chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 05:20:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:0cbeb830b9d6d31bfa8500bccca3c558d798082c
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
..
compare: chn:pc
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

1 Commits
0cbeb830b9 ... pc

Author SHA1 Message Date
chn
61ac5a0d5e Revert "devices: xmupc1 xmupc2 -> srv2" 
This reverts commit cac52c47af.
 2025-01-08 08:17:39 +08:00
450 changed files with 10610 additions and 12295 deletions
Expand all files Collapse all files

5
.gitattributes vendored Normal file
View File

@@ -0,0 +1,5 @@
*.png filter=lfs diff=lfs merge=lfs -text
*.icm filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
*.webp filter=lfs diff=lfs merge=lfs -text
*.efi filter=lfs diff=lfs merge=lfs -text

6
.gitmodules vendored
View File

@@ -1,6 +0,0 @@
[submodule "nixpkgs"]
path = nixpkgs
url = https://github.com/CHN-beta/nixpkgs.git
[submodule "packages/ufo"]
path = packages/ufo
url = https://git.chn.moe/chn/ufo.git

100
.sops.yaml
View File

@@ -1,59 +1,75 @@
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &vps9 age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
- &srv2-node0 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &srv2-node1 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &srv2-node2 age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
- &srv1-node3 age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5
creation_rules:
- path_regex: devices/pc/.*$
key_groups: [{ age: [ *chn, *pc ] }]
- path_regex: devices/vps4/.*$
key_groups: [{ age: [ *chn, *vps4 ] }]
key_groups:
- age:
- *chn
- *pc
- path_regex: devices/vps6/.*$
key_groups: [{ age: [ *chn, *vps6 ] }]
- path_regex: devices/vps9/.*$
key_groups: [{ age: [ *chn, *vps9 ] }]
key_groups:
- age:
- *chn
- *vps6
- path_regex: devices/vps7/.*$
key_groups:
- age:
- *chn
- *vps7
- path_regex: devices/nas/.*$
key_groups: [{ age: [ *chn, *nas ] }]
- path_regex: devices/srv1/secrets/.*$
key_groups: [{ age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ] }]
key_groups:
- age:
- *chn
- *nas
- path_regex: devices/xmupc1/.*$
key_groups:
- age:
- *chn
- *xmupc1
- path_regex: devices/xmupc2/.*$
key_groups:
- age:
- *chn
- *xmupc2
- path_regex: devices/pi3b/.*$
key_groups:
- age:
- *chn
- *pi3b
- path_regex: devices/one/.*$
key_groups:
- age:
- *chn
- *one
- path_regex: devices/srv1/node0/.*$
key_groups: [{ age: [ *chn, *srv1-node0 ] }]
key_groups:
- age:
- *chn
- *srv1-node0
- path_regex: devices/srv1/node1/.*$
key_groups: [{ age: [ *chn, *srv1-node1 ] }]
key_groups:
- age:
- *chn
- *srv1-node1
- path_regex: devices/srv1/node2/.*$
key_groups: [{ age: [ *chn, *srv1-node2 ] }]
- path_regex: devices/srv2/secrets/.*$
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1, *srv2-node2 ] }]
- path_regex: devices/srv2/node0/.*$
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
- path_regex: devices/srv2/node1/.*$
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
- path_regex: devices/srv2/node2/.*$
key_groups: [{ age: [ *chn, *srv2-node2 ] }]
- path_regex: devices/test/.*$
key_groups: [{ age: [ *chn, *test ] }]
- path_regex: devices/test-pc/.*$
key_groups: [{ age: [ *chn, *test-pc ] }]
- path_regex: devices/test-pc-vm/.*$
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
- path_regex: devices/cross/secrets/default.yaml$
key_groups:
- age: [ *chn, *pc, *vps4, *vps6, *vps9, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*srv2-node2, *test, *test-pc, *test-pc-vm ]
- path_regex: devices/cross/secrets/chn.yaml$
- age:
- *chn
- *srv1-node2
- path_regex: devices/srv1/node3/.*$
key_groups:
- age: [ *chn, *pc, *nas ]
- path_regex: devices/cross/secrets/xray-server.yaml$
key_groups:
- age: [ *chn, *vps4, *vps6, *vps9, *nas ]
- age:
- *chn
- *srv1-node3

32
README.md
View File

@@ -1,32 +0,0 @@
This is my NixOS configuration. I use it to manage:
* some vps serving some websites and services (misskey, synapse), etc.
* my laptop (Lenovo R9000P 2023), and my tablet (One Netbook One Mix 4).
* some cluster for scientific computing (vasp, lammps, etc).
With the following highlights:
* All binary is compiled for specific CPU (`-march=xxx`, like that on Gentoo).
* All packages and configurations are managed by Nix, as much reproducible as possible.
## Using overlay
An overlay is provided through `outputs.overlays.default`, you could use it in your `configuration.nix` like this:
```nix
{
inputs.chn-nixos.url = "github:CHN-beta/nixos";
outputs.nixosConfigurations.my-host = inputs.nixpkgs.lib.nixosSystem
{
modules = [({pkgs, ...}: { config =
{
nixpkgs.overlays = [ inputs.chn-nixos.overlays.default ];
environment.systemPackages = [ pkgs.localPackages.vasp.intel ];
};})];
};
}
```
## TODO
* Write this readme file. Something have been outdate.
* Servers in XMU should use vps9 to run proxy.
* Allow to specify oneapiArch and nvhpcArch per package.
* Update document. Something is outdate.

1
devices/cross/default.nix
View File

@@ -1 +0,0 @@
inputs: { imports = inputs.localLib.findModules ./.; }

27
devices/cross/luks-manual/default.nix
View File

@@ -1,27 +0,0 @@
inputs:
let devices =
{
nas =
{
"/dev/disk/by-partlabel/nas-root1".mapper = "root1";
"/dev/disk/by-partlabel/nas-root2".mapper = "root2";
"/dev/disk/by-partlabel/nas-root3" = { mapper = "root3"; ssd = true; };
"/dev/disk/by-partlabel/nas-root4" = { mapper = "root4"; ssd = true; };
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
"/dev/disk/by-partlabel/nas-ssd1" = { mapper = "ssd1"; ssd = true; };
"/dev/disk/by-partlabel/nas-ssd2" = { mapper = "ssd2"; ssd = true; };
};
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
vps9."/dev/disk/by-partlabel/vps9-root" = { mapper = "root"; ssd = true; };
};
in
{
config =
{
nixos.system.fileSystems.luks.manual =
let inherit (inputs.config.nixos.model) hostname;
in if devices ? ${hostname} then devices.${hostname} else inputs.lib.mkOptionDefault null;
home-manager.users.chn.config.nixos.decrypt = devices;
};
}

BIN
devices/cross/luks-manual/srv3.key
View File

Binary file not shown.

BIN
devices/cross/luks-manual/vps9.key
View File

Binary file not shown.

51
devices/cross/secrets/chn.yaml
View File

@@ -1,51 +0,0 @@
chn:
age: ENC[AES256_GCM,data:MSJe0mI4PUkl4B/R6no/Zsb7STRZcZBKz7+CckMnEuSrjNx/5Jxv6IugUEAREXEUxmpNi7Sx6aR8SYDqJO5UaaGYbCp+PN8DrBg=,iv:185PoGeQ3+D6rYI1xdfrciKu9nj/8d2yya//U39vS6s=,tag:mhP0Ix2iX3uaAqPAnin3Jg==,type:str]
rsa: ENC[AES256_GCM,data:yHnveqSfwd2sLYLOm4tkXoHj08zFRQsaSEL0NJz76dFCO/ZnyIbFh8WnW1y6bUUKzWl4AZxcLIBL0GCf+5R+gDRcXLLGCY6TziRb5fo/6ryJ9EbqntVI5V7oXUPSmGMPuhWcVFB2YurgdvFgXMAki7HMmXLD3xMzFp2/my1mBTOqksJiHL1Bq56bBOQihQ8FEpESc6E/lS7hA6oq8u2RIKKLDCDScdLTmbl1XmzO2xqoPoWJNGkW1PBVUzMMSfmfpswfUK4Tt09o7AwnCUsb5u4PC9aGLUdhjS/Q+zdDpXLZpU1VuX4Nypqmyx0v1KgMIDVu2FNl2OUbTvHCDW3OwMkCA2ww4OlD4p9BFTszAzs8eFxSyCZkiWNp+SfI9WgjsZV4S1nJJfIIlkZYqja7DYOQEyeS0IZ7jyuGsTBhy5iTjekiCUa9iEBXmHHw5I80H/mhDeLyYKnnSttPi4xNt8flO9k3TDURFNW4L/2sEexoL0BLCkt/nGolEcyHCvWKm+UOnfYEJ5G1/NwufFrQybzP+TuiqSauGk5oIEi/vvcX2/luwdPyOONeY2SrHoLehh6lhbM9WExdpSfawWAWB43NabKZf7Wp6JLsadZCUvlfQSvM7YE+Z9ZZPffsiPIiKkkABR5FnKVmO52AfX73r17VJgK2fMeabW4o1ktVzMX12tW2+GpzlOTDXcdKnzjdDQMv+u1Hyn9H/K1S1HmB9RZkyTXzUMR3iC5A4VSy+iFqIgA/kTvwKxjYfTBOvaME9kqqF40E+s7Vx2lM9gvfwYXm/OHSIKJkpo8m+DdGShyMD/iopZPW+QayavXdw1ilVWlJxwwCn+KDq/nsQhWMXH5A+7f0d/P+I2kKQWNNhAFm7Bq6+FrIa7FOT+u85Bl6r9rdnmfkz3rKYlvXFkvlr2fYA7UIzc3vFJadxLL1gvIeedmiuTgyY2JzljvWxAxOKbD9H/EAkl1dKMx2xc6IalXj1ERUcZSl90ijaUfkmxqFjZWXDkFLOipPFoNF4RXF0Bf7H8uWBajvrZOifwXoiYFygnl4vHbLQmdzgjs+lBEsEjTflCxaeRfGNUrqYdIN1MOOMXaaTBk4AkHHVxi6EplJS6Z31qnaecNGSlT2SdoGmKPy5IiS0E9gtOq9w81OBh85zoTh0I2XGWyJmhvOpJIReQEUiFb5vlXc1ryPp6etlitECxBTDGqu1BIqYroivwpWSLFYihOsZtmSUuRRRKlWMq19CFZ2KkmrT+APWMVBv4F/6uaapEQaLFrmDys2G4kCR7Arc04OvVizPUhwGPfcceG9VjsR/CJY/VUq1wFTyjrjCffyIOIXtYr+kYNFtYj5SekpopDxUCTAcuTdtAZlegfrqSss6nsBCFvMQUO30ng0rzRpTXnTt9iHkPnfXU1KLcv6lXU4+5nvHatICyaY0pYLNYWBzpFgp6sOiWWJCZi28jgE91HcaaGnleSoNw/ouTasgF23anqvcABKWuUMSRCsIsSBLQWDTPUo+jfm9NuzduDhIdYKhN0HMCCrHVJdWbYBmG23qqqHoHmEu926ClaP5VDo3PNci2yFKg9gcbjeWD4gCXoVE9tm1OwYucQyMyX/SVb0w+M+k2+yVX+Vx/LBqUkXtbWGfDmwHW3b7j3AZr1pHMx+Trv26p4V4cyOaf6nBezbawYF0M7pRHQQLXpjTru9c/dEEZCOefmDyzTLyShDhfCBiBky8hF0bf5NfF6NfL12fcMlAvtk8OaQC+gd4VL3umQpwmLO8pupnv/5tQAR3R37rfgkLv/N/D4Bbz84TvviEa9aPsY+1XlXsunYIkF1xJVunv+YAR4aexDfd6aapfdV1YXxhrvCMZNDF+kxQJ93i5o2+nyUvXBNrrqlWTTX3HSmTYfOZ5npSUMQRYUG2UduU56NHk8QmUi/mwZJX0mCrpHg2lH9+EIwdgMO8V21rZnE9Yj/ujn29lTvqEWOV1uHgbAS9fGbH9LsS4VhC7V1B4uWyzGEvj8g4hl+rC2c85v6rblgn409JTDCioffFlSS35+6AsKKO6u8Xh7neo8c5SxvYsEOW4EAfnemVns8TOdJViy07bB8XtZU4v2/MHhgA24TKr7wlPfrTvF9UFNx2OK8c3aYP78Xp8cb3j60z3HjqCFFEZyHDD4Ync5BFB36sBbqHHcah+kFl3ZtQnUI5LGZvG6mvSGFMmAhiEzTnsVN/TJglll2uXMIcZpJSwxKIw==,iv:Ks1ESu5QeD5a6dmk+0MHD8mrM0QejBSZwQ1fKjTQiuY=,tag:uLDGeiQHHUUUY00n4jlf8A==,type:str]
ed25519: ENC[AES256_GCM,data:/2Iqm2LOPkjQk0tEJpdICkiUOZ4fT/+tiEgpkCb02/YT+6l4W6cAY4mv3nQZOROaYg2gafzLT+e2UDSyX/fIbh3jA+OKnbUlWQVnzRUoz1QxdoqLjYTVCB5DkECYQveeWdt8Er1sGMzkdlvIkPdfj99RLmKKwwtHI1AXkR741V6t8X3LVRVFJrCBpudczA78Rr6CaTR5BXsEKxbXmD5kGJlYD70yHkrLA9MgWQa+/oIO/2CzjkQx5ULQ9fr/VwlIWXfLiCvHmKyVEtweqSSH3bSn1qC3usVAZaJSnOObAJGeQuS+FcxizbKDXjgc69Jg67mDf5k6VBxTF/xP0YegQpZlVxnwggSN6yyPHJ9zjk27NmsqHfE3fq/TQf2Pk91wIgfV0zN020vmidRKiP5z54aaEO6lnPHPELl7BZQ51NUyYKmh5SL6IX05x64GqRrbPtxhzWSj+WVeWmbVJcoxbohzugjTG1Uj+cxcEfqe7Th50pFjHbyCEIWxhk8toQ7r8VxkuYREkXwSYTm/mx43FZnwDhLkFuIYOh/v+7ln/Cxg+xATUbwZS6RwuN+pIRz75eq7VjwD9sb+pj2K,iv:FTrh8tnL8OlD6PkdXWnqFTkZ5VdxMJL5CncfjK1J/C0=,tag:+cWIwl0CZFERXZoegTpSDg==,type:str]
ed25519_sk: ENC[AES256_GCM,data:NFTheH+JMIu0bdyKOVgFjGIfgKE9o404S6EvK9yelSiYY5/WFRbzRwhSLZC9senT4rMUl9sErjix1nJMesV1DByTvdZqljPGChxac5/JglgZr9NgvhDYLjSnrT0GYlGAgxmDrnSHj2CyPm+5Ael27325QDMLjKnmluvSZaNB7qB+4BNQBEytx5NfLiA26EAxKPqMSDoFFZp/y6FdWFH4sEWz5WAp03shXs+EPmcnSu/9wykjwg7gKvbQJqoB3MJ5N4MsLr7EBPcpOdWvx0E5xZ8GgmuWYxRJNZDILfS5pgaD74uPEj1nODfGd3N0kBBCeKq/clq9hPDfjyrAmTd9EEDJu+q3nf7P6zTIZ0WJ1ZN/hnC7WcpL/p5Y4nDr99u1rd5x+hhk9TI07SPTJBqjpg6oAgM+Dq02jJvCn4VuoxlCTx/dkXyofReU0bjovUXOMEwCfxHwMDa5/QxQ2qYQhNC8x4O+DwxjnhNg1BNVFAVT4mBVxCshKyhQ1C/w8tBTJzD8YkigAKlokI5VoxCINex3SQs2+6NQpCOyiw6TMtH+M54zVlUQeKypOSNmS91crC52/6b9XMA=,iv:xDaelebavplMYLG9c2JUv1ceXJxejTuhjZ/AGHfklrw=,tag:x4zjZasKadbVDf8Zsg+wiA==,type:str]
rsa.ppk: ENC[AES256_GCM,data:9njXWqYEZ7jd0u0lvtmIarEka6n6oHmMeLFvBGejAt2cXZdrZzn5hdotT1+yGrPQYH5n5+f5R8E9wSAZK9Xwn5qfLxXkjmOOVd+L+UFr8fNwlac2GK8Z2OpYKSKg8JbNRw7kgl3ktu8xE6IWqTdL75idvW5JI9iXSSLT9o86oV25HN5Ku/JzRRc9ZlrSugxza/w2yUv7ICT4wGw600aXWhF4R9c2vf6+vZyxaBt7BzaT2+IPPrxDxoW6jx+1fATlwTSiqcKD/0ymy0Hk4ryhI6Vk7BaK5ePC405pdghXA3zwHvRKoFtZGPLy7+iQe4GLE1GEOLN+3MSSAlJEnGMKnwP93IqcAghIXAFXHaJzY1a/492waYqXCc3H/SOlI52oKjZY/SUKoSkDxRoY0wr3OdseFgV/BEWgrunN0MakTiqY6Q8okMX3LXeaUHwnIK9t01eLpvIUA2Y1wI7Olx2Ez1Tp1yPjACTZlQrOPOiCeumlRey15bGNywV3p+DY5wM3zqBn+529MauJv7W2NYIJ6do26hAVpe5FMYb0l/G8AYg0E+AJ2nfVRb8Gu5MxprSNQQEMca+PxKSsmCvicBeNuDreZwt7vpMAb8ndv8O96k8cz2G126Rpe6dgsf3XND3VLWJpYIJYG+KA2AaVCvayAcHRUfIZdZ+wMDJFP+nQHk8wH8/Zu6mWL0nkgFMIj7C/xymdIO1Ugc2CjUlZZtSkgZ6JnAQ+rs94B7QBSCcEnkd4kOU4CvrH1eIyxXS1YH6KhYVhOIXeZFvtI38ergae/ruHfruU4tYk9sj+MmiK7tQDVfiu+XY56mrYt46sDOe36nUDAw1xMLV18Wu7P3wh2zwLrHzRcpTljlcilEh6NQTbIZBm5oQUCJhtYkfPtfsOUs6EKR6Zte1xQE6jdMES6Nnki4OAyv6ZC847jZGkGVg2nFkg8K0d3HoLqsIb3AJMgSNoZtImsGdo4I/jgiBdt9GEjXj5o6zYAvt+F/fea8Lvz/JveU4eL+HA5++pSuuFH33eYntPsPeoi3aXMt3HgHpan9hUAYNSTn0IBrEbsFPkxdaPVhyVygZo7nVzMc1z8xRhMuDv/0DlRpSzd0CM/5nFsaexX03W2ByKUatEP+DXxWswXXV0pod1Q65Jp8X6jr3KrGdzgQ+xqT7yCLDInMP08ug8d3MV8cPvdTLKRy3H789WyBKKH9LE6L36ron3571L2C1YRqnSaCtLF4PZWcYhR8QW8DWhU/tQVPc39ny0PazwEKJK4vAuFc9voYTHMgYJ9fvM+TCRQVRi92yECtHO0XsS08UVz4aJpiBnpCf6k26e9Fv5nZkpjeG8l6j1/FLSbUUzM8Ig8JVJZXOV2mkZxB+UVGAaIAaIFuxHJ0u8EVqNGW/yRneZiFop/j+4/rUmR5QaXsqlp6dIjqGiGQxkAsNVc5TiRG4ChQJn50UyqUFWNT/YIFZyJnE051ztZzl0DXoqLdfjn63HJZ0E7OLVwpe6xYQ3DGvwmH+siq5mdjbhF8477C1oes7q+Pc8L8vlYRTIKeLGm5asN2ZyPDigpAnDcPsZUh4Z1EY9/uu1CTG4A2yUdx1Wk9+1ZZf+X8SGK5YyQofuA1WJR3Nxvxr0K2ThUJc2X4jy1x5FCWqINotiHWEj1VLKUEU/eqWcchp99/r6Ai9DBrsuwd7zLq1/EzWyGRFL04aoaHWkzq/2uxs5mBwJYAoRBhXS544JbWgl3k9gnhiTdwzmHxuJqGLQGGLT4kc7va/ym81dPQE5QlMlEsmf0ecHyT9X67GYIsxQtxi8tepM9ycWVRkH2skYVSodOdNvwRZkmtJIzw2lECdx3Sx3u1RAudXMUdGzviUas1+4V7L5w95QF8mQCS5gkHwu11mH6T6aRGLFRUfKNkbOGoiCzOeGsnoQr0IzkwWZ6Kpk/1z8txKIxNfdM3woxAGKbQ==,iv:rU+t8OnwA5yGRQZYSI9GQcfaZY2EjCPxrsoSzlCy1Ok=,tag:5H2oYeXpEkwIhtnAz6uywQ==,type:str]
xmuhk: ENC[AES256_GCM,data:I87DH/L3FE/qmYNJ4GPbvuEZ0BU3ljoxjVO+C4UUSGiFq+d0SwqteH8X36SZHsPVOJLtbw+HDxvHuu8avCdPgyg+utYQ902PnU6ldvxpPak2eK/mZQo9KOKNQa6U2QPL7Yq3odemlAHTTp8BD5yOc4gnxGP5/TZZt3jcSAza17tqXwO1dDE0o0ilQ4v5SW4AtBF9Tph5sTyYy9+RlGagvUc35hgl00gDzoTd8ydvFGWSVKO5nTRMQQUfJ1/t5L9ruH4+5+W7Ic6bRXGCSSJ+iKUUcR/N2Bjizcae7TOXZ4VmqkCBHUYDcRnI7kLI3An2dliuPsgyIGVBOzmayNFn8MXjJritptbbm1zC60xzJFaamkQdSTTwUBXNVY5Y/0m/W20/AxyMOvpyxWCDx9XKYK9J6BxqI/uSkJ+IIxHZuiDmY8pF4l6THOd37anRxP2u3S2+yv1sVxqu1cVKR4fmtKqry27KcGkRFwU78qm5QQlSOcxXNSp6gsX5BOb7y0f6rWekRmHLN3gcXJPpEF3AYRXhQZs81J9Tij7F/jemXSG8282PHkvZOnnJQZjb02uVu5NxF+8couaYF18oFjncPlPDrJXEtT2tSabma0fneiLDXnlZ05oPXyWbn81b/KvNxgsDnUAOf3p1sdmIcMG2FLSc2jmaeAF2dCnn7EMjWHwpoR9OeTt5Iq2XIvBzqLsq0dfX22OFCxdO+MX3yWEwZQsU/78n45jiIMOFHZq7GuUsMEd6/p1A9yyuEpkhgqxKRPCIzbmJEaLDAiFSeKw5Q8y5u3sE6NWCJouRsyYaBVtjBYuPCxRA/C5MwiJNL8GCxC++GYWn0OTiAmLMbFyFWVMtwcfVD+SRaOdjzL6v2VvtQpAmNnz4FXdQUb2PpImN/s6Rdg1ca9hPMVkqqgfdc5OC1KvwJP6M3s6g7xzarzTz0whJ0mhNthAHWa0rrnnIEdXa1bdxMEHafkv0VTsUayqfU8kA6pILUFz7d7pot1xrs7ucgw+eqT193kc4XyqxJQK26eWuUVyP1Qd5MnBTQnFXplqIY2sTjisICpvhEAdDeWNN0ouXLFEuQfvfINTydGgITMfQgZbdUuqC4PtdnatZGnwEsuXjRpQ2SA6y1mP3gG3AEvfYnhgg+S1F0pcpN4sa9B1DHvs6ILRaNSnHTHWklD1sMD2YXTgpuFHKtxZMa7dc+pCh4vyGViSgauNaACK/91+OlLPoeIPeQoREvzkOhz+VYXRtG6N5lTMLuubhgOdicBKz8Qt9S9BZTOiJ1hEb4uXXTXwkgulUa77Rd5HEnr31l3BvsNrCt3fDNT8Ec46ICeoRnDjPEIZpXTTUZc7C/J1UUuDCQ1dzVmGrZaM6vyRCFzVa6rgj138CkAp2zF5QzJPyHtyrciPCQfgLweAoT6+tUBOngZNcZ+gSZYrA4uRmwlob9Af6uZEL/GA4zRcSCj73h/7VDhjI4IgaxtiTGsMEmHtGBdryVIPuT8eRcdx6tDkulgQvFi0ku9iqKuBCYpveK+y6OO+5V7GIow7gMfU5AGDNYTNkrVIkhV+Bm5Y3s43eHhda6xxVFR948QvrbYIf3PFMcla2tc0LTOk7r/Fyt/3ij77aVjblq+gfoPtFrbEhvg9Yp8NDnlnuqYel+D24eV+Gd6vY79Gu+JGMgZvFlvEhqJSrKVQ8r4lXl8FMP+S8P5XxXkzf6SNbj1Qm0cwTEtg8p00vt4vH8MaYbSFSSwUeJkOEolDMFSW8FPvqenz1tFq8ShFXB7fuNaU1iqyldnSU3xpswjP8RyrSkZPMClSr2esuLx21+YYSJ90zHtB9kLGdTmp9D5hkGa4IpsbvGVlEvB+yfU9AoFwOi+PoajlxabMHFqIwlyGbl5pXd8Da7PFI1PGfkUa9rPBiusk2IDhXGJn7M00HcWzSjfepkE5EbxzXH0NlsXsqCpGlP1KvDIx4NCYMWJgf7iWebytUqO+AR8nAZlIV95b22EzcsGjAzo0SfqBQnyE9D3y4x/JdKKVy8rW8w/++DeAqQw00VE1JfFubi9NLCzqUQV3zgrEb3SC0yswCMowydXV8Ahl+79Km3Hdnm9H2s94iOlIWMCOV/RKWI/qZujq4ccQdvl77GC+5vXEY6bccNfkIMNPCby9O2383EmS2PzLzMdV0rEBoKkotib+i9IRVKIWJ+pwJwWF/ZPdO/ZcX5ds6oT/U9+RLk+Bq2eLAUwHEVd5mhw2V8Ngj9mp0O9P5vcWQhovnYQRh0WJwJUM1mWfiVLS1IZktndP1efTWR+SPw47tuVcuMcX3vxfReERMAIiO1EcR8+9WYzoSasB16sm9sN1nJUx/LgThjzRTszfy+GFJJZ4dIY/noYyH9LvIz5rHKAAbja5c0PjB22DXOdEjARoXIWHTTH1Ab7/eVk/ixbHOx9sOET9C/koI/URX1XtTRIuM1UXt4OJbIn3fvuPOywHTkWeF5WV/19ZrMHSIM/JHGYc4au/sD06C+wJZseXLPXSIJF2LgabEXJjvHsb++gccqD0GofcJVJzgYuOaJ0ZydbJn670xa/qludJ1nMuSEc3Py4jTOs0vyfrMkDQHWUScT1C/HsQH1YcCKeyAZMSh4hphM7MtAY9v60cnhsyOAwmBhVaZGZSaFIWyf1+ea2eTLnF6HEF0HSYl7L0hd1i8bPBxoyjB2DIbxbzR7TiaMuPQ/HPNhZhXuFfZK6iBjrGDlhGCn/vlFgsSCGCdcLwKBdC8dpfgpyf65ccvtIXMQGFZMQynIDNCBnALF5dtTQprXf/O1WRuZSLAF/H7q+2gXl9hMKeCLWfGbGE/cWvrRw81efgjUQ8AuFUttR2wUL2u26JgrDuoCG9+vhs4S4x2tXDooucqIRQDAUEIE6gF6NsWDi33K5baQ3RA5Z6btNPNQkqXtz4yQE0Zlh9mFT/jkXGRfZ6RtJbT5jWdHQONXaTHTFK43eZlViM1VydoEwiCrclyWYHWswKyLNjQWATICe7X9NYyU/S/Rj9dIRUUzm2KjLfMEfjyiLS5MLDu9lmKUdXAcz4nFcCWIc4VRR5fMsMh6Zvk8eh/vn176Ic58byvfjsAAflZ2QQyZLaA+Utr8YbpxwbRp8WYg0Ktt7q3rlh2WegEa6wKdESqcb53dlK8qw3ICPW4XhFAA37Ru4zlZ5O+ayDoCvrsWE924VXe+1ctjGQ5via4ctDTXXl+GALQPbLmEfwSyvaC332fbZ6YRM1fY6GmnliWCfgHh0cPwuGNmXbhn/Bftsy+jL6ljma//pnkHfQrynho8XeW0edyrXY91CJtkHKhF4h4SVq4tLQ4cRFEjFfkwy4UXZ7m6AnY1cr83iGqbuU1TnKn91mxiBoPWx0arRHeTSCK/xRcBOF7NqBdmEMMefeq2lLuv+8VVKFBFUKCL5e0rKcQ1N2G2ALtrgWVjsaI0eJSyD9aGSADnlMWu14g/msECa5Clvzw2Q==,iv:cv9sYcivQZc/hz+Sri9iLkRHV3uStIvwT2/083DsUtQ=,tag:re/iwRtY/mlnxibqXBnkPg==,type:str]
github:
token: ENC[AES256_GCM,data:hTmaIFtLYkrcqz9uVcP/g0mdEIV7ujN6z3m/Hr6U3lk4sJS2m7Lxig==,iv:WpTW4mM6XqPnpAC47fBXw3cKbfEawZKeNBi2fFoKbg8=,tag:rgDmc2WRKhLQrHyUI2O/Bw==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S0QycmIralcxUVc2TFZU
SjVWZHpJT2tZQzByRUtvbzk5OGFHVzY2UlFFClRMSlIxTmk1ZGZsazdkRDRzOEJ5
NVZYZGhTdFJIaHBxT1BlN0NDdkEzNEkKLS0tIFBzYWtVMnN2YzRLdW80WTUxS2xZ
QnRDZEpyanBZRmVuS1ZjUHNTbWdpb28KWO91rInbh3dvKgVAICB/GAePL9XfsKK8
VDbUUst0RgI/z4xKftw+49HJWvzFpo+pzEzvsU5jZiQwIH19ufGcZg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2a2V0Q09VYW5NbGpkZVBa
Wi81c2lTVHZLeEpaeTB3UFh5ajNWZno5akRrCmdHS0pDdnVqMExkR1V0aEg0OHRn
UzA0YkwyMHZESHNtbm45MEdsdjF5NTAKLS0tIHBIbFdndk1kRU5nQ0pBVFZhZ3JE
TStEQzdYL3VCbU1yUmdmd1RKQVYvbzQKx7fkginIVesbwrM9/9JPKpJMcHhxqJS7
lOa4aN7TlcTo2QswOABJCKXyZwb3LpWoZioQ/jvBPkSFxKarTBC2LQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcWN4b1NnQ3VoUC94elFm
VUUwWGlveWUreTk2VG4yMmhzdVd6VEJaUmo4CnNhcVdRRVRoTUFpUjJlVDNaWlZ1
QXVSVWZDNTlUdWZpVXpqQWl2RXFzUkEKLS0tIGdMbUVLTkJzUmpxUWZieEVWb2Zr
Zk1hSFZFaXQ1ZVcyYnFhUHVaWFM2eEEKMAhn8H7rIt82esqOEwL+19zKxyB/0KjI
x5S/tAzJIqRY5qilkEXBDekgWKFXj7fLKRfifuWAYT7tMC8E2bODVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbjVoUHA4RnBVdUZVV0Ft
bUQ4YmJJNVB1Ni9RWW5SSWpzaG1ZVGYzUWpFCmJvZnFZYW9sWEo5amhjYkNZVWpm
SE1xb1c3cjFaUnBITDIyOFhVRFdPS0UKLS0tIFQ5M29rRDRIYmxPeTNHYWVubkMv
UjFLR3hxSVZVajY0WURiUklveHpzVVkKUwCaBC10Iq931J1umHA3xCWfi1mrmTAx
vaJiadYqmMSwYk8g5thQ4jjweh133nL1AdxjmAZOVPgYUr6rmcRfXA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-05T17:54:13Z"
mac: ENC[AES256_GCM,data:cCa6Jz53okeMQ2BI+lcJojbo5NDfcyBmROwcC4O3olGC2v3QU4Qkchx2ju6+8LhPR0uTuPA4ENhotoeAK5A+8kwdsJDvGT8si/GNq6u4UWqZuXZ06Op0R5OU10vJT1qEKwYWhJMX8BRsFK7Ab+J3hz5UnOyYlpcmNQtJBEkzwqo=,iv:mct+fwOwKEb1eSqpBNA71SXjS0AWQDF+rzQBv/zABYs=,tag:42K6sYGwPxVHTdDgzOSZmw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

