2023-07-08 16:56:36 +08:00
|
|
|
{
|
2023-09-01 21:05:26 +08:00
|
|
|
description = "CNH's NixOS Flake";
|
2023-07-08 16:26:12 +08:00
|
|
|
|
2023-09-01 21:05:26 +08:00
|
|
|
inputs =
|
|
|
|
{
|
2023-09-07 11:43:05 +08:00
|
|
|
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
|
2023-09-09 14:15:57 +08:00
|
|
|
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
2023-09-07 11:43:05 +08:00
|
|
|
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
sops-nix =
|
|
|
|
{
|
|
|
|
url = "github:Mic92/sops-nix";
|
2023-09-07 11:43:05 +08:00
|
|
|
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
nur.url = "github:nix-community/NUR";
|
|
|
|
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
2023-09-19 18:51:36 +08:00
|
|
|
nix-vscode-extensions =
|
|
|
|
{
|
|
|
|
url = "github:nix-community/nix-vscode-extensions?rev=50c4bce16b93e7ca8565d51fafabc05e9f0515da";
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
|
|
|
|
impermanence.url = "github:nix-community/impermanence";
|
|
|
|
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
|
2023-09-08 05:49:52 +08:00
|
|
|
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
|
2023-09-03 22:46:18 +08:00
|
|
|
lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
|
|
|
dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-07-08 16:26:12 +08:00
|
|
|
|
2023-09-01 21:05:26 +08:00
|
|
|
outputs = inputs:
|
|
|
|
let
|
|
|
|
localLib = import ./local/lib inputs.nixpkgs.lib;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
packages.x86_64-linux =
|
|
|
|
{
|
|
|
|
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
|
|
|
|
(builtins.concatStringsSep "\n" (builtins.map
|
|
|
|
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
|
2023-09-20 16:52:45 +08:00
|
|
|
[ "pc" "vps6" "vps7" "nas" ]));
|
2023-09-01 21:05:26 +08:00
|
|
|
}
|
|
|
|
// (
|
|
|
|
builtins.listToAttrs (builtins.map
|
|
|
|
(system:
|
|
|
|
{
|
|
|
|
name = system;
|
|
|
|
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
|
|
|
|
})
|
2023-09-15 21:52:21 +08:00
|
|
|
[ "pc" "vps6" "vps7" "nas" "yoga" ])
|
2023-09-01 21:05:26 +08:00
|
|
|
);
|
|
|
|
nixosConfigurations = builtins.listToAttrs (builtins.map
|
|
|
|
(system:
|
|
|
|
{
|
|
|
|
name = system.name;
|
|
|
|
value = inputs.nixpkgs.lib.nixosSystem
|
|
|
|
{
|
|
|
|
system = "x86_64-linux";
|
|
|
|
specialArgs = { topInputs = inputs; inherit localLib; };
|
|
|
|
modules = localLib.mkModules
|
|
|
|
(
|
|
|
|
[
|
2023-09-06 00:18:50 +08:00
|
|
|
(inputs: { config.nixpkgs.overlays = [(final: prev:
|
2023-09-10 16:40:19 +08:00
|
|
|
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
|
2023-09-01 21:05:26 +08:00
|
|
|
./modules
|
|
|
|
]
|
|
|
|
++ system.value
|
|
|
|
);
|
|
|
|
};
|
|
|
|
})
|
|
|
|
(localLib.attrsToList
|
|
|
|
{
|
2023-09-01 21:18:09 +08:00
|
|
|
"pc" =
|
2023-09-01 21:05:26 +08:00
|
|
|
[
|
|
|
|
(inputs: { config.nixos =
|
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
system =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
mount =
|
|
|
|
{
|
|
|
|
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
|
|
|
|
btrfs =
|
|
|
|
{
|
|
|
|
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
|
|
|
|
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
|
|
|
};
|
|
|
|
};
|
|
|
|
decrypt.auto =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
|
|
|
|
"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
mdadm =
|
|
