AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add marzban to vps

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-11-24 00:17:22 +03:00
parent 1e184253f9
commit b6547b5909
6 changed files with 137 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@ -7,3 +7,8 @@ creation_rules:
- pgp:
- *ataraxia
- *suomi-vps
- path_regex: secrets/suomi-vps/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *ataraxia
- *suomi-vps

1
flake.nix
View File

@ -117,6 +117,7 @@
customModules = builtins.listToAttrs (findModules ./modules);
customProfiles = builtins.listToAttrs (findModules ./profiles);
customRoles = import ./roles;
secretsDir = ./secrets;
sharedPatches = patchesPath [
"vaultwarden.patch"

1
machines/Suomi-VPS/default.nix
View File

@ -17,6 +17,7 @@
./services/tailscale.nix
./services/tor-bridge.nix
./services/wireguard.nix
./services/xtls.nix
];
# Impermanence

65
machines/Suomi-VPS/services/xtls.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, pkgs, lib, inputs, ... }:
let
cert-key = config.sops.secrets."cert.key".path;
cert-pem = config.sops.secrets."cert.pem".path;
nginx-conf = config.sops.secrets."nginx.conf".path;
marzban-env = config.sops.secrets.marzban.path;
in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
sops.secrets = let
nginx = {
sopsFile = inputs.self.secretsDir + /suomi-vps/nginx.yaml;
restartUnits = [ "podman-nginx.service" ];
};
marzban = {
format = "dotenv";
sopsFile = inputs.self.secretsDir + /suomi-vps/marzban.env;
restartUnits = [ "podman-marzban.service" ];
};
in {
"cert.key" = nginx;
"cert.pem" = nginx;
"nginx.conf" = nginx;
marzban = marzban;
};
virtualisation.oci-containers.containers = {
nextcloud = {
autoStart = true;
image = "docker.io/nextcloud:stable";
ports = [ "9765:80" ];
volumes = [
"/srv/nextcloud/html:/var/www/html"
"/srv/nextcloud/config:/var/www/html/config"
"/srv/nextcloud/data:/var/www/html/data"
];
};
marzban = {
autoStart = true;
image = "ghcr.io/gozargah/marzban:v0.4.1";
environmentFiles = [ marzban-env ];
extraOptions = [ "--network=host" ];
volumes = [
"/srv/marzban:/var/lib/marzban"
];
};
nginx = {
autoStart = true;
image = "docker.io/nginx:latest";
extraOptions = [ "--network=host" ];
volumes = [
"${cert-key}:/etc/ssl/certs/cert.key:ro"
"${cert-pem}:/etc/ssl/certs/cert.pem:ro"
"${nginx-conf}:/etc/nginx/nginx.conf:ro"
];
};
};
systemd.tmpfiles.rules = [
"d /srv/marzban 0755 root root -"
"d /srv/nextcloud/html 0755 33 33 -"
"d /srv/nextcloud/config 0755 33 33 -"
"d /srv/nextcloud/data 0755 33 33 -"
];
}