179
devices/cross/secrets/default.yaml
View File

@@ -1,179 +0,0 @@
users:
#ENC[AES256_GCM,data:2KeaiyOl51RB,iv:BGqlx1jzOWgG1zaxGfDtWfpbrgFCgAiTbPPMHoRP6KM=,tag:VhbvcwxV561iB03zIhvPQg==,type:comment]
xll: ENC[AES256_GCM,data:Y9jk/9yKwYiUeC9h7NkNNRYllyakXco108J8ZPLYQT+u7NsIMZ4kw27IjV4ytwH3k5Xid4jLKEsmKayNAW7kPNdbFfACcugL7w==,iv:cDtPmsHefigsqJZMPqOReVj9YOOgDXQhmulUHYUqYfo=,tag:8SS8dstzuon6f3y4pVA+wQ==,type:str]
#ENC[AES256_GCM,data:fptM8gt/IHBZ,iv:gX09x6/ZRXIXG0wOFBUCj6ZtMaTXebcSzvFMsS8vxcY=,tag:M5KFPF8Gmsd87lQ/hqhXnA==,type:comment]
zem: ENC[AES256_GCM,data:w0797tV3yFqXbZmhB48kvxK1SJCAFpIjgja2sai2YQB2Z3ELJaQMTIsmgI6p85m/Q15nzFVPdEAsxz6ts3eskRttOSw9mXeNyA==,iv:D3yesKHqbhab1Zk5ZKAm9sKi5KXVt+0JD0pOO5VgptY=,tag:ySURHTqQc0Rxd2u1igZ8Kg==,type:str]
#ENC[AES256_GCM,data:XwSZ0w8UgIgR,iv:i4tBBEC/lagRmk7AbzFFjDEnKOzxObkTul/wc+tyyXA=,tag:EKrU4YZ4iOaXpbn/lrZJlw==,type:comment]
yjq: ENC[AES256_GCM,data:Oy6b2sl59z2WA5/ifzJoq1KHzvbo+Izwac7yInRPGURxymUU/KvwW8p/XXIJsKkd2BjNaYkdELjNVrhTFd/tRhK+mCy8GSK4Lg==,iv:AGVSFIyqI5HNA+5e+ME3FKKoYMS4MCi4gjaxknord1A=,tag:ayLj6n98F2r62WdDqIaE3w==,type:str]
#ENC[AES256_GCM,data:H1WyypgcuhcF,iv:mw2bcXzisgxeUIw6zC4nwHPhsrz5XNIsL72aGyEwyX0=,tag:A2Cb+DuX0BM61TK6/nWEgw==,type:comment]
gb: ENC[AES256_GCM,data:ZfcJtiEmdZux90Vqn/L8oq16C10rfRPhxX+FnskJ/+OfdAVheEt9IeIdXpkVfIXU68rIBhDFI60Andm9gmddqoQqHhBj/W9gAA==,iv:fyCkc92YxeIumHODfOU2PWpVfeDJ8RKxKHRfFUYGF0g=,tag:cIn5rZSN8fONNz2GNSUOow==,type:str]
#ENC[AES256_GCM,data:5q0u/KpWah5X,iv:FiMDektaHAFHenCT89skQ7gQgoMHdY8BtoyEv0L3npA=,tag:tNtRbpY2bYIUVjLx+IwGvg==,type:comment]
wp: ENC[AES256_GCM,data:EcAOCjsqNFzRQtgjgtLn4X7G05cTN/SCmEGCtV/DRISj20Y3kMzbOSmtJoeII7mVA1WITxjhyBXX7abFjD80sZMGF4Th87kXiA==,iv:er9mbrz3F81vHLGPNYiyVO80hOXI3ZjFUuJbMaYWNeE=,tag:le7Fw45V0pdkHoXywdjFsA==,type:str]
#ENC[AES256_GCM,data:bh0mHOovPAba,iv:doFuGvLagS17tgNm28J+T1qTvXAzPsenVN3heTDkNts=,tag:e0lsqlvXVk6lDqe1xGkemQ==,type:comment]
hjp: ENC[AES256_GCM,data:agAmi5i8cdAC5B75E92PbDGG399AJyI87zbgErtYxM5CHLTBxPjAfqLLEAHTdRbfo53wHQEbG4/fFkunwrHrCdspKtsuFrK4xg==,iv:m+MregSzL5EsuNW/oiJXJIFeq4n1CAaQQV9AKId7rxg=,tag:nOI//Z/4gBfB7F2jwX7cWA==,type:str]
#ENC[AES256_GCM,data:jHalo04u3gd+,iv:RjIwI0Kqmy0uVTxRRu1gNG/2eZXnl7iiuC9KOSV1RfU=,tag:Jvza//JVEtLwdtYk5+sY+Q==,type:comment]
lly: ENC[AES256_GCM,data:5ZHy3nXe4SoGi+hu+woQwB/h7HyLdDlE6fkO6FXttEW4ZaBjIqiXOz2M9XMTmcMih9S7fGJPXDBD76oHGVY5W5ytyi3i1wyaFg==,iv:RWhQFYAIs5AELumViQRTsVPNfsV59zQYDFVX+DZpPrc=,tag:R3E1IBUAN7XOjrwNEwjZ5A==,type:str]
#ENC[AES256_GCM,data:fz4CpQWCXmHX,iv:8UexUxCvtcmk7S8qPdKd3jxro7PspCYX6G7ujAEQ7HM=,tag:LgyieyMQ0zZLD0EW+POeoQ==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:WfdbkyWIDl+lD3xPC5TMBQ+U2hIjHYyhNhnZ1PH9uowSdRCqoPAJ2GS7X35WrlrgTl67ByaTwhXP8r9LR7eL0YwdivTL/wxOXw==,iv:OBaEPQVBeShs+UH2BBIBLGT44tPiVyQ8G1ReZ4jALH0=,tag:SnwGrb3eI57rJUoqE6HR0g==,type:str]
#ENC[AES256_GCM,data:OWTTbVhXIxSp,iv:GP6a2S9XdQ0xzTBQ91zkEgrNMtY1WVodTH/F/wh/mqU=,tag:6nzpvk9RFsAJxaL0Qiau0A==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:NMnWdKTGyK9AhrmzdDaxgzeFbbc0TGPlfYzOr7g0zexxBTjyJiwox9thEglkkyA23e5GgNs6zObqUknZT3M7/epzbQDoSQYCmQ==,iv:+nSj1P2LlME48VjSF1t2ziPkhgKiDlLkAaL+PBCV/hU=,tag:41YqBFHAbfrmbf3kVC45CQ==,type:str]
#ENC[AES256_GCM,data:0QMjEtxrhSj8,iv:YyMHdZTx/OViWBZ+1CGGAwaOLlqR6WdrKG1g44sZGYE=,tag:N5uMwbWJJF+DGiopdYm2Mw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:c+HRdDZPugIVI2vmuOlorhjZzxS11c6CJiZ3ZEwFFHfIoIUmGsXoRPGraJ0BjI3W+XZbI6qk211yufTgXLVj7nOVi0PW/9mteg==,iv:H8DlkTjkL/f6Oa2LG3dHRsJuWkEqokUJ/mjMyDnEAc4=,tag:0QmUyfAbYnn7vs4AdwQtYw==,type:str]
#ENC[AES256_GCM,data:F347rPlEQZyz,iv:VlbVlc/tFmmoe8lVDza7ZJgHavZ/1NM9mK3KZNVrpbk=,tag:iRdvv0ajtgrJgMe87vBFfA==,type:comment]
zzn: ENC[AES256_GCM,data:P76cGOGJK3B7Z3nxZ9BlvvyegJ+4JX25kax7/Bj/0VKsH1cGEfyvNbPH8qYUZqm+zUvqEoFNZKWM4+IQKO7Zo9IXCJhGItL1Nw==,iv:e9lnHecgzSrHJkxumRpKGHzGlYbM5Yov4F4Dd4fIqrc=,tag:G7Cr7d1KZfldzYNRL1eSpA==,type:str]
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
#ENC[AES256_GCM,data:B8NX79g1IqmiNdO9pmq11g==,iv:Uf4dOMGCa73+YgFwNHUGmrVQW7zDavyUn8pVlZIlU0Y=,tag:Dp1g1k3x6LYgyHoyOnXdnQ==,type:comment]
lilydjwg: ENC[AES256_GCM,data:/2Af4TldHmIbMzv8aDrlhElrsW+P//5cF7vQy/EzcKVa20WhLYIM1KICweZRdxE45FTWsxv+Fp21rBoQS89QePyVAw7POhtceA==,iv:Yv0J0GAWuBLSziHEBFPFSVg0kHjVf//f5ZKYLpyyjDA=,tag:+fJKhLhUWGqfjiSumH3dgQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
user:
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
root: ENC[AES256_GCM,data:KFyR8e+rt0E9,iv:i13OWPwPGpHP8CEGGVm24KgqEOxrqeL+Y3mHBYuntms=,tag:CjKuwE+USmQq6gncXQDrJQ==,type:str]
maxmind: ENC[AES256_GCM,data:KfTXvxX4zzXBfNMPmZY1z5jTHTByGfH9qEo6EUAQqZ1JOtNUomOWNQ==,iv:KcexOWAXFhWfli6bAMZ+61x960trZ3iE9UYMuOtJNms=,tag:reuuIe6MkONpeT44U6yUjQ==,type:str]
acme:
token: ENC[AES256_GCM,data:DrNdcyf2tiZ5nmjYmsG13V63ZuZhNG1c/kkGM7eXQWvRvDbu37nKWA==,iv:xc4gtNvZ/BYG+KmT1XgFfG3Z17bBLURazG8tz4/laxE=,tag:khnYVQWjiiaQC9VsJyLV6A==,type:str]
tailscale: ENC[AES256_GCM,data:ajw332lHmxY8mdaxeG6zLui3Coc7z/3+ojBIcZHBY8KhpRbEiAj6n8yIIj/7BffR,iv:oqCBZsrYz6bMax96QQVWhcXnppx676TbUh3Vl4qJh00=,tag:557nZp1SE7NsUii7QUtSeQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBma1JoNldVdG1yNVYxVm5y
SWVEemtFUUZHOVVRa2ZPNzkvRWxkTEN1MENBCnQ4elhUYmRuL0xPUVlBbFRNSUFp
YTFIRVlHaEdJMlI4TENIS09HcVVrSHMKLS0tIGErY3pJaG1YdmthU3BzZWtCeWkw
Qk5TekphSjFqVmg4dEkwWExjek9GK1EK+gzFgvWe2otn946O0roo2K4ADR/U96Co
tw0wIOTxw6dtkntbvZHVz3Mh38K5mBpAjPLzyd4IjuUy2AkNSkwGew==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMW4raDc4V0RWRkljb2E3
a1Q3ZzBFVnVpWit0andqNmNrZkZqS1VSbjFnClM1WmVDbUV1TnAwRHJOU3ZsQVhF
a0NQZng4VURGSStCT216OGJuNU9jaWcKLS0tIGY5YW9MUjJZd1Q3SVNEdGVTS25x
bytMcjJTeVh6a25ZR0JjV2dIa3BZM0kKi/b439/DJPLu1ccqYmVDQMAOaT8Rae0U
cJlTLPHiN+YINT1/NMT62UuPRbGq5puK4v2IXxWo4Xc1KVEwE4j78Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUWo3ck9qN2VybUJrNmdk
Q1ZlMEJkRFh5OS90cHVheWhoUmNveGQ3Y2l3ClorWmlCUEhpWDAraUR6M1dlTTdR
QTRCeTFRUUd6SFBaYXBDb1VFc0ZMbW8KLS0tIDVXMEhVQml5bW5MbXJqYWllZnJL
TysxNXhwcllsZGJOejZXUEZkcU55M0UKvIwSQ49VO9cJfRPKzEzly4R6GAPOyi43
5aWMh9Yu5EpZTUmyg5MByBdd1ENZZfqy0u9U1BiGxq7fj0DM/pYWjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWHRSNFBqVHlSSHUwOXRS
MTFPdFZQVzZ5VEpwVE5EN3hqYUZWbEtoNkNNCjRwRUlKVmFxTDNiOHh4TWYwcStP
UGRLMmN5Rmx2K2VGRCtCOWNmaENEZmcKLS0tIE1oZUdxRFNXTEljd3ppWXpUUUhE
OXMydGE5T0tCS3BUQ0k4bUlEdDdPVE0KFiFCbmzRDXz33uh/klHEDdTP13tGWV4V
v7GLkjcoDyYf/4N7i8meu77E2zTMiTdDbUOF0oehFPTDrM1TwJ8LtQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSzJGeDJYUHRtV0hGb3I5
ZUlBRnRKem1ucXk0VFZvb0xlSlBkeU1ZeFJvCmFJeXM3eGJBcC9IWHdSV05obVZq
b0VOT1NzdzhKOWVYZytQOW5UTXlDS3MKLS0tIHc2U0crejgzTUtVbm9VN3pVNzda
NVNQU1RNdldXR2ZoWCs5VlZYV1JyTWsKayt8OOhvopxjAyNMgRTwZVHaRGApUURE
V0jeyb/l03hefxUkEsR1yxsQemwJAbbzhhjnsWjjxJ7Zt+bh4FdHiw==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbE1uZlFXRUdkaGNWNGpn
b2JiT1RoSWVLVSt5VHQ2bVRRU0tnVWRudDF3CnVsYXk1R3RGTXN4MkRORERRYXhq
UFJkOTZ1ZzgxVXhxOVZ5akpqdDBKNUUKLS0tIGpDS1lGMTRKS0wyOGxyejZvT1F3
WjVLek96VW5iNHhxSytvZDVDSWcyRW8KrGqY/w8wOaw+PEAVNMtTpsdSjk+gD+gz
fzs9+4uo9Y2KzjCJ6oHIVC4Yz7VkG9Ipo9p6Jd82SJIGcuRtsVljKw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUnJCdXloNk1FdnlMY3BZ
QlFrdkJEYktwYlRLblhQeVZER2pEYWd2UUE0CnVaZDk0b3VoRjlVRVFXVmZQNUpR
bngzcHFyaEREaVVIRnRhc3YwVzVwT1kKLS0tIEprbDl6NVZTSzZPZlF3NjVUODFD
R2EvTERKTnpoWkdiRVd4c1Ywdm5OV2cK5DR+WLAYmTRVyIP3kx9ImL7oFou/xyJJ
P2GNebydAIBPdRmnnPSk5qsGKxZBpiXesSpPCvf71NSp0ayQWtuaZg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbUtDNk9WUXBYREJpNnNy
MDN0WVFRYzlGR0FxTmphMnIxcW5LcGZOWUZjCmRnd0ZNbWhwb3h4ZEVPSm00MGlN
SjRYZllXOGVXNjdUazR6bHlSemVscTgKLS0tIFh6aVB0QzFsankzUWpGVG4rTnNp
Y3ZGaDlwR0lmQkVnRWxVNGJqS3I5NHMKF7nBtR4gQQ3SMPgsRLczQXlUBFa/+2ND
sAcakFO2SiXnfMJTaEdZmoH6gVDjtGhxb72jNbx4c92yFUYNJrAn+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMysyb2NzMXRlMUk3YnQx
eFF4MEU2S0pvS1F4Q1JvUnVYcStDZURuMjJFCnRadVVNbm9IV01ScHlEK0kwK3ds
Z1YxY1pMT2RZL0pUZ0pPOUZvQ2xYYmMKLS0tIDE5K2xjU2dFSGZkeHZUNDNUMFhj
d0Y0ZS9ub1dVc0lSdXZlOXhMWEc4VkUK7S2XKWP/nHs/7wY6Qs2SaqY7HoAC3h3P
S+xf/tGriY7pKXIA8OSn4v2NQGE44LA8sk18c6cpH0KxdgMh+sumXg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY05iS0V0aWdVWm5iYyts
YlBNSEFQZ0Nxck5jaWZublZOeFhvbmxTOEV3ClIzYnZ4bGZrT1VpZVZlVTl2YXdD
VmFEeUFPbTY3eHNXZk1jVXAzZ1paK2MKLS0tIHBsV0wwNllza3JZTzlqbE1DQ1Yy
Rk1rdzk3Q0czUW5oSEh2NEtFNitHOTAKe2uoBtAswRNNSV//PI7djMWRy7mYyJpy
j6a+cyUQ6ZTGsMTWIFTeymq83Kn/gZNxlgmFWc/NWN0t/i84yQM+iw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ0IwMHJZc0dFWmNVNkQ5
WUJDeE44SEpyLzdVUDdQTHVEdGc2OFpiQjJnCkMxRlIrcGU5WVRtdFZqc2oxdjBh
NkRzN0Q2MGNqZUZUMWNKRlF4czhubWsKLS0tIEdKVGU2RE01QzZ3WlJxU0RrUWtk
SFhBMzYwMDN6bUZyOEo5R094QjgxSWMK61kBpZIHQyB7fPEHw69c2pKoR0+vP6U7
1gHTVBIUvMc2UbuAvI3tSoNmSDYHpm8AE+1m0E3eZZFHbZYua9+hKA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdlJ4QWRPUlpwSlJYaG5K
UW05aURRSHlXSmJZekhoZGtlL2dLcUQ3VWhzCmRsM3NnQU1ITGNkNnJETlRpUVJI
VUo0cHMxS3FyV2FsNk1iK2U1cnhaL00KLS0tIGx3enAzeHBOOG4zdkVXM21Ldm56
ZFA3YVNEM1JTOW50NGxWaXllZFFnSWcKi2LFPb9Bo+XtViBFz7x8jn8Xpn6K5dbQ
PJIepVai+5XuuhyUJXKf48b5jUT/FWIKHWFZicrLBuadWx7iHCX4Rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRDlUcStHUFc4Vm54YTVV
M1V0Ujc2RENybTFVbHgxbVFZV0F2dlI1UTBnCnd2OWhTc1g5Yk0vR0Q5VmpHUitX
Y29malU1VEN0WW5XVVFWTFg0S3RFSmMKLS0tIEJKZ0g1U1hWSUZvdjQ1YW14bnFR
Wk83NU9XN1pxWHZ3MWo0VHpKek1HOXcKXdzEIlwE4riww33KCRcWEAv3vUQhSqG7
4ndZSMOzl9LMGJM3tvX+49TpdoLn+pkrE8g2BcBZPA2UsO1a/ASj2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMWw5OXk2bjdHWmg0VGJI
MmtRNk5jUFBWc3gwZkVTbUIvNGN2ZlpZcFR3CkJ4Q01CU2tCZDF4djBOSEtzUjZS
TFN0dWNlZDdmSnZYdlo5aUpRNDVXaG8KLS0tIDVFdllPdVFUbTFYeUlHUEdRMjNx
dEUxemY4Nmp4djBFR2ZDMWZFS3VmOFEKCIeWZZslOeXVY3hqzyIEUeHPzN4Pk+xw
hCtNDvShZqcjdR4qwHHQwPjiiZvVk6k0M+GPH2KXVarbIlkqiwHPzQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbVpDMkEzSFRhMTE4MktT
TWN4ZTRKUk1POWxsa0pPMzZZS2VtN1M3T244CjRJaFpaK0VpenNvWGZNZzdUVGdr
RGVycHBJM2VnU29TQ3JmMEJyUTg1QVkKLS0tIGJlQ3NwMjFhSkkzRmwyaXlYZ3pN
TXZuTFNpdElIUkNrcHA5T3NKQ0NvY1EKG2FGYxVFp/oa7kxpYD038uUHfZDuoQK+
7hsk7Tn+KTjTYs0E7soMcGVr8GRcqcJFXRjt8hFtw9HLDlzaYK6uMA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-06T12:38:15Z"
mac: ENC[AES256_GCM,data:aIN1vCZVyKnZYmsWwTuClQT+Xsqx46HpFQo/4ZYu4V8WcDtR8UaIH2K/vq6LiJ3bSD06xxR3U9Ljc67hhehiFLMJr00l4KoczLvYYiQZKWC95A/OTyK1UeMMyioBYguDrmIKQiR+sUF/juPn7BjXdygYuVzkH7iLiTz4DczjIhE=,iv:zOZY/pBxieuNhWXonF/mq/0NoM2pgfWMyekx1C+LV78=,tag:EYZndCzRzV+v3icoESW+CQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