|
|
"ARRAY /dev/md/swap metadata=1.2 name=pc:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
|
|
|
|
swap = [ "/dev/mapper/swap" ];
|
|
|
|
resume = "/dev/mapper/swap";
|
|
|
|
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
grub =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
|
|
|
|
installDevice = "efi";
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
nix =
|
|
|
|
{
|
|
|
|
marches =
|
|
|
|
[
|
|
|
|
"alderlake"
|
|
|
|
# CX16
|
|
|
|
"sandybridge"
|
|
|
|
# CX16 SAHF FXSR
|
|
|
|
"silvermont"
|
|
|
|
# RDSEED MWAITX SHA CLZERO CX16 SSE4A ABM CLFLUSHOPT WBNOINVD
|
|
|
|
"znver2" "znver3"
|
|
|
|
# CX16 SAHF FXSR HLE RDSEED
|
|
|
|
"broadwell"
|
|
|
|
];
|
|
|
|
keepOutputs = true;
|
|
|
|
};
|
2023-09-03 17:17:10 +08:00
|
|
|
nixpkgs = { march = "alderlake"; cudaSupport = true; };
|
2023-09-12 16:31:20 +08:00
|
|
|
gui = { enable = true; preferred = true; };
|
2023-09-02 15:25:05 +08:00
|
|
|
kernel =
|
|
|
|
{
|
|
|
|
patches = [ "cjktty" "preempt" ];
|
|
|
|
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
|
|
|
};
|
2023-09-02 16:40:17 +08:00
|
|
|
impermanence.enable = true;
|
2023-09-13 10:25:42 +08:00
|
|
|
networking =
|
|
|
|
{ hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
|
2023-09-02 22:11:08 +08:00
|
|
|
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
hardware =
|
|
|
|
{
|
|
|
|
cpus = [ "intel" ];
|
|
|
|
gpus = [ "intel" "nvidia" ];
|
|
|
|
bluetooth.enable = true;
|
|
|
|
joystick.enable = true;
|
|
|
|
printer.enable = true;
|
|
|
|
sound.enable = true;
|
|
|
|
prime =
|
|
|
|
{ enable = true; mode = "offload"; busId = { intel = "PCI:0:2:0"; nvidia = "PCI:1:0:0"; };};
|
|
|
|
gamemode.drmDevice = 1;
|
|
|
|
};
|
|
|
|
packages =
|
|
|
|
{
|
|
|
|
packageSet = "workstation";
|
|
|
|
extraPrebuildPackages = with inputs.pkgs; [ llvmPackages_git.stdenv ];
|
|
|
|
extraPythonPackages = [(pythonPackages:
|
|
|
|
[ inputs.pkgs.localPackages.upho inputs.pkgs.localPackages.spectral ])];
|
|
|
|
};
|
|
|
|
virtualization =
|
|
|
|
{
|
|
|
|
waydroid.enable = true;
|
|
|
|
docker.enable = true;
|
|
|
|
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
|
|
|
|
# kvmGuest.enable = true;
|
|
|
|
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
|
|
|
|
};
|
|
|
|
services =
|
|
|
|
{
|
|
|
|
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
|
|
|
fontconfig.enable = true;
|
|
|
|
samba =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
private = true;
|
|
|
|
hostsAllowed = "192.168. 127.";
|
|
|
|
shares =
|
|
|
|
{
|
|
|
|
media.path = "/run/media/chn";
|
|
|
|
home.path = "/home/chn";
|
|
|
|
mnt.path = "/mnt";
|
|
|
|
share.path = "/home/chn/share";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
sshd.enable = true;
|
|
|
|
xrayClient =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
serverAddress = "74.211.99.69";
|
|
|
|
serverName = "vps6.xserver.chn.moe";
|
|
|
|
dns =
|
|
|
|
{
|
|
|
|
extraInterfaces = [ "docker0" ];
|
|
|
|
hosts =
|
|
|
|
{
|
|
|
|
"mirism.one" = "216.24.188.24";
|
|
|
|
"beta.mirism.one" = "216.24.188.24";
|
|
|
|
"ng01.mirism.one" = "216.24.188.24";
|
|
|
|
"debug.mirism.one" = "127.0.0.1";
|
|
|
|
"initrd.vps6.chn.moe" = "74.211.99.69";
|
|
|
|
"nix-store.chn.moe" = "127.0.0.1";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
|
2023-09-03 14:37:38 +08:00
|
|
|
acme = { enable = true; certs = [ "debug.mirism.one" ]; };
|
