chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

split machine config

Browse Source
This commit is contained in:
陈浩南
2024-01-16 22:41:03 +08:00
parent 67a03b5ccc
commit a624e98514
7 changed files with 585 additions and 554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
devices/nas/default.nix Normal file
View File

@@ -0,0 +1,102 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root1" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
"/nix/backup" = "/nix/backup";
};
};
};
decrypt.manual =
{
enable = true;
devices =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
initrd.sshd.enable = true;
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "nas";
gui.preferred = false;
};
hardware = { cpus = [ "intel" ]; gpus = [ "intel" ]; };
packages.packageSet = "desktop";
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares = { home.path = "/home"; root.path = "/"; };
};
sshd = { enable = true; passwordAuthentication = true; };
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
smartd.enable = true;
beesd =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 2048; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
};
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "nas";
stcp.hpc = { localIp = "hpc.xmu.edu.cn"; localPort = 22; };
};
nginx = { enable = true; applications.webdav.instances."local.webdav.chn.moe" = {}; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
};
users.users = [ "chn" "xll" "zem" "yjq" "yxy" ];
};
};
}

143
devices/pc/default.nix Normal file
View File

@@ -0,0 +1,143 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub =
{
# TODO: install windows
# windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
installDevice = "efi";
};
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
keepOutputs = true;
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel.patches = [ "cjktty" "lantian" ];
impermanence.enable = true;
networking.hostname = "pc";
sysctl.laptop-mode = 5;
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
legion.enable = true;
};
packages.packageSet = "workstation";
virtualization =
{
waydroid.enable = true;
docker.enable = true;
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
# kvmGuest.enable = true;
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "74.211.99.69";
"beta.mirism.one" = "74.211.99.69";
"ng01.mirism.one" = "74.211.99.69";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "pc";
stcpVisitor."yy.vnc".localPort = 6187;
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
};
bugs = [ "xmunet" "suspend-hibernate-waydroid" "backlight" "amdpstate" ];
};
};
}

60
devices/surface/default.nix Normal file
View File

@@ -0,0 +1,60 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
{ mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
nixpkgs.march = "skylake";
grub.installDevice = "efi";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "surface";
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop-fat";
virtualization.docker.enable = true;
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
};
bugs = [ "xmunet" ];
};
};
}

84
devices/vps6/default.nix Normal file
View File

@@ -0,0 +1,84 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
impermanence.enable = true;
networking.hostname = "vps6";
};
packages.packageSet = "server";
services =
{
snapper.enable = true;
sshd.enable = true;
xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
{
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.pc.chn.moe"; })
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana"
]));
applications =
{
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
blog.enable = true;
main.enable = true;
};
};
coturn.enable = true;
httpua.enable = true;
mirism.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "pc" "nas" "vps7" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
externalIp = "74.211.99.69";
lighthouse = true;
};
};
};
};
}

80
devices/vps7/default.nix Normal file
View File

@@ -0,0 +1,80 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "broadwell";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
impermanence.enable = true;
networking.hostname = "vps7";
gui.preferred = false;
};
packages.packageSet = "desktop";
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
rsshub.enable = true;
wallabag.enable = true;
misskey.instances =
{
misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
};
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
};
xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
vaultwarden.enable = true;
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
photoprism.enable = true;
nextcloud.enable = true;
freshrss.enable = true;
send.enable = true;
huginn.enable = true;
fz-new-order.enable = true;
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
httpapi.enable = true;
mastodon.enable = true;
gitea.enable = true;
grafana.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
externalIp = "95.111.228.40";
};
};
};
};
}

100
devices/xmupc1/default.nix Normal file
View File

@@ -0,0 +1,100 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efi";
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
gui.preferred = false;
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "xmupc1";
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
gamemode.drmDevice = 1;
};
packages.packageSet = "workstation";
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
smartd.enable = true;
beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.5";
};
};
bugs = [ "xmunet" "firefox" ];
};
};
}