98
devices/cross/secrets/xray-server.yaml
View File

@@ -1,98 +0,0 @@
xray-server:
clients:
#ENC[AES256_GCM,data:apFo,iv:GVyUtpmMFo2KR06S6hgm0Zy/iUJk4cbi9Yl/TiNkxfs=,tag:KdaMi6k9bLqlnVeCZ5Ohlg==,type:comment]
user0: ENC[AES256_GCM,data:qbXM3ZlNPd2A8Jt12qO1huCpXEGN1MsL5oPPYIuIJWtJd/k4,iv:3/be8p4HZnRbplLo6XrVa8TCvnLGRB0pYSsHrqZnZuM=,tag:SiViFW7BHISfR4CTqZHHCw==,type:str]
#ENC[AES256_GCM,data:qK++2XZ8JQ==,iv:cTBGDX7ZvPuGBbueoxTaTRhAk94J+MVhLmCwPNYy2WM=,tag:cgcxD8niAhRzBHlW0Hb4YA==,type:comment]
user1: ENC[AES256_GCM,data:qrsdJEEH0K3FQUBy2z6uXgg7iIhSLjNdhytb4nlXWDS4s784,iv:2/QfNMq/mvXVr/Kkt1/8QT0SLQRMrIMQi7lV9JwtJUY=,tag:XraahXAHu6agGAzTIs8zNA==,type:str]
#ENC[AES256_GCM,data:HBbmq8qGjZXo3w==,iv:wUeTTL2ceksqBvjxtUiOAlZmmuvXktWB/DoEFUBGsMM=,tag:QTEp6rrFXyLf2UHtE4wcUQ==,type:comment]
user2: ENC[AES256_GCM,data:QjONa3SjB7B/uzu9g8Um9YB8JsIoGdWmvk7A+hSe+TniPHql,iv:7OH4gspFB4eIAxGBHTFBEq6y5N1MTErbgQ6jzbyXUIo=,tag:X8h0gidTnD55KKSFcbuiLA==,type:str]
#ENC[AES256_GCM,data:dxMJLsx7IPiEN9g=,iv:JtDsa8j4alMMm6v+Fv5CUDiliLh7iz16dSgEQQcjvi8=,tag:5PgogsAqbeVMEtpFCHOWmg==,type:comment]
user3: ENC[AES256_GCM,data:exjMqGscWD1EzA8PTGw4rrd75K6SVFPuiaixE5iCRIkGLyYZ,iv:dfP7ZOaMtNCFhWvfkaFeFPFUZD4h3vQhoHj/SI3+bG0=,tag:ohkuRMP7qVFtNP8QOFb8ng==,type:str]
#ENC[AES256_GCM,data:uSJneMPH2A==,iv:BIyirNs1W1SJ/f26D4V1MwQR+AllT4Se1KmEeHzqP7c=,tag:99GkRHlVdfhxdN3zaPN/uQ==,type:comment]
user4: ENC[AES256_GCM,data:2efLv9agodkVcZSBBsVzPPrCze5cpb0C9A3WkZIrfoBF1YxH,iv:YBciseSbBo7Wxm96X34uHOwTHoxMJL5bDWhQm66s0lM=,tag:T6/kBJPZLTj1l40mnp97xA==,type:str]
#ENC[AES256_GCM,data:x2izZg==,iv:MWq/PyJtSeRkvjtLOcuy1JZ2RA1JN+qfrkWNdH3D3W0=,tag:Y6MSxOQsxPIpeB3U5L5LuQ==,type:comment]
user5: ENC[AES256_GCM,data:t8agOEuxDtEHx4fmw4okIskHP5DBuY2NaMKL6OBBv/F+Imxd,iv:PKeQgxq/E4vE4FKaG8uyFKhuMAzhPlUpE25UiL+9oGM=,tag:DVPzdtcG3Hck5HQ1c2FoKQ==,type:str]
#ENC[AES256_GCM,data:LeZZ1g==,iv:1c9z1Id4SOy5M8zXbEBzK3ePaKm5iDlyGjPuxvd/P6c=,tag:D7s1oWI5ONur/zbJLFhfEg==,type:comment]
user7: ENC[AES256_GCM,data:Yk6XSTV8fvLEDOKO67WA0DkPPHWYMPHbY/agEo9N5UZKWd34,iv:VnfMVQeVGqEsrI4+F5FsJz+btO2JjIJ7+Xtb1y/a5mg=,tag:VFuy2HFuR/xL6TpfI2pXZQ==,type:str]
#ENC[AES256_GCM,data:LJrX+KL9IPx+Qg==,iv:CeDhlFJXwxNQf25V/z+1nK+l2ymkVhkKPjeqY8Txfn8=,tag:KMnvIEbhqKCpQK+7XkoR/A==,type:comment]
user8: ENC[AES256_GCM,data:qZlOJmLVhboazv+RN6TCOuxPheeM3+pmur8ZggaPlOJAyOYo,iv:Mrq1LLte/+8HzOZI3yKapH/vhEfNW9lP9py4JYkdW8A=,tag:HA/XFbLK2cu5Qx+F78M8tQ==,type:str]
#ENC[AES256_GCM,data:oJmtrGgpDsGGFw==,iv:OKt2T7A8X+ASW1AB1TisTqTMKaE5xQsrW/gSwTfjHBw=,tag:/OCwEYiQIK2MxfgpGJdQpA==,type:comment]
user9: ENC[AES256_GCM,data:R/R2+4kR6EE8CpVONcmkHDSBfvG1Vo82fXCUYA/XGfQL8Hu3,iv:iqkivoGnvNKWOXw+CQ+/xfQeRXfG/OSUMNmv1ZfcyUU=,tag:xeEWhHBR9dRyx542G6ywzw==,type:str]
#ENC[AES256_GCM,data:StwPOQo=,iv:VkuAD9NevMl0hdnb31vWN5CTOKpt/2agjjx0QUpkVf4=,tag:jPW4n28Yx7L2FOV9qC50hw==,type:comment]
user10: ENC[AES256_GCM,data:QrYqOyxFkNTNk1gzxZR5tyQCInAapf7ZQs5ZSDpBwysgolKg,iv:BJuTVRvpEKc6OpTtiwCmVwySoLSroxr7PrcHStezgAc=,tag:5j4TsHjyiLJPqZNtzvkhtg==,type:str]
#ENC[AES256_GCM,data:qYr1yinZQw==,iv:hhPlIlvqTQhx2aaykfvYHfp4WOPkUvt7V9RYyF4M+9Q=,tag:Zo7nVeDN6mEvLLQVQ00vbg==,type:comment]
user12: ENC[AES256_GCM,data:UP6+WhGaySTAu/CHhPKviinNG4idINYQrS9JS/rRARcC6D83,iv:KeqVGDWmukQmQP6jALXgiVu9tdYTdbUoLjuhio04UJw=,tag:0Lg89PSA1mtJbJxELu1+GA==,type:str]
#ENC[AES256_GCM,data:vwcHgHRYjkNISQ==,iv:dyjjpPBApwwMKdzBezl3CoplmqSkd86Xg/Cqt6LEI4U=,tag:iqSnfbIUE4eBcNBRn/4E2w==,type:comment]
user13: ENC[AES256_GCM,data:BC47uCs4ww6GvmVDyyxsfU1neXejZ7G2A2zgjdsABVCZBKRu,iv:n4+JPd35lhDaWkcf7c826b2eOg/UDmuarLYIjtDh1co=,tag:lD5gwDyiZ85O4790O+u4Ng==,type:str]
#ENC[AES256_GCM,data:uhxnoQ7KcZ6MFQ==,iv:aM3zaFvL2Zem9I1sC+Guqw33Zl3hk2RxBn+oP9xaHUw=,tag:2bDvig8aIN9mpvMeX5FU1g==,type:comment]
user16: ENC[AES256_GCM,data:zWOkpPwFoXUirk21I+VwAhX0uZ2j+W8dDCaYAnVQdpqCrTo7,iv:IAl6jhop6l6IqetMCd23PEqE3WvErlXa6kBbKrIni2c=,tag:Kk7alU4T0PeYSgfq3LbP8A==,type:str]
#ENC[AES256_GCM,data:+GWm3samEUggJw==,iv:LcLIjh1eXMT4JIxNPyCbgiqUCZyS6mUv5E6kYnupasg=,tag:C/P5lscrlu56o532A+qjlQ==,type:comment]
user17: ENC[AES256_GCM,data:pyaEKKNJrwJ7cVxHg64dVT3i08Wbboo1wmGC+U6qW1l73oHY,iv:AkJ32rtr+a50xw30Jr5/Sb/flIK7cJG30Iw44Hb5FUU=,tag:d0c+ezonaZ5mSFsPCRr+lg==,type:str]
#ENC[AES256_GCM,data:v8kPeimXbQc9fA==,iv:f4kPRsNSUpqy8Vhe1I7CoN5X2kq/h74H8GAbkKmcslU=,tag:6RiCtYXezZ1+7e3DI0Jlww==,type:comment]
user18: ENC[AES256_GCM,data:oza5WDfR+sGXdW5sTrHfjl1haxq8B6r3bddChsmV6FQIz/AF,iv:hH3Zr9gsd+fdIdbZTMD8L5c71WtODm/yLvj0TcvSa4Q=,tag:mQxIYxnyvsNPhlXC6SwcHQ==,type:str]
#ENC[AES256_GCM,data:t088qCSsFlUCHw==,iv:hmLtwQVU4sfaPRDs+hk4LuMGlLFh4X+jq/Lm1BndyyY=,tag:JkqjOFPqYZ6PkjDV2DC1LA==,type:comment]
user19: ENC[AES256_GCM,data:xALQ/0gw5FeInNhWACt4aL0PJhnXBBMrDIcmC8DuwKy8X8YS,iv:4AT8vFMFSnQ3f5W9dXyYlYGHegnN7+3Jvb+6AiIotgY=,tag:WLRWve/V37GK52xX61dphQ==,type:str]
#ENC[AES256_GCM,data:q9md9z3G56TxRxo=,iv:7iqkqUZkdTYZgDFG7W4LgUxu1Ej7BW2bbf/UKO6XHm0=,tag:rtTIzd11/w+ZaWylDO8qcQ==,type:comment]
user20: ENC[AES256_GCM,data:FoJvPPZZxUjPF/41kZnFeJl0tA6sMo3QZ861gJyOj/Z4H5b3,iv:oGjaZ6S4Cx18qOuxPhiJXsKsHgv78y6u5oe3yWegob4=,tag:Yaln5CwBcQxmOmPxK3QFWg==,type:str]
#ENC[AES256_GCM,data:NCSde360stul/Bg=,iv:s7sBwjT4gWqkRp2qRs6LVWmo6G9iul/YYGwFriLIOgU=,tag:b4n6y2Z9bGfdnMEd0Om1Ow==,type:comment]
user21: ENC[AES256_GCM,data:1ORcDJ3eb+ohwWYVQa2wqoEqJD+1SiSFP3ZGoSEzmn9v41xW,iv:QkZwkI4wxO6ELWozCSZCxR4/FUSeGSbPx655d8RzsD8=,tag:i9KcmcoV57zKNvRIMexV3g==,type:str]
#ENC[AES256_GCM,data:0nKWzfJN63aG,iv:TsVdd7xhf0m0v4hWYSrbLyU5yrfviBqWKW5iQ9fwmN4=,tag:h6k5YwGO3rWAdumWEWjOjQ==,type:comment]
user22: ENC[AES256_GCM,data:AOLJcash08/caBGQwAomJqn6twokZT3hR7v06LsA2SFzPO+d,iv:wR10fgBQJFdKMHiwnGrcpAPodojqF04MqICz3hS/NOg=,tag:i7QScjq+Q3bGCW31kmZ8cA==,type:str]
#ENC[AES256_GCM,data:MPxp5ByvaGlzT6E=,iv:jQgU1CkGL/7HWrPBfcuolcbH4JywEYishMgMs2U+Hf8=,tag:nUYRxYhuu84a4fB60c3/qA==,type:comment]
user23: ENC[AES256_GCM,data:Tu6wla+a1YJrwl4kPTBvOc7FfslJvU4dqvM0x8WWIgqMvtKx,iv:zHAK7zeW4oXnBDFhfhjYXG03utVV4e3Ytq4B3n2U1+A=,tag:LuGmEksvoxip5/2SUPptIQ==,type:str]
#ENC[AES256_GCM,data:N90c2ThJckmw+AE=,iv:Lrw0p/HLzWdz6WyO8CjHfnuIHsZut4eUcg786AYhGLI=,tag:J3s1QHEqmxA7Twaqy28X2w==,type:comment]
user24: ENC[AES256_GCM,data:oCBJAUCZMDMXcwQy5WTx4mgf+2R1P6GW3H47DQCQlqD3w/E6,iv:eBIbcALdsBo4DEgrqvF/Ikz96tDznZfGnyswPpnHF0s=,tag:VH9UpMdSCv6mUJhbNbB5NA==,type:str]
#ENC[AES256_GCM,data:L8sLOCZPDuDs/0I=,iv:fTGz1ic5oeVhPDKoioTBqaVgfPMx41Drsph757OJNZI=,tag:akxseSJLwJhQBbFUAQdbyw==,type:comment]
user25: ENC[AES256_GCM,data:mjGyAwUjgdnyIXwsHEF/QbZiyqF9qpq+iIFkG2YH28hs336f,iv:dqLR2uy+VguRnmn9HRuS8cTPf2n3Q7Z64t1n/iQInhE=,tag:CZHGF3z0pi6YD+jzXv2ZsQ==,type:str]
private-key: ENC[AES256_GCM,data:j3juaKDM2ybruxp0T+7BkGBRwLWWwZARnHg42r/lDYNn+HPSAAc3dKQKFg==,iv:lzyHejiEri4S4mzDPm7xtbvbva3Nssmx0MCzyt4SngI=,tag:0FpbyU7OlgpaLIoj93oNFg==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTXhTN0RXRWRLK3A3RFRJ
ZzRkQVg0N043N1VObjFpdE05bnM4OWJQOTBJClhpVVFNN0ZmVVpzaThyREhLeFpI
SnErNXZVSWd3RW1DUlJ0eVpibTg2SFkKLS0tIFNVU1VCL0t5dWhRandrUmpITmlS
SW1mRzMyeVNpME53ZXhwQllWV1JxbkEKWze5y1HRR/79k7AIvofuc8RdkQVIEsJ2
H2djW/x3KmKTtDVB9DTBQZHpNOOHIJ/nX//JP3s93xvPUizD0olQHQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK1V2eks1QXUzODJiWXRD
Vi9pT1hBNXNDODE0NUNKRXZPbEJobVpEaWhBCjl2WFhiZ1Y2dUx5L3BaVjdVdS94
bUlKeGVNeEZJanUyazhsVG1ta2d6aEEKLS0tIFJYaVZCWXhyTDJNTW1EVnczS2ti
K1NNbk1uYUdpVnVYZEpiN3ZtbEpOK2MKI9G4JCU47BiW1zpWCgqtHuUaryIF3+Xn
hqE4/OIgF8od70eNZ5UWvMneQLsnDEcIOa9i9D/L9A3Hkn5AlRoPQQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MTZIWEQ1MVI0ZlNobHht
YjJjYndFaTVrOVNaaTNuVU9nNHJRdWlObkhjCnIwSTJBM3p2bXZOaWRZZ3MxSGV3
emJTL3JFQUJPN1d0QVEvVVU3RC9kaWcKLS0tIFNYZmVrWmVQRXd2MXF5NHdmbFhG
Q3lSOFNsdDRkWHJlazNCL0VDK1czdEkK+kp9jQrSV1IPTG+r8q0MRD9jbPSj0z0I
dVxhPAUNUqf4MPM/YbqA5YOhwZ89Z7gXsbtFezZbPNxIqyTISgcmJA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2TGVpNmJ6bU9veTA5a2g5
VmFEemxkTUtuMllJcnZsWG5lOExkalFHNGtzCm4xSnZnVHhrWVZFS05MQ0xtNElw
dlpOU2JuSHFuYm5KUncxaFAwaUxhUlkKLS0tIGV6a3A2SnJWbEVvTFFNc3dHOU81
N1htdGwwNWtHR2R3cGdtNlF6ajF6MkkKSjbyxsPZYeXd/4A60g8E1aSIIwR3ca9g
/9p8PV1duXhKkJcGKgDiwL3FxrFZ54rpySZeqMC16nQtnk3Fzt1k9w==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaTZIY0dmUkFHWHNKZHN6
aEZyRkY3b0tnRGdJREQySHJBSkMxcFFxeUdzCjluYW0yRmM0V0RTQUhhcTFYU3VH
V2ZjK0grR0NEYW5kbzlVMHN4STFMdU0KLS0tIGRoNWNZTHdOWUpuaWhRQVZQZlkr
b3ovaWVTdHJ6SzBrS0JlVk5Fd2xBcHcK+RI+BsGiVQpd0hdAPZJwbzbTsb4xql6b
ozSUmoy7yLD/ubeKzkajXlF46ya5LonALUFkw6e0nbHKF85Rj9OBRA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:47:07Z"
mac: ENC[AES256_GCM,data:ekU7qBI4r3IEoKKx0DWooK8chmKt52ciKMBAbY3KxsWIN384mP1TLsmjSVB2emVgiJTB7fVHq5Zu0RZOPbrRdqS+FnRnlSwf7GdTxo7VjJV3/eCoMwsV1UEwsqTqr8DUhaYDlT8Wm08THrarlBYaaOKtEJ8Qas2ykOxVyJbyzAI=,iv:y294b1hMUX7GM/AjjEEbbpv4woIrj6OjRmNoZcRB26c=,tag:THsUv0NdNZWtrecpq6xtzA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

