weilite: more media services

.sops.yaml

@@ -7,7 +7,7 @@ keys:
   - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
   - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta
   - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml
-  - &host-hk-00 age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu
+  - &host-hk-00 age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9
 creation_rules:
   - path_regex: machines/calcite/secrets.yaml
     key_groups:

flake.lock

@@ -61,26 +61,6 @@
         "type": "github"
       }
     },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1732221404,
-        "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -616,7 +596,6 @@
       "inputs": {
         "catppuccin": "catppuccin",
         "colmena": "colmena",
-        "disko": "disko",
         "flake-utils": "flake-utils_2",
         "home-manager": "home-manager",
         "my-nixvim": "my-nixvim",

flake.nix

@@ -37,11 +37,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    disko = {
-      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     nix-index-database = {
       url = "github:Mic92/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -71,7 +66,6 @@
       nix-vscode-extensions,
       colmena,
       nix-index-database,
-      disko,
       ...
     }:
     let
@@ -113,7 +107,6 @@
         hk-00 = [
           ./machines/dolomite/claw.nix
           ./machines/dolomite/common.nix
-          disko.nixosModules.disko
         ];
         la-00 = [
           ./machines/dolomite/bandwagon.nix

garnix.yaml

@@ -0,0 +1,10 @@
+builds:
+  include:
+    - '*.x86_64-linux.*'
+    - defaultPackage.x86_64-linux
+    - devShell.x86_64-linux
+    - homeConfigurations.x86_64-linux.*
+    - homeConfigurations.aarch64-linux.*
+    - darwinConfigurations.*
+    - nixosConfigurations.*
+

machines/dolomite/claw.nix

@@ -18,38 +18,6 @@
       "xen_blkfront"
       "vmw_pvscsi"
     ];
-
-    disko.devices = {
-      disk = {
-        main = {
-          device = "/dev/vda";
-          type = "disk";
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                type = "EF00";
-                size = "500M";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                };
-              };
-              root = {
-                size = "100%";
-                content = {
-                  type = "filesystem";
-                  format = "xfs";
-                  mountpoint = "/";
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-
     boot.initrd.kernelModules = [ ];
     boot.kernelModules = [ ];
     boot.extraModulePackages = [ ];
@@ -58,6 +26,11 @@
       device = "/dev/vda";
     };
 
+    fileSystems."/" = {
+      device = "/dev/vda1";
+      fsType = "ext4";
+    };
+
     swapDevices = [ ];
 
     # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

machines/dolomite/common.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
   config = {
     sops = {
@@ -29,7 +29,9 @@
 
     commonSettings = {
       auth.enable = true;
-      proxyServer.enable = true;
+      proxyServer = {
+        enable = true;
+      };
     };
   };
 

machines/dolomite/lightsail.nix

@@ -39,6 +39,13 @@ in
       fsType = "vfat";
     };
 
+    swapDevices = [
+      {
+        device = "/var/lib/swapfile";
+        size = 4 * 1024;
+      }
+    ];
+
     boot.extraModulePackages = [ config.boot.kernelPackages.ena ];
     boot.initrd.kernelModules = [ "xen-blkfront" ];
     boot.initrd.availableKernelModules = [ "nvme" ];

