chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

init xmupc1

Browse Source
This commit is contained in:
陈浩南
2023-12-14 23:16:21 +08:00
parent 087b4f0a7f
commit 839e56e52c
4 changed files with 106 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.sops.yaml
View File

@@ -5,6 +5,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &xmupc1 age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
creation_rules:
- path_regex: secrets/pc/.*$
key_groups:
@@ -35,3 +36,8 @@ creation_rules:
- age:
- *chn
- *yoga
- path_regex: secrets/xmupc1/.*$
key_groups:
- age:
- *chn
- *xmupc1

90
flake.nix
View File

@@ -59,7 +59,7 @@
name = system;
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
})
[ "pc" "vps6" "vps7" "nas" "yoga" ])
[ "pc" "vps6" "vps7" "nas" "yoga" "xmupc1" ])
);
# ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
# ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
@@ -475,6 +475,94 @@
};
bugs = [ "xmunet" ];
};
xmupc1 =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efi";
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
gui = { enable = true; preferred = false; };
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "xmupc1";
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
gamemode.drmDevice = 1;
};
packages.packageSet = "workstation";
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
smartd.enable = true;
beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
wireguard = { enable = true; peers = [ "vps6" ]; };
};
bugs = [ "xmunet" ];
};
};
in builtins.listToAttrs (builtins.map
(system:

6
modules/services/wireguard.nix
View File

@@ -43,6 +43,12 @@ inputs:
wireguardIp = "192.168.83.4";
bindPort = 51821;
};
xmupc1 =
{
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.5";
bindPort = 51821;
};
};
};
};

10
secrets/xmupc1/default.yaml
View File

@@ -2,10 +2,10 @@ acme:
cloudflare.ini: ENC[AES256_GCM,data:k7ojGrQQN81OGh391ISD0vfmQF7P3Iiuyx4ck7FxB9h3hFyl6HsiJxp3tIKsFBirbHzePEtXZOYmYUkqqw2i8dY=,iv:RX1BpzeznkrXhLVoI1YwrlRDnkQqGYNw/xwQvN8P9JM=,tag:TOfGt4QwxAY2j/c1deKFoA==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:VmOiT6FYFEkMYTstz+4+4MSZSeOgHQh437j6Ccd/EhYVEa8iKI1PfA==,iv:C90KL+tv3ZpbnHqsKv0hLUprM1RKagCdU2ne3Z9Hor4=,tag:QVlJZL+bnVpjEzy4VF31vA==,type:str]
frp:
token: ENC[AES256_GCM,data:lo/To0asGgHnajc6GD6zh+e9onIwQ6XdfTA5wg7g+fvslzxH6eXhV+14Wkb86E2fn7AAlru+,iv:d2MHOCwc5E8nAcqjWxdzONPpjdFfJ01f01Q7a7C2CT4=,tag:5zzciq12PqWT29G+BaT1XQ==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:+UJjAWH31CbeQjWoFNeBW5Sqt/RoBTbgouelDYGKfK5G6uY+,iv:AzIpLV7NYeqZUmZ6PZNYFbml9TUPRLTFPeiRQm8S7X0=,tag:/lDbaFCUHmVYDHtmrMisGA==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:49BPDoNzzTJFRpIXw3wMRStwd66aG848Z5EUMPwMMZdWeFPBdDB6cHm9zQM=,iv:R6zsmALbV3YMFlIQlGpLqL5mNXeQXn6MbhAFB7T+nLI=,tag:WOrebshoF1V0u2+GnBMTXw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -21,8 +21,8 @@ sops:
UDRVZ3luNkRQNFdtYUF4bm4vd05mdkEKlX67g6DrurDVrSG2+5lj4wZ+8xfEpu9K
jAZ8pt1pCsrbkGOWOBD5PqbWn0X1Dms6F4qiyefcQlmIjhXc9/PPLQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-23T12:19:57Z"
mac: ENC[AES256_GCM,data:beF84oGJhqGwl7E7jan9oZMlJmPZrQdC0ZAif/zpCYwdy53v9J4R5RM7pKZ0CFQA+ubwW4GZXrv2qTLayV2FgRtu+TBWLeRF5t34AcfyMHmChiIuAjHljVv3Y0Cus3Ctt2quMpyvmYEGvq+bGPzi5BY+cu4PSQZUsUUDImjw7/g=,iv:pUEJKfzZ5loUJvzpCRHNpUK4aM2OiCQ8RLFZRr2iiVU=,tag:ibGL5Wb1PJhMck5RnPtobA==,type:str]
lastmodified: "2023-12-14T15:20:08Z"
mac: ENC[AES256_GCM,data:jPdmavg3atcQZoQwKCJf8f5TQ5L8l3snCSCv6MYJpbV3qjSCDKAxpJduXBlbSxWgUXv5dwuPbhCKnTIJhoWAEh+pE4BR+c5+nk9fL89IxaHZftlxj1hhPBoZRUyQLPe5ZaFyXFcwWNc93PZxOQ/g4z97C2v358puY3fDyOxOyqI=,iv:YvaCLaeYXMnJW0WL4TxUBqh8acXHOHuRXxJr1qH3VLM=,tag:AJH7q9zySk899IEuPo94UA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1