118
devices/cross/ssh.nix
View File

@@ -1,118 +0,0 @@
inputs:
let
devices =
{
vps4 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
};
vps6 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
# 通过 initrd.xxx.chn.moe 访问
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
};
vps9 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIG+D3saEp9zThXY466WroVtqIbBSYK9M/QcsiuGgxsTV";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINBXlJjt2XoJvKQ8Mb91dSF1ibJAwOYzx+TPeTW6nIlT";
};
nas =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
extraAccess = [ "ssh.git" ];
};
pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
srv1-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; };
srv1-node1 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIFmG/ZzLDm23NeYa3SSI0a0uEyQWRFkaNRE9nB8egl7";
# 不能直接访问,需要通过哪个机器跳转
proxyJump = "srv1";
};
srv1-node2 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDhgEApzHhVPDvdVFPRuJ/zCDiR1K+rD4sZzH77imKPE";
proxyJump = "srv1";
};
srv2-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp"; extraAccess = [ "srv2" ]; };
srv2-node1 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
proxyJump = "srv2";
};
srv2-node2 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIK9FZUOZ51pWdm2grTXDdSGMZ3g9DkvHUBvY8bFoTZjy";
proxyJump = "srv2";
};
};
in
{
config =
{
programs.ssh.knownHosts = builtins.listToAttrs (builtins.concatLists (builtins.map
(device:
[{
inherit (device) name;
value =
{
publicKey = "ssh-ed25519 ${device.value.publicKey}";
hostNames = [ "${device.name}.chn.moe" "tinc0.${device.name}.chn.moe" "${device.name}.ts.chn.moe" ]
++ (builtins.map (domain: "${domain}.chn.moe") device.value.extraAccess or []);
};
}]
++ inputs.lib.optionals (device.value ? initrdPublicKey)
[{
name = "initrd.${device.name}";
value =
{
publicKey = "ssh-ed25519 ${device.value.initrdPublicKey}";
hostNames = [ "initrd.${device.name}.chn.moe" ];
};
}])
(inputs.localLib.attrsToList devices)));
nixos.user.sharedModules = [{ config.programs.ssh.matchBlocks =
let genericConfig =
{ forwardX11 = true; forwardX11Trusted = true; forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; };
in builtins.listToAttrs (builtins.concatLists (builtins.concatLists
[
# 直接访问
(builtins.map
(device: builtins.map
(name:
{
inherit name;
value = genericConfig //
{ host = name; hostname = "${name}.chn.moe"; proxyJump = device.value.proxyJump or null; };
})
((device.value.extraAccess or []) ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
# 通过 tinc 访问
(builtins.map
(device: builtins.map
(name:
{
name = "tinc0.${name}";
value = genericConfig // { host = "tinc0.${name}"; hostname = "tinc0.${name}.chn.moe"; };
})
(device.value.extraAccess or [] ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
# 通过 tailscale 访问
(builtins.map
(device: builtins.map
(name:
{
name = "ts.${name}";
value = genericConfig // { host = "ts.${name}"; hostname = "${name}.ts.chn.moe"; };
})
(device.value.extraAccess or [] ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
]));
}];
};
}

217
devices/cross/tinc.nix
View File

@@ -1,217 +0,0 @@
inputs:
let
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
inherit (inputs.config.nixos.model) hostname;
publicKey =
{
nas = "sSN3eeBgrMXF6/XYfEBe54TXmfHETOESX+SyrpGlmDK";
pc = "soafMZ/0EViMhKYNc8g8pp4sbhR/2HnnXwGQln0BgCK";
srv1-node0 = "ZKUwi386ZssXLQGORUzlRxof7NhXigUw3QZHAP0Pb8N";
srv1-node1 = "5eti59LrOMejEWYDxOYrh7SD93nLMSH+iX7vaBN4BrE";
srv1-node2 = "e6jW9g4QY357ocMRoW4P0s6UHAspvKJzmAGb/WT1a+H";
srv2-node0 = "zTv+o7K2SpcPp9YLrPe8iJqCunrCiJyqz13fXcDouEH";
srv2-node1 = "sk/w+GBrt0lzkTZ3y3vZ/eHKNrG8X95eqR9IuhCFYwB";
srv2-node2 = "csZoiTwZItonm6h+uqkJ5z9J6o1iFlBESQ2u97Wz2JL";
vps4 = "N03OoCyj4ADkeN3cimJI/bJrBw8g1kz3TJ+1BTe+oyA";
vps6 = "rYOCGG+B4isTifKJQqsEdfhQuQRnUiIsvz7uI7vZiDN";
vps9 = "fCAqgs9VcYpTLccwFtSkx3dwMDG6787MQX4ycekxRSJ";
};
# 描述可以直接的设备之间的连接(图上的路径)。若一个设备可以主动接受连接,则设置它接受连接的 ip否则设置为 null
# 因为一条条路径描述起来比较麻烦,所以这里一次描述多条
subnets =
[
# vps
{ device = inputs.lib.genAttrs [ "vps4" "vps6" "vps9" ] getAddress; distance = 1; }
# 使用 vps9 代理的机器
{
device = (inputs.lib.genAttrs [ "nas" "srv1-node0" "srv2-node0" ] (_: null)) // { vps9 = getAddress "vps9"; };
distance = 10;
}
# 使用 vps6 代理的机器
{ device = { vps6 = getAddress "vps6"; pc = null; }; distance = 10; }
# 校内网络
{ device = (inputs.lib.genAttrs [ "srv1-node0" "srv2-node0" ] getAddress) // { nas = null; }; distance = 1; }
# srv1 内部网络
{
device = inputs.lib.genAttrs' (builtins.genList (n: n) 3)
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}");
distance = 1;
}
# srv2 内部网络
{
device = inputs.lib.genAttrs' (builtins.genList (n: n) 3)
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}");
distance = 1;
}
];
# 给定起止点,返回最短路径的第一跳的目的地,以及总路程长度
# 结构是from.to = null or { address = xxx or null; length = xx; jump = xx; }
# 如果两个设备不能连接,返回 null;
# 如果可以主动连接,返回 { address = xxx; length = xx; jump = xx; }
# 如果只可以被动连接,返回 { address = null; length = xx; jump = xx; }
connection =
let
# 将给定子网翻译成一列边,返回 [{ device = { dev1 = null or ip; dev2 = null or ip; }; distance = xxx; }]
# 边中至少有一个端点是可以接受连接的
netToEdges = subnet: builtins.filter (v: v != null) (builtins.concatLists
(inputs.lib.imap
(i1: v1: inputs.lib.imap
(i2: v2:
if i2 <= i1 || (subnet.device.${v1} == null && subnet.device.${v2} == null) then null
else { device = inputs.lib.genAttrs [ v1 v2 ] (v: subnet.device.${v}); inherit (subnet) distance; })
(builtins.attrNames subnet.device))
(builtins.attrNames subnet.device)));
# 在一个图中加入一个边
# current 的结构是from.to = null or { address = xxx or null; length = xx; jump = xx; }
addEdge = current: newEdge: builtins.mapAttrs
(nameFrom: valueFrom: builtins.mapAttrs
(nameTo: valueTo:
# 不处理自己到自己的路
if nameFrom == nameTo then null
# 如果要加入的边包含起点
else if newEdge.device ? "${nameFrom}" then
# 如果要加入的边包含终点,那么这两个点可以直连
if newEdge.device ? "${nameTo}"
then { address = newEdge.device.${nameTo}; length = newEdge.distance; jump = nameTo; }
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge.device)); in
# 如果边的另外一个点到终点可以连接
if current.${edgePoint2}.${nameTo} != null then
# 如果之前不能连接,或者之前的连接比新的要长,则使用新的连接
if current.${nameFrom}.${nameTo} == null || (current.${nameFrom}.${nameTo}.length or 0
> newEdge.distance + current.${edgePoint2}.${nameTo}.length or 0) then
{
address = newEdge.device.${edgePoint2};
length = newEdge.distance + current.${edgePoint2}.${nameTo}.length;
jump = edgePoint2;
}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边包不包含起点但包含终点
else if newEdge.device ? "${nameTo}" then
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge.device)); in
# 如果起点与另外一个点可以相连
if current.${nameFrom}.${edgePoint2} != null then
# 如果之前不能连接,或者新连接更短,则使用新的连接
if current.${nameFrom}.${nameTo} == null || (current.${nameFrom}.${nameTo}.length or 0
> current.${nameFrom}.${edgePoint2}.length or 0 + newEdge.distance) then
{
inherit (current.${nameFrom}.${edgePoint2}) address jump;
length = newEdge.distance + current.${nameFrom}.${edgePoint2}.length;
}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果起点与另外一个点不可以相连,则不改变连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边不包含起点和终点
else
let
edgePoints = builtins.attrNames newEdge.device;
p1 = builtins.elemAt edgePoints 0;
p2 = builtins.elemAt edgePoints 1;
in
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
if current.${nameFrom}.${nameTo} == null then
{
inherit (current.${nameFrom}.${p1}) address jump;
length = current.${nameFrom}.${p1}.length + newEdge.distance + current.${p2}.${nameTo}.length;
}
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
else builtins.head (inputs.lib.sort (a: b: a.length < b.length)
[
# 原先的连接
current.${nameFrom}.${nameTo}
# 正着连接
{
inherit (current.${nameFrom}.${p1}) address jump;
length = current.${nameFrom}.${p1}.length + newEdge.distance + current.${p2}.${nameTo}.length;
}
# 反着连接
{
inherit (current.${nameFrom}.${p2}) address jump;
length = current.${nameFrom}.${p2}.length + newEdge.distance + current.${p1}.${nameTo}.length;
}
])
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
{
inherit (current.${nameFrom}.${p2}) address jump;
length = current.${nameFrom}.${p2}.length + newEdge.distance + current.${p1}.${nameTo}.length;
}
# 如果正着连接、反向连接都不行,那么就不更新连接
else current.${nameFrom}.${nameTo})
valueFrom)
current;
# 初始时,所有点之间都不连接
init = builtins.mapAttrs (_: _: builtins.mapAttrs (_: _: null) publicKey) publicKey;
in builtins.foldl' addEdge init (inputs.lib.flatten (builtins.map netToEdges subnets));
tincHostname = builtins.replaceStrings [ "-" ] [ "_" ];
in
{
config = inputs.lib.mkIf (builtins.hasAttr hostname publicKey)
{
services.tinc.networks.tinc0 =
{
settings =
{
Interface = "tinc0";
Name = tincHostname hostname;
PingInterval = 10;
TCPOnly = true;
Proxy = inputs.lib.mkIf (inputs.config.nixos.services.xray.client != null) "socks5 127.0.0.1 10885";
ConnectTo = builtins.map tincHostname (builtins.attrNames
(inputs.lib.filterAttrs (n: v: (v.address or null != null) && (v.jump or null == n)) connection.${hostname}));
AutoConnect = false;
TunnelServer = true;
};
ed25519PrivateKeyFile = inputs.config.nixos.system.sops.secrets."tinc".path;
hostSettings = inputs.lib.mkMerge
[
# 本机
{
"${tincHostname hostname}" =
{
settings.Ed25519PublicKey = publicKey.${hostname};
subnets = [{ address = getAddress "tinc0.${hostname}"; weight = 0; }];
};
}
(inputs.lib.mkMerge (inputs.lib.mapAttrsToList
(n: v: { "${tincHostname v.jump}" =
{
addresses = inputs.lib.optionals (v.address != null) [{ inherit (v) address; }];
settings = { Ed25519PublicKey = publicKey.${v.jump}; IndirectData = true; };
subnets =
[{
address = getAddress "tinc0.${n}";
# 最短路径已经被提前计算出来了,这里将权重统一设置为零
# 如果分开设置,两个节点会因为对权重的描述不统一而拒绝连接
weight = 0;
}];
};})
(inputs.lib.filterAttrs (_: v: v != null) connection.${hostname})))
];
};
nixos.system =
{
sops.secrets."tinc".owner = "tinc-tinc0";
network.settings = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "systemd-networkd")
{ static."tinc0" = { ip = getAddress "tinc0.${hostname}"; mask = 24; }; };
};
environment =
{
etc = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "networkmanager")
{
"tinc/tinc0/tinc-up".source = inputs.pkgs.writeShellScript "tinc-up"
''
${inputs.pkgs.iproute2}/bin/ip link set $INTERFACE up
${inputs.pkgs.iproute2}/bin/ip addr add ${getAddress "tinc0.${hostname}"}/24 dev $INTERFACE
'';
};
systemPackages = [ inputs.config.services.tinc.networks.tinc0.package ];
};
networking.firewall = { allowedTCPPorts = [ 655 ]; allowedUDPPorts = [ 655 ]; trustedInterfaces = [ "tinc0" ]; };
};
}

0
devices/jykang/files/.bash_logout → devices/jykang.xmuhpc/.bash_logout
View File

0
devices/jykang/files/.bash_profile → devices/jykang.xmuhpc/.bash_profile
View File

2
devices/jykang/files/.bashrc → devices/jykang.xmuhpc/.bashrc
View File

@@ -35,7 +35,7 @@ if [ -f /etc/bashrc ]; then
fi
if [ -z "${BASHRC_SOURCED-}" ]; then
export PATH=$HOME/.nix/state/gcroots/current/bin:$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts
export PATH=$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts
export BASHRC_SOURCED=1
if [ "${HPCSTAT_SUBACCOUNT}" == "lyj" ]; then
export PATH=$HOME/wuyaping/lyj/bin:$PATH

4
devices/jykang/files/.ssh/authorized_keys → devices/jykang.xmuhpc/.ssh/authorized_keys
View File

@@ -10,9 +10,6 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlBxisj3sU9QC8UC5gX6sakf7G03ybbkmHtD2cybuZA qmx
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWU/OlrP8bJ5k7IqpIwUC1COuVsmrYVreW/ieEdPYdj ccy
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXkM8TS8fDot22LTfU2jDVOqK20LmK8Rd7xO05vYns stq
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
@@ -20,6 +17,5 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFL+fpLRUHy6Bop91ACIUjyekWn+ZGCEOzfrqnaEsn+ yj
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat

0
devices/jykang/files/.vaspkit → devices/jykang.xmuhpc/.vaspkit
View File

0
devices/jykang/files/linwei/chn/software/hpcstat/bin/bsub → devices/jykang.xmuhpc/linwei/chn/software/hpcstat/bin/bsub
View File

25
devices/jykang/default.nix
View File

@@ -1,25 +0,0 @@
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' .#jykang
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | grep -Fxv -f <(ssh jykang find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export | xz -T0 | pv > jykang.nar.xz
# cat data.nar | nix-store --import
{ inputs, localLib }:
let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = "haswell"; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
});
python-lyj =
let python = pkgs.pkgs-2411.python310.withPackages (_: [ pkgs.localPackages.pybinding ]);
in pkgs.runCommand "python-lyj" { }
''
mkdir -p $out/bin
ln -s ${python}/bin/python3 $out/bin/python-lyj
'';
jykang = pkgs.symlinkJoin
{
name = "jykang";
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj sqlite ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs; archive = pkgs.closureInfo { rootPaths = [ jykang.drvPath ]; }; };
};
in jykang

2
devices/jykang/files/.config/nix/nix.conf
View File

@@ -1,2 +0,0 @@
store = local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log
experimental-features = flakes nix-command

80
devices/nas/default.nix
View File

@@ -4,68 +4,66 @@ inputs:
{
nixos =
{
model.private = true;
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/nas-boot" = "/boot";
vfat."/dev/disk/by-uuid/627D-1FAA" = "/boot";
btrfs =
{
"/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
"/dev/mapper/ssd1"."/nix/ssd" = "/nix/ssd";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root3" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
"/nix/backup" = "/nix/backup";
};
};
};
swap = [ "/dev/mapper/swap" ];
# TODO: snapshot should take place just before switching root
rollingRootfs.waitDevices =
[ "/dev/mapper/root2" "/dev/mapper/root3" "/dev/mapper/root4" "/dev/mapper/ssd1" "/dev/mapper/ssd2" ];
luks.manual =
{
enable = true;
devices =
{
"/dev/disk/by-uuid/a47f06e1-dc90-40a4-89ea-7c74226a5449".mapper = "root3";
"/dev/disk/by-uuid/b3408fb5-68de-405b-9587-5e6fbd459ea2".mapper = "root4";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
};
initrd.sshd = {};
nixpkgs.march = "alderlake";
nix.marches = inputs.topInputs.self.nixosConfigurations.pc.config.nixos.system.nix.marches;
network.settings.static.enp3s0 =
{ ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
kernel.patches = [ "btrfs" ];
binfmt = {};
nixpkgs.march = "silvermont";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
networking = {};
};
hardware.gpu.type = "intel";
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
snapper.enable = true;
sshd = {};
xray.client =
xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
smartd.enable = true;
beesd.instances =
{
xray.serverName = "xserver2.vps9.chn.moe";
coredns = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
beesd."/".hashTableSizeMB = 10 * 128;
postgresql.mountFrom = "ssd";
mariadb.mountFrom = "ssd";
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
wireguard =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
enable = true;
peers = [ "vps6" ];
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
vaultwarden = {};
nextcloud = {};
freshrss = {};
send = {};
huginn = {};
httpapi = {};
gitea = {};
grafana = {};
podman = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
nfs."/" = [ "100.97.101.0/24" ];
misskey.instances.misskey = {};
};
};
systemd.tmpfiles.rules =
[ "w /sys/class/powercap/intel-rapl/intel-rapl:0/constraint_0_power_limit_uw - - - - 10000000" ];
};
}

