devices.xmupc2: init

2024-10-22 23:39:02 +08:00 · 2024-03-09 03:57:34 +08:00 · 2024-03-09 03:57:34 +08:00 · 075a5f255f
commit 075a5f255f
parent 097010113d
3 changed files with 182 additions and 0 deletions
--- a/devices/xmupc2/default.nix
+++ b/devices/xmupc2/default.nix
@ -0,0 +1,114 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems =
+        {
+          mount =
+          {
+            vfat."/dev/disk/by-uuid/467C-02E3" = "/boot/efi";
+            btrfs =
+            {
+              "/dev/disk/by-uuid/2f9060bc-09b5-4348-ad0f-3a43a91d158b" = { "/nix" = "/nix"; "/nix/boot" = "/boot"; };
+              "/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12" =
+              {
+                "/nix/rootfs" = "/nix/rootfs";
+                "/nix/persistent" = "/nix/persistent";
+                "/nix/nodatacow" = "/nix/nodatacow";
+                "/nix/rootfs/current" = "/";
+              };
+            };
+          };
+          swap = [ "/nix/swap/swap" ];
+          rollingRootfs =
+          {
+            device = "/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12";
+            waitDevices = [ "/dev/disk/by-partuuid/cdbfc7d4-965e-42f2-89a3-eb2202849429" ];
+          };
+        };
+        grub.installDevice = "efi";
+        nixpkgs =
+        {
+          march = "skylake";
+          cuda =
+          {
+            enable = true;
+            capabilities =
+            [
+              # p5000 p400
+              "6.1"
+              # 2080 Ti
+              "7.5"
+              # 3090
+              "8.6"
+              # 4090
+              "8.9"
+            ];
+            forwardCompat = false;
+          };
+        };
+        gui = { preferred = false; autoStart = true; };
+        kernel.patches = [ "cjktty" "lantian" ];
+        networking.hostname = "xmupc2";
+      };
+      hardware =
+      {
+        cpus = [ "intel" ];
+        gpu.type = "nvidia";
+        bluetooth.enable = true;
+        joystick.enable = true;
+        printer.enable = true;
+        sound.enable = true;
+      };
+      packages.packageSet = "workstation";
+      virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
+      services =
+      {
+        snapper.enable = true;
+        fontconfig.enable = true;
+        sshd = { enable = true; passwordAuthentication = true; };
+        xray.client =
+        {
+          enable = true;
+          serverAddress = "74.211.99.69";
+          serverName = "vps6.xserver.chn.moe";
+          dns.extraInterfaces = [ "docker0" ];
+        };
+        firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
