init

.gitignore

@@ -0,0 +1 @@
+result

.sops.yaml

@@ -0,0 +1,9 @@
+keys:
+  - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+  - &chn-PC age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
+creation_rules:
+  - path_regex: secrets/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *chn
+      - *chn-PC

basic.nix

@@ -0,0 +1,248 @@
+{ config, pkgs, lib, ... } @inputs:
+
+{
+	# 基本设置
+	nix.settings.experimental-features = [ "nix-command" "flakes" ];
+	networking.hostName = "chn-PC";
+	networking.networkmanager.enable = true;
+	time.timeZone = "Asia/Shanghai";
+	i18n =
+	{
+		defaultLocale = "zh_CN.UTF-8";
+		supportedLocales = ["zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8"];
+	};
+	system.stateVersion = "22.11";
+
+	# 输入法
+	i18n.inputMethod =
+	{
+		enabled = "fcitx5";
+		fcitx5.addons = with pkgs; [fcitx5-rime fcitx5-chinese-addons fcitx5-mozc];
+	};
+
+	# 图形界面
+	services.xserver =
+	{
+		enable = true;
+		displayManager.sddm.enable = true;
+		desktopManager.plasma5.enable = true;
+	};
+
+	# 打印机
+	services.printing.enable = true;
+
+	# 声音
+	sound.enable = true;
+	hardware.pulseaudio.enable = false;
+	security.rtkit.enable = true;
+	services.pipewire =
+	{
+		enable = true;
+		alsa.enable = true;
+		alsa.support32Bit = true;
+		pulse.enable = true;
+	};
+
+	# 虚拟机（作为顾客）
+	services.qemuGuest.enable = true;
+	services.spice-vdagentd.enable = true;
+
+	# waydroid
+	virtualisation.waydroid.enable = true;
+
+	# 用户
+	users.users.chn =
+	{
+		isNormalUser = true;
+		extraGroups = [ "networkmanager" "wheel" "wireshark" ];
+		passwordFile = config.sops.secrets."password/chn".path;
+		shell = pkgs.zsh;
+	};
+	users.mutableUsers = false;
+	sops.secrets."password/chn".neededForUsers = true;
+	home-manager.useGlobalPkgs = true;
+	home-manager.useUserPackages = true;
+	home-manager.users.chn = { pkgs, ... }:
+	{
+		home.stateVersion = "22.11";
+		programs.zsh =
+		{
+			enable = true;
+			initExtraBeforeCompInit =
+			''
+				# p10k instant prompt
+				P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
+				[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
+			'';
+
+			plugins =
+			[
+				{
+					file = "powerlevel10k.zsh-theme";
+					name = "powerlevel10k";
+					src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
+				}
+				{
+					file = "p10k.zsh";
+					name = "powerlevel10k-config";
+					src = ./p10k-config;
+				}
+			];
+		};
+	};
+
+	# 软件包
+	environment.systemPackages = with pkgs;
+	[
+		beep neofetch screen dos2unix tldr gnugrep
+		zsh ksh zsh-powerlevel10k zsh-autosuggestions zsh-syntax-highlighting 
+		vim nano
+		(
+			vscode-with-extensions.override
+			{
+				vscodeExtensions = with vscode-extensions;
+				[
+					ms-vscode.cpptools
+					llvm-vs-code-extensions.vscode-clangd