85
devices/nas/secrets.yaml
View File

@@ -1,76 +1,20 @@
xray-client:
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
store:
signingKey: ENC[AES256_GCM,data:zr02XBgQ4H5jRnjpLtp9rjcysXP9qI7McOiBwaWhdylu5GevKmxlCd4h3pEUO74k+gJT88BzJ+S59P+6DS76Y5nlKqextGMzGjdq5XPkdDkSkKZBai2kkqBSyko=,iv:hyhroaDazMLFeLMGruiFeokZ2Tz3xKj+xCsiEUJ5faQ=,tag:w3805eqo6Y1pw65mjoRgOg==,type:str]
acme:
token: ENC[AES256_GCM,data:OrYgBRU1VPpkpDzYMFHINfPSHsXEKABdZOcgiAiBJKcreBoaSVHUvg==,iv:XIeZPJhzmUi5ZHKBCYN5UA9HWH1K+26SvcIWVrHAYDA=,tag:3F93syLBZjcHwnRRkUEjlw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:VPlB4wSbWqSYw3rYRwfAMa39xrPcPZfz7sV2Cq3rmOhifnUPwggxnA+51do=,iv:utnyrB6Yfe5O94Oq4HDVFm/lQ9ZBoyvUT68r2G2PdwA=,tag:snm01vA+z2yKK8d2i5i2ig==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:5kGvlFB332xf+PQCDmJ+EA==,iv:/BQI83lMdzmycQCe0k6Y8bwqV4Ma9vqgvgPWWqVAr1g=,tag:61AhVVNUx8+b55DkIjVifQ==,type:str]
led: ENC[AES256_GCM,data:XFlK2jjo,iv:rTCHmoFU4S++eBywCa7NXsAmSqcSgCFXxnW0RyFA2a0=,tag:aK5IejgS060FrxQfmdxohw==,type:str]
maxmind-license: ENC[AES256_GCM,data:ezBawTyn+oPKKy6sQuj2BQXhnO4PTbxYWRpQR9URCxqD7bFlnmWU1Q==,iv:eD4yLDA209x6HFtDaqyj8kRxTImdyZCgOminHWb9vt4=,tag:mx+qPp4L9jHRvL90XH1RwA==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:r2O88tXccKZw68Jg5tvUcpwf6y8Vs1kcZ7XbAReJ7aGyGH4MH3jTO72Hs7vh7185IUygXri0M2C6Ko2CY3gaLg==,iv:ZYbSqlcnga+JnC5Dxt2cTHiGTlkndSAB550ilSO+P1U=,tag:PgrW6H276sSvYe3NA6o/vA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:Up0Q/4MjyCdXyL1EVoXbmW0J3QJCx1PlhClXSc2WpBNwpSfgmoJceLoXRbIs009JVjhn5tt7LO6EmwKiNc6yTA==,iv:myWj8+exXtg+t7Fs+ZPOLJXWtKEu0PyhTw68i7rnuTQ=,tag:WMpj06Swj3pMbSXgM0bNuQ==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:yLVCQaElMWBdVnKa9hBNEnSxfOx/582SoCDpQM9QjEgWzYOmPIVoRsTAs10Gsw3PezJW54S+AUrNg1mV0f8Nwg==,iv:xYXQt2CsZyymdKMIoqKLzLeTMNff7RwGzBGDfBOoxlM=,tag:L3V+AZZyOJow/Sf1RzD38A==,type:str]
nextcloud: ENC[AES256_GCM,data:/wv5hG7cmHz8S3d411cGxFY87MNmo/6V/vXJsWqYr4afoVLMlqUgpf6ZkSPcj2PKBmB/X+RR1s/Mus9RIJKpzw==,iv:WMdKp63LsMyOGheurm6bM4qUUNVe3/WmkvCQ8PWxqoo=,tag:PHjeJ052LtCqerED4bgACQ==,type:str]
send: ENC[AES256_GCM,data:5y0GGNdmVzl1Ro4bv8rab9dgmIOgNQBPPF02HfpOn/ctbSBzi9c96TJeIbDJVS2tN4P2+hSgP/XOR+hoM9prxw==,iv:4xf0b1/1f9vyVlQtIGmX5Ea/xNPyjXmA5/vazf5sOZA=,tag:b2211wLiDTvPKqRA3IpzOA==,type:str]
synapse-synapse: ENC[AES256_GCM,data:3lSmLz+sO9fwomeb/NCTlSRwpbegH6g1vp0qKg4G/hnWsKCu2mK6TDhQbLCSDQEagw4oBDN68yEBQ0C0tvmd3w==,iv:9rrv3XvB4ELcZhdi2KNxnYFw+XH96U4SM0X9ZSGp0KA=,tag:Qn8FdMMOaDeB9Wb11F44xA==,type:str]
synapse-matrix: ENC[AES256_GCM,data:NqDKomSPI6UcRDAjqVapBlmXXFHdHYS0w3jvJ4oQCvoeqYvNalkD009A6E6Br3w0/FGEKJQeTBI2MkYLlHAWcg==,iv:o8TDqzRDQCi4+Kv82BSTRyB4Y7mKhxM3c49hEbQuQmw=,tag:6RCKWwxC5Fw5N1QD/5UktQ==,type:str]
peertube: ENC[AES256_GCM,data:zzRRyCbXsqVVxDvS8kpBbOyozqi24d6G9K++/ToLQyt3TumefTssNehljNsb0oqsmZBLgLhND0T4WDhMf9//Ng==,iv:yDM/LREKnBW8noRzHPIdqg0TvmWAfxmVOplZkY8MSro=,tag:19uoxbEdGPOIzcQqm31H5Q==,type:str]
misskey-misskey: ENC[AES256_GCM,data:daHnurnqW0MI2uHd3gNT+ZczmytRdwBSsHGkCwNH9hJFMJW/U56HtjG5ivOQzYprWJ5uzgN98ivocbwzJEAGfg==,iv:aE9kvEErN06FNPPFQNchbmg/+SJCKT3QzCN/JTlZovk=,tag:iMo3MTssxKKT02zi8gCZPA==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:mcJM5hgd6Y6MjphFuH20QHU1zxPVnrd5CG3rwX3CekxpM4NzElhkD0pcWM0eTxbNQCM4V+lmjAvaQzBS8T9Mzg==,iv:eC2/GyNcZK31jxLYfRRw4l0aNhz1kcsjE/w4Y/P6ydQ=,tag:hNC2Fj327+O8/4/5/riTYw==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:z4C8J2dAu6OhtRzkHGLb1u3pUGeRuTF1EHzjduO45zF9cpMufIs52u8vhzwmrEXm7bJP2lomyFtQRWNPqtPkVw==,iv:QA56d2wcAseFuhI+lgR5Op0TbKrzs+1Cd5v8/0i8/gE=,tag:Df63HfuHZhDn/0SL2/6fdA==,type:str]
synapse_synapse: ENC[AES256_GCM,data:4Em7JbATF0Rs8pLjrVT9ZIxPaqecqxCGUtQPie69XWZIVuB/4AsmhPe4WmyJ2jPPmHBdzPHHLwQbd3ryusMzsg==,iv:49JsSMnsZzROuH5mXxMVEbkFOp0uf8gsps02vAH1Ovo=,tag:63LjUCFcnhqUsWqn/hDijQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:qP5i100QGGHbYLbmgI29eU1vjx3S9zAAJ6SuahykqehFcowJMG/x9L4VCfw8nMmvoDZDUDvOKsE/8XH6tJ8c8g==,iv:f+yahEvIwdchADrtQsX0EllR6jGzqLA5zwnnAaUjnck=,tag:Iy5JbgktJSoUPszcinb9vQ==,type:str]
nextcloud: ENC[AES256_GCM,data:XBsqWgTwAMMQ+aZVf91w343yqL7a1xEswc8CeC0NWsM/ZwabQfYeToVDKlQEGnItuyBRZfhSzH+EUsF7pXDB9Q==,iv:OEoqECAOuyJ0wjsaof8GFYaftEv8z7vH64RWlGHU9XI=,tag:nFoMasHkPawFxiLvclsP6w==,type:str]
gitea: ENC[AES256_GCM,data:7afp3qF0jU+aGOktymlk4iDaK2EuYjLD0QcMQA2Nkxf+ac4PQFb1g4rsaPcxuNLn5ZFueq6QXCVUTPNdEeCJNA==,iv:OjNWbhRoi5fvVY8dtkoHWIPO1frXsmI8cuBxKgDHPmo=,tag:1s3+L08McDetU2BTMXWP+g==,type:str]
grafana: ENC[AES256_GCM,data:jsKB0+FFRGDfCG/alFwQF1fvI+TOFAUN6gc3zraMkCsRzn6SBzPsyuOiDthTCyS2dx0+arwmn93TzX1fm/vKuQ==,iv:Vl7IsQRuP8TBTDfwJSU/QrHTSowukXtGPG38fu3QcnA=,tag:L5G8sN6ZcOWyoeQgvTYGrg==,type:str]
synapse_matrix: ENC[AES256_GCM,data:uyV13dMgUzPLGmSGN3Hoi6u1tY9rMU186VUSl7HspZXFqhs+OmRGL86cf91o/owvz15WijIw4wuAP++T8MY4LA==,iv:TG7Fi3ETAvmrOxv8ZahnrOR7Z90Vf5YgHcOtPkzueJI=,tag:uH10mk1m0q3a0fGcDbH9HQ==,type:str]
peertube: ENC[AES256_GCM,data:J/qNYYuOhENTVFU+6Iz9P8Cy1FcHlD6xpPADDzdYDZuce9DEsnFq28d+tTJ7Z71IvOKvNySly7ru/R+Tu7rqpQ==,iv:sV34o2Zf7yLUovdVND7wh+rcoGglz4llc3xfSEllHNM=,tag:c9wzEAlWMINTN8TEZhDIRw==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:PVWacd0SAg2n76ExpQy5Hdg2WK2IdokhnZ0PoY7rNz7pLkBjlrMjbtCenQ==,iv:wPCVw0VVL4b/9TLvGd3fU+dDr/gIlSyUOO5pKF3CuzM=,tag:HgUrPEOCZK9DYsyowi55Ag==,type:str]
youtube-key: ENC[AES256_GCM,data:XOPAZPIE8Hd3vKWAR8tlaXQp/FGeH2pIBmwym8h7TXUf+MGTGQko,iv:mv1csjmeKi/ZQIiuhzPIr3DPyygjWevhFGSK+URaQiA=,tag:yh4Zr9MpINU8O0eeH9+z3A==,type:str]
youtube-client-id: ENC[AES256_GCM,data:HEJQeFtoyXaSQqprbpGY7qvYYsq1u23CMM5kGvgGsoP1xvEMcwRa3Lza8OhL/lk0MtKH0krojDyUMzWPZtohG9U3ad/t18YQPg==,iv:vT4V3VZU4lJx2djtjIOow/xuER2LQ4reQUOgCPeW+9Y=,tag:MFvBv/3hs2H6BQWGU9eeFg==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:7++nVoYfFxv304u9fxmk5W+38tP6Z+mMS/nh7adolhyfDXI=,iv:WlYBfwCz7//qM02ljM1prc/YnBwLOb60ATcUlnBK9ik=,tag:erwi1hRaSaUQ2cLp+S9QOw==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:o9KEBZ18h+taPc3WoQ4EsbR/WbFn3wRhgdvLAz7dmM05Cktf9pgZ8iI1idWQZCJ0ehYL5VyizNhHrmkocXsHzCJ6i79J3uBl5vggWZ4v6/5cUBtNZXq5DYYG/EVN2RXjOdrkzYZnQA==,iv:CQzgvwhofMljnhNXYh+t6BkPJ3OO4GRPOSFZOVXe7TY=,tag:/1i73kP+RrkP76Tho27wkA==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:2OM7aZZYuE1A3aQMsDia5yy2cGVmaT7L3QljZ3J8IixA9zaJdFwu6w==,iv:vcc80V5PMqZk7lcvoyfl+XtoIhZ7g951OSRnXPywtao=,tag:EVL2NIiDTS5EHU8MxIZjpA==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:PoylF8gAs3dpRSdV6ClpaV9J6jRqRIsAYPlv1NiWy43hHmvEQac1tVrQfm0WHsxV3SfEaphyVH18bgwAcWnkWHbMTzKTWtzsJ74WrihRgksPiuttUm0JkTTr16g0jUtF8kSJiajQfDKmL0pEY9k3mnGnLltjIfntnqbH6dM11FRFy0Ixg0USUPiPz+uFMpJ7x6RHp+ypfhvMYsi5uuCiloCYMV4cUcr65gGym7a72S74vPdPQRzuGoz9fsJn/aPGPlhZR9L2k98TzQjp2jz5lbbGLEH6O1AH/aW9QlDuooF1ki9SvanQ,iv:nO6Adc002Twmw4Qov+EkhVu2TBN0NUEgaCoWOaTu7hE=,tag:cHG00fvDaTR7kAYIMPsICw==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:88obR6OzMhO07UM4Mqr928ik/LY8wjjuYRVJdFFJNwiq+q05DfKprrX0oh5barTBqWduZ/PZZzOswh8OgzyeVpRZwBLIz63AJSv+Zui6wV/KODITZs/iDC+UiEnGkh0kf93p3g/TUvxWDGwe7beydGiDXUZrvaQ2nKB7NBGAoohdsx3cXb+TPruj0U8G1GaqRscSjqoYJFhj30EJBH7Jqb687/Zms0oetgXi6KZ8Mw==,iv:tYjHMC7FVxQJ4mhst6pttxivCoSxVyv8qUPmXXDoqzs=,tag:c3UHpyGKvD48qi0rBlfyjA==,type:str]
mail:
bot: ENC[AES256_GCM,data:redeWqYAJlHVivVtywOD+Q==,iv:mDZ+4K4aj+05/KRij0oH+v7/JiBxs7y/x08Nz7U1sSQ=,tag:2FRwDxmN/mIuBjE39jl/Ng==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:IAgJ3Lni1s/AGQxz2Tt0EpFoIwRZ7Y9TtDHsm7fyCcfDLNvwhNorTod5MSgiqFtHhWLzXf/iqh3/cWitIeuxAg==,iv:QUGCkeFMO+CA3tAXbM8h4KALFic6XbnW5pCxtPtJyb8=,tag:dq6qECRfcyUvJX5EwCPDvQ==,type:str]
registration: ENC[AES256_GCM,data:HV4DXfW6h1Z/OaW73jXJ4oXs/FOJf4EXWrWlXsnqbOJyzhCszBOiGFAw/i+wx9sSB+k=,iv:8VIXG3Xqug8dYaw2Log9IrGpxqAXwXFk4MJ4JuzQsBY=,tag:3Ra69sIFOxtX4Wzehvz+lQ==,type:str]
macaroon: ENC[AES256_GCM,data:ilCgbQjqIALJd+rz0XmEo6TLqO44NCBBG2vKv8QITLntZ80bgedKACXZogfMVCv7pTI=,iv:LQG1/agu05i7kFL2vWFnSCttivD7yyDijhWFfq50Xq4=,tag:2VfNhZA5OogXI/RaWohDag==,type:str]
form: ENC[AES256_GCM,data:0NdGdzjSF1/Xo7jz+Y3sGK/szDlhgg6kWLCoBiqDmBSARZX8SnW9W5zlPKM4Xa0sG+o=,iv:XVxnFBK2f2tvhIshzQLqLeUMcO28MyLrrF5QZMUeUr8=,tag:5frMH5KQt1hL1u2ltDpApw==,type:str]
signing-key: ENC[AES256_GCM,data:JPjrh78ySJwmfL7l5C2OT6pelzMfqaWRQK7MoMv3lQ3VXcWKrVsJZlfRQaTJbaEgK+qSiHh0T99LGA==,iv:DFefjxW8U9YK3kCQUPyxOHsh+ZhUYEj5DfOlKVZePxA=,tag:u7oyKnuVDqkyvzwvsyfV/A==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:ecDAOVKq9+tJklCJK3ktiWQ6Ky+O5fjr9zS3b3PjwJUyCpIADvVhWBTmFeaVy2ApfuWbugGw8d5wCscpOOy/aw==,iv:p9l9X0UBK2mDpkR9+OX/j+ETYxMdzZhjowzOvA6Uk/Q=,tag:5IC3IsfXg4JmJ+m9F4ehPA==,type:str]
registration: ENC[AES256_GCM,data:YnDk7rqVPi3uyzNSBvWLQPb2ZaayNzgubs4Hf0i/CN0hW4ha49AZtkcNka/hVtwTGMI=,iv:Zs7SpAecN8r2Sg7Ih190SUlbH5SLu19BDCUPX9ywYzw=,tag:RLZ6jIgOeFCDwzAu0008yA==,type:str]
macaroon: ENC[AES256_GCM,data:YmEJKAZ6dyjBVyvK3Xi68TZtJHUuljAQMhlR6I8vNUOxuP766XYkU/z/YaH3R2rVv9Y=,iv:1/C8Fm2CIpo6Y+YnE80EtWvHfG6cQu/mYd10XjagJdg=,tag:QmtfqZ/3as+4gdF/b2OuxA==,type:str]
form: ENC[AES256_GCM,data:rGLJQUMVpOBTCQEqQtiUk3SWitLL1tijBFqVDbohrUspUhTXgRmCQ/0eodhku3RiwcA=,iv:GSxZtwo4/FDRn/dA+L/NQFWcj45KEUSaV2sUL09vqe0=,tag:4dvt57c3Q73B6O/9/UsbNQ==,type:str]
signing-key: ENC[AES256_GCM,data:mUY9Fn7TcBPs4HhSpRkj1weFezAzr5ld1xYE8kZcjRNU05MCGLTbPa+av6pYr0HoAaSyzBXmKBBZMQ==,iv:wX092d4eAJ2jLce6Y1EfewxGZsLnwOSce5RJoikCiRg=,tag:Uegzv54CvAI8d0NTz3UesQ==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:wbKsGwBKrJYagX1AvY0o5FHXxOhrfjZ/+crasAh52uOFYGd0P8A7NnyF6JvNgH749dAT9H47DXRKBAclVVSqWPc=,iv:TZgJ7pwyGBpf7S4g7CL2dync2sGNzQ9369atAvLwFJ8=,tag:sxtkPHOmrjUb13zeWPBdng==,type:comment]
admin_token: ENC[AES256_GCM,data:TrgqQwXBoCdsLeWQYkur4zS+Z4nCoDDoePnN5vm+AIcgYXVwjxcf/0AwXQIxVNEypYysPpoHKOigwhkf5kLazAMiBZ0goAflJT/S4nOLo90s+9kDCADXWnCeHNhBUg8fUulNPBbpqdfFKCJgJCD2WTI+V5yFLQ==,iv:maKU6pcxis7Cyrx9x26cUTBzA6ZKcKJWSP23w+MDehw=,tag:GYpPHp2slC6V8aKA1FHFAg==,type:str]
mariadb:
freshrss: ENC[AES256_GCM,data:Qjg5GIX13ccZi/DuqtWK0qzr2GK0GzzUdEZWXDhUhGxFWzgosADxDCc8wfOchItaJFefnVrpPxdAPvT+4TEH0g==,iv:oGii3o6sJYVc11kdQMh0Pa3GUbWqttFgjvSVEbTycZc=,tag:8GWWwuJjQBwDFl9pJvg90g==,type:str]
huginn: ENC[AES256_GCM,data:/hFQdG/RGrX75qd0+WgwhnwR7p/CEVx1vPksRSudxmc1m4VO/AVzgMCWAz4310ctTEnn4GZinvD6QGFta5IOSA==,iv:mrPDZA6Bnw+SPVDDe64tivvvQtHWvCsPJbEnPqm12g4=,tag:ihXbIJwwtQ0RfaNfcaop4Q==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:DJK+u19VP9cFvq4/P0+f7erXxZkRWI4NRrX9HdHO96xy9wZMtB+hEDN3zLQnkTTtmd2ZLs9+c9BsUNXZperGDQ==,iv:zX8Nxt5+O/mGVt5l1j8IojBkgxg5oDae6KWTXYz0hRE=,tag:MRyMx0OXYTCmtaySP/umNw==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:wwHntnMeiGZ5v8CE7CGV,iv:snIdYdFpvv5HvcR5qucD2pZXXef3dhSU+2wK5SPrDjw=,tag:2RnujKKkQSoxvSNZPLS9Pg==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:E8rEdAfUQX9oJEnvxVF5PmYFMd9PN8+K,iv:gZtUf+AkICLHD4h2beHbEfyoL4bcoOv0sivDFDB3vVY=,tag:4tlsPuED6jCXNE0iOayXsg==,type:str]
grafana:
secret: ENC[AES256_GCM,data:O2L0+R9QvOMJLKa941nxn+FeuZ5nOAm1iDlKW2vvk5Dyod0XLdGL1seWuYzpx+NL16qmC1u8jydDcBfUT+PAeA==,iv:Pqsr+POPAr8djdVMK5U4PiS1zUnZXLH3q588D/jOMys=,tag:QziP0kKT5oyI/RHaYHr2mw==,type:str]
chn: ENC[AES256_GCM,data:xMwWBYChRIxw5KDjgCYBJWkbRRo5FUtyhZ0+SVRIgjQ=,iv:EIjECQHx3/2t+oMC16B1Xfwa8guiST2pdIKM1hNcuFA=,tag:BP8ElnMevqF6urDgBP/UAg==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:9pm5hD8FdbmFIRZZX5+C0NyXn8qdt0OIlecu79xjVrWd8C6H7C01Uriw5M1qifTIJLDMvJC36Trci0/eniDsEA==,iv:iZ/KiwgFm5TyZBZxo8n9k3Lr3o3Vk+c4zFn9efPtJYw=,tag:HGgoRL1C3Nm/KTHGfq2Ejg==,type:str]
password: ENC[AES256_GCM,data:PNrcz2PnGF6WGa7vL5PBWiM03xsA2B2imPiwHpU0IMPN/CMh77eMVtwmoxtl6QkGl1UKb12975NJsfJwJPg9gg==,iv:vjFl6SFNqZhTHmmxRckYAj8nZ1IbFtTfTAxYkdSf/lI=,tag:K2PpVnu+919MddGl5qJn+w==,type:str]
nixvirt:
yumieko: ENC[AES256_GCM,data:tO+67mdCFH8=,iv:vl+PLSBfMDk7rGmpjuZ8TnEC1B8tni2pphC7cTmxQU0=,tag:RVW5UaUD0g0HDpoGp2/mAA==,type:str]
tinc: ENC[AES256_GCM,data:IziBdx/fkWltRubpBYcCuZ/jwM7U6OUA8WAglvMRoCN3eFjQEm3GN+J30tfTt8P2ngwHmaKJ7ry7rB7nhLmIUzhNrLEHprwZwqhAIgpMHo4pcCfJBE5Y7ba+kTk3eOI4waxwmfRqFdccmmkDTtw0En0WtSj0/ysOM4n8mmgeYxc5KIUNfasc0IHfHVtNahljvFUpExeT6Tpu9Caa1cznnFQYlMXsEGkveUHNOcEq4DWCUEVCTOE4/jcSg2j3+dJre3/Qz1ELi78=,iv:PmkrR2nccHrKrXr5V+YBVP4eQHBxPIw16ePfgjP7wgY=,tag:jsAh/QfimQ4swHnEtQsiIQ==,type:str]
misskey_misskey: ENC[AES256_GCM,data:QhsmKzYmAV0kGPhtRjTK7npt/Nop5JM9EFPpD8K6KfUJ48w+r+4vTORmERu7D2+fE3XDXxNZeSJg//bGxMmhfg==,iv:qkjkrqepjQ4kbwoaceQSzEP5TjLsiY7ih/ESj5RFpHw=,tag:UtZVW30xcsbGUjU2HjoUvw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -90,7 +34,8 @@ sops:
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-04T17:33:50Z"
mac: ENC[AES256_GCM,data:MjCnibcdkR927418wAlPUj5IXfbCQMS4QQOKvWRHdqqZHBQFw886Nx8YOXvH2PTgAhDWjzhuhnkF3InaY63zYqamJcKKwp/aIjZ97UXNKsZPKaVo48S9rBuHPFI/NceDSoMPZvgrMhgNguegdc6B8D2fwJPdtdSa6pJez1WQ9r8=,iv:kZnVRglmmWkR7f80bCX9Y5Th3dNI8TtUxx6P40d7E1o=,tag:5L0bfCYJq/EpvaT8BJA2QQ==,type:str]
lastmodified: "2024-10-05T02:43:05Z"
mac: ENC[AES256_GCM,data:NyXFwcVCCRfU+QSJVwov38SzRag1vhgfyQ0xtOheKtK/UaA+2Vqiqatp/lKWeri9ltpw5xWBYQnmE6aBHEkrj5RvoXeho3CUWiSqsB/3COn3FSfXGGJ2M642dnCtWqHfTrGNW7bhq/lBisODvtv+SAs108R5yYXhXWotUs/p+W0=,iv:Wsel2unj5X/dBCwt5sLzHmUIqm9c0uqzzpfnUkxq5cc=,tag:a5/I8GWuUOy4F4lOx9TH+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.9.0

