diff options
Diffstat (limited to 'adonis')
| -rw-r--r-- | adonis/aur/default.nix | 10 | ||||
| -rw-r--r-- | adonis/captiveportal/default.nix | 14 | ||||
| -rw-r--r-- | adonis/default.nix | 9 | ||||
| -rw-r--r-- | adonis/network.nix | 20 | ||||
| -rw-r--r-- | adonis/tor/default.nix | 45 | ||||
| -rw-r--r-- | adonis/tor/snowflake.nix | 19 |
6 files changed, 117 insertions, 0 deletions
diff --git a/adonis/aur/default.nix b/adonis/aur/default.nix new file mode 100644 index 0000000..9236940 --- /dev/null +++ b/adonis/aur/default.nix @@ -0,0 +1,10 @@ +{config, ...}: let + aurDomain = "aur.${config.customOps.domain.fqdn}"; +in { + services.nginx.virtualHosts.${aurDomain} = { + root = "/var/www/${aurDomain}"; + locations."/builds".extraConfig = "autoindex on;"; + forceSSL = true; + enableACME = true; + }; +} diff --git a/adonis/captiveportal/default.nix b/adonis/captiveportal/default.nix new file mode 100644 index 0000000..bb54039 --- /dev/null +++ b/adonis/captiveportal/default.nix @@ -0,0 +1,14 @@ +{config, ...}: let + domain = config.customOps.domain.fqdn; +in { + services.nginx.virtualHosts."cpc.${domain}" = { + extraConfig = '' + access_log off; + error_log /dev/null; + ''; + locations."/".return = 204; + forceSSL = false; + addSSL = true; + enableACME = true; + }; +} diff --git a/adonis/default.nix b/adonis/default.nix new file mode 100644 index 0000000..d8b5c8e --- /dev/null +++ b/adonis/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./network.nix + ./aur + ./captiveportal + ./tor + ]; + system.stateVersion = "25.11"; +} diff --git a/adonis/network.nix b/adonis/network.nix new file mode 100644 index 0000000..df24aac --- /dev/null +++ b/adonis/network.nix @@ -0,0 +1,20 @@ +{ + networking = { + hostName = "adonis"; + interfaces.ens3.ipv6 = { + addresses = [ + { + address = "2a0a:4cc0:c1:cf00::10"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "::"; + via = "fe80::1"; + prefixLength = 0; + } + ]; + }; + }; +} diff --git a/adonis/tor/default.nix b/adonis/tor/default.nix new file mode 100644 index 0000000..7fcf2b4 --- /dev/null +++ b/adonis/tor/default.nix @@ -0,0 +1,45 @@ +{config, ...}: let + owner = config.customOps.owner.username; + domain = config.customOps.domain.fqdn; +in { + imports = [./snowflake.nix]; + + services.tor = { + enable = true; + openFirewall = true; + enableGeoIP = false; + torsocks.enable = true; + client.enable = true; + + relay = { + enable = true; + role = "relay"; + }; + + settings = { + Nickname = "${owner}"; + ContactInfo = "admin.tor@${domain}"; + + ExitRelay = false; + + MaxAdvertisedBandwidth = "100 MB"; + BandWidthRate = "100 MB"; + RelayBandwidthRate = "100 MB"; + RelayBandwidthBurst = "100 MB"; + + CookieAuthentication = true; + AvoidDiskWrites = 1; + HardwareAccel = 0; + SafeLogging = 1; + NumCPUs = 4; + + ORPort = [ + 9001 + { + addr = "[2a0a:4cc0:c1:cf00::10]"; + port = 9030; + } + ]; + }; + }; +} diff --git a/adonis/tor/snowflake.nix b/adonis/tor/snowflake.nix new file mode 100644 index 0000000..5a1c4bb --- /dev/null +++ b/adonis/tor/snowflake.nix @@ -0,0 +1,19 @@ +{config, ...}: let + torDomain = "tor.${config.customOps.domain.fqdn}"; +in { + services.snowflake-proxy = { + enable = true; + capacity = 20; + extraFlags = ["-metrics"]; + }; + + services.nginx.virtualHosts.${torDomain} = { + root = "/var/www/${torDomain}"; + forceSSL = true; + enableACME = true; + locations."~ \\.php$".extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; + fastcgi_index index.php; + ''; + }; +} |