+        smartd.enable = true;
+        beesd =
+        {
+          enable = true;
+          instances = { root = { device = "/"; hashTableSizeMB = 16384; threads = 4; }; };
+        };
+        wireguard =
+        {
+          enable = true;
+          peers = [ "vps6" ];
+          publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
+          wireguardIp = "192.168.83.7";
+        };
+        slurm =
+        {
+          enable = true;
+          cpu = { cores = 16; threads = 2; };
+          memoryMB = 94208;
+          gpus = { "3090" = 1; "4090" = 1; };
+        };
+        xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
+        samba =
+        {
+          enable = true;
+          hostsAllowed = "192.168. 127.";
+          shares = { home.path = "/home"; root.path = "/"; };
+        };
+      };
+      bugs = [ "xmunet" "amdpstate" ];
+      users.users = [ "chn" "xll" "zem" "yjq" "gb" ];
+    };
+  };
+}
--- a/devices/xmupc2/secrets/default.yaml
+++ b/devices/xmupc2/secrets/default.yaml
@ -0,0 +1,44 @@
+acme:
+    cloudflare.ini: ENC[AES256_GCM,data:PjCyozvFTXxA///enYYbaMZ8ISfFjJviLVKfdOcMSi5G3CEjEsp1Ez4krbgy4/eJo4v9HfTN0bMmUnl2OHOyzTg=,iv:e1iQZ5JUHkzfnfP956Lzl3FWs11xdULctA5MZsALtU0=,tag:8X2Q/Hixxn/ci4XRSUDidg==,type:str]
+nginx:
+    maxmind-license: ENC[AES256_GCM,data:/7R7w+fiMw54Cmd7y/wT/s8RMqFMf3Fc0Mph0ZhURmCzowkmLEhtmw==,iv:i+Z+2NbssI864Edwf73SQfaeFuWoqr+U8eQ/8R23FOk=,tag:8ITlkS97vlsmHM1HDk6/3A==,type:str]
+xray-client:
+    uuid: ENC[AES256_GCM,data:4PM/d263HgBseIgRplgo5ahJ8u8HuPznXt2hW5O+VawS6WjP,iv:98Ymj4eiCGQPMcaHBI9zJAaRagm82mF0LY2c9bzA+/s=,tag:8imXq/hxAxS5XKy0uWIBPw==,type:str]
+wireguard:
+    privateKey: ENC[AES256_GCM,data:Azaqung7llErB7/IdnOnEkwjQ39yQHKcO7VgvMDCDTExM7nS0zx+yMYX4ls=,iv:FX8oLHMBVEnKkYOg8q2A9vFmtRZDws5T87+lEl7+2G8=,tag:DdOQUbNKB6JK7Tp6McQ0Og==,type:str]
+users:
+    xll: ENC[AES256_GCM,data:tGzKVg4prhg9oXOSX0FJIAWdF79CWsFuiU8U12dSnkBIgRXPZlJkz9mLLTENm6SjftItt/ku4MDj94KnM+nPYkIorTYtEuergg==,iv:oavvRf7/21LuDksUiXLfR2/qQNz5O6JyroxX1DwC6gc=,tag:qYbW1ZQtXo+2qGrl5wuZkA==,type:str]
+    zem: ENC[AES256_GCM,data:r2BDtAfMohsnoqw51/flvkiXe/EtJtDhakEyOTPX2E7cikfPtPD9iJPd2RnNkS3QPBKg08ex5ce2e3ywzGgNX5RKrxIacpxSSA==,iv:VfhEqTvS9qVFGif+SkBdz8VR6BXEnncMYcPQW4qqNk8=,tag:t4JBEhX+6iqnrd0JoLKpmA==,type:str]
+    yjq: ENC[AES256_GCM,data:Yb9gVDrWhpmBYI8JlGee30J+PVFVGLo4btFVGToUVj3Sr2bPetY96mEJoxYQha7SPKBoZ7+ePzWYiYOi43MZ6sYndj3C6sYmYg==,iv:2H2+ZmIIDJAKds1XSMqVcUpsix3rbxLkVlBIIAK3ifg=,tag:7redx03BsscRrk+e7dqXdg==,type:str]
+    gb: ENC[AES256_GCM,data:ZoprrHc2l0nkqy4ujYQfxNENMEnfpRhCIxX7jMPoWeTrJt2sE1AloWeVFsArJKTx8krpW96X3AXpUIauMH9kc/CviPop2QMgDw==,iv:fOIVPEHDvyZ45G9uRbx2gBE0KuZy+aEWALlXusDJ1YU=,tag:G6hZLn9/99Kj+wZAeNyxkQ==,type:str]