44
devices/one/default.nix Normal file
View File

@@ -0,0 +1,44 @@
inputs:
{
config =
{
nixos =
{
model = { type = "desktop"; private = true; };
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/one-boot" = "/boot";
btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root"; offset = 4728064; };
rollingRootfs = {};
};
nixpkgs.march = "tigerlake";
kernel.variant = "cachyos";
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
snapper.enable = true;
xray.client.enable = true;
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
wireguardIp = "192.168.83.5";
};
sshd = {};
};
bugs = [ "xmunet" ];
};
};
}

46
devices/one/secrets.yaml Normal file
View File

@@ -0,0 +1,46 @@
xray-client:
uuid: ENC[AES256_GCM,data:GmfSlDQjO4aBq3u50jnFjOR9VxamYHzokUrO9IpIGuBx0j8e,iv:++O2wBUCnHDPowRgtxPQJQePXP2Cda74WXQvlKHbHNw=,tag:XDWhiXwT718RgrBw7L5yzw==,type:str]
acme:
token: ENC[AES256_GCM,data:+zy72VDj8hs1GH7E1U04WhiGq0xkIPGC8pHbAYR70OK5E6EOdkQwKA==,iv:oYNSrOH3pLhltYw2NX1d4s6jiUgMssWiIK//62i0ptQ=,tag:C5ekSVjmwSEphsTZ/DLcsg==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:/x9HJWh4Kpp5xy4TfuC/bP4Z/gMOFgAalz91cewHj1/tPxFe5R/nQA==,iv:K696zu685ydzwFMKIrqz1GiYLMKGM1dLNDWdhH4U0L8=,tag:nFwqXc7RPIYcQxVIu6GWgw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:NgA5rHB6GwqiNSx1mhxObywuiZWq5qpcNrlpk6HaD9hzQoL0j1IrrgMCqkU=,iv:ZZUlSJeQPN2/JxjhR08FdEZl3gCFuNpJ3M93C6JovHs=,tag:rCtWHOYCmgZKF1lRlIAReA==,type:str]
github:
token: ENC[AES256_GCM,data:rGiseVhDBU+rNcz92QXHeqAQ4lC7l5dba8d7rGUIIoEcpBVGwGh/5w==,iv:lf4aMBAQxI140qJsMLqHpI3dKRw6HiV20cyn0WFWbT8=,tag:w1P9MrqgUAmPzVWkIFs1jg==,type:str]
chn:
age: ENC[AES256_GCM,data:eI7ZtgOdcI0sWrD0MmbPEOnImVaacTrR/rDtZcUKSlUIMlpFga7HYOKUZbgMvqaxZK9YLuddB4setggrPvEx+rXpTU4fx0s5Ce4=,iv:5aYVpf5/nr/ssGAZDiSs4/5HP4aPDya0DZ8OfrhHowg=,tag:ImzDxw/1GB4/krCnNAxJ8Q==,type:str]
rsa: ENC[AES256_GCM,data:TirRkEaW0sTstTp3JoHz1KCTo3F1zozjsUUHVxJ9v+rmZRfH3DjwOKeGHsiKtJWo16yqHpQjcBmInWzgnFUZtM87lzW5YaKOPDwBwsbLtP9NxaFTU74kU05Y8E2Aireg1LlmLvu8sRHy/SwVHdML1AUZ4g9sLCLcb/eQcWQmawdsl7Y2xkPQlBfKiophu7dkEPw51vUoKvYzM47R9RI5cRFCNZtUfr4hOk23L7XoVL0Aejqd6pBoENCJ+nCXp4kUTYqrSPqHuQuuYwb0thsrd++g4vmSQQWCN/KkYAg8UPvAN3hMGF+4f0S5Zdr+g0Lb2KHQkpBofOlBZ3P1uTmm/2s9R6brqFrz38OGWK8ZouNZyDPC+FwJfMywm3GRf87rCzEjF0bAix3J779YDG31uaJJhTjRa4q/2Uvk8YXbebTZEuQ5dK1bav+730dOeGF7oa8oBVVQjB2KYzInuuVGdLoVMeaiRlpJpK4ZU3SnzjUheiq7fAdJcqM3QxgK2vIy4kL6LcniSm4J/b7IZjsbxAdkFRN0VZOgHQiO+IICbbhNftSXCCFgFvG3Yl5dzCtqUGYoYEpZwMwJQZJuFJqfCzRFb83jAAjGSN9OByGbu7flsaqRR1YjKNs6BgJOnyhbQ2YJrozOuzw8ZquuDURP+WmP4NnKOAZ6J06Imupkd3Q/pfYxSzSuNrfXYqSHeczDgb8IOc37rfPWGXLgEvDVuSYvYNf+jgSap0aGhHRJ65dvRsZE/GXVuRhTnpzF0vuoVJpifrzkgHehklUGPOLhvnzTwLryHvnO2VJpZ7hhlreeVGf6iZ7fDYJW91OvNX9b3WvtWV985n892jeFCW6/OHfNhv6VBjj/YeNMrZVy9JLwDe5DmxQBH9GIc5S1AGVuTzZBLsd9L+ZFonGfxbwpPtATFCvaftaTed55cXkZvj499rfu6KkGzCPP79tNQSyCRGPrq2pLGyAAMh40+8gkCgKmrw7ZrdhoUvBllKrAMGb8kd9FQ74OPD6vhb/IXMBc4+N1i5d+XiONOOKyVHpz8y/XS1rHnQO1sSN0Wkhgoc48m0zN/frmZzBw2xiYnG19rd5CHSRRbK50JgI4unMNiJKWNQjqnDxsKJu/WSOKeOFK7g5lcKl1D/XPYOeFUm0ZWmqhb9XrF0f045RHKNEMwkYbRJZaJcPQ36H7+99pYGjjZzY7KVUVlc+7ttQiUoOIkGKI8A06Q7fSXxBWA9x8Om9CdKPT3g/MnELl9Bg8kf7Pc+McWmGxdKzjhzEL1ElMTWfuM/a8hU7SMDjHtCHdxwngLn8+krt0HJ5SwEcDs0KUYEBRDwDpooDVNEUTHL8zEKE8zVl49lkN0NX/Wu0LvnQeJ0NjrFkF3eDpGyPbkXKgqzTMSaA45gK48UsCzKkMaqmTpCyfISyhMeEQm3danslHL01P20GoY/zWLsvOgO96p7X/j6nRv8RCHNH8pu2ve9d8V3Zu5DuHW6+ODOfaCihxkkSqD4jv5OFgISD6afLiBShVMcH8tKkEFph+Zd8COYmuUBZ5ez+BvXmMG1DsVs0/RNY9G8PG7GOoyWVU52JaJw3Awl56o47vDviBGjHi9bF5+5Je/il9csvcuokvyhsRxJ4vBwGJUNI0xtBK0/6wX2GTd10CisYw/fKOyGPgKyquGJlsODLV5JzmWY7GmI8MmVKYrPyVjPmegClnDdkxjknQGnGmEuyPLSTR03OmzR5YQ5e8Nl97mQWAr8kX/vxiQmCfufAZCJOfxoy5RRkDMuvVYlnpl5DtSPMUg+DXO9243gxqYSNCopbcAdkMH2ylkAAIzrmZym3E0EWFz98JLl9RkD1/jI80QUmZwsf3JU8pbtfV8yLs+xOrvZ0MQZc+uDvvDsi/2ZYQKfwWqmx64oK00vncyDHH9zhvwxauSfiqkA7K98ZgajrcEbU3nSfGPgdXxTlVpIufhK8k5QVM80DoMEvq+1i78ZsOd/zHFH90tyzZ1ploIY+mptGWMHJNpdBnXgy5KlUkmSuf5PUQ/xoD7UybxuamriO18IrjiQOE3pDhA1GTXz0iM+UOSceysEgNnINh+gRUbGX97YAoTS4pXGyzjYfoY8vMFmkD3DzTNClV2MSVtjuBR+dDwa58SvAAwyw55oQdILw+dogh/qGmL7MSvmssw3mxM7hsEfDu7Kea5FFVZJbgPh5VDZ/hHTWHU6gapgt1QvQQ4kNQuXJnNfooIaMWRg==,iv:9FUcJX6puazsRTBtKfuhvbY8jA5pdVHD4PfChtSX314=,tag:bxLTovW44jFhGkzGzwCHiQ==,type:str]
ed25519: ENC[AES256_GCM,data:KLBlDuxOdHnqmVU1KtDrd1r44VzuCYhQW8+7KDAXLD5XGKBP9ip41ZByuRxVUnhVtTP9LRlUt7qvEjPen4hn7HxH+Ic5tghN400JFKpnmxmnjZGbelIheAuRYU0t6BKFvTvcaKD5sNhpoYX9P29L+Yobt59Lo9dc96dF8xy6iWE4X+FPYBsxtheGOMDW/I0CLKF82pv+yy01EFDKLBLciPkweUcCf4642Xv/Lv1knCIhxnCGa5fD7XpqNbz/VfTiqgIDUScISIo5cXJQIp4Dho2SIaf3nMg8BQB5iNRDcyU45m01M36SaYKU7xBuJN7pRP+vtPySavtjbmqLbowFM9iQArpHCV+VT7cF6D35lPcn6hsZ9xEIP6XIpQU+cl6RrNmV+Rbxlzi/wGTYB6pWrfmrJaJpDPkYvyO9uy76yaljkbL03LgAsc7ittNkCEJ3xXznr9AHKH382JTHlQtMbKZPBUCAa8T7kJmu9gdfpj3yqJtvdHkOi+RIjls84l7X2OO3vhUzuRqx5FAboxKfDcPgifXV2t3d9wfMTlH8ziJGHiz8RKZJife6tdP2G7nKtSchjTyv9JqFQhTF,iv:C5KL23GV5Cs2vzHix8UNBcDSOvQgNvhewd96BMGpjj8=,tag:0zwTPg+AJyb/pCKV0zEQqA==,type:str]
ed25519_sk: ENC[AES256_GCM,data:v8pEsJ2p9cBr+wFIvcVwtHMVfuYUtFOtjbr/SuusDfAzlJJNQ6jIQxrynFwiPGf+zKRKgOmQ55XdlTHnCMztK0stDzPSs15IzgIXf1xTKNsEZVh077VM4a+DAnQMWJVjslcf/ljU0Ec5yoEGuerO03Q7Ud3ffCdObdWCwYYN++QEJ63eKSQhzMZ1LFH0YLizhvIEeqe/NYsYncA+js8uL92/97e7W1Ui2iGwC1kB4gDe0QijmaVKv4yThaw2SlcHiBuKlenkuXZu1h26Z23oa3d/GpEscuNjgY6EKFBHwg9bZIDDH2V+Gt0sWe7lWfAUR6g9DlvXZQ5J2PR+eMaQmKIYKQJRfIogAzA4sh25ecazPDgU5MtJX8W2QO4yDDvbM6TclCFPjnqSPZFpqPu5Dmess2dKMFxq8F+BEJ9typonLcX2YsFizeIZ+y4cbmyINTV3WlMd/hVCOTIadmsTshEIwquKMkKpsxzlu0DRNt1IIj9InqcQmUDfXDJlOYQlE0YPjZnUZmHEq+s+yIhkR21a1dtJ7f5T7YU5de12OiTjn3ekMhw6fSncGIWobwLvezXplLJ0+JM=,iv:QSO+YZLxSwQ69K20+qp5J7R70C6yqZ76LjhXkbfnM98=,tag:TKGQeFJdkBGmj7KO37XOjA==,type:str]
rsa.ppk: ENC[AES256_GCM,data:XBM/HD3mv2BD3Dp1LP0i+mSSSyUBrA38RzAQIIQlraFhID9oZBUTzqdSqXDeLtS1p6y2xAOxBVkH/D4WR1kOpXgw3LgNuvb1YFvZkYjCf5QgH9sxMSjiaXRdRHSAuF1b3MpGkgH7gmZRFTc5WkKvia7qzJgwGF0qNwS5j+lB1g0U0oXR6vguqb0gYcA2dKH2tpj/CqGJVAzkZCd1BxQygTpewcb2cbnVG+lb1kixD/r3q2PBoviS56BRCHbwoLhHLSn/y6XOnWqcaBgpBzwE7aZqTWa1QnRtv0OtUkGilrB+SBcXvMDNc0Xts2hhsHuc1DCB4CsAaEY37SEHKJhdZEVHoAZ9dJzScMntcRTES4AjhHXoBUpNy6wvTTLwdw58dXLkxfMdVl4LZ9Lcoc+mFfgPrNpvkvYVh8X0HiDC1FLgoEU8IQXPPW1HJCTGRbPAMRwXXtwxpmDN0byEnLH81JfxvSxnNZkvLu9qRyWC+IRknUALh3KkqzalzpuA3btDkyGBFDSX5phITtTmm0R1eSJg0R/BbFAogHz6NA/2KPoz9TtNH0nkQfDqiYfYub2J+8w9QsAr1k+0Wew9DeAF9eLaNTJSUeDlvz/Rq/DJLyUfOGIpCiY4cecJ5nbHPvdIia7qM3NBeGE0ImQspjjXaZH9WSaUZ/sjJu26LRNj7qJP9DWv8VfxkJ4BuRuYqP0qlWYFd36b38EQbgTiPoDHZoiIXG+1/cfqTf00bKskMl/gmEdoyoa2OZRO9K78iZLu7JFmqL7MoEaOUiLbNHymp7U6QgBdvbqeZxYmcIiMfvWK9Pudxrt5ts6rUDeZgJ02IdZy3BpDIjFBu8OXBHf5U4f+EIjuWDI39S8FOFy7Nv/XVcz9LIqPfR5j1hO+5Gdgqmx30xiccJRM2QZUxh5vC4m9wIFyg0HRrXYF/m7FRiTt3m5VXut4jWMyUbxSNaZMHlq8Lof+Wb/nbEv4HiQxywKCmDQ2YWotJita1fRgXNFCiV+BaEO3MTozUF+aGugBT7YvnufheVrAEVtxRnzD84kTsfvg1uDybvxGOJsj41HfDNOyEkHpsagCj8dcaqtIOPmg42oGEeoGO8sLeVQieVA/OzwDoBk+fC0gwa76t99VANrqdg+rVmHI5rF532j0jXJR9Nr59mZF9yzj0ECHOyRHEj7OkBRFKS9hLshifGJ6GvSNjEm59ohrf4S3ZIfkLx0fZUjmIovXDc6nxaazTd2ww5ZH1P+pkPtFLaGTqvlEKEQJ1zekzBYKH+gze6WP/LK6q/8RianwKB/5kuMbRkk3dsUF7fh017ir2DA7+nedU3Kk7d7/mM01eQHNcIED/BprFGQenuCUl64rn6V7XTdAKWlhusF5fQruU2bXdjO1ojGh8topWyz8Wp7TxN7cRSlU7SLLnXcLuNP2DfrfwDEAL8HNn4K4LJLJAB0gZiPi5Hz9nT1J54mWdifDgaeHbijsWmqrDZwpE/D6hYpXTMU8YWOM0RRf/5ECRCCmh0C+BZvx1CKncsd6BBAa3uMoB4hXMGtMSSpT5ZkDhcoU5h2XNoBSjRLmmbDYraUk9VqByRanZ9zpRGpvb5SFF0OFzuELl3bDxlw0NjYEKSh1lMWSSpVaTDm1XdNcpajXqFmBTN8x2oP77tnLlPPrFbcoXdn6k3jmvTzYpBk0FRv582ZYaHhH0iXkrp8/R4GtWA5VjqfZ7pGSZSBIu4OjzjdxXvee0ZK5Z1kR7MfR4G0S0BGgYbTPdoy5exm6Xfwy3qzKlfKI0vni8ttjbiACq+/ImMPUmvCSgtqnGTUejF4rEDrvJLZHrybQQ83X7/QoXrt9MzJB5gR7xCr80FdsEgT7ZnPd+arZJRJfryYHaMsZ83FTikc+eM62gRm1Hj5TdCUtHgmgwQraH3+GGgIWRQVZRxZoPf1RlAYRH+9i1+BiqdLxqdBECA==,iv:vaQNKRMYwXIFl+8Q1IKgpEHGd+pAAGzn27sLNlqS5sk=,tag:DQrSrQ06amQRcFhHJvy9xw==,type:str]
xmuhk: ENC[AES256_GCM,data:7Si22B70Q/tM8iiUwhNKeMvCOXcDeRQRJsLNfmi+IxTRL1Xgj7nCYRihRoqk/kNqGlW7EiLGp/D30tbnd4V0TOOd25je4bVF3DFKOkvD8x9iJX5GwT5KA0Kc0uVOLawYT55OxxsdsjDvYUENSobdqgHNw+uBQM3cXc1mkKSarzhq+ZaRJpuPPFApORCL96sLFBTYyChgQDPSKz8zU2YMjurC5gQAgZVMXHw5WJdrd2m9fl/asUJlbJprISqJ61zKALYC/fYosAPZVvQfVnzp3gmhJuZQrhoLsGELSFFc8t4/urlIjGhi7BM8sAT+6ZYxGSKGcgqP3K6cavzLr8eIvuG3nnZxZJzelS3LscVtjLI5Ddv6Luyjn59Pc+NLDHTEbAM9aIRsL4TPLtW1ebqqCk+rkqxvP0zhLKnA25DKKYjOGlAydbCbxcCX8/l0gjtiu6MJkaw2mC1Ppw9OrO5f+GQRiUFIsmFTAMViiQ44gZxCVPCPa08hxgmkwRp/PvdH0+nzxK6IuBWZIZV/M712LGPT9lrhaEDT0PSyGwcHMWcVu+ziZHGbG+vbeSk3pyv5Ou+uvG1DUxAh/7cp9YLL5U90UkI3WSBsge2bBtURQLnQIrGyQO9xk+3heXzcfxYl3kL2ARA7BIvyXrwpd/77WmRPhdL8YCax1z2+cK7kP4HWOhhpXNcIPRN5qwuPVRJCBcSBacahJO6PLpbEJ0nXM5D5XY0s9COkWfIPyUNA0b78LHB5pGMP+rRF6w7OYNbniNM3zHZnNyw3DyMT+V8PBfcmj8p3KF0rgdD0USvm4C4B1zvKVFK2P3ZMw0K/L78Xp4bTx1q1eA9qiqe0SPPc1BvgyRksS49VYtL47bA380MOmvgj+xwW+qTEozBW1HxaCJuqJBLxIX8i7LXSkSSGL64QOj+j2Eulbc6Sgg1g82XKpQZivkq/yGR77zODEshlaVUWkzSFSVOFF3aQGK28jl1U3HZpfPCCx7uaXZoaNTwwR9dsZh+t5YJJb1oKRlzgIWo7DB8CJufxX64uSFT2prY3sITfAuH12C4TrmjwP7tt0ZbTVgtvych1MGa1PY2225Bs1BgxLRVSSn6MRYz68NiE8xahRqwkK1306+r1jPjuEIjBdkoG46MR/eo/OF2n1xXkyLkwQAFlsk0+CGuGFzAj+f/++s85N8/ctPINJXGt31uEooD8fcBNnDGBSc4YQYtpVWCviJaaE/fRXzldfKB73V4Tidyg60fDJCNfJI8r/Ic3YFBGiQGTH6beitg72mQuLp5vlrxBhCqGYsEZkW5x/wcoJoEot5rirQKq3trIrL2nTF12AYQbNPjbJBavnpPds2UctkiUM+JP3CIiolAvqLMML79fRNeCsvUtDqbHTGU53/qbx3NlkIIqF4JHbK8Ckr9WHnTGAugbMgiNKQ3PKlSdV+vG1clb3fbHgMWRbv4xZq2KdJq7iibGUEBvO5rqr9YngqdOxhsQmyAh1ibkIbtJh3TcXkNUcw2h/tAalxV1xmbT0Glp42GU0pgUr0aGkjepoCH8jYkmmft4l9qy8t8Gi4EdAe3ImdTqKxwpp1CG+hoR2Laqp7z7UpXkILYfZxHwQa7NZSok2WZXEHeZJbCciREqZAUOW7EtdZGG619XJ0YTWxeZl6/+1oOA6TUb/r1HnSGo+xfNhzUeQcDsyf4SWpr2X6IUP+qUnOciCsSFRklJgj/JCteIK8GKIij34ODehPKZB0BZC1fqx3mZbqbTN2RA3adJV4asKam6kAtExqhuVyv8Mn2LTSMKwMkCi8DLPtvFSqpicffSUkkAs/X6HNSVrUTpA4sjkqLz3aoRLAMrijMYz19dvgb4MM8vv0zYaip2RYxkLnl0VrBrrIaNWiHRsiCR7pTPJaE+0k7QRWh3Hk9yX3UADTMOy7SIrqGlz1uihPodz9DeWGZ7ddMXeabWrRIh+In2Hyvs0HdhlEWgYyIefVIWZpCWVheDNCPb40RcEKB7WVDrbXrn3zWqM4DFCeemvd705OTzF5LUQ0Ql8prYKw2N30fC4l2OT3LWr0fhdsgsLBfKojoVSxFPG0WLxfS2Hhu4Qb94nSJlvjFtsiNAcTooXZKd64+WeJTdfDEE7Z7VoGgU2c6LsIUpWjY69KZy9BscY2hZUZFBgM/4iznyOvtyiWYJP1cUy3pDg4aAcoF8xTB5oqpCjI97jxAOYIKWIJj7aOoy9dpoT8BWu0fS0GobBSZAyZ37rGIomPni2jQUmaBPSvmRTQhyq2qHpgTIUYzphpZ5pva9jQbYp8ejR+sUMVf/EKVUzFTG/YhjAzIfTjZePnoxw10JkFS+n0Nq5Qqz1aMK/ie7sHg2DON4z4sJZ9z6jR8KOKOVfBlrwOFYQ2ViG4ut3EHDBIu7qWpSrtWza4cnGnADhPTLh3wjqFTD/j0wRkR9Bs9fzSShuoG8Kgm6zlBUX2bVwb0SLSqFNRSyReXjPq2gjma8iJPT6o+aSWpIfsYf1FsQsG6rJFaw5JxSz2oyi8TSIYStJInjjNDgw4sk4/Xk99pwEnHe+sOUNNhu6BPPm3KpAKIKm6HNwZJK836qvqAqwtL/d5QJYwpc8EBuxpCvijJe4nBR4HZnFJfDH+llhn/tDe+GOVLs6OHtdU/N5UbpBu7k2O4mq1kQhc1uRU+H9l6KxPQ0vjnAvRhUjcqVTtJzzpnZ1wfFDWlRqwoCshT5Ohc3PhS204au3OUZWtbXEcWSG5Lh9Gs5W6Rw5mPplFFYZVisoGvv/KnoSpm6opYjoMSBobNWgi7Zu9IgtrjZ63ddmJs22zvE6UjaUpHOF91QOOwlNCVdwJ7SQXv6gEL5mXC4GdgUW7oDyprHysSbL2ec6KxsP+qXgPa/S9KYo5uriJ1MQxRDbhjQjkjq0augD7zgiX95aUDvTjG8GP8JNs1U1QMi1Xg1TSLyE45kbRIZ5WWuT5iJOS+SHr66Qpvg05ymHwX/Mt7aHLe27XXOSGmZoQPcr/6rF851No+o9qSdaeVAK4lvrcmE6KeQWsQ3pW6TytE6qdGWgW3f/SuPTKVIgNk8aPWH6lbTZc4RbZpwlxpMeFP98xcwfkV0dzmTVax3UAUdVCH/LH+LLT/tgTiHh9H29rI/nvvOP6+lSj3O6xUvArl9wFLo7txQtFc/BAmeUicVdHCF78Fv7E3hlGkL1PhURuf7DO4m8pTkA9NKN7cZUUGVF9DI4PVmGJSmvF36ees63CqDSb4ZTnRdcPt/chXLmIamFlugG046eKPKsQ17dk05UZqQ2Mw8A9V7jMeJIiE27ZnjB4mnn3aO4g8mGyuUDysWlRxTbBlW57whOXEFMdczp1Hvsn37+3GJgduYifrC4iI3PwrBM7ZClL8t6z5QecRLnRsRZDdLhpB2nePP4VU/JSYYy/Rq/vqoM/MfFLeJr+YMijAKO49Jdd4RSDDStrnbBq6snW9cyPlgUko44w==,iv:/FD0wfUdv26ZDkSneTnAkHoei6+I/YgyNrOfsDTP2Fs=,tag:rKPUUlSmCrD9iEKhZR0+GQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOUJWMm5xT040cEoxQit5
ZnhhQWVyWjlnejhzQlEvVVg3ZGVJb05iL1hjCnF5bzFTUTZFYkNQR0k5U0xmOW1t
TXhsRHFIeVBBSXc1UURON2M4MDlTMEUKLS0tIGdSbTdZdmdjY0dmNjkrRjd0VkhK
eWV6SDJqT1B2MEp1MURkV0E4S3Z0Zm8KX9lEjG4u2QRe1zH+13rbedCWl1B7vvl8
2iMHj1qQ4JkCeq83llEH5IuDXKYnKKXSi8l3nU/l6Aw6yx/KHDFK/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2K3VKTVJqMTl2cWxUZHhM
OVg5ZjN0VGNpVXQ5M1FKZHloZ0ZnWTZ2ZWowCjJIYTlhRU8wd1JienlUTHIwWXYw
eFY1d2MxeStBd013VmszbTUzTkF6U2cKLS0tIDdDNXp4OTdQRjN0MGdIOS9oSldU
ZW5PT3VYZWhDMkZUeHViZE41eUhna2sKc8J8mJ8ge9KMb5p6Xi/vRIIXZMEj6Ih+
LjLKsgDfMbqNqKaQXSvC3tbvI/dDoiStyCsf4rkTY9QOkyEI80MtXg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-12T06:44:16Z"
mac: ENC[AES256_GCM,data:/uuP0StTdBz+Z2FddjGDP7i5lZhT0z4vCd22twm6lzp4WkpSklX+YMPRddqvwT/zsJpJIFf1+vK9VtPZBW721SB7AZx4oC1f42adFHjBtSXO3QJPI8cfUx6wdvcjwN3ySXYIcf/qi34ePmFm9amr4xU9jzN1OaZhKUt5Y7kq2LY=,iv:RJUr4u5UKJh9X0xh1lvdE6HWKxnaxKoDi95V3Pj80f8=,tag:D71HJ8LgJrGIu31WV8KaCg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

