From c1d66293aae8e864665156913c037dc73bfbb2a9 Mon Sep 17 00:00:00 2001 From: AXOLOTsh <96595812+AXOLOTsh@users.noreply.github.com> Date: Wed, 28 Jan 2026 11:41:51 +0300 Subject: [PATCH] Initial commit --- TODO.txt | 1 + flake.lock | 141 ++++++++++++++++++ flake.nix | 82 ++++++++++ home/axolotsh-server/home.nix | 12 ++ home/axolotsh-server/index.nix | 9 ++ home/axolotsh-server/packages.nix | 3 + home/axolotsh/home.nix | 12 ++ home/axolotsh/index.nix | 9 ++ home/axolotsh/packages.nix | 3 + home/common/bash-aliases.nix | 21 +++ home/common/fastfetch.nix | 45 ++++++ home/common/git.nix | 12 ++ home/common/packages.nix | 23 +++ home/jam/bash-aliases.nix | 8 + home/jam/home.nix | 12 ++ home/jam/index.nix | 9 ++ home/jam/packages.nix | 3 + home/mirsem/bash-aliases.nix | 8 + home/mirsem/home.nix | 12 ++ home/mirsem/index.nix | 9 ++ home/mirsem/packages.nix | 3 + hosts/axoserver-nix/borg-backup.nix | 20 +++ hosts/axoserver-nix/configuration.nix | 11 ++ hosts/axoserver-nix/disko.nix | 41 +++++ hosts/axoserver-nix/firewall.nix | 6 + .../axoserver-nix/hardware-configuration.nix | 22 +++ hosts/axoserver-nix/index.nix | 26 ++++ hosts/axoserver-nix/openssh-keys.nix | 27 ++++ hosts/axoserver-nix/packages.nix | 3 + hosts/axoserver-nix/users.nix | 19 +++ hosts/axoserver-nix/wg-obfuscator.nix | 14 ++ hosts/axoserver-nix/wg-quick.nix | 19 +++ hosts/axoserver-nix/zabbix-agent.nix | 12 ++ hosts/nix-axolotsh/configuration.nix | 11 ++ hosts/nix-axolotsh/disko.nix | 41 +++++ hosts/nix-axolotsh/firewall.nix | 6 + hosts/nix-axolotsh/index.nix | 19 +++ hosts/nix-axolotsh/users.nix | 3 + install.sh | 15 ++ modules/docker.nix | 3 + modules/openssh.nix | 3 + modules/packages.nix | 6 + modules/system/boot/grub-efi.nix | 6 + modules/system/default-user.nix | 8 + modules/system/experimental-features.nix | 3 + modules/system/filesystem.nix | 3 + modules/system/localization.nix | 17 +++ modules/system/proxy.nix | 4 + modules/system/unfree.nix | 3 + modules/system/wireless.nix | 3 + modules/vscode-server.nix | 4 + update.sh | 2 + 52 files changed, 817 insertions(+) create mode 100644 TODO.txt create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home/axolotsh-server/home.nix create mode 100644 home/axolotsh-server/index.nix create mode 100644 home/axolotsh-server/packages.nix create mode 100644 home/axolotsh/home.nix create mode 100644 home/axolotsh/index.nix create mode 100644 home/axolotsh/packages.nix create mode 100644 home/common/bash-aliases.nix create mode 100644 home/common/fastfetch.nix create mode 100644 home/common/git.nix create mode 100644 home/common/packages.nix create mode 100644 home/jam/bash-aliases.nix create mode 100644 home/jam/home.nix create mode 100644 home/jam/index.nix create mode 100644 home/jam/packages.nix create mode 100644 home/mirsem/bash-aliases.nix create mode 100644 home/mirsem/home.nix create mode 100644 home/mirsem/index.nix create mode 100644 home/mirsem/packages.nix create mode 100644 hosts/axoserver-nix/borg-backup.nix create mode 100644 hosts/axoserver-nix/configuration.nix create mode 100644 hosts/axoserver-nix/disko.nix create mode 100644 hosts/axoserver-nix/firewall.nix create mode 100644 hosts/axoserver-nix/hardware-configuration.nix create mode 100644 hosts/axoserver-nix/index.nix create mode 100644 hosts/axoserver-nix/openssh-keys.nix create mode 100644 hosts/axoserver-nix/packages.nix create mode 