From 16fd1b23a26b93e6c772653bc1245229c0c3969e Mon Sep 17 00:00:00 2001 From: chn Date: Mon, 30 Sep 2024 20:59:46 +0800 Subject: [PATCH 01/23] modules.system.kernel: use xanmod-lts as default --- devices/srv1/default.nix | 1 - devices/surface/default.nix | 2 +- devices/vps4/default.nix | 1 - devices/vps7/default.nix | 1 - modules/system/kernel/default.nix | 2 +- 5 files changed, 2 insertions(+), 5 deletions(-) diff --git a/devices/srv1/default.nix b/devices/srv1/default.nix index bfdb6b56..81a27835 100644 --- a/devices/srv1/default.nix +++ b/devices/srv1/default.nix @@ -17,7 +17,6 @@ inputs: swap = [ "/nix/swap/swap" ]; rollingRootfs = {}; }; - kernel.variant = "xanmod-lts"; gui.enable = true; }; hardware.cpus = [ "intel" ]; diff --git a/devices/surface/default.nix b/devices/surface/default.nix index 23e1988d..8d415928 100644 --- a/devices/surface/default.nix +++ b/devices/surface/default.nix @@ -25,7 +25,7 @@ inputs: }; nixpkgs.march = "skylake"; nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; }; - kernel = { variant = "xanmod-lts"; patches = [ "surface" "hibernate-progress" ]; }; + kernel.patches = [ "surface" "hibernate-progress" ]; gui.enable = true; }; hardware = { cpus = [ "intel" ]; gpu.type = "intel"; }; diff --git a/devices/vps4/default.nix b/devices/vps4/default.nix index b528b0ef..61ae6f7b 100644 --- a/devices/vps4/default.nix +++ b/devices/vps4/default.nix @@ -30,7 +30,6 @@ inputs: nix.substituters = [ "https://nix-store.chn.moe?priority=100" ]; initrd.sshd.enable = true; networking.networkd = {}; - kernel.variant = "xanmod-latest"; nix-ld = null; binfmt = null; }; diff --git a/devices/vps7/default.nix b/devices/vps7/default.nix index 97ed5ece..7c119fad 100644 --- a/devices/vps7/default.nix +++ b/devices/vps7/default.nix @@ -30,7 +30,6 @@ inputs: nix.substituters = [ "https://nix-store.chn.moe?priority=100" ]; initrd.sshd.enable = true; networking.networkd = {}; - kernel.variant = "xanmod-lts"; }; services = { diff --git a/modules/system/kernel/default.nix b/modules/system/kernel/default.nix index 6457fb3f..c4f7c579 100644 --- a/modules/system/kernel/default.nix +++ b/modules/system/kernel/default.nix @@ -5,7 +5,7 @@ inputs: variant = mkOption { type = types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" "cachyos-server" "zen" ]; - default = "xanmod-latest"; + default = "xanmod-lts"; }; patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; }; modules = From 43ba59d390c51f0e9ac38244f3c8e573ed15b9fd Mon Sep 17 00:00:00 2001 From: chn Date: Tue, 1 Oct 2024 12:12:14 +0800 Subject: [PATCH 02/23] update misskey --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 43a3bc6a..00198762 100644 --- a/flake.lock +++ b/flake.lock @@ -730,11 +730,11 @@ "misskey": { "flake": false, "locked": { - "lastModified": 1724207820, - "narHash": "sha256-tm4YTpKqI7g4ACn8vkJUIFQmKcHlcDTkoBCrHEd3fp8=", + "lastModified": 1727700498, + "narHash": "sha256-h0oJ9128xsNGLzLTssjnTT+11vW4y+jrjy6p9qq6jFE=", "ref": "refs/heads/chn-mod", - "rev": "ac5c495d437fcdba2c523308119477a750440f3d", - "revCount": 25947, + "rev": "1eeabe04311c4aed657b184666152eeb5e837df9", + "revCount": 26110, "submodules": true, "type": "git", "url": "https://github.com/CHN-beta/misskey" From 1770f8752c20c3b08d66d2a3cb5dc3f258c12440 Mon Sep 17 00:00:00 2001 From: chn Date: Tue, 1 Oct 2024 12:13:40 +0800 Subject: [PATCH 03/23] modules.packages.server: fix fwupd --- modules/packages/server.