2023-09-01 21:05:26 +08:00
|
|
|
frpClient =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
serverName = "frp.chn.moe";
|
|
|
|
user = "pc";
|
|
|
|
tcp.store = { localPort = 443; remotePort = 7676; };
|
|
|
|
};
|
|
|
|
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
|
|
|
|
smartd.enable = true;
|
2023-09-18 23:33:40 +08:00
|
|
|
nginx = { enable = true; transparentProxy.externalIp = [ "192.168.82.3" ]; };
|
2023-09-05 13:37:35 +08:00
|
|
|
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
|
|
|
|
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
|
2023-09-29 18:33:35 +08:00
|
|
|
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
bugs =
|
|
|
|
[
|
|
|
|
"intel-hdmi" "suspend-hibernate-no-platform" "hibernate-iwlwifi" "suspend-lid-no-wakeup" "xmunet"
|
|
|
|
"suspend-hibernate-waydroid" "embree"
|
|
|
|
];
|
|
|
|
};})
|
|
|
|
];
|
|
|
|
"vps6" =
|
|
|
|
[
|
|
|
|
(inputs: { config.nixos =
|
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
system =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
mount =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
btrfs =
|
|
|
|
{
|
|
|
|
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
|
|
|
|
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
decrypt.manual =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
|
|
|
|
delayedMount = [ "/" ];
|
|
|
|
};
|
|
|
|
swap = [ "/nix/swap/swap" ];
|
|
|
|
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
2023-09-02 21:21:29 +08:00
|
|
|
nixpkgs.march = "sandybridge";
|
2023-09-02 14:54:37 +08:00
|
|
|
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
2023-09-02 15:07:16 +08:00
|
|
|
initrd =
|
|
|
|
{
|
|
|
|
network.enable = true;
|
|
|
|
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
|
|
|
};
|
2023-09-02 15:25:05 +08:00
|
|
|
kernel.patches = [ "preempt" ];
|
2023-09-02 16:40:17 +08:00
|
|
|
impermanence.enable = true;
|
2023-09-03 14:37:38 +08:00
|
|
|
networking = { hostname = "vps6"; nebula.enable = true; };
|
2023-09-02 22:11:08 +08:00
|
|
|
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
packages.packageSet = "server";
|
|
|
|
services =
|
|
|
|
{
|
|
|
|
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
|
|
|
sshd.enable = true;
|
|
|
|
xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
|
|
|
|
frpServer = { enable = true; serverName = "frp.chn.moe"; };
|
|
|
|
nginx =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
transparentProxy =
|
|
|
|
{
|
2023-09-18 23:33:40 +08:00
|
|
|
externalIp = [ "74.211.99.69" "192.168.82.1" ];
|
2023-09-01 21:05:26 +08:00
|
|
|
map =
|
|
|
|
{
|
|
|
|
"ng01.mirism.one" = 7411;
|
|
|
|
"beta.mirism.one" = 9114;
|
|
|
|
};
|
|
|
|
};
|
2023-09-15 20:59:18 +08:00
|
|
|
streamProxy =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
map =
|
|
|
|
{
|
2023-09-18 23:45:11 +08:00
|
|
|
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe:443"; rewriteHttps = true; };
|
2023-09-15 20:59:18 +08:00
|
|
|
"anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
|
|
|
|
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
|
|
|
|
};
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-03 16:53:56 +08:00
|
|
|
misskey-proxy =
|
|
|
|
{
|
|
|
|
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
|
|
|
|
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
coturn.enable = true;
|
2023-09-03 16:36:28 +08:00
|
|
|
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