100644 hosts/axoserver-nix/users.nix create mode 100644 hosts/axoserver-nix/wg-obfuscator.nix create mode 100644 hosts/axoserver-nix/wg-quick.nix create mode 100644 hosts/axoserver-nix/zabbix-agent.nix create mode 100644 hosts/nix-axolotsh/configuration.nix create mode 100644 hosts/nix-axolotsh/disko.nix create mode 100644 hosts/nix-axolotsh/firewall.nix create mode 100644 hosts/nix-axolotsh/index.nix create mode 100644 hosts/nix-axolotsh/users.nix create mode 100644 install.sh create mode 100644 modules/docker.nix create mode 100644 modules/openssh.nix create mode 100644 modules/packages.nix create mode 100644 modules/system/boot/grub-efi.nix create mode 100644 modules/system/default-user.nix create mode 100644 modules/system/experimental-features.nix create mode 100644 modules/system/filesystem.nix create mode 100644 modules/system/localization.nix create mode 100644 modules/system/proxy.nix create mode 100644 modules/system/unfree.nix create mode 100644 modules/system/wireless.nix create mode 100644 modules/vscode-server.nix create mode 100644 update.sh diff --git a/TODO.txt b/TODO.txt new file mode 100644 index 0000000..dde397b --- /dev/null +++ b/TODO.txt @@ -0,0 +1 @@ +Add global config \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..78190ca --- /dev/null +++ b/flake.lock @@ -0,0 +1,141 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "owner": "nix-community", + "repo": "disko", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766387499, + "narHash": "sha256-AjK3/UKDzeXFeYNLVBaJ3+HLE9he1g5UrlNd4/BM3eA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "527ad07e6625302b648ed3b28c34b62a79bd103e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1766309749, + "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable", + "wg-obfuscator": "wg-obfuscator" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "wg-obfuscator": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762900842, + "narHash": "sha256-WqYoVlA+InB8afJYBromw/3oy37FG/I01ES2g/K8T04=", + "owner": "ClusterM", + "repo": "wg-obfuscator", + "rev": "ab65bea13081c01ba21d4f8157efd49e3dae9b0e", + "type": "github" + }, + "original": { + "owner": "ClusterM", + "repo": "wg-obfuscator", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..cea99d6 --- /dev/null +++ b/flake.nix @@ -0,0 +1,82 @@ +{ + description = "Server Nix Flake by AXOLOTsh"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + wg-obfuscator = { + url = "github:ClusterM/wg-obfuscator"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, nixpkgs-stable, home-manager, ... } @ inputs: + let + system = "x86_64-linux"; + + pkgs-stable = import nixpkgs-stable { + inherit system; + config.allowUnfree = true; + }; + in { + nixosConfigurations = { + + nix-axolotsh = nixpkgs.lib.nixosSystem { + inherit system; + + specialArgs = { inherit inputs pkgs-stable self; }; + + modules = [ + ./hosts/nix-axolotsh/configuration.nix + + ./hosts/nix-axolotsh/disko.nix + inputs.disko.nixosModules.disko + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit inputs pkgs-stable self; }; + home-manager.users.axolotsh = import ./home/axolotsh/home.nix; + } + ]; + }; + + axoserver-nix = nixpkgs.lib.nixosSystem { + inherit system; + + specialArgs = { inherit inputs pkgs-stable self; }; + + modules = [ + ./hosts/axoserver-nix/configuration.nix + + ./hosts/axoserver-nix/disko.nix + inputs.disko.nixosModules.disko + inputs.wg-obfuscator.nixosModules.default + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit inputs pkgs-stable self; }; + home-manager.users.axolotsh = import ./home/axolotsh-server/home.nix; + home-manager.users.mirsem = import ./home/mirsem/home.nix; + home-manager.users.jam = import ./home/jam/home.nix; + } + ]; + }; + + }; + }; +} \ No newline at end of file diff --git a/home/axolotsh-server/home.nix b/home/axolotsh-server/home.nix new file mode 100644 index 0000000..3a4b4e3 --- /dev/null +++ b/home/axolotsh-server/home.nix @@ -0,0 +1,12 @@ +{ ... } : { + programs.home-manager.enable = true; + home = { + username = "axolotsh"; + homeDirectory = "/home/axolotsh"; + stateVersion = "25.05"; + }; + + imports = [ + ./index.nix + ]; +} diff --git a/home/axolotsh-server/index.nix b/home/axolotsh-server/index.nix new file mode 100644 index 0000000..3e3b753 --- /dev/null +++ b/home/axolotsh-server/index.nix @@ -0,0 +1,9 @@ +{ self, ... } : { + imports = [ + "${self}/home/common/bash-aliases.nix" + "${self}/home/common/git.nix" + "${self}/home/common/fastfetch.nix" + + ./packages.nix + ]; +} \ No newline at end of file diff --git a/home/axolotsh-server/packages.nix b/home/axolotsh-server/packages.nix new file mode 100644 index 0000000..ee95244 --- /dev/null +++ b/home/axolotsh-server/packages.nix @@ -0,0 +1,3 @@ +{ self, pkgs, ... } : { + imports = [ "${self}/home/common/packages.nix" ]; +} \ No newline at end of file diff --git a/home/axolotsh/home.nix b/home/axolotsh/home.nix new file mode 100644 index 0000000..3a4b4e3 --- /dev/null +++ b/home/axolotsh/home.nix @@ -0,0 +1,12 @@ +{ ... } : { + programs.home-manager.enable = true; + home = { + username = "axolotsh"; + homeDirectory = "/home/axolotsh"; + stateVersion = "25.05"; + }; + + imports = [ + ./index.nix + ]; +} diff --git a/home/axolotsh/index.nix b/home/axolotsh/index.nix new file mode 100644 index 0000000..3e3b753 --- /dev/null +++ b/home/axolotsh/index.nix @@ -0,0 +1,9 @@ +{ self, ... } : { + imports = [ + "${self}/home/common/bash-aliases.nix" + "${self}/home/common/git.nix" + "${self}/home/common/fastfetch.nix" + + ./packages.nix + ]; +} \ No newline at end of file diff --git a/home/axolotsh/packages.nix b/home/axolotsh/packages.nix new file mode 100644 index 0000000..ee95244 --- /dev/null +++ b/home/axolotsh/packages.nix @@ -0,0 +1,3 @@ +{ self, pkgs, ... } : { + imports = [ "${self}/home/common/packages.nix" ]; +} \ No newline at end of file diff --git a/home/common/bash-aliases.nix b/home/common/bash-aliases.nix new file mode 100644 index 0000000..7c2f8b3 --- /dev/null +++ b/home/common/bash-aliases.nix @@ -0,0 +1,21 @@ +{ self, ... } : { + programs.bash = { + enable = true; + shellAliases = { + editor = "nano"; + + sync = "cd ${self} && git pull && cd -"; + + rebuild = "sudo nixos-rebuild switch --flake ${self}"; + + nix-path = "cd ${self}"; + gen-list = "sudo nix-env -p /nix/var/nix/profiles/system --list-generations"; + clean = "sudo nix-collect-garbage -d"; + update = "sudo nix-channel --update"; + update-flake = "cd ${self} && nix flake update && cd -"; + upgrade = "sudo nixos-rebuild switch --upgrade --flake ${self}"; + + search = "nix search"; + }; + }; +} \ No newline at end of file diff --git a/home/common/fastfetch.nix b/home/common/fastfetch.nix new file mode 100644 index 0000000..3ff89f8 --- /dev/null +++ b/home/common/fastfetch.nix @@ -0,0 +1,45 @@ +{ pkgs, ... } : { + home.packages = with pkgs; [ + fastfetch + ]; + + programs.fastfetch = { + enable = true; + settings = { + logo = { + source = "nixos"; + type = "auto"; + }; + display = { + separator = " › "; + }; + modules = [ + "title" + "separator" + "os" + "kernel" + "uptime" + "packages" + "shell" + "terminal" + "cpu" + "gpu" + "memory" + "swap" + "disk" + "locale" + "localip" + "break" + "colors" + ]; + }; + }; + + programs.bash = { + enable = true; + shellAliases = { + fetch = "fastfetch"; + }; + initExtra = "fetch"; + }; +} \ No newline at end of file diff --git a/home/common/git.nix b/home/common/git.nix new file mode 100644 index 0000000..38b010d --- /dev/null +++ b/home/common/git.nix @@ -0,0 +1,12 @@ +{ ... } : { + programs.git = { + enable = true; + settings = { + user = { + name = "AXOLOTsh"; + email = "96595812+AXOLOTsh@users.noreply.github.com"; + }; + init.defaultBranch = "main"; + }; + }; +} \ No newline at end of file diff --git a/home/common/packages.nix b/home/common/packages.nix new file mode 100644 index 0000000..909c616 --- /dev/null +++ b/home/common/packages.nix @@ -0,0 +1,23 @@ +{ pkgs, ... } : { + home.packages = with pkgs; [ + # region Tools + git + gh + + screen + + mc + + btop + + wget + traceroute + dnsutils + + atool + zip + unzip + p7zip + # endregion + ]; +} \ No newline at end of file diff --git a/home/jam/bash-aliases.nix b/home/jam/bash-aliases.nix new file mode 100644 index 0000000..44928ee --- /dev/null +++ b/home/jam/bash-aliases.nix @@ -0,0 +1,8 @@ +{ self, ... } : { + programs.bash = { + enable = true; + shellAliases = { + editor = "nano"; + }; + }; +} \ No newline at end of file diff --git a/home/jam/home.nix b/home/jam/home.nix new file mode 100644 index 0000000..1940cd8 --- /dev/null +++ b/home/jam/home.nix @@ -0,0 +1,12 @@ +{ ... } : { + programs.home-manager.enable = true; + home = { + username = "jam"; + homeDirectory = "/home/jam"; + stateVersion = "25.05"; + }; + + imports = [ + ./index.nix + ]; +} \ No newline at end of file diff --git a/home/jam/index.nix b/home/jam/index.nix new file mode 100644 index 0000000..a5e392b --- /dev/null +++ b/home/jam/index.nix @@ -0,0 +1,9 @@ +{ self, ... } : { + imports = [ + "${self}/home/common/fastfetch.nix" + + ./bash-aliases.nix + + ./packages.nix + ]; +} \ No newline at end of file diff --git a/home/jam/packages.nix b/home/jam/packages.nix new file mode 100644 index 0000000..ee95244 --- /dev/null +++ b/home/jam/packages.nix @@ -0,0 +1,3 @@ +{ self, pkgs, ... } : { + imports = [ "${self}/home/common/packages.nix" ]; +} \ No newline at end of file diff --git a/home/mirsem/bash-aliases.nix b/home/mirsem/bash-aliases.nix new file mode 100644 index 0000000..44928ee --- /dev/null +++ b/home/mirsem/bash-aliases.nix @@ -0,0 +1,8 @@ +{ self, ... } : { + programs.bash = { + enable = true; + shellAliases = { + editor = "nano"; + }; + }; +} \ No newline at end of file diff --git a/home/mirsem/home.nix b/home/mirsem/home.nix new file mode 100644 index 0000000..77b141c --- /dev/null +++ b/home/mirsem/home.nix @@ -0,0 +1,12 @@ +{ ... } : { + programs.home-manager.enable = true; + home = { + username = "mirsem"; + homeDirectory = "/home/mirsem"; + stateVersion = "25.05"; + }; + + imports = [ + ./index.nix + ]; +} \ No newline at end of file diff --git a/home/mirsem/index.nix b/home/mirsem/index.nix new file mode 