machines/dolomite/secrets/hk-00.yaml

@@ -1,5 +1,5 @@
-wg_private_key: ENC[AES256_GCM,data:rzWGmeKVKjSaViN7fkgwLXdD7gLwTaNd9dtTdj6POMXqjk6uYNXKhKES/d0=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:Pz8P7mq1DpGPVwgTTFmFiw==,type:str]
+wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str]
-wg_ipv6_local_addr: ENC[AES256_GCM,data:SuRSCFKW5MM2mtDNNfa3By7hrz66Y+nw/Ij+uO0MHwklAlkydVVKi89D,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:DjZjY54Pb1AHIyyzQIlHaw==,type:str]
+wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -9,23 +9,23 @@ sops:
         - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNXJzOHF2M3RkV2MxeThi
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UUhoT3hSSmhEM3ZteDhJ
-            NzFXcHg2QVZzQXZWMlFibE10MnhiekJnSVNzCjJ4TVBXZmk1ZWk5Rjl0WUlHNWc2
+            VWdweThOUHVLVlNBUW5yVXpMOTN3UTNTbkd3CmlZL21yYWJvaW1VRGl5a0JCSVA5
-            bUdHcCsraEpWb2hqVDAxaVpNdC9SOXMKLS0tIFJ2amxtTXY2VnF2NUlVYXdJZG5R
+            RUdndFJqSnRCUllXTmNERkU2UHJIV3cKLS0tIFYvZkhpaDZEcVNCMzhZNzV2K0J4
-            RHk3SjZIUTQ3VmJpcElmMXd3dFp1RVEKQCe/BYPU9b8aNsTV1z5VKfnesp8KT98T
+            QklidnA5Qmd0dGQ3UEFLdFBmaVNLajQKgw2HN9ksquyh+FV1c8OuThFSJlzGGgXM
-            iRWUz4cuNLEUbmO9H2AuoM2iVtsFmYyPRz2NlSPUMdCHR7MnAGbkFg==
+            HhmTFOrGBwLF2N8XGpVp+HcFnIWzjjK62sAVsomO/ak3Schg8283vg==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu
+        - recipient: age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY25mNU1DVnc5eHdPWlpt
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NU5RREplWEdsUkJiTVEx
-            a2RtMVRLa3BwRTJQbWIrREcrRGtSdHNsUnpvCkZQN1k0blBON1FLOG5SeFRRalc3
+            QXdNUXlkdGdFQU5PZ2lwYTFmdHFUei9Fcnc0CjB1bjhuM3dhUXd3aEpwdlFMeith
-            UTUvNVV6RXpxZmUzVGJlMEVkRzVqUFEKLS0tIHpNYWdaTkMycGp3WW9VNkYrUzZD
+            aXFYV1hVVjd1SUwvNmhyeGNBMUZtT3cKLS0tIDFkQk9NN09zUFBuWm83R1hmWDZk
-            NmhOZldZa2lQVEFQQk8zNFI3dm1QaHcKdTuNNHPE/Co4Eg5KWfIFb47w4nt6n7K4
+            QWVGWVB5Rk1DcVBuSzFYRmRsOU5jL0kK0z3uFNq6dl67YepenXjoIkdV6sZaA7jB
-            7gSrkobL+aZJTGZcEjwh6LsqmxoPbU0jyVk6Lb8cv2I71p1UcF32JA==
+            QHe2qz1SzrQQ/7Lqf8aZNT6W5IwkNHpht27jetl119DerOhx6N58vQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-22T07:15:56Z"
+    lastmodified: "2024-10-17T10:52:20Z"
-    mac: ENC[AES256_GCM,data:fJcdcoGiqkEPOyINmCjLf+PUc46pCkjZB8q8CE1vxpgLQg+SuaYRByVTuse1xHPVj/ytBiHFHk9btEFcf4F69IyMJl7abuIakTvJctkfs1Y1/lSiDvYBi8+S6n1Oloj63osRX0XKKIabju262zb7KsA6Vyxg9hSJI54dbVRkCqg=,iv:a0dHwBQbQJm1grg9S4T6VMg8177px0sc19GWvvUJYDs=,tag:T1CivleWWnijQQDm/3xP4A==,type:str]
+    mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1