+					# twxs.cmake
+					ms-vscode.cmake-tools
+					ms-ceintl.vscode-language-pack-zh-hans
+					github.copilot
+					github.github-vscode-theme
+					ms-vscode.hexeditor
+					oderwat.indent-rainbow
+					james-yu.latex-workshop
+					pkief.material-icon-theme
+					ms-vscode-remote.remote-ssh
+				]
+				++ pkgs.vscode-utils.extensionsFromVscodeMarketplace
+				[
+					{
+						name = "cpptools-themes";
+						publisher = "ms-vscode";
+						version = "2.0.0";
+						sha256 = "05r7hfphhlns2i7zdplzrad2224vdkgzb0dbxg40nwiyq193jq31";
+					}
+					{
+						name = "cpp-reference";
+						publisher = "Guyutongxue";
+						version = "0.2.3";
+						sha256 = "1cdwps1qikvzqpdx4hrxgi3lxg6335q24hhra959h8qnqcvnlg4p";
+					}
+				];
+			}
+		)
+		wget aria2 curl yt-dlp qbittorrent
+		tree git autojump
+		nix-output-monitor comma
+		docker docker-compose
+		apacheHttpd certbot-full
+		pigz rar unrar upx
+		util-linux snapper gparted snapper-gui
+		firefox google-chrome
+		qemu_full virt-manager
+		zotero ocrmypdf pdfgrep texlive.combined.scheme-full libreoffice-qt
+		ovito paraview gimp # vsim vesta
+		(python3.withPackages (ps: with ps; [ phonopy ]))
+		element-desktop tdesktop discord qq config.nur.repos.xddxdd.wechat-uos
+		remmina
+		bitwarden openssl ssh-to-age gnupg age sops
+		spotify yesplaymusic # netease-cloud-music-gtk config.nur.repos.eh5.netease-cloud-music
+		crow-translate
+		scrcpy
+		ipset iptables iproute2 wireshark dig nettools
+		touchix.v2ray-forwarder
+		mathematica
+	]
+	++ (with lib; filter isDerivation (attrValues pkgs.plasma5Packages.kdeGear));
+	programs.wireshark.enable = true;
+	programs.anime-game-launcher.enable = true;
+	programs.honkers-railway-launcher.enable = true;
+	programs.nix-index-database.comma.enable = true;
+	programs.nix-index.enable = true;
+	programs.command-not-found.enable = false;
+	programs.steam.enable = true;
+	nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1t" "electron-19.0.7" ];
+	nix.settings.substituters = [ "https://xddxdd.cachix.org" ];
+	nix.settings.trusted-public-keys = [ "xddxdd.cachix.org-1:ay1HJyNDYmlSwj5NXQG065C8LfoqqKaTNCyzeixGjf8=" ];
+
+	# 字体
+	fonts =
+	{
+		fontDir.enable = true;
+		fonts = with pkgs;
+			[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
+		fontconfig.defaultFonts =
+		{
+			emoji = [ "Noto Color Emoji" ];
+			monospace = [ "Noto Sans Mono CJK SC" "Sarasa Mono SC" "DejaVu Sans Mono"];
+			sansSerif = ["Noto Sans CJK SC" "Source Han Sans SC" "DejaVu Sans"];
+			serif = ["Noto Serif CJK SC" "Source Han Serif SC" "DejaVu Serif"];
+		};
+	};
+
+	# zsh
+	programs.zsh =
+	{
+		enable = true;
+		syntaxHighlighting.enable = true;
+		autosuggestions.enable = true;
+		enableCompletion = true;
+	};
+
+	# ssh security?
