hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: devide xrays systems

Browse Source
This commit is contained in:
yukkop
2026-05-23 18:27:02 +00:00
parent bce720fcff
commit fb6ee3cb54
8 changed files with 197 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -98,7 +98,8 @@
nixosConfigurations = { nixosConfigurations = {
# NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that # NOTE(yukkop): in bfs one of dependencies is shadow-4.17.4 that
# unsupported on aarch64-darwin # unsupported on aarch64-darwin
"bfs|x86_64-linux" = import ./nixos/system/bfs { inherit flake self inputs; system = "x86_64-linux"; }; "bfs.netherland.xray|x86_64-linux" = import ./nixos/system/bfs.netherland.xray { inherit flake self inputs; system = "x86_64-linux"; };
"bfs.poland.xray|x86_64-linux" = import ./nixos/system/bfs.poland.xray { inherit flake self inputs; system = "x86_64-linux"; };
# FIXME(yukkop): some why I cannot merge nixosConfigurations from `forAllSystemsWithPkgs` with this # FIXME(yukkop): some why I cannot merge nixosConfigurations from `forAllSystemsWithPkgs` with this
"neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; }; "neuro|x86_64-linux" = import ./nixos/system/neuro { inherit flake self inputs; system = "x86_64-linux"; };
"games|x86_64-linux" = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; }; "games|x86_64-linux" = import ./nixos/system/games { inherit flake self inputs; system = "x86_64-linux"; };

101
nixos/module/generic/xray-system.nix Normal file
View File

@@ -0,0 +1,101 @@
{
inputs,
flake,
self,
}: {
lib,
pkgs,
modulesPath,
config,
...
}: let
cfg = config.hectic.generic.xray-system;
xrayPort = 10086;
in {
imports = [
self.nixosModules.hectic
inputs.sops-nix.nixosModules.sops
];
options.hectic.generic.xray-system = {
enable = lib.mkEnableOption "generic xray VPN server system configuration";
defaultSopsFile = lib.mkOption {
type = lib.types.path;
description = ''
SOPS-encrypted secrets file used as `sops.defaultSopsFile`.
Must define the `config` and `init-postgresql` secrets.
'';
example = lib.literalExpression "../../../sus/bfs.xray.yaml";
};
};
config = lib.mkIf cfg.enable {
services.xray = {
enable = true;
settingsFile = config.sops.secrets."config".path;
};
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOn1KflaIX1RU9YS/qLb0GInmndYxx2vTLZC9OA+eXZl''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKPbIJATVyAw7F7vBZbHkCODXFo5gvDyqhuU0gnNUNH''
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
] ++ (if pkgs.stdenv.hostPlatform.system != "aarch64-linux" then [ "vmw_pvscsi" ] else []);
boot.initrd.kernelModules = ["nvme"];
disko.devices = {
disk.vda = {
device = lib.mkDefault "/dev/vda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
hectic = {
archetype.base.enable = true;
archetype.dev.enable = true;
};
sops = {
gnupg.sshKeyPaths = [ ];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = cfg.defaultSopsFile;
secrets."config" = {};
secrets."init-postgresql" = {};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
xrayPort 8443
80 443 # for acme
];
};
environment.systemPackages = with pkgs; [
xray
];
};
}

26
nixos/system/bfs.netherland.xray/bfs.netherland.xray.nix Normal file
View File

@@ -0,0 +1,26 @@
{
inputs,
flake,
self,
}: {
lib,
pkgs,
modulesPath,
config,
...
}: {
# TODO:
# white list
# torent
# rate limit
# ping - game and speak
imports = [
self.nixosModules.xray-system
];
hectic.generic.xray-system = {
enable = true;
defaultSopsFile = ../../../sus/bfs.xray.yaml;
};
}

21
nixos/system/bfs.netherland.xray/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{
flake,
self,
inputs,
system,
...
}: let
# Use folder name as name of this system; sanitize for hostName (no dots)
name = builtins.baseNameOf ./.;
hostName = builtins.replaceStrings ["."] ["-"] name;
in self.lib.nixpkgs-lib.nixosSystem {
pkgs = import inputs.nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
};
modules = [
{ networking.hostName = hostName; }
(import ./${name}.nix { inherit flake self inputs; })
];
}

26
nixos/system/bfs.poland.xray/bfs.poland.xray.nix Normal file
View File

@@ -0,0 +1,26 @@
{
inputs,
flake,
self,
}: {
lib,
pkgs,
modulesPath,
config,
...
}: {
# TODO:
# white list
# torent
# rate limit
# ping - game and speak
imports = [
self.nixosModules.xray-system
];
hectic.generic.xray-system = {
enable = true;
defaultSopsFile = ../../../sus/bfs.xray.yaml;
};
}

21
nixos/system/bfs.poland.xray/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{
flake,
self,
inputs,
system,
...
}: let
# Use folder name as name of this system; sanitize for hostName (no dots)
name = builtins.baseNameOf ./.;
hostName = builtins.replaceStrings ["."] ["-"] name;
in self.lib.nixpkgs-lib.nixosSystem {
pkgs = import inputs.nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
};
modules = [
{ networking.hostName = hostName; }
(import ./${name}.nix { inherit flake self inputs; })
];
}

109
nixos/system/bfs/bfs.nix
View File

@@ -1,109 +0,0 @@
{
inputs,
flake,
self,
}: {
lib,
pkgs,
modulesPath,
config,
...
}: let
xrayPort = 10086;
in {
# TODO:
# white list
# torent
# rate limit
# ping - game and speak
imports = [
self.nixosModules.hectic
inputs.sops-nix.nixosModules.sops
];
#hectic.services.matrix = {
# enable = true;
# secretsFile = config.sops.secrets."matrix/secrets".path;
# turnSecretFile = config.sops.secrets."matrix/turn-secret".path;
# publicIp = "188.137.254.58";
# postgresql = {
# port = 5432;
# initialEnvFile = config.sops.secrets."init-postgresql".path;
# };
# matrixDomain = "accord.tube";
#};
services.xray = {
enable = true;
settingsFile = config.sops.secrets."config".path;
};
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOn1KflaIX1RU9YS/qLb0GInmndYxx2vTLZC9OA+eXZl''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKPbIJATVyAw7F7vBZbHkCODXFo5gvDyqhuU0gnNUNH''
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
] ++ (if pkgs.stdenv.hostPlatform.system != "aarch64-linux" then [ "vmw_pvscsi" ] else []);
boot.initrd.kernelModules = ["nvme"];
disko.devices = {
disk.vda = {
device = lib.mkDefault "/dev/vda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
hectic = {
archetype.base.enable = true;
archetype.dev.enable = true;
};
sops = {
gnupg.sshKeyPaths = [ ];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../../sus/bfs.xray.yaml;
secrets."config" = {};
secrets."init-postgresql" = {};
#secrets."matrix/secrets" = {};
#secrets."matrix/turn-secret" = {
# owner = "turnserver";
# group = "turnserver";
# mode = "0400";
#};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
xrayPort 8443
80 443 # for acme
];
};
environment.systemPackages = with pkgs; [
xray
];
}

20
nixos/system/bfs/default.nix
View File

@@ -1,20 +0,0 @@
{
flake,
self,
inputs,
system,
...
}: let
# Use folder name as name of this system
name = builtins.baseNameOf ./.;
in self.lib.nixpkgs-lib.nixosSystem {
pkgs = import inputs.nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
};
modules = [
{ networking.hostName = name; }
(import ./${name}.nix { inherit flake self inputs; })
];
}