machines/dolomite/secrets/secrets.yaml

@@ -1,6 +1,6 @@
 sing-box:
-    password: ENC[AES256_GCM,data:YfMSwvgAu7wBEYCP9/L+FFVdd9dL1Ls3,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:/94NFyVHzPIkqn+/NzKTHQ==,type:str]
+    password: ENC[AES256_GCM,data:aifvj/rBvmIF6M4SJ6j4rkw0J0oBGUmO,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:10zUgbP2exTQ4KK0zeMM2A==,type:str]
-    uuid: ENC[AES256_GCM,data:bDjrhciE0lttJfdL8cvGSf7/gdMRu/Fid+q0yBUqEvWH5ZSm,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:s0HwGkhqvnCQkzfbTEHUWw==,type:str]
+    uuid: ENC[AES256_GCM,data:ZPEqllAXeLMyVEp/6+9LSL346J2tiuM5tYs404/vp9rnkrvc,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:BHU+ScDBeWnctkDBRnm+4g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -10,50 +10,50 @@ sops:
         - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc0ZvdUIzRXJhVVRuTWZ6
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZUYrRUY0N3hOczFUR2Fq
-            dkN5OTVDR0tWSXhBZEI1U2srLzJmSnMvOXk4ClhaWk15Wng5WHJPVmtNSTM2OHpF
+            amx5RHAwVnRoTStlTlJISkk5TUFCaDhuUGxjCmVYbExkK1AzbURVWXNvU0Zkcjg5
-            ZWUrcXNKV21BZ05xMkRwcnFRVkFGd0EKLS0tIGQ1c3psYmV5YXZZR1N6WjZRQndH
+            ZTlWK0ExVnNNWmxJMkxlcHkxd1MvWkkKLS0tIFY3a3FoNzl2bitYTTl1R1R4K3hz
-            TW5WeXVXS2ZtRklPbEs4S1BGYVFxSncKmwg7cINY6Vk8WCWdOEk8quBn67tiieiD
+            ZlcxT243dzd0amlHSmpOc1AvakNjRlkKwT2hNwDsc3WZkJ05Qq8INnG9Ii0iswqT
-            6bWyq+OQbDoAzwOdZ1Bt6q7YrTWSlrFjs8mk/YWUSFmn2g25grKABg==
+            jnvMt9VTkZ8JHsq5vCaV+TtM3kswuw6hF9UoHdRM/JIvqMdPkXuZoQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbUhaSXdmbXJmUGtHb1lr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSzkzMmU2SUMvWXVFRHM4
-            Sk1GSGJUMHhNQ1lET2VleXlmcDBPd3NodlNNCmRWVUNQOExWVzI0VzR3Wk0vbkp5
+            dWhsbEtFSUhHem1NZ1Q5aWJJWWlqelcyT2hBClRIeDE1M20vdm5rQnRvLzBGWnk3
-            NmV4NlUrbUxNbWdMNGNRdDdvbzhsSmsKLS0tIHgyVFI3REcySGRLai9lVTI2VWpn
+            aFZ2MFlrUHRudSt5M1Rod3NrUS8rdkEKLS0tIHlPSFUvUC93WlU5dHdaV0R6dTFh
-            enVSUjBoRHN3ekc2ci9oaUhqdnRiVHMKAS+KAsqqF/xm80mucgpHbky2Lw3k/kxH
+            c203K2VHb2hsSTBjOWxpUStOQ2VYTFEKbDTeoUSBFWB3W/fxS471aTysahlQUJ6D
-            iQGzhzMsNY3jY/nSARcRjWSRrugDtK5ou+rJySGCOov7U2AlulZl3A==
+            JvvUJL63Y2XpvCQVCduO+Kl9A7B7LGran+2SUzqHBisQyR2eUcg/HQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha21uc3dQZWZTQmp0Q0pT
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZDBtTWxZbGpZRlYvMnpE
-            WEk5cy9oUm1yN2FxdDU4THIySEk2SDJrMVd3CnZ6c2VneTMwRC8vUG5sM0s1SHNx
+            MTNEQXZJdGRpMmV0azhXbE1UeWlqZjdKQlhFCkU4RlBZUmdpTC9TamVwREFnM1Nt
-            dm9mSDdhem1CdkpPQ0dpY2pSbzN0Nk0KLS0tIEpLVGtBSEsyMnpFSk81ekRhVU84
