From 4db5ca4c1ea192aabb19d0bdc50bd08781cf20d6 Mon Sep 17 00:00:00 2001
From: zendicartus <zanderwar@mail.i2p>
Date: Sun, 25 Dec 2022 09:49:19 +0300
Subject: [PATCH] Update server configuration

Remove i2pd as it moved to another server, cleanup.

Signed-off-by: zendicartus <zanderwar@mail.i2p>
---
 configuration.nix          |  10 +-
 hardware-configuration.nix |   2 +-
 packages.nix               |   2 +-
 services.nix               | 253 ++++---------------------------------
 users.nix                  |   6 +
 5 files changed, 31 insertions(+), 242 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index c85fceb..c25d2b9 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -49,9 +49,6 @@ in
     opengl.extraPackages = with pkgs; [
       libvdpau-va-gl
       libva
-      # rocm-opencl-icd
-      # rocm-opencl-runtime
-      # khronos-ocl-icd-loader
       ocl-icd
       libclc
       mesa.opencl
@@ -61,7 +58,7 @@ in
   powerManagement.cpuFreqGovernor = "performance";
 
   system = {
-    stateVersion = "21.11";
+    stateVersion = "22.05";
     autoUpgrade.enable = true;
     autoUpgrade.allowReboot = true;
   };
@@ -130,10 +127,5 @@ in
   };
 
   time.timeZone = "Europe/Moscow";
-
-  # virtualisation.docker.enable = true;
-  systemd.extraConfig = "DefaultLimitNOFILESoft=524288";
-  systemd.services.i2pd.serviceConfig.LimitNOFILESoft = pkgs.lib.mkForce 524288;
-  systemd.services.i2pd.serviceConfig.LimitNOFILE = pkgs.lib.mkForce 524288;
 }
 
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index 564fd01..77bb89e 100644
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -9,7 +9,7 @@
     ];
 
   boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
diff --git a/packages.nix b/packages.nix
index 57c6fa9..7e54cef 100644
--- a/packages.nix
+++ b/packages.nix
@@ -8,7 +8,7 @@
         htop
         iotop
         lm_sensors
-        miniupnpc_2
+        miniupnpc
         nano
         opencl-headers
         radeontop
diff --git a/services.nix b/services.nix
index 5c5ecf9..7798e43 100644
--- a/services.nix
+++ b/services.nix
@@ -14,12 +14,11 @@ in
       configText = ''
         UPSTYPE usb
         NISIP 127.0.0.1
-        BATTERYLEVEL 30
-        MINUTES 10
+        BATTERYLEVEL 7
+        BEEPSTATE N
       '';
     };
-    geoclue2.enable = false;
-    localtime.enable = true;
+    #localtime.enable = true;
     locate.enable = true;
     nfs.server.enable = true;
     openssh.enable = true;
@@ -60,8 +59,8 @@ in
         dht = false;
         proxy = {
           type = 4;
-          hostname = secrets.ip.address;
-          port = secrets.ports.privoxy;
+          hostname = secrets.wg_settings.host_ip;
+          port = secrets.ports.tinyproxy;
           proxy_hostnames = true;
           proxy_peer_connections = true;
           proxy_tracker_connections = true;
@@ -78,136 +77,6 @@ in
         openFirewall = true;
       };
     };
-    i2pd = {
-      enable = true;
-      share = 50;
-      bandwidth = 65536;
-      dataDir = "/srv/i2pd";
-      port = secrets.ports.i2pd.main;
-      logLevel = "info";
-      addressbook.subscriptions = [
-        "http://inr.i2p/export/alive-hosts.txt"
-        "http://i2p-projekt.i2p/hosts.txt"
-        "http://stats.i2p/cgi-bin/newhosts.txt"
-        "http://reg.i2p/export/hosts-all.txt"
-      ];
-      exploratory.outbound = {
-        quantity = 5;
-        length = 2;
-      };
-      exploratory.inbound = {
-        quantity = 5;
-        length = 2;
-      };
-      ntcp2 = {
-        published = true;
-        port = secrets.ports.i2pd.ntcp;
-      };
-      upnp.enable = true; # BUG: not working with wg (at least for now)
-      proto.http = {
-        enable = true;
-        address = secrets.ip.address;
-        port = secrets.ports.i2pd.http;
-      };
-      proto.httpProxy = {
-        enable = true;
-        address = "127.0.0.1";
-        port = secrets.ports.i2pd.httpProxy;
-        outbound = {
-          quantity = 5;
-          length = 4;
-        };
-        inbound = {
-          quantity = 5;
-          length = 4;
-        };
-      };
-      proto.sam = {
-        enable = true;
-        port = secrets.ports.i2pd.sam;
-      };
-      proto.socksProxy = {
-        enable = true;
-        outproxyEnable = true;
-        address = secrets.ip.address;
-        port = secrets.ports.i2pd.socks;
-        outproxyPort = secrets.ports.tor.client;
-        outbound = {
-          quantity = 5;
-          length = 4;
-        };
-        inbound = {
-          quantity = 5;
-          length = 4;
-        };
-      };
-      inTunnels = {
-        monero-p2p = {
-          enable = true;
-          name = "monero-p2p";
-          address = "127.0.0.1";
-          port = secrets.ports.monero.p2p-i2p;
-          destination = secrets.monero.i2p-p2p;
-          outbound = {
-            quantity = 5;
-            length = 4;
-          };
-          inbound = {
-            quantity = 5;
-            length = 4;
-          };
-        };
-        monero-rpc = {
-          enable = true;
-          name = "monero-rpc";
-          address = "127.0.0.1";
-          port = secrets.ports.monero.rpc;
-          destination = secrets.monero.i2p-rpc;
-          outbound = {
-            quantity = 5;
-            length = 4;
-          };
-          inbound = {
-            quantity = 5;
-            length = 4;
-          };
-        };
-      };
-      outTunnels = {
-        postman-smtp = {
-          enable = true;
-          name = "smtp";
-          address = secrets.ip.address;
-          port = secrets.ports.i2pd.smtp;
-          destination = "smtp.postman.i2p";
-          destinationPort = 25;
-          outbound = {
-            quantity = 5;
-            length = 4;
-          };
-          inbound = {
-            quantity = 5;
-            length = 4;
-          };
-        };
-        postman-pop = {
-          enable = true;
-          name = "pop3";
-          address = secrets.ip.address;
-          port = secrets.ports.i2pd.pop;
-          destination = "pop.postman.i2p";
-          destinationPort = 110;
-          outbound = {
-            quantity = 5;
-            length = 4;
-          };
-          inbound = {
-            quantity = 5;
-            length = 4;
-          };
-        };
-      };
-    };
     jellyfin = {
       user = secrets.plex.user;
       group = secrets.plex.group;
@@ -221,28 +90,6 @@ in
       enable = true;
       openFirewall = true;
     };
-    #forward-socks5t = "/ ${secrets.ip.address}:${toString secrets.ports.i2pd.socks} .";
-    privoxy = {
-      enable = true;
-      settings = {
-        listen-address  = "${secrets.ip.address}:${toString secrets.ports.privoxy}";
-        forward-socks5t = ''
-          / 127.0.0.1:${toString secrets.ports.tor.client} .
-          forward .i2p 127.0.0.1:${toString secrets.ports.i2pd.httpProxy}
-        '';
-        debug           = [ 128 64 ];
-        accept-intercepted-requests = true;
-        connection-sharing = false;
-        keep-alive-timeout = 0;
-      };
-      userActions = ''
-        { -block }
-        rutracker.i2p/*
-        rutracker.org/*
-        agoradesk.i2p/*
-        lm.i2p/*
-        '';
-    };
     syncthing = {
       enable = true;
       user = "syncthing";
@@ -250,6 +97,10 @@ in
       configDir = "/srv/syncthing/config";
       guiAddress = "${secrets.ip.address}:${toString secrets.ports.syncthing}";
       relay.listenAddress = "${secrets.wg_settings.ip}";
+
+      openDefaultPorts = true;
+      overrideDevices = true;
+      overrideFolders = true;
       #todo: use tor as socks proxy
     };
     transmission = {
@@ -282,80 +133,19 @@ in
       enable = true;
       openFirewall = true;
       enableGeoIP = false;
-      relay.onionServices.monero = {
-        version = 3;
-        map = [{
-          port = secrets.ports.monero.rpc;
-          target = {
-            addr = "127.0.0.1";
-            port = secrets.ports.monero.rpc;
-          };
-        }
-        {
-          port = secrets.ports.monero.p2p-tor;
-          target = {
-            addr = "127.0.0.1";
-            port = secrets.ports.monero.p2p-tor;
-          };
-        }];
-      };
       settings = {
         CookieAuthentication = true;
         CookieAuthFileGroupReadable = true;
-        # CacheDirectory = "/etc/tor/cache";
-        CookieAuthFile = "/var/lib/tor/auth_cookie";
+        DataDirectoryGroupReadable = true;
         CacheDirectoryGroupReadable = true;
-        SOCKSPort = [ secrets.ports.tor.main ];
         ControlPort = secrets.ports.tor.control;
       };
       client = {
         enable = true;
-        socksListenAddress = {
-          IsolateDestAddr = false;
-          addr = "127.0.0.1";
-          port = secrets.ports.tor.client;
-        };
-      };
-    };
-    xmrig = {
-      enable = false;
-      package = pkgs.xmrig;
-      settings = {
-        autosave = true;
-        opencl = {
-          enabled  = false;
-          platform = 0;
-          loader = "/run/opengl-driver/lib/libOpenCL.so";
-          cache = true;
-          adl = true;
-        };
-        donate-level = 1;
-        cuda = false;
-        pools = [
-          {
-            url  = "pool.supportxmr.com:443";
-            user = "4A7cHL2unvXS1Eh43TmsZqTqpy9dMoRURD5dsJg7jDMYNqFHMSMm3jtjGmd2TuoNsM5DFi7p6NYeGgWSFWatiRS7R7oiqPR";
-            pass = "server";
-           # nicehash = false;
-            keepalive = true;
-            tls = true;
-          }
-        ];
-        cpu = {
-          enabled = true;
-          memory-pool = true;
-          priority = 5;
-          # rx = {
-          #   intensity = 1;
-          #   threads   = 3;
-          #   affinity  = -1;
-          # };          
-          # max-threads-hint = 75;
-        };
       };
     };
     monero = {
-      enable = true;
+      enable = false;
       dataDir = "/srv/monero/data";
       rpc = {
         address = secrets.wg_settings.ip;
@@ -375,15 +165,18 @@ in
         confirm-external-bind=1
         rpc-ssl=autodetect
         db-sync-mode=safe
-        out-peers=512
-        in-peers=1024
+        out-peers=128
+        in-peers=128
         # P2P full node
         p2p-bind-ip=0.0.0.0
         p2p-bind-port=${toString secrets.ports.monero.p2p-public}
-        tx-proxy=i2p,${secrets.ip.address}:${toString secrets.ports.i2pd.socks}
-        tx-proxy=tor,127.0.0.1:${toString secrets.ports.tor.main}
+        tx-proxy=i2p,${secrets.wg_settings.host_ip}:${toString secrets.ports.i2pd.socks},64
+        tx-proxy=tor,${secrets.wg_settings.host_ip}:${toString secrets.ports.tor.main},64
         rpc-restricted-bind-ip=0.0.0.0
         rpc-restricted-bind-port=${toString secrets.ports.monero.rpc}
+        no-igd=1
+        no-zmq=1
+        max-txpool-weight=268435456
         # Tor: add P2P seed nodes for the Tor network
         # For an up-to-date list of working nodes see https://www.ditatompel.com/monero/node-peers
         add-peer=4egylyolrzsk6rskorqvocipdo4tqqoyzxnplbjorns7issmgpoxvtyd.onion:18083
@@ -413,14 +206,12 @@ in
         add-peer=4q6ps46l3wv2x6zn7faeliycpdwldohex5oc4slplud65o6lpleq.b32.i2p
         add-priority-node=s3l6ke4ed3df466khuebb4poienoingwof7oxtbo6j4n56sghe3a.b32.i2p
 