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/packages/server.nix b/modules/packages/server.nix index 02a60c2d..3c1256c1 100644 --- a/modules/packages/server.nix +++ b/modules/packages/server.nix @@ -63,7 +63,12 @@ inputs: services = { udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ]; - fwupd.enable = true; + fwupd = + { + enable = true; + # allow fwupd install firmware from any source (e.g. manually extracted from msi) + daemonSettings.OnlyTrusted = false; + }; }; home-manager = { useGlobalPkgs = true; useUserPackages = true; }; # allow everyone run compsize From 7dac9a26682bc7d05a80deaac02d7f6e03fa723b Mon Sep 17 00:00:00 2001 From: chn Date: Tue, 1 Oct 2024 13:18:31 +0800 Subject: [PATCH 04/23] devices.srv1: enable password authentication --- devices/srv1/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/srv1/default.nix b/devices/srv1/default.nix index 81a27835..c80743de 100644 --- a/devices/srv1/default.nix +++ b/devices/srv1/default.nix @@ -23,7 +23,7 @@ inputs: services = { snapper.enable = true; - sshd = {}; + sshd.passwordAuthentication = true; smartd.enable = true; slurm = { From 71715cc16c349a6508ccef17fc5602e4135fe9a0 Mon Sep 17 00:00:00 2001 From: chn Date: Tue, 1 Oct 2024 23:34:43 +0800 Subject: [PATCH 05/23] modules.system.cluster: fix --- modules/system/cluster.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/cluster.nix b/modules/system/cluster.nix index 1a2c4c46..b1f55f88 100644 --- a/modules/system/cluster.nix +++ b/modules/system/cluster.nix @@ -15,7 +15,7 @@ inputs: nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}"; # 作为从机时,home-manager 需要被禁用 systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map - (user: { name = "home-manager-${user}"; value.enable = false; }) + (user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; }) inputs.config.nixos.user.users)); }; } From 5cff64305d2191e09fe0a7b96536020038f90766 Mon Sep 17 00:00:00 2001 From: chn Date: Wed, 2 Oct 2024 01:20:16 +0800 Subject: [PATCH 06/23] update blog --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 00198762..3ea70036 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "blog": { "flake": false, "locked": { - "lastModified": 1727598108, - "narHash": "sha256-8wVJBavzvY3n2sJeuyOt68FNJ9W70M+FlxoeiJhP/JQ=", + "lastModified": 1727803413, + "narHash": "sha256-K9CouPktnb0H8WJQp1eNcjy1hCg67/8I6JFbEEQ0pbM=", "ref": "refs/heads/main", - "rev": "2b65e0deb81324be72afc51204a0a75dad7eade5", - "revCount": 9, + "rev": "aa4eba6f89dde3facbf91780d2d529e7cba43585", + "revCount": 10, "type": "git", "url": "https://git.chn.moe/chn/blog.git" }, From 4fb4df63cc8d2d73fa440b88599f8b6745c95b50 Mon Sep 17 00:00:00 2001 From: chn Date: Wed, 2 Oct 2024 13:09:52 +0800 Subject: [PATCH 07/23] devices.pc: add a disk --- devices/pc/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/pc/default.nix b/devices/pc/default.nix index 1c5bb5dd..620f86d3 100644 --- a/devices/pc/default.nix +++ b/devices/pc/default.nix @@ -62,7 +62,7 @@ inputs: gpu = { type = "amd+nvidia"; - nvidia = { prime.busId = { amd = "5:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; }; + nvidia = { prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; }; }; legion = {}; }; From 76383ad9cbe8d4208074e9e7e517d9273c6a91a8 Mon Sep 17 00:00:00 2001 From: chn Date: Wed, 2 Oct 2024 13:13:43 +0800 Subject: [PATCH 08/23] devices.pc: allow kvm to read physical disk --- devices/pc/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/devices/pc/default.nix b/devices/pc/default.nix index 620f86d3..4d138978 100644 --- a/devices/pc/default.nix +++ b/devices/pc/default.nix @@ -168,6 +168,8 @@ inputs: }; # 禁止鼠标等在睡眠时唤醒 services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"''; + # 允许kvm读取物理硬盘 + users.users.qemu-libvirtd.extraGroups = [ "disk" ]; networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one"; services.colord.enable = true; environment.persistence."