+            eDZ0SDRQUmMxYmJ1bnBSS29qNGQ4THMKLS0tIDhVMWJoWTNBWjAyMHc0K2Z5Zjhi
-            bTRzTS8wemRHNUJrZWJlc2l0bXFIN3MK8IB0DBkJdTU4evQO41hf/GKGvSm39bWd
+            UkU5dEpjSGZKOERPR2hUQ1lBK1ZXSWsKo/76+/Iq9sxJGxuk81yMBaX+mg98FD8p
-            CDKCn62RnWLEDlq3xRddqQnr4ogk/6D0lhxvbrN8obCq+Ev1wakAcg==
+            F/PY4/oJjaUmpErdrWuE7Tgjycx+DTSDJv1ESyvLC6NPnXTRlZgg6A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbEpyNkhrZ0lldU9Bc0lr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTjFsZ1o1alBIV2JkKy9j
-            Q21ENWFOS0UwK1gzZ1A1SjFKUkRzUTNBV0gwCnBYY0dPakZnaVJWekdlS2hUaXIx
+            ajArY1RydFllc1VLc3dQek5IcXNyWTIxNDBzCkhKYzdHSXowaGhnY2E5aVRPaDNJ
-            a3J2VjhCalVPMk5qcFkzekpYR0Y2WUEKLS0tIEhYQWUxZjIvTit4R0hHMDYxZXpu
+            M3NOZEd1UHg4MDd3YTNidld5UGhKYUUKLS0tIG9QVlV3UXNSSXp6L3djaXZjcTNL
-            amV1YmxraDRETmdmTmU3ekhQdGlOVjAKzJGI5WomWDMSLHeJZ8Rka4rRv6AEaYnp
+            bmVYb1g3NnBOekZkUFNlOVZFY2N6YVUKsdTgykgHkFSQJfZeNJz2TkcDENg84plG
-            NgYpsDF6uhB2a270xzGDHXOUjRFUMhYiz3p+tN/RSzt00Ks/q5SyPg==
+            zBqz6HP6AK6SBI7C/lPus0VXuzjDVDr29jvemBQ3cNBodc6yKyReAQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu
+        - recipient: age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRWwwSTd6cGJpZXl6ZjZk
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNUF4cWwrZ0Vlb0Nxbk0z
-            TlJySzdxNXlNMWdjVisrZEUxQWVuNXVqb1NBCklTSkVST092MURDL0JhT1dpWGR1
+            VnRucWJVK2h0MG13YVkyMlJNZ3RxRmJqUlRBCmxrckV1a0xnSEhvWUN4RmF2ZHBl
-            QzdJbXROM2ZIRjZUUG5FaFBUVUNHWTgKLS0tIHJycG8vUGJoOVNCcmxwVVlJQ0NO
+            VkFicWlnR0dvTmRBQ21NWVo4aFNQRmsKLS0tIEMxVGxTRHp6ZGJzYksxY1BUKzBh
-            NlBsZmpCODUwNThCc1RrUkNHMWdQeUUKRHsKHjCRmJ0L5W7Aw5LTf0jlulvBOt4u
+            Yk52TS81REhJd0lLRVpMZnhGMDRMK0UKzph2gK0LXqu44zQXGoGbyPjte2t4BqHE
-            IQWkyuw/5Co3cS9DHZ41zlFDKld/+jr1DFpATUSvSTFL+laNcwWwCQ==
+            WAufrQiamOgA7TUZYlZApzYhEY6iIbs/t7BQPn/OKZwzRYdXnzxqiw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-22T07:16:07Z"
+    lastmodified: "2024-11-22T05:51:19Z"
-    mac: ENC[AES256_GCM,data:ldGU1of+oldDpdgGrlryUSsudUjk2FOKQ/4krY+5fOb07NRl0nvVgWBhVoHbY7JgdFO9EXxJfhLe/vkxjeQ6XxbZQkJFaXBY8MM4S8CPFdUwd2Ebr6e+aNvJR586LtZOfJ0cU8zr/DGm00zIaQParbzXPLq2fvahKgzqv84bM3Y=,iv:ZBzkMkkRRtJ9lIOdrG1fC0YayPZlT7Gsdos7ulFJjD0=,tag:3rSlPFWeVNfeyTIia0hU2w==,type:str]
+    mac: ENC[AES256_GCM,data:LPUb7YbELPsgYX+LvfuGdiNG1B5ZrvyRVZL9UiMHoJMDHaWpDGCQkT1bk5jEOewwFh+StK560UsPK4uW0+SqADJO80rmM3xfqlp5Ul2HJ8mU19l5C6FLpv2REIzhCp333rNJJlyhn3H6GZgMaWnjjLSX9XMOVaq1iz6Qt0P76SI=,iv://EdDr5D51RFuucq8gkei2RC7H2bkRYxP/7lerp9dtk=,tag:JrRQ19sZ0OAZouMgOiU/tQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1

