chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' into production

Browse Source
This commit is contained in:
陈浩南
2024-06-06 11:34:28 +08:00
parent 0e972642be 0bc485a9b1
commit 24e8a94e7c
97 changed files with 2208 additions and 2281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bugs.md
View File

@@ -1,4 +0,0 @@
* pc: 使用 amd 显卡外接显示屏时,一部分应用会判断错误主显示器,需要再调整一次显示器优先级。
* pc: 使用 cachyos 内核时,一些外接显示器无法使用。
* pc: 使用 amd 显卡时,原神明显卡顿。
* pc: 使用 amd 显卡时,拔掉外接显示器后,电脑有概率卡住,等一分钟才会恢复。

10
devices/nas/default.nix
View File

@@ -46,20 +46,14 @@ inputs:
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
networking = { hostname = "nas"; networkd = {}; };
kernel.variant = "xanmod-latest";
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
snapper.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares = { home.path = "/home"; root.path = "/"; };
};
samba = { enable = true; hostsAllowed = "192.168. 127."; shares = { home.path = "/home"; root.path = "/"; }; };
sshd = {};
xray.client = { dae.wanInterface = [ "enp3s0" ]; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
groupshare = {};
smartd.enable = true;
beesd.instances =

39
devices/pc/default.nix
View File

@@ -55,17 +55,12 @@ inputs:
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel.patches = [ "cjktty" "hibernate-progress" ];
kernel = { variant = "cachyos"; patches = [ "cjktty" "hibernate-progress" ]; };
networking.hostname = "pc";
sysctl.laptop-mode = 5;
gui.enable = true;
};
hardware =
{
cpus = [ "amd" ];
gpu = { type = "amd+nvidia"; prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; };
legion = {};
};
hardware = { cpus = [ "amd" ]; gpu = { type = "nvidia"; dynamicBoost = true; }; legion = {}; };
packages.packageSet = "workstation";
virtualization =
{
@@ -77,7 +72,6 @@ inputs:
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
@@ -94,6 +88,7 @@ inputs:
sshd = {};
xray.client =
{
enable = true;
dnsmasq.hosts = builtins.listToAttrs
(
(builtins.map
@@ -106,7 +101,6 @@ inputs:
"dispatchcnglobal.yuanshen.com"
])
);
dae.wanInterface = [ "wlp4s0" "enp5s0" ];
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme.cert."debug.mirism.one" = {};
@@ -128,35 +122,26 @@ inputs:
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
gamemode = { enable = true; drmDevice = 1; };
gamemode = { enable = true; drmDevice = 0; };
slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 90112; gpus."4060" = 1; };
xrdp =
{
enable = true;
hostname = [ "pc.chn.moe" ];
};
xrdp = { enable = true; hostname = [ "pc.chn.moe" ]; };
};
bugs = [ "xmunet" "backlight" "amdpstate" "suspend-hibernate-no-platform" ];
bugs = [ "xmunet" "backlight" "amdpstate" "hibernate-mt7921e" "suspend-hibernate-no-platform" ];
};
system.nixos.tags = [ "production" ];
system.nixos.tags = [ "next" ];
networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
services.colord.enable = true;
virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; };
specialisation =
{
nvidia.configuration =
hybrid.configuration =
{
nixos =
{
hardware.gpu.type = inputs.lib.mkForce "nvidia";
services.gamemode.drmDevice = inputs.lib.mkForce 0;
hardware.gpu =
{ type = inputs.lib.mkForce "amd+nvidia"; prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; };
services.gamemode.drmDevice = inputs.lib.mkForce 1;
};
system.nixos.tags = [ "nvidia" ];
};
xanmod.configuration =
{
nixos.system.kernel.variant = "xanmod-latest";
system.nixos.tags = [ "xanmod" ];
system.nixos.tags = [ "hybrid" ];
};
};
};

2
devices/pi3b/default.nix
View File

@@ -26,7 +26,7 @@ inputs:
{
# snapper.enable = true;
sshd = {};
xray.client.dae.wanInterface = [ "enu1u1" ];
xray.client.enable = true;
fail2ban = {};
wireguard =
{

4
devices/surface/default.nix
View File

@@ -41,9 +41,8 @@ inputs:
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd = {};
xray.client.dae.wanInterface = [ "wlp2s0" ];
xray.client.enable = true;
firewall.trustedInterfaces = [ "virbr0" ];
wireguard =
{
@@ -56,7 +55,6 @@ inputs:
};
bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
};
boot.kernelParams = [ "intel_iommu=off" ];
environment.systemPackages = with inputs.pkgs; [ maliit-keyboard maliit-framework ];
powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
services.iptsd.config =

1
devices/vps4/default.nix
View File

@@ -24,6 +24,7 @@ inputs:
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking = { hostname = "vps4"; networkd = {}; };
kernel.variant = "cachyos-server";
};
services =
{

1
devices/vps6/default.nix
View File

@@ -30,6 +30,7 @@ inputs:
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking = { hostname = "vps6"; networkd = {}; };
kernel.variant = "cachyos-server";
};
services =
{

1
devices/vps7/default.nix
View File

@@ -30,6 +30,7 @@ inputs:
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking = { hostname = "vps7"; networkd = {}; };
kernel.variant = "cachyos-server";
};
services =
{

3
devices/xmupc1/default.nix
View File

@@ -57,9 +57,8 @@ inputs:
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.dae.wanInterface = [ "wlp57s0" ];
xray.client.enable = true;
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
smartd.enable = true;
beesd.instances =

3
devices/xmupc2/default.nix
View File

@@ -51,9 +51,8 @@ inputs:
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.dae.wanInterface = [ "wlp4s0" ];
xray.client.enable = true;
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };

1079
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

35
flake.nix
View File

@@ -3,33 +3,24 @@
inputs =
{
# TODO: add color scheme
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.11";
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
"nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
"nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
"nixpkgs-22.11".url = "github:NixOS/nixpkgs/nixos-22.11";
"nixpkgs-22.05".url = "github:NixOS/nixpkgs/nixos-22.05";
home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
{
url = "github:Mic92/sops-nix";
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
};
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs-unstable"; };
nur.url = "github:nix-community/NUR";
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd =
{
url = "github:xddxdd/nur-packages?rev=404bc382a29f3d78b03871b96016579d6a0aa305";
inputs.nixpkgs.follows = "nixpkgs";
};
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
qchem = { url = "github:Nix-QChem/NixOS-QChem/master"; inputs.nixpkgs.follows = "nixpkgs"; };
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
plasma-manager =
{
@@ -47,8 +38,6 @@
url = "github:chaotic-cx/nyx";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
# TODO: pick it from nixpkgs
nix-inspect.url = "github:bluskript/nix-inspect";
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
catppuccin.url = "github:catppuccin/nix";
bscpkgs = { url = "git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -56,7 +45,6 @@
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
zpp-bits = { url = "github:eyalz800/zpp_bits"; flake = false; };
citation-style-language = { url = "git+https://github.com/zepinglee/citeproc-lua?submodules=1"; flake = false; };
concurrencpp = { url = "github:David-Haim/concurrencpp"; flake = false; };
cppcoro = { url = "github:Garcia6l20/cppcoro"; flake = false; };
date = { url = "github:HowardHinnant/date"; flake = false; };
@@ -69,15 +57,14 @@
win11os-kde = { url = "github:yeyushengfan258/Win11OS-kde"; flake = false; };
fluent-kde = { url = "github:vinceliuice/Fluent-kde"; flake = false; };
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
blurred-wallpaper =
{ url = "github:bouteillerAlan/blurredwallpaper?rev=aecc88d43e458a0962a0091dcdb7baac34e263be"; flake = false; };
blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
slate = { url = "github:TheBigWazz/Slate"; flake = false; };
linux-surface = { url = "github:linux-surface/linux-surface"; flake = false; };
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
lmod = { url = "github:TACC/Lmod"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
kylin-virtual-keyboard = { url = "git+https://gitee.com/openkylin/kylin-virtual-keyboard.git"; flake = false; };
cjktty = { url = "github:zhmars/cjktty-patches"; flake = false; };
cjktty = { url = "github:CHN-beta/cjktty-patches"; flake = false; };
zxorm = { url = "github:CHN-beta/zxorm"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
@@ -109,7 +96,9 @@
hpcstat =
let openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
(prev: { doCheck = false; patches = prev.patches ++ [ ./local/pkgs/hpcstat/openssh.patch ];});
in pkgs.pkgsStatic.localPackages.hpcstat.override { inherit openssh; standalone = true; };
in pkgs.pkgsStatic.localPackages.hpcstat.override
{ inherit openssh; standalone = true; version = inputs.self.rev or "dirty"; };
nixpkgs = pkgs;
}
// (
builtins.listToAttrs (builtins.map
@@ -202,7 +191,7 @@
};
hpcstat = pkgs.mkShell
{
inputsFrom = [ inputs.self.packages.x86_64-linux.hpcstat ];
inputsFrom = [ (inputs.self.packages.x86_64-linux.hpcstat.override { version = null; }) ];
packages = [ pkgs.clang-tools_17 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};

22
local/pkgs/citation-style-language/default.nix
View File

@@ -1,22 +0,0 @@
{ stdenvNoCC, texlive, src }: stdenvNoCC.mkDerivation (finalAttrs:
{
name = "citation-style-language";
inherit src;
passthru =
{
pkgs = [ finalAttrs.finalPackage ];
tlDeps = with texlive; [ latex ];
tlType = "run";
};
nativeBuildInputs = [ texlive.combined.scheme-full ];
dontConfigure = true;
dontBuild = true;
installPhase =
''
runHook preInstall
export TEXMFHOME=$out
l3build install
runHook postInstall
'';
})

10
local/pkgs/default.nix
View File

@@ -2,10 +2,9 @@ inputs: rec
{
typora = inputs.pkgs.callPackage ./typora {};
vesta = inputs.pkgs.callPackage ./vesta {};
rsshub = inputs.pkgs.callPackage ./rsshub.nix
{ inherit mkPnpmPackage; src = inputs.topInputs.rsshub; nodejs = inputs.pkgs.nodejs_21; };
rsshub = inputs.pkgs.callPackage ./rsshub.nix { inherit mkPnpmPackage; src = inputs.topInputs.rsshub; };
misskey = inputs.pkgs.callPackage ./misskey.nix
{ inherit mkPnpmPackage; nodejs = inputs.pkgs.nodejs_21; src = inputs.topInputs.misskey; };
{ inherit mkPnpmPackage; src = inputs.topInputs.misskey; nodejs = nodejs-with-pnpm9; };
mk-meili-mgn = inputs.pkgs.callPackage ./mk-meili-mgn {};
vaspkit = inputs.pkgs.callPackage ./vaspkit { inherit (inputs.localLib) attrsToList; };
v-sim = inputs.pkgs.callPackage ./v-sim { src = inputs.topInputs.v-sim; };
@@ -22,8 +21,6 @@ inputs: rec
chromiumos-touch-keyboard = inputs.pkgs.callPackage ./chromiumos-touch-keyboard {};
yoga-support = inputs.pkgs.callPackage ./yoga-support {};
tgbot-cpp = inputs.pkgs.callPackage ./tgbot-cpp { src = inputs.topInputs.tgbot-cpp; };
citation-style-language = inputs.pkgs.callPackage ./citation-style-language
{ src = inputs.topInputs.citation-style-language; };
mirism = inputs.pkgs.callPackage ./mirism
{
inherit cppcoro nameof tgbot-cpp date;
@@ -50,7 +47,7 @@ inputs: rec
{
inherit (inputs.pkgs.llvmPackages) openmp;
inherit wannier90 src;
hdf5 = inputs.pkgs.hdf5.override { mpiSupport = true; fortranSupport = true; };
hdf5 = inputs.pkgs.hdf5.override { mpiSupport = true; fortranSupport = true; cppSupport = false; };
};
nvidia = inputs.pkgs.callPackage ./vasp/nvidia
{ inherit lmod nvhpc wannier90 vtst src; hdf5 = hdf5-nvhpc; };
@@ -74,6 +71,7 @@ inputs: rec
openxlsx = inputs.pkgs.callPackage ./openxlsx { src = inputs.topInputs.openxlsx; };
sqlite-orm = inputs.pkgs.callPackage ./sqlite-orm { src = inputs.topInputs.sqlite-orm; };
mkPnpmPackage = inputs.pkgs.callPackage ./mkPnpmPackage.nix {};
nodejs-with-pnpm9 = inputs.pkgs.callPackage ./nodejs-with-pnpm9.nix {};
fromYaml = content: builtins.fromJSON (builtins.readFile
(inputs.pkgs.runCommand "toJSON" {}

9
local/pkgs/hpcstat/CMakeLists.txt
View File

@@ -9,6 +9,8 @@ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
endif()
set(HPCSTAT_VERSION "unknown" CACHE STRING "Version of the hpcstat")
find_package(fmt REQUIRED)
find_package(Boost REQUIRED COMPONENTS headers filesystem)
find_package(SqliteOrm REQUIRED)
@@ -19,13 +21,16 @@ find_path(NAMEOF_INCLUDE_DIR nameof.hpp REQUIRED)
find_package(date REQUIRED)
find_package(OpenXLSX REQUIRED)
find_package(httplib REQUIRED)
find_package(termcolor REQUIRED)
add_executable(hpcstat src/main.cpp src/env.cpp src/keys.cpp src/ssh.cpp src/sql.cpp src/lfs.cpp src/common.cpp
src/push.cpp)
src/push.cpp src/disk.cpp)
target_compile_features(hpcstat PUBLIC cxx_std_23)
target_include_directories(hpcstat PRIVATE ${PROJECT_SOURCE_DIR}/include ${ZPP_BITS_INCLUDE_DIR})
target_link_libraries(hpcstat PRIVATE fmt::fmt Boost::headers Boost::filesystem sqlite_orm::sqlite_orm
nlohmann_json::nlohmann_json range-v3::range-v3 date::date date::date-tz OpenXLSX::OpenXLSX httplib::httplib)
nlohmann_json::nlohmann_json range-v3::range-v3 date::date date::date-tz OpenXLSX::OpenXLSX httplib::httplib
termcolor::termcolor)
target_compile_definitions(hpcstat PRIVATE HPCSTAT_VERSION="${HPCSTAT_VERSION}")
install(TARGETS hpcstat RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
install(DIRECTORY share/ DESTINATION ${CMAKE_INSTALL_DATADIR}/hpcstat)

8
local/pkgs/hpcstat/default.nix
View File

@@ -1,13 +1,15 @@
{
stdenv, cmake, pkg-config, standalone ? false, makeWrapper,
boost, fmt, sqlite-orm, nlohmann_json, zpp-bits, range-v3, nameof, openssh, sqlite, date, openxlsx, httplib, openssl
stdenv, cmake, pkg-config, standalone ? false, version ? null, makeWrapper, lib,
boost, fmt, sqlite-orm, nlohmann_json, zpp-bits, range-v3, nameof, openssh, sqlite, date, openxlsx, httplib, openssl,
termcolor
}: stdenv.mkDerivation
{
name = "hpcstat";
src = ./.;
buildInputs =
[ boost fmt sqlite-orm nlohmann_json zpp-bits range-v3 nameof sqlite date openxlsx httplib openssl.dev ];
[ boost fmt sqlite-orm nlohmann_json zpp-bits range-v3 nameof sqlite date openxlsx httplib termcolor ];
nativeBuildInputs = [ cmake pkg-config makeWrapper ];
cmakeFlags = lib.optionals (version != null) [ "-DHPCSTAT_VERSION=${version}" ];
postInstall =
if standalone then "cp ${openssh}/bin/{ssh-add,ssh-keygen} $out/bin"
else

9
local/pkgs/hpcstat/include/hpcstat/common.hpp
View File

@@ -10,9 +10,12 @@
# include <regex>
# include <thread>
# include <chrono>
# include <fstream>
# include <fmt/format.h>
# include <date/date.h>
# include <date/tz.h>
# include <boost/interprocess/sync/file_lock.hpp>
# include <zpp_bits.h>
namespace hpcstat
{
@@ -25,4 +28,10 @@ namespace hpcstat
// get current time
long now();
// 序列化任意数据
std::string serialize(auto data);
// 反序列化任意数据
template <typename T> T deserialize(std::string serialized_data);
}