/nix/archive" = From 24e4420a5754142c45baf327627190cd9caddc3c Mon Sep 17 00:00:00 2001 From: chn Date: Wed, 2 Oct 2024 20:29:32 +0800 Subject: [PATCH 09/23] devices.pc: set windows boot entry --- devices/pc/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/pc/default.nix b/devices/pc/default.nix index 4d138978..dd5f7877 100644 --- a/devices/pc/default.nix +++ b/devices/pc/default.nix @@ -23,7 +23,7 @@ inputs: resume = "/dev/mapper/swap"; rollingRootfs = {}; }; - grub.windowsEntries."7AF0-D2F2" = "Windows"; + grub.windowsEntries."645C-284C" = "Windows"; nix = { marches = From 7e47019aeac22742d50118347ebd853d0ec59498 Mon Sep 17 00:00:00 2001 From: chn Date: Wed, 2 Oct 2024 23:35:26 +0800 Subject: [PATCH 10/23] modules.hardware: fix printer security issue --- flake.lock | 6 +++--- modules/hardware/default.nix | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3ea70036..850252d6 100644 --- a/flake.lock +++ b/flake.lock @@ -986,11 +986,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727530699, - "narHash": "sha256-Gfn8d6gbG5B+IO6mUWQXrnoUDCJUmrUD/M/QJDUsfRY=", + "lastModified": 1727884105, + "narHash": "sha256-J4lHJFQp7AFEa+O52KgYMCXkffAgpXWGyD89AU8xeJE=", "owner": "CHN-beta", "repo": "nixpkgs", - "rev": "9062900234c7d0157fc9612d36a1f03bc47040e9", + "rev": "e8db202a0ba0b25d01c01b49ed3025f7b0900d59", "type": "github" }, "original": { diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix index 39f01e99..54ee0c17 100644 --- a/modules/hardware/default.nix +++ b/modules/hardware/default.nix @@ -28,6 +28,8 @@ inputs: { enable = true; drivers = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.arch == "x86_64") [ inputs.pkgs.cnijfilter2 ]; + # TODO: remove in next update + browsed.enable = false; }; avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; }; From 2096a8e2e449a55942ba1e86ffd57fbf5b205b8b Mon Sep 17 00:00:00 2001 From: chn Date: Thu, 3 Oct 2024 01:02:21 +0800 Subject: [PATCH 11/23] update blog --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 850252d6..737084dd 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "blog": { "flake": false, "locked": { - "lastModified": 1727803413, - "narHash": "sha256-K9CouPktnb0H8WJQp1eNcjy1hCg67/8I6JFbEEQ0pbM=", + "lastModified": 1727888490, + "narHash": "sha256-pEZFFuisuBSHPdMgq/Bqkh+6lAKN4oRJFLTAgB6bwqg=", "ref": "refs/heads/main", - "rev": "aa4eba6f89dde3facbf91780d2d529e7cba43585", - "revCount": 10, + "rev": "6101a8dee8e8c2234dab8daf910ead09758441b4", + "revCount": 14, "type": "git", "url": "https://git.chn.moe/chn/blog.git" }, From 3ff3285708173536867b0da4a448b974ab7f232b Mon Sep 17 00:00:00 2001 From: chn Date: Fri, 4 Oct 2024 21:19:22 +0800 Subject: [PATCH 12/23] update blog --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 737084dd..ff47f404 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "blog": { "flake": false, "locked": { - "lastModified": 1727888490, - "narHash": "sha256-pEZFFuisuBSHPdMgq/Bqkh+6lAKN4oRJFLTAgB6bwqg=", + "lastModified": 1728051659, + "narHash": "sha256-b/zCyVs248+fdYbXRIfQuYaIYaG7Q2eXxsiuYK4eShQ=", "ref": "refs/heads/main", - "rev": "6101a8dee8e8c2234dab8daf910ead09758441b4", - "revCount": 14, + "rev": "82351a306b52e6b23408831c300cf39598c203a5", + "revCount": 15, "type": "git", "url": "https://git.chn.moe/chn/blog.git" }, @@ -577,11 +577,11 @@ "hextra": { "flake": false, "locked": { - "lastModified": 1724317530, - "narHash": "sha256-luENDR+fn9NbqNkn9wpLRnD41MeerFEUsrDgKRpnmg8=", + "lastModified": 1727602023, + "narHash": "sha256-fYfevapv+7x4WmYmte3vhQeOakHMchBGC7eYvOMru+0=", "owner": "imfing", "repo": "hextra", - "rev": "c6de4b5b6b1ec04647b0235e9c8b1158b1d58c09", + "rev": "94624bcac67cf587ec1006a9c2f0d72fbce9f135", "type": "github" }, "original": { From 791d3fa06cd5f943964b6824ff3e575d27a260b5 Mon Sep 17 00:00:00 2001 From: chn Date: Fri, 4 Oct 2024 22:38:22 +0800 Subject: [PATCH 13/23] modules.system.sysctl: set vfs_cache_pressure --- modules/system/sysctl.