ensureDBOwnership = true;
}
];
ensureDatabases = [
"vaultwarden"
"forgejo"
"woodpecker"
"stalwart"
"zitadel"
];
initialScript = ""; # nope
authentication = ""; #nope
settings = {
port = ${dbport};
};
};
};
}

152
viola/services/redis.nix Normal file
View file

@ -0,0 +1,152 @@
{pkgs, ...}: {
services = {
redis = {
package = pkgs.valkey;
servers = {
"forgejo" = {
enable = true;
port = ${cacheport1};
logLevel = "warning";
databases = 16;
maxclients = 10000;
requirePass = ${cachepass1};
settings = {
stop-writes-on-bgsave-error = "yes";
rdbcompression = "yes";
rdbchecksum = "yes";
maxmemory = "1GB";
maxmemory-policy = "volatile-lru";
maxmemory-samples = 3;
};
save = [
[
900
1
]
[
300
10
]
[
60
1000
]
];
};
"woodpecker" = {
enable = false;
port = ${cacheport2};
logLevel = "warning";
databases = 16;
maxclients = 10000;
requirePass = ${cachepass2};
settings = {
stop-writes-on-bgsave-error = "yes";
rdbcompression = "yes";
rdbchecksum = "yes";
maxmemory = "1GB";
maxmemory-policy = "volatile-lru";
maxmemory-samples = 3;
};
save = [
[
900
1
]
[
300
10
]
[
60
1000
]
];
};
"stalwart" = {
enable = true;
port = ${cacheport3};
logLevel = "warning";
databases = 16;
maxclients = 10000;
requirePass = ${cachepass3};
settings = {
stop-writes-on-bgsave-error = "yes";
rdbcompression = "yes";
rdbchecksum = "yes";
maxmemory = "1GB";
maxmemory-policy = "volatile-lru";
maxmemory-samples = 3;
};
save = [
[
900
1
]
[
300
10
]
[
60
1000
]
];
};
"zitadel" = {
enable = true;
port = ${cacheport4};
logLevel = "warning";
databases = 16;
maxclients = 10000;
requirePass = ${cachepass4};
settings = {
stop-writes-on-bgsave-error = "yes";
rdbcompression = "yes";
rdbchecksum = "yes";
maxmemory = "1GB";
maxmemory-policy = "volatile-lru";
maxmemory-samples = 3;
};
save = [
[
900
1
]
[
300
10
]
[
60
1000
]
];
};
};
};
};
}

3
viola/services/scx.nix
View file

@ -1,8 +1,7 @@
{...}: {
_: {
services = {
scx = {
enable = true;
# package = pkgs.scx_git.full;
scheduler = "scx_lavd";
};
};

135
viola/services/stalwart.nix Normal file
View file

@ -0,0 +1,135 @@
_: {
services = {
stalwart-mail = {
enable = true;
settings = {
acme = {
"cloudflare" = {
default = true;
challenge = "dns-01";
provider = "cloudflare";
origin = "hand7s.org";
secret = ${mail_secret};
contact = [
"me@hand7s.org"
];
email = "me@hand7s.org";
directory = "https://acme-staging-v02.api.letsencrypt.org/directory";
domains = [
"mail.hand7s.org"
];
};
};
server = {
hostname = "mail.hand7s.org";
proxy = {
trusted-networks = [
"::1"
"100.109.213.170/16"
];
};
listener = {
"lmtp" = {
bind = "[::]:24";
protocol = "lmtp";
};
"smtp" = {
bind = "[::]:25";
protocol = "smtp";
};
"pop3" = {
bind = "[::]:110";
protocol = "pop3";
};
"imap" = {
bind = "[::]:143";
protocol = "imap";
};
"submissions" = {
bind = "[::]:465";
protocol = "smtp";
};
"submission" = {
bind = "[::]:587";
protocol = "smtp";
};
"imaptls" = {
bind = "[::]:993";
protocol = "smtp";
};
"pop3s" = {
bind = "[::]:995";
protocol = "pop3";
};
"sieve" = {
bind = "[::]:4190";
protocol = "managesieve";
};
"management" = {
protocol = "http";
bind = [
"127.0.0.1:8980"
];
};
};
};
lookup = {
default = {
hostname = "mail.hand7s.org";
domain = "hand7s.org";
};
};
storage = {
data = "postgresql";
blob = "s3";
fts = "postgresql";
lookup = "redis";
};
store = {
# nope
# i'm not redacting my main config
# here to show it here
# refer to stalwart mail
# ty
};
authentication = {
fallback-admin = {
user = "admin";
secret = "admin";
};
};
tracer = {
journal = {
enable = true;
type = "journal";
level = "debug";
};
console = {
enable = true;
type = "console";
level = "trace";
};
};
};
};
};
}