16
secrets/suomi-vps/marzban.env Normal file
View File

@ -0,0 +1,16 @@
SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str]
SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str]
TELEGRAM_API_TOKEN=ENC[AES256_GCM,data:8PySjalQnpADCd+3Yt+Iax3DdGq6sxR0PHntgAzKpI+iXsB8TsMqsm6ElORoOw==,iv:y7tmr1jIs/JtMnBcEkGiCxrKkPcgUt6RBSq4GiKXNZ8=,tag:TcdxtPkO4Pvfcku72XCFIg==,type:str]
TELEGRAM_ADMIN_ID=ENC[AES256_GCM,data:nH/VUQNoRqwj,iv:AdBRZqyBVeze8SGn0pmxaBB8CWyo3D1TTaVx7NsEPHI=,tag:MyJwnQhuBCQ7XMS74TevRg==,type:str]
SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
sops_lastmodified=2023-11-22T23:09:38Z
sops_mac=ENC[AES256_GCM,data:m9TLulK7igJtvtuu1Leag5Ky28qxKyELOKGTFZmX8O/VaVwu1EHC07awgf9HJjFlAcIWT6+fkRcnpwse6t4Thh//Yc4YIu8ryJjsRZBLezaR26SOWis41HR/uek/lSLLMMrdIyiU/5RX9i3/rhUjZwCDYzM1yg+rDsxfGIdERCM=,iv:+TXcgj9MsmQmZzYi4JKbgPVLcX0VLKtheq5/ckPRDcY=,tag:Ku+43ZiVCOeUxN3pimv7JQ==,type:str]
sops_pgp__list_0__map_created_at=2023-11-22T22:35:02Z
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQEMAwcagTG/Fm6AAQf9FyMBT+jm0pOjuw6aXQSv7Xc8ffKtXYAIUgKsHTTAnqfj\npoDoel7I1toENks/0flFxXjtzp6kBPPmb8aX+CelPv5orIyzMUdJbgZ2D6LINHTD\npW5DmGA7gkegk/gus4qMz+p/zxoJC0EBrr8eVbgIUMi3WVUtG1TofpeaKm+xf61r\nvVJLMn7dHxjmt3qe6RVBAD2bS/tTEUEfGubOWBLUrWq1MElnL0MLZy3936dmMJ5W\nLrurkBfJ7hCIIfJn/7VCBkY93Nk/NjZCF/EdYj2/Dgs0SOqIc5wXGC259/7HhVEJ\nlmBOKYWPzHp4c40AMHld3L3rJ0cOKenTBSfj8g7b1tJYAaB+dW//A/HaL8FrIpxx\nMjS1HyfsFfDM8D8Um+PCe4cktupMmlhuU898rOLwgAX90niRHvhm0IWbLISa1QDx\nPH4SjYB4NWIk5i1eunYm8jjMStNNbRABJg==\n=V9Pe\n-----END PGP MESSAGE-----
sops_pgp__list_0__map_fp=ad382d058c964607b7bbf01b071a8131bf166e80
sops_pgp__list_1__map_created_at=2023-11-22T22:35:02Z
sops_pgp__list_1__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQIMAyNex7x1cALKAQ//TN89prS2jIW3lvDFdOmFfNKSOo9oNqVJZPKbyRTG4gxL\ndwhPZnCoQd8Sg88TNexfgl/qkQJhU6k/dbx2/nebJXgkQz4GDpmNNVAHacH+A7Sv\n/ZPGDLMdivOF6JVIIBxjdj06KxRfyeTf3Cnb2JqaCjGc312POBOQMZBa/GvfQjC7\n8YhS6TqXu8+MhmWNP9bbTWE1kc7bNeH+1BzraZn5625OQN1kCNj2SEBaZPI1i/MS\nTQxHf0yfIES6lZ/NTB6H0xkxbwcKYbbY47o9dc5BG7uAKPGh9oBnAmH66XuSq260\nuWsRwfdfK8NOEy9nxSk2Yqfgatzx7WkNCEX6l6ztCbSDeruJ56X49vr+xLbw5NyX\n+rgvr1w85uiAzct8f/2QNBq/J0qjoinHvxbUUbLP3LkJzqOoxXV0YEqjx7LHMrEW\nCRn2oiLRZd5ElsbVvDGhpFAoMq2kYa2U3280YRQuH0zFGpUbhS8Q7FtyZOBuw2pz\nYNJwLwsRODNvCeeruYOzLF/ERfZteO7yzj0WWyGPvhIcIvz9mP6JgtDvR+0e15hi\nZ6zyzz5wvpBWEpQaVuNeXxHr4+UJe2iLZN1ATTCJW7dfJyKxBC1yimXPmrJJtQOI\nqUjqIiskgdph0DRPXwgE3sHKYEbUwHb2l1ospnN2AW3RRSyXYgvBo/N91ndazffS\nWAFwVCXJLn7n3BrM8CYozTHsrOHTtMMqRDHKZq2C8GHJMpPb3t6K07CIolmkjMHN\nivdG4dSds8uj4HYwFKlw1ZyMqZApSI/FnLoaOfw9Ur6xKI6U1Z2T2GU=\n=xUz4\n-----END PGP MESSAGE-----
sops_pgp__list_1__map_fp=d286fd9431753cb455537070235ec7bc757002ca
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

49
secrets/suomi-vps/nginx.yaml Normal file
View File

File diff suppressed because one or more lines are too long