16
local/pkgs/hpcstat/include/hpcstat/disk.hpp Normal file
View File

@@ -0,0 +1,16 @@
# pragma once
# include <hpcstat/common.hpp>
namespace hpcstat::disk
{
struct Usage
{
double Total;
std::vector<std::pair<std::string, double>> Teacher; // 已排序
std::vector<std::pair<std::string, double>> Student; // 已排序
long Time;
using serialize = zpp::bits::members<4>;
};
// 统计当前磁盘使用情况,并写入数据库
bool stat(boost::interprocess::file_lock& lock);
}

11
local/pkgs/hpcstat/include/hpcstat/sql.hpp
View File

@@ -1,6 +1,6 @@
# pragma once
# include <hpcstat/common.hpp>
# include <zpp_bits.h>
# include <hpcstat/disk.hpp>
namespace hpcstat::sql
{
@@ -47,8 +47,11 @@ namespace hpcstat::sql
std::string Status;
bool operator==(const CheckJobData& other) const = default;
};
// 序列化任意数据,用于之后签名
std::string serialize(auto data);
struct DiskStatData
{
unsigned Id = 0;
std::string Stat;
};
// 初始化数据库
bool initdb();
// 将数据写入数据库
@@ -65,4 +68,6 @@ namespace hpcstat::sql
// 如果没有找到提交时的信息,则忽略这个任务
std::optional<std::map<unsigned, std::tuple<std::string, std::string, std::string, std::optional<std::string>>>>
check_job_status();
// 返回最后一次检查磁盘占用的结果
std::optional<disk::Usage> get_disk_stat();
}

24
local/pkgs/hpcstat/src/common.cpp
View File

@@ -1,4 +1,6 @@
# include <hpcstat/common.hpp>
# include <hpcstat/sql.hpp>
# include <hpcstat/disk.hpp>
# include <boost/process.hpp>
namespace hpcstat
@@ -35,4 +37,26 @@ namespace hpcstat
return std::chrono::duration_cast<std::chrono::seconds>
(std::chrono::system_clock::now().time_since_epoch()).count();
}
std::string serialize(auto data)
{
auto [serialized_data_byte, out] = zpp::bits::data_out();
out(data).or_throw();
static_assert(sizeof(char) == sizeof(std::byte));
return { reinterpret_cast<char*>(serialized_data_byte.data()), serialized_data_byte.size() };
}
template std::string serialize(sql::LoginData);
template std::string serialize(sql::SubmitJobData);
template std::string serialize(sql::FinishJobData);
template std::string serialize(disk::Usage);
template <typename T> T deserialize(std::string serialized_data)
{
auto [serialized_data_byte, in] = zpp::bits::data_in();
static_assert(sizeof(char) == sizeof(std::byte));
serialized_data_byte = std::vector<std::byte>(reinterpret_cast<const std::byte*>(serialized_data.c_str()),
reinterpret_cast<const std::byte*>(serialized_data.c_str()) + serialized_data.length());
T data;
in(data).or_throw();
return data;
}
template disk::Usage deserialize<disk::Usage>(std::string);
}

72
local/pkgs/hpcstat/src/disk.cpp Normal file
View File

@@ -0,0 +1,72 @@
# include <hpcstat/disk.hpp>
# include <hpcstat/env.hpp>
# include <hpcstat/sql.hpp>
// 需要统计的目录,是否统计子目录
std::map<std::string, bool> Directories =
{
{ "caiduanjun", true },
{ "Gaona", true },
{ "huangkai", true },
{ "huangshengli", false },
{ "kangjunyong", true },
{ "lijing", true },
{ "linwei", true },
{ "Lixu", true },
{ "wanghao", false },
{ "wuyaping", true },
{ "wuzhiming", true },
{ "zhanhuahan", false }
};
bool hpcstat::disk::stat(boost::interprocess::file_lock &lock)
{
if (auto homedir = env::env("HOME"); !homedir)
{ std::cerr << "HOME not set\n"; return false; }
else
{
auto get_size = [](std::string path) -> std::optional<double>
{
if (auto result = exec("/usr/bin/du", { "-s", path }); !result)
{ std::cerr << fmt::format("failed to stat {}\n", path); return std::nullopt; }
else
{
std::smatch match;
if (!std::regex_search(*result, match, std::regex(R"((\d+))")))
{ std::cerr << fmt::format("failed to parse {}\n", *result); return std::nullopt; }
return std::stod(match[1]) / 1024 / 1024;
}
};
auto get_subdir = [](std::string path) -> std::vector<std::string>
{
std::filesystem::directory_iterator it(path);
std::vector<std::string> result;
for (const auto& entry : it)
if (entry.is_directory()) result.push_back(entry.path().filename().string());
return result;
};
Usage usage;
usage.Time = now();
if (auto size = get_size(*homedir); size) usage.Total = *size; else return false;
for (const auto& [dir, recursive] : Directories)
{
if (auto size = get_size(*homedir + "/" + dir); size)
usage.Teacher.push_back({ dir, *size });
else return false;
if (recursive) for (const auto& subdir : get_subdir(*homedir + "/" + dir))
{
if (auto size = get_size(*homedir + "/" + dir + "/" + subdir); size)
usage.Student.push_back({ dir + "/" + subdir, *size });
else return false;
}
}
std::sort(usage.Teacher.begin(), usage.Teacher.end(),
[](const auto& a, const auto& b) { return a.second > b.second; });
std::sort(usage.Student.begin(), usage.Student.end(),
[](const auto& a, const auto& b) { return a.second > b.second; });
lock.lock();
if (!sql::writedb(sql::DiskStatData{.Stat = serialize(usage),}))
{ std::cerr << "Failed to write to database\n"; return false; }
return true;
}
}

83
local/pkgs/hpcstat/src/main.cpp
View File

@@ -4,20 +4,34 @@
# include <hpcstat/keys.hpp>
# include <hpcstat/lfs.hpp>
# include <hpcstat/push.hpp>
# include <hpcstat/disk.hpp>
# include <range/v3/view.hpp>
# include <boost/exception/diagnostic_information.hpp>
# include <boost/filesystem.hpp>
# include <termcolor/termcolor.hpp>
int main(int argc, const char** argv)
{
using namespace hpcstat;
using namespace std::literals;
try
{
using namespace hpcstat;
using namespace std::literals;
auto lockfile = (boost::filesystem::temp_directory_path() / "hpcstat.lock").string();
std::ofstream{lockfile};
boost::interprocess::file_lock lock(lockfile.c_str());
std::vector<std::string> args(argv, argv + argc);
if (args.size() == 1)
{ std::cout << "Usage: hpcstat initdb|login|logout|submitjob|finishjob|verify|export\n"; return 1; }
else if (args[1] == "initdb") { if (!sql::initdb()) { std::cerr << "Failed to initialize database\n"; return 1; } }
{
std::cout << "Usage: hpcstat initdb|login|logout|submitjob|finishjob|verify|export|version|diskstat\n";
return 1;
}
else if (args[1] == "initdb")
{
lock.lock();
if (!sql::initdb()) { std::cerr << "Failed to initialize database\n"; return 1; }
}
else if (args[1] == "login")
{
if (env::interactive()) std::cout << "Communicating with the agent..." << std::flush;
@@ -33,22 +47,53 @@ int main(int argc, const char** argv)
.Time = now(), .Key = *fp, .SessionId = *session, .Subaccount = env::env("HPCSTAT_SUBACCOUNT"),
.Ip = env::env("SSH_CONNECTION"), .Interactive = env::interactive()
};
auto signature = ssh::sign(sql::serialize(data), *fp);
auto signature = ssh::sign(serialize(data), *fp);
if (!signature) return 1;
data.Signature = *signature;
lock.lock();
sql::writedb(data);
if (env::interactive()) std::cout << fmt::format
(
"\33[2K\rLogged in as {} (Fingerprint: SHA256:{}{}).\n", Keys[*fp].Username, *fp,
sub_account ? fmt::format(" Subaccount {}", *sub_account) : ""
);
if (env::interactive())
{
std::cout << fmt::format
(
"\33[2K\rLogged in as {} (Fingerprint: SHA256:{}{}).\n", Keys[*fp].Username, *fp,
sub_account ? fmt::format(" Subaccount {}", *sub_account) : ""
);
if (auto disk_stat = sql::get_disk_stat(); !disk_stat)
std::cerr << "Failed to get disk usage statistic.\n";
else
{
double percent = disk_stat->Total / 800;
auto color = percent > 95 ? termcolor::red<char> :
percent > 80 ? termcolor::yellow<char> : termcolor::green<char>;
auto bgcolor = percent > 95 ? termcolor::on_red<char> :
percent > 80 ? termcolor::on_yellow<char> : termcolor::on_green<char>;
auto time = std::format("{:%F:%R}", std::chrono::zoned_time(std::chrono::current_zone(),
std::chrono::sys_seconds(std::chrono::seconds(disk_stat->Time))));
std::cout
<< color << "disk usage: " << termcolor::reset
<< bgcolor << termcolor::white
<< fmt::format("{:.1f}% ({:.1f}GB / ~800GB)", percent, disk_stat->Total) << termcolor::reset
<< color << fmt::format(" (estimated, counted at {})\n", time) << termcolor::reset;
if (percent > 80)
{
std::cout << color << "Top 3 directories owned by teacher:\n";
for (auto& [name, size] : disk_stat->Teacher | ranges::views::take(3))
std::cout << fmt::format(" {:.1f}GB {}\n", size, name);
std::cout << color << "Top 3 directories owned by student:\n";
for (auto& [name, size] : disk_stat->Student | ranges::views::take(3))
std::cout << fmt::format(" {:.1f}GB {}\n", size, name);
std::cout << termcolor::reset;
}
}
}
}
}
else if (args[1] == "logout")
{
if (auto session_id = env::env("XDG_SESSION_ID", true); !session_id)
return 1;
else sql::writedb(sql::LogoutData{ .Time = now(), .SessionId = *session_id });
else { lock.lock(); sql::writedb(sql::LogoutData{ .Time = now(), .SessionId = *session_id }); }
}
else if (args[1] == "submitjob")
{
@@ -68,9 +113,10 @@ int main(int argc, const char** argv)
.JobCommand = args | ranges::views::drop(2) | ranges::views::join(' ') | ranges::to<std::string>(),
.Subaccount = env::env("HPCSTAT_SUBACCOUNT"), .Ip = env::env("SSH_CONNECTION")
};
auto signature = ssh::sign(sql::serialize(data), *fp);
auto signature = ssh::sign(serialize(data), *fp);
if (!signature) return 1;
data.Signature = *signature;
lock.lock();
sql::writedb(data);
std::cout << fmt::format
("Job <{}> was submitted to <{}> by <{}>.\n", bsub->first, bsub->second, Keys[*fp].Username);
@@ -78,6 +124,7 @@ int main(int argc, const char** argv)
}
else if (args[1] == "finishjob")
{
lock.lock();
if (auto fp = ssh::fingerprint(); !fp) return 1;
else if (auto session = env::env("XDG_SESSION_ID", true); !session)
return 1;
@@ -106,7 +153,7 @@ int main(int argc, const char** argv)
};
if
(
auto signature = ssh::sign(sql::serialize(data), *fp);
auto signature = ssh::sign(serialize(data), *fp);
!signature
)
return 1;
@@ -130,6 +177,7 @@ int main(int argc, const char** argv)
auto begin = sys_seconds(sys_days(month(month_n) / 1 / year_n)).time_since_epoch().count();
auto end = sys_seconds(sys_days(month(month_n) / 1 / year_n + months(1)))
.time_since_epoch().count();
lock.lock();
if
(
!sql::export_data
@@ -138,7 +186,14 @@ int main(int argc, const char** argv)
return 1;
}
else if (args[1] == "push")
{ if (auto jobs = sql::check_job_status(); !jobs) return 1; else if (!push::push(*jobs)) return 1; }
{
lock.lock();
if (auto jobs = sql::check_job_status(); !jobs) return 1;
else if (!push::push(*jobs)) return 1;
}
else if (args[1] == "version") { std::cout << HPCSTAT_VERSION << std::endl; }
else if (args[1] == "diskstat")
{ if (!disk::stat(lock)) { std::cerr << "Failed to get disk stat\n"; return 1; } }
else { std::cerr << "Unknown command.\n"; return 1; }
}
catch (...) { std::cerr << boost::current_exception_diagnostic_information() << std::endl; return 1; }

24
local/pkgs/hpcstat/src/push.cpp
View File

@@ -48,22 +48,28 @@ namespace hpcstat::push
}
// push to telegram for chn
{
auto message = data
auto messages = data
| ranges::views::filter([](const auto& pair)
{ return std::get<2>(pair.second) == "LNoYfq/SM7l8sFAy325WpC+li+kZl3jwST7TmP72Tz8"; })
| ranges::views::transform([](const auto& pair)
{ return fmt::format("{} {} {}", std::get<1>(pair.second), std::get<0>(pair.second), pair.first); })
| ranges::views::join('\n')
| ranges::to<std::string>;
if (message != "")
| ranges::views::chunk(20)
| ranges::views::transform([](auto chunk) { return chunk | ranges::views::join('\n'); })
| ranges::to<std::vector<std::string>>;
if (!messages.empty())
{
httplib::Client cli("https://api.chn.moe");
cli.enable_server_certificate_verification(false);
auto path = fmt::format
("/notify.php?message={}", boost::urls::encode(message, boost::urls::unreserved_chars));
auto res = cli.Get(path.c_str());
if (res.error() != httplib::Error::Success)
{ fmt::print("Push failed: {}\n", nameof::nameof_enum(res.error())); return false; }
for (auto& message : messages)
{
auto path = fmt::format
("/notify.php?message={}", boost::urls::encode(message, boost::urls::unreserved_chars));
auto res = cli.Get(path.c_str());
if (res.error() != httplib::Error::Success)
{ fmt::print("Push failed: {}\n", nameof::nameof_enum(res.error())); return false; }
else if (res->status != 200)
{ fmt::print("Push failed: status code {}\n", res->status); return false; }
}
}
}
return true;

28
local/pkgs/hpcstat/src/sql.cpp
View File

@@ -11,16 +11,6 @@
namespace hpcstat::sql
{
std::string serialize(auto data)
{
auto [serialized_data_byte, out] = zpp::bits::data_out();
out(data).or_throw();
static_assert(sizeof(char) == sizeof(std::byte));
return { reinterpret_cast<char*>(serialized_data_byte.data()), serialized_data_byte.size() };
}
template std::string serialize(LoginData);
template std::string serialize(SubmitJobData);
template std::string serialize(FinishJobData);
auto connect(std::optional<std::string> dbfile = std::nullopt)
{
auto conn = [&]() { return std::make_optional(sqlite_orm::make_storage
@@ -78,6 +68,12 @@ namespace hpcstat::sql
sqlite_orm::make_column("id", &CheckJobData::Id, sqlite_orm::primary_key().autoincrement()),
sqlite_orm::make_column("job_id", &CheckJobData::JobId),
sqlite_orm::make_column("status", &CheckJobData::Status)
),
sqlite_orm::make_table
(
"disk_stat",
sqlite_orm::make_column("id", &DiskStatData::Id, sqlite_orm::primary_key().autoincrement()),
sqlite_orm::make_column("stat", &DiskStatData::Stat)
)
));};
if (!dbfile)
@@ -102,6 +98,7 @@ namespace hpcstat::sql
template bool writedb(LogoutData);
template bool writedb(SubmitJobData);
template bool writedb(FinishJobData);
template bool writedb(DiskStatData);
std::optional<std::set<unsigned>> finishjob_remove_existed(std::map<unsigned, std::string> jobid_submit_time)
{
if (auto conn = connect(); !conn) return std::nullopt;
@@ -336,4 +333,15 @@ namespace hpcstat::sql
return result;
}
}
std::optional<disk::Usage> get_disk_stat()
{
if (auto conn = connect(); !conn) return std::nullopt;
else
{
auto result =
conn->get_all<DiskStatData>(sqlite_orm::order_by(&DiskStatData::Id).desc(), sqlite_orm::limit(1));
if (result.size() != 1) return std::nullopt;
else return deserialize<disk::Usage>(result[0].Stat);
}
}
}

3
local/pkgs/misskey.nix
View File

@@ -4,7 +4,7 @@
}: (mkPnpmPackage.override { inherit nodejs; })
{
inherit src;
extraIntegritySha256."https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.5/aiscript-dev-aiscript-languageserver-0.1.5.tgz" = "1mhnwa8h48bc21f0zv8q93aphiqz9i70r7m4xsa4sd1mlncfgyl7";
extraIntegritySha256."https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.6/aiscript-dev-aiscript-languageserver-0.1.6.tgz" = "0092d5r67bhf4xkvrdn4a2rm1drjzy7b5sw8mi7hp4pqvpc20ylr";
extraNativeBuildInputs = [ bash nodejs.pkgs.typescript nodejs.pkgs.gulp ];
extraAttrs =
{
@@ -16,6 +16,7 @@
export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress ]}:$PATH
export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
export NODE_ENV=production
export COREPACK_ENABLE_STRICT=0
pnpm run migrateandstart
'';
in