100644 index 0000000..a5e392b --- /dev/null +++ b/home/mirsem/index.nix @@ -0,0 +1,9 @@ +{ self, ... } : { + imports = [ + "${self}/home/common/fastfetch.nix" + + ./bash-aliases.nix + + ./packages.nix + ]; +} \ No newline at end of file diff --git a/home/mirsem/packages.nix b/home/mirsem/packages.nix new file mode 100644 index 0000000..ee95244 --- /dev/null +++ b/home/mirsem/packages.nix @@ -0,0 +1,3 @@ +{ self, pkgs, ... } : { + imports = [ "${self}/home/common/packages.nix" ]; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/borg-backup.nix b/hosts/axoserver-nix/borg-backup.nix new file mode 100644 index 0000000..2cab279 --- /dev/null +++ b/hosts/axoserver-nix/borg-backup.nix @@ -0,0 +1,20 @@ +{ pkgs, ... } : { + environment.systemPackages = with pkgs; [ + borgbackup + ]; + services.borgbackup.jobs.minecraft-java = { + paths = "/data/server-data/minecraft-java"; + encryption.mode = "none"; + environment.BORG_RSH = "ssh -i /root/.ssh/backup-ubuntu"; + repo = "ssh://borg@10.4.10.14:22/home/borg/backups"; + compression = "auto,zstd"; + startAt = "daily"; + + extraArgs = "--show-rc --stats"; + exclude = [ + "*.db-wal" + "*.db-shm" + "/data/server-data/minecraft-java/logs" + ]; + }; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/configuration.nix b/hosts/axoserver-nix/configuration.nix new file mode 100644 index 0000000..6050dfc --- /dev/null +++ b/hosts/axoserver-nix/configuration.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... } : { + imports = [ + ./hardware-configuration.nix + ./index.nix + ]; + + networking.networkmanager.enable = true; + networking.hostName = "axoserver-nix"; + + system.stateVersion = "25.05"; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/disko.nix b/hosts/axoserver-nix/disko.nix new file mode 100644 index 0000000..1c7d636 --- /dev/null +++ b/hosts/axoserver-nix/disko.nix @@ -0,0 +1,41 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "256M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + swap = { + size = "4G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/firewall.nix b/hosts/axoserver-nix/firewall.nix new file mode 100644 index 0000000..9c868ee --- /dev/null +++ b/hosts/axoserver-nix/firewall.nix @@ -0,0 +1,6 @@ +{ ... } : { + # networking.firewall.enable = false; + + networking.firewall.allowedTCPPorts = [ 25565 ]; + networking.firewall.allowedUDPPorts = [ 25565 ]; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/hardware-configuration.nix b/hosts/axoserver-nix/hardware-configuration.nix new file mode 100644 index 0000000..b194d23 --- /dev/null +++ b/hosts/axoserver-nix/hardware-configuration.nix @@ -0,0 +1,22 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + swapDevices = + [ { device = "/dev/disk/by-uuid/7a9a936c-f998-43f1-b674-0313688f8316"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/axoserver-nix/index.nix b/hosts/axoserver-nix/index.nix new file mode 100644 index 0000000..0b0bd46 --- /dev/null +++ b/hosts/axoserver-nix/index.nix @@ -0,0 +1,26 @@ +{ self, ... } : { + imports = [ + "${self}/modules/system/boot/grub-efi.nix" + + "${self}/modules/system/filesystem.nix" + "${self}/modules/system/experimental-features.nix" + "${self}/modules/system/unfree.nix" + + "${self}/modules/system/localization.nix" + + "${self}/modules/openssh.nix" + "${self}/modules/docker.nix" + "${self}/modules/vscode-server.nix" + + ./users.nix + ./openssh-keys.nix + + ./firewall.nix + ./wg-obfuscator.nix + ./wg-quick.nix + ./zabbix-agent.nix + ./borg-backup.nix + + ./packages.nix + ]; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/openssh-keys.nix b/hosts/axoserver-nix/openssh-keys.nix new file mode 100644 index 0000000..386decd --- /dev/null +++ b/hosts/axoserver-nix/openssh-keys.nix @@ -0,0 +1,27 @@ +{ ... } : { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + users.users.axolotsh = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3fi+aocgGe2gG4TbY47BZ7GAZM/VIEO4KAh/+kAtWB axolotsh@win-axolotsh" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRjyyOvThQ7jUBQFIioCt53Spdv9XHqp5S5TslYCvLF u0_a295@localhost" + ]; + }; + users.users.mirsem = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfGbufs4SzRVWUay9YNneuHd9uyYDvvRtEGHI0P2Xcb mirse@MirsemPC" + ]; + }; + users.users.jam = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1GvtRb2jb20qApbZqy785GPPLBrRWn3iUumJu3PGbE aporuchikov@user-MS-7C96" + ]; + }; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/packages.nix b/hosts/axoserver-nix/packages.nix new file mode 100644 index 0000000..f193c13 --- /dev/null +++ b/hosts/axoserver-nix/packages.nix @@ -0,0 +1,3 @@ +{ self, pkgs, ... } : { + imports = [ "${self}/modules/packages.nix" ]; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/users.nix b/hosts/axoserver-nix/users.nix new file mode 100644 index 0000000..99aa7e0 --- /dev/null +++ b/hosts/axoserver-nix/users.nix @@ -0,0 +1,19 @@ +{ self, ... } : { + # imports = [ "${self}/modules/system/default-user.nix" ]; + + users.groups.server = {}; + users.users = { + axolotsh = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" "docker" "server" ]; + }; + mirsem = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" "docker" "server" ]; + }; + jam = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" "docker" "server" ]; + }; + }; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/wg-obfuscator.nix b/hosts/axoserver-nix/wg-obfuscator.nix new file mode 100644 index 0000000..d6d20c9 --- /dev/null +++ b/hosts/axoserver-nix/wg-obfuscator.nix @@ -0,0 +1,14 @@ +{ inputs, pkgs, ... } : { + services.wg-obfuscator = { + enable = true; + + instances.client = { + enable = true; + listenPort = 51821; + target = "168.222.255.234:21377"; + key = "SPERMAUNITAZ"; + masking = "AUTO"; + interface = "0.0.0.0"; + }; + }; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/wg-quick.nix b/hosts/axoserver-nix/wg-quick.nix new file mode 100644 index 0000000..6dba555 --- /dev/null +++ b/hosts/axoserver-nix/wg-quick.nix @@ -0,0 +1,19 @@ +{ ... } : { + networking.wg-quick.interfaces.wg0 = { + address = [ "10.1.10.2/24" ]; + + privateKey = "2IzITd4epbSgALua8DKX2UC151o6F6q7l6J9/Ib+znk="; + + peers = [ + { + publicKey = "meFmsUmqtLtaexVpWvWWWXnKiUarSahZD75lZONJVUE="; + + allowedIPs = [ "10.1.10.0/24" ]; + + endpoint = "127.0.0.1:51821"; + + persistentKeepalive = 60; + } + ]; + }; +} \ No newline at end of file diff --git a/hosts/axoserver-nix/zabbix-agent.nix b/hosts/axoserver-nix/zabbix-agent.nix new file mode 100644 index 0000000..0df16ef --- /dev/null +++ b/hosts/axoserver-nix/zabbix-agent.nix @@ -0,0 +1,12 @@ +{ pkgs, ... } : { + services.zabbixAgent = { + enable = true; + package = pkgs.zabbix.agent; + server = "10.6.0.1"; + settings = { + ServerActive = "10.6.0.18"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 10050 ]; +} \ No newline at end of file diff --git a/hosts/nix-axolotsh/configuration.nix b/hosts/nix-axolotsh/configuration.nix new file mode 100644 index 0000000..a194f5b --- /dev/null +++ b/hosts/nix-axolotsh/configuration.