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/sysctl.nix b/modules/system/sysctl.nix index 7506dead..7ab476f2 100644 --- a/modules/system/sysctl.nix +++ b/modules/system/sysctl.nix @@ -13,6 +13,8 @@ inputs: "vm.oom_dump_tasks" = false; "vm.overcommit_memory" = inputs.lib.mkDefault 1; "kernel.sysrq" = 438; + # set to larger value, otherwise the system will be very slow on low memory machines + "vm.vfs_cache_pressure" = 100; }; } (inputs.lib.mkIf (sysctl.laptop-mode != null) { boot.kernel.sysctl."vm.laptop_mode" = sysctl.laptop-mode; }) From a420681cfc53b8d59d9f76a91ac63390a0dc5349 Mon Sep 17 00:00:00 2001 From: chn Date: Fri, 4 Oct 2024 23:32:25 +0800 Subject: [PATCH 14/23] devices.nas: move old misskey to nas --- devices/nas/default.nix | 1 + devices/nas/secrets.yaml | 12 +++++++++--- devices/vps6/default.nix | 7 ++++++- devices/vps7/default.nix | 3 +-- devices/vps7/secrets.yaml | 6 ++---- 5 files changed, 19 insertions(+), 10 deletions(-) diff --git a/devices/nas/default.nix b/devices/nas/default.nix index 56bf9f46..bd94f820 100644 --- a/devices/nas/default.nix +++ b/devices/nas/default.nix @@ -62,6 +62,7 @@ inputs: publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY="; wireguardIp = "192.168.83.4"; }; + misskey.instances.misskey = {}; }; }; }; diff --git a/devices/nas/secrets.yaml b/devices/nas/secrets.yaml index 9c3960b7..eb34677b 100644 --- a/devices/nas/secrets.yaml +++ b/devices/nas/secrets.yaml @@ -4,6 +4,12 @@ acme: token: ENC[AES256_GCM,data:OrYgBRU1VPpkpDzYMFHINfPSHsXEKABdZOcgiAiBJKcreBoaSVHUvg==,iv:XIeZPJhzmUi5ZHKBCYN5UA9HWH1K+26SvcIWVrHAYDA=,tag:3F93syLBZjcHwnRRkUEjlw==,type:str] wireguard: privateKey: ENC[AES256_GCM,data:VPlB4wSbWqSYw3rYRwfAMa39xrPcPZfz7sV2Cq3rmOhifnUPwggxnA+51do=,iv:utnyrB6Yfe5O94Oq4HDVFm/lQ9ZBoyvUT68r2G2PdwA=,tag:snm01vA+z2yKK8d2i5i2ig==,type:str] +nginx: + maxmind-license: ENC[AES256_GCM,data:ezBawTyn+oPKKy6sQuj2BQXhnO4PTbxYWRpQR9URCxqD7bFlnmWU1Q==,iv:eD4yLDA209x6HFtDaqyj8kRxTImdyZCgOminHWb9vt4=,tag:mx+qPp4L9jHRvL90XH1RwA==,type:str] +redis: + misskey-misskey: ENC[AES256_GCM,data:daHnurnqW0MI2uHd3gNT+ZczmytRdwBSsHGkCwNH9hJFMJW/U56HtjG5ivOQzYprWJ5uzgN98ivocbwzJEAGfg==,iv:aE9kvEErN06FNPPFQNchbmg/+SJCKT3QzCN/JTlZovk=,tag:iMo3MTssxKKT02zi8gCZPA==,type:str] +postgresql: + misskey_misskey: ENC[AES256_GCM,data:QhsmKzYmAV0kGPhtRjTK7npt/Nop5JM9EFPpD8K6KfUJ48w+r+4vTORmERu7D2+fE3XDXxNZeSJg//bGxMmhfg==,iv:qkjkrqepjQ4kbwoaceQSzEP5TjLsiY7ih/ESj5RFpHw=,tag:UtZVW30xcsbGUjU2HjoUvw==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +34,8 @@ sops: by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-24T05:14:57Z" - mac: ENC[AES256_GCM,data:9xKBuoVeotcZfiqsKg+iXxOc5BV9kGVvR5f9Anu6DauBceYIBxgeVCDU3dRUPz67MkOK/n2w9+gLchQxUyK8G4ECRTESL+GKpZslNVThb2j6vswLXNBHqsQCoQBlYOiKw5ZM1gpdYJPni8qpsdGvTwc5JkW+FH6v1BdZWaUhc3U=,iv:SyLiMXsQhS+8FFlSMXiD9ETD+mIsz6mePXnJzBODK5g=,tag:YpiU58lJ5Nb78EMyEmJdbw==,type:str] + lastmodified: "2024-10-05T02:43:05Z" + mac: ENC[AES256_GCM,data:NyXFwcVCCRfU+QSJVwov38SzRag1vhgfyQ0xtOheKtK/UaA+2Vqiqatp/lKWeri9ltpw5xWBYQnmE6aBHEkrj5RvoXeho3CUWiSqsB/3COn3FSfXGGJ2M642dnCtWqHfTrGNW7bhq/lBisODvtv+SAs108R5yYXhXWotUs/p+W0=,iv:Wsel2unj5X/dBCwt5sLzHmUIqm9c0uqzzpfnUkxq5cc=,tag:a5/I8GWuUOy4F4lOx9TH+w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/devices/vps6/default.nix b/devices/vps6/default.nix index c7fd0907..7e46748e 100644 --- a/devices/vps6/default.nix +++ b/devices/vps6/default.nix @@ -52,8 +52,13 @@ inputs: // (builtins.listToAttrs (builtins.map (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; }) [ - "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix" + "xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix" "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog" "peertube" + ])) + // (builtins.listToAttrs (builtins.map + (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; }) + [ + "misskey" ])); applications = { diff --git a/devices/vps7/default.nix b/devices/vps7/default.nix index 7c119fad..1b915b4e 100644 --- a/devices/vps7/default.nix +++ b/devices/vps7/default.nix @@ -37,8 +37,7 @@ inputs: sshd = {}; rsshub.enable = true; wallabag.enable = true; - misskey.instances = - { misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; }; + misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe"; synapse.instances = { synapse.matrixHostname = "synapse.chn.moe"; diff --git a/devices/vps7/secrets.yaml b/devices/vps7/secrets.yaml index 127296d4..7c1f2875 100644 --- a/devices/vps7/secrets.yaml +++ b/devices/vps7/secrets.yaml @@ -10,7 +10,6 @@ redis: rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str] wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str] misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str] - misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str] nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str] send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str] mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str] @@ -20,7 +19,6 @@ redis: postgresql: wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str] misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str] - misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str] synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str] vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str] nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str] @@ -151,8 +149,8 @@ sops: SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-28T12:28:35Z" - mac: ENC[AES256_GCM,data:gDrWd/AMuHzTBu809FOInNtakqABMcbVMYn6FxqSsD4l+GCGoteQKzUVYhM327mxqV9dM2TfklCnSQ2tYOiY0ea7EBjqsCGL7eKexY7wmPY2gPHLNQEzoeagQKl1k1wU45JgUriit6t2iajUCPoEK1yHJg4qPHy/EoE9NMwf0IM=,iv:haPKxQ/YQ0vq0UFub7YVPqqSoiV0NiLsuOUUV+ZDk3U=,tag:pxsNkKHjciJ/GwBhQiSqXA==,type:str] + lastmodified: "2024-10-05T02:43:01Z" + mac: ENC[AES256_GCM,data:frMtsfATEGOCwkR5g6sOLszwtBq1rfHvofevbzDHuKwJQtI4IXpfgyohyQ64tZ7K6YLqR0bf3yP9A7zyIxAzIvgKciIDdIYI/LUCAmOsUE9On70UiVxFj8WAL700geHfr2X+1Vzl9suMBA3E8h9O02wcuuD4gumZlLgXqzmbtZE=,iv:oB8W9+KO8jJbSnICsN5CMRCRs6uM6y8xszCyWlRCkV0=,tag:JxLLwUsE/7nxDAzMmUYdjg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 From 95ad9352a70e996ef9ad11d8b3a932d23d65917e Mon Sep 17 00:00:00 2001 From: chn Date: Sat, 5 Oct 2024 14:14:33 +0800 Subject: [PATCH 15/23] modules.packages.winapps: init --- flake.lock | 56 ++++++++++++++++++++++++++++++++++++ flake.nix | 1 + modules/packages/winapps.nix | 12 ++++++++ 3 files changed, 69 insertions(+) create mode 100644 modules/packages/winapps.nix diff --git a/flake.lock b/flake.lock index ff47f404..33a3cb0f 100644 --- a/flake.lock +++ b/flake.lock @@ -520,6 +520,24 @@ "type": "github" } }, + "flake-utils_5": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "git-lfs-transfer": { "flake": false, "locked": { @@ -1455,6 +1473,7 @@ "sqlite-orm": "sqlite-orm", "tgbot-cpp": "tgbot-cpp", "v-sim": "v-sim", + "winapps": "winapps", "zpp-bits": "zpp-bits", "zxorm": "zxorm" } @@ -1668,6 +1687,21 @@ "type": "indirect" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tgbot-cpp": { "flake": false, "locked": { @@ -1805,6 +1839,28 @@ "type": "gitlab" } }, + "winapps": { + "inputs": { + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728108519, + "narHash": "sha256-JnRyiNR1O79n90TPjDBNpqd/Qh6jnP4t92rCgK/s6qU=", + "owner": "CHN-beta", + "repo": "winapps", + "rev": "64478a87a49d6093f4d4f3a281bf0eecd2e6f977", + "type": "github" + }, + "original": { + "owner": "CHN-beta", + "ref": "feat-nix-packaging", + "repo": "winapps", + "type": "github" + } + }, "yafas": { "inputs": { "flake-schemas": [ diff --git a/flake.nix b/flake.nix index 186c81e0..af58c5ee 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,7 @@ catppuccin.url = "github:catppuccin/nix"; bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; }; poetry2nix = { url = "github:CHN-beta/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + winapps = { url = "github:CHN-beta/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; }; misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; }; rsshub = { url = "github:DIYgod/RSSHub"; flake = false; }; diff --git a/modules/packages/winapps.nix b/modules/packages/winapps.nix new file mode 100644 index 00000000..c8ee4ebb --- /dev/null +++ b/modules/packages/winapps.nix @@ -0,0 +1,12 @@ +inputs: +{ + options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption + { + type = types.nullOr (types.submodule {}); + default = if inputs.config.nixos.system.gui.enable then {} else null; + }; + config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null) + { + nixos.packages.packages._packages = [(inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {})]; + }; +} From ae563d12fe1c40cfc20c797e3e58a9ab17a0d8c6 Mon Sep 17 00:00:00 2001 From: chn Date: Sat, 5 Oct 2024 21:45:56 +0800 Subject: [PATCH 16/23] update blog --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 33a3cb0f..0608e556 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "blog": { "flake": false, "locked": { - "lastModified": 1728051659, - "narHash": "sha256-b/zCyVs248+fdYbXRIfQuYaIYaG7Q2eXxsiuYK4eShQ=", + "lastModified": 1728135873, + "narHash": "sha256-JzXif8di0pHR3LU2+ctm04npBZcGcqyq8N2psK48TvU=", "ref": "refs/heads/main", - "rev": "82351a306b52e6b23408831c300cf39598c203a5", - "revCount": 15, + "rev": "ea29d286a1f9d26da1f4c12449c759d9e6bb5aea", + "revCount": 16, "type": "git", "url": "https://git.chn.moe/chn/blog.git" }, From f7c4cb4b62ca32e9d5e4151dcc284410e10cc022 Mon Sep 17 00:00:00 2001 From: chn Date: Sat, 5 Oct 2024 21:51:19 +0800 Subject: [PATCH 17/23] devices.vps6: move blog to vps6 --- devices/vps6/default.nix | 3 ++- devices/vps7/default.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/devices/vps6/default.nix b/devices/vps6/default.nix index 7e46748e..b5ab7f5b 100644 --- a/devices/vps6/default.nix +++ b/devices/vps6/default.nix @@ -53,7 +53,7 @@ inputs: (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; }) [ "xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix" - "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog" "peertube" + "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "peertube" ])) // (builtins.listToAttrs (builtins.map (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; }) @@ -67,6 +67,7 @@ inputs: catalog.enable = true; main.enable = true; nekomia.enable = true; + blog = {}; }; }; coturn = {}; diff --git a/devices/vps7/default.nix b/devices/vps7/default.nix index 1b915b4e..03288891 100644 --- a/devices/vps7/default.nix +++ b/devices/vps7/default.nix @@ -51,7 +51,7 @@ inputs: send.enable = true; huginn.enable = true; fz-new-order = {}; - nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; blog = {}; }; + nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; }; httpapi.enable = true; gitea = { enable = true; ssh = {}; }; grafana.enable = true; From dfc8f433f5a8d03f81934361f7c7aa4b9b3202f3 Mon Sep 17 00:00:00 2001 From: chn Date: Sat, 5 Oct 2024 22:13:01 +0800 Subject: [PATCH 18/23] modules.packages.winapps: add applications --- modules/packages/winapps.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/modules/packages/winapps.nix b/modules/packages/winapps.nix index c8ee4ebb..2ef6294f 100644 --- a/modules/packages/winapps.nix +++ b/modules/packages/winapps.nix @@ -7,6 +7,35 @@ inputs: }; config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null) { - nixos.packages.packages._packages = [(inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {})]; + nixos.packages.packages._packages = + [ + (inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {}) + ] + ++ builtins.map + (p: inputs.pkgs.runCommand "winapps-${p}" {} + '' + mkdir -p $out/share/applications + source ${inputs.topInputs.winapps}/apps/${p}/info + # replace \ with \\ + WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/\\/\\\\/g') + # replace space with \s + WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/ /\\s/g') + cat > $out/share/applications/${p}.desktop << EOF + [Desktop Entry] + Name=$NAME + Exec=winapps manual "$WIN_EXECUTABLE" %F + Terminal=false + Type=Application + Icon=${inputs.topInputs.winapps}/apps/${p}/icon.svg + StartupWMClass=$FULL_NAME + Comment=$FULL_NAME + Categories=$CATEGORIES + MimeType=$MIME_TYPES + EOF + '') + [ + "access-o365" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365" "visual-studio-comm" + "word-o365" + ]; }; } From b788e792b38f35d60c74279e7e034696c1cf146f Mon Sep 17 00:00:00 2001 From: chn Date: Sun, 6 Oct 2024 10:55:24 +0800 Subject: [PATCH 19/23] modules.packages.winapps: add windows --- modules/packages/winapps.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/packages/winapps.nix b/modules/packages/winapps.nix index 2ef6294f..07bceef1 100644 --- a/modules/packages/winapps.nix +++ b/modules/packages/winapps.nix @@ -35,7 +35,7 @@ inputs: '') [ "access-o365" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365" "visual-studio-comm" - "word-o365" + "windows" "word-o365" ]; }; } From c3254748226822f25567c2dcb00e4e4f5efdccbe Mon Sep 17 00:00:00 2001 From: chn Date: Sun, 6 Oct 2024 11:08:02 +0800 Subject: [PATCH 20/23] modules.packages.winapps: add acrobat-x-pro --- modules/packages/winapps.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/packages/winapps.nix b/modules/packages/winapps.nix index 07bceef1..d8169af4 100644 --- a/modules/packages/winapps.nix +++ b/modules/packages/winapps.nix @@ -34,8 +34,8 @@ inputs: EOF '') [ - "access-o365" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365" "visual-studio-comm" - "windows" "word-o365" + "access-o365" "acrobat-x-pro" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365" + "visual-studio-comm" "windows" "word-o365" ]; }; } From 0d6bb32e124c77f0652349a58f4f2421e005da3b Mon Sep 17 00:00:00 2001 From: chn Date: Sun, 6 Oct 2024 11:17:44 +0800 Subject: [PATCH 21/23] modules.packages.winapps: fix windows --- modules/packages/{winapps.nix => winapps/default.nix} | 8 +++++++- modules/packages/winapps/windows.desktop | 9 +++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) rename modules/packages/{winapps.nix => winapps/default.nix} (82%) create mode 100644 modules/packages/winapps/windows.desktop diff --git a/modules/packages/winapps.nix b/modules/packages/winapps/default.nix similarity index 82% rename from modules/packages/winapps.nix rename to modules/packages/winapps/default.nix index d8169af4..ca8845a6 100644 --- a/modules/packages/winapps.nix +++ b/modules/packages/winapps/default.nix @@ -10,6 +10,12 @@ inputs: nixos.packages.packages._packages = [ (inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {}) + (inputs.pkgs.runCommand "winapps-windows" {} + '' + mkdir -p $out/share/applications + cp ${inputs.pkgs.substituteAll { src = ./windows.desktop; path = inputs.topInputs.winapps; }} \ + $out/share/applications/windows.desktop + '') ] ++ builtins.map (p: inputs.pkgs.runCommand "winapps-${p}" {} @@ -35,7 +41,7 @@ inputs: '') [ "access-o365" "acrobat-x-pro" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365" - "visual-studio-comm" "windows" "word-o365" + "visual-studio-comm" "word-o365" ]; }; } diff --git a/modules/packages/winapps/windows.desktop b/modules/packages/winapps/windows.desktop new file mode 100644 index 00000000..206a3285 --- /dev/null +++ b/modules/packages/winapps/windows.desktop @@ -0,0 +1,9 @@ +[Desktop Entry] +Name=Windows +Exec=winapps windows %F +Terminal=false +Type=Application +Icon=@path@/icons/windows.svg +StartupWMClass=Micorosoft Windows +Comment=Micorosoft Windows +Categories=Windows \ No newline at end of file From 0709454a210974a9b292ecac68de5ccfbd687e05 Mon Sep 17 00:00:00 2001 From: chn Date: Sun, 6 Oct 2024 23:58:25 +0800 Subject: [PATCH 22/23] update blog --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 0608e556..4f59b40c 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "blog": { "flake": false, "locked": { - "lastModified": 1728135873, - "narHash": "sha256-JzXif8di0pHR3LU2+ctm04npBZcGcqyq8N2psK48TvU=", + "lastModified": 1728231112, + "narHash": "sha256-9MwzikiJNiT6aKOyQuInLiC5UKFQ2oanUE3AGHOYCP4=", "ref": "refs/heads/main", - "rev": "ea29d286a1f9d26da1f4c12449c759d9e6bb5aea", - "revCount": 16, + "rev": "1ebdd835065a9040c91b3076c0bcb7a251d320b3", + "revCount": 19, "type": "git", "url": "https://git.chn.moe/chn/blog.git" }, From dc354dd6f47bb53a25a4250043c47940eff27ebc Mon Sep 17 00:00:00 2001 From: chn Date: Tue, 8 Oct 2024 12:28:25 +0800 Subject: [PATCH 23/23] modules.packages.lammps: init --- modules/packages/lammps.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 modules/packages/lammps.nix diff --git a/modules/packages/lammps.nix b/modules/packages/lammps.nix new file mode 100644 index 00000000..2c7d6707 --- /dev/null +++ b/modules/packages/lammps.nix @@ -0,0 +1,25 @@ +inputs: +{ + options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption + { + type = types.nullOr (types.submodule {}); + default = if inputs.config.nixos.system.gui.enable then {} else null; + }; + config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null) + { + nixos.packages.packages._packages = + let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null; + in + if cuda then [((inputs.pkgs.lammps-mpi.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; }) + .overrideAttrs (prev: + { + cmakeFlags = prev.cmakeFlags ++ inputs.lib.optionals cuda + [ + "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" + ]; + nativeBuildInputs = prev.nativeBuildInputs ++ inputs.lib.optionals cuda + [ inputs.pkgs.cudaPackages.cudatoolkit ]; + }))] + else [ inputs.pkgs.lammps-mpi ]; + }; +}