3
local/pkgs/mkPnpmPackage.nix
View File

@@ -28,7 +28,7 @@
version = lib.last (lib.splitString "@" nameAtVersion);
name = lib.last (lib.init (lib.splitString "@" nameAtVersion));
baseName = lib.last (lib.splitString "/" name);
url = "${registry}/${name}/-/${baseName}-${version}.tgz";
url = "${registry}/${if name == baseName then "" else "@"}${name}/-/${baseName}-${version}.tgz";
tarball = fetchurl { inherit url; sha512 = value.resolution.integrity; };
in value // { resolution.tarball = "file:${tarball}"; }
else # if value.resolution ? tarball then
@@ -63,6 +63,7 @@
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
export npm_config_nodedir=${nodejs}
pnpm config set reporter append-only
pnpm config set package-manager-strict false
cp -f ${patchedLockFile} pnpm-lock.yaml
runHook postConfigure
'';

15
local/pkgs/nodejs-with-pnpm9.nix Normal file
View File

@@ -0,0 +1,15 @@
{ nodejs, fetchurl }: nodejs.overrideAttrs (prev:
{
passthru.pkgs = prev.passthru.pkgs.extend (final: prev:
{
pnpm = prev.pnpm.override
{
version = "9.1.0";
src = fetchurl
{
url = "https://registry.npmjs.org/pnpm/-/pnpm-9.1.0.tgz";
sha512 = "Z/WHmRapKT5c8FnCOFPVcb6vT3U8cH9AyyK+1fsVeMaq07bEEHzLO6CzW+AD62IaFkcayDbIe+tT+dVLtGEnJA==";
};
};
});
})

1
local/pkgs/rsshub.nix
View File

@@ -13,6 +13,7 @@
''
export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm chromium git ]}:$PATH
export CHROMIUM_EXECUTABLE_PATH=chromium
export COREPACK_ENABLE_STRICT=0
pnpm start
'';
in

56
modules/bugs/default.nix
View File

@@ -11,47 +11,6 @@ inputs:
SuspendState=freeze
HibernateMode=shutdown
'';
# reload iwlwifi after resume from hibernate
hibernate-iwlwifi =
{
systemd.services.reload-iwlwifi-after-hibernate =
{
description = "reload iwlwifi after resume from hibernate";
after = [ "systemd-hibernate.service" ];
serviceConfig.Type = "oneshot";
script = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in
''
${modprobe} -r iwlwifi
${modprobe} iwlwifi
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
'';
wantedBy = [ "systemd-hibernate.service" ];
};
nixos.system.kernel.modules.modprobeConfig =
[ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
# disable wakeup on lid open
suspend-lid-no-wakeup.systemd.services.lid-no-wakeup =
{
description = "lid no wake up";
serviceConfig.Type = "oneshot";
script =
let
cat = "${inputs.pkgs.coreutils}/bin/cat";
grep = "${inputs.pkgs.gnugrep}/bin/grep";
in
''
if ${cat} /proc/acpi/wakeup | ${grep} LID0 | ${grep} -q enabled
then
echo LID0 > /proc/acpi/wakeup
fi
if ${cat} /proc/acpi/wakeup | ${grep} XHCI | ${grep} -q enabled
then
echo XHCI > /proc/acpi/wakeup
fi
'';
wantedBy = [ "multi-user.target" ];
};
# xmunet use old encryption
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
@@ -77,21 +36,10 @@ inputs:
script = "${systemctl} start waydroid-container";
};
};
firefox.programs.firefox.enable = inputs.lib.mkForce false;
power.boot.kernelParams = [ "cpufreq.default_governor=powersave" ];
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
wireplumber.environment.etc."wireplumber/main.lua.d/50-alsa-config.lua".text =
let
content = builtins.readFile
(inputs.pkgs.wireplumber + "/share/wireplumber/main.lua.d/50-alsa-config.lua");
matched = builtins.match
".*\n([[:space:]]*)(--\\[\"session\\.suspend-timeout-seconds\"][^\n]*)[\n].*" content;
spaces = builtins.elemAt matched 0;
comment = builtins.elemAt matched 1;
config = ''["session.suspend-timeout-seconds"] = 0'';
in
builtins.replaceStrings [(spaces + comment)] [(spaces + config)] content;
hibernate-mt7921e.powerManagement.resumeCommands =
let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in "${modprobe} -r -w 3000 mt7921e && ${modprobe} mt7921e";
};
in
{

3
modules/default.nix
View File

@@ -10,7 +10,6 @@ inputs:
topInputs.sops-nix.nixosModules.sops
topInputs.aagl.nixosModules.default
topInputs.nix-index-database.nixosModules.nix-index
topInputs.nur.nixosModules.nur
topInputs.nur-xddxdd.nixosModules.setupOverlay
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
@@ -23,8 +22,6 @@ inputs:
nixpkgs.overlays =
[
topInputs.qchem.overlays.default
topInputs.nixd.overlays.default
topInputs.napalm.overlays.default
topInputs.aagl.overlays.default
topInputs.bscpkgs.overlays.default
(final: prev:

16
modules/hardware/default.nix
View File

@@ -30,7 +30,7 @@ inputs:
enable = true;
drivers = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.arch == "x86_64") [ inputs.pkgs.cnijfilter2 ];
};
avahi = { enable = true; nssmdns = true; openFirewall = true; };
avahi = { enable = true; nssmdns4 = true; openFirewall = true; };
};
}
)
@@ -50,9 +50,10 @@ inputs:
{
hardware.cpu = builtins.listToAttrs
(map (name: { inherit name; value = { updateMicrocode = true; }; }) hardware.cpus);
boot.initrd.availableKernelModules =
let
modules =
boot =
{
initrd.availableKernelModules =
let modules =
{
intel =
[
@@ -60,8 +61,11 @@ inputs:
];
amd = [];
};
in
builtins.concatLists (map (cpu: modules.${cpu}) hardware.cpus);
in builtins.concatLists (map (cpu: modules.${cpu}) hardware.cpus);
kernelParams =
let params = { intel = [ "intel_iommu=off" ]; amd = [ "amd_iommu=fullflush" ]; };
in builtins.concatLists (map (cpu: params.${cpu}) hardware.cpus);
};
}
)
];

2
modules/hardware/gpu.nix
View File

@@ -67,7 +67,7 @@ inputs:
boot =
{
kernelParams = inputs.lib.mkIf (builtins.elem "amd" gpus)
[ "radeon.cik_support=0" "amdgpu.cik_support=1" "radeon.si_support=0" "amdgpu.si_support=1" "iommu=pt" ];
[ "radeon.cik_support=0" "amdgpu.cik_support=1" "radeon.si_support=0" "amdgpu.si_support=1" ];
blacklistedKernelModules = [ "nouveau" ];
};
environment.variables.VDPAU_DRIVER = inputs.lib.mkIf (builtins.elem "intel" gpus) "va_gl";

32
modules/packages/chromium.nix
View File

@@ -3,37 +3,5 @@ inputs:
config = inputs.lib.mkIf (builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets)
{
programs.chromium = { enable = true; extraOpts.PasswordManagerEnabled = false; };
nixos.user.sharedModules =
[{
config.programs.chromium =
{
enable = true;
extensions =
# TODO: declartive way to install extensions, with fixed xpi file
# TODO: declartively config
[
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
{ id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask
{ id = "bpoadfkcbjbfhfodiogcnhhhpibjhbnh"; } # 沉浸式翻译
];
};
}];
};
}

12
modules/packages/desktop-extra.nix
View File

@@ -9,7 +9,7 @@ inputs:
_packages =
[
# system management
etcher btrfs-assistant snapper-gui libsForQt5.qtstyleplugin-kvantum ventoy-full cpu-x
btrfs-assistant snapper-gui kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x # etcher
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden
# download
@@ -20,9 +20,7 @@ inputs:
spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
waifu2x-converter-cpp inkscape blender
# editor
unstablePackages.typora
# themes
orchis-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme arc-kde-theme materia-theme
typora
# news
fluent-reader
# nix tools
@@ -34,10 +32,12 @@ inputs:
google-chrome
# office
crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
(texlive.combine { inherit (texlive) scheme-full; inherit (localPackages) citation-style-language; })
texliveFull
# math, physics and chemistry
octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
]
++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" ])))
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
};
};
programs.kdeconnect.enable = true;

14
modules/packages/desktop/default.nix
View File

@@ -7,7 +7,7 @@ inputs:
packages._packages = with inputs.pkgs;
[
# system management
gparted kio-fuse wayland-utils clinfo glxinfo vulkan-tools dracut
gparted wayland-utils clinfo glxinfo vulkan-tools dracut
(
writeShellScriptBin "xclip"
''
@@ -27,20 +27,22 @@ inputs:
mpv nomacs
# themes
tela-circle-icon-theme localPackages.win11os-kde localPackages.fluent-kde localPackages.blurred-wallpaper
localPackages.slate utterly-nord-plasma
localPackages.slate utterly-nord-plasma catppuccin catppuccin-sddm
catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
(catppuccin-kde.override { flavour = [ "latte" ]; })
(catppuccin-gtk.override { variant = "latte"; })
# terminal
unstablePackages.warp-terminal
warp-terminal
# development
adb-sync
# virtual keyboard
localPackages.kylin-virtual-keyboard
# desktop sharing
rustdesk-flutter
];
};
programs =
{
adb.enable = true;
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
vim.package = inputs.pkgs.vim-full;
yubikey-touch-detector.enable = true;
};
nixpkgs.config.packageOverrides = pkgs:

9
modules/packages/desktop/telegram.patch
View File

@@ -1,8 +1,7 @@
diff --git a/Telegram/SourceFiles/data/data_sponsored_messages.cpp b/Telegram/SourceFiles/data/data_sponsored_messages.cpp
index fa21af4..211f3bf 100644
--- a/Telegram/SourceFiles/data/data_sponsored_messages.cpp
+++ b/Telegram/SourceFiles/data/data_sponsored_messages.cpp
@@ -175,7 +175,7 @@ void SponsoredMessages::inject(
diff --color -ur a/Telegram/SourceFiles/data/components/sponsored_messages.cpp b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
--- a/Telegram/SourceFiles/data/components/sponsored_messages.cpp 1970-01-01 08:00:01.000000000 +0800
+++ b/Telegram/SourceFiles/data/components/sponsored_messages.cpp 2024-05-21 20:41:12.849951324 +0800
@@ -193,7 +193,7 @@
}
bool SponsoredMessages::canHaveFor(not_null<History*> history) const {

7
modules/packages/emacs/default.nix
View File

@@ -1,7 +0,0 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "workstation" inputs.config.nixos.packages._packageSets)
{
nixos.user.sharedModules = [{ config.programs.doom-emacs = { enable = true; doomPrivateDir = ./doom.d; }; }];
};
}

0
modules/packages/emacs/doom.d/config.el
View File

191
modules/packages/emacs/doom.d/init.el
View File

@@ -1,191 +0,0 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life
vertico ; the search engine of the future
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
;;(emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;ligatures ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
;;unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
;;(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;;rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
;;ibuffer ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
;;vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
;;(spell +flyspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;biblio ; Writes a PhD for you (citation needed)
;;debugger ; FIXME stepping through code, to help you add bugs
;;direnv
;;docker
;;editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
;;lsp ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
;;tmux ; an API for interacting with tmux
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
;;tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
;;cc ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
;;elixir ; erlang done right
;;elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER)
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
;;(go +lsp) ; the hipster dialect
;;(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
;;json ; At least it ain't XML
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
;;javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
;;latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
;;lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
;;nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
org ; organize your plain life in plain text
;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
;;python ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
;;yaml ; JSON, but readable
;;zig ; C, but simpler
:email
;;(mu4e +org +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
;;calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))

0
modules/packages/emacs/doom.d/packages.el
View File

41
modules/packages/firefox.nix
View File

@@ -2,47 +2,6 @@ inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
nixos.user.sharedModules = [{ config =
{
programs.firefox =
{
enable = true;
# TODO: switch to 24.05
# nativeMessagingHosts = [ inputs.pkgs.plasma-browser-integration ];
# TODO: switch to chromium as default browser
# TODO: use fixed-version of plugins
package = inputs.pkgs.firefox.override { nativeMessagingHosts = [ inputs.pkgs.plasma-browser-integration ]; };
policies.DefaultDownloadDirectory = "\${home}/Downloads";
profiles.default =
{
extensions = with inputs.pkgs.firefox-addons;
[
immersive-translate tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
wappalyzer grammarly plasma-integration zotero-connector.zotero-connector
];
search = { default = "Google"; force = true; };
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";
extraConfig = builtins.readFile "${inputs.topInputs.lepton}/user.js";
settings =
{
# general
"browser.search.region" = "CN";
"intl.locale.requested" = "zh-CN,en-US";
"browser.aboutConfig.showWarning" = false;
"browser.bookmarks.showMobileBookmarks" = true;
"browser.download.panel.shown" = true;
"browser.download.useDownloadDir" = true;
"browser.newtab.extensionControlled" = true;
"browser.toolbars.bookmarks.visibility" = "never";
# allow to apply userChrome.css
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
};
};
home.file.".mozilla/firefox/profiles.ini".force = true;
};}];
# still enable global firefox, to install language packs
programs.firefox =
{

17
modules/packages/git.nix Normal file
View File

@@ -0,0 +1,17 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
programs.git =
{
enable = true;
package = inputs.pkgs.gitFull;
lfs.enable = true;
config =
{
init.defaultBranch = "main";
core.quotepath = false;
};
};
};
}

2
modules/packages/gpg.nix
View File

@@ -2,6 +2,6 @@ inputs:
{
config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
programs.gnupg.agent = { enable = true; pinentryFlavor = "tty"; };
programs.gnupg.agent.enable = true;
};
}

18
modules/packages/plasma.nix Normal file
View File

@@ -0,0 +1,18 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
nixos.user.sharedModules =
[{
config.programs.plasma =
{
enable = true;
configFile =
{
plasma-localerc = { Formats.LANG.value = "en_US.UTF-8"; Translations.LANGUAGE.value = "zh_CN"; };
baloofilerc."Basic Settings".Indexing-Enabled.value = false;
};
};
}];
};
}

113
modules/packages/plasma/default.nix
View File

@@ -1,113 +0,0 @@
inputs:
{
imports = inputs.localLib.findModules ./.;
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
nixos.user.sharedModules =
[{
config.programs.plasma = inputs.lib.mkMerge
[
# TODO: autostart, panel, discard user changed settings
# general
{
enable = true;
configFile.plasma-localerc = { Formats.LANG.value = "en_US.UTF-8"; Translations.LANGUAGE.value = "zh_CN"; };
}
# kwin
{
kwin.titlebarButtons =
{
right = [ "help" "keep-below-windows" "keep-above-windows" "minimize" "maximize" "close" ];
left = [ "more-window-actions" ];
};
windows.allowWindowsToRememberPositions = false;
configFile =
{
plasmanotifyrc.Notifications.PopupPosition.value = "BottomRight";
kwinrc =
{
Tiling.padding.value = 4;
Wayland."InputMethod[$e]".value = "/run/current-system/sw/share/applications/org.fcitx.Fcitx5.desktop";
Windows.RollOverDesktops.value = true;
Compositing = { AllowTearing.value = false; WindowsBlockCompositing.value = false; };
};
};
}
# baloo
{ configFile.baloofilerc."Basic Settings".Indexing-Enabled.value = false; }
# dolphin and file chooser
{
configFile =
{
dolphinrc =
{
General = { ShowFullPath.value = true; FilterBar.value = true; RememberOpenedTabs.value = false; };
PreviewSettings.Plugins.value = builtins.concatStringsSep ","
[
"blenderthumbnail"
"comicbookthumbnail"
"djvuthumbnail"
"ebookthumbnail"
"exrthumbnail"
"marble_thumbnail_geojson"
"marble_thumbnail_gpx"
"jpegthumbnail"
"marble_thumbnail_kmz"
"marble_thumbnail_kml"
"kraorathumbnail"
"windowsimagethumbnail"
"windowsexethumbnail"
"mltpreview"
"mobithumbnail"
"opendocumentthumbnail"
"marble_thumbnail_osm"
"palathumbcreator"
"gsthumbnail"
"rawthumbnail"
"svgthumbnail"
"imagethumbnail"
"fontthumbnail"
"directorythumbnail"
"textthumbnail"
"webarchivethumbnail"
"ffmpegthumbs"
"audiothumbnail"
];
};
kdeglobals."KFileDialog Settings" =
{
"Allow Expansion".value = true;
"Automatically select filename extension".value = true;
"Show Bookmarks".value = true;
"Show Full Path".value = true;
"Show Inline Previews".value = true;
"Show Preview".value = true;
"Show Speedbar".value = true;
"Show hidden files".value = true;
"Sort by".value = "Name";
"Sort directories first".value = true;
"Sort hidden files last".value = true;
"View Style".value = "DetailTree";
};
};
}
# krunner
{ configFile.krunnerrc = { General.FreeFloating.value = true; Plugins.baloosearchEnabled.value = false; }; }
# lock screen
{ configFile.kscreenlockerrc.Daemon.Autolock.value = false; }
];
}];
nixpkgs.overlays = [(final: prev:
{
libsForQt5 = prev.libsForQt5.overrideScope (final: prev:
{
plasma5 = prev.plasma5.overrideScope (final: prev:
{
xdg-desktop-portal-kde = prev.xdg-desktop-portal-kde.overrideAttrs (prev:
{ patches = (prev.patches or []) ++ [ ./krfb.patch ]; });
});
xdg-desktop-portal-kde = final.plasma5.xdg-desktop-portal-kde;
});
})];
};
}