+	services.openssh.enable = true;
+
+	# firewall
+	# networking.firewall.allowedTCPPorts = [ ... ];
+	# networking.firewall.allowedUDPPorts = [ ... ];
+
+	# sops
+	sops = { defaultSopsFile = ./secrets/chn-PC.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
+
+	# 翻墙
+	services.dnsmasq =
+	{
+		enable = true;
+		settings = {
+			no-poll = true;
+			server = [ "127.0.0.1#10853" ];
+			listen-address = "127.0.0.1";
+			bind-interfaces = true;
+			address = [
+				"/mirism.one/216.24.188.24"
+				"/beta.mirism.one/216.24.188.24"
+				"/ng01.mirism.one/216.24.188.24"
+				"/debug.mirism.one/127.0.0.1"
+				"/public-data-api.mihoyo.com/0.0.0.0"
+			];
+			ipset = [
+				"/developer.download.nvidia.com/noproxy_net"
+				"/yuanshen.com/noproxy_net"
+				"/zoom.us/noproxy_net"
+			];	
+		};
+	};
+	services.xray = { enable = true; settingsFile = config.sops.secrets."xray.json".path; };
+	sops.secrets."xray.json" = { mode = "0440"; owner = "v2ray"; group = "v2ray"; restartUnits = [ "xray.service" ]; };
+	systemd.services.xray.serviceConfig =
+	{
+		DynamicUser = lib.mkForce false;
+		User = "v2ray";
+		Group = "v2ray";
+		CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+		AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+	};
+	users.users.v2ray = { isSystemUser = true; group = "v2ray"; uid = lib.mkForce 997; };
+	users.groups.v2ray = {};
+	services.v2ray-forwarder = { enable = true; proxyPort = 10880; xmuPort = 10881; };
+	boot.kernel.sysctl =
+	{
+		"net.ipv4.conf.all.route_localnet" = true;
+		"net.ipv4.conf.default.route_localnet" = true;
+		"net.ipv4.conf.all.accept_local" = true;
+		"net.ipv4.conf.default.accept_local" = true;
+		"net.ipv4.ip_forward" = true;
+		"net.ipv4.ip_nonlocal_bind" = true;
+	};
+}

flake.lock

@@ -0,0 +1,403 @@
+{
+  "nodes": {
+    "aagl": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1685225605,
+        "narHash": "sha256-4DqNQBmuG5wwSDybkw6o30pK/0K4Ps0RHmbgfJDhVxs=",
+        "owner": "ezKEa",
+        "repo": "aagl-gtk-on-nix",
+        "rev": "c74bfda7415909be8bcdb81c12d91160a97585fb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ezKEa",
+        "repo": "aagl-gtk-on-nix",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils-plus": {
+      "inputs": {
+        "flake-utils": [
+          "nur-xddxdd",
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1657226504,
+        "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
+        "owner": "gytis-ivaskevicius",
+        "repo": "flake-utils-plus",
+        "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gytis-ivaskevicius",
+        "repo": "flake-utils-plus",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_3": {
+      "locked": {
+        "lastModified": 1638122382,
+        "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1685189510,
+        "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nix-index-database": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1683638468,
+        "narHash": "sha256-tQEaGZfZ2Hpw+XIVEHaJ8FaF1yNQyMDDhUyIQ7LTIEg=",
+        "owner": "Mic92",
+        "repo": "nix-index-database",
+        "rev": "219067a5e3cf4b9581c8b4fcfc59ecd5af953d07",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "nix-index-database",
+        "type": "github"
+      }
+    },
+    "nix-vscode-extensions": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1685237040,
+        "narHash": "sha256-yEGeZ97CJtdmTGCJKGBFZKr+dai+ImwXim2T80s45ao=",
+        "owner": "nix-community",
+        "repo": "nix-vscode-extensions",
+        "rev": "3fa4019571d8543604e0ebab6a1755fe5e8b2ab1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-vscode-extensions",
+        "type": "github"
+      }
+    },
+    "nixos-cn": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1682818384,
+        "narHash": "sha256-l8jh9BQj6nfjPDYGyrZkZwX1GaOqBX+pBHU+7fFZU3w=",
+        "owner": "nixos-cn",
+        "repo": "flakes",
+        "rev": "2d475ec68cca251ef6c6c69a9224db5c264c5e5b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos-cn",
+        "repo": "flakes",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1684570954,
+        "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1685043448,
+        "narHash": "sha256-U3BwyDc2OzBcZ8tD09qXibyivgOtOQFTFCVgFyJ+6MM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9886352ec9ab3945896ee8a4185e961fe29df209",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable_2": {
+      "locked": {
+        "lastModified": 1684632198,
+        "narHash": "sha256-SdxMPd0WmU9MnDBuuy7ouR++GftrThmSGL7PCQj/uVI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d0dade110dc7072d67ce27826cfe9ab2ab0cf247",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1685168767,
+        "narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nur": {
+      "locked": {
+        "lastModified": 1685245522,
+        "narHash": "sha256-EyNXSUgeKebGevlS9I6cSvhhHyBytvkYTBFl1OxwST4=",
+        "owner": "nix-community",
+        "repo": "NUR",
+        "rev": "8e866b325a4347a77bd1578dbc0f3f624892b7f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "NUR",
+        "type": "github"
+      }
+    },
+    "nur-xddxdd": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "flake-utils-plus": "flake-utils-plus",
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1685211063,
+        "narHash": "sha256-jmNbr25AqJEW6BKW1GzyufKYYzpqxXFp4XzhfFamMjg=",
+        "owner": "xddxdd",
+        "repo": "nur-packages",
+        "rev": "88a57fccbb7f5ef13acdfc6fc1452431c201406d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "xddxdd",
+        "repo": "nur-packages",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "aagl": "aagl",
+        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "nix-index-database": "nix-index-database",
+        "nix-vscode-extensions": "nix-vscode-extensions",
+        "nixos-cn": "nixos-cn",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-stable": "nixpkgs-stable",
+        "nur": "nur",
+        "nur-xddxdd": "nur-xddxdd",
+        "sops-nix": "sops-nix",
+        "touchix": "touchix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable_2"
+      },
+      "locked": {
+        "lastModified": 1684637723,
+        "narHash": "sha256-0vAxL7MVMhGbTkAyvzLvleELHjVsaS43p+PR1h9gzNQ=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "4ccdfb573f323a108a44c13bb7730e42baf962a9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "touchix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1685202181,
+        "narHash": "sha256-yRj9Vh3T1pL+cNxhiQCFyH67Ys1h7pcrOfSZM10Xb+g=",
+        "owner": "CHN-beta",
+        "repo": "touchix",
+        "rev": "9cedc2f3dc007875525af480976d91b2990847de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "CHN-beta",
+        "repo": "touchix",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,47 @@
+{
+	description = "Chn's NixOS Flake";
+
+	inputs =
+	{
+		nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+		nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-22.11";
+		home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
+		sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
+		touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
+		aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
+		nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
+		flake-utils.url = "github:numtide/flake-utils";
+		nur.url = "github:nix-community/NUR";
+		nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
+		nur-xddxdd =
+		{
+			url = "github:xddxdd/nur-packages";
+			inputs.flake-utils.follows = "flake-utils";
+			inputs.nixpkgs.follows = "nixpkgs-stable";
+		};
+		nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
+    };
+
+	outputs = { self, nixpkgs, home-manager, sops-nix, touchix, aagl, nix-index-database, nur, nixos-cn, ... } @inputs:
+	{
+		nixosConfigurations."chn-PC" = nixpkgs.lib.nixosSystem
+		{
+			system = "x86_64-linux";
+			modules = [
+				({ nixpkgs.overlays = [(final: prev: { touchix = inputs.touchix.packages."${prev.system}"; } )]; })
+				./basic.nix
+				./hardware/chn-PC.nix
+				home-manager.nixosModules.home-manager
+				sops-nix.nixosModules.sops
+				touchix.nixosModules.v2ray-forwarder
+				aagl.nixosModules.default
+				nix-index-database.nixosModules.nix-index
+				nur.nixosModules.nur
+				# ({ nixpkgs.overlays = [(final: prev:
+				# 	{ xddxdd = inputs.nur-xddxdd.packages."${prev.system}"; } )]; })
+				# ({ nixpkgs.overlays = [(final: prev:
+				# 	{ nixos-cn = inputs. nixos-cn.legacyPackages."${prev.system}"; } )]; })
+			];
+		};
+	};
+}

hardware/chn-PC.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+	nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+	nixpkgs.config.allowUnfree = true;
+	hardware = {
+		enableAllFirmware = true;
+		cpu.intel.updateMicrocode = true;
+	};
+
+	fileSystems = {
+		"/" = {
+			device = "/dev/mapper/root";
+			fsType = "btrfs";
+			options = [ "subvol=@root" ];
+		};
+		"/boot" = {
+			device = "/dev/disk/by-uuid/50DE-B72A";
+			fsType = "vfat";
+		};
+	};
+
+	boot = {
+		loader = {
+			timeout = null;
+			systemd-boot.enable = true;
+			efi.canTouchEfiVariables = true;
+		};
+		initrd = {
+			luks.devices.root = {
+				device = "/dev/disk/by-partuuid/49fe75e3-bd94-4c75-9b21-2c77a1f74c4e";
+				header = "/dev/disk/by-partuuid/c341ca23-bb14-4927-9b31-a9dcc959d0f5";
+				allowDiscards = true;
+			};
+			systemd.enable = true;
+			availableKernelModules = [ "ahci" "nvme" "sr_mod" "usb_storage" "virtio_blk" "virtio_pci" "xhci_pci" ];
+		};
+		kernelPackages = pkgs.linuxPackages_xanmod_latest;
+		kernelModules = [ "kvm-intel" ];
+	};
+}

secrets/chn-PC.yaml

@@ -0,0 +1,32 @@
+password:
+    chn: ENC[AES256_GCM,data:NMTdEfxBMqJP5bnLqinzQ1NP/4eCM3zzH5aR2HOoeu/p8BNp3JDspyuE+DkjVlb/uuVugnFPTOSASRZeEliG0B6NvpZ8gP1O/g==,iv:SNVxJ/xfdfAiVljlRMd5maIhxH0RBs90bqrypBubM6w=,tag:A7Wemy4eLcIUfV/sZ6//VA==,type:str]
+xray.json: ENC[AES256_GCM,data:eog9U3zt+Lx4QOlr0F4PGP73uUXrZcxa8NDVq13hmVpfu2T/CoF+Lwf8saJN9IdAOcECfgkrI2DiUZdAUO5LGQDDEyJywiJ/CnL6u+kwmkO9doidvG9ctB1VR2CG4M5wqXnybJp8b6osG6iL83q4prjo3YjFfGQFA/X05ssuzLneugK1pQrr9yaF7PvXvFBRwOKDbsmqDqSurTkU3QZMx3is2f0OeLYZEYk9XVNE7xeL1/33gObsP4KF5O2h466+7ezI7kP2vC2rl1VPQFtYAssoxK6qxWKErPhMCu+cDDYDMxqkeYmkgGBJEefpuk6IMNXctuwWwjojX5SEMN73kOHzJxykE/NhCbRDeNQjWz9qTpDaMZ36IFTc+U7nThYD85h9ppaedsXsQtLxhG29KM45h0CByBwJPY8Q1TNkV+jYsJWk6+DqSnWwMPsAKXnj/bhtpbslWlqk7uHn/6jzexu95y89ObjNtiR6YViufCAHlAGovijXv9lEjsZk+1xMNnD418a58jrUXoBGQjr+FT+i01zDnJga61KqAkhjgblG6j5pNVzsopITs1f90cxJjoNFvqh01EgPma3OlD6x5RmY3g/Mzc4yXreWS0KhICSvZwNT27DKCTVpSWRwz20yNU0OYy4MIo1CbZtvv9uQ6pO9m681IjHLZSP5pX19rqG0hfTkP3Wvya/G8hkHhmRDHUeptzKuZII1GVU3g9JfL4KbEeLZXeZRqKJ5N5kFwyUXytWEZpmj4XYdZF65BsGnC251EI0+LJdJy6vDcGTelbMHoyW8tZ50pQysy5gukf+hERuzgw0l81P5iRZoz9Mt/dNy2sA/EFxElZayDrIRlBilKvlTUr8qgswjj2kdR0sPgfM0aaD1mZFQ65MHVcJSua2gO/B5yXNmoLtZxFSYOuqHqHXN84T1rj8DxU5XXlatvK00U6nb73Xkwdjfe14bUTR05E3DvXwYLJ/LZL+nRgHgASnS2ECDn/DAw7UigwmXSaEPz6eQbOucNvtoq6xceJgeWuNM7ZSIq5JRufL6QnLXjoHmd8OgSG6xaR7wvQkg+YwnbhhpDbi+3AB+RlJkYSVoUUdPTi8sSxYZi4x+gRys20tRCWxUuvrIKhoimFi/lNDZn4fW93EEZT1KpoHxOzD424hdVWZ/9dV2O57ZArOVvnG8WQPGsFqVQ55dzpA4QI34GNDHkeQGNJb6JF1f+8x5AJGJPbRWqDBNRmjewr8xKZwRSpYl+OH9ijU4qk9dxpiynFXY6t2cJIzhMIgRBnvgD+zFAgbOX0t1jvguLeTDxq+5ZJLc9g15gKtQKOLyBx0XAV8xtpmqQX8KuPj+CKmKUJQ1WNWUkd9THXwsYjskb3L6frOubYo0M0pnXaF+hlyHpsJoz4pdUmsFRnByAr+QQAYUUnx2oxZ3gybpIkFHUOekuXVwx4ox87buJA3YsgDYUE6QP7AUgUdpUo4pssZw4Ym8IpqCuam6F04uC9RMdTfeJ0URTaP/fY91zlvU7zJjeG97N30uLiVx60rGeJXfwK5PxcjUH6DNSZL9utX9F25+D2tbHXgP+zYPQFRThIfF5FZtcMaEA1jBFByc5YifrD+UveMwcZhJvoLy+LG635GrhuJodX0f+UB5FqxiW5+jxseXxVXhnN76UvTa1gc2sUC0/wKHeNEkO0HSoTsI5vFDldD+Vl8NFCEe90hlmBDDS89C4RBYB38tSnGicngiki089N1D8jVl5zF+Ssek6pLk/IjIhPC3F7TEshnkJpakHa009B5b50HizuJofbe5+c37BSgiCSzo3iGXQDVC/0dB8uEzKXFbeo9sGT1ESUFSwFGHLeNNC1UkMRfam6KyRqC5/PtRA+kQzk2