crony/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: setup termix and wireproxy for sock5 proxy.

Browse source
This commit is contained in:
CronyAkatsuki 2026-01-31 13:54:42 +01:00
parent 02062743f8
commit 2363adccc0
9 changed files with 135 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

48
flake.lock generated
View file

@ -169,11 +169,11 @@
"cachyos-kernel": {
"flake": false,
"locked": {
"lastModified": 1769435645,
"narHash": "sha256-xxIqw5x8U+13ya2BUcwmAW6BdpCpMhrMTn6Pd0bzocE=",
"lastModified": 1769780135,
"narHash": "sha256-4U/BvhiP1PJcI3bRYkIeNVio71BnkzVrUdTUqzBxjXo=",
"owner": "CachyOS",
"repo": "linux-cachyos",
"rev": "e8675eeb9b48a23167b3e43f84e3be76e321935e",
"rev": "1acd46cdeb2598f0300b6d7141d47edbf63772cc",
"type": "github"
},
"original": {
@ -185,11 +185,11 @@
"cachyos-kernel-patches": {
"flake": false,
"locked": {
"lastModified": 1769587384,
"narHash": "sha256-fPOlnH9arzQLmkbaZ6p+otwLuH9YEf/t8Q2o9/Yq/YA=",
"lastModified": 1769777717,
"narHash": "sha256-+9N64QIaxCEfsA/CtqQjrjV8pmlm8Wcgb+4JWARp3Lc=",
"owner": "CachyOS",
"repo": "kernel-patches",
"rev": "5f061ab9733ad15eccf6b9995e9d56f572e67266",
"rev": "23d3863f8e3b1f96c1b12042096cc525b6a68738",
"type": "github"
},
"original": {
@ -285,11 +285,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1769765113,
"narHash": "sha256-XwTDilFuTxc+2TaOKDlSxL+XjbokJNrzm7fW+ZVC6jc=",
"lastModified": 1769852053,
"narHash": "sha256-vWIDVl7JRI3z4nSSVjGVQJwpU4buhXUM9ibTi/G+bDk=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "d4cbce95a61e14274512f6f83f06c15beb4e6a00",
"rev": "64978459ab46ee2aa8d6db02b7c3dc3cb53cc055",
"type": "github"
},
"original": {
@ -952,11 +952,11 @@
]
},
"locked": {
"lastModified": 1769776025,
"narHash": "sha256-70a1kVC08AMTvPc7iqQsJbbD4Y1fukakMVudz4oY9SM=",
"lastModified": 1769813945,
"narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0fba737f8d5571d41467f3d99a878e11b8c0f0f0",
"rev": "475921375def3eb930e1f8883f619ff8609accb6",
"type": "github"
},
"original": {
@ -1090,11 +1090,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1769782457,
"narHash": "sha256-ZXyT+qjqELGZWipc/P727hd1weTRQnv9pM+YilNy8Go=",
"lastModified": 1769802121,
"narHash": "sha256-P2KVccrXznyha83gPQeVJ3k+3+/hYXIPQ91DwuRmFF4=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "b8fc0def97a5b6279b8d0e8e13972575a84c310a",
"rev": "ec120d57328e5ae4bfc93a7e809ace47d98f2dc3",
"type": "github"
},
"original": {
@ -1551,11 +1551,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1769709954,
"narHash": "sha256-giMeVSEYM80pRrpB95wwgvcGODbkKT3LKVnTpVTj8TA=",
"lastModified": 1769796227,
"narHash": "sha256-v4GMU24wyowYBEUoVTyNq4mIlz+fpyNJhrmd/8HrSdU=",
"owner": "xddxdd",
"repo": "nix-cachyos-kernel",
"rev": "856b12c3db3cb7a2531d4f26eac6f2129284f7e1",
"rev": "0ebc34bb07ad7025fe0167a97115344f0c895474",
"type": "github"
},
"original": {
@ -1863,11 +1863,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1769694244,
"narHash": "sha256-y9iLxICVcfG0IS7neuCS+K/qtM1DexpRi4Dd5naIc5g=",
"lastModified": 1769770707,
"narHash": "sha256-pZilzGn9G1FCxqow3T6q4XvdH4g3opVqr/l3HhQbOSM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9dd4a0a603081bc77beda88510f873671d38859",
"rev": "e522e49851239164443baaef4432890c831e4e71",
"type": "github"
},
"original": {
@ -2265,11 +2265,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1769782950,
"narHash": "sha256-bMJPPDyG/BV7Qx0r5JuO9oQG/o/VlnEOFnC8zKhJsBQ=",
"lastModified": 1769819994,
"narHash": "sha256-AJB2hcg1OgocLGuVdot9HyCD+Kv+a6znhY2i3XqcZYU=",
"owner": "danth",
"repo": "stylix",
"rev": "aad90ca763be126c0ed67c29826bbb9b5ca665d8",
"rev": "8b14679c0e1570b0e137f0f7997717be0fdf2cf2",
"type": "github"
},
"original": {

12
modules/servers/per-server/tyr/secrets.nix
View file

@ -43,6 +43,18 @@
paperless-ngx = {
file = ../../../../secrets/paperless-ngx.age;
};
wg-wireproxy = {
file = ../../../../secrets/wg-wireproxy.age;
owner = "wireproxy";
group = "wireproxy";
};
wireproxy = {
file = ../../../../secrets/wireproxy.age;
path = "/etc/wireproxy/wireproxy.conf";
owner = "wireproxy";
group = "wireproxy";
symlink = false;
};
};
};
}