80
modules/packages/plasma/konsole.nix
View File

@@ -1,80 +0,0 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
nixos.user.sharedModules =
[{
config =
{
programs.plasma =
{
overrideConfig = true;
overrideConfigFiles = [ "konsolerc" "yakuakerc" ];
configFile =
{
yakuakerc =
{
Appearance =
{
HideSkinBorders.value = true;
Skin.value = "Slate";
Translucency.value = true;
};
"Desktop Entry".DefaultProfile.value = "plasma-manager.profile";
Dialogs.FirstRun.value = false;
Window =
{
KeepOpen.value = false;
KeepOpenAfterLastSessionCloses.value = true;
ShowSystrayIcon.value = false;
};
};
konsolerc =
{
"Desktop Entry".DefaultProfile.value = "plasma-manager.profile";
"MainWindow.Toolbar sessionToolbar".ToolButtonStyle.value = "IconOnly";
};
};
dataFile."konsole/plasma-manager.profile" =
{
Appearance =
{
AntiAliasFonts.value = true;
BoldIntense.value = true;
ColorScheme.value = "Breeze";
Font.value = "FiraCode Nerd Font Mono,10,-1,5,50,0,0,0,0,0";
UseFontLineChararacters.value = true;
WordModeAttr.value = false;
};
"Cursor Options".CursorShape.value = 1;
General =
{
Name.value = "plasma-manager";
Parent.value = "FALLBACK/";
TerminalCenter.value = true;
TerminalMargin.value = 1;
};
"Interaction Options" =
{
AutoCopySelectedText.value = true;
TrimLeadingSpacesInSelectedText.value = true;
TrimTrailingSpacesInSelectedText.value = true;
UnderlineFilesEnabled.value = true;
};
Scrolling = { HistoryMode.value = 2; ReflowLines.value = false; };
"Terminal Features".BlinkingCursorEnabled.value = true;
};
};
home.file.".local/share/konsole/Breeze.colorscheme".text = builtins.replaceStrings
[ "Opacity=1" ] [ "Opacity=0.9\nBlur=true" ]
(builtins.readFile "${inputs.pkgs.konsole}/share/konsole/Breeze.colorscheme");
};
}];
environment.persistence =
let impermanence = inputs.config.nixos.system.impermanence;
in inputs.lib.mkIf impermanence.enable (inputs.lib.mkMerge (builtins.map
(user:
{ "${impermanence.root}".users.${user}.directories = [ ".local/share/konsole" ".local/share/yakuake" ]; })
inputs.config.nixos.user.users));
};
}

15
modules/packages/plasma/krfb.patch
View File

@@ -1,15 +0,0 @@
diff --git a/src/remotedesktop.cpp b/src/remotedesktop.cpp
index 9c27b10..100d6f3 100644
--- a/src/remotedesktop.cpp
+++ b/src/remotedesktop.cpp
@@ -136,10 +136,6 @@ uint RemoteDesktopPortal::Start(const QDBusObjectPath &handle,
Utils::setParentWindow(remoteDesktopDialog->windowHandle(), parent_window);
Request::makeClosableDialogRequest(handle, remoteDesktopDialog.get());
connect(session, &Session::closed, remoteDesktopDialog.data(), &RemoteDesktopDialog::reject);
-
- if (!remoteDesktopDialog->exec()) {
- return 1;
- }
}
if (session->screenSharingEnabled()) {

14
modules/packages/server-extra.nix
View File

@@ -12,22 +12,10 @@ inputs:
ksh
# basic tools
neofetch
# nix tools
inputs.topInputs.nix-inspect.packages."${inputs.config.nixos.system.nixpkgs.arch}-linux".default
# office
todo-txt-cli pdfgrep ffmpeg-full
# development
hexo-cli gh
# install per project
# stdenv gfortran nodejs
# library
# fmt fmt.dev localPackages.nameof localPackages.matplotplusplus highfive hdf5 hdf5.dev
# localPackages.concurrencpp localPackages.biu localPackages.magik-enum
# (
# runCommand "concurrencpp" {}
# "mkdir $out; ln -s ${localPackages.concurrencpp}/include/concurrencpp-* $out/include"
# )
# eigen (runCommand "eigen" {} "mkdir $out; ln -s ${eigen}/include/eigen3 $out/include")
hexo-cli gh nix-init
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);

147
modules/packages/server.nix
View File

@@ -2,124 +2,47 @@ inputs:
{
config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
nixos =
{
packages = with inputs.pkgs;
{
_packages =
[
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
fastfetch reptyr
# lsxx
pciutils usbutils lshw util-linux lsof dmidecode
# top
iotop iftop htop btop powertop s-tui
# editor
nano bat
# downloader
wget aria2 curl yt-dlp
# file manager
tree eza trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz upx unzip zip lzip p7zip
# file system management
sshfs e2fsprogs duperemove compsize exfatprogs
# disk management
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
# nix tools
nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {})
# development
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix
# stupid things
toilet lolcat
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
};
user.sharedModules = [(home-inputs:
{
config.programs =
{
direnv = { enable = true; nix-direnv.enable = true; };
git =
{
enable = true;
lfs.enable = true;
extraConfig =
{
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
http.postBuffer = 624288000;
advice.detachedHead = false;
merge.conflictstyle = "diff3";
diff.colorMoved = "default";
lfs =
{
concurrenttransfers = 10;
activitytimeout = 3600;
dialtimeout = 3600;
keepalive = 3600;
tlstimeout = 3600;
transfer.maxretries = 1;
};
};
package = inputs.pkgs.gitFull;
delta =
{
enable = true;
options =
{
side-by-side = true;
navigate = true;
syntax-theme = "GitHub";
light = true;
zero-style = "syntax white";
line-numbers-zero-style = "#ffffff";
};
};
};
vim =
{
enable = true;
defaultEditor = true;
packageConfigurable = inputs.config.programs.vim.package;
settings =
{
number = true;
expandtab = false;
shiftwidth = 2;
tabstop = 2;
};
extraConfig =
''
set clipboard=unnamedplus
colorscheme evening
'';
};
};
})];
};
nixos.packages._packages = with inputs.pkgs;
[
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
fastfetch reptyr nushellFull duc
# lsxx
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors
# top
iotop iftop htop btop powertop s-tui
# editor
nano bat
# downloader
wget aria2 curl yt-dlp
# file manager
tree eza trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz upx unzip zip lzip p7zip
# file system management
sshfs e2fsprogs duperemove compsize exfatprogs
# disk management
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
# nix tools
nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {}) nix-inspect
# development
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix
# stupid things
toilet lolcat
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
programs =
{
nix-index-database.comma.enable = true;
nix-index.enable = true;
command-not-found.enable = false;
autojump.enable = true;
git =
{
enable = true;
package = inputs.pkgs.gitFull;
lfs.enable = true;
config =
{
init.defaultBranch = "main";
core = { quotepath = false; editor = "vim"; };
};
};
direnv = { enable = true; nix-direnv.enable = true; };
};
services.udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
home-manager = { useGlobalPkgs = true; useUserPackages = true; };

29
modules/packages/ssh/default.nix
View File

@@ -139,7 +139,7 @@ inputs:
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions.SetEnv = "TERM=chn_unset_ls_colors:xterm-256color";
setEnv.TERM = "chn_unset_ls_colors:xterm-256color";
};
})
[ "wlin" "hwang" ])
@@ -157,32 +157,7 @@ inputs:
hostname = "hpc.xmu.edu.cn";
user = "jykang";
forwardAgent = true;
extraOptions.SetEnv =
# in .bash_profile:
# if [[ $TERM == chn_unset_ls_colors* ]]; then
# export TERM=${TERM#*:}
# export CHN_LS_USE_COLOR=1
# fi
# if [[ $TERM == chn_cd* ]]; then
# export TERM=${TERM#*:}
# cd ~/${TERM%%:*}
# export TERM=${TERM#*:}
# fi
# in .bashrc
# [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
let
usernameMap =
{
chn = "linwei/chn";
xll = "linwei/Xll";
yjq = "linwei/yjq";
gb = "kangjunyong/gongbin";
};
cdString =
if usernameMap ? ${hmInputs.config.home.username} then
":chn_cd:${usernameMap.${hmInputs.config.home.username}}"
else "";
in "TERM=chn_unset_ls_colors${cdString}:xterm-256color";
extraOptions.AddKeysToAgent = "yes";
};
};
};

2
modules/packages/vasp.nix
View File

@@ -2,6 +2,6 @@ inputs:
{
config = inputs.lib.mkIf (builtins.elem "workstation" inputs.config.nixos.packages._packageSets)
{
nixos.packages._packages = with inputs.pkgs.localPackages.vasp; [ gnu intel nvidia vtstscripts ];
nixos.packages._packages = with inputs.pkgs.localPackages.vasp; [ intel nvidia vtstscripts ];
};
}

28
modules/packages/vim.nix Normal file
View File

@@ -0,0 +1,28 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
nixos.user.sharedModules =
[{
config.programs.vim =
{
enable = true;
defaultEditor = true;
packageConfigurable = inputs.config.programs.vim.package;
settings =
{
number = true;
expandtab = false;
shiftwidth = 2;
tabstop = 2;
};
extraConfig =
''
set clipboard=unnamedplus
colorscheme evening
'';
};
}];
programs.vim.package = inputs.pkgs.vim-full;
};
}

2
modules/packages/vscode.nix
View File

@@ -39,7 +39,7 @@ inputs:
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
twxs.cmake guyutongxue.cpp-reference thfriedrich.lammps leetcode.vscode-leetcode # znck.grammarly
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug

6
modules/packages/workstation.nix
View File

@@ -11,13 +11,13 @@ inputs:
# password and key management
electrum jabref
# system management
wl-mirror nvtop
wl-mirror nvtopPackages.full
# nix tools
nix-template nil pnpm-lock-export bundix
# instant messager
cinny-desktop nheko # qq nur-xddxdd.wechat-uos
# development
jetbrains.clion android-studio dbeaver cling fprettify aircrack-ng
jetbrains.clion android-studio dbeaver-bin cling fprettify aircrack-ng
# install per project
# clang-tools_16 ccls
# media
@@ -27,7 +27,7 @@ inputs:
# text editor
appflowy notion-app-enhanced joplin-desktop standardnotes logseq
# math, physics and chemistry
mathematica paraview jmol mpi quantum-espresso # localPackages.mumax
mathematica paraview jmol mpi # quantum-espresso # localPackages.mumax
# encryption and password management
john crunch hashcat
# container and vm

32
modules/services/fontconfig.nix
View File

@@ -1,32 +0,0 @@
inputs:
{
options.nixos.services.fontconfig = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) fontconfig;
in mkIf fontconfig.enable
{
fonts =
{
fontDir.enable = true;
packages = with inputs.pkgs;
[
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts hack-font inter
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk
noto-fonts-emoji corefonts vistafonts vistafonts-chs
];
fontconfig.defaultFonts =
{
emoji = [ "Noto Color Emoji" ];
monospace = [ "Hack" "Source Han Mono SC" ];
sansSerif = [ "Inter" "Liberation Sans" "Source Han Sans SC" ];
serif = [ "Liberation Serif" "Source Han Serif SC" ];
};
};
nixos.user.sharedModules = [{ config.xdg.configFile."fontconfig/conf.d/10-hm-fonts.conf".force = true; }];
};
}

2
modules/services/frp.nix
View File

@@ -122,7 +122,7 @@ inputs:
{
name = stcp.name;
type = "stcp";
transport = { useCompression = true; tls.enable = true; };
transport.useCompression = true;
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
serverUser = builtins.elemAt (splitString "." stcp.name) 0;
serverName = builtins.elemAt (splitString "." stcp.name) 1;

2
modules/services/gitea.nix
View File

@@ -19,7 +19,7 @@ inputs:
services.gitea =
{
enable = true;
package = inputs.pkgs.unstablePackages.gitea.overrideAttrs { src = builtins.fetchurl
package = inputs.pkgs.gitea.overrideAttrs { src = builtins.fetchurl
{
url = "https://dl.gitea.com/gitea/1.22.0-rc1/gitea-src-1.22.0-rc1.tar.gz";
sha256 = "1h7kjzk7zck7j2advcxc0gsmv3qkwmhcnqi9zl7ypiffy40p6l9y";

119
modules/services/hpcstat.nix
View File

@@ -8,10 +8,8 @@ inputs:
config = let inherit (inputs.config.nixos.services) hpcstat; in inputs.lib.mkIf (hpcstat != null)
{
systemd =
{
services.hpcstat =
{
script =
let
scripts =
let
rsync = "${inputs.pkgs.rsync}/bin/rsync";
grep = "${inputs.pkgs.gnugrep}/bin/grep";
@@ -27,51 +25,78 @@ inputs:
jykang = "${inputs.topInputs.self}/devices/jykang.xmuhpc";
ssh-agent = "${inputs.pkgs.openssh}/bin/ssh-agent";
in
''
eval $(${ssh-agent})
# check if the file content differ
if ${rsync} -e "${ssh}" -acnri ${jykang}/ jykang@hpc.xmu.edu.cn:~/ | ${grep} -E '^[<>]' -q; then
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"File content differ!\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
exit 1
fi
# check finishjob
${ssh} jykang@hpc.xmu.edu.cn hpcstat finishjob
${ssh} jykang@hpc.xmu.edu.cn hpcstat push
# download database
now=$(${date} '+%Y%m%d%H%M%S')
${rsync} -e "${ssh}" \
jykang@hpc.xmu.edu.cn:~/linwei/chn/software/hpcstat/var/lib/hpcstat/hpcstat.db \
/var/lib/hpcstat/hpcstat.db.$now
if [ $? -ne 0 ]; then
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Download database failed!\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
exit 1
fi
# diff database
if [ -f /var/lib/hpcstat/hpcstat.db.last ]; then
${hpcstat} verify /var/lib/hpcstat/hpcstat.db.last /var/lib/hpcstat/hpcstat.db.$now
fi
if [ $? -ne 0 ]; then
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Database verification failed!\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
exit 1
fi
# update database
ln -sf hpcstat.db.$now /var/lib/hpcstat/hpcstat.db.last
'';
serviceConfig = { Type = "oneshot"; User = "hpcstat"; Group = "hpcstat"; };
};
timers.hpcstat =
{
finishjob =
''
eval $(${ssh-agent})
# check if the file content differ
if ${rsync} -e "${ssh}" -acnri ${jykang}/ jykang@hpc.xmu.edu.cn:~/ | ${grep} -E '^[<>]' -q; then
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"File content differ!\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
exit 1
fi
# check finishjob
${ssh} jykang@hpc.xmu.edu.cn hpcstat finishjob
${ssh} jykang@hpc.xmu.edu.cn hpcstat push
'';
backupdb =
''
eval $(${ssh-agent})
# download database
now=$(${date} '+%Y%m%d%H%M%S')
${rsync} -e "${ssh}" \
jykang@hpc.xmu.edu.cn:~/linwei/chn/software/hpcstat/var/lib/hpcstat/hpcstat.db \
/var/lib/hpcstat/hpcstat.db.$now
if [ $? -ne 0 ]; then
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Download database failed!\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
exit 1
fi
# diff database
if [ -f /var/lib/hpcstat/hpcstat.db.last ]; then
${hpcstat} verify /var/lib/hpcstat/hpcstat.db.last /var/lib/hpcstat/hpcstat.db.$now
fi
if [ $? -ne 0 ]; then
${curl} -X POST -H 'Content-Type: application/json' \
-d "{\"chat_id\": \"$(${cat} ${chat})\", \"text\": \"Database verification failed!\"}" \
https://api.telegram.org/bot$(${cat} ${token})/sendMessage
exit 1
fi
# update database
ln -sf hpcstat.db.$now /var/lib/hpcstat/hpcstat.db.last
'';
diskstat =
''
eval $(${ssh-agent})
${ssh} jykang@hpc.xmu.edu.cn hpcstat diskstat
'';
};
calenders =
{
finishjob = "*-*-* *:*:00";
backupdb = "*-*-* *:00/10:00";
diskstat = "*-*-* 07:00:00";
};
in
{
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*-*-* *:00/5:00"; Unit = "hpcstat.service"; };
services = builtins.listToAttrs (builtins.map
(script: { "hpcstat-${script.name}" =
{
script = script.value;
serviceConfig = { Type = "oneshot"; User = "hpcstat"; Group = "hpcstat"; };
};})
(inputs.localLib.attrsToList scripts));
timers = builtins.listToAttrs (builtins.map
(calender: { "hpcstat-${calender.name}" =
{
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = calender.value; Unit = "hpcstat-${calender.name}.service"; };
};})
(inputs.localLib.attrsToList calenders));
tmpfiles.rules = [ "d /var/lib/hpcstat 0700 hpcstat hpcstat" ];
};
tmpfiles.rules = [ "d /var/lib/hpcstat 0700 hpcstat hpcstat" ];
};
sops.secrets =
{
"telegram/token" = { group = "telegram"; mode = "0440"; };