-        anonymous-inbound=${secrets.monero.i2p-p2p},127.0.0.1:${toString secrets.ports.monero.p2p-i2p}
-        anonymous-inbound=${secrets.monero.tor}:${toString secrets.ports.monero.p2p-tor},127.0.0.1:${toString secrets.ports.monero.p2p-tor}
+        anonymous-inbound=${secrets.monero.i2p-p2p},${secrets.wg_settings.ip}:${toString secrets.ports.monero.p2p-i2p},64
+        anonymous-inbound=${secrets.monero.tor}:${toString secrets.ports.monero.p2p-tor},${secrets.wg_settings.ip}:${toString secrets.ports.monero.p2p-tor},64
         disable-rpc-ban=1
      '';
     };
   };
-  systemd.services.i2pd.serviceConfig.LimitNOFILESoft = 8192;
-  systemd.services.xmrig.serviceConfig.User = "root";
-  systemd.services.xmrig.serviceConfig.Group = "root";
-
+  systemd.services.tor.serviceConfig.User = "tor";
+  systemd.services.tor.serviceConfig.Group = "tor";
 }
diff --git a/users.nix b/users.nix
index ca2a01b..1c431f6 100644
--- a/users.nix
+++ b/users.nix
@@ -8,6 +8,7 @@ in
       groups.syncthing = {};
       groups.bitcoin = {};
       groups.localtimed = {};
+      groups.tor = {};
       users.zuska = {
         isNormalUser = true;
         description = "zuska";
@@ -49,6 +50,11 @@ in
          group = "nogroup";
          extraGroups = ["video"];
        };
+       users.tor = {
+         isSystemUser = true;
+         group = "tor";
+         extraGroups = [ "disk" "systemd-network" "network"];
+       };
     };
 
   # Select internationalisation properties.