2023-09-16 15:34:27 +08:00
|
|
|
vaultwarden-proxy = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
|
2023-09-29 18:33:35 +08:00
|
|
|
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 32; }; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
};})
|
|
|
|
];
|
|
|
|
"vps7" =
|
|
|
|
[
|
|
|
|
(inputs: { config.nixos =
|
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
system =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
mount =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
btrfs =
|
|
|
|
{
|
|
|
|
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
|
|
|
|
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
decrypt.manual =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
|
|
|
|
delayedMount = [ "/" ];
|
|
|
|
};
|
|
|
|
swap = [ "/nix/swap/swap" ];
|
|
|
|
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
2023-09-02 21:21:29 +08:00
|
|
|
nixpkgs.march = "broadwell";
|
2023-09-02 14:54:37 +08:00
|
|
|
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
2023-09-02 15:07:16 +08:00
|
|
|
initrd =
|
|
|
|
{
|
|
|
|
network.enable = true;
|
|
|
|
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
|
|
|
};
|
2023-09-02 15:25:05 +08:00
|
|
|
kernel.patches = [ "preempt" ];
|
2023-09-03 14:21:10 +08:00
|
|
|
impermanence.enable = true;
|
2023-09-03 14:37:38 +08:00
|
|
|
networking = { hostname = "vps7"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
|
2023-09-02 22:11:08 +08:00
|
|
|
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
2023-09-03 18:20:32 +08:00
|
|
|
gui.enable = true;
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
packages =
|
|
|
|
{
|
2023-09-03 18:20:32 +08:00
|
|
|
packageSet = "desktop";
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
services =
|
|
|
|
{
|
|
|
|
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
2023-09-18 21:30:02 +08:00
|
|
|
fontconfig.enable = true;
|
2023-09-01 21:05:26 +08:00
|
|
|
sshd.enable = true;
|
|
|
|
rsshub.enable = true;
|
2023-09-18 23:33:40 +08:00
|
|
|
nginx = { enable = true; transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ]; };
|
2023-09-01 21:05:26 +08:00
|
|
|
wallabag.enable = true;
|
|
|
|
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
|
2023-09-03 16:53:56 +08:00
|
|
|
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
|
2023-09-01 21:05:26 +08:00
|
|
|
synapse.enable = true;
|
2023-09-03 16:36:28 +08:00
|
|
|
synapse-proxy."synapse.chn.moe" = {};
|
2023-09-05 17:17:43 +08:00
|
|
|
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
|
2023-09-16 15:34:27 +08:00
|
|
|
vaultwarden.enable = true;
|
|
|
|
vaultwarden-proxy.enable = true;
|
2023-09-24 20:47:46 +08:00
|
|
|
meilisearch.ioLimitDevice = "/dev/mapper/root";
|
2023-09-29 18:33:35 +08:00
|
|
|
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
};})
|
|
|
|
];
|
|
|
|
"nas" =
|
|
|
|
[
|
|
|
|
(inputs: { config.nixos =
|
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
system =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
mount =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-10 14:53:59 +08:00
|
|
|
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
|
2023-09-02 14:54:37 +08:00
|
|
|
btrfs =
|
|
|
|
{
|
2023-09-10 14:53:59 +08:00
|
|
|
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
|
2023-09-12 21:34:48 +08:00
|
|
|
"/dev/mapper/nix"."/nix" = "/nix";
|
|
|
|
"/dev/mapper/root1" =
|
