AsakiYuki/AsaJS
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tin vip vai lon

Browse source
This commit is contained in:
Asaki Yuki 2026-04-13 22:37:37 +07:00
parent 5760ed4067
commit 4737199992
10 changed files with 148 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

1
home/asakiyuki/configuration.nix
View file

@ -3,7 +3,6 @@
libs, libs,
config, config,
custom, custom,
pkgs,
unstable, unstable,
... ...
}: }:

35
home/junko/configuration.nix Normal file
View file

@ -0,0 +1,35 @@
{
inputs,
libs,
config,
custom,
unstable,
...
}:
let
osconfig = config;
in
{
users.users.junko = {
isNormalUser = true;
};
home-manager.users.junko = {
_module.args = {
inherit
inputs
unstable
osconfig
custom
libs
;
};
imports = [ ];
home = {
username = "junko";
stateVersion = "25.11";
};
};
}

102
host/server/default.nix
View file

@ -2,109 +2,15 @@
{ {
imports = [ imports = [
./programs.nix ./programs.nix
./service.nix ./services.nix
./networking.nix
(libs.root "/modules/features/system/docker.nix") (libs.root "/modules/features/system/docker.nix")
(libs.root "/modules/features/system/packages.nix") (libs.root "/modules/features/system/packages.nix")
(libs.root "/home/asakiyuki/configuration.nix") (libs.root "/home/asakiyuki/configuration.nix")
(libs.root "/home/junko/configuration.nix")
(libs.root "/options/system/default.nix") (libs.root "/options/system/default.nix")
]; ];
environment.systemPackages = with pkgs; [
git
vim
];
users.users.junko = {
isNormalUser = true;
};
services = {
fail2ban = {
enable = true;
ignoreIP = [
"192.168.0.0/16"
];
};
cloudflare-dyndns = {
enable = true;
apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY";
frequency = "*:0/5";
proxied = true;
ipv6 = false;
ipv4 = true;
deleteMissing = false;
domains = [ "ddns.asakiyuki.com" ];
};
openssh = {
enable = true;
ports = [ 15523 ];
authorizedKeysInHomedir = true;
authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ];
settings = {
AllowUsers = [
"asakiyuki"
"junko"
];
PasswordAuthentication = true;
KbdInteractiveAuthentication = false;
AllowAgentForwarding = false;
AllowStreamLocalForwarding = false;
X11Forwarding = false;
PermitRootLogin = "no";
};
};
};
networking = {
useDHCP = false;
networkmanager.enable = true;
defaultGateway = "192.168.1.1";
nameservers = [
"8.8.8.8"
"1.1.1.1"
];
interfaces = {
enp1s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.1.100";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "2402:800:62d0:1c26:abcd:1234:5678:9abc";
prefixLength = 64;
}
];
};
};
firewall = {
enable = true;
allowedUDPPorts = [
53
34778
];
allowedTCPPorts = [
80
443
18581
8443
15523
53
583
25565
];
};
};
} }

50
host/server/networking.nix Normal file
View file

@ -0,0 +1,50 @@
{ ... }:
{
networking = {
firewall = {
enable = true;
allowedUDPPorts = [
53
34778
];
allowedTCPPorts = [
80
443
18581
8443
15523
53
583
25565
];
};
useDHCP = false;
networkmanager.enable = true;
defaultGateway = "192.168.1.1";
nameservers = [
"8.8.8.8"
"1.1.1.1"
];
interfaces = {
enp1s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.1.100";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "2402:800:62d0:1c26:abcd:1234:5678:9abc";
prefixLength = 64;
}
];
};
};
};
}

5
host/server/service.nix
View file

@ -1,5 +0,0 @@
{ libs, ... }: [
imports = [
(libs.root "/modules/services/adguardhome.nix")
];
]

9
host/server/services.nix Normal file
View file

@ -0,0 +1,9 @@
{ libs, ... }:
{
imports = [
(libs.root "/modules/services/adguardhome.nix")
(libs.root "/modules/services/cloudflare-dyndns.nix")
(libs.root "/modules/services/fail2ban.nix")
(libs.root "/modules/services/openssh.nix")
];
}

13
modules/services/cloudflare-dyndns.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY";
frequency = "*:0/5";
proxied = true;
ipv6 = false;
ipv4 = true;
deleteMissing = false;
domains = [ "ddns.asakiyuki.com" ];
};
}

9
modules/services/fail2ban.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
security.fail2ban = {
enable = true;
ignoreIP = [
"192.168.0.0/16"
];
};
}

21
modules/services/openssh.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
{
services.openssh = {
enable = true;
ports = [ 15523 ];
authorizedKeysInHomedir = true;
authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ];
settings = {
AllowUsers = [
"asakiyuki"
"junko"
];
PasswordAuthentication = true;
KbdInteractiveAuthentication = false;
AllowAgentForwarding = false;
AllowStreamLocalForwarding = false;
X11Forwarding = false;
PermitRootLogin = "no";
};
};
}

3
modules/services/pipewire.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
services.pipewire = { services.pipewire = {
enable = true; enable = true;
pulse.enable = true; pulse.enable = true;