tin vip vai lon

home/asakiyuki/configuration.nix

@@ -3,7 +3,6 @@
   libs,
   config,
   custom,
-  pkgs,
   unstable,
   ...
 }:

home/junko/configuration.nix

@@ -0,0 +1,35 @@
+{
+  inputs,
+  libs,
+  config,
+  custom,
+  unstable,
+  ...
+}:
+let
+  osconfig = config;
+in
+{
+  users.users.junko = {
+    isNormalUser = true;
+  };
+
+  home-manager.users.junko = {
+    _module.args = {
+      inherit
+        inputs
+        unstable
+        osconfig
+        custom
+        libs
+        ;
+    };
+
+    imports = [ ];
+
+    home = {
+      username = "junko";
+      stateVersion = "25.11";
+    };
+  };
+}

host/server/default.nix

@@ -2,109 +2,15 @@
 {
   imports = [
     ./programs.nix
-    ./service.nix
+    ./services.nix
+    ./networking.nix
 
     (libs.root "/modules/features/system/docker.nix")
     (libs.root "/modules/features/system/packages.nix")
 
     (libs.root "/home/asakiyuki/configuration.nix")
+    (libs.root "/home/junko/configuration.nix")
+
     (libs.root "/options/system/default.nix")
   ];
-
-  environment.systemPackages = with pkgs; [
-    git
-    vim
-  ];
-
-  users.users.junko = {
-    isNormalUser = true;
-  };
-
-  services = {
-
-    fail2ban = {
-      enable = true;
-      ignoreIP = [
-        "192.168.0.0/16"
-      ];
-    };
-
-    cloudflare-dyndns = {
-      enable = true;
-      apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY";
-      frequency = "*:0/5";
-      proxied = true;
-      ipv6 = false;
-      ipv4 = true;
-      deleteMissing = false;
-      domains = [ "ddns.asakiyuki.com" ];
-    };
-
-    openssh = {
-      enable = true;
-      ports = [ 15523 ];
-      authorizedKeysInHomedir = true;
-      authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ];
-      settings = {
-        AllowUsers = [
-          "asakiyuki"
-          "junko"
-        ];
-        PasswordAuthentication = true;
-        KbdInteractiveAuthentication = false;
-        AllowAgentForwarding = false;
-        AllowStreamLocalForwarding = false;
-        X11Forwarding = false;
-        PermitRootLogin = "no";
-      };
-    };
-  };
-
-  networking = {
-    useDHCP = false;
-    networkmanager.enable = true;
-    defaultGateway = "192.168.1.1";
-    nameservers = [
-      "8.8.8.8"
-      "1.1.1.1"
-    ];
-
-    interfaces = {
-      enp1s0 = {
-        useDHCP = false;
-
-        ipv4.addresses = [
-          {
-            address = "192.168.1.100";
-            prefixLength = 24;
-          }
-        ];
-
-        ipv6.addresses = [
-          {
-            address = "2402:800:62d0:1c26:abcd:1234:5678:9abc";
-            prefixLength = 64;
-          }
-        ];
-      };
-    };
-
-    firewall = {
-      enable = true;
-      allowedUDPPorts = [
-        53
-        34778
-      ];
-      allowedTCPPorts = [
-        80
-        443
-        18581
-        8443
-        15523
-        53
-        583
-        25565
-      ];
-    };
-  };
 }

host/server/networking.nix

@@ -0,0 +1,50 @@
+{ ... }:
+{
+  networking = {
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [
+        53
+        34778
+      ];
+      allowedTCPPorts = [
+        80
+        443
+        18581
+        8443
+        15523
+        53
+        583
+        25565
+      ];
+    };
+
+    useDHCP = false;
+    networkmanager.enable = true;
+
+    defaultGateway = "192.168.1.1";
+    nameservers = [
+      "8.8.8.8"
+      "1.1.1.1"
+    ];
+
+    interfaces = {
+      enp1s0 = {
+        useDHCP = false;
+        ipv4.addresses = [
+          {
+            address = "192.168.1.100";
+            prefixLength = 24;
+          }
+        ];
+
+        ipv6.addresses = [
+          {
+            address = "2402:800:62d0:1c26:abcd:1234:5678:9abc";
+            prefixLength = 64;
+          }
+        ];
+      };
+    };
+  };
+}

host/server/service.nix

@@ -1,5 +0,0 @@
-{ libs, ... }: [
-    imports = [
-        (libs.root "/modules/services/adguardhome.nix")
-    ];
-]

host/server/services.nix

@@ -0,0 +1,9 @@
+{ libs, ... }:
+{
+  imports = [
+    (libs.root "/modules/services/adguardhome.nix")
+    (libs.root "/modules/services/cloudflare-dyndns.nix")
+    (libs.root "/modules/services/fail2ban.nix")
+    (libs.root "/modules/services/openssh.nix")
+  ];
+}

modules/services/cloudflare-dyndns.nix

@@ -0,0 +1,13 @@
+{ ... }:
+{
+  services.cloudflare-dyndns = {
+    enable = true;
+    apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY";
+    frequency = "*:0/5";
+    proxied = true;
+    ipv6 = false;
+    ipv4 = true;
+    deleteMissing = false;
+    domains = [ "ddns.asakiyuki.com" ];
+  };
+}

modules/services/fail2ban.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  security.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "192.168.0.0/16"
+    ];
+  };
+}

modules/services/openssh.nix

@@ -0,0 +1,21 @@
+{ ... }:
+{
+  services.openssh = {
+    enable = true;
+    ports = [ 15523 ];
+    authorizedKeysInHomedir = true;
+    authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ];
+    settings = {
+      AllowUsers = [
+        "asakiyuki"
+        "junko"
+      ];
+      PasswordAuthentication = true;
+      KbdInteractiveAuthentication = false;
+      AllowAgentForwarding = false;
+      AllowStreamLocalForwarding = false;
+      X11Forwarding = false;
+      PermitRootLogin = "no";
+    };
+  };
+}

modules/services/pipewire.nix

@@ -1,6 +1,7 @@
-{ ... }: {
-    services.pipewire = {
-        enable = true;
-        pulse.enable = true;
-    };
+{ ... }:
+{
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
 }