+mariadb:
+    slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RWIreCtMeTZ0UE9Zd2di
+            VE9tR0x6SUNyWjlPV1BqMU5Tb0RTSXNGN2hNCkxuVjFFb0xJZTBMekxqdE96RlRh
+            czF0dHQxdVhsNE5tVWg0Q2RmYktsWDgKLS0tIFY3dHRlbFpsWUsyTzA3RVR1Qyts
+            UUJHMU13cm1lOXhRYzhSWlFyTFltYWcKDUxABRGskWWpHEFL44gHYzAqaQ3AmBDt
+            LcL/4IiEs3TwOpuY+WTVx8JKZBOsxcSlNahiDuCnoTbL4gZTPnd0pA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbHd4ZHhsTk5leDlreC9E
+            TVAzRXVuS0Judk5zTGVWRVhWSUhpMFdscEg0ClVFYzZYZG9hNjJKTlRVZ1I3eXVq
+            M2Y5by85dE1QM25yQ3g3bFVSL2tsVlkKLS0tIHVYbGxrT0hOQkZ5SHBsQ3UyaVly
+            ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
+            IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-26T06:04:25Z"
+    mac: ENC[AES256_GCM,data:2d3i3rcRYrB58vJuyhP4AIB11Ns+zQq0Pli1LF4sAKb75OmJ/qlRcwJKlOCASdY95FfzOQDGjfZheg58fVSd9EbYxX+npMXGUiODa8JRTHgQye3/qjFv14v49zKFJ0dNs13XnOEA4QAry/7gDlb0+M44bNRGPSZSoFX2yJ53smw=,iv:I1YDN6+26BmaWR84kq9zXNXjQ4cRvtzrS2Q13PlUjp0=,tag:sgxcTpOr7T2oXjb5qLRrqw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/devices/xmupc2/secrets/munge.key
+++ b/devices/xmupc2/secrets/munge.key
@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:tuEymMXW0f7Rui5wrz/xozphTEq6ffkYIfNIoURFNHwH2Cg+aKHz2ox0gk02BJARhPMDrxCYlChkcrEI0ma/T0eBe9sWz3tA8AOwU1lHSZ06d/JWzW7IUIyTac2mnjt3/jY/qpnR4A8wtHwD0j4zkzXgUgFwq7k/fs24acEE4Jo=,iv:iDTS0xswLrwkOYmfomE5hluVONgJYia/RjINDy7T3R0=,tag:oIYNpFCuT2D+X1QEJJiHew==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aFRRa0NsOUp5MEg3UHcx\nc3g1VFZEQS9Tci9QSnNFYnIrT3hUdVU5cWxjCnU5UXVEdTFXczJzcHVvSjF2WHdB\nYmpyQVVaUFozKzJIZThBbXUxb2k2YzAKLS0tIHE1QXVrOXo1Y3VXMzJJYitWU3Qv\neDF1cndrSi94clh1cS9NczN0UW9pOXcKtrnIj3WovMYdcg5nWnnyRhJhTGLrlwxW\nxQ6bmNrfbZedmCNdjY2lPXmudMXJ8YlWe/HGCe94x3iFlaSwCIGUsA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocFl1SHJEemRySlBnMmNn\nVW9RS1NNdlo4M3l2WGlQaHJmbDBHcjMwaVVnCnY5WExPOXZJVEdYSlJ6UTRBMGJj\ncmlYaUNVV1hnWTNkaWVuV2VuaXN2eU0KLS0tIDBTYnd2NmVYTUJKaHZWRWo3ZlUx\nTEtPZWc2RE1XNG9WTXFOTllWVUVWeUkK+9aLz1rygGAQjpG+oMNUtrDkQaDfg+2q\nnl/CtZZrFD6NXGw6Di0X5t9fQu295NTJ/0qjXnfMigG8gDtxkE+/7g==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-02-26T06:04:53Z",
+		"mac": "ENC[AES256_GCM,data:y0RkPyUwwff95BFL951TxS/x5ORzMsxFJVjopSw+8iVtswD8MT1nmsbwyth4C9OnJ/IAtnZk/CjAt72a68AZpPI+2W/JqJq20ohFoquDNhTlsoyLWdO3Vjrd+Wo3hp0+iKQ3e/uYrF1sTqQO9a3OIxu2sVLM0gEDmIe2nJpLJQo=,iv:EjXTQvVdjzfClNfQ3rPxAFVWVqr7sSOz4ap+nshPEAk=,tag:DcIlf9W7NNqQ+gf8f46MwQ==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}