|
|
|
{
|
|
|
|
"/nix/rootfs" = "/nix/rootfs";
|
|
|
|
"/nix/persistent" = "/nix/persistent";
|
|
|
|
"/nix/nodatacow" = "/nix/nodatacow";
|
|
|
|
"/nix/rootfs/current" = "/";
|
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-10 14:53:59 +08:00
|
|
|
decrypt.auto =
|
2023-09-02 14:54:37 +08:00
|
|
|
{
|
2023-09-10 14:53:59 +08:00
|
|
|
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
|
|
|
|
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
|
2023-09-12 21:34:48 +08:00
|
|
|
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
|
2023-09-02 14:54:37 +08:00
|
|
|
};
|
2023-09-10 14:53:59 +08:00
|
|
|
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-10 14:53:59 +08:00
|
|
|
grub.installDevice = "efi";
|
2023-09-02 21:21:29 +08:00
|
|
|
nixpkgs.march = "silvermont";
|
2023-09-02 14:54:37 +08:00
|
|
|
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
2023-09-10 17:03:26 +08:00
|
|
|
kernel.patches = [ "cjktty" "preempt" ];
|
2023-09-02 16:40:17 +08:00
|
|
|
impermanence.enable = true;
|
2023-09-13 10:25:42 +08:00
|
|
|
networking =
|
|
|
|
{ hostname = "nas"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
|
2023-09-02 22:11:08 +08:00
|
|
|
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
2023-09-10 17:03:26 +08:00
|
|
|
gui.enable = true;
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-10 17:03:26 +08:00
|
|
|
hardware =
|
|
|
|
{
|
|
|
|
cpus = [ "intel" ];
|
|
|
|
gpus = [ "intel" ];
|
|
|
|
};
|
|
|
|
packages.packageSet = "desktop";
|
2023-09-01 21:05:26 +08:00
|
|
|
services =
|
|
|
|
{
|
|
|
|
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
2023-09-13 19:26:56 +08:00
|
|
|
fontconfig.enable = true;
|
|
|
|
samba =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
hostsAllowed = "192.168. 127.";
|
|
|
|
shares =
|
|
|
|
{
|
|
|
|
home.path = "/home";
|
|
|
|
root.path = "/";
|
|
|
|
};
|
|
|
|
};
|
2023-09-14 18:34:27 +08:00
|
|
|
sshd = { enable = true; passwordAuthentication = true; };
|
2023-09-13 19:12:32 +08:00
|
|
|
xrayClient =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
serverAddress = "74.211.99.69";
|
|
|
|
serverName = "vps6.xserver.chn.moe";
|
|
|
|
dns.extraInterfaces = [ "docker0" ];
|
|
|
|
};
|
2023-09-13 21:19:08 +08:00
|
|
|
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
|
2023-09-13 19:26:56 +08:00
|
|
|
groupshare.enable = true;
|
|
|
|
smartd.enable = true;
|
2023-09-29 10:21:49 +08:00
|
|
|
beesd =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
instances =
|
|
|
|
{
|
|
|
|
root = { device = "/"; hashTableSizeMB = 4096; };
|
|
|
|
nix = { device = "/nix"; hashTableSizeMB = 128; };
|
|
|
|
};
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-18 05:16:38 +08:00
|
|
|
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
|
2023-09-01 21:05:26 +08:00
|
|
|
};})
|
|
|
|
];
|
|
|
|
"xmupc1" =
|
|
|
|
[
|
|
|
|
(inputs: { config.nixos =
|
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
system =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
mount =
|
|
|
|
{
|
|
|
|
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
|
|
|
|
btrfs =
|
|
|
|
{
|
|
|
|
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
|
|
|
|
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
|
|
|
};
|
|
|
|
};
|
|
|
|
decrypt.auto =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
|
|
|
|
"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
mdadm =
|
|
|
|