BIN
devices/pc/bios/Bootx64.efi LFS Normal file
View File

Binary file not shown.

BIN
devices/pc/bios/DisplayEngine.efi LFS Normal file
View File

Binary file not shown.

BIN
devices/pc/bios/SetupBrowser.efi LFS Normal file
View File

Binary file not shown.

BIN
devices/pc/bios/UiApp.efi LFS Normal file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Default.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native_HDR.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_REC709.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_sRGB.icm LFS Executable file
View File

Binary file not shown.

187
devices/pc/default.nix
View File

@@ -11,52 +11,69 @@ inputs:
{
mount =
{
vfat."/dev/disk/by-partlabel/pc-boot" = "/boot";
btrfs =
{
"/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
"/dev/mapper/tf1" =
{
"/" = "/nix/tf";
"/nix/remote/jykang" = "/data/gpfs01/jykang/.nix";
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
"/nix/remote/wlin" = "/data/gpfs01/wlin/.nix";
};
};
nfs."nas.ts.chn.moe:/" = { mountPoint = "/nix/remote/nas"; mountBeforeSwitch = false; };
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto =
{
"/dev/disk/by-partlabel/pc-root1" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-partlabel/pc-tf1".mapper = "tf1";
"/dev/disk/by-partlabel/pc-tf2" = { mapper = "tf2"; ssd = true; };
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root1" ]; };
};
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root1"; offset = 156901642; };
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = {};
};
grub.windowsEntries."08D3-10DE" = "Windows";
nix.marches =
[
"znver2" "znver3" "znver4" "znver5"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX PCONFIG
"icelake-server"
];
nixpkgs = { march = "znver5"; rocm = true; };
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel =
{
# TODO: switch to cachyos-lts
variant = "cachyos";
patches = [ "hibernate-progress" ];
modules.modprobeConfig =
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
sysctl.laptop-mode = 5;
kernel = { variant = "cachyos"; patches = [ "btrfs" ]; };
};
hardware = { gpu.type = "amd"; asus = {};};
hardware =
{
cpus = [ "amd" ];
gpu = { type = "nvidia"; nvidia = { dynamicBoost = true; driver = "beta"; }; };
legion = {};
};
virtualization =
{
kvmHost = { enable = true; gui = true; };
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
services =
{
snapper.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares =
{
@@ -67,22 +84,44 @@ inputs:
};
};
sshd = {};
xray.client.coredns =
xray.client =
{
hosts = builtins.listToAttrs
enable = true;
dnsmasq.hosts = builtins.listToAttrs
(
(builtins.map
(name: { inherit name; value = "144.34.225.59"; })
(name: { inherit name; value = "74.211.99.69"; })
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
++ (builtins.map
(name: { inherit name; value = "0.0.0.0"; })
[ "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com" ])
++ [{ name = "4006024680.com"; value = "192.168.199.1"; }]
);
extraInterfaces = [ "wlp194s0" ];
};
harmonia.store = "/nix/tf";
beesd =
acme.cert."debug.mirism.one" = {};
frpClient =
{
"/" = { hashTableSizeMB = 2 * 128; loadAverage = 4; };
"/nix/tf" = { hashTableSizeMB = 128; loadAverage = 4; };
enable = true;
serverName = "frp.chn.moe";
user = "pc";
stcpVisitor =
{
"yy.vnc".localPort = 6187;
"temp.ssh".localPort = 6188;
};
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
gamemode = { enable = true; drmDevice = 0; };
slurm =
{
enable = true;
@@ -90,42 +129,54 @@ inputs:
node.pc =
{
name = "pc"; address = "127.0.0.1";
cpu = { sockets = 2; cores = 8; threads = 2; };
memoryGB = 80;
cpu = { cores = 16; threads = 2; };
memoryMB = 90112;
gpus."4060" = 1;
};
partitions.localhost = [ "pc" ];
tui.cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
tui = { cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; }]; gpuIds = [ "4060" ]; };
};
ollama = {};
podman = {};
docker = {};
ananicy = {};
keyd = {};
kvm = {};
mariadb.mountFrom = "nodatacow";
open-webui.ollamaHost = "127.0.0.1";
howdy = {};
postgresql.enable = true;
};
bugs = [ "amdpstate" ];
packages = { mathematica = {}; vasp = {}; };
user.users = [ "chn" "lilydjwg" ];
bugs = [ "xmunet" "backlight" "amdpstate" ];
packages = { android-studio = {}; mathematica = {}; };
};
boot.loader.grub =
{
extraFiles =
{
"DisplayEngine.efi" = ./bios/DisplayEngine.efi;
"SetupBrowser.efi" = ./bios/SetupBrowser.efi;
"UiApp.efi" = ./bios/UiApp.efi;
"EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
"nixos.iso" = inputs.topInputs.self.src.iso;
};
extraEntries =
''
menuentry 'Advanced UEFI Firmware Settings' {
insmod fat
insmod chain
chainloader @bootRoot@/EFI/Boot/Bootx64.efi
}
menuentry 'Live ISO' {
set iso_path=@bootRoot@/nixos.iso
export iso_path
search --set=root --file "$iso_path"
loopback loop "$iso_path"
root=(loop)
configfile /boot/grub/loopback.cfg
loopback --delete loop
}
'';
};
# 禁止鼠标等在睡眠时唤醒
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
# 允许kvm读取物理硬盘
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
services.colord.enable = true;
services.udev.extraRules =
''
#
ACTION=="add", ATTR{power/wakeup}="disabled"
# CPU
SUBSYSTEM=="power_supply", KERNEL=="BAT0", ACTION=="*", RUN+="${inputs.pkgs.ryzenadj}/bin/ryzenadj --set-coall=0x0fff40"
'';
boot.kernelParams =
[
# 解决有时蓝牙不能使用的问题
"mt7925e.disable_aspm=1"
# 插拔电源和扩展坞不要唤醒电脑
"acpi.ec_no_wakeup=1"
];
};
}

