nixos-config/machines/NixOS-VPS/services/xtls.nix

{ config, pkgs, inputs, ... }:
let
  inherit (pkgs.hostPlatform) system;
  cert-key = config.sops.secrets."cert.key".path;
  cert-pem = config.sops.secrets."cert.pem".path;
  nginx-conf = config.sops.secrets."nginx.conf".path;
  marzban-env = config.sops.secrets.marzban.path;
in {
  imports = [ inputs.ataraxiasjel-nur.nixosModules.ocis ];
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  sops.secrets = let
    nginx = {
      sopsFile = inputs.self.secretsDir + /nixos-vps/nginx.yaml;
      restartUnits = [ "podman-nginx.service" ];
    };
    marzban = {
      format = "dotenv";
      sopsFile = inputs.self.secretsDir + /nixos-vps/marzban.env;
      restartUnits = [ "podman-marzban.service" ];
    };
  in {
    "cert.key" = nginx;
    "cert.pem" = nginx;
    "nginx.conf" = nginx;
    marzban = marzban;
  };

  virtualisation.oci-containers.containers = {
    marzban = {
      autoStart = true;
      image = "ghcr.io/gozargah/marzban:v0.4.9";
      environmentFiles = [ marzban-env ];
      extraOptions = [ "--network=host" ];
      volumes = [
        "/srv/marzban:/var/lib/marzban"
      ];
    };
    nginx = {
      autoStart = true;
      image = "docker.io/nginx:latest";
      extraOptions = [ "--network=host" ];
      volumes = [
        "${cert-key}:/etc/ssl/certs/cert.key:ro"
        "${cert-pem}:/etc/ssl/certs/cert.pem:ro"
        "${nginx-conf}:/etc/nginx/nginx.conf:ro"
      ];
    };
  };

  services.ocis = {
    enable = true;
    package = inputs.ataraxiasjel-nur.packages.${system}.ocis-bin;
    configDir = "/srv/ocis/config";
    baseDataPath = "/srv/ocis/data";
    environment = {
      OCIS_INSECURE = "false";
      OCIS_URL = "https://cloud.ataraxiadev.com";
      PROXY_HTTP_ADDR = "127.0.0.1:9200";
      PROXY_TLS = "false";
    };
  };

  systemd.tmpfiles.rules = [
    "d /srv/marzban 0755 root root -"
  ];
}
change nextcloud to ocis on nixos-vps 2024-02-01 22:50:21 +03:00			`{ config, pkgs, inputs, ... }:`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`let`
change nextcloud to ocis on nixos-vps 2024-02-01 22:50:21 +03:00			`inherit (pkgs.hostPlatform) system;`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`cert-key = config.sops.secrets."cert.key".path;`
			`cert-pem = config.sops.secrets."cert.pem".path;`
			`nginx-conf = config.sops.secrets."nginx.conf".path;`
			`marzban-env = config.sops.secrets.marzban.path;`
			`in {`
minor fixes 2024-02-06 20:23:25 +03:00			`imports = [ inputs.ataraxiasjel-nur.nixosModules.ocis ];`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`

			`sops.secrets = let`
			`nginx = {`
			`sopsFile = inputs.self.secretsDir + /nixos-vps/nginx.yaml;`
			`restartUnits = [ "podman-nginx.service" ];`
			`};`
			`marzban = {`
			`format = "dotenv";`
			`sopsFile = inputs.self.secretsDir + /nixos-vps/marzban.env;`
			`restartUnits = [ "podman-marzban.service" ];`
			`};`
			`in {`
			`"cert.key" = nginx;`
			`"cert.pem" = nginx;`
			`"nginx.conf" = nginx;`
			`marzban = marzban;`
			`};`

			`virtualisation.oci-containers.containers = {`
			`marzban = {`
			`autoStart = true;`
update marzban 2024-04-23 21:37:50 +03:00			`image = "ghcr.io/gozargah/marzban:v0.4.9";`
update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`environmentFiles = [ marzban-env ];`
			`extraOptions = [ "--network=host" ];`
			`volumes = [`
			`"/srv/marzban:/var/lib/marzban"`
			`];`
			`};`
			`nginx = {`
			`autoStart = true;`
			`image = "docker.io/nginx:latest";`
			`extraOptions = [ "--network=host" ];`
			`volumes = [`
			`"${cert-key}:/etc/ssl/certs/cert.key:ro"`
			`"${cert-pem}:/etc/ssl/certs/cert.pem:ro"`
			`"${nginx-conf}:/etc/nginx/nginx.conf:ro"`
			`];`
			`};`
			`};`

change nextcloud to ocis on nixos-vps 2024-02-01 22:50:21 +03:00			`services.ocis = {`
			`enable = true;`
			`package = inputs.ataraxiasjel-nur.packages.${system}.ocis-bin;`
			`configDir = "/srv/ocis/config";`
			`baseDataPath = "/srv/ocis/data";`
			`environment = {`
			`OCIS_INSECURE = "false";`
			`OCIS_URL = "https://cloud.ataraxiadev.com";`
			`PROXY_HTTP_ADDR = "127.0.0.1:9200";`
			`PROXY_TLS = "false";`
			`};`
			`};`

update flake, move to new vps... again 2023-12-23 01:26:18 +03:00			`systemd.tmpfiles.rules = [`
			`"d /srv/marzban 0755 root root -"`
			`];`
			`}`