Merge branch 'production' into archive

2026-01-12 04:39:23 +08:00 · 2025-11-17 13:10:20 +08:00
parent 5a80f27e3d 840eb7c09c
commit a4d828a0ff
5 changed files with 25 additions and 24 deletions
--- a/devices/cross/tinc.nix
+++ b/devices/cross/tinc.nix
@@ -155,7 +155,14 @@ in
  {
    services.tinc.networks.tinc0 = 
    {
-      settings = { Interface = "tinc0"; Name = tincHostname hostname; PingInterval = 10; };
+      settings =
+      {
+        Interface = "tinc0";
+        Name = tincHostname hostname;
+        PingInterval = 10;
+        TCPOnly = true;
+        Proxy = inputs.lib.mkIf (inputs.config.nixos.services.xray.client != null) "socks5 127.0.0.1 10885";
+      };
      ed25519PrivateKeyFile = inputs.config.nixos.system.sops.secrets."tinc".path;
      hostSettings = inputs.lib.mkMerge
      [
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@@ -25,6 +25,7 @@ inputs:
        };
        initrd.sshd = {};
        nixpkgs.march = "alderlake";
+        nix.marches = inputs.topInputs.self.nixosConfigurations.pc.config.nixos.system.nix.marches;
        network.settings.static.enp3s0 =
          { ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; }; 
        kernel.patches = [ "btrfs" ];
@@ -72,5 +73,6 @@ inputs:
    };
    systemd.tmpfiles.rules =
      [ "w /sys/class/powercap/intel-rapl/intel-rapl:0/constraint_0_power_limit_uw - - - - 10000000" ];
+    boot.nixStoreMountOpts = [ "nodev" "nosuid" ];
  };
 }
--- a/devices/pc/default.nix
+++ b/devices/pc/default.nix
@@ -13,6 +13,7 @@ inputs:
          {
            vfat."/dev/disk/by-partlabel/pc-boot" = "/boot";
            btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+            nfs."nas.ts.chn.moe:/" = { mountPoint = "/nix/remote/nas"; neededForBoot = false; };
          };
          luks.auto."/dev/disk/by-partlabel/pc-root1" = { mapper = "root1"; ssd = true; };
          swap = [ "/nix/swap/swap" ];
--- a/modules/system/fileSystems/nfs.nix
+++ b/modules/system/fileSystems/nfs.nix
@@ -8,8 +8,7 @@ inputs:
      (types.submodule (submoduleInputs: { options =
      {
        mountPoint = mkOption { type = types.nonEmptyStr; };
-        hard = mkOption { type = types.bool; default = true; };
-        neededForBoot = mkOption { type = types.bool; default = submoduleInputs.config.hard; };
+        neededForBoot = mkOption { type = types.bool; default = true; };
      };}))
    ]);
    default = {};
@@ -36,18 +35,17 @@ inputs:
                  "x-gvfs-hide" # hide in file managers (e.g. dolphin)
                ]
                # when try to mount at startup, wait 15 minutes before giving up
-                (inputs.lib.optionals (device.value.hard or true) [ "retry=15" "x-systemd.device-timeout=15min" ])
-                # do not fail, just try continuously in background
-                # nfs4 use tcp, tcp itself will retransmit several times, which is enough
-                (inputs.lib.optionals (!(device.value.hard or true))
-                  [ "bg" "soft" "retrans=1" "timeo=20" "softreval" "x-systemd.requires=network-online.target" ])
+                (inputs.lib.optionals (device.value.neededForBoot or true)
+                  [ "retry=15" "x-systemd.device-timeout=15min" ])
+                (inputs.lib.optionals (!(device.value.neededForBoot or true))
+                  [ "bg" "x-systemd.requires=network-online.target" "x-systemd.after=network-online.target" ])
              ];
            };
          })
          (inputs.localLib.attrsToList nfs));
        services.rpcbind.enable = true;
      }
-      (inputs.lib.mkIf (builtins.any (mount: mount.hard or true) (builtins.attrValues nfs))
+      (inputs.lib.mkIf (builtins.any (mount: mount.neededForBoot or true) (builtins.attrValues nfs))
      {
        boot.initrd.systemd.extraBin =
        {
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -3,8 +3,11 @@ inputs:
  options.nixos.system.nix = let inherit (inputs.lib) mkOption types; in
  {
    # marches allowed to be compiled on this machine
-    marches = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
-    substituters = mkOption { type = types.listOf types.nonEmptyStr; default = [ "https://nix-store.chn.moe" ]; };
+    marches = mkOption
+    {
+      type = types.listOf types.nonEmptyStr;
+      default = with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ];
+    };
    remote =
    {
      slave = mkOption { type = types.nullOr (types.submodule {}); default = null; };
@@ -36,6 +39,8 @@ inputs:
        # do not keep unused outputs, backup it manually on nas
        keep-outputs = false;
        connect-timeout = 5;
+        # https://cache.nixos.org 已经自带
+        substituters = [ "https://nix-store.chn.moe" "https://nix-store.nas.chn.moe" ];
      };
      systemd.services.nix-daemon = { serviceConfig.CacheDirectory = "nix"; environment.TMPDIR = "/var/cache/nix"; };
    }
@@ -63,21 +68,9 @@ inputs:
      };
    }
    # marches
-    {
-      nix.settings.system-features =
-      (map
-        (march: "gccarch-${march}")
-        (
-          if nix.marches == null then
-            (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ])
-          else nix.marches
-        ))
-      ++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "gccarch-exact-${march}" ]);
-    }
+    { nix.settings.system-features = builtins.map (march: "gccarch-${march}") nix.marches; }
    # includeBuildDependencies
    { system.includeBuildDependencies = inputs.topInputs.self.config.branch == "archive"; }
-    # substituters
-    { nix.settings.substituters = nix.substituters ++ [ "https://cache.nixos.org" ]; }
    # remote.slave
    (inputs.lib.mkIf (nix.remote.slave != null)
    {