78
modules/services/mariadb.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
options.nixos.services.mariadb = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
enable = mkOption { type = types.bool; default = inputs.config.nixos.services.mariadb.instances != {}; };
instances = mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
@@ -14,46 +14,46 @@ inputs:
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services) mariadb;
inherit (inputs.lib) mkAfter mkIf;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs concatStringsSep filter;
in mkIf mariadb.enable
config = let inherit (inputs.config.nixos.services) mariadb; in inputs.lib.mkIf mariadb.enable
{
services =
{
services =
mysql =
{
mysql =
{
enable = true;
package = inputs.pkgs.mariadb;
settings.mysqld.skip_name_resolve = true;
ensureDatabases = map (db: db.value.database) (attrsToList mariadb.instances);
ensureUsers = map
(db: { name = db.value.user; ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES"; })
(attrsToList mariadb.instances);
};
mysqlBackup =
{
enable = true;
singleTransaction = true;
databases = map (db: db.value.database) (attrsToList mariadb.instances);
};
enable = true;
package = inputs.pkgs.mariadb;
settings.mysqld.skip_name_resolve = true;
ensureDatabases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList mariadb.instances);
ensureUsers = builtins.map
(db: { name = db.value.user; ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES"; })
(inputs.localLib.attrsToList mariadb.instances);
};
mysqlBackup =
{
enable = true;
singleTransaction = true;
databases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList mariadb.instances);
};
systemd.services.mysql.postStart = mkAfter (concatStringsSep "\n" (map
(db:
let
passwordFile =
if db.value.passwordFile or null != null then db.value.passwordFile
else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
mysql = "${inputs.config.services.mysql.package}/bin/mysql";
in
# force user use password auth
''echo "ALTER USER '${db.value.user}' IDENTIFIED BY '$(cat ${passwordFile})';" | ${mysql} -N'')
(attrsToList mariadb.instances)));
sops.secrets = listToAttrs (map
(db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
(filter (db: db.value.passwordFile == null) (attrsToList mariadb.instances)));
};
systemd.services.mysql.postStart = inputs.lib.mkAfter (builtins.concatStringsSep "\n" (builtins.map
(db:
let
passwordFile =
if db.value.passwordFile or null != null then db.value.passwordFile
else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
mysql = "${inputs.config.services.mysql.package}/bin/mysql";
in
# force user use password auth
''echo "ALTER USER '${db.value.user}' IDENTIFIED BY '$(cat ${passwordFile})';" | ${mysql} -N'')
(inputs.localLib.attrsToList mariadb.instances)));
sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList mariadb.instances)));
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.nodatacow}".directories = let user = "mysql"; in
[{ directory = "/var/lib/mysql"; inherit user; group = user; mode = "0750"; }];
};
};
}

184
modules/services/meilisearch.nix
View File

@@ -13,102 +13,100 @@ inputs:
};
ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
config =
let
inherit (inputs.config.nixos.services) meilisearch;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (builtins) map listToAttrs concatLists;
in
config = let inherit (inputs.config.nixos.services) meilisearch; in
{
systemd =
{
systemd =
{
services = listToAttrs (map
(instance:
services = builtins.listToAttrs (builtins.map
(instance:
{
name = "meilisearch-${instance.name}";
value =
{
name = "meilisearch-${instance.name}";
value =
description = "meiliSearch ${instance.name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
# environment.RUST_BACKTRACE = "full";
serviceConfig =
{
description = "meiliSearch ${instance.name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
# environment.RUST_BACKTRACE = "full";
serviceConfig =
{
User = instance.value.user;
Group = inputs.config.users.users.${instance.value.user}.group;
ExecStart =
let
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
{
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
++ (
let inherit (inputs.config.nixos.system.nixpkgs) march;
in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
);
});
config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
in
"${meilisearch}/bin/meilisearch --config-file-path ${config}";
Restart = "always";
StartLimitBurst = 3;
LimitNOFILE = "infinity";
LimitNPROC = "infinity";
LimitCORE = "infinity";
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
Slice = "-.slice";
}
// (if meilisearch.ioLimitDevice != null then
{
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
# iostat -dx 1
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
} else {});
};
})
(attrsToList meilisearch.instances));
tmpfiles.rules = concatLists (map
(instance:
let
user = instance.value.user;
group = inputs.config.users.users.${instance.value.user}.group;
dir = "/var/lib/meilisearch/${instance.name}";
in
[ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
(attrsToList meilisearch.instances));
};
sops =
{
templates = listToAttrs (map
(instance:
{
name = "meilisearch-${instance.name}.toml";
value =
User = instance.value.user;
Group = inputs.config.users.users.${instance.value.user}.group;
ExecStart =
let
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
{
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
++ (
let inherit (inputs.config.nixos.system.nixpkgs) march;
in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
);
});
config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
in
"${meilisearch}/bin/meilisearch --config-file-path ${config}";
Restart = "always";
StartLimitBurst = 3;
LimitNOFILE = "infinity";
LimitNPROC = "infinity";
LimitCORE = "infinity";
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
Slice = "-.slice";
}
// (if meilisearch.ioLimitDevice != null then
{
content =
''
db_path = "/var/lib/meilisearch/${instance.name}"
http_addr = "0.0.0.0:${toString instance.value.port}"
master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
env = "production"
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
log_level = "INFO"
max_indexing_memory = "16Gb"
max_indexing_threads = 1
'';
owner = instance.value.user;
};
})
(attrsToList meilisearch.instances));
secrets = listToAttrs (map
(instance: { name = "meilisearch/${instance.name}"; value = {}; })
(attrsToList meilisearch.instances));
};
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
# iostat -dx 1
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
} else {});
};
})
(inputs.localLib.attrsToList meilisearch.instances));
tmpfiles.rules = builtins.concatLists (builtins.map
(instance:
let
user = instance.value.user;
group = inputs.config.users.users.${instance.value.user}.group;
dir = "/var/lib/meilisearch/${instance.name}";
in
[ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
(inputs.localLib.attrsToList meilisearch.instances));
};
sops =
{
templates = builtins.listToAttrs (builtins.map
(instance:
{
name = "meilisearch-${instance.name}.toml";
value =
{
content =
''
db_path = "/var/lib/meilisearch/${instance.name}"
http_addr = "0.0.0.0:${builtins.toString instance.value.port}"
master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
env = "production"
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
log_level = "INFO"
max_indexing_memory = "16Gb"
max_indexing_threads = 1
'';
owner = instance.value.user;
};
})
(inputs.localLib.attrsToList meilisearch.instances));
secrets = builtins.listToAttrs (builtins.map
(instance: { name = "meilisearch/${instance.name}"; value = {}; })
(inputs.localLib.attrsToList meilisearch.instances));
};
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{ "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; };
};
}

14
modules/services/misskey.nix
View File

@@ -136,15 +136,15 @@ inputs:
(attrsToList misskey.instances));
nixos.services =
{
redis = mkIf (misskey.instances != {}) { instances = listToAttrs (map
redis.instances = listToAttrs (map
(instance: { name = "misskey-${instance.name}"; value.port = instance.value.redis.port; })
(attrsToList misskey.instances)); };
postgresql = mkIf (misskey.instances != {}) { instances = listToAttrs (map
(attrsToList misskey.instances));
postgresql.instances = listToAttrs (map
(instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
(attrsToList misskey.instances)); };
meilisearch =
(attrsToList misskey.instances));
meilisearch.instances =
let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances);
in mkIf (instances != []) { instances = listToAttrs (map
in listToAttrs (map
(instance:
{
name = "misskey-${instance.name}";
@@ -154,7 +154,7 @@ inputs:
port = instance.value.meilisearch.port;
};
})
instances); };
instances);
nginx =
{
enable = mkIf (misskey.instances != {}) true;

1
modules/services/nginx/default.nix
View File

@@ -295,6 +295,7 @@ inputs:
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ 80 443 ];
sops.secrets = { "nginx/maxmind-license".owner = inputs.config.users.users.nginx.name; };
systemd.services.nginx.serviceConfig =
{

7
modules/services/nix-serve.nix
View File

@@ -20,7 +20,10 @@ inputs:
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
};
sops.secrets."store/signingKey" = {};
nixos.services.nginx =
{ enable = true; https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; };
nixos.services =
{
nginx = { enable = true; https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; };
xray.client.v2ray-forwarder.noproxyTcpPorts = [ 5000 ];
};
};
}

19
modules/services/nixseperatedebuginfo.nix Normal file
View File

@@ -0,0 +1,19 @@
inputs:
{
options.nixos.services.nixseparatedebuginfo = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets then {} else null;
};
config =
let inherit (inputs.config.nixos.services) nixseparatedebuginfo; in inputs.lib.mkIf (nixseparatedebuginfo != {})
{
services.nixseparatedebuginfod.enable = true;
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.nodatacow}".directories = let user = "nixseparatedebuginfod"; in
[{ directory = "/var/cache/nixseparatedebuginfod"; inherit user; group = user; mode = "0755"; }];
};
};
}

187
modules/services/postgresql.nix
View File

@@ -1,105 +1,96 @@
inputs:
{
options.nixos.services.postgresql = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.services.postgresql = let inherit (inputs.lib) mkOption types; in
{
type = types.nullOr (types.submodule { options =
enable = mkOption { type = types.bool; default = inputs.config.nixos.services.postgresql.instances != {}; };
instances = mkOption
{
instances = mkOption
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
initializeFlags = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};}));
default = {};
};
};});
default = null;
};
config =
let
inherit (inputs.config.nixos.services) postgresql;
inherit (inputs.lib) mkAfter concatStringsSep mkIf;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs filter;
in mkIf (postgresql != null)
{
services =
{
postgresql =
{
enable = true;
package = inputs.pkgs.postgresql_15;
enableTCPIP = true;
authentication = "host all all 0.0.0.0/0 md5";
settings =
{
unix_socket_permissions = "0700";
shared_buffers = "8192MB";
work_mem = "512MB";
autovacuum = "on";
};
# log_timezone = 'Asia/Shanghai'
# datestyle = 'iso, mdy'
# timezone = 'Asia/Shanghai'
# lc_messages = 'en_US.utf8'
# lc_monetary = 'en_US.utf8'
# lc_numeric = 'en_US.utf8'
# lc_time = 'en_US.utf8'
# default_text_search_config = 'pg_catalog.english'
# plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
# mv /path/to/dir /path/to/dir_old
# mkdir /path/to/dir
# chattr +C /path/to/dir
# cp -a --reflink=never /path/to/dir_old/. /path/to/dir
# rm -rf /path/to/dir_old
ensureUsers = map (db: { name = db.value.user; }) (attrsToList postgresql.instances);
};
postgresqlBackup =
{
enable = true;
pgdumpOptions = "-Fc";
compression = "none";
databases = map (db: db.value.database) (attrsToList postgresql.instances);
};
};
systemd.services.postgresql.postStart = mkAfter (concatStringsSep "\n" (map
(db:
let
passwordFile =
if db.value.passwordFile or null != null then db.value.passwordFile
else inputs.config.sops.secrets."postgresql/${db.value.user}".path;
initializeFlag =
if db.value.initializeFlags != {} then
" WITH "
+ (concatStringsSep " " (map
(flag: ''${flag.name} = "${flag.value}"'')
(attrsToList db.value.initializeFlags)))
else "";
in
# create database if not exist
"$PSQL -tAc \"SELECT 1 FROM pg_database WHERE datname = '${db.value.database}'\" | grep -q 1"
+ " || $PSQL -tAc 'CREATE DATABASE \"${db.value.database}\"${initializeFlag}'"
# set user password
+ "\n"
+ "$PSQL -tAc \"ALTER USER ${db.value.user} with encrypted password '$(cat ${passwordFile})'\""
# set db owner
+ "\n"
+ "$PSQL -tAc \"select pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d"
+ " WHERE d.datname = '${db.value.database}' ORDER BY 1\""
+ " | grep -E '^${db.value.user}$' -q"
+ " || $PSQL -tAc \"ALTER DATABASE ${db.value.database} OWNER TO ${db.value.user}\"")
(attrsToList postgresql.instances)));
sops.secrets = listToAttrs (map
(db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
(filter (db: db.value.passwordFile == null) (attrsToList postgresql.instances)));
database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
initializeFlags = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};}));
default = {};
};
};
config = let inherit (inputs.config.nixos.services) postgresql; in inputs.lib.mkIf postgresql.enable
{
services =
{
postgresql =
{
enable = true;
package = inputs.pkgs.postgresql_15;
enableTCPIP = true;
authentication = "host all all 0.0.0.0/0 md5";
settings =
{
unix_socket_permissions = "0700";
shared_buffers = "8192MB";
work_mem = "512MB";
autovacuum = "on";
};
# log_timezone = 'Asia/Shanghai'
# datestyle = 'iso, mdy'
# timezone = 'Asia/Shanghai'
# lc_messages = 'en_US.utf8'
# lc_monetary = 'en_US.utf8'
# lc_numeric = 'en_US.utf8'
# lc_time = 'en_US.utf8'
# default_text_search_config = 'pg_catalog.english'
# plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
# mv /path/to/dir /path/to/dir_old
# mkdir /path/to/dir
# chattr +C /path/to/dir
# cp -a --reflink=never /path/to/dir_old/. /path/to/dir
# rm -rf /path/to/dir_old
ensureUsers = builtins.map (db: { name = db.value.user; }) (inputs.localLib.attrsToList postgresql.instances);
};
postgresqlBackup =
{
enable = true;
pgdumpOptions = "-Fc";
compression = "none";
databases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList postgresql.instances);
};
};
systemd.services.postgresql.postStart = inputs.lib.mkAfter (builtins.concatStringsSep "\n" (builtins.map
(db:
let
passwordFile =
if db.value.passwordFile or null != null then db.value.passwordFile
else inputs.config.sops.secrets."postgresql/${db.value.user}".path;
initializeFlag =
if db.value.initializeFlags != {} then
" WITH "
+ (builtins.concatStringsSep " " (map
(flag: ''${flag.name} = "${flag.value}"'')
(inputs.localLib.attrsToList db.value.initializeFlags)))
else "";
in
# create database if not exist
"$PSQL -tAc \"SELECT 1 FROM pg_database WHERE datname = '${db.value.database}'\" | grep -q 1"
+ " || $PSQL -tAc 'CREATE DATABASE \"${db.value.database}\"${initializeFlag}'"
# set user password
+ "\n"
+ "$PSQL -tAc \"ALTER USER ${db.value.user} with encrypted password '$(cat ${passwordFile})'\""
# set db owner
+ "\n"
+ "$PSQL -tAc \"select pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d"
+ " WHERE d.datname = '${db.value.database}' ORDER BY 1\""
+ " | grep -E '^${db.value.user}$' -q"
+ " || $PSQL -tAc \"ALTER DATABASE ${db.value.database} OWNER TO ${db.value.user}\"")
(inputs.localLib.attrsToList postgresql.instances)));
sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList postgresql.instances)));
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.nodatacow}".directories = let user = "postgres"; in
[{ directory = "/var/lib/postgresql"; inherit user; group = user; mode = "0750"; }];
};
};
}
# sops.secrets.drone-agent = {
# owner = config.systemd.services.drone-agent.serviceConfig.User;
# key = "drone";
# };
# pg_dump -h 127.0.0.1 -U synapse -Fc -f synaps.dump synapse
# pg_restore -h 127.0.0.1 -U misskey -d misskey --data-only --jobs=4 misskey.dump