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... } : { + imports = [ + ./hardware-configuration.nix + ./index.nix + ]; + + networking.networkmanager.enable = true; + networking.hostName = "nix-axolotsh"; + + system.stateVersion = "25.05"; +} \ No newline at end of file diff --git a/hosts/nix-axolotsh/disko.nix b/hosts/nix-axolotsh/disko.nix new file mode 100644 index 0000000..1c7d636 --- /dev/null +++ b/hosts/nix-axolotsh/disko.nix @@ -0,0 +1,41 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "256M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + swap = { + size = "4G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/nix-axolotsh/firewall.nix b/hosts/nix-axolotsh/firewall.nix new file mode 100644 index 0000000..a87dbb3 --- /dev/null +++ b/hosts/nix-axolotsh/firewall.nix @@ -0,0 +1,6 @@ +{ ... } : { + networking.firewall.enable = false; + + # networking.firewall.allowedTCPPorts = [ ]; + # networking.firewall.allowedUDPPorts = [ ]; +} \ No newline at end of file diff --git a/hosts/nix-axolotsh/index.nix b/hosts/nix-axolotsh/index.nix new file mode 100644 index 0000000..0994311 --- /dev/null +++ b/hosts/nix-axolotsh/index.nix @@ -0,0 +1,19 @@ +{ self, ... } : { + imports = [ + "${self}/modules/system/boot/grub-efi.nix" + + "${self}/modules/system/filesystem.nix" + "${self}/modules/system/experimental-features.nix" + "${self}/modules/system/unfree.nix" + + "${self}/modules/system/localization.nix" + + "${self}/modules/packages.nix" + + "${self}/modules/openssh.nix" + "${self}/modules/vscode-server.nix" + + ./users.nix + ./firewall.nix + ]; +} \ No newline at end of file diff --git a/hosts/nix-axolotsh/users.nix b/hosts/nix-axolotsh/users.nix new file mode 100644 index 0000000..932ead2 --- /dev/null +++ b/hosts/nix-axolotsh/users.nix @@ -0,0 +1,3 @@ +{ self, ... } : { + imports = [ "${self}/modules/system/default-user.nix" ]; +} \ No newline at end of file diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..097107d --- /dev/null +++ b/install.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +set -e +if [ -z "$1" ]; then + echo "Error: argument is missing." + echo "Usage: $0 " + exit 1 +fi + +HOST_NAME=$1 + +sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount "./hosts/$HOST_NAME/disko.nix" +sudo nixos-generate-config --root /tmp/ +sudo cp /tmp/etc/nixos/hardware-configuration.nix "./hosts/$HOST_NAME/" +sudo git add . +sudo nixos-install --flake ".#$HOST_NAME" --root /mnt/ \ No newline at end of file diff --git a/modules/docker.nix b/modules/docker.nix new file mode 100644 index 0000000..b5c45d9 --- /dev/null +++ b/modules/docker.nix @@ -0,0 +1,3 @@ +{ ... } : { + virtualisation.docker.enable = true; +} \ No newline at end of file diff --git a/modules/openssh.nix b/modules/openssh.nix new file mode 100644 index 0000000..1da5f4b --- /dev/null +++ b/modules/openssh.nix @@ -0,0 +1,3 @@ +{ ... } : { + services.openssh.enable = true; +} \ No newline at end of file diff --git a/modules/packages.nix b/modules/packages.nix new file mode 100644 index 0000000..adc6a47 --- /dev/null +++ b/modules/packages.nix @@ -0,0 +1,6 @@ +{ pkgs, ... } : { + environment.systemPackages = with