"ARRAY /dev/md/swap metadata=1.2 name=pc:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
|
|
|
|
swap = [ "/dev/mapper/swap" ];
|
|
|
|
resume = "/dev/mapper/swap";
|
|
|
|
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
grub.installDevice = "efi";
|
2023-09-03 17:17:10 +08:00
|
|
|
nixpkgs = { march = "znver3"; cudaSupport = true; };
|
2023-09-02 14:54:37 +08:00
|
|
|
nix =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
marches =
|
|
|
|
[
|
|
|
|
"znver3" "znver2"
|
|
|
|
# PREFETCHW RDRND XSAVE XSAVEOPT PTWRITE SGX GFNI-SSE MOVDIRI MOVDIR64B CLDEMOTE WAITPKG LZCNT
|
|
|
|
# PCONFIG SERIALIZE HRESET KL WIDEKL AVX-VNNI
|
|
|
|
"alderlake"
|
|
|
|
# SAHF FXSR XSAVE
|
|
|
|
"sandybridge"
|
|
|
|
# SAHF FXSR PREFETCHW RDRND
|
|
|
|
"silvermont"
|
|
|
|
];
|
|
|
|
substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
gui.enable = true;
|
2023-09-02 15:25:05 +08:00
|
|
|
kernel =
|
|
|
|
{
|
|
|
|
patches = [ "cjktty" "preempt" ];
|
|
|
|
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
|
|
|
};
|
2023-09-02 16:52:11 +08:00
|
|
|
impermanence.enable = true;
|
2023-09-02 21:33:09 +08:00
|
|
|
networking.hostname = "xmupc1";
|
2023-09-02 22:11:08 +08:00
|
|
|
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
hardware =
|
|
|
|
{
|
|
|
|
cpus = [ "intel" ];
|
|
|
|
gpus = [ "intel" "nvidia" ];
|
|
|
|
bluetooth.enable = true;
|
|
|
|
joystick.enable = true;
|
|
|
|
printer.enable = true;
|
|
|
|
sound.enable = true;
|
|
|
|
prime =
|
|
|
|
{ enable = true; mode = "offload"; busId = { intel = "PCI:0:2:0"; nvidia = "PCI:1:0:0"; };};
|
|
|
|
};
|
|
|
|
packages.packageSet = "workstation";
|
|
|
|
virtualization =
|
|
|
|
{
|
|
|
|
docker.enable = true;
|
|
|
|
kvmHost = { enable = true; gui = true; };
|
|
|
|
};
|
|
|
|
services =
|
|
|
|
{
|
|
|
|
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
|
|
|
fontconfig.enable = true;
|
|
|
|
samba =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
hostsAllowed = "192.168. 127.";
|
|
|
|
shares =
|
|
|
|
{
|
|
|
|
media.path = "/run/media/chn";
|
|
|
|
home.path = "/home/chn";
|
|
|
|
mnt.path = "/mnt";
|
|
|
|
share.path = "/home/chn/share";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
sshd.enable = true;
|
|
|
|
xrayClient =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
serverAddress = "74.211.99.69";
|
|
|
|
serverName = "vps6.xserver.chn.moe";
|
|
|
|
dns =
|
|
|
|
{
|
|
|
|
extraInterfaces = [ "docker0" ];
|
|
|
|
hosts =
|
|
|
|
{
|
|
|
|
"mirism.one" = "216.24.188.24";
|
|
|
|
"beta.mirism.one" = "216.24.188.24";
|
|
|
|
"ng01.mirism.one" = "216.24.188.24";
|
|
|
|
"debug.mirism.one" = "127.0.0.1";
|
|
|
|
"initrd.vps6.chn.moe" = "74.211.99.69";
|
|
|
|
"nix-store.chn.moe" = "127.0.0.1";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
firewall.trustedInterfaces = [ "virbr0" ];
|
|
|
|
frpClient =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
serverName = "frp.chn.moe";
|
|
|
|
user = "xmupc1";
|
|
|
|
tcp.store = { localPort = 443; remotePort = 7676; };
|
|
|
|
};
|
|
|
|
smartd.enable = true;
|
|
|
|
nginx = { enable = true; transparentProxy.enable = false; };
|
|
|
|
postgresql.enable = true;
|
|
|
|
};
|
|
|
|
bugs = [ "xmunet" "firefox" "embree" ];
|
|
|
|
};})
|
|
|
|
];
|
|
|
|
"yoga" =
|
|
|
|
[
|
|
|
|
(inputs: { config.nixos =
|
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
system =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