+vJ0gk4ghGzgzFAXMgH1FovYBIc0JnwxmTyZssXdYkv8kn1fM7I+VcdEAqMMwuzZk1Q1cV2lcAFH3agodLKkMNrur0r14kdLYhoOghcedJtzQVm288exYoMxyXNm70VKcA3IiMW9GXoGY4BAFCWLKbrTQWqGzr5+MY7lyQOK6umcDeH0+R1yDmuNIrv7oog0KYQeHl++upEAyDzbjxtvlsWlB0fXRM0chvh0NZ0dPHK+qPaYlCXXucTSnNu9QKnMr34xOGY1CazPAXV4Bvyf9BxLKVxnNd9E/NPA43XCrJhKwspM4GzAGss5k1icb4za7GocMIqFfMO4y93Ug8nbZkHKJ1kzbqnx0JjfQfEH2QBznRAkhCQN0crs1Zvewcx46oOPZNzoFZLpKrP2yVnQTl93gcsmS1iw/F62BscRtW7kwSvQ+GInUoF2PWlicX90ZvkoImtzcyNLmUJ219cBxdghng12vKwgj2qMXilGWfIdHSh6UF96DjGlhWbURXUlGT2aQL7qQtC6M/sLewjs3SVT1g2xj/5SrsxCs3Id6mIcKRZTX+OiKKTY1xAvL/Ga7I/M+nN+BBSqurWMHIDbnA4jJEQcWZKPcskVve4WHJlo9qUbHznWJQl1aA6ypUJQNk2+ztLbn2TJlXPj8MN5ET2ZAtzZ1E7BUKFfxQafB0MqRygpK8d+Vtz3AP1eyn8/J6lQ9iS5JSWZ7kokFZ2362klit+ogiDGfLAAgVd4vSSDyObEZLGA+bMAxDqEb0Uc9q69I7Phf3IZN9TD9uZFJjr/H6QdS8UEF5510GilqQAanzBRLGCKO74t+Dv7qLrk3wqXZihAYevalJ5BVak8dxXQd3xDLGst+qSUiyFWxIgIBA5GX1YdPXQN4R+WhARV9v1VFaOIUtLMJfRJHni3ZjVX0yjN8R3xFSKmKgKaOc+LuO8mY3gdXBkEc0dzfhhRFMaaLb8rLNwPnp/7pL6fkltxY7e7GxwCOXQXERDQqb0e8ocYb+Mfv/ua/xc7fkxYt9bksrhqmPUxz+XdfLb86QzSs/X2rrxkZWCiFdnRHOkrgRiymbJTPAeQX+ERA39YTZJkiRlEROK3kDm15oAT4iJ+WQQpExthNtUAbPtkptQt+iG1IK6cEFiNI/RQuaqRhSjViZ0RkFraZYCBxBfQZG5WAecItvuS4awGbTM/cd1N5aNU43DbuMNlkoaX81K7w6WKkaTOcQkGtwdEBsXKbeO9KRZmO8QauUjV+g5jH2ctz+PgYUg9gGIcHsdnA0dyp6ie4HNxqa2vLMln4nj7aJzyzE0lYDB6FHrC18TOZ3UNl6Pk5u0vJB+BZdp7MMCScLo/boxloKY0IRspCsRPDmJg0W/JlQ4ezmYHUYq/wplw8V6bI07bIr4TgTFXIWK61mH1Lz/fflu4/6hj3aCklY7KKESU7uf0JGrAmGTa8y3WHtlc9/ETXq1hJv0ulUzNcBe2fxn9FiNKOMRWtfhatMuWrtaSQIk0tYWW1xJ0ZvsJeGOfM1Edf56QhSW37SJin1gvbZE6mW1IjGW1tSUn1K6vebsKpLNXYDIZ4Pbi0ZZ4njhY90GgSiw2hSvUsdrklIabRP0/s4aVdPXSHmPVNGnxQHfjiMUDaXqqGJDRS7kLgOFq5ipmNQ3bP1J2U+PYgkAxL4TA5fXu9q1H5OTgrMzemAlvp5jI7MXOPlUaD+PBn0oBVM+l7KfqEOWFyX5XIZyrJCg1+PtIMy1/V3B45PVC4yuzkWNU3m+wzaYn/UDX7XpvgxywXXSq5AO63/nn7lnbl21e48BReXlDJ7aDjAPR97qOUEEvJoVuiWk4JONEdJVt9j5ad/Z1n,iv:KROMY3fOYmtbYVdtVnN1SJyRZEhU2tzJXxFvt3yitn4=,tag:7fAjJ3ARKZpOh2InLZihBg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcDBqZldlajB1RURQVW03
+            TWJTaDlvVEYvZDd5dXBJV0c2V3FGY0laMUZ3CkxjQUtLRHBOZkQ4Mk5JTGd5V0M4
+            VUJ5aHJGSDl0MWpDSTNnQ2RSRnpPQ0kKLS0tIFA2em42NXNmZkJZWCs1Tmxia1VV
+            RnRPQ05LTDZTOEY3OWVMdmhHTTRKT1EKyBnGiEpkJ9TUGMSne5RUX5U4Nc49gXOn
+            8q6IeBWnI3mkVA0PElAThSpXLMMzq01uDrcZEeE9BocyU7Y/JRbUMA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeEw5YWpQNXM2dWpVY3Uw
+            bjBFQmVKeDlqYUFPNGhwVlVwdTdDaDY2bUNNCmJncHhrbHplU2ZvTHROcU1LNzBE
+            dnRlOFF2eXhHKzZ5VzQvS3RPb3FsWTAKLS0tIHNDcmdGTWl1VTREaVJXR1VzSUs0
+            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-05-27T12:56:16Z"
+    mac: ENC[AES256_GCM,data:MLRCHM7bPTOXzejkGAh2YcHxvxtAWfRop0sj7zHV5fIxBN7GP4H9JgKIFZAXRQJgP7UCRY7dGAVb9QM7kRUvOFxm4hSeFRRwfvt4er4a5x+SQocU+z6+50Q5qtOnkP7++SnJMfT0zfnmWe6MSCsebIOGAOVqMd06aVbSgO1mnD4=,iv:WZuETYLp4MISSsAGqjweK3+iWKHrf9CYJ5mkahM9LJw=,tag:6o9FB5zqD1ASMkQOVMkmkQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3