zendicartus
/
nixos-configuration
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update server configuration 

Remove i2pd as it moved to another server, cleanup.

Signed-off-by: zendicartus <zanderwar@mail.i2p>
headless-server
zendicartus 2022-12-25 09:49:19 +03:00
parent 5fb0899ab0
commit 4db5ca4c1e
5 changed files with 31 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
configuration.nix
View File

@ -49,9 +49,6 @@ in
opengl.extraPackages = with pkgs; [
libvdpau-va-gl
libva
# rocm-opencl-icd
# rocm-opencl-runtime
# khronos-ocl-icd-loader
ocl-icd
libclc
mesa.opencl
@ -61,7 +58,7 @@ in
powerManagement.cpuFreqGovernor = "performance";
system = {
stateVersion = "21.11";
stateVersion = "22.05";
autoUpgrade.enable = true;
autoUpgrade.allowReboot = true;
};
@ -130,10 +127,5 @@ in
};
time.timeZone = "Europe/Moscow";
# virtualisation.docker.enable = true;
systemd.extraConfig = "DefaultLimitNOFILESoft=524288";
systemd.services.i2pd.serviceConfig.LimitNOFILESoft = pkgs.lib.mkForce 524288;
systemd.services.i2pd.serviceConfig.LimitNOFILE = pkgs.lib.mkForce 524288;
}

2
hardware-configuration.nix
View File

@ -9,7 +9,7 @@
];
boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];

2
packages.nix
View File

@ -8,7 +8,7 @@
htop
iotop
lm_sensors
miniupnpc_2
miniupnpc
nano
opencl-headers
radeontop

