Merge branch 'new-machine'

2026-01-12 04:39:23 +08:00 · 2023-08-19 11:40:45 +08:00
parent a4f6c0ffb8 cbe8946066
commit 14e323a9c1
5 changed files with 110 additions and 16 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -309,11 +309,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1692413619,
-        "narHash": "sha256-jRW2N8Sru0dQ3MM6sL29H1Xs6EdNIuIRIn9KLFdb21Y=",
+        "lastModified": 1692416329,
+        "narHash": "sha256-OPtSBZoAm42oFRiNbU89bmhGDSd56p8Wmt1ypkbZA9Q=",
        "owner": "CHN-beta",
        "repo": "nixpkgs",
-        "rev": "e6547efac67457470b68144b66a6d09674b47762",
+        "rev": "36c74cdf3f2a2e460ddf0035502b22a8fb172953",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -109,10 +109,10 @@
 		{
 			packages.x86_64-linux.default = inputs.nixpkgs.legacyPackages.x86_64-linux.stdenv.mkDerivation
 			{
-				name = "all-systems";
+				name = "systems";
 				propagateBuildInputs = builtins.map
 					(system: inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
-					[ "chn-PC" "vps6" "vps4" "vps7" ];
+					[ "chn-PC" "vps6" "vps4" "vps7" "nas" "xmupc1" ];
 				phases = [ "installPhase" ];
 				installPhase = localLib.stripeTabs
 				''
@@ -268,7 +268,7 @@
 							bugs =
 							[
 								"intel-hdmi" "suspend-hibernate-no-platform" "hibernate-iwlwifi" "suspend-lid-no-wakeup" "xmunet"
-								"suspend-hibernate-waydroid"
+								"suspend-hibernate-waydroid" "embree"
 							];
 						};})
 					];
@@ -630,7 +630,98 @@
 								nginx = { enable = true; transparentProxy.enable = false; };
 								postgresql.enable = true;
 							};
-							bugs = [ "xmunet" ];
+							bugs = [ "xmunet" "firefox" "embree" ];
+						};})
+					];
+				};
+				"yoga" = inputs.nixpkgs.lib.nixosSystem
+				{
+					system = "x86_64-linux";
+					specialArgs = { topInputs = inputs; inherit localLib; };
+					modules = localLib.mkModules
+					[
+						(inputs: { config.nixpkgs.overlays = [(final: prev: { localPackages =
+							(import ./local/pkgs { inherit (inputs) lib; pkgs = final; });})]; })
+						./modules
+						(inputs: { config.nixos =
+						{
+							fileSystems =
+							{
+								mount =
+								{
+									vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
+									btrfs =
+									{
+										"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
+										"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+									};
+								};
+								decrypt.auto =
+								{
+									"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
+									"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
+								};
+								mdadm =
+									"ARRAY /dev/md/swap metadata=1.2 name=chn-PC:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
+								swap = [ "/dev/mapper/swap" ];
+								resume = "/dev/mapper/swap";
+								rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
+							};
+							kernel.patches = [ "cjktty" "preempt" ];
+							hardware =
+							{
+								cpus = [ "intel" ];
+								gpus = [ "intel" ];
+								bluetooth.enable = true;
+								joystick.enable = true;
+								printer.enable = true;
+								sound.enable = true;
+							};
+							packages.packageSet = "desktop";
+							boot.grub.installDevice = "efi";
+							system =
+							{
+								hostname = "yoga";
+								march = "silvermont";
+								gui.enable = true;
+							};
+							virtualization.docker.enable = true;
+							services =
+							{
+								impermanence.enable = true;
+								snapper = { enable = true; configs.persistent = "/nix/persistent"; };
+								fontconfig.enable = true;
+								sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
+								sshd.enable = true;
+								xrayClient =
+								{
+									enable = true;
+									serverAddress = "74.211.99.69";
+									serverName = "vps6.xserver.chn.moe";
+									dns =
+									{
+										extraInterfaces = [ "docker0" ];
+										hosts =
+										{
+											"mirism.one" = "216.24.188.24";
+											"beta.mirism.one" = "216.24.188.24";
+											"ng01.mirism.one" = "216.24.188.24";
+											"debug.mirism.one" = "127.0.0.1";
+											"initrd.vps6.chn.moe" = "74.211.99.69";
+											"nix-store.chn.moe" = "127.0.0.1";
+										};
+									};
+								};
+								firewall.trustedInterfaces = [ "virbr0" ];
+								frpClient =
+								{
+									enable = true;
+									serverName = "frp.chn.moe";
+									user = "xmupc1";
+									tcp.store = { localPort = 443; remotePort = 7676; };
+								};
+								smartd.enable = true;
+							};
 						};})
 					];
 				};
--- a/modules/bugs/default.nix
+++ b/modules/bugs/default.nix
@@ -72,6 +72,9 @@ inputs:
 						script = "${systemctl} start waydroid-container";
 					};
 				};
+			firefox.programs.firefox.enable = inputs.lib.mkForce false;
+			embree.nixpkgs.overlays =
+				[(final: prev: { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })];
 		};
 	in
 		{
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -174,12 +174,6 @@ inputs:
 							{
 								hostPlatform = { system = "x86_64-linux"; gcc = { arch = system.march; tune = system.march; }; };
 								config.qchem-config.optArch = system.march;
-								overlays =
-									let
-										fixes.alderlake = [(final: prev:
-											{ embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })];
-									in
-										fixes.${system.march} or [];
 							};
 							nix.settings.system-features = [ "gccarch-${system.march}" ];
 							boot.kernelPatches =
@@ -192,6 +186,7 @@ inputs:
 										{
 											alderlake = "MALDERLAKE";
 											sandybridge = "MSANDYBRIDGE";
+											silvermont = "MSILVERMONT";
 											znver2 = "MZEN2";
 											znver3 = "MZEN3";
 										};
--- a/secrets/xmupc1.yaml
+++ b/secrets/xmupc1.yaml
@@ -1,4 +1,9 @@
-hello: ENC[AES256_GCM,data:BML42EhVgL5lRFROZeD9Q/kHmqoM5liyBn0rsj7UeK3dL6Jr/0Rbche6ROCzVw==,iv:/7QagIN5cxCj8B7A+gzUFUIMqm6MZ6Qe8w+hnK2zqUw=,tag:X3TsMHwJoXjiiAI5oawzUQ==,type:str]
+acme:
+    cloudflare.ini: ENC[AES256_GCM,data:k7ojGrQQN81OGh391ISD0vfmQF7P3Iiuyx4ck7FxB9h3hFyl6HsiJxp3tIKsFBirbHzePEtXZOYmYUkqqw2i8dY=,iv:RX1BpzeznkrXhLVoI1YwrlRDnkQqGYNw/xwQvN8P9JM=,tag:TOfGt4QwxAY2j/c1deKFoA==,type:str]
+nginx:
+    maxmind-license: ENC[AES256_GCM,data:VmOiT6FYFEkMYTstz+4+4MSZSeOgHQh437j6Ccd/EhYVEa8iKI1PfA==,iv:C90KL+tv3ZpbnHqsKv0hLUprM1RKagCdU2ne3Z9Hor4=,tag:QVlJZL+bnVpjEzy4VF31vA==,type:str]
+frp:
+    token: ENC[AES256_GCM,data:lo/To0asGgHnajc6GD6zh+e9onIwQ6XdfTA5wg7g+fvslzxH6eXhV+14Wkb86E2fn7AAlru+,iv:d2MHOCwc5E8nAcqjWxdzONPpjdFfJ01f01Q7a7C2CT4=,tag:5zzciq12PqWT29G+BaT1XQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -14,8 +19,8 @@ sops:
            UDRVZ3luNkRQNFdtYUF4bm4vd05mdkEKlX67g6DrurDVrSG2+5lj4wZ+8xfEpu9K
            jAZ8pt1pCsrbkGOWOBD5PqbWn0X1Dms6F4qiyefcQlmIjhXc9/PPLQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-15T17:04:54Z"
-    mac: ENC[AES256_GCM,data:GsXdkXE4yL9FzXV2aXsLqVh2Wsx0HY4KMt1OIn3V4Ooqp3ble4/ehtucMOa18qtK5K9BesrdlSx8p+6m47x2JZ45XElE/6QtKMmYlTPRP0Gdc+lfF3dlk2fF+YsWfWsDXbFjrcM1omS5YTYIri3H28xzjNvj32wbDZKCeQeCWFI=,iv:sTCKYlBzGEUP9gbIx/Y3p5FheZI+k1OkQUi6XQbEMIw=,tag:BYK/c6gPqArX0Q/qmH9v3w==,type:str]
+    lastmodified: "2023-08-16T10:07:44Z"
+    mac: ENC[AES256_GCM,data:/RA6qVw0X3kI6NBMkstKSoNIJWt1daOMnxd4HwSvh5KeOt0ibem8ejh4McWNzHEIRi0tDu7VLHo8S/TNZ2DKWOUL2C7xDLfzEgw4K+noUzmykufHLpQX9x5B7+CbSbzRCxCjOj7+bkbem8JgtxGDF5DhtszA9gv23s2bGDVjda0=,iv:WfiBPwumrVn3mQqw8NPHMmVNdjnD5G8Ke/yuNhkq1JY=,tag:DBeN0DFGt2xTs2X6odBUeQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3