51
modules/services/redis.nix
View File

@@ -13,33 +13,28 @@ inputs:
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services) redis;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs filter;
in
{
services.redis.servers = listToAttrs (map
(server:
config = let inherit (inputs.config.nixos.services) redis; in
{
services.redis.servers = builtins.listToAttrs (builtins.map
(server:
{
inherit (server) name;
value =
{
inherit (server) name;
value =
{
enable = true;
bind = null;
port = server.value.port;
user = server.value.user;
# unixSocket = null; # bug
unixSocketPerm = 600;
requirePassFile =
if server.value.passwordFile == null then inputs.config.sops.secrets."redis/${server.name}".path
else server.value.passwordFile;
};
})
(attrsToList redis.instances));
sops.secrets = listToAttrs (map
(server: { name = "redis/${server.name}"; value.owner = inputs.config.users.users.${server.value.user}.name; })
(filter (server: server.value.passwordFile == null) (attrsToList redis.instances)));
};
enable = true;
bind = null;
port = server.value.port;
user = server.value.user;
# unixSocket = null; # bug
unixSocketPerm = 600;
requirePassFile =
if server.value.passwordFile == null then inputs.config.sops.secrets."redis/${server.name}".path
else server.value.passwordFile;
};
})
(inputs.localLib.attrsToList redis.instances));
sops.secrets = builtins.listToAttrs (builtins.map
(server: { name = "redis/${server.name}"; value.owner = inputs.config.users.users.${server.value.user}.name; })
(builtins.filter (server: server.value.passwordFile == null) (inputs.localLib.attrsToList redis.instances)));
};
}

5
modules/services/samba.nix
View File

@@ -63,5 +63,10 @@ inputs:
(attrsToList samba.shares));
};
};
nixos.services.xray.client.v2ray-forwarder =
{
noproxyTcpPorts = [ 139 445 ];
noproxyUdpPorts = [ 137 138 ];
};
};
}

1
modules/services/sshd/default.nix
View File

@@ -23,6 +23,7 @@ inputs:
UsePAM = true;
};
};
nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ 22 ];
# generate from https://patorjk.com/software/taag with font "BlurVision ASCII"
# generate using `toilet -f wideterm -F border "InAlGaN / SiC"`
# somehow lolcat could not run with these characters, use rendered directly

8
modules/services/synapse.nix
View File

@@ -258,7 +258,7 @@ inputs:
(attrsToList synapse.instances));
nixos.services =
{
postgresql = mkIf (synapse.instances != {}) { instances = listToAttrs (concatLists (map
postgresql.instances = listToAttrs (concatLists (map
(instance:
[
{
@@ -270,10 +270,10 @@ inputs:
value.user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
}
])
(attrsToList synapse.instances)));};
redis = mkIf (synapse.instances != {}) { instances = listToAttrs (map
(attrsToList synapse.instances)));
redis.instances = listToAttrs (map
(instance: { name = "synapse-${instance.name}"; value.port = instance.value.redisPort; })
(attrsToList synapse.instances));};
(attrsToList synapse.instances));
nginx =
{
enable = mkIf (synapse.instances != {}) true;

8
modules/services/wireguard.nix
View File

@@ -9,7 +9,7 @@ inputs:
behindNat = mkOption
{
type = types.bool;
default = inputs.config.nixos.services.xray.client != null;
default = inputs.config.nixos.services.xray.client.enable;
};
listenIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
# if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820
@@ -38,7 +38,11 @@ inputs:
{
networking =
{
firewall = { allowedUDPPorts = [ wireguard.listenPort ]; trustedInterfaces = [ "wireguard" ]; };
firewall =
{
allowedUDPPorts = inputs.lib.mkIf (!wireguard.behindNat) [ wireguard.listenPort ];
trustedInterfaces = [ "wireguard" ];
};
wireguard.interfaces.wireguard =
{
ips = [ "${wireguard.wireguardIp}/24" ];

188
modules/services/xray.nix
View File

@@ -2,36 +2,29 @@ inputs:
{
options.nixos.services.xray = let inherit (inputs.lib) mkOption types; in
{
client = mkOption
client =
{
type = types.nullOr (types.submodule { options =
enable = mkOption { type = types.bool; default = false; };
xray =
{
xray =
serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
};
dnsmasq =
{
extraInterfaces = mkOption
{
serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
};
dae =
{
lanInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optionals inputs.config.nixos.virtualization.docker.enable [ "docker0" ];
};
wanInterface = mkOption { type = types.listOf types.nonEmptyStr; default = [ "auto" ]; };
};
dnsmasq =
{
extraInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
};
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
};});
default = null;
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
v2ray-forwarder =
{
noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
noproxyTcpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
noproxyUdpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
};
};
server = mkOption
{
@@ -48,12 +41,12 @@ inputs:
{
assertions =
[{
assertion = !(xray.client != null && xray.server != null);
assertion = !(xray.client.enable && xray.server != null);
message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
}];
}
(
inputs.lib.mkIf (xray.client != null)
inputs.lib.mkIf xray.client.enable
{
services =
{
@@ -72,56 +65,6 @@ inputs:
(inputs.localLib.attrsToList xray.client.dnsmasq.hosts);
};
};
dae =
{
enable = true;
package = inputs.pkgs.callPackage "${inputs.topInputs.nixpkgs-unstable}/pkgs/tools/networking/dae" {};
config =
let
lanString = (inputs.lib.optionalString (xray.client.dae.lanInterfaces != []) "lan_interface: ")
+ builtins.concatStringsSep "," xray.client.dae.lanInterfaces;
wanString = (inputs.lib.optionalString (xray.client.dae.wanInterface != []) "wan_interface: ")
+ builtins.concatStringsSep "," xray.client.dae.wanInterface;
in
''
global {
tproxy_port: 12345
tproxy_port_protect: true
so_mark_from_dae: 0
log_level: info
disable_waiting_network: true
${lanString}
${wanString}
auto_config_kernel_parameter: true
dial_mode: ip
allow_insecure: false
tls_implementation: tls
}
node {
'socks5://localhost:10884'
}
group {
default_group {
policy: fixed(0)
}
}
routing {
dscp(0x1) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
dip(8.8.8.8) -> default_group
dip(223.5.5.5) -> direct
dip(geoip:cn) -> direct
!dip(geoip:cn) -> default_group
fallback: default_group
}
'';
};
resolved.enable = false;
};
sops =
@@ -171,6 +114,14 @@ inputs:
settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
tag = "dns-in";
}
{
port = 10880;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
tag = "common-in";
}
{
port = 10881;
protocol = "dokodemo-door";
@@ -178,7 +129,14 @@ inputs:
streamSettings.sockopt.tproxy = "tproxy";
tag = "xmu-in";
}
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "common-in"; }
{
port = 10883;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "proxy-in";
}
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "proxy-socks-in"; }
{ port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
];
outbounds =
@@ -229,6 +187,7 @@ inputs:
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
{
inboundTag = [ "common-in" ];
@@ -269,22 +228,50 @@ inputs:
ipset = "${inputs.pkgs.ipset}/bin/ipset";
iptables = "${inputs.pkgs.iptables}/bin/iptables";
ip = "${inputs.pkgs.iproute}/bin/ip";
autoPort = "10880";
xmuPort = "10881";
proxyPort = "10883";
in
{
Type = "simple";
RemainAfterExit = true;
ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start" (builtins.concatStringsSep "\n"
(
[ "${ipset} create lo_net hash:net" ]
++ (builtins.map (host: "${ipset} add lo_net ${host}")
[
"0.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12"
"192.0.0.0/24" "192.88.99.0/24" "192.168.0.0/16" "59.77.0.143" "198.18.0.0/15"
"198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "240.0.0.0/4" "255.255.255.255/32"
])
++ [
"${ipset} create xmu_net hash:net"
"${ipset} create noproxy_net hash:net"
"${ipset} add noproxy_net 223.5.5.5"
"${ipset} create noproxy_src_net hash:net"
"${ipset} create noproxy_port bitmap:port range 0-65535"
"${ipset} create proxy_net hash:net"
"${ipset} add proxy_net 8.8.8.8"
"${iptables} -t mangle -N v2ray -w"
"${iptables} -t mangle -A PREROUTING -j v2ray -w"
]
++ (map (port: "${ipset} add noproxy_port ${port}")
(with xray.client.v2ray-forwarder;
(map (port: "tcp:${toString port}") noproxyTcpPorts)
++ (map (port: "udp:${toString port}") noproxyUdpPorts))
)
++ (map (action: "${iptables} -t mangle -A v2ray ${action} -w")
[
"-m set --match-set noproxy_src_net src -j RETURN"
"-m set --match-set noproxy_net dst -j RETURN"
"-m set --match-set noproxy_port src -j RETURN"
"-m set --match-set xmu_net dst -p tcp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
"-m set --match-set xmu_net dst -p udp -j TPROXY --on-port ${xmuPort} --tproxy-mark 1/1"
"-m set --match-set proxy_net dst -p tcp -j TPROXY --on-port ${proxyPort} --tproxy-mark 1/1"
"-m set --match-set proxy_net dst -p udp -j TPROXY --on-port ${proxyPort} --tproxy-mark 1/1"
"-m set --match-set lo_net dst -j RETURN"
"-p tcp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
"-p udp -j TPROXY --on-port ${autoPort} --tproxy-mark 1/1"
])
++ [
"${iptables} -t mangle -N v2ray_mark -w"
@@ -292,30 +279,41 @@ inputs:
]
++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
(
[ "-m set --match-set xmu_net dst -j MARK --set-mark 1/1" ]
++ (map
(map
(user:
let uid = inputs.config.nixos.user.uid.${user};
in "-m owner --uid-owner ${toString uid} -j DSCP --set-dscp 0x1")
(xray.client.xray.noproxyUsers ++ [ "v2ray" ]))
in "-m owner --uid-owner ${toString uid} -j RETURN")
(xray.client.v2ray-forwarder.noproxyUsers ++ [ "v2ray" ]))
++ [
"-m set --match-set noproxy_src_net src -j RETURN"
"-m set --match-set noproxy_net dst -j RETURN"
"-m set --match-set noproxy_port src -j RETURN"
"-m set --match-set xmu_net dst -j MARK --set-mark 1/1"
"-m set --match-set proxy_net dst -j MARK --set-mark 1/1"
"-m set --match-set lo_net dst -j RETURN"
"-j MARK --set-mark 1/1"
]
))
++ [
"${ip} rule add fwmark 1/1 table 100"
"${ip} route add local 0.0.0.0/0 dev lo table 100"
]
));
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
''
${iptables} -t mangle -F v2ray -w
${iptables} -t mangle -D PREROUTING -j v2ray -w
${iptables} -t mangle -X v2ray -w
${iptables} -t mangle -F v2ray_mark -w
${iptables} -t mangle -D OUTPUT -j v2ray_mark -w
${iptables} -t mangle -X v2ray_mark -w
${ip} rule del fwmark 1/1 table 100
${ip} route del local 0.0.0.0/0 dev lo table 100
${ipset} destroy xmu_net
'';
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop" (builtins.concatStringsSep "\n"
(
[
"${iptables} -t mangle -F v2ray -w"
"${iptables} -t mangle -D PREROUTING -j v2ray -w"
"${iptables} -t mangle -X v2ray -w"
"${iptables} -t mangle -F v2ray_mark -w"
"${iptables} -t mangle -D OUTPUT -j v2ray_mark -w"
"${iptables} -t mangle -X v2ray_mark -w"
"${ip} rule del fwmark 1/1 table 100"
"${ip} route del local 0.0.0.0/0 dev lo table 100"
]
++ (map (set: "${ipset} destroy ${set}")
[ "lo_net" "xmu_net" "noproxy_net" "noproxy_src_net" "proxy_net" "noproxy_port" ])
));
};
};
};

32
modules/services/xrdp.nix
View File

@@ -5,46 +5,24 @@ inputs:
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 3389; };
hostname = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
optimise =
{
type = mkOption { type = types.nullOr (types.enum [ "nvidia" "glamor" ]); default = null; };
nvidiaBusId = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.config.nixos.services) xrdp;
in mkIf xrdp.enable (mkMerge
config = let inherit (inputs.config.nixos.services) xrdp;
in inputs.lib.mkIf xrdp.enable (inputs.lib.mkMerge
[
{
assertions =
[{
assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
message = "nvidiaBusId must be set if optimise type is nvidia";
}];
}
{
services.xrdp =
{
enable = true;
package = mkIf (xrdp.optimise.type != null) (inputs.pkgs.xrdp.override
{
variant = xrdp.optimise.type;
inherit (xrdp.optimise) nvidiaBusId;
nvidiaPackage = inputs.config.hardware.nvidia.package;
});
port = xrdp.port;
openFirewall = true;
defaultWindowManager = "${inputs.pkgs.plasma-workspace}/bin/startplasma-x11";
};
environment.etc.xrdp.source = "${inputs.config.services.xrdp.package}/etc/xrdp";
nixos.services.xray.client.v2ray-forwarder.noproxyTcpPorts = [ xrdp.port ];
}
(
mkIf (xrdp.hostname != null)
inputs.lib.mkIf (xrdp.hostname != null)
(
let
mainDomain = builtins.elemAt xrdp.hostname 0;
let mainDomain = builtins.elemAt xrdp.hostname 0;
in
{
services.xrdp =

2
modules/system/catppuccin.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
config =
{
catppuccin.flavour = "latte";
catppuccin.flavor = "latte";
console.catppuccin.enable = true;
boot.loader.grub.catppuccin.enable = true;
nixos.user.sharedModules =

2
modules/system/envfs.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.packages.packageSet == "workstation" then {} else null;
default = null;
};
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null) (inputs.lib.mkMerge
[

29
modules/system/fontconfig.nix Normal file
View File

@@ -0,0 +1,29 @@
inputs:
{
options.nixos.services.fontconfig = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
};
config = let inherit (inputs.config.nixos.services) fontconfig; in inputs.lib.mkIf (fontconfig != null)
{
fonts =
{
fontDir.enable = true;
packages = with inputs.pkgs;
[
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts hack-font inter
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk
noto-fonts-emoji corefonts vistafonts vistafonts-chs
];
fontconfig.defaultFonts =
{
emoji = [ "Noto Color Emoji" ];
monospace = [ "Hack" "Source Han Mono SC" ];
sansSerif = [ "Inter" "Liberation Sans" "Source Han Sans SC" ];
serif = [ "Liberation Serif" "Source Han Serif SC" ];
};
};
nixos.user.sharedModules = [{ config.xdg.configFile."fontconfig/conf.d/10-hm-fonts.conf".force = true; }];
};
}

