axolotsh/nix-flake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
AXOLOTsh
2026-01-28 11:41:51 +03:00
commit c1d66293aa
52 changed files with 817 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/axoserver-nix/borg-backup.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... } : {
environment.systemPackages = with pkgs; [
borgbackup
];
services.borgbackup.jobs.minecraft-java = {
paths = "/data/server-data/minecraft-java";
encryption.mode = "none";
environment.BORG_RSH = "ssh -i /root/.ssh/backup-ubuntu";
repo = "ssh://borg@10.4.10.14:22/home/borg/backups";
compression = "auto,zstd";
startAt = "daily";
extraArgs = "--show-rc --stats";
exclude = [
"*.db-wal"
"*.db-shm"
"/data/server-data/minecraft-java/logs"
];
};
}

11
hosts/axoserver-nix/configuration.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... } : {
imports = [
./hardware-configuration.nix
./index.nix
];
networking.networkmanager.enable = true;
networking.hostName = "axoserver-nix";
system.stateVersion = "25.05";
}

41
hosts/axoserver-nix/disko.nix Normal file
View File

@@ -0,0 +1,41 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
size = "256M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

6
hosts/axoserver-nix/firewall.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... } : {
# networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [ 25565 ];
networking.firewall.allowedUDPPorts = [ 25565 ];
}

22
hosts/axoserver-nix/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,22 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
swapDevices =
[ { device = "/dev/disk/by-uuid/7a9a936c-f998-43f1-b674-0313688f8316"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

26
hosts/axoserver-nix/index.nix Normal file
View File

@@ -0,0 +1,26 @@
{ self, ... } : {
imports = [
"${self}/modules/system/boot/grub-efi.nix"
"${self}/modules/system/filesystem.nix"
"${self}/modules/system/experimental-features.nix"
"${self}/modules/system/unfree.nix"
"${self}/modules/system/localization.nix"
"${self}/modules/openssh.nix"
"${self}/modules/docker.nix"
"${self}/modules/vscode-server.nix"
./users.nix
./openssh-keys.nix
./firewall.nix
./wg-obfuscator.nix
./wg-quick.nix
./zabbix-agent.nix
./borg-backup.nix
./packages.nix
];
}

27
hosts/axoserver-nix/openssh-keys.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... } : {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
users.users.axolotsh = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3fi+aocgGe2gG4TbY47BZ7GAZM/VIEO4KAh/+kAtWB axolotsh@win-axolotsh"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRjyyOvThQ7jUBQFIioCt53Spdv9XHqp5S5TslYCvLF u0_a295@localhost"
];
};
users.users.mirsem = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfGbufs4SzRVWUay9YNneuHd9uyYDvvRtEGHI0P2Xcb mirse@MirsemPC"
];
};
users.users.jam = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1GvtRb2jb20qApbZqy785GPPLBrRWn3iUumJu3PGbE aporuchikov@user-MS-7C96"
];
};
}

3
hosts/axoserver-nix/packages.nix Normal file
View File

@@ -0,0 +1,3 @@
{ self, pkgs, ... } : {
imports = [ "${self}/modules/packages.nix" ];
}

19
hosts/axoserver-nix/users.nix Normal file
View File

@@ -0,0 +1,19 @@
{ self, ... } : {
# imports = [ "${self}/modules/system/default-user.nix" ];
users.groups.server = {};
users.users = {
axolotsh = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" "server" ];
};
mirsem = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" "server" ];
};
jam = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" "server" ];
};
};
}

14
hosts/axoserver-nix/wg-obfuscator.nix Normal file
View File

@@ -0,0 +1,14 @@
{ inputs, pkgs, ... } : {
services.wg-obfuscator = {
enable = true;
instances.client = {
enable = true;
listenPort = 51821;
target = "168.222.255.234:21377";
key = "SPERMAUNITAZ";
masking = "AUTO";
interface = "0.0.0.0";
};
};
}

19
hosts/axoserver-nix/wg-quick.nix Normal file
View File

@@ -0,0 +1,19 @@
{ ... } : {
networking.wg-quick.interfaces.wg0 = {
address = [ "10.1.10.2/24" ];
privateKey = "2IzITd4epbSgALua8DKX2UC151o6F6q7l6J9/Ib+znk=";
peers = [
{
publicKey = "meFmsUmqtLtaexVpWvWWWXnKiUarSahZD75lZONJVUE=";
allowedIPs = [ "10.1.10.0/24" ];
endpoint = "127.0.0.1:51821";
persistentKeepalive = 60;
}
];
};
}

12
hosts/axoserver-nix/zabbix-agent.nix Normal file
View File

@@ -0,0 +1,12 @@
{ pkgs, ... } : {
services.zabbixAgent = {
enable = true;
package = pkgs.zabbix.agent;
server = "10.6.0.1";
settings = {
ServerActive = "10.6.0.18";
};
};
networking.firewall.allowedTCPPorts = [ 10050 ];
}