mount =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-02 14:54:37 +08:00
|
|
|
vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
|
|
|
|
btrfs =
|
|
|
|
{
|
|
|
|
"/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
|
|
|
|
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 14:54:37 +08:00
|
|
|
decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
|
|
|
|
{ mapper = "root"; ssd = true; };
|
|
|
|
swap = [ "/nix/swap/swap" ];
|
|
|
|
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-02 21:21:29 +08:00
|
|
|
nixpkgs.march = "silvermont";
|
2023-09-02 14:54:37 +08:00
|
|
|
gui.enable = true;
|
|
|
|
grub.installDevice = "efi";
|
|
|
|
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
2023-09-02 15:25:05 +08:00
|
|
|
kernel.patches = [ "cjktty" "preempt" ];
|
2023-09-02 16:40:17 +08:00
|
|
|
impermanence.enable = true;
|
2023-09-02 21:33:09 +08:00
|
|
|
networking.hostname = "yoga";
|
2023-09-02 22:11:08 +08:00
|
|
|
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
hardware =
|
|
|
|
{
|
|
|
|
cpus = [ "intel" ];
|
|
|
|
gpus = [ "intel" ];
|
|
|
|
bluetooth.enable = true;
|
|
|
|
joystick.enable = true;
|
|
|
|
printer.enable = true;
|
|
|
|
sound.enable = true;
|
|
|
|
};
|
|
|
|
packages.packageSet = "desktop";
|
|
|
|
virtualization.docker.enable = true;
|
|
|
|
services =
|
|
|
|
{
|
|
|
|
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
|
|
|
fontconfig.enable = true;
|
|
|
|
sshd.enable = true;
|
|
|
|
xrayClient =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
serverAddress = "74.211.99.69";
|
|
|
|
serverName = "vps6.xserver.chn.moe";
|
|
|
|
dns.extraInterfaces = [ "docker0" ];
|
|
|
|
};
|
|
|
|
firewall.trustedInterfaces = [ "virbr0" ];
|
|
|
|
smartd.enable = true;
|
|
|
|
};
|
|
|
|
};})
|
|
|
|
];
|
|
|
|
}));
|
|
|
|
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
|
|
|
|
# nix-serve -p 5000
|
|
|
|
# nix copy --substitute-on-destination --to ssh://server /run/current-system
|
|
|
|
# nix copy --to ssh://nixos@192.168.122.56 ./result
|
|
|
|
# sudo nixos-install --flake .#bootstrap
|
|
|
|
# --option substituters http://192.168.122.1:5000 --option require-sigs false
|
|
|
|
# sudo chattr -i var/empty
|
|
|
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
|
|
|
# sudo nixos-rebuild switch --flake .#vps6 --log-format internal-json -v |& nom --json
|
|
|
|
# boot.shell_on_fail systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
|
|
|
|
# sudo usbipd
|
|
|
|
# ssh -R 3240:127.0.0.1:3240 root@192.168.122.57
|
|
|
|
# modprobe vhci-hcd
|
|
|
|
# sudo usbip bind -b 3-6
|
|
|
|
# usbip attach -r 127.0.0.1 -b 3-6
|
|
|
|
# systemd-cryptenroll --fido2-device=auto /dev/vda2
|
|
|
|
# systemd-cryptsetup attach root /dev/vda2
|
|
|
|
deploy =
|
|
|
|
{
|
|
|
|
sshUser = "root";
|
|
|
|
user = "root";
|
|
|
|
fastConnection = true;
|
|
|
|
autoRollback = false;
|
|
|
|
magicRollback = false;
|
|
|
|
nodes = builtins.listToAttrs (builtins.map
|
|
|
|
(node:
|
|
|
|
{
|
|
|
|
name = node;
|
|
|
|
value =
|
|
|
|
{
|
|
|
|
hostname = node;
|
|
|
|
profiles.system.path = inputs.self.nixosConfigurations.${node}.pkgs.deploy-rs.lib.activate.nixos
|
|
|
|
inputs.self.nixosConfigurations.${node};
|
|
|
|
};
|
|
|
|
})
|
2023-09-15 21:52:21 +08:00
|
|
|
[ "vps6" "vps7" "nas" ]);
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
};
|
2023-07-08 16:56:36 +08:00
|
|
|
}
|