253
services.nix
View File

@ -14,12 +14,11 @@ in
configText = ''
UPSTYPE usb
NISIP 127.0.0.1
BATTERYLEVEL 30
MINUTES 10
BATTERYLEVEL 7
BEEPSTATE N
'';
};
geoclue2.enable = false;
localtime.enable = true;
#localtime.enable = true;
locate.enable = true;
nfs.server.enable = true;
openssh.enable = true;
@ -60,8 +59,8 @@ in
dht = false;
proxy = {
type = 4;
hostname = secrets.ip.address;
port = secrets.ports.privoxy;
hostname = secrets.wg_settings.host_ip;
port = secrets.ports.tinyproxy;
proxy_hostnames = true;
proxy_peer_connections = true;
proxy_tracker_connections = true;
@ -78,136 +77,6 @@ in
openFirewall = true;
};
};
i2pd = {
enable = true;
share = 50;
bandwidth = 65536;
dataDir = "/srv/i2pd";
port = secrets.ports.i2pd.main;
logLevel = "info";
addressbook.subscriptions = [
"http://inr.i2p/export/alive-hosts.txt"
"http://i2p-projekt.i2p/hosts.txt"
"http://stats.i2p/cgi-bin/newhosts.txt"
"http://reg.i2p/export/hosts-all.txt"
];
exploratory.outbound = {
quantity = 5;
length = 2;
};
exploratory.inbound = {
quantity = 5;
length = 2;
};
ntcp2 = {
published = true;
port = secrets.ports.i2pd.ntcp;
};
upnp.enable = true; # BUG: not working with wg (at least for now)
proto.http = {
enable = true;
address = secrets.ip.address;
port = secrets.ports.i2pd.http;
};
proto.httpProxy = {
enable = true;
address = "127.0.0.1";
port = secrets.ports.i2pd.httpProxy;
outbound = {
quantity = 5;
length = 4;
};
inbound = {
quantity = 5;
length = 4;
};
};
proto.sam = {
enable = true;
port = secrets.ports.i2pd.sam;
};
proto.socksProxy = {
enable = true;
outproxyEnable = true;
address = secrets.ip.address;
port = secrets.ports.i2pd.socks;
outproxyPort = secrets.ports.tor.client;
outbound = {
quantity = 5;
length = 4;
};
inbound = {
quantity = 5;
length = 4;
};
};
inTunnels = {
monero-p2p = {
enable = true;
name = "monero-p2p";
address = "127.0.0.1";
port = secrets.ports.monero.p2p-i2p;
destination = secrets.monero.i2p-p2p;
outbound = {
quantity = 5;
length = 4;
};
inbound = {
quantity = 5;
length = 4;
};
};
monero-rpc = {
enable = true;
name = "monero-rpc";
address = "127.0.0.1";
port = secrets.ports.monero.rpc;
destination = secrets.monero.i2p-rpc;
outbound = {
quantity = 5;
length = 4;
};
inbound = {
quantity = 5;
length = 4;
};
};
};
outTunnels = {
postman-smtp = {
enable = true;
name = "smtp";
address = secrets.ip.address;
port = secrets.ports.i2pd.smtp;
destination = "smtp.postman.i2p";
destinationPort = 25;
outbound = {
quantity = 5;
length = 4;
};
inbound = {
quantity = 5;
length = 4;
};
};
postman-pop = {
enable = true;
name = "pop3";
address = secrets.ip.address;
port = secrets.ports.i2pd.pop;
destination = "pop.postman.i2p";
destinationPort = 110;
outbound = {
quantity = 5;
length = 4;
};
inbound = {
quantity = 5;
length = 4;
};
};
};
};
jellyfin = {
user = secrets.plex.user;
group = secrets.plex.group;
@ -221,28 +90,6 @@ in
enable = true;
openFirewall = true;
};
#forward-socks5t = "/ ${secrets.ip.address}:${toString secrets.ports.i2pd.socks} .";
privoxy = {
enable = true;
settings = {
listen-address = "${secrets.ip.address}:${toString secrets.ports.privoxy}";
forward-socks5t = ''
/ 127.0.0.1:${toString secrets.ports.tor.client} .
forward .i2p 127.0.0.1:${toString secrets.ports.i2pd.httpProxy}
'';
debug = [ 128 64 ];
accept-intercepted-requests = true;
connection-sharing = false;
keep-alive-timeout = 0;
};
userActions = ''
{ -block }
rutracker.i2p/*
rutracker.org/*
agoradesk.i2p/*
lm.i2p/*
'';
};
syncthing = {
enable = true;
user = "syncthing";
@ -250,6 +97,10 @@ in
configDir = "/srv/syncthing/config";
guiAddress = "${secrets.ip.address}:${toString secrets.ports.syncthing}";
relay.listenAddress = "${secrets.wg_settings.ip}";
openDefaultPorts = true;
overrideDevices = true;
overrideFolders = true;
#todo: use tor as socks proxy
};