60
modules/system/gui.nix
View File

@@ -6,35 +6,37 @@ inputs:
preferred = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.enable; };
autoStart = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
};
config =
let
inherit (builtins) map;
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.system) gui;
in mkIf gui.enable
config = let inherit (inputs.config.nixos.system) gui; in inputs.lib.mkIf gui.enable
{
services =
{
services.xserver =
{
enable = true;
displayManager =
{
sddm.enable = true;
defaultSession = "plasmawayland";
};
desktopManager.plasma5.enable = true;
};
systemd.services.display-manager = { after = [ "network-online.target" ]; enable = gui.autoStart; };
environment =
{
sessionVariables."GTK_USE_PORTAL" = "1";
plasma5.excludePackages = inputs.lib.mkIf (!gui.preferred) [ inputs.pkgs.plasma5Packages.plasma-nm ];
};
xdg.portal.extraPortals = map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "kde" "wlr" ];
i18n.inputMethod =
{
enabled = "fcitx5";
fcitx5.addons = map (p: inputs.pkgs."fcitx5-${p}") [ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
};
programs = { dconf.enable = true; xwayland.enable = true; };
displayManager =
{ sddm = { enable = true; wayland.enable = true; theme = "breeze"; }; defaultSession = "plasma"; };
desktopManager.plasma6.enable = true;
xserver.enable = true;
};
systemd.services.display-manager.enable = gui.autoStart;
environment =
{
sessionVariables =
{
"GTK_USE_PORTAL" = "1";
"NIXOS_OZONE_WL" = inputs.lib.mkIf gui.preferred "1";
};
plasma6.excludePackages = inputs.lib.mkIf (!gui.preferred) [ inputs.pkgs.kdePackages.plasma-nm ];
persistence = let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.root}".directories =
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }];
};
};
xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
i18n.inputMethod =
{
enabled = "fcitx5";
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
};
programs.dconf.enable = true;
};
}

119
modules/system/impermanence.nix
View File

@@ -7,80 +7,55 @@ inputs:
root = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs/current"; };
nodatacow = mkOption { type = types.nullOr types.nonEmptyStr; default = "/nix/nodatacow"; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.system) impermanence;
in mkIf impermanence.enable
config = let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
environment.persistence =
{
environment.persistence =
"${impermanence.persistence}" =
{
"${impermanence.persistence}" =
{
hideMounts = true;
directories =
[
"/root"
"/var/db"
"/var/lib"
"/var/log"
"/var/spool"
"/var/backup"
{ directory = "/var/lib/docker/volumes"; mode = "0710"; }
"/srv"
];
files =
[
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_rsa_key"
];
};
"${impermanence.root}" =
{
hideMounts = true;
directories =
[
"/var/lib/systemd/linger"
"/var/lib/systemd/coredump"
"/var/lib/systemd/backlight"
{ directory = "/var/lib/docker"; mode = "0710"; }
"/var/lib/flatpak"
]
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
}
// (if builtins.elem "chn" inputs.config.nixos.user.users then
{
users.chn =
{
directories = [ ".cache" ".config/fontconfig" ];
};
} else {});
"${impermanence.nodatacow}" =
{
hideMounts = true;
directories =
[{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }]
++ (
if inputs.config.nixos.services.postgresql != null then let user = inputs.config.users.users.postgres; in
[{ directory = "/var/lib/postgresql"; user = user.name; group = user.group; mode = "0750"; }]
else []
)
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
++ (
if inputs.config.nixos.virtualization.kvmHost.enable then
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
else []
)
++ (
if inputs.config.nixos.services.mariadb.enable then let user = inputs.config.users.users.mysql; in
[{ directory = "/var/lib/mysql"; user = user.name; group = user.group; mode = "0750"; }]
else []
);
};
hideMounts = true;
directories =
[
"/var/db"
"/var/lib"
"/var/log"
"/var/spool"
"/var/backup"
{ directory = "/var/lib/docker/volumes"; mode = "0710"; }
"/srv"
];
files =
[
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_rsa_key"
];
};
"${impermanence.root}" =
{
hideMounts = true;
directories =
[
"/var/lib/systemd/linger"
"/var/lib/systemd/coredump"
"/var/lib/systemd/backlight"
{ directory = "/var/lib/docker"; mode = "0710"; }
"/var/lib/flatpak"
];
};
"${impermanence.nodatacow}" =
{
hideMounts = true;
directories =
[{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }]
++ (
if inputs.config.nixos.virtualization.kvmHost.enable then
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
else []
);
};
};
};
}

31
modules/system/kernel/default.nix
View File

@@ -5,7 +5,7 @@ inputs:
variant = mkOption
{
type = types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" "cachyos-server" ];
default = if inputs.config.nixos.system.gui.preferred then "cachyos" else "cachyos-server";
default = "xanmod-latest";
};
patches = mkOption { type = types.listOf types.nonEmptyStr; default = [ "cjktty" ]; };
modules =
@@ -56,11 +56,8 @@ inputs:
[{
name = "cjktty";
patch =
let
version = builtins.concatStringsSep "." (inputs.lib.lists.take 2
(builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version));
fileVersion = { "6.8" = "6.7"; }.${version} or version;
in "${inputs.topInputs.cjktty}/v6.x/cjktty-${fileVersion}.patch";
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in "${inputs.topInputs.cjktty}/v6.x/cjktty-${version}.patch";
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
}];
@@ -123,7 +120,13 @@ inputs:
(builtins.readFile "${inputs.topInputs.linux-surface}/configs/surface-${version}.config")))))
[ "VIDEO_IPU3_IMGU" ];
in kernelPatches ++ [{ name = "surface-config"; patch = null; extraStructuredConfig = kernelConfig; }];
hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
hibernate-progress =
[{
name = "hibernate-progress";
patch =
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in ./hibernate-progress-${version}.patch;
}];
};
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
@@ -134,19 +137,7 @@ inputs:
inputs.lib.strings.hasPrefix "cachyos" kernel.variant
&& builtins.elem "server-extra" inputs.config.nixos.packages._packageSets
)
(
let scx =
let rustPlatform = inputs.pkgs.unstablePackages.rustPlatform;
in inputs.pkgs.scx.override (prev:
{
scx-layered = prev.scx-layered.override { inherit rustPlatform; };
scx-rustland = prev.scx-rustland.override { inherit rustPlatform; };
scx-rusty = prev.scx-rusty.override { inherit rustPlatform; };
scx-rlfifo = prev.scx-rlfifo.override { inherit rustPlatform; };
scx-lavd = prev.scx-lavd.override { inherit rustPlatform; };
});
in { environment.systemPackages = [ scx ]; }
)
{ environment.systemPackages = [ inputs.pkgs.scx ]; }
)
(
inputs.lib.mkIf (kernel.variant == "rpi3")

0
modules/system/kernel/hibernate-progress.patch → modules/system/kernel/hibernate-progress-6.6.patch
View File

116
modules/system/kernel/hibernate-progress-6.8.patch Normal file
View File

@@ -0,0 +1,116 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index d44f5937f1e5..8905c0438b64 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -552,7 +552,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -567,7 +567,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -577,7 +577,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -767,8 +767,8 @@ static int save_image_lzo(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for compression\n", nr_threads);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for compression\n", nr_threads);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -789,7 +789,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -860,7 +860,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
out_clean:
hib_finish_batch(&hb);
@@ -1071,7 +1071,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1089,7 +1089,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1099,7 +1099,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1283,8 +1283,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for decompression\n", nr_threads);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for decompression\n", nr_threads);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1414,7 +1414,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1440,7 +1440,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;

128
modules/system/kernel/hibernate-progress-6.9.patch Normal file
View File

@@ -0,0 +1,128 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index 5bc04bfe2db1..6e7b17b97de7 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -563,7 +563,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -578,7 +578,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -588,7 +588,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -795,8 +795,8 @@ static int save_compressed_image(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -817,7 +817,7 @@ static int save_compressed_image(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -888,9 +888,9 @@ static int save_compressed_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
- pr_info("Image size after compression: %d kbytes\n",
+ pr_err("Image size after compression: %d kbytes\n",
(atomic_read(&compressed_size) / 1024));
out_clean:
@@ -1105,7 +1105,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1123,7 +1123,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1133,7 +1133,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1328,8 +1328,8 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1459,7 +1459,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1485,7 +1485,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1593,7 +1593,7 @@ int swsusp_check(bool exclusive)
}
if (!error && swsusp_header->flags & SF_HW_SIG &&
swsusp_header->hw_sig != swsusp_hardware_signature) {
- pr_info("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
+ pr_err("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
swsusp_header->hw_sig, swsusp_hardware_signature);
error = -EINVAL;
}

7
modules/system/networking.nix
View File

@@ -59,12 +59,7 @@ inputs:
networking.networkmanager =
{
enable = true;
# let networkmanager ignore the kernel command line `ip=xxx`
extraConfig =
''
[device]
keep-configuration=no
'';
settings.device.keep-configuration = "no";
};
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];

21
modules/system/nixpkgs.nix
View File

@@ -94,8 +94,24 @@ inputs:
in builtins.listToAttrs (map
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
)
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
{ embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })
// (
inputs.lib.optionalAttrs (nixpkgs.march != null)
{
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
libvorbis = prev.libvorbis.override { stdenv = final.genericPackages.stdenv; };
_7zz = prev._7zz.override { stdenv = final.genericPackages.stdenv; };
ispc = genericPackages.ispc;
opencolorio = prev.opencolorio.overrideAttrs { doCheck = false; };
redis = prev.redis.overrideAttrs { doCheck = false; };
}
)
// (
inputs.lib.optionalAttrs nixpkgs.cuda.enable
{
waifu2x-converter-cpp = prev.waifu2x-converter-cpp.override
{ stdenv = final.cudaPackages.backendStdenv; };
}
)
)];
};
programs.ccache = { enable = true; cacheDir = "/var/lib/ccache"; };
@@ -119,6 +135,5 @@ inputs:
};
in { GENERIC_CPU = inputs.lib.kernel.no; ${kernelConfig.${nixpkgs.march}} = inputs.lib.kernel.yes; };
}];
environment.systemPackages = mkIf nixpkgs.cuda.enable [ inputs.pkgs.cudatoolkit ];
};
}

2
modules/system/sysctl.nix
View File

@@ -11,7 +11,7 @@ inputs:
{
"vm.oom_kill_allocating_task" = true;
"vm.oom_dump_tasks" = false;
"vm.overcommit_memory" = 1;
"vm.overcommit_memory" = inputs.lib.mkDefault 1;
"kernel.sysrq" = 438;
};
}

35
modules/user/chn/chromium.nix Normal file
View File

@@ -0,0 +1,35 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop-extra" inputs.config.nixos.packages._packageSets)
{
home-manager.users.chn.config.programs.chromium =
{
enable = true;
extensions =
# TODO: declartive way to install extensions, with fixed xpi file
# TODO: declartively config
[
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
{ id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask
{ id = "bpoadfkcbjbfhfodiogcnhhhpibjhbnh"; } # 沉浸式翻译
];
};
};
}

281
modules/user/chn/default.nix
View File

@@ -1,91 +1,216 @@
inputs:
{
imports = inputs.localLib.findModules ./.;
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos) user;
inherit (builtins) listToAttrs;
in mkIf (builtins.elem "chn" user.users)
config = let inherit (inputs.config.nixos) user; in inputs.lib.mkIf (builtins.elem "chn" user.users)
{
users.users.chn =
{
users.users.chn =
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" ]
(builtins.attrNames inputs.config.users.groups);
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
openssh.authorizedKeys.keys = [(builtins.readFile ./id_ed25519_sk.pub)];
};
home-manager.users.chn =
{
config =
{
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" ]
(builtins.attrNames inputs.config.users.groups);
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
openssh.authorizedKeys.keys = [(builtins.readFile ./id_ed25519_sk.pub)];
};
home-manager.users.chn =
{
config =
programs =
{
programs =
git = { userName = "chn"; userEmail = "chn@chn.moe"; };
ssh =
{
git = { userName = "chn"; userEmail = "chn@chn.moe"; };
ssh =
matchBlocks =
{
matchBlocks =
{
# identityFile = "~/.ssh/xmuhk_id_rsa";
xmuhk = { host = "xmuhk"; hostname = "10.26.14.56"; user = "xmuhk"; };
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
}
// (listToAttrs (map
(system: { name = system; value.forwardAgent = true; })
[
"vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas" "pc"
"wireguard.surface" "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
]));
extraConfig =
inputs.lib.mkIf (builtins.elem inputs.config.nixos.system.networking.hostname [ "pc" "surface" ])
''
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_ed25519_sk
'';
};
# identityFile = "~/.ssh/xmuhk_id_rsa";
xmuhk = { host = "xmuhk"; hostname = "10.26.14.56"; user = "xmuhk"; };
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:chn_debug:xterm-256color";
}
// (builtins.listToAttrs (builtins.map
(system: { name = system; value = { forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; }; })
[
"vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas" "pc"
"wireguard.surface" "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
]));
extraConfig =
inputs.lib.mkIf (builtins.elem inputs.config.nixos.system.networking.hostname [ "pc" "surface" ])
''
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_ed25519_sk
'';
};
home =
{
file.groupshare.enable = false;
packages =
[
(
let
servers = builtins.filter
(system: system.value.enable)
(builtins.map
(system:
{
name = system.config.nixos.system.networking.hostname;
value = system.config.nixos.system.fileSystems.decrypt.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
cat = "${inputs.pkgs.coreutils}/bin/cat";
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
ssh = "${inputs.pkgs.openssh}/bin/ssh";
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
(
(builtins.map (system: builtins.concatStringsSep "\n"
[
"decrypt-${system.name}() {"
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
(builtins.concatStringsSep "\n" (builtins.map
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
+ (if device.value.ssd then "--allow-discards " else "")
+ "${device.name} ${device.value.mapper} -")
(inputs.localLib.attrsToList system.value.devices)))
"}"
])
servers)
++ [ "decrypt-$1" ]
))
)
];
};
pam.yubico.authorizedYubiKeys.ids = [ "cccccbgrhnub" ];
};
home =
{
file.groupshare.enable = false;
packages =
[
(
let
servers = builtins.filter
(system: system.value.enable)
(builtins.map
(system:
{
name = system.config.nixos.system.networking.hostname;
value = system.config.nixos.system.fileSystems.decrypt.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
cat = "${inputs.pkgs.coreutils}/bin/cat";
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
ssh = "${inputs.pkgs.openssh}/bin/ssh";
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
(
(builtins.map (system: builtins.concatStringsSep "\n"
[
"decrypt-${system.name}() {"
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
(builtins.concatStringsSep "\n" (builtins.map
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
+ (if device.value.ssd then "--allow-discards " else "")
+ "${device.name} ${device.value.mapper} -")
(inputs.localLib.attrsToList system.value.devices)))
"}"
])
servers)
++ [ "decrypt-$1" ]
))
)
];
};
pam.yubico.authorizedYubiKeys.ids = [ "cccccbgrhnub" ];
};
};
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
# TODO: make copy or soft link of files
"${impermanence.persistence}".users.chn =
{
directories = builtins.map
(dir: { directory = dir.dir or dir; user = "chn"; group = "chn"; mode = dir.mode or "0755"; })
[
# common things
"bin" "Desktop" "Documents" "Downloads" "Music" "Pictures" "repo" "share" "Public" "Videos"
".config" ".local/share"
# # gnome
# { dir = ".config/dconf"; mode = "0700"; } ".config/gtk-2.0" ".config/gtk-3.0" ".config/gtk-4.0"
# ".config/libaccounts-glib"
# # android
# { dir = ".android"; mode = "0750";}
# xmuvpn
".ecdata"
# firefox
{ dir = ".mozilla/firefox/default"; mode = "0700"; }
# ssh
{ dir = ".ssh"; mode = "0700"; }
# steam
".steam" # ".local/share/Steam"
# vscode
".vscode" # ".config/Code" ".config/grammarly-languageserver"
# zotero
".zotero" "Zotero"
# 百度网盘
# ".config/BaiduPCS-Go"
# # bitwarden
# ".config/Bitwarden"
# # blender
# ".config/blender"
# # chromium
# ".config/chromium"
# # crow-translate
# ".config/crow-translate"
# # discord
# ".config/discord"
# # element
# ".config/Element"
# # fcitx
# ".config/fcitx5" ".local/share/fcitx5"
# # github
# ".config/gh"
# # gimp
# ".config/GIMP"
# # chrome
# ".config/google-chrome"
# # inkscape
# ".config/inkscape"
# # jetbrain
# ".config/JetBrains" ".local/share/JetBrains"
# # kde
# ".config/akonadi" ".config/KDE" ".config/kde.org" ".config/kdeconnect" ".config/kdedefaults"
# ".config/Kvantum"
# ".local/share/akonadi" ".local/share/akonadi-davgroupware"
# ".local/share/kactivitymanagerd" ".local/share/kwalletd" ".local/share/plasma"
# ".local/share/plasma-systemmonitor" ".local/share/plasma_notes"
# # libreoffice
# ".config/libreoffice"
# # mathematica
# ".config/mathematica"
# # netease-cloud-music-gtk
# ".config/netease-cloud-music" ".local/share/netease-cloud-music-gtk4"
# # nheko
# ".config/nheko" ".local/share/nheko"
# # ovito
# ".config/Ovito"
# # qbittorrent
# ".config/qBittorrent" ".local/share/qBittorrent"
# # remmina
# ".config/remmina" ".local/share/remmina"
# # slack
# ".config/Slack"
# # spotify
# ".config/spotify"
# # systemd TODO: use declarative
# ".config/systemd/user"
# # typora
# ".config/Typora"
# # xsettingsd
# ".config/xsettingsd"
# # yesplaymusic
# ".config/yesplaymusic"
# # genshin
# ".local/share/anime-game-launcher"
# # applications
# ".local/share/applications" ".local/share/desktop-directories"
# # theme TODO: remove them
# ".local/share/color-schemes" ".local/share/icons" ".local/share/wallpapers"
# # dbeaver
# ".local/share/DbeaverData"
# # docker
# ".local/share/docker"
# # fonts TODO: use declarative
# ".local/share/fonts"
# # gpg
# ".local/share/gnupg"
# # TODO: what is this?
# ".local/share/mime"
# # telegram
# ".local/share/TelegramDesktop"
# # trash
# ".local/share/Trash"
# # waydroid
# ".local/share/waydroid"
# # zsh
# ".local/share/zsh"
];
# TODO: create file if not exist
# files = builtins.map
# (file: { inherit file; parentDirectory = { user = "chn"; group = "chn"; mode = "0755"; }; })
# [
# # kde
# ".config/kactivitymanagerdrc" ".config/plasma-org.kde.plasma.desktop-appletsrc"
# ".config/kactivitymanagerd-switcher" ".config/kactivitymanagerd-statsrc"
# ".config/kactivitymanagerd-pluginsrc"
# ".config/plasmarc" ".config/plasmashellrc" ".config/kwinrc" ".config/krunnerrc"
# ".config/kdeglobals" ".config/kglobalshortcutsrc" ".config/kio_fishrc" ".config/kiorc"
# ".config/kleopatrarc" ".config/kmail2rc" ".config/kmailsearchindexingrc" ".config/kscreenlockerrc"
# ".config/user-dirs.dirs" ".config/yakuakerc"
# # age TODO: use sops to storage
# ".config/sops/age/keys.txt"
# ];
};
};
};
}