pkgs; [ + icu + glibc + ]; +} \ No newline at end of file diff --git a/modules/system/boot/grub-efi.nix b/modules/system/boot/grub-efi.nix new file mode 100644 index 0000000..1a217e5 --- /dev/null +++ b/modules/system/boot/grub-efi.nix @@ -0,0 +1,6 @@ +{ ... } : { + boot.loader.grub.enable = true; + boot.loader.grub.device = "nodev"; + boot.loader.grub.efiSupport = true; + boot.loader.efi.canTouchEfiVariables = true; +} \ No newline at end of file diff --git a/modules/system/default-user.nix b/modules/system/default-user.nix new file mode 100644 index 0000000..21e9ca7 --- /dev/null +++ b/modules/system/default-user.nix @@ -0,0 +1,8 @@ +{ ... } : { + users.users = { + axolotsh = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + }; + }; +} \ No newline at end of file diff --git a/modules/system/experimental-features.nix b/modules/system/experimental-features.nix new file mode 100644 index 0000000..d63fcc7 --- /dev/null +++ b/modules/system/experimental-features.nix @@ -0,0 +1,3 @@ +{ ... } : { + nix.settings.experimental-features = [ "nix-command" "flakes" ]; +} \ No newline at end of file diff --git a/modules/system/filesystem.nix b/modules/system/filesystem.nix new file mode 100644 index 0000000..fb2a5e1 --- /dev/null +++ b/modules/system/filesystem.nix @@ -0,0 +1,3 @@ +{ ... } : { + boot.supportedFilesystems = [ "ntfs" ]; +} \ No newline at end of file diff --git a/modules/system/localization.nix b/modules/system/localization.nix new file mode 100644 index 0000000..55ca403 --- /dev/null +++ b/modules/system/localization.nix @@ -0,0 +1,17 @@ +{ ... } : { + time.timeZone = "Europe/Moscow"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "ru_RU.UTF-8"; + LC_IDENTIFICATION = "ru_RU.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "ru_RU.UTF-8"; + LC_NAME = "ru_RU.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "ru_RU.UTF-8"; + LC_TELEPHONE = "ru_RU.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; +} \ No newline at end of file diff --git a/modules/system/proxy.nix b/modules/system/proxy.nix new file mode 100644 index 0000000..d29e3bf --- /dev/null +++ b/modules/system/proxy.nix @@ -0,0 +1,4 @@ +{ ... } : { + networking.proxy.default = "http://user:password@proxy:port/"; + networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; +} \ No newline at end of file diff --git a/modules/system/unfree.nix b/modules/system/unfree.nix new file mode 100644 index 0000000..cecdb12 --- /dev/null +++ b/modules/system/unfree.nix @@ -0,0 +1,3 @@ +{ ... } : { + nixpkgs.config.allowUnfree = true; +} \ No newline at end of file diff --git a/modules/system/wireless.nix b/modules/system/wireless.nix new file mode 100644 index 0000000..5358875 --- /dev/null +++ b/modules/system/wireless.nix @@ -0,0 +1,3 @@ +{ ... } : { + networking.wireless.enable = true; +} \ No newline at end of file diff --git a/modules/vscode-server.nix b/modules/vscode-server.nix new file mode 100644 index 0000000..24e7835 --- /dev/null +++ b/modules/vscode-server.nix @@ -0,0 +1,4 @@ +{ pkgs, ... } : { + environment.systemPackages = with pkgs; [ vscode.fhs ]; + programs.nix-ld.enable = true; +} \ No newline at end of file diff --git a/update.sh b/update.sh new file mode 100644 index 0000000..55be63b --- /dev/null +++ b/update.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +sudo nixos-rebuild switch --flake . \ No newline at end of file