transmission = {
@ -282,80 +133,19 @@ in
enable = true;
openFirewall = true;
enableGeoIP = false;
relay.onionServices.monero = {
version = 3;
map = [{
port = secrets.ports.monero.rpc;
target = {
addr = "127.0.0.1";
port = secrets.ports.monero.rpc;
};
}
{
port = secrets.ports.monero.p2p-tor;
target = {
addr = "127.0.0.1";
port = secrets.ports.monero.p2p-tor;
};
}];
};
settings = {
CookieAuthentication = true;
CookieAuthFileGroupReadable = true;
# CacheDirectory = "/etc/tor/cache";
CookieAuthFile = "/var/lib/tor/auth_cookie";
DataDirectoryGroupReadable = true;
CacheDirectoryGroupReadable = true;
SOCKSPort = [ secrets.ports.tor.main ];
ControlPort = secrets.ports.tor.control;
};
client = {
enable = true;
socksListenAddress = {
IsolateDestAddr = false;
addr = "127.0.0.1";
port = secrets.ports.tor.client;
};
};
};
xmrig = {
enable = false;
package = pkgs.xmrig;
settings = {
autosave = true;
opencl = {
enabled = false;
platform = 0;
loader = "/run/opengl-driver/lib/libOpenCL.so";
cache = true;
adl = true;
};
donate-level = 1;
cuda = false;
pools = [
{
url = "pool.supportxmr.com:443";
user = "4A7cHL2unvXS1Eh43TmsZqTqpy9dMoRURD5dsJg7jDMYNqFHMSMm3jtjGmd2TuoNsM5DFi7p6NYeGgWSFWatiRS7R7oiqPR";
pass = "server";
# nicehash = false;
keepalive = true;
tls = true;
}
];
cpu = {
enabled = true;
memory-pool = true;
priority = 5;
# rx = {
# intensity = 1;
# threads = 3;
# affinity = -1;
# };
# max-threads-hint = 75;
};
};
};
monero = {
enable = true;
enable = false;
dataDir = "/srv/monero/data";
rpc = {
address = secrets.wg_settings.ip;
@ -375,15 +165,18 @@ in
confirm-external-bind=1
rpc-ssl=autodetect
db-sync-mode=safe
out-peers=512
in-peers=1024
out-peers=128
in-peers=128
# P2P full node
p2p-bind-ip=0.0.0.0
p2p-bind-port=${toString secrets.ports.monero.p2p-public}
tx-proxy=i2p,${secrets.ip.address}:${toString secrets.ports.i2pd.socks}
tx-proxy=tor,127.0.0.1:${toString secrets.ports.tor.main}
tx-proxy=i2p,${secrets.wg_settings.host_ip}:${toString secrets.ports.i2pd.socks},64
tx-proxy=tor,${secrets.wg_settings.host_ip}:${toString secrets.ports.tor.main},64
rpc-restricted-bind-ip=0.0.0.0
rpc-restricted-bind-port=${toString secrets.ports.monero.rpc}
no-igd=1
no-zmq=1
max-txpool-weight=268435456
# Tor: add P2P seed nodes for the Tor network
# For an up-to-date list of working nodes see https://www.ditatompel.com/monero/node-peers
add-peer=4egylyolrzsk6rskorqvocipdo4tqqoyzxnplbjorns7issmgpoxvtyd.onion:18083
@ -413,14 +206,12 @@ in
add-peer=4q6ps46l3wv2x6zn7faeliycpdwldohex5oc4slplud65o6lpleq.b32.i2p
add-priority-node=s3l6ke4ed3df466khuebb4poienoingwof7oxtbo6j4n56sghe3a.b32.i2p
anonymous-inbound=${secrets.monero.i2p-p2p},127.0.0.1:${toString secrets.ports.monero.p2p-i2p}
anonymous-inbound=${secrets.monero.tor}:${toString secrets.ports.monero.p2p-tor},127.0.0.1:${toString secrets.ports.monero.p2p-tor}
anonymous-inbound=${secrets.monero.i2p-p2p},${secrets.wg_settings.ip}:${toString secrets.ports.monero.p2p-i2p},64
anonymous-inbound=${secrets.monero.tor}:${toString secrets.ports.monero.p2p-tor},${secrets.wg_settings.ip}:${toString secrets.ports.monero.p2p-tor},64
disable-rpc-ban=1
'';
};
};
systemd.services.i2pd.serviceConfig.LimitNOFILESoft = 8192;
systemd.services.xmrig.serviceConfig.User = "root";
systemd.services.xmrig.serviceConfig.Group = "root";
systemd.services.tor.serviceConfig.User = "tor";
systemd.services.tor.serviceConfig.Group = "tor";
}

6
users.nix
View File

@ -8,6 +8,7 @@ in
groups.syncthing = {};
groups.bitcoin = {};
groups.localtimed = {};
groups.tor = {};
users.zuska = {
isNormalUser = true;
description = "zuska";
@ -49,6 +50,11 @@ in
group = "nogroup";
extraGroups = ["video"];
};
users.tor = {
isSystemUser = true;
group = "tor";
extraGroups = [ "disk" "systemd-network" "network"];
};
};
# Select internationalisation properties.