所有模块都整理完成

2026-01-12 04:59:23 +08:00 · 2023-07-27 21:50:51 +08:00
parent 7f5105a07a
commit dc18f6e51d
6 changed files with 73 additions and 77 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -259,14 +259,26 @@
 												};
 											};
 											sshd.enable = true;
-											xrayClient = { enable = true; dnsAdditionalInterfaces = [ "docker0" ]; };
+											xrayClient =
+											{
+												enable = true;
+												dns =
+												{
+													extraInterfaces = [ "docker0" ];
+													hosts =
+													{
+														"mirism.one" = "216.24.188.24";
+														"beta.mirism.one" = "216.24.188.24";
+														"ng01.mirism.one" = "216.24.188.24";
+														"debug.mirism.one" = "127.0.0.1";
+													};
+												};
+											};
 											firewall.trustedInterfaces = [ "docker0" "virbr0" ];
 										};
 										bugs = [ "intel-hdmi" "suspend-hibernate-no-platform" "hibernate-iwlwifi" "suspend-lid-no-wakeup" ];
 									};
 								}; })
-								./modules/networking/xmunet.nix
-								./modules/networking/chn-PC.nix
 							]
 						)
 					];
--- a/modules/bugs/default.nix
+++ b/modules/bugs/default.nix
@@ -1,67 +1,62 @@
 inputs:
 	let
+		inherit (inputs.localLib) stripeTabs;
+		inherit (builtins) map attrNames;
+		inherit (inputs.lib) mkMerge mkIf mkOption types;
 		bugs =
-		[
+		{
 			# intel i915 hdmi
-			"intel-hdmi"
+			intel-hdmi.boot.kernelPatches = [{ name = "intel-hdmi"; patch = ./intel-hdmi.patch; }];
 			# suspend & hibernate do not use platform
-			"suspend-hibernate-no-platform"
+			suspend-hibernate-no-platform.systemd.sleep.extraConfig = stripeTabs
+			"
+				SuspendState=freeze
+				HibernateMode=shutdown
+			";
 			# reload iwlwifi after resume from hibernate
-			"hibernate-iwlwifi"
+			hibernate-iwlwifi.systemd.services.reload-iwlwifi-after-hibernate =
+			{
+				description = "reload iwlwifi after resume from hibernate";
+				after = [ "systemd-hibernate.service" ];
+				serviceConfig.Type = "oneshot";
+				script = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in stripeTabs
+				"
+					${modprobe} -r iwlwifi
+					${modprobe} iwlwifi
+					echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
+				";
+				wantedBy = [ "systemd-hibernate.service" ];
+			};
 			# disable wakeup on lid open
-			"suspend-lid-no-wakeup"
-		];
+			suspend-lid-no-wakeup.systemd.services.lid-no-wakeup =
+			{
+				description = "lid no wake up";
+				serviceConfig.Type = "oneshot";
+				script =
+					let
+						cat = "${inputs.pkgs.coreutils}/bin/cat";
+						grep = "${inputs.pkgs.gnugrep}/bin/grep";
+					in stripeTabs
+					"
+						if ${cat} /proc/acpi/wakeup | ${grep} LID0 | ${grep} -q enabled
+						then
+							echo LID0 > /proc/acpi/wakeup
+						fi
+					";
+				wantedBy = [ "multi-user.target" ];
+			};
+			# xmunet use old encryption
+			xmunet.nixpkgs.config.packageOverrides = pkgs: 
+			{
+				wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];});
+			};
+		};
 	in
 		{
-			options.nixos.bugs = let inherit (inputs.lib) mkOption types; in mkOption
+			options.nixos.bugs = mkOption
 			{
-				type = types.listOf (types.enum bugs);
+				type = types.listOf (types.enum (attrNames bugs));
 				default = [];
 			};
-			config =
-				let
-					inherit (inputs.localLib) stripeTabs;
-					inherit (builtins) map;
-					inherit (inputs.lib) mkMerge mkIf;
-					patches =
-					{
-						intel-hdmi.boot.kernelPatches = [{ name = "intel-hdmi"; patch = ./intel-hdmi.patch; }];
