titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:016520c57992a98e70f8b239ec9272ccc67a7b38
Branches Tags
titaniumtown:main
...
compare: titaniumtown:a61fedb015f04216ffab9745852775a85735b4f7
Branches Tags
titaniumtown:main

5 Commits
016520c579 ... a61fedb015

Author SHA1 Message Date
Simon Gardling
a61fedb015 fail2ban: ignoreip from local network 2026-01-27 18:51:08 -05:00
Simon Gardling
2183ea8363 update 2026-01-26 23:09:22 -05:00
Simon Gardling
27ffe38ed3 xmrig: 12 threads 2026-01-26 17:51:16 -05:00
Simon Gardling
a0e6b8428e xmrig: 1gb pages 2026-01-26 14:25:25 -05:00
Simon Gardling
0b01fc3f28 xmrig 2026-01-26 14:15:27 -05:00
5 changed files with 97 additions and 27 deletions
Expand all files Collapse all files

1
configuration.nix
View File

@@ -39,6 +39,7 @@
./services/bitwarden.nix ./services/bitwarden.nix
./services/monero.nix ./services/monero.nix
./services/xmrig.nix
# KEEP UNTIL 2028 # KEEP UNTIL 2028
./services/caddy_senior_project.nix ./services/caddy_senior_project.nix

54
flake.lock generated
View File

@@ -27,11 +27,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1767744144, "lastModified": 1769287525,
"narHash": "sha256-9/9ntI0D+HbN4G0TrK3KmHbTvwgswz7p8IEJsWyef8Q=", "narHash": "sha256-gABuYA6BzoRMLuPaeO5p7SLrpd4qExgkwEmYaYQY4bM=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "2fb033290bf6b23f226d4c8b32f7f7a16b043d7e", "rev": "0314e365877a85c9e5758f9ea77a9972afbb4c21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -261,11 +261,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1769175598, "lastModified": 1769417433,
"narHash": "sha256-xGlAdk2c1mVxOTMzzCYHDYuXaBMoH1BTr2nJOGkY/SQ=", "narHash": "sha256-0WZ7I/N9InaBHL96/qdiJxg8mqFW3vRla8Z062JmQFE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "1bea6e953d06da77729edd0004291ced527bcb4a", "rev": "1902463415745b992dbaf301b2a35a1277be1584",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -298,11 +298,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1769086393, "lastModified": 1769302137,
"narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=", "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca", "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -314,11 +314,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1769089682, "lastModified": 1769318308,
"narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", "narHash": "sha256-Mjx6p96Pkefks3+aA+72lu1xVehb6mv2yTUUqmSet6Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "078d69f03934859a181e81ba987c2bb033eebfc5", "rev": "1cd347bf3355fce6c64ab37d3967b4a2cb4b878c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -354,11 +354,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767281941, "lastModified": 1769069492,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -394,11 +394,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768272338, "lastModified": 1769309768,
"narHash": "sha256-Tg/kL8eKMpZtceDvBDQYU8zowgpr7ucFRnpP/AtfuRM=", "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "03dda130a8701b08b0347fcaf850a190c53a3c1e", "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -431,11 +431,11 @@
"senior_project-website": { "senior_project-website": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1768253064, "lastModified": 1769471280,
"narHash": "sha256-Lp3k2BhOWo7bYRcGuV0ltgVYr+0+1QCcpuB7kK4pvOE=", "narHash": "sha256-6BADVRSHHwO3NcAua44hagAJTqPNDxEhPjBMehURiHQ=",
"owner": "Titaniumtown", "owner": "Titaniumtown",
"repo": "senior-project-website", "repo": "senior-project-website",
"rev": "f86a1c80c58d1c292b4673e28e892de13fb78a25", "rev": "d6f443ede6c90a049085b4598e438849e19e74f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -451,11 +451,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769046412, "lastModified": 1769398903,
"narHash": "sha256-LbjKkSB4Nar9pX+AxHs2FGH2ZAFpKWUvr79uyEhFVqc=", "narHash": "sha256-/+blNRtYT7yGRa73cMNdSe4okAUXewxyTkTaIqXCVKE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "srvos", "repo": "srvos",
"rev": "a78abbc16a5352ee848e454c99166c97415fbf39", "rev": "7f3bc435bdcb4856dacc06ca924ee7dad21f3917",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -527,11 +527,11 @@
"trackerlist": { "trackerlist": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1769123324, "lastModified": 1769468910,
"narHash": "sha256-g40TfMs546p8m16XSwN0xE87hV92/mOkSWDkXvTPlvo=", "narHash": "sha256-vBkmeymF2QhjFgg2EM6iSer9BBEfSucUNG09iRZ1Vp0=",
"owner": "ngosang", "owner": "ngosang",
"repo": "trackerslist", "repo": "trackerslist",
"rev": "7b512a6935fa5b1cd93bf990887c082512249f01", "rev": "a3f5b299d0e1623652652d58c4d9836e2c4ac1e8",
"type": "github" "type": "github"
}, },
"original": { "original": {

BIN
secrets/xmrig-wallet Normal file
View File

Binary file not shown.

6
services/caddy.nix
View File

@@ -89,6 +89,12 @@ in
port = "http,https"; port = "http,https";
logpath = "/var/log/caddy/access-*.log"; logpath = "/var/log/caddy/access-*.log";
# defaults: maxretry=5, findtime=10m, bantime=10m # defaults: maxretry=5, findtime=10m, bantime=10m
# Ignore local network IPs - NAT hairpinning causes all LAN traffic to
# appear from the router IP (192.168.1.1). Banning it blocks all internal access.
# Browser subrequests for static assets (favicon.ico, etc.) without Authorization
# headers cause 401s that quickly trigger the ban threshold.
ignoreip = "127.0.0.1/8 ::1 192.168.1.0/24";
}; };
filter.Definition = { filter.Definition = {
# Match Caddy JSON logs with 401 Unauthorized status (failed basic auth) # Match Caddy JSON logs with 401 Unauthorized status (failed basic auth)

63
services/xmrig.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
lib,
pkgs,
hostname,
...
}:
let
walletAddress = lib.strings.trim (builtins.readFile ../secrets/xmrig-wallet);
threadCount = 12;
in
{
services.xmrig = {
enable = true;
package = pkgs.xmrig;
settings = {
autosave = true;
cpu = {
enabled = true;
huge-pages = true;
hw-aes = true;
rx = lib.range 0 (threadCount - 1);
};
randomx = {
"1gb-pages" = true;
};
opencl = false;
cuda = false;
pools = [
{
url = "gulf.moneroocean.stream:20128";
user = walletAddress;
pass = hostname + "~rx/0";
keepalive = true;
tls = true;
}
];
};
};
systemd.services.xmrig.serviceConfig = {
Nice = 19;
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
};
# Stop mining on UPS battery to conserve power
services.apcupsd.hooks = lib.mkIf config.services.apcupsd.enable {
onbattery = "systemctl stop xmrig";
offbattery = "systemctl start xmrig";
};
# Reserve 1GB huge pages for RandomX (dataset is ~2GB)
boot.kernelParams = [
"hugepagesz=1G"
"hugepages=3"
];
}