45
modules/user/chn/firefox.nix Normal file
View File

@@ -0,0 +1,45 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
home-manager.users.chn.config =
{
programs.firefox =
{
enable = true;
nativeMessagingHosts = [ inputs.pkgs.plasma-browser-integration ];
# TODO: switch to chromium as default browser
# TODO: use fixed-version of plugins
policies.DefaultDownloadDirectory = "\${home}/Downloads";
profiles.default =
{
extensions = with inputs.pkgs.firefox-addons;
[
immersive-translate tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
wappalyzer grammarly plasma-integration zotero-connector
];
search = { default = "Google"; force = true; };
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";
extraConfig = builtins.readFile "${inputs.topInputs.lepton}/user.js";
settings =
{
# general
"browser.search.region" = "CN";
"intl.locale.requested" = "zh-CN,en-US";
"browser.aboutConfig.showWarning" = false;
"browser.bookmarks.showMobileBookmarks" = true;
"browser.download.panel.shown" = true;
"browser.download.useDownloadDir" = true;
"browser.newtab.extensionControlled" = true;
"browser.toolbars.bookmarks.visibility" = "never";
# allow to apply userChrome.css
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
};
};
home.file.".mozilla/firefox/profiles.ini".force = true;
};
};
}

41
modules/user/chn/git.nix Normal file
View File

@@ -0,0 +1,41 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
home-manager.users.chn.config.programs.git =
{
enable = true;
package = inputs.pkgs.gitFull;
extraConfig =
{
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
http.postBuffer = 624288000;
advice.detachedHead = false;
merge.conflictstyle = "diff3";
diff.colorMoved = "default";
lfs =
{
concurrenttransfers = 10;
activitytimeout = 3600;
dialtimeout = 3600;
keepalive = 3600;
tlstimeout = 3600;
transfer.maxretries = 1;
};
};
delta =
{
enable = true;
options =
{
side-by-side = true;
navigate = true;
syntax-theme = "GitHub";
light = true;
zero-style = "syntax white";
line-numbers-zero-style = "#ffffff";
};
};
};
};
}

8
modules/user/chn/plasma/autostart.nix
View File

@@ -9,14 +9,12 @@ inputs:
nheko = rec
{
fileName = "nheko.desktop";
path = inputs.pkgs.writeText fileName (builtins.replaceStrings
[ "Exec=nheko %u" ] [ "Exec=bash -c 'sleep 5 && nheko'" ]
(builtins.readFile "${inputs.pkgs.nheko}/share/applications/${fileName}"));
path = "${inputs.pkgs.nheko}/share/applications/${fileName}";
};
kclockd = rec
{
fileName = "org.kde.kclockd-autostart.desktop";
path = "${inputs.pkgs.plasma5Packages.kdeGear.kclock}/etc/xdg/autostart/${fileName}";
path = "${inputs.pkgs.kdePackages.kdeGear.kclock}/etc/xdg/autostart/${fileName}";
};
yakuake = rec
{
@@ -27,7 +25,7 @@ inputs:
{
fileName = "org.telegram.desktop.desktop";
path = inputs.pkgs.writeText fileName (builtins.replaceStrings
[ "Exec=telegram-desktop -- %u" ] [ "Exec=bash -c 'sleep 5 && telegram-desktop -autostart'" ]
[ "Exec=telegram-desktop -- %u" ] [ "Exec=telegram-desktop -autostart" ]
(builtins.readFile "${inputs.pkgs.telegram-desktop}/share/applications/${fileName}"));
};
element = rec

94
modules/user/chn/plasma/default.nix
View File

@@ -1,4 +1,98 @@
inputs:
{
imports = inputs.localLib.findModules ./.;
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
home-manager.users.chn.config.programs.plasma = inputs.lib.mkMerge
[
# TODO: panel, discard user changed settings
# kwin
{
kwin =
{
titlebarButtons =
{
right = [ "help" "keep-below-windows" "keep-above-windows" "minimize" "maximize" "close" ];
left = [ "more-window-actions" ];
};
virtualDesktops = { animation = "slide"; rows = 1; number = 6; };
effects.shakeCursor.enable = true;
};
windows.allowWindowsToRememberPositions = false;
configFile =
{
plasmanotifyrc.Notifications.PopupPosition.value = "BottomRight";
kwinrc =
{
Tiling.padding.value = 4;
Wayland."InputMethod\\[\\$e\\]".value =
"/run/current-system/sw/share/applications/fcitx5-wayland-launcher.desktop";
Windows.RollOverDesktops.value = true;
Compositing = { AllowTearing.value = false; WindowsBlockCompositing.value = false; };
};
};
}
# dolphin and file chooser
{
configFile =
{
dolphinrc =
{
General = { ShowFullPath.value = true; FilterBar.value = true; RememberOpenedTabs.value = false; };
PreviewSettings.Plugins.value = builtins.concatStringsSep ","
[
"blenderthumbnail"
"comicbookthumbnail"
"djvuthumbnail"
"ebookthumbnail"
"exrthumbnail"
"marble_thumbnail_geojson"
"marble_thumbnail_gpx"
"jpegthumbnail"
"marble_thumbnail_kmz"
"marble_thumbnail_kml"
"kraorathumbnail"
"windowsimagethumbnail"
"windowsexethumbnail"
"mltpreview"
"mobithumbnail"
"opendocumentthumbnail"
"marble_thumbnail_osm"
"palathumbcreator"
"gsthumbnail"
"rawthumbnail"
"svgthumbnail"
"imagethumbnail"
"fontthumbnail"
"directorythumbnail"
"textthumbnail"
"webarchivethumbnail"
"ffmpegthumbs"
"audiothumbnail"
];
};
kdeglobals."KFileDialog Settings" =
{
"Allow Expansion".value = true;
"Automatically select filename extension".value = true;
"Show Bookmarks".value = true;
"Show Full Path".value = true;
"Show Inline Previews".value = true;
"Show Preview".value = true;
"Show Speedbar".value = true;
"Show hidden files".value = true;
"Sort by".value = "Name";
"Sort directories first".value = true;
"Sort hidden files last".value = true;
"View Style".value = "DetailTree";
};
};
workspace.clickItemTo = "open";
}
# krunner
{ configFile.krunnerrc = { General.FreeFloating.value = true; Plugins.baloosearchEnabled.value = false; }; }
# lock screen
{ configFile.kscreenlockerrc.Daemon.Autolock.value = false; }
];
};
}

77
modules/user/chn/plasma/konsole.nix Normal file
View File

@@ -0,0 +1,77 @@
inputs:
{
config = inputs.lib.mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
{
home-manager.users.chn.config =
{
programs.plasma =
{
overrideConfig = true;
overrideConfigFiles = [ "konsolerc" "yakuakerc" ];
configFile =
{
yakuakerc =
{
Appearance =
{
HideSkinBorders.value = true;
Skin.value = "Slate";
Translucency.value = true;
};
"Desktop Entry".DefaultProfile.value = "plasma-manager.profile";
Dialogs.FirstRun.value = false;
Window =
{
KeepOpen.value = false;
KeepOpenAfterLastSessionCloses.value = true;
ShowSystrayIcon.value = false;
};
};
konsolerc =
{
"Desktop Entry".DefaultProfile.value = "plasma-manager.profile";
"MainWindow.Toolbar sessionToolbar".ToolButtonStyle.value = "IconOnly";
};
};
dataFile."konsole/plasma-manager.profile" =
{
Appearance =
{
AntiAliasFonts.value = true;
BoldIntense.value = true;
ColorScheme.value = "Breeze";
Font.value = "FiraCode Nerd Font Mono,10,-1,5,50,0,0,0,0,0";
UseFontLineChararacters.value = true;
WordModeAttr.value = false;
};
"Cursor Options".CursorShape.value = 1;
General =
{
Name.value = "plasma-manager";
Parent.value = "FALLBACK/";
TerminalCenter.value = true;
TerminalMargin.value = 1;
};
"Interaction Options" =
{
AutoCopySelectedText.value = true;
TrimLeadingSpacesInSelectedText.value = true;
TrimTrailingSpacesInSelectedText.value = true;
UnderlineFilesEnabled.value = true;
};
Scrolling = { HistoryMode.value = 2; ReflowLines.value = false; };
"Terminal Features".BlinkingCursorEnabled.value = true;
};
};
home.file.".local/share/konsole/Breeze.colorscheme".text = builtins.replaceStrings
[ "Opacity=1" ] [ "Opacity=0.9\nBlur=true" ]
(builtins.readFile "${inputs.pkgs.konsole}/share/konsole/Breeze.colorscheme");
};
environment.persistence =
let impermanence = inputs.config.nixos.system.impermanence;
in inputs.lib.mkIf impermanence.enable (inputs.lib.mkMerge (builtins.map
(user:
{ "${impermanence.root}".users.${user}.directories = [ ".local/share/konsole" ".local/share/yakuake" ]; })
inputs.config.nixos.user.users));
};
}

14
modules/user/chn/plasma/theme.nix
View File

@@ -4,18 +4,20 @@ inputs:
{
home-manager.users.chn.config.programs.plasma =
{
# TODO: do not setup theme before clean these configs
workspace =
{
theme = "Fluent-round-light";
colorScheme = "FluentLight";
cursorTheme = "Breeze_Snow";
lookAndFeel = "com.github.vinceliuice.Fluent-round-light";
iconTheme = "Tela-circle";
theme = "Utterly-Round";
colorScheme = "UtterlyNordLight";
cursorTheme = "Tela-circle-nord-light";
lookAndFeel = "Utterly-Nord-Light";
# ~/.config/kdeglobals [Icons]
iconTheme = "Tela-circle-nord-light";
};
configFile =
{
kdeglobals.KDE.widgetStyle.value = "kvantum";
"Kvantum/kvantum.kvconfig".General.theme.value = "Fluent-round";
"Kvantum/kvantum.kvconfig".General.theme.value = "Utterly-Nord-Light";
kwinrc =
{
Effect-blur.BlurStrength.value = 10;

12
modules/user/chn/plasma/wallpaper.nix
View File

@@ -16,12 +16,12 @@ inputs:
}.${inputs.config.nixos.system.networking.hostname} or "${nixos-wallpaper}/pixiv-96734339-x2.png";
in
{
"plasma-org.kde.plasma.desktop-appletsrc" =
{
"Containments/1".wallpaperplugin.value = "a2n.blur";
"Containments/1/Wallpaper/a2n.blur.General".Image.value = wallpaper;
};
kscreenlockerrc."Greeter/Wallpaper/org.kde.image.General" =
# "plasma-org.kde.plasma.desktop-appletsrc" =
# {
# "Containments/1".wallpaperplugin.value = "a2n.blur";
# "Containments/1/Wallpaper/a2n.blur/General".Image.value = wallpaper;
# };
kscreenlockerrc."Greeter/Wallpaper/org.kde.image/General" =
{ Image.value = wallpaper; PreviewImage.value = wallpaper; };
kdeglobals.General.accentColorFromWallpaper.value = true;
};

42
modules/user/default.nix
View File

@@ -82,32 +82,25 @@ inputs:
user.users);
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories = builtins.map
(user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
user.users;
nixos.user.sharedModules =
[{
config.home.file =
{
".config/.keep".text = "";
".local/.keep".text = "";
".local/share/.keep".text = "";
".local/state/.keep".text = "";
};
}];
(builtins.filter (user: user != "chn") user.users);
}
# set hashedPassword if it exist in secrets
(
let
secrets = inputs.pkgs.localPackages.fromYaml (builtins.readFile inputs.config.sops.defaultSopsFile);
hashedPasswordExist = userName: (secrets ? users) && ((secrets.users or {}) ? ${userName});
in
{
users.users = builtins.listToAttrs (builtins.map
(name: { inherit name; value.hashedPasswordFile = inputs.config.sops.secrets."users/${name}".path; })
(builtins.filter (user: hashedPasswordExist user) user.users));
sops.secrets = builtins.listToAttrs (builtins.map
(name: { name = "users/${name}"; value.neededForUsers = true; })
(builtins.filter (user: hashedPasswordExist user) user.users));
}
inputs.lib.mkIf inputs.config.nixos.system.sops.enable
(
let
secrets = inputs.pkgs.localPackages.fromYaml (builtins.readFile inputs.config.sops.defaultSopsFile);
hashedPasswordExist = userName: (secrets ? users) && ((secrets.users or {}) ? ${userName});
in
{
users.users = builtins.listToAttrs (builtins.map
(name: { inherit name; value.hashedPasswordFile = inputs.config.sops.secrets."users/${name}".path; })
(builtins.filter (user: hashedPasswordExist user) user.users));
sops.secrets = builtins.listToAttrs (builtins.map
(name: { name = "users/${name}"; value.neededForUsers = true; })
(builtins.filter (user: hashedPasswordExist user) user.users));
}
)
)
{
users.users.root =
@@ -119,8 +112,7 @@ inputs:
home-manager.users.root =
{
imports = user.sharedModules;
config.programs.git =
{ extraConfig.core.editor = inputs.lib.mkForce "vim"; userName = "chn"; userEmail = "chn@chn.moe"; };
config.programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
};
}
(inputs.lib.mkIf (builtins.elem "test" user.users) { users.users.test.password = "test"; })

2
modules/virtualization/default.nix
View File

@@ -68,7 +68,7 @@ inputs:
onBoot = "ignore";
onShutdown = "shutdown";
parallelShutdown = 4;
qemu.ovmf.packages = with inputs.pkgs; [ OVMF.fd pkgsCross.aarch64-multiplatform.OVMFFull.fd ];
qemu.ovmf.packages = with inputs.pkgs; [ OVMF.fd pkgsCross.aarch64-multiplatform.OVMF.fd ];
};
spiceUSBRedirection.enable = true;
};

2
setup.md
View File

@@ -19,4 +19,6 @@ systemd-cryptsetup attach root /dev/vda2
ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
systemd-machine-id-setup --root=/mnt/nix/persistent
pg_dump -h 127.0.0.1 -U synapse -Fc -f synaps.dump synapse
pg_restore -h 127.0.0.1 -U misskey -d misskey --data-only --jobs=4 misskey.dump
```

5
todo.md
View File

@@ -1,3 +1,4 @@
* 使用 wrap 好的 intel 编译器。
* 更新到 24.05
* 在挂载根目录前(创建 rootfs 时),按用户复制需要的文件
* 布置 sunshine
* 挑选一个好看的主题