-						suspend-hibernate-no-platform.systemd.sleep.extraConfig = stripeTabs
-						"
-							SuspendState=freeze
-							HibernateMode=shutdown
-						";
-						hibernate-iwlwifi.systemd.services.reload-iwlwifi-after-hibernate =
-						{
-							description = "reload iwlwifi after resume from hibernate";
-							after = [ "systemd-hibernate.service" ];
-							serviceConfig.Type = "oneshot";
-							script = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in stripeTabs
-							"
-								${modprobe} -r iwlwifi
-								${modprobe} iwlwifi
-								echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
-							";
-							wantedBy = [ "systemd-hibernate.service" ];
-						};
-						suspend-lid-no-wakeup.systemd.services.lid-no-wakeup =
-						{
-							description = "lid no wake up";
-							serviceConfig.Type = "oneshot";
-							script =
-								let
-									cat = "${inputs.pkgs.coreutils}/bin/cat";
-									grep = "${inputs.pkgs.gnugrep}/bin/grep";
-								in stripeTabs
-								"
-									if ${cat} /proc/acpi/wakeup | ${grep} LID0 | ${grep} -q enabled
-									then
-										echo LID0 > /proc/acpi/wakeup
-									fi
-								";
-							wantedBy = [ "multi-user.target" ];
-						};
-					};
-				in
-					mkMerge (map (bug: mkIf (builtins.elem bug inputs.config.nixos.bugs) patches.${bug}) bugs);
+			config = mkMerge (map (bug: mkIf (builtins.elem bug inputs.config.nixos.bugs) bugs.${bug}) (attrNames bugs));
 		}
--- a/modules/networking/xmunet.patch
+++ b/modules/networking/xmunet.patch
@@ -5,7 +5,7 @@
 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
 -
-+        SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
+	SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
 	SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
 
 #ifdef SSL_MODE_NO_AUTO_CHAIN
--- a/modules/networking/chn-PC.nix
+++ b/modules/networking/chn-PC.nix
@@ -1,9 +0,0 @@
-{
-	config.services.dnsmasq.settings.address =
-	[
-		"/mirism.one/216.24.188.24"
-		"/beta.mirism.one/216.24.188.24"
-		"/ng01.mirism.one/216.24.188.24"
-		"/debug.mirism.one/127.0.0.1"
-	];
-}
--- a/modules/networking/xmunet.nix
+++ b/modules/networking/xmunet.nix
@@ -1,7 +0,0 @@
-{
-	config.nixpkgs.config.packageOverrides = pkgs: 
-	{
-		wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs ( attrs:
-			{ patches = attrs.patches ++ [ ./xmunet.patch ]; });
-	};
-}
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -40,7 +40,11 @@ inputs:
 		xrayClient =
 		{
 			enable = mkOption { type = types.bool; default = false; };
-			dnsAdditionalInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+			dns = mkOption { type = types.submodule { options =
+			{
+				hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+				extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+			}; }; };
 		};
 		firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
 	};
@@ -209,14 +213,15 @@ inputs:
 							{
 								no-poll = true;
 								server = [ "127.0.0.1#10853" ];
-								interface = services.xrayClient.dnsAdditionalInterfaces ++ [ "lo" ];
+								interface = services.xrayClient.dns.extraInterfaces ++ [ "lo" ];
 								bind-interfaces = true;
 								ipset =
 								[
 									"/developer.download.nvidia.com/noproxy_net"
 									"/yuanshen.com/noproxy_net"
 									"/zoom.us/noproxy_net"
-								];	
+								];
+								address = map (host: "/${host.name}/${host.value}") (attrsToList services.xrayClient.dns.hosts);
 							};
 						};
 						xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };