diff --git a/devices/srv1/default.nix b/devices/srv1/default.nix index 1ce123cd..bfdb6b56 100644 --- a/devices/srv1/default.nix +++ b/devices/srv1/default.nix @@ -48,25 +48,27 @@ inputs: { name = "n2"; address = "192.168.178.3"; cpu = { sockets = 4; cores = 8; threads = 2; }; - memoryMB = 30720; + memoryMB = 61440; }; srv1-node3 = { name = "n3"; address = "192.168.178.4"; cpu = { sockets = 4; cores = 8; threads = 2; }; - memoryMB = 30720; + memoryMB = 38912; }; }; partitions = { localhost = [ "srv1-node0" ]; - old = [ "srv1-node1" "srv1-node2" "srv1-node3" ]; + old = [ "srv1-node1" "srv1-node3" ]; + fdtd = [ "srv1-node2" ]; + all = [ "srv1-node0" "srv1-node1" "srv1-node2" "srv1-node3" ]; }; tui = { cpuMpiThreads = 8; cpuOpenmpThreads = 10; }; setupFirewall = true; }; }; - user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ]; + user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ]; }; }; } diff --git a/devices/srv1/node0/default.nix b/devices/srv1/node0/default.nix index 83bab04d..1d5092d5 100644 --- a/devices/srv1/node0/default.nix +++ b/devices/srv1/node0/default.nix @@ -26,6 +26,13 @@ inputs: wireguardIp = "192.168.83.9"; }; nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; }; + xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; }; + samba = + { + enable = true; + hostsAllowed = ""; + shares = { home.path = "/home"; root.path = "/"; }; + }; }; packages.packages._prebuildPackages = [ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ]; diff --git a/devices/srv1/node0/secrets/default.yaml b/devices/srv1/node0/secrets/default.yaml index 5606ca99..241fe697 100644 --- a/devices/srv1/node0/secrets/default.yaml +++ b/devices/srv1/node0/secrets/default.yaml @@ -4,6 +4,27 @@ xray-client: uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str] mariadb: slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str] +acme: + token: ENC[AES256_GCM,data:k5QU1aHvd/hSG4yncffSwnxQvhULHd0I8wtrXD2FcOH3SWswkmzMOA==,iv:WB18Wsl0nxUQ6Om3SXP5+0BtFbNZ8fCXTyPJqj6a9Ik=,tag:dKpr52W7Wdwws87r3hQxqw==,type:str] +users: + #ENC[AES256_GCM,data:rNA32tcCmriP,iv:No3Hyee58jDzZaXOD8SJYzgQXXs58oAddwC5Q9mo55E=,tag:RgZO7fgZkAr3Pawqt0dwmQ==,type:comment] + xll: ENC[AES256_GCM,data:kq6gpuxBRbDP7Yi16WJrrsumnSfersI2kP5pT5efn5CjbL65JaW/Bff9P4OM6b3J21ObT0uRSmParBqW4OvN/UA4KXDhibqwRg==,iv:GvpNgy8kREgxp9v0cyIobgg2ZrrxylMmwq1hRaAoNA8=,tag:RpD/1FjWVglzt8sIAjjpsg==,type:str] + #ENC[AES256_GCM,data:nl+uNO7GVV4r,iv:8hUmN4uWOqJE0g1aYA5dqQq+0oCpYGKe//yuECpmyBM=,tag:79XibRYMadJNE5Uy1O+4Jw==,type:comment] + zem: ENC[AES256_GCM,data:t6zd/9ZoJWEkPhKyfaUXWQM2Y2unpUUq79SEKSt8nmWCQxlBk4PzMX031CwNde/0A4G3ARyIoU8vcFqp8NaBMA64INccKccrGQ==,iv:QOKpu7lm6uiPACNGa0QvHP81PP/4doS3r95h8/nexcs=,tag:J85l6pYh9WT/LyMbTrw+vA==,type:str] + #ENC[AES256_GCM,data:7SGmLzQyXKWo,iv:lr7nM0r7eMc+sCNO8OgwwELH41zTk3W/1i+0rnTc+9s=,tag:ZOkLRhEsFXX6bODu6wUyiQ==,type:comment] + yjq: ENC[AES256_GCM,data:8TF316O4M3UDoSA7rjBn12vUdHOcWXtrvuhqa6K65NaMhHU9rMrPHEikr0tqe5B5ojhh8PRRe+X/Dq19L4rJXThRfzdhALZzsA==,iv:2plZ2m0JuuUMQqYnyETCPH9x5jnLtNl396zvv7ay++s=,tag:X7YSLQOE9xnC63RWCht3GA==,type:str] + #ENC[AES256_GCM,data:yclOn8oHwLYQ,iv:Ba7Q84z6e9/3lv43wdN+bd/aqO/y5qR5I6Z5O6o7U6E=,tag:ecaNN9MgZqDYBCbTlsOZtw==,type:comment] + gb: ENC[AES256_GCM,data:piD2eh5iUXnCEkEyDULPkjbEG4Uc4izoVAuscbb9TPr7Q9WhCJX3FGRYrQp/wmZQ6UETR1jTejtbT9j/kI96BcN2onlwO/lqvw==,iv:oFWeoDp3GQA8aR+/AcJnhkovOWx7MgHoCKy5xdPIJMo=,tag:n2E+zuKckNAU7mOCJW+f1Q==,type:str] + #ENC[AES256_GCM,data:hfcOjdrvK+YD,iv:8rUsS1exsOx+2YEgdATNcWGKqmaCNbpY1EEq1Gv1utE=,tag:Z0lq2ctHBWDtx2tyxOSIBw==,type:comment] + wp: ENC[AES256_GCM,data:DUfGQpSg79W8KD/SWC2B4FqoPGoCrd1miczAQR5YApD00QopMmeDR28uTmHru2KU9DsjkdnWEbgfM49CwXt5FFJennqW36oYbg==,iv:D9+3CMZlJIHm+u14rAEikQoBM3jBQN8Lnx22DN2EIg4=,tag:ZegZmI1kf7Whcw3EE9dwPQ==,type:str] + #ENC[AES256_GCM,data:6pwUu43Lu5/h,iv:lZQ5F8v9VZRGuUoEMH15JLvx40N08ahTEbdEoKEuvsg=,tag:zPMQy6d9/RcukBO1cyeM4A==,type:comment] + hjp: ENC[AES256_GCM,data:dqoQ9hUbptm0//mlcFRrqLh1NpjxFPH+4jeyMG/x9Zvkszw7d71jvkO8KEPBfKnXpPBP2lvFyEqooIMWQJPYiIszHt2f0qSC7A==,iv:5nRcsaylcx74tQR1KddEpZUhmcynMvdHCcJYA7wfJnE=,tag:bGVKD1aDZJUlFg/zagP/eg==,type:str] + #ENC[AES256_GCM,data:Idordi28++/e,iv:5TR6Z14yluxPhrD7ye2mXEQpD53qS9/ZJIZ+S1sTqco=,tag:IkmLWXdxDmFQxtpJxL61pg==,type:comment] + GROUPIII-1: ENC[AES256_GCM,data:JuNtb5SRUrxfyjWFn3Be7EU51j/HlwiOpuN0m+Picf/2Bs97kflGnqGKstVRIjWEn4WzqscSaLRsbP9uFfSBHeJ152xfyOqkww==,iv:mQvIC6v+1fziRDYHYSFMOKof1ZcoFskpQDiCAF35sa0=,tag:0IL2VvdMorgE6oziscAB8Q==,type:str] + #ENC[AES256_GCM,data:kyJP952K5atd,iv:TLMUPKshuWqbQ6koiZ9eTXcoDS3jLXYy/gCZbMGrRl4=,tag:M2tLLogovoG2PCojt9CJ9Q==,type:comment] + GROUPIII-2: ENC[AES256_GCM,data:ifWnLx1YEewdviqHK8fdesM3c1m1T4g6twnz1cGv1yc4jit68pQWLrRMivdsM4tUcyU9GKwCaElVlvh+dgyy8EZQPKCbvJX6GA==,iv:T5FWReeZ0QOkGJiNfrVrUBhAhbXxlFQJKqQV2tzw9AQ=,tag:XClXGZDWGuoGxzPW7ne2Pg==,type:str] + #ENC[AES256_GCM,data:t8QUVYG4v7fE,iv:N8hDAV7wulPHcfnYTXuZRhb9dQPZqKpfMKK1+ITaZTA=,tag:eKMJDOmqoWWQbv/mm3LaAw==,type:comment] + GROUPIII-3: ENC[AES256_GCM,data:VlAA+g7SRZyhPSl0Gd1KS7dCwNgRA/o+d8anN88A7E8bSE1ckeTSp+J4YrbbUlLasLhliOZ/nDC0rti+hckGCrjMwweMorSIWg==,iv:7u1yNrN7uxHCF1MsJ2qt1jyQ0ZYYCYKUHwRff50P9oI=,tag:3raCWjdButfmcdy8mH25Jw==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +49,8 @@ sops: OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX 2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-15T10:53:47Z" - mac: ENC[AES256_GCM,data:0bZzNFEh3hRHLLImLLxYiN82QW4JAiyvuzRtE2MH8xa+VAE1kKy+ceED32zhEKl/yG/9lbGaz0bZz/+ouZyBd6ejvAbOaHZGRc+GY4VyLQfvpEx+7W19VVTGW1Wsae1zQv6WAML2cRsSbZX7FZNTGnTH8YKC9nXB+y+RTOtR7x0=,iv:+t1Agt5UmaloJ45onPWbcqu5geHNaMwF8WojmZeRiY8=,tag:IZbqzVl6LVVaJUHJSYkY4w==,type:str] + lastmodified: "2024-09-29T06:38:23Z" + mac: ENC[AES256_GCM,data:n7MVBKCUW4xpIiVO4ysBqlG89LjzpDBx9GJWQTrSenLWV/YrIGUxA6QDlRg7yhqV9ldF9Q7hDve1KHw7OxKRx5ot5OZiD3Bq3TwJfS2DarJ2vi9oc1J+CXXach8gp3m4C4RkPJ/y1i3jB2nRfSw5Z/TtdPMbvGXlHh+hhriAqxM=,iv:tyBcXMZzgeUOgYJtU1XkptPOlNoFwH+4z6xTD89aKOw=,tag:apXU989ZL+D8WhWKFTdXTg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/devices/srv1/node1/secrets/default.yaml b/devices/srv1/node1/secrets/default.yaml index f17069b8..6660829d 100644 --- a/devices/srv1/node1/secrets/default.yaml +++ b/devices/srv1/node1/secrets/default.yaml @@ -1,4 +1,24 @@ -hello: ENC[AES256_GCM,data:wA==,iv:kLAdTomvGSJRmZiO916Ort8crRCp05vlSamVMJ/gLbU=,tag:QTxIe+dhLWVljw9Svuu7Tg==,type:int] +users: + #ENC[AES256_GCM,data:dgM035YLtZfl,iv:h7pHQ6YFa4hxcHMihQTegHmkaCMlfPtqdCqvJxSsXt8=,tag:V2v9C2TfErIOAihtTQpnSw==,type:comment] + xll: ENC[AES256_GCM,data:/YL4vowFLFbbYv06yaKWZH5UNBKs0L6LQ+6O0IsiUZpgW5fGfp2A5JTlH6ne7RGyyTE4GNId0MC7byQbTHHwO+5zVYWpzjDCfQ==,iv:5/VKGsIohoutZf3F4Qj8PruAXSivQ0zsg1pwLwZbCLs=,tag:/vsrCISEbgQ7HnubWOtKow==,type:str] + #ENC[AES256_GCM,data:oT8PFxQdwEt6,iv:eD/wF2toUAT991S0aO7NklpKSnMDH40+73IhU83H9t4=,tag:mxxAUdfHgC/hlvmLc2MlAA==,type:comment] + zem: ENC[AES256_GCM,data:RpmSTr2ZKfUNWg5vYbKB00AG18GNQs+kgx82E9Mg5hoc3HKmbAyIzjxloMn/Bw3MOTnof6Cf1ZzVCs53Wz8YbZFClLEVdKhMKA==,iv:NQJQOxQa/RaGzvGgarq5kWL8ojB1bejEiqJUCJLxgyU=,tag:8cFFQ5kKpZji4YvEYOyzOg==,type:str] + #ENC[AES256_GCM,data:keNqy5SdClQT,iv:N5LX7VJEwLHQ5HsFINs6LupP3rv/XAWFR2e/S52N+Oc=,tag:cqBh1bL1jAEk3mT0pLDd5A==,type:comment] + yjq: ENC[AES256_GCM,data:TagWplgUyhaEAuFpup0TRIxWXIEGwsG/V+gOo/pXSGor30B/BF7+wVozYTZ/iSN7OJJw8I7IZGvxvh0v01BGz1RQO6MEEpSj5A==,iv:TeXXYlhfae78cJFdZk0Nnm24sP43wi9UM80vHwKfXFU=,tag:lhae9Ona5OMlTBAJg3PiIA==,type:str] + #ENC[AES256_GCM,data:jmRMNpJLMqEo,iv:UOfzRSPDFsJ52sa2FVaQsVcU2P2bOYPzh4JLZ/8+hCg=,tag:8rCEYFELB2geXhfUjfZ18A==,type:comment] + gb: ENC[AES256_GCM,data:RneeGyzmdxCceKPzOHaTtS1l6NzuS07NYBxYrLICMLWHPog08FTINWEZx1JmqbAloVna3wE43kPPa9s1w3VbtPBhzRpTVZfUtA==,iv:1vu79FhPiWQ2/G5xzzBdyc790yv/aYKIQFPhaDpBmoA=,tag:vkpT1bDfVufBkDmOs7RomQ==,type:str] + #ENC[AES256_GCM,data:swW/4Fii+fHz,iv:9UZ8W6RY+n3XZkDCxSP/CQQn1Ji+mo2aqgmG9wTF/I4=,tag:2ifOyc0oGzM1iM3rouvvMw==,type:comment] + wp: ENC[AES256_GCM,data:/cIBL7orNYqu6Ybahdd1UVdTbS1SHr3GGb3ib4FDxPUlp/Xr4ARMX+01N6pOahVYwE8Hwp6nr4TdvwFpe2/AE6v2rbyclSzJgA==,iv:ZGwmAgwiC15K5NhajLCTiuW2mLT2gt0KUicDFmMY+JE=,tag:8rcoY6/weOkML90FyDfiSw==,type:str] + #ENC[AES256_GCM,data:6KbDgRf0Lmsh,iv:2vhLHgIzhCrdvQ7w6lCPKOmLlOVRJ5gJ+Pw5NSiMVVc=,tag:E6PwWCsUn3tZwV95zFbwhA==,type:comment] + hjp: ENC[AES256_GCM,data:0hzP2t4ck/0GVa2OoZxETCSQvp0QYN+0MJYl5aJ5hzSOXbwBPlTcIbjckpWDacx4iKGw+skhv1Nhz9lGrhgvddzqb/o1GWkKUw==,iv:OzKTIxDm+AgDAy4rP31kts0PKHuNqBZWc0Vsvh6X8CY=,tag:7Y/6qP+TJd1o0a96gKq5JQ==,type:str] + #ENC[AES256_GCM,data:PQmtt6/8T8Nm,iv:ZDUkaQts3hUQ1nncynoGw8gNV9jYvnXz9rOaqRC6yLE=,tag:jN8sUWnqoWbMlkLEqVKNkg==,type:comment] + zzn: ENC[AES256_GCM,data:YNB9leH/qgXpApA+bnsZiBlfbQSEiOoqhDgKCbwz33zPVc8KRShSS4kWEseiMlYLv7Kfbfy94cEKLOaWBjuRmMrODmC3HZ+rtQ==,iv:Ju02Sz0PHoBftz2W818hmXQ3J/fzLacWv+gy4eGXvjU=,tag:B6mvgWUclyHXgno07jhXQw==,type:str] + #ENC[AES256_GCM,data:UVi9/5NV0ySV,iv:E7ZZvvf6lNJdT4esykilJxhpTu7gqmu9w4w8rII/RSk=,tag:pnl3G0qt7ZzXlA9YWo7LiA==,type:comment] + GROUPIII-1: ENC[AES256_GCM,data:M4LHqgN/WYk9Nh7Pawft1tplh/FiADu6GoyImyLGBk8rbNNLT5AXuNYGj97tVYxI0Hwek+zhnmcjAWdDtmkVzE7TcD1WAZbkTA==,iv:GN/jHnEikITXkLRR/tXnhYiTE5bIDOg1d9DrYeASoY4=,tag:hkoAHHYX+q1topjXkRyK2g==,type:str] + #ENC[AES256_GCM,data:EVL/9hYcFl4F,iv:EZ8PMqklNEky0i940vwyQFXrgBoQRwwGDjBgRB18KGg=,tag:cnQzCU7XZ0EO6ojGaEk4Dg==,type:comment] + GROUPIII-2: ENC[AES256_GCM,data:7HOyyFtPjhxtvz3cG561aslZ1Ct+DmR290XOxz34sA/vyA+gjvHTWoIpKPGVzSU8vGfaLLV4ta/nOUsK/VfUj00ngwTdkEDkrg==,iv:rkDAE24gaE7MzOcIUX87oMyK6ra0Pt/vUNrIV9p7aFY=,tag:24NTkSu8Fd785uC2Lwr2XQ==,type:str] + #ENC[AES256_GCM,data:sa3uVs8+996Q,iv:eN3S4x/UROkZWV3U2pZpvULgoPdh42lM/Q+jZ13ohsk=,tag:IG0q/+ti4tthAejVp7MCPw==,type:comment] + GROUPIII-3: ENC[AES256_GCM,data:jfeQWLGUWK4xfgRtS9RjjN76D+JLqTF526SI0XeYnUXtCsKhJYE88hgVnn7m/Af9g1OCj08+UDsM8cyKOJj3+m6h+IZQzCS4bg==,iv:Syf3SYAFvOtfOy4PeA/PcYbuUnABk6f5A+OmZYtdwv8=,tag:cib1RuKxGffjB7R5GSxotA==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +43,8 @@ sops: R1BkT1hoSWo1RlJnU0pCdTFYbDFoZmMKKF7cND1jSo+neTTJ+GwW4T0RTOX9mbME 58wjAtkrKSD2vDFMQ/vtPNiohAt6RMdClLVm50yh7Oh961YmvJYnbA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-16T03:04:24Z" - mac: ENC[AES256_GCM,data:2uq4QvP4l+WvV5G1FOj9nNmC9ZRvJcLUsLU0/Wrh7b6f+30g0lkw5M/WtHFd9CjrfB1O98Cvm3Y3ABsSTue5OLuAjACc+Jz5wvRbuLkWRNRU4HNdaAJIzN5Fqd6w+SR8vzLCe+NTcDlhEjdD0zcrRGD4+aM/cnn228sCTtRw1JY=,iv:MhHsNC/VJVPI8LVN9xuY4JZFlinuDI3C3Igo/O9/gbs=,tag:4jIbeOwspn7yZCrn8xKVrA==,type:str] + lastmodified: "2024-09-29T06:38:35Z" + mac: ENC[AES256_GCM,data:UWDwXUfk4R9CfgU2gv1NZsusLq5+VTsvjGQNst99MuxLz4sox8CZuuYsDLB2dobKrJua107yqhbM8Ps42JJVHZEf3WHqP08tRbdIWNVoakYR6UJlNS3WZVR+LlheQI5PfJqPqa7VFgZeSVm7weIPCHqvHt+ak76oyJK1VsI0f+k=,iv:VL9s+LUA/TrOsJNQWC0/v0Yh+hT8uh2vitc9h1xHBEY=,tag:iA8yMpm+0ANAC+2BLN9Agw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/devices/srv1/node2/default.nix b/devices/srv1/node2/default.nix index 90a6a325..b1fae4a7 100644 --- a/devices/srv1/node2/default.nix +++ b/devices/srv1/node2/default.nix @@ -9,7 +9,7 @@ inputs: nixpkgs.march = "broadwell"; networking.networkd.static = { - eno1 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; }; + br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; }; eno2 = { ip = "192.168.178.3"; mask = 24; }; }; cluster.nodeType = "worker"; @@ -37,5 +37,8 @@ inputs: boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2"; # make slurm sub process to be able to communicate with the master networking.firewall.trustedInterfaces = [ "eno2" ]; + # add a bridge for kvm + # 设置桥接之后,不能再给eno1配置ip,需要转而给 br0 配置ip + networking.bridges.br0.interfaces = [ "eno1" ]; }; } diff --git a/devices/srv1/node2/secrets/default.yaml b/devices/srv1/node2/secrets/default.yaml index 2b1f5f0b..070f789e 100644 --- a/devices/srv1/node2/secrets/default.yaml +++ b/devices/srv1/node2/secrets/default.yaml @@ -1,5 +1,26 @@ xray-client: uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str] +users: + #ENC[AES256_GCM,data:bAA1+Mx9xsFr,iv:5GWh+DyuRydCKm8K1kaiTJIt4ReEugHFnKYfan6RAE4=,tag:VqcWjIMIYhkSj6f/ZclTVw==,type:comment] + xll: ENC[AES256_GCM,data:lqzwlETuKuKa2wh+ickMFiWyprcnIBfRBjri+NWoltxib/LWzEEbyetRc4AKyVaBiDhsOTw6MazPNy2mhcAFwb6pM+QKce5ntA==,iv:VaGQux8MJNPZeHwDpM+yJ47XvOul0qRE8xVdSWjYRhY=,tag:rBWdTPmJX9YsP0l1FtVbJw==,type:str] + #ENC[AES256_GCM,data:AgppEXaJcXhQ,iv:gI4nUzfy7w9yqaWlT1NYk1cHdErCJsrlilwYSGxxCdw=,tag:/A6zwbvQdhX9MLfAdXIVqw==,type:comment] + zem: ENC[AES256_GCM,data:t0rCwed8EzXbEuwTabzSLUd/Gln3YD9IT56JNVHwlodAvFYwtTDJe3cy7K17TmIkL1Nk/hAGzQ2BIZJxaKq7A5pSNIUO1zqMUQ==,iv:jSKCoNKQ5a91kK19w5mE0lJ9lh391ACq64UtLvJ4kLI=,tag:d6+IrgLyCw05vvLcCF5+yQ==,type:str] + #ENC[AES256_GCM,data:s39KO3hHcrOK,iv:ICtP2r9JMjcieHZdyHpj5Z1DympJUcHq2jPpjUwSOzM=,tag:Es3YS+mEg5I3SIujfs50jQ==,type:comment] + yjq: ENC[AES256_GCM,data:gOc59J2eiND+qJJRwLYvTymfrjWNRWw8IwLxDdS2cSu0yTN5SWF1eEg+tYmDqqhPmXkIlenL8VyIZD2P+Qi+Vi7l1pZMnneRCw==,iv:TsWOmHlClMgpXbNsCyvs+wkTvvKViAooA36+O4eQesk=,tag:jp5ZO9tlCPNTNZXWXCUEeg==,type:str] + #ENC[AES256_GCM,data:JmmZl+8nta5Q,iv:qWGS5i+ntmJ9x3HFClVdfypQKqSTUx827OFu/wxx3HQ=,tag:SzvgJtIQb1Z02GDwkAhveQ==,type:comment] + gb: ENC[AES256_GCM,data:pgwGyp/QC+h05grD345pJrJefm4NWd0e6mQEzrsqCbjMi9Ak2nUD+K09mIKQJ39NttC+NQZezRmKUJjDBH50s0O69nBlPOJtgA==,iv:ZLm6KUzD8fTq4YpxhdYjtp7bbDjP7Sy+0fnDO0W5GY0=,tag:H2mNHIQvHe+3YzZ9ITVdOg==,type:str] + #ENC[AES256_GCM,data:94hwxSaMkbIB,iv:4Xjukoo7rxeu4SWjwFeLo5fwSX6a8mpkTOIpnOnR/Io=,tag:XOjY6ziyDdMNo53NFSjcJQ==,type:comment] + wp: ENC[AES256_GCM,data:9/aVAQskZyQrfhVFVHfpdTWDLdoP2ZO7gG6bNcRpOJEBle3V9XqVSwmLViIIysy4XxoR3cym/7WXB96O3C8feK7sbihaRpT+Dg==,iv:WPnDArVKqV7u3EIQ0CMectK1W6gXKOo37oOybyob3As=,tag:1R/0qjRzif4/sTFSs55NuQ==,type:str] + #ENC[AES256_GCM,data:RluXnmnn8CAI,iv:OqzKfed5CARE/KKur0GXDpLBqStEva7YVoQMQX4+FnU=,tag:prOaqWk6ARxEKvnhOnCZhw==,type:comment] + hjp: ENC[AES256_GCM,data:Tb9vCi68B88UZc/ZVSxEI+esKOLlFcAPAaMk9FDmkBycZmzDjHfkUKCxVcOMtqeNSluVZ/5IFgowaYbk9ncK6yoYTjXjj1Z0lA==,iv:COs+ijt0h+UygyhWDQV23NRd/xBcfeqz6CO7D+xw7t8=,tag:RaIMaGrgHkidB9vqLR6cNw==,type:str] + #ENC[AES256_GCM,data:pymPvP+KjTd2,iv:g5tmBMQevuzES9FVlRten8Vzy5nvgamDNPo6Vy018T4=,tag:sMYZAyyAzEyS5CsAyC7xtw==,type:comment] + zzn: ENC[AES256_GCM,data:CJ8cOBjblYIc0GoiPnIbbWfYDfpQW5u31R9T/P0/aVuxi6P44wYYH0posVGthR1laqHIlu8bzgeRyTbBYir/Mw1AGokAnFLEPQ==,iv:dJXFcZ9f3xe3rcPzOLd6AMFh6EyJXlv3/+uR2x9XYsw=,tag:4I1WqtloUSXNeQ6AlVPY5g==,type:str] + #ENC[AES256_GCM,data:r1Rl1+lfgMad,iv:9RGwiYlePcXZFDxw5uc1yEwZ4N3lStmE1cGmsj5dPls=,tag:yGChsxZtIzDjMUgIkd+PdA==,type:comment] + GROUPIII-1: ENC[AES256_GCM,data:IIZpTdr5jpidbxYCQ+fODOHdoWI51upPI3yxYlrAAd+RE62t6PzAvHKFmKPivbHmQS5RZrJXE7zm9JtwiodRmPl0pYLxYNBpFQ==,iv:WQc1pOungm1gEqYPk/MITbjs1l83ikcys47CARRgoFk=,tag:sS2mXDIWl32ZZzDtictv9g==,type:str] + #ENC[AES256_GCM,data:VtrWQKVtCHtA,iv:ap/n2HxQ7dgKOA8rIfenv9LOwwAh1na8+I9O/k/wMxs=,tag:Vl03ortuZ5OS2qcBMnc59g==,type:comment] + GROUPIII-2: ENC[AES256_GCM,data:fkxYmHEQnCjx/srKBgjreIR0S7mcXyl1h3H80PFsH3A/yCGnJbFCGK1GW1++Q+tziOnEWCTLZ/l9dlPuB5BFSK7iHiVXtkOfVQ==,iv:z6duWl+LFpS5RJnCGxb3yvgHp96uJYoSsAThWrbGYfg=,tag:AKWisEg506eOgdp/4tLU7g==,type:str] + #ENC[AES256_GCM,data:e8HuWaLrvHx5,iv:ZKvfRQtOMV6v3MSCDVoPEsxldI+ZRYJBwrKAD8YZzPc=,tag:tPL3IyjC8f+S+6MoMJSd0A==,type:comment] + GROUPIII-3: ENC[AES256_GCM,data:if1S/3AxNLkWvDQJom+4EPRBOpkAPNTkEcqHHLAuEJATSNLlIhVLOPgt10cM4LWx2TdG8V2TcZip9qnr4ABHMsPF5vm6Y53r9Q==,iv:Rba0So8DXJrSC88mjwT8j2AVy84TPm0R6AVf2ZmXNBg=,tag:qiSeYLrw/6QJ7vMiPEZ66A==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +45,8 @@ sops: MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-26T04:24:23Z" - mac: ENC[AES256_GCM,data:GS9TPomEy3rHaanqMWkqGV9NX8lsYMnujxhuWTnJxdgfCP8scOEo2O+ATlmxmcmKquXlq+zo4LF6RCzF65eSvpSKcIDQRc0yDgBQ5+M8gXv1lk0WNdicpHJsEk8j/ostJTwEkV5QDyp3+J6lRNtFMQnrZ7+UxpgQwK7DaP8mnF4=,iv:1BEb2Xr8jQO6M19bC+jlGGSI0aT1MEgEoYwLuCT1T9U=,tag:Be7BQsjWq7PZBrgsrH/cjA==,type:str] + lastmodified: "2024-09-29T06:38:42Z" + mac: ENC[AES256_GCM,data:tb6UXalJcNqd1bCJ4pdWQ5lctAXMrwAJsGagNIjtAklVx/0vibEBTvtVdI3CSNA3OuDguyXc/ECGEqlPNpoRq/F5JINfnirEbaBL6KhNkFxaSLVP7mu1u0KH93qhzA2j4jofderpxj+FvOOMVZNuZkrcSPDoufPA/ypY+YaKuu8=,iv:KPyXi7AD6FSmoZKYUDh2zLZnArvdcHau5XZHk8CbwI4=,tag:7T1jUJ7eNkY9VYt2eP+brg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/devices/srv1/node3/secrets/default.yaml b/devices/srv1/node3/secrets/default.yaml index 01771043..1636592b 100644 --- a/devices/srv1/node3/secrets/default.yaml +++ b/devices/srv1/node3/secrets/default.yaml @@ -1,4 +1,24 @@ -hello: ENC[AES256_GCM,data:DCfr682OxZ49pR5Q/sYZxqMdmUothpOOQOiKiPc0Xoh/gJ19qA0yVrO7aKk3Bg==,iv:B01Qfkiy3/B3MYskqFAxEZNoGjb8+A5wcyjq8Bj987k=,tag:e3/VHntKiG+/8xHz/nFXYg==,type:str] +users: + #ENC[AES256_GCM,data:uBjvj5Y6SIk8,iv:WxYu6Xkh2T7kb3uLqgkJJtHvCmWyvntcGfCKJfSfSmo=,tag:ueHbPNX3KOVO9RdQnw/nog==,type:comment] + xll: ENC[AES256_GCM,data:Cp2wBFygUBlZnf0oAAxB5L8/qD/LwKksp0YG4Ic7nay8E8kXJGSYDyTK5AdeVh8/MxLgVVY6LMWtUOzFe3WU1u71pgBGF4x+yw==,iv:wXfcHuJzqWmm++vysZW3z4TLEOkgWTUF/pqFDfgwny8=,tag:k9o2yp1AksTGOgREOLlprQ==,type:str] + #ENC[AES256_GCM,data:4CsCDEg/UChs,iv:ENErjaF65B1dCuD56/DCqe37WSCu1q28s2khMyF7I8E=,tag:q9mxHCAsuDGygseYU0pRDg==,type:comment] + zem: ENC[AES256_GCM,data:cPDlicY4vrQ5VTyfCVN0zH5EIV8kH2xqlFEUkmwO3TmKV69Qx0nE+6yiUhENKR72zY3p5w4ZFEtF7maqqklWvThkeSs059aFpA==,iv:g+nASIzOUZuyX5MCFcKOJKsKTQhcpSY4sIKArlVZh8o=,tag:WaAYcxHmFs6/EG3oy56xJA==,type:str] + #ENC[AES256_GCM,data:fu6KBkGEtzD/,iv:OzClxptcUbrbgmYYoQYcInG5Tl6HrjSRVrt3iIaSrqI=,tag:kc+AxJ7UI45j6eW69CiBkA==,type:comment] + yjq: ENC[AES256_GCM,data:QGpjtIrtio3Jc4kGam5cjqCHZJl2c0wWQAD8BXXhiWfwbQF+sQSTk2V3FbvOlHjqcT92ab8qWCCFjIqBH4DJUq+z/eleX6Y4wQ==,iv:aky2Q2kpEf2EhcR9UXIAyf+BSW9CIZCGbyZCp0l3X4c=,tag:RHLILdrK3duFA2iZDDigEw==,type:str] + #ENC[AES256_GCM,data:YUQ73+HZk69O,iv:wY5da+RRnPpXOD5+HdKkyYZ04ZpB3NBtRjRq5Utzlvw=,tag:BE8MhvbxTkn3rG4Pe/zitw==,type:comment] + gb: ENC[AES256_GCM,data:AkPFt/GGyeKdYtY/cW774Yi4rrxhTFRzXe/hf0rbwFESwf4pwgfdcr9e3bp6mfmNy86CCDMsUVPtg49q+DV+9CwHU1ETe1vIbg==,iv:L/kLfEjt3WEQmgAXjOAsnE2Sp45DQP9LLKcZe1FjnVs=,tag:HluImuMHEhiE8yAw3fjNQg==,type:str] + #ENC[AES256_GCM,data:WCkGncBugE2H,iv:ZN3edJuEDKrHo9OZs0jbU1ATI5+WpfVul5i7SK51ME0=,tag:rgxwqwPJcdDNMnRFlxNplA==,type:comment] + wp: ENC[AES256_GCM,data:n7S4got9Q/7s7rZQldnB1wJlB36uqjremc1UDeUmzs6I9Gp9YPj7dJBDAHBNzWruo83ciP6PygHcCmHzBojISgW/HdD5j9cgJw==,iv:ymjB5YWxJJXBA80a2MPYHXBV+bNxUhroPWu+1GJo4XY=,tag:GGVz7kzBrSomBityyZBdvg==,type:str] + #ENC[AES256_GCM,data:2aKW2wBhF2oG,iv:wXRX5ZAr5O0c/H1WvzK1+kG1NbZU92h89NgXB8lHfMk=,tag:gAW2oQxz2dUthyNvMlmxcA==,type:comment] + hjp: ENC[AES256_GCM,data:+9MKYP96nBdLFVcTkpSS/hiTLdTOf5+Rs3dpUus/ym7gl2+aA2rGtlGS+ozALeUV1seNlVAuyhclZG2dH9uhaudlQvQw5ntAzQ==,iv:eobXw5ahEl9I2HlXD+y3NtGFOlPulk+aKVFxuCRe2+g=,tag:zt6MveyltO2xxThG9grZqQ==,type:str] + #ENC[AES256_GCM,data:WLU7JBd7ZNES,iv:GkmmM1n0Squ0rundsz4Q+1dkF9BcCaV1hID8bt/gmxI=,tag:MMukyZlOeE0CcnI51VYPWg==,type:comment] + zzn: ENC[AES256_GCM,data:5uNrzv43K/TQlGDldxqUYscDoEduTJdRz0jgd5dBh3N3bMNHulZbD95IVAj87OkLgdOtlDPZz3DfB5oxKBVcV0XE/E7GwJKILg==,iv:SB/uOB1SdhC5zGCY/OzBRY6wgGQLwKYuFgekxZpX1Y4=,tag:ckOxmdXvhQjGMPssoLeMPQ==,type:str] + #ENC[AES256_GCM,data:xLPmYdIcIUz7,iv:NqaKJJgyMwfVfAYgEAMHXo1qLYfyOHhIcV++lseKcNQ=,tag:qXDuROf4A9T2H61KtrQUpQ==,type:comment] + GROUPIII-1: ENC[AES256_GCM,data:izqFF2JD0ZEeNlqrQ9sJcEcrnp/WmyJL46jszmR4fLwrFGcMoekSfOTkzjO8upogY5fIDsn02dwh4mLX74vA8DjeRTaDKZyyfw==,iv:lknYrGgDFQen2w8mtLNHewQXara1ikWvGdvVA8a6Fyg=,tag:EiiMBUhF6YOafD7MCIMA5A==,type:str] + #ENC[AES256_GCM,data:Zt6KCQ3chnLi,iv:RpMBGf2zDVWN13PpTr0Zj18ORdIZT2u34BestCjyLsU=,tag:aBuN2QGhxgnOXPC1NOoROQ==,type:comment] + GROUPIII-2: ENC[AES256_GCM,data:fAczfnHue47oHJm/8Hcu8iC+scxUQRNZlJWSCFnmtn8PzbOtPXGVLYaZJs3SRE0F7yYsOUZlHnEPaK5bFjCHioindbS0oimBfQ==,iv:F14TVM+UxXm0UbAgLmQpkI4v+jhQ84a4G8IuWRw1k/o=,tag:R+r0be31nLC0T6Isl9/sdA==,type:str] + #ENC[AES256_GCM,data:xccChTyxO80R,iv:tSxhbmVwhwD1IbXRNglS+WWMXfzUDaoJfCNqfKWqVko=,tag:XrFTahck6EKRf79NNeMRfg==,type:comment] + GROUPIII-3: ENC[AES256_GCM,data:LQAAYOKBVKRsVfwRJOr4jBCqnHKG60euQMngfuI82Dewwtnt4fKZ/iDg6otJIXwdMdiYI4ytr573GaAPyadt/UdDv+EqrLQ3qA==,iv:dD7djoiEBjrZCQCKkjzsVD+IK7T9sL02zxRG3b1uwQ8=,tag:sqJ0Q665aXVnPHWlTS0Rag==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +43,8 @@ sops: bHQzK1EvVEhvZFI5MjVxL0Q5UVZYdGsKJl2M3eOB0lRyu2VO1qDjW1pNJ9HhwAS6 g5yOa2fxLJn4bvmQAJYeNJ1Wi6sYaBvkbeOegjaKjW4ZvwhP5kWqRA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-20T06:02:54Z" - mac: ENC[AES256_GCM,data:OQYaHF7lMspMaXjK64fZhdd6w9EHWzvjYsJdGEEaSwj6nfgb8EPxn73hn8NMgubXnqxonqbrpwgUuI+u297ItEEsksWQGGe//UrLlAJlhPvgezOpeeBfT4iWUrbazam4Uakh457N9W0AX390D2VmDtSBMw60fqnIeSnJF6Jv5Gs=,iv:O0h2sKf4KibuP5ZfRWF8tEVnLyyZtwst66frYUC4Awo=,tag:y94K0y/nF4y1sfh+P/hWrA==,type:str] + lastmodified: "2024-09-29T06:38:50Z" + mac: ENC[AES256_GCM,data:pQDphBruG5s5trIOY1fvcCAnLDx+NcVJ6cEP48u92JRnM5cojYXbiFt6Mlq+bYLxkXb2PoKMBoohRbsNdYLRgz3BGAY//Kc5OHGWzi7r9t4/iuhcouZsV/6wHGnrJ0yECS2+LPkT+/JXnYv1ZJTpUR0TSmTvnCgJI6xpWt8HDSA=,iv:Oyn7UESWVDqh3kDFAX3opbC/XEYOa1s3wmGolc1uhTM=,tag:aasXTc9+bgLgCaLDNfbJGA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/devices/vps6/default.nix b/devices/vps6/default.nix index aae63be4..c7fd0907 100644 --- a/devices/vps6/default.nix +++ b/devices/vps6/default.nix @@ -53,7 +53,7 @@ inputs: (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; }) [ "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix" - "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog" + "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog" "peertube" ])); applications = { diff --git a/devices/vps7/default.nix b/devices/vps7/default.nix index 1597bf53..97ed5ece 100644 --- a/devices/vps7/default.nix +++ b/devices/vps7/default.nix @@ -71,6 +71,7 @@ inputs: xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; }; writefreely = {}; docker = {}; + peertube = {}; }; }; specialisation.generic.configuration = diff --git a/devices/vps7/secrets.yaml b/devices/vps7/secrets.yaml index 54d2c9e9..127296d4 100644 --- a/devices/vps7/secrets.yaml +++ b/devices/vps7/secrets.yaml @@ -16,6 +16,7 @@ redis: mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str] synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str] synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str] + peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str] postgresql: wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str] misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str] @@ -29,6 +30,7 @@ postgresql: akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str] synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str] vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str] + peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str] rsshub: pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str] youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str] @@ -122,6 +124,9 @@ xray-server: private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str] writefreely: chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str] +peertube: + secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str] + password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str] sops: kms: [] gcp_kms: [] @@ -146,8 +151,8 @@ sops: SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-02T23:57:33Z" - mac: ENC[AES256_GCM,data:Tp7uSF3G1WALzv7jPSXGyIJbwYLHz4sF73NUoAI6KPboLs3juhDiZjJfkBkIIv4BawWNTvvAQfBL6hbpPbn3bLpkTvU8TiHyP9yiY5kJkid37I2s8KOHHaxKSu4CXlkAeXdZX0I1iujAOsKYUd2GnN19V07K0qwCtZOVvZXvjsk=,iv:fcsE7qXrcoaRdTv0C4nmfNvIDXtTXiKyF7TCfnkvRPg=,tag:Dgdq4gT2lzhkXZ10uUCwwQ==,type:str] + lastmodified: "2024-09-28T12:28:35Z" + mac: ENC[AES256_GCM,data:gDrWd/AMuHzTBu809FOInNtakqABMcbVMYn6FxqSsD4l+GCGoteQKzUVYhM327mxqV9dM2TfklCnSQ2tYOiY0ea7EBjqsCGL7eKexY7wmPY2gPHLNQEzoeagQKl1k1wU45JgUriit6t2iajUCPoEK1yHJg4qPHy/EoE9NMwf0IM=,iv:haPKxQ/YQ0vq0UFub7YVPqqSoiV0NiLsuOUUV+ZDk3U=,tag:pxsNkKHjciJ/GwBhQiSqXA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/flake.lock b/flake.lock index 2030bf30..e8971c17 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "blog": { "flake": false, "locked": { - "lastModified": 1726576113, - "narHash": "sha256-u/I6XYepAVGtkayYDm16IlaYOPEJFSyt/XRxG2YtgBw=", + "lastModified": 1727598108, + "narHash": "sha256-8wVJBavzvY3n2sJeuyOt68FNJ9W70M+FlxoeiJhP/JQ=", "ref": "refs/heads/main", - "rev": "737eeef5116febf4c1dbc27737107dc616810d8d", - "revCount": 2, + "rev": "2b65e0deb81324be72afc51204a0a75dad7eade5", + "revCount": 9, "type": "git", "url": "https://git.chn.moe/chn/blog.git" }, @@ -951,13 +951,29 @@ "type": "github" } }, + "nixos-wallpaper": { + "flake": false, + "locked": { + "lastModified": 1715952274, + "narHash": "sha256-i2L4L9mV/wOl6QV+d8pyLZUHS+QIFJN5lYuQrP+CSjk=", + "ref": "refs/heads/main", + "rev": "1ad78b20b21c9f4f7ba5f4c897f74276763317eb", + "revCount": 1, + "type": "git", + "url": "https://git.chn.moe/chn/nixos-wallpaper.git" + }, + "original": { + "type": "git", + "url": "https://git.chn.moe/chn/nixos-wallpaper.git" + } + }, "nixpkgs": { "locked": { - "lastModified": 1727355718, - "narHash": "sha256-AvmneY2JNPdqXWrSSSWNeNCZeCTBXVu10WDFYlD/IHM=", + "lastModified": 1727530699, + "narHash": "sha256-Gfn8d6gbG5B+IO6mUWQXrnoUDCJUmrUD/M/QJDUsfRY=", "owner": "CHN-beta", "repo": "nixpkgs", - "rev": "17fe8ed6ac90b3ca5ca23e5ad9e95a2051db6c8b", + "rev": "9062900234c7d0157fc9612d36a1f03bc47040e9", "type": "github" }, "original": { @@ -1398,6 +1414,7 @@ "nix-index-database": "nix-index-database", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", + "nixos-wallpaper": "nixos-wallpaper", "nixpkgs": "nixpkgs", "nixpkgs-22.05": "nixpkgs-22.05", "nixpkgs-22.11": "nixpkgs-22.11", diff --git a/flake.nix b/flake.nix index f5bc4dce..186c81e0 100644 --- a/flake.nix +++ b/flake.nix @@ -72,9 +72,7 @@ py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; }; pocketfft = { url = "github:/mreineck/pocketfft"; flake = false; }; blog = { url = "git+https://git.chn.moe/chn/blog.git"; flake = false; }; - - # does not support lfs yet - # nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; }; + nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; }; }; outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in diff --git a/flake/src.nix b/flake/src.nix index d96ce6d2..ede1e0d8 100644 --- a/flake/src.nix +++ b/flake/src.nix @@ -1,11 +1,4 @@ { inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in { - nixos-wallpaper = pkgs.fetchgit - { - url = "https://git.chn.moe/chn/nixos-wallpaper.git"; - rev = "1ad78b20b21c9f4f7ba5f4c897f74276763317eb"; - sha256 = "0faahbzsr44bjmwr6508wi5hg59dfb57fzh5x6jh7zwmv4pzhqlb"; - fetchLFS = true; - }; git-lfs-transfer = "sha256-AXXYo00ewbg656KiDasHrf3Krh6ZPUabmB3De090zCw="; } diff --git a/modules/packages/desktop/default.nix b/modules/packages/desktop/default.nix index b1a98f85..6bea360d 100644 --- a/modules/packages/desktop/default.nix +++ b/modules/packages/desktop/default.nix @@ -100,7 +100,7 @@ inputs: baloofilerc."Basic Settings".Indexing-Enabled.value = false; plasmarc.Wallpapers.usersWallpapers.value = let - inherit (inputs.topInputs.self.src) nixos-wallpaper; + inherit (inputs.topInputs) nixos-wallpaper; isPicture = f: builtins.elem (inputs.lib.last (inputs.lib.splitString "." f)) [ "png" "jpg" "jpeg" "webp" ]; in builtins.concatStringsSep "," (builtins.map (f: "${nixos-wallpaper}/${f.name}") diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index 772dec27..ecc48f3c 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -247,6 +247,9 @@ inputs: proxy_ssl_server_name on; proxy_ssl_session_reuse off; send_timeout 1d; + # nginx will try to redirect https://blog.chn.moe/docs to https://blog.chn.moe:3068/docs/ in default + # this make it redirect to /docs/ without hostname + absolute_redirect off; ''; proxyTimeout = "1d"; recommendedZstdSettings = true; diff --git a/modules/services/peertube.nix b/modules/services/peertube.nix new file mode 100644 index 00000000..98094534 --- /dev/null +++ b/modules/services/peertube.nix @@ -0,0 +1,65 @@ +inputs: +{ + options.nixos.services.peertube = let inherit (inputs.lib) mkOption types; in mkOption + { + type = types.nullOr (types.submodule { options = + { + hostname = mkOption { type = types.nonEmptyStr; default = "peertube.chn.moe"; }; + };}); + default = null; + }; + config = let inherit (inputs.config.nixos.services) peertube; in inputs.lib.mkIf (peertube != null) + { + services.peertube = + { + enable = true; + localDomain = peertube.hostname; + listenHttp = 5046; + listenWeb = 443; + enableWebHttps = true; + serviceEnvironmentFile = inputs.config.sops.templates."peertube/env".path; + secrets.secretsFile = inputs.config.sops.secrets."peertube/secrets".path; + configureNginx = true; + database = + { + createLocally = true; + host = "127.0.0.1"; + passwordFile = inputs.config.sops.secrets."peertube/postgresql".path; + }; + redis = + { + host = "127.0.0.1"; + port = 7599; + passwordFile = inputs.config.sops.secrets."redis/peertube".path; + }; + smtp.passwordFile = inputs.config.sops.secrets."peertube/smtp".path; + settings.smtp = + { + host = "mail.chn.moe"; + username = "bot@chn.moe"; + from_address = "bot@chn.moe"; + }; + }; + sops = + { + templates."peertube/env".content = + '' + PT_INITIAL_ROOT_PASSWORD=${inputs.config.sops.placeholder."peertube/password"} + ''; + secrets = + { + "peertube/postgresql" = { owner = inputs.config.services.peertube.user; key = "postgresql/peertube"; }; + "peertube/password" = {}; + "peertube/secrets".owner = inputs.config.services.peertube.user; + "peertube/smtp" = { owner = inputs.config.services.peertube.user; key = "mail/bot"; }; + }; + }; + nixos.services = + { + nginx = { enable = true; https.${peertube.hostname}.global.configName = peertube.hostname; }; + postgresql.instances.peertube = {}; + redis.instances.peertube.port = 7599; + }; + systemd.services.peertube.after = [ "redis-peertube.service" ]; + }; +} diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix index fb2982b0..e397d6b2 100644 --- a/modules/services/wireguard.nix +++ b/modules/services/wireguard.nix @@ -41,6 +41,7 @@ inputs: firewall = { allowedUDPPorts = inputs.lib.mkIf (!wireguard.behindNat) [ wireguard.listenPort ]; + trustedInterfaces = [ "wireguard" ]; }; wireguard.interfaces.wireguard = { diff --git a/modules/system/fileSystems/luks/default.nix b/modules/system/fileSystems/luks/default.nix index 8826ef84..a319e668 100644 --- a/modules/system/fileSystems/luks/default.nix +++ b/modules/system/fileSystems/luks/default.nix @@ -61,20 +61,21 @@ inputs: boot.initrd = { luks.forceLuksSupportInInitrd = true; - systemd.services.wait-manual-decrypt = + systemd = { - wantedBy = [ "initrd-root-fs.target" ]; - before = [ "roll-rootfs.service" ]; - unitConfig.DefaultDependencies = false; - serviceConfig.Type = "oneshot"; - script = builtins.concatStringsSep "\n" (builtins.map - (device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done") - (inputs.localLib.attrsToList luks.manual.devices)); + services.wait-manual-decrypt = + { + wantedBy = [ "initrd-root-fs.target" ]; + before = [ "roll-rootfs.service" ]; + unitConfig.DefaultDependencies = false; + serviceConfig.Type = "oneshot"; + script = builtins.concatStringsSep "\n" (builtins.map + (device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done") + (inputs.localLib.attrsToList luks.manual.devices)); + }; + extraBin.cryptsetup = "${inputs.pkgs.cryptsetup}/bin/cryptsetup"; }; }; - fileSystems = builtins.listToAttrs (builtins.map - (mount: { name = mount; value.options = [ "x-systemd.device-timeout=48h" ]; }) - luks.manual.delayedMount); }) ]; } diff --git a/modules/system/networking.nix b/modules/system/networking.nix index a8834521..2e35cefb 100644 --- a/modules/system/networking.nix +++ b/modules/system/networking.nix @@ -75,10 +75,10 @@ inputs: (builtins.map (network: { - name = "10-${network.ssid}"; + name = "10-${network}"; value = { - matchConfig.Name = network.ssid; + matchConfig.Name = network; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; }; linkConfig.RequiredForOnline = "routable"; }; diff --git a/modules/user/chn/plasma/wallpaper.nix b/modules/user/chn/plasma/wallpaper.nix index 18a16393..5a38367b 100644 --- a/modules/user/chn/plasma/wallpaper.nix +++ b/modules/user/chn/plasma/wallpaper.nix @@ -2,7 +2,7 @@ inputs: { config.home-manager.users.chn.config.programs.plasma.configFile = let - inherit (inputs.topInputs.self.src) nixos-wallpaper; + inherit (inputs.topInputs) nixos-wallpaper; wallpaper = { pc = "${nixos-wallpaper}/pixiv-117612023.png"; diff --git a/modules/user/default.nix b/modules/user/default.nix index 3ca0a250..3433b172 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -22,6 +22,9 @@ inputs: hjp = 1008; zzn = 1009; wm = 1010; + GROUPIII-1 = 1011; + GROUPIII-2 = 1012; + GROUPIII-3 = 1013; misskey-misskey = 2000; misskey-misskey-old = 2001; frp = 2002;