machines/weilite/services/media-download.nix

@@ -1,6 +1,23 @@
+{ pkgs, ... }:
 {
   services.jackett = {
     enable = true;
+    package = pkgs.jackett.overrideAttrs {
+      src = pkgs.fetchFromGitHub {
+        owner = "jackett";
+        repo = "jackett";
+        rev = "v0.22.998";
+        hash = "sha256-CZvgDWxxIAOTkodgmFNuT3VDW6Ln4Mz+Ki7m91f0BgE=";
+      };
+    };
     openFirewall = false;
   };
+
+  services.sonarr = {
+    enable = true;
+  };
+
+  services.radarr = {
+    enable = true;
+  };
 }

modules/nixos/common-settings/proxy-server.nix

@@ -1,7 +1,6 @@
 {
   config,
   lib,
-  pkgs,
   ...
 }:
 
@@ -32,7 +31,9 @@ let
             tag = "sg0";
             type = "trojan";
             listen = "::";
-            listen_port = 8080;
+            listen_port = cfg.trojan.port;
+            tcp_multi_path = true;
+            tcp_fast_open = true;
             users = [
               {
                 name = "proxy";
@@ -63,51 +64,77 @@ let
           ];
           tls = singTls;
         });
-      outbounds = [
+      outbounds =
-        {
+        # warp outbound goes first to make it default outbound
-          type = "wireguard";
+        (lib.optionals (cfg.warp.onTuic or cfg.warp.onTrojan) [
-          tag = "wg-out";
-          private_key = {
-            _secret = config.sops.secrets.wg_private_key.path;
-          };
-          local_address = [
-            "172.16.0.2/32"
-            { _secret = config.sops.secrets.wg_ipv6_local_addr.path; }
-          ];
-          peers = [
-            {
-              public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=";
-              allowed_ips = [
-                "0.0.0.0/0"
-                "::/0"
-              ];
-              server = "162.159.192.1";
-              server_port = 500;
-            }
-          ];
-        }
-        {
-          type = "direct";
-          tag = "direct";
-        }
-      ];
-      route = {
-        rules = [
           {
-            inbound = "sg0";
+            type = "wireguard";
-            outbound = "direct";
+            tag = "wg-out";
+            private_key = {
+              _secret = config.sops.secrets.wg_private_key.path;
+            };
+            local_address = [
+              "172.16.0.2/32"
+              { _secret = config.sops.secrets.wg_ipv6_local_addr.path; }
+            ];
+            peers = [
+              {
+                public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=";
+                allowed_ips = [
+                  "0.0.0.0/0"
+                  "::/0"
+                ];
+                server = "162.159.192.1";
+                server_port = 500;
+              }
+            ];
           }
+        ])
+        ++ [
+
           {
-            inbound = "sg4";
+            type = "direct";
-            outbound = "direct";
+            tag = "direct";
           }
         ];
+      route = {
+        rules =
+          [
+            {
+              inbound = "sg4";
+              outbound = "direct";
+            }
+          ]
+          ++ (lib.optionals (!cfg.warp.onTuic) (
+            lib.forEach (lib.range 1 3) (i: {
+              inbound = "sg${toString i}";
+              outbound = "direct";
+            })
+          ))
+          ++ (lib.optionals (!cfg.warp.onTrojan) [
+            {
+              inbound = "sg0";
+              outbound = "direct";
+            }
+          ]);
       };
     };
 in
 {
   options.commonSettings.proxyServer = {
     enable = mkEnableOption "sing-box as a server";
+
+    trojan = {
+      port = mkOption {
+        type = lib.types.port;
+        default = cfg.trojan.port;
+      };
+    };
+
+    warp = {
+      onTrojan = mkEnableOption "forward to warp in trojan";
+      onTuic = mkEnableOption "forward to warp in first two port of tuic";
+    };
   };
 
   config = mkIf cfg.enable {
@@ -132,7 +159,7 @@ in
 
     networking.firewall.allowedTCPPorts = [
       80
-      8080
+      cfg.trojan.port
     ];
     networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314);