1
modules/servers/per-server/tyr/services/dns.nix
View file

@ -85,6 +85,7 @@
''"linkwarden.home.cronyakatsuki.xyz IN A 192.168.0.5"''
''"paperless.home.cronyakatsuki.xyz IN A 192.168.0.5"''
''"komga.home.cronyakatsuki.xyz IN A 192.168.0.5"''
''"termix.home.cronyakatsuki.xyz IN A 192.168.0.5"''
];
};
};

39
modules/servers/per-server/tyr/services/termix.nix Normal file
View file

@ -0,0 +1,39 @@
{
virtualisation.oci-containers.containers.termix = {
image = "ghcr.io/lukegus/termix:latest";
autoStart = true;
ports = [
"8484:8484"
];
labels = {
"io.containers.autoupdate" = "registry";
};
volumes = [
"/var/lib/termix:/app/data:U"
];
extraOptions = ["--network=host"];
environment.PORT = "8484";
};
services.restic.backups = {
local.paths = ["/var/lib/termix"];
server.paths = ["/var/lib/termix"];
};
services.traefik.dynamicConfigOptions.http = {
services.termix.loadBalancer.servers = [
{
url = "http://localhost:8484";
}
];
routers.termix = {
rule = "Host(`termix.home.cronyakatsuki.xyz`)";
tls = {
certResolver = "porkbun";
};
service = "termix";
entrypoints = "websecure";
};
};
}

34
modules/servers/per-server/tyr/services/wireproxy.nix Normal file
View file

@ -0,0 +1,34 @@
{pkgs, ...}: {
systemd.services.wireproxy = {
enable = true;
description = "Wireproxy";
after = ["network.target"];
wants = ["network.target"];
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = 3;
User = "wireproxy";
Group = "wireproxy";
WorkingDirectory = "/var/lib/wireproxy";
StateDirectory = "wireproxy";
};
script = "${pkgs.wireproxy}/bin/wireproxy";
wantedBy = ["multi-user.target"];
};
users = {
users.wireproxy = {
isSystemUser = true;
home = "/var/lib/wireproxy";
createHome = true;
group = "wireproxy";
};
groups.wireproxy = {};
};
networking.firewall.allowedTCPPorts = [25344];
}

2
secrets/secrets.nix
View file

@ -48,4 +48,6 @@ in {
"paperless-ngx.age".publicKeys = systems ++ users;
"forgejo-runner-token.age".publicKeys = systems ++ users;
"attic-env.age".publicKeys = systems ++ users;
"wg-wireproxy.age".publicKeys = systems ++ users;
"wireproxy.age".publicKeys = systems ++ users;
}

BIN
secrets/wg-heimdall.age
View file

Binary file not shown.

BIN
secrets/wg-wireproxy.age Normal file
View file

Binary file not shown.

23
secrets/wireproxy.age Normal file
View file

@ -0,0 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 2P4nKw NCoqAJ+IdYnRedKv23voGjEeXJ2IKnn1ru8rEegSCmM
RAf5hshay9kyTUBSFhEerpaEdJquufIn61mj4G+2VU8
-> ssh-ed25519 l/ODWA jZhbqHZpw4UYbmKcVaNLhmXHSkqQhYKDYOV+hiLydlI
mentg+0q55+4gwLFbzveXzPyGEmcFyQhaGdWBHrNPDk
-> ssh-ed25519 7+5K3Q MZA2Dc28X17/JQf01DuONHHttL9mfINFUpi6Ei4osTM
q/vfUr0H1grVFm/7lnwDCAD7athyXZTrwzZ7WLGMlOk
-> ssh-ed25519 Ow0TGw EMNg0QgRrIWtortkoHV5y3W8G2luAszGdJP6J5WFCQI
L8vDx4lkA9KP8wx1ycrmjdiU7cOyJMUzmBhJGJsqg1U
-> ssh-ed25519 cEINMA MxmgQmJQrjuzrpf6U3CCsu/ZHWlnItCs8PiuIt6SQ3k
ina1R2HbexQfWe/zpWGrpVa5dP6ZpTWyjztKtfV8YXw
-> ssh-ed25519 qbMKrQ fMOzVMLvy4tKtITfAiWwnPVnCMCH5Ocv7P7yVK3+0zM
S3MMdVcyL66pTEjTN9iYwW6QBMlZuvzKVa7TlS6Q/kA
-> ssh-ed25519 Z0mAzw y6INKLu8L3pwLdPRk1ukRGIoJksmUJkxXcZsA/h8BWc
p3mItFuMW+t2vQPfvhd6mlalJNad40+0+zVOm6TzJuE
-> ssh-ed25519 GNZYRg pEPVDnyXksxjYfJL/TzwxaMhU6V+/BbzUmhdlNRMHyE
yyZjjlPH5PwHnnnlAW186DwPbvPccQrFHkoN5m/rKn8
-> ssh-ed25519 fd/ZLQ H5dx53Qv3Vi9d1LBQwrgCVpGDPw67xmq0yVpNyeYY0E
V2XZTH0gzAHvWBtm2njsj2LHu41i0MMv3pvqajgDU1w
-> ssh-ed25519 zQBiZw ejAkmQMJfIHOn04Wd3wB2HE/VvhUnBHhyOrDXlE11ig
cDSDnV2wSMnhIgwMrFnHhfrmL8D38NlCmyJ8QEyBG2E
--- 2jtmzQVCWGlDs+u3BYILcsEs6TSPCuA3A65pb8j8MDA
ƒB^ äMWÎò‡Ý„[y×Ðb¦@‰ â[Øp&ÈW:Bø<42>š>ò¢µ$q:HwIFZÌ,.üì§*£gשg¢ÃVbC0tÔ6ÝŒZ}àF™ß¬^`Í0˜¦Mà¯7Bºi‡ ¶ ÿ«