12
viola/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
services = {
vaultwarden = {
enable = true;
dbBackend = "postgresql";
config = {
# holy private thing
# im NOT sharing it here
};
};
};
}

20
viola/services/woodpecker.nix Normal file
View file

@ -0,0 +1,20 @@
_: {
services = {
woodpecker-server = {
enable = false;
environment = {
WOODPECKER_OPEN = "true";
WOODPECKER_DATABASE_DRIVER = "postgres";
WOODPECKER_DATABASE_DATASOURCE = ${pqsql_socket};
WOODPECKER_SERVER_ADDR = ${ciport1};
WOODPECKER_GRPC_ADDR = ${ciport1};
WOODPECKER_HOST = "https://cicd.hand7s.org";
WOODPECKER_FORGEJO = "true";
WOODPECKER_FORGEJO_URL = "https://git.hand7s.org";
WOODPECKER_FORGEJO_CLIENT = ${cisecret1};
FORGEJO_SECRET = ${cisecret2};
};
};
};
}

145
viola/services/zapret.nix
View file

@ -1,145 +0,0 @@
{...}: {
services = {
zapret = {
enable = true;
configureFirewall = true;
qnum = 350;
params = [
"--wssize 1:6"
"--filter-tcp=80"
"--dpi-desync=multisplit"
"--dpi-desync-split-pos=10"
"--dpi-desync-repeats=6"
"--new"
"--filter-tcp=443"
"--dpi-desync=multidisorder"
"--dpi-desync-split-pos=1,midsld"
"--new"
"--filter-tcp=443"
"--dpi-desync=syndata"
"--dpi-desync-fake-syndata=0x00000000"
"--dpi-desync-ttl=10"
"--new"
"--filter-udp=443"
"--dpi-desync=fake"
"--dpi-desync-repeats=6"
"--dpi-desync-fake-quic=0x00000000"
"--new"
"--filter-udp=443"
"--dpi-desync=fake,udplen"
"--dpi-desync-udplen-increment=5"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-cutoff=n3"
"--dpi-desync-repeats=2"
"--new"
"--filter-tcp=443"
"--dpi-desync=split"
"--dpi-desync-fooling=md5sig,badseq"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync-repeats=10"
"--new"
"--filter-tcp=443"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-seqovl=2"
"--dpi-desync-split-pos=2"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=443"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-seqovl=2"
"--dpi-desync-split-pos=2"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=80"
"--dpi-desync=fake,split2"
"--dpi-desync-fooling=md5sig"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-autottl"
"--new"
"--filter-tcp=80"
"--dpi-desync-ttl=1"
"--dpi-desync-autottl=2"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync=fake,split2"
"--dpi-desync-repeats=6"
"--dpi-desync-fooling=md5sig"
"--new"
];
whitelist = [
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"youtubeembeddedplayer.googleapis.com"
"ytimg.l.google.com"
"ytimg.com"
"jnn-pa.googleapis.com"
"youtube-nocookie.com"
"youtube-ui.l.google.com"
"yt-video-upload.l.google.com"
"wide-youtube.l.google.com"
"youtubekids.com"
"ggpht.com"
"music.youtube.com"
"test.googlevideo.com"
"discord.com"
"gateway.discord.gg"
"cdn.discordapp.com"
"discordapp.net"
"discordapp.com"
"discord.gg"
"media.discordapp.net"
"images-ext-1.discordapp.net"
"discord.app"
"discord.media"
"discordcdn.com"
"discord.dev"
"discord.new"
"discord.gift"
"discordstatus.com"
"dis.gd"
"discord.co"
"discord-attachments-uploads-prd.storage.googleapis.com"
"7tv.app"
"7tv.io"
"10tv.app"
"x.com"
"t.co"
"ads-twitter.com"
"twimg.com"
"twitter.com"
"pscp.tv"
"twtrdns.net"
"twttr.com"
"periscope.tv"
"tweetdeck.com"
"twitpic.com"
"twitter.co"
"twitterinc.com"
"twitteroauth.com"
"twitterstat.us"
];
};
};
}

10
viola/services/zerotier.nix
View file

@ -1,10 +0,0 @@
{...}: {
services = {
zerotierone = {
enable = false;
joinNetworks = [
# nope
];
};
};
}