570
flake.nix
View File

@@ -65,562 +65,24 @@
# ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key # ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
# ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key # ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
# systemd-machine-id-setup --root=/mnt/nix/persistent # systemd-machine-id-setup --root=/mnt/nix/persistent
nixosConfigurations = nixosConfigurations = builtins.listToAttrs (builtins.map
let (system:
system = {
name = system;
value = inputs.nixpkgs.lib.nixosSystem
{ {
pc = system = "x86_64-linux";
{ specialArgs = { topInputs = inputs; inherit localLib; };
system = modules = localLib.mkModules
{ [
fileSystems = (inputs: { config.nixpkgs.overlays = [(final: prev:
{ { localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
mount = ./modules
{ ./devices/${system}
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi"; ];
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub =
{
# TODO: install windows
# windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
installDevice = "efi";
};
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
keepOutputs = true;
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel.patches = [ "cjktty" "lantian" ];
impermanence.enable = true;
networking.hostname = "pc";
sysctl.laptop-mode = 5;
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
legion.enable = true;
};
packages.packageSet = "workstation";
virtualization =
{
waydroid.enable = true;
docker.enable = true;
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
# kvmGuest.enable = true;
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "74.211.99.69";
"beta.mirism.one" = "74.211.99.69";
"ng01.mirism.one" = "74.211.99.69";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "pc";
stcpVisitor."yy.vnc".localPort = 6187;
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
};
bugs = [ "xmunet" "suspend-hibernate-waydroid" "backlight" "amdpstate" ];
};
vps6 =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
impermanence.enable = true;
networking.hostname = "vps6";
};
packages.packageSet = "server";
services =
{
snapper.enable = true;
sshd.enable = true;
xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
{
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.pc.chn.moe"; })
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana"
]));
applications =
{
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
blog.enable = true;
main.enable = true;
};
};
coturn.enable = true;
httpua.enable = true;
mirism.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "pc" "nas" "vps7" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
externalIp = "74.211.99.69";
lighthouse = true;
};
};
};
vps7 =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "broadwell";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
impermanence.enable = true;
networking.hostname = "vps7";
gui.preferred = false;
};
packages.packageSet = "desktop";
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
rsshub.enable = true;
wallabag.enable = true;
misskey.instances =
{
misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
};
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
};
xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
vaultwarden.enable = true;
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
photoprism.enable = true;
nextcloud.enable = true;
freshrss.enable = true;
send.enable = true;
huginn.enable = true;
fz-new-order.enable = true;
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
httpapi.enable = true;
mastodon.enable = true;
gitea.enable = true;
grafana.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
externalIp = "95.111.228.40";
};
};
};
nas =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root1" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
"/nix/backup" = "/nix/backup";
};
};
};
decrypt.manual =
{
enable = true;
devices =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
initrd.sshd.enable = true;
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "nas";
gui.preferred = false;
};
hardware = { cpus = [ "intel" ]; gpus = [ "intel" ]; };
packages.packageSet = "desktop";
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares = { home.path = "/home"; root.path = "/"; };
};
sshd = { enable = true; passwordAuthentication = true; };
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
smartd.enable = true;
beesd =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 2048; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
};
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "nas";
stcp.hpc = { localIp = "hpc.xmu.edu.cn"; localPort = 22; };
};
nginx = { enable = true; applications.webdav.instances."local.webdav.chn.moe" = {}; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
};
users.users = [ "chn" "xll" "zem" "yjq" "yxy" ];
};
surface =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
{ mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
nixpkgs.march = "skylake";
grub.installDevice = "efi";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "surface";
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop-fat";
virtualization.docker.enable = true;
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
};
bugs = [ "xmunet" ];
};
xmupc1 =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efi";
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
gui.preferred = false;
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "xmupc1";
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
gamemode.drmDevice = 1;
};
packages.packageSet = "workstation";
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
smartd.enable = true;
beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.5";
};
};
bugs = [ "xmunet" "firefox" ];
};
}; };
in builtins.listToAttrs (builtins.map })
(system: [ "pc" "vps6" "vps7" "nas" "surface" "xmupc1" ]);
{
name = system.name;
value = inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
(inputs: { config.nixpkgs.overlays = [(final: prev:
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
./modules
{ config.nixos = system.value; }
];
};
})
(localLib.attrsToList system));
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont # sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
# nix-serve -p 5000 # nix-serve -p 5000
# nix copy --substitute-on-destination --to ssh://server /run/current-system # nix copy --substitute-on-destination --to ssh://server /run/current-system