40
devices/pc/secrets/default.yaml
View File

@@ -1,20 +1,45 @@
xray-client:
uuid: ENC[AES256_GCM,data:XU7/GZ8cJmDwNsrQfoFHrquZT5QkjvTPZfnghX3BLyvPLlrX,iv:e/BQkZ5ydWD4P/qT9OUloB8/cXImfkG3YZnuIeNLoTc=,tag:EW3ZBzGnyIrUfcMeJqm4aA==,type:str]
acme:
token: ENC[AES256_GCM,data:e+ZPOwOobbShxm5zZqmIeM4cmP4JQT8kDQ0goKsSwpIKmJAzi8WutQ==,iv:ZKOzKa98yWTM2LkC4+rzA6rTW4afm3oAG4nc/2vk7Bg=,tag:Qctw1sk1SC/a6Xv5Fju8EA==,type:str]
frp:
token: ENC[AES256_GCM,data:0mE8/cWqHKNquCIiqgbjcNhipKk7KEfbZ+qRYbu+iZr7AH9QjfYZQiMJNp4Aa3JWwBLYAnpf,iv:ID4cc8Tn0H9b1CimXlPamMlhlAkafhRApDHo/CCQ4BE=,tag:BUuU/BCj16R7FlKlpubawA==,type:str]
stcp:
yy.vnc: ENC[AES256_GCM,data:IsZWkNGYHrbQcgvOSURDnA==,iv:4XO8RFBdNopLKYxCACmkXLMPu0wIVx64y0C7m2bsTVA=,tag:fMHzU9aQm0bRr8pTKwpuHQ==,type:str]
temp.ssh: ENC[AES256_GCM,data:XG9WpTR8Bw==,iv:XiMTPN8Gx1nNssf4r+VXTvUATiUNsOYJ2jeHjhDSyTs=,tag:JS3NlA4cs/6IA19PJYrStg==,type:str]
store:
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
redis:
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:oIpiXJvEoyryS4eEutoe85Af0L5a5iNuOsCWCat9KEhr2ecY/vRimk/1fbA=,iv:dm2hTSNX7Q38yASon5o1jxEJZbWPXUWYydXYMBHF/sE=,tag:yrANhwIF/wHQGHGA1bfPgw==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
tinc: ENC[AES256_GCM,data:qI2KAyJiC9m+IOzTQ7SFjWnjzzkxvNe6R2yxyK+C/YnEK4JdYqEETIMuqAUQxaSyHjKk9x6kDs3YPC2AyNKf+lc22YoB35Eo5ym+3+GDDPTL4wL4aI4xnGHVLH3JrSFHDyIbvu8R2NLnSy2j4O5Uj+jJmOz/b1xV8zeLbdoFwLgZCbcxvqkIwMlJdDGjAtjEb8eDkjtVzSRSPXohgYgmhxKZyA5/7c41e+/X6RIsHHeOD+Ppz5jlYAkRrsvAxGTfrMN2xTZopxc=,iv:E/8ys6ucmmaKawqrgumJdjTsC17F7Y0RgnHYfu3RIPQ=,tag:OZM/HG88gyF9TZXwHcd3nA==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:8CQLvoDuGtQ7PN+1SOmXF48dV/G6fDOiu6olkhSbWEjYcNO4VVmxtHw=,iv:rKBxOTB7/LXfXWVrBFBJeyn43R82oBYCxup8OzWvzKk=,tag:ByoyMizWc9Lpnt+ciYcszg==,type:str]
webui: ENC[AES256_GCM,data:G0fniAii8asP+NNTinHwrScrFVkFacoci6BvA24=,iv:ADQVIuf60eTDMwW7BAsfDhoTtsFKF5QDLsDkPAQxFBU=,tag:5siIJGNEa11EeHlurk1h5w==,type:str]
github:
token: ENC[AES256_GCM,data:59z1zSofzUyv2Qfn8oS7dZplzJDtOD/zxhPm07MLbVLHt8mE57IGcw==,iv:nZ4JmIE1h496RN6BChvqo7XWHjur76jP4HMgqGBbMJQ=,tag:pUSGsofG7hvkvJxCRwkg1Q==,type:str]
chn:
age: ENC[AES256_GCM,data:bxmGYdxcF0OTe8LIVuBUEIs1014k4l/UoN+k90B85FOcTSzeVuSbjpFTRgNDj68MQiqoERGy8mFkKC6pbDFhnlXyns3AsxCnoZw=,iv:U93Lo5JAxJzIdTTuVtMhfirbMA3VSCtP/SoZikDWLyo=,tag:Ld0wZK06PNuvEeXu6PysZQ==,type:str]
rsa: ENC[AES256_GCM,data:asERfFj4Wx2dIJr9rnZ9i2fUxYnMY8RoIB/6mOOmeBE4yZPc1zMbhUX2aFftTgCsqH6ZC6qi15k1YWlRHrJqqyLyIGCukIbRwPMtlowU9Gr36YSok0NFrkQbUT9zjlns8NGqiHJAPKYhFed20hjN+IhgnDuFxtDEjA711b88z5prlm+NpKQ8Ohj6fKLWR+xEj/+KHWgF4K4WJMIZxu+jfRagHg6nwJBvWJDPZJQin/ZeCMqvH2XZkgujuUjXNfNhBhOENgaFtkW8/o6oZCySBctsCFXkgRK/7YbTO+Szzn3rJ878QGPMQJLqSONP62YlzCPO50B8Gsd9wBz1f6RKZrmXIElOdTNgTyPp1jL8zOWlSb14n0gVNoEi32JtkU5PNXYr86rHUX6zHbjdSimqqmhZl6tvBc/cKNQ9UoJ1syIe4xzN61je9Va6bJJt+WBipfn72z3KGAgR6yucKh7RX7Up7iiVTaxpq8BTsfUWvd/1Ar7jQb3YojOVRcX7CE4Iil7L8v2vj7pP8ecmo/ejggQiK9iGqWbeoQGh/j7ZhAYdx0ZY4lAk/HUc8z9yMfTxv64WQbCkHIeAnrstfHFXjzkX8zKYiKxvQr4mSCuHTusZFJ58hXOtSwFmE9tg1EESojoFP08kE+CuSCEjGCHT8V0snCFDMTEBZzGQzXpNfPNPILUEWpDSZj+ec+fM5jP1LEBErtg4JXeCqWD42SpR9wJxE2vs+D/Yt5a4OohbbzyxvWJLYAOuNflIguEIthdJEIN69fGmOBuxNU5witRXKx2rGbsdnIqzEloij5Utxy6uDrh3qqSHvqApd6+r+mAHZRtEUqRkvB1DOMNm/5iDEzOjrw0GEF2meHMRDGP8EEuEvXiaMevyPL3RIWuxxlVZBDlr0a8FwTmNlaGas4HHtLKsAH17wjolTJ6Uz3xFT2+WhsyvD7cARWETZSUd+9UBgylamsebDERhiDOo3t6VuHNuNwp5xwxtNVje3dmHRTzkI1WLaDxYbxPq7J2eGCpSYb4hKoexuWZCs7ian3UTBnvLig5w13eXJmhsbpSjt8p7hnEohL/f5v6PmxrH/+OKA1IE9PApJ3gaptaDeLOWa3uKtGxKJMSqsZprpb7D3kma+Zy1H2txvmKSmTGwT8wCQymWo90OF2NZCKtcXxAlj//cl7OBF0BbEqY3XMngZnpRiQX/VSzddvjwAjtnhf3VsE1V5vXk5j6ECExshjPqQ5kOuzUY62hiOT0V0X81uVRhdx6QVUDpWL3fumuipc+fEm/f9mwuhgv0mGvrpVyFF16GY5ne6W/N1HWEBBuBbJUtxjUEttZDAZxtKLyKjZtC6qJe9GoHaDtHBba1f7aloVDMU18tEyqO/EyPxDDUn55ToiGuk6lSQPy/las8V7YMCxDbBaVeRczCZRkEKbRPyI+hTN3yF+bw0HDDOJc8s1DO+h6xYauLhCS9V9f/QKgrXNWpJKm+JDGRO+ZAr/r/AARSE8nKvNOn7ML0VCWw8pWSHNL7iDcsngpk82W+b/a1maVN0ujub6mKyWhtJOkqxFFirKvFJLx78SRDYTVdiENE3YKgXYKB7r0RltjXACbAMCGcqXYudoDShopN0+oRu6mDAIpnrFOJykr7KaZZuu9DjxtxMRXu9OX0IuXnJ6kthHL8i6IQQNPj+Ky0Gfoh0I0+BbyTPigN2c+LJVe823VXgR9oVc/kpnjZF0BSCJQePR68MTKspwzE1NMvVF+ofRPkR3uXJs46w3eW1NIcds+AkmaonyUOa9Nlt/wRbGzZhboV86n2zn8qHEvZZjYX/oMfrVezuCsuyYSnyCzBrZMz+oHf4m/poa0K7wZWczatT9tVaUIFGgfwG6N/PutyKx/kbaJEIWefZgMqqwJNLDByP0IhFEJQk6yGr1kMJOBoD5qWI2WLObYUZ7mlOvtaa9iJAwdlQTEPjCB6mSL0kcXmR47DdDi/v1fiJ3dBmNskUwoNYPmdAowRe+pTj7fTsm4aDZJV533g4BWG2HgHmaEpAso78V6ScApgNiirqe5QuBxFnGrbPeNyiT72X0PFht5ovD9HbaHCYkt10lzlkW9i0whu2YPUtiVtecijS2AndST61YLVEXyj2NDlngFoCOGK10yCPqon7n5QPjv3unuvArTUD4lIjg28gn4fQmhwN53KqhLgYOQ3lRQLIWGbR1DT9pPQtYtDtFTv5SpiFTelUZcN7MIOD8jP3g==,iv:Hy9rTArntNBlYLShRbs7gWL5kcabBd30oH/Ib0vO2LI=,tag:GeibYKs+2b91rA6On6KrcA==,type:str]
ed25519: ENC[AES256_GCM,data:zHHSiY9cQ8odPTu9v0kiLQ80ssBrzTLkihVboYdhO04fnH1VakzKNISj1mUZIsixdHGPR1Fd1gBr1sSA8I5tES0QsOjqF777Wwjg8en5foIwgr0Ue5jMFlIdM4VkFZVNQBOV1z8rsc75nEpP+4XiQ57/ca6Nlaye0zIe+8uU+06YO9vfRVE5II67DRAN8aoUeGKW0uiBGIggkxzgPd2+pvQuC1QPbEWwCuNP18azSRqrZW0XnE65tJn4wQhoUQBQIIYWk81CMSBRn5VO0KIaYyVI7VY+Mi+XqgU2223tqaaivt1bDHfhMCsbqXtyWcT8kwZF5s4LyTdK8mKaREwHqen0jRSsaEV0Yfy4Wgq74fSm4oaqAeZLLj0O3/SEDjsWSwdRW2IU6WpT4b9Nh14dBi670Ke2tcwgF3Q4fh7+nPN6nAUPQPtzxPIVrW4FCbB9BV79A4IPLr/dItjC5wrMpw6ibhMe5WF0FAxA0Vuhz3Ob6lqWsai5f+XvrIgObCnyb05Ing40u522dMLYRJt+bP2Xx27cKrgKZTQdZnzSmXdEQGzFH0so4rgMyhNl4DEhr1b2FlnqPbTTLZul,iv:B7lfJnud2IYPtoMPny4jr6xVsLUyIiKC+Q7ztVHuqvs=,tag:ShnpzJBtG5B4xJkPJqATKQ==,type:str]
ed25519_sk: ENC[AES256_GCM,data:Zx271cuqIw+rj13VDR/JRY0vSWMwg+mXaxfpePol+vbCmV3LhSa61OSMy2iWIg05Lz3jwf9XE8lUWIAiajNgcLRg3k7ftwpbTCpyxoLE0U0l3DknbccaqM9riSyHX1UxXV0HYIsK5jb+vBjaDTvBqmCTmd91cG9Sn5Zo9GxdklebUeGLVmNe/9ldIaZU1XW8UHWvc2murzjF2HSkYDAMp6eKcnUPSo5u0QVrPVbo6g3iziw7Gwag0Xr/bVfoP7XZHrTobRcse8Sd+apRTinU1bHqcuHFaPwwfHsj/w9VRZJMCpwgg2V4DWyMTKZRjTohN6PUEqBmPc93Ep1DH/E7GmrGvAtBZ2yB9TLhjVoN+xH3ITbur2NtIIN9a3JPnEMoFtJgX4f1YQhUH9c3h6URDxdWtmBe78RxQCMk7OtHZ4UmhKxoUZUJoZuxvnccfQ0QcjtF3RN9rzP/ZPST3Cxvu2yUOPySl27Yp+eKjIOJ3rdorC9D3UhKbbb57O1/ABwPAiRfZjr45+wvgCGnZkOJZiXCiNoYeyw8UHMgvsICZuRM2HHPlh9GX577Np7QSwoFkYiEBFGJBO8=,iv:WWEwRDersTZYC3fEYLjWMtUtcyWXh9gLKyJVpaj73Vw=,tag:bqIFY6oaUMWIqMVfFwe4dw==,type:str]
rsa.ppk: ENC[AES256_GCM,data:wCFbvosUbnbikayf/h0Z7gelFGs4quD2WQlZJcBjp4MiXTGYVxj8oNr3y6aqkmpfyoKd2J/vNJeMFEzqXkGVyH4JyvQaiR8zoedFVSWqusD+sq0DuWDzMpdPmosTdM2frqo+w5MHJ87ybCJxynFH5xVC08jbTABFdkLPf+LULmxtipy0Np6UQuO50+XFyT12r1ZxPxj8eXGLg5z0sRSM+97EdJuoA4gpL2butioiIfDJ8RiudnyfhPzoh4V96zZsK8eQ+33HcFQYhKbaPtOcIswK6FkBUyaKCg2odCMFaRtzgFWIKqAuvcMVooEPz8epb0OPajn58rMCwjEfNK0jFaD0yKmdd9ExogDD0cJfp3jK+uuV/UpLUczkk10c2lbNHZ4DHCsNRPgll6DxcOx3zJbF/0ua2Wmbv1VV6JoT58Rzq/Ri8DeeIBuF9tlItFGJpRLnUN0MaHD/V6myggQuo9aAuI9p6VNSJ1aV5noPONi8efeG7kOGe09jQcOmmltHM915khZ7Veu/Oby9ZDCI0TErLzsQiO40Y4NW5B4Gd801CaDPKSxxCdsVgaEWiZU053KzH0qa+0YwXt+ffanRGrY4TtLsrJdEmiF0AnOaWYs/znPkWZXMTSLPTk6Be3yoTfxxq1ggT6AWF9p9/nlMPdhkfLUrOnAV6uQq3fStKFq3gTCyHxNZ5dx/XyrN96Kd3OTCgflJbD8lCqABSH9jZwfdh06HZ74pB15yNGFLvhOIhJwn5E0H+WW26MkFUnDSWHz1R0vIJEKnyy3lSPRweFM2MxAtEMOBOjqvlN0C32oCEoKknM6t/S3s4lwlMtUrqsAme4uYlUzPbEVPmzzMRpYhr+UM+MoG4nmovtRrIOL0ELunU6nsEaxxiHymCwGWJDyD/7W9lh93lV3dGP7X87IcfTt9rTUj6+YJS2pqkycZRtnPWkVDlzkS/I8MOL90jIEk0/YkTRWbB5GDcJ8a878mKW0/YPcpfC6MbRsYPo6eDz4KIGKxHDPezRfnOJC/gs72rIrEiC6h7bfW+XGye5VwvMtZefXFjCVyh+ZVco45UPertfLqT9Ewr1mfo5SfgaBJHSs58IuV2vXyfIJeIdO8BXS/YEUxcmWAI9PG1gOJz9lSHbyrm8RtnXZ+f8NJNOT2m7zyF1cYfscGaQ0gTTSP6+0uSTWsZOYuc8rObFP5OU/99yIkDXZv8gVG9YrlAjP1RtwXSlsbzj9EYlUUNQyKYoMnZDwTQL9qlqQVuP2ndL7QpRg8lusnFHZGivgyNWZ6bae3QWe2yTgD5BaXH00u4sktdZsPHAVa6p3XMppmoSuVX63FVsimJ5qzDJp+yRhIbUAPD8KwHYrGLkV/q6SBV8Der184m/MbACv3dCGf3RHzrx4LWWtrpaqntTTbUrQo/BJagY6Vyb22kmFs2gpBB6VJJc4Srq+6RbuQq7Oo2PNaHjbLxkhFIqTRX7Z1/m0nvbuLIN3HIqtxzBEAod0vDUAhEF+Vw92tSTJmirEM4pEDrQn7v1klp67f+40Hlxt5dTXiOZO9fXr0jTF7Or5pnRxSQ9FvlzPDcMuaaiDuBBzVQABZC9wBNCWzUIhAF/RGXqv4Xs1oIpLrWzeg7Vo2QVHRTXEZn1mxnX4LOVFAfkvV6U09NW8T35qU7QyTqzl06jHqAutEPTU4Se6w9FqMEDZ2lMUZ83iO1u6Yj859mFLFRIguhK+cIFzIUOfcwUFKEH5RV741zx1wN2UMac3jgQwzkV70gz6h1Kwbb5B02FZCEaW0222A7A7oSkzuYFD7qZNrQTlsdeqsrsjp9XC95TZBBw/mEE62xp4sLV9UTgKOGSyERigawFfoUAlE8XGrbMIaHUgKBJKTMXAe7Ljc3HIaHczwUJAnYDsu48Pan1KZpF4CsiBO6H2lDVXfKl8GuePd9QkVgi9GFqulA9rWypk4hg==,iv:/O35CB1rNDim/CKsot0sWMM+qEN96vqr9Z4fVG1A3Dg=,tag:pKbid3MCW2I5XouRNXSk8Q==,type:str]
xmuhk: ENC[AES256_GCM,data:z51um3KAQodAHZqeLAd53wRuQ+s/vFISxNKu0uZQSdUAtrL4BAj8LBJ743CV/HkrqpaCjClK0Vnn7yhFY3+NFq4fFCIAjVRWdvsfHARKbWEufJtNk5JVn5dLahPCMq0A0ZEZwghJ17opHOVMY4o/QiTyyAEeuD+4zSAh6ofko159WVtK4gDwexgg+bb74EtOxJPxnyV7jdZczH72aD1gwd29WhzSuMiCIAb7SiRhA+QEpvrzKLcT6C2ZPqrMoPbiXD4z/UTfOSEtOFZMfdUFPuExPCCVnHcqSbTlXRRWUMFX8rxFLyWaUjOB4+rvTVDYLGZCS+rtPlgfFEhGs5LGNLQvzvXTiftyfi2xMfg2uhm+0RLUPQQvajbU+akfQbUQVkGi3BklNEQquuxTzedUws7B6OU7WCpgpLCGcg2jyT6AtCF54k3VOVdu0eOjlja3dI3knMixUaHu8bZ+g0xwJCbiab2eaZiDqhoDnCxeuOXBZTdCF8OvGiD5rneDf0r0H8q/7d+jwOvW3d+Pw64ObDUUsa5gzfqOaHNH3ktaRB52dJfg3iBCwj96CNPTY3vEvmNKJ4ruGpP5x5AZ57SfprHeoqXHp7cBMjypgEG+NrJlAFyUdeaO39mHKn9V/jq3bX6SQkNrv8oFPAlbULNyZbOkwEE4g+34H4uV14sEXn3k36tdVb/vX+YfF/FDWjg7Y/kZhvDUOek6Kbd/ps2peavVK0War4RjnJ1GKSUZivj482GnJ6T9exuNnnHwBa+VmONr+OYcrcTTcKwQ8TGWjewA1GT5Dtyphlpk7MJvoUw/i+JCSNbfTZwIDb6J5s89yEd9ES6KfGFMb3KMRRSnM+ozLK85EvFeyHSxhl2XQJQwEz/S7Q6eTKlOQESSIxLDqifOnhKdN/xVdEpXpy51v/x5dqaOYKgYnI8gx1UpsMR5AJKkF5ft0n0yHjz1UQc6ZSDdaj7t5u2EoYB9/lLBjC338Rtq2UPAPhETHA4IPvp3Vg34Z5UO8L1L0Uo6c7cbrTpVAAmbCwzkKbfGsAh2Zhz0u8Y31rMO8W2kqveaaSt1P71EVA1eYaxUUtaq50dn6miWuIVPTbY8AJ9lZVXOlbOoNLrh/wP3Rp43RClVeiEnxLD/EgRp8Vw3P4E6rbVpnP2pZCetD+WyTlnGx8QoC1dpiosCMlcy/M8BNwvqgphgQZrZhu2OT7WqVt/ie4QcKBg+Fje2lwU6TGjGEwwsS/taCWBjMrOBWktI/ZOW4IqV4/FdzuvYDsfDfplIQeFSaFOwFCX3Q0PLNhtL3fRYeUsK76eTCAQxXB+LhE6wJpxznz1cAUqZG9/lYmqe19rIh1P1UWdlnCQI/35ar7dInH+/D38a6PbtcmunHfuqSdXqK7KF03CFQCTLjhmy9DHo+15mAhP8m/AjvGNNnF4X+POc+1hnNSML5ZNS52dRJ4zaHgPmiXWpcUdF4YNPb92IWelyOD1kmzylXl4NFGeVA4D0yVWaOANAzoYrgydoyeq2pOGYEwmVRmJPj2BnUWr3k/t47cyZthRzZZsIYNoTvBCSgy8l0t+YuKiIZh6goQFRR6lpo7aTpEDDRUcNoq0Vq6fyClbtEvl0KZbFwhQy+/3uIiaEYvhUDcDKqOqoHqd1HE8Vs2ETsBbIeTe1IL9J35a+WJuUgkl9iUUrMoRLr7apVsypGBQ8a9mUe/YA9S6UH/+lFVk4aXczYMG2/d1BSAJcvroDbka2NntHZeYI4700wlhmMK6TkOxQi7w3BcNv2N164wf7l3FgtRGpo7Md+ryJF7y/50cyljl1DX9NULM/9Qw291A18TL5ZKRvJjGhQgBJOo67IV8itKYoSxsitE7cudKBT6pqDGsFhvbBusEBP0VpPIRIziwH58SkiJ1M1WHpgmp9pnIjRhiw0Nl/j0SMEGtzjlfaZsKwk3uGjLHkC757WU5mIcCiuPPl87QDTqc6/PDcU4r6CVN10Ppx7OsViCg5sH5A0+/Zj67NJTrdNO5iawTozo4alnMMhfhl5xpuFO8oXviiy4mAez8AFIjaYoujhlPww03w7/u52iIbiHFiNyIzMoo0nqlHKJ9MfI9fmTsxpD+2zF8bnatDkdiDRg+Gn6H1pfHGH/XxT9yIqVlMpzSs3WXEjgTcYzLwYDDHTdnkbd4pAPBkX5vXfptRLWF8wNessEvfOhm6IGxjyXiNipbhWNjRzvs8WohB8c5dfpqnPWEz3GopA7a/vTFI7elDZ5VoJYclaoAQpESnEXNupT/DiZcOGvyk9kupmwgeoE7kWxMy9Wc2mg8Do4sxw4yV6pvqm94Ne8Bu0OEd7DkHDCxuJQfXLL387HoXWgn+on603FGEIaTSrkWUx4T7AxGjQgd5q3t8RsSXsWVACEodx0AcqzqS98f8qOmZ4Ivqq8W2UCqVmY/GYnemoxfRGRN+mW9znfYTO57ywQA9HLJ9V8XYX1AYdeaWu59WUcQ1oNzNB3ZB5QQ50AmHrkJj0Zn92fgL8olp5rGoOtjHqQCewJlBCQKoWVUzsUZMAM6GQrXxvf3ORytTXYUW+zXOiKxuyZHg4RZ5cs+Py9hvquEFE3D92UI/iwkNvOLW38eeVdR4U1/qKc1U1oFkgZuB5EC+NyXekYgyAaqWlS4K6x0Q77UvXcsKxSOghDbKoFUw0kxXlxI1+MhAUECKopvQoXsADw6Yy/3VgzpoFvaj9lFttwSb2IIScgaxxciOwRaQIbSh6joWbWQWtEowK9BUObRKJ3ED4jS4Te+Pp43dI38fZ/+Ng3y4nYj/jdAqRhTE7jhSzdK8LYGcUrxOodTa28q3pHBvJJiBgQDEnEoJUKl7PJcggUdPbAhi5ywy28SxZ3i1qTeMu8TVjMwdkjQ/1hCeqWGX1PldSqw1cOTub71zkrj1m0rLY/noaWCOwjjaorz87UjcV1+k2NH2oZ1o4EXgybBrAlahAxD3AFKumkvViTe/lprYpbaecse6393K/9SpD0+Qb+WbDgq/eZ0FwsdFblAG4xLZUOpwwqCa3F44n9el+Cuzpxzaap7HUjyFxwSz2MsLGAC1e4tX9GD9e+g4f7XozPSxgMunNAuFsIbD680Y7q/cgpIGCba6oIWlpe6TJQD7EOh4/nAw4FTWuljUHp/1ZROpnLRG5oEOxIm8Wi8GmoRyhNMCnvZEo7LPfNJP4cJmiWFmtIhHRFzefr2o6roWM5mhZsZkxuMK5rFQU39TNo3bj03CT0OlrIqeEMFVxj1wjaPo/4eBcHC4hJKeUzdSp1cNlW+u0l+C1SpMsfhQvDGaD254i0LwDaYSSAJymG3B72UfqlsCOT9GEH9FUj3lNskX2FR3NXvT9et15X57LHjXOSmYjn9EuQcYRv2/476WjQqX/d2v57vGqfRQxWmFdMBTo5747pDo6eaXCxbql8jzgFncGxMqcp+R7k4j8T0Fl4kuSbYpQo2wunJp7iACAQ==,iv:gdfp0dUqeJegQuoExquRV9GTtMo3eL1LWFKYOm5REkw=,tag:jsSkfWALdHsoNevaYkJyhA==,type:str]
user:
#ENC[AES256_GCM,data:a4mHxr7bn7BV,iv:FYQk3yv3XgxNO9CnrQefo3WqhO0Sf8Mihfp+Iw4AcWM=,tag:jebxvG+xUidghf5dOlvDYA==,type:comment]
zzn: ENC[AES256_GCM,data:xBSve41JclBYQULPN7yV/1Eyo3u+CHAewVetKHwjvl6Te0kk/+aLx6gs8EpOJGmVaiSAdt6F2ayHXUD8RXXpJIOnnEHk88kqbw==,iv:XPxMLvlVtaZvpWnau5Jwlj/5ty5Zyw4F44ix5G64Z84=,tag:uJfWb0PCebdMtxXMfueULQ==,type:str]
wechat2tg:
token: ENC[AES256_GCM,data:PrZWR8WiZ7grkpTLqMxwbnkwZttl7n0e1lc1mdHJiFUWq/PqG2wNBC27C58jMg==,iv:02XHhfpN8YPix0REbJDnsBbvCwifbdwBwfuJ2glbvjo=,tag:6aWNqBfwulsjMbl+D6L9vw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -34,7 +59,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-18T13:32:13Z"
mac: ENC[AES256_GCM,data:iGNeV1hyiuhmLApu9o0IA75+oNJPp5I9ehTEdcVIyNQfKLeUbzcxz3tiKQNxxDy15vjtpBb/SicgSF60i6k54Y7KRRFadlRQ6erqZRj/6XlLqGwW0EKxN1EEEG9QNqMt6smA0WsdaoInmWWalaC14P55toU6LKbL05hSfSwtbXo=,iv:WEMF3u/8LwlIG5tAf25mM5IX7KHHXNpuhDxVzIAmZmU=,tag:PJc4r6b8ppQg/rcXsoDDpA==,type:str]
lastmodified: "2024-12-14T01:12:53Z"
mac: ENC[AES256_GCM,data:Ak+LR+PkQG1g9wwlfLtDN2Dm8GdGfbb0qA9Spb3X0LkdCSFLBWqW0Jf88gHB0j/4HszYVaCAUFs+OlTvTjOtboOCTM7tH6z3dd0sU+EMHeK9cPz9kmDlF1LFFhD8dyqytEwq8/xN2MlTmbVoYQvVoGsrD8tP0B9NBPaQiLMPcrQ=,iv:9DthG+HGB3lCxb85YpfitNw2PWYwpdqWTo660gTOUew=,tag:yAH6o3LkGfvKF1UOdgWyyQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.9.1

42
devices/pi3b/default.nix Normal file
View File

@@ -0,0 +1,42 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
# TODO: reparition
vfat."/dev/disk/by-uuid/ABC6-6B3E" = "/boot";
btrfs."/dev/disk/by-uuid/c459c6c0-23a6-4ef2-945a-0bfafa9a45b6" =
{ "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
networking = {};
nixpkgs.arch = "aarch64";
kernel.variant = "nixos";
};
services =
{
# snapper.enable = true;
sshd = {};
xray.client.enable = true;
fail2ban = {};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "X5SwWQk3JDT8BDxd04PYXTJi5E20mZKP6PplQ+GDnhI=";
wireguardIp = "192.168.83.8";
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 32; };
};
};
};
}

33
devices/pi3b/secrets.yaml Normal file
View File

@@ -0,0 +1,33 @@
xray-client:
uuid: ENC[AES256_GCM,data:82Xg9VkmkLrKKcZfojA7dHqqMZh45n+eL4T5qZ1z/xy9k0q5,iv:/2j9flBDwjY6JW2mHYo1S2VE+ruu6gxrw8BzSyoiPcc=,tag:iq8wzfIRyq1T18k3vStVGw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:8whySpY/4WPWx2+t7IOgn+qjKCsv+BgRtaAFLrP8L0fV3TJdLob5vwDplHk=,iv:kXTDwOyJNzbjPtlzQqNsXtuk3EXFdF9CAsYkvImbyDE=,tag:tsK9nCMmwEb0c08rJ3Iwyg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TzU0U2Facm5yWkYrREgw
a1Fxc1MxaHYwRWUzUHpsbDBHYVoxb1NKVDAwCjNuUFlabzJ0aWtGMFBQb05nSlRP
akwrWDI0QnZBYkFmSUpWZFFnYmQ2aDQKLS0tIGlIQ3lTREN4WXgxV3pNdjdaakF6
ZnppV1ZRZzZ5Smt2NGsyRndjTFdnV00KaWVPGLWPnqINH6AHKS/84kuYy/v1v4Tb
QdehcMiq5ZF5XLqOX5sMDLu8h96FIklqOSTZNFkzr+s9VYv/UO58rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTEZERkRSZUdSN2dySnlI
aDFjdXFCWnlJZlpYQmR1WEE2RzdCaVp1WFEwCjd1N1ZpMUExZ0ZBWmFwSHg3RUs4
RkRYTjRMWmE5cTA4Z2JJUGgyN05HSmMKLS0tIFpKZmd2Q2k2bnNYK1V2ZnNQNUxH
aDU3Vm95ZkpvSTJDMjJEOFY1ZjhrQlUKLdMYiOj6tlzwLpwZsTQVSQ8hHart0ba3
NS7+SprzJRb0hQXrvyU6s9zho8dPOw8wiGbscmMXSVS/Kar3eQigmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-28T13:31:33Z"
mac: ENC[AES256_GCM,data:fuppF9gFh3O6ZqJRTcVxNqVlz2y5f4xR39JIeInKblh4hNhrdnQg7oh8repoZeXHVRewGeGyxSqzUg+Twy8J+q+d6TSmiDVViD/SHse5rPns2Egt671geF7JmGEB/yKSCbECjGCp0QFgYYEg/vUOaV3v1a0s7LLTE/t2haPIaYc=,iv:f4T7JGxKB3WmEtETuSH7ApKRJ8ptPwZPfspyqc8+vmM=,tag:GF5br+e/p6qHsNCTjfIBCA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

29
devices/r2s/default.nix
View File

@@ -1,29 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.arch = "aarch64";
system =
{
fileSystems =
{
mount.btrfs."/dev/disk/by-partlabel/r2s-root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
swap = [ "/nix/swap/swap" ];
};
# uboot 起始位置 0x8000 字节这个地方还在分区表内部除此以外还需要预留一些空间预留32M足够。
uboot.buildArgs =
{
defconfig = "nanopi-r2s-rk3328_defconfig";
filesToInstall = [ "u-boot-rockchip.bin" ];
env.BL31 = "${inputs.pkgs.armTrustedFirmwareRK3328}/bl31.elf";
};
};
services =
{
sshd = {};
};
};
};
}

34
devices/srv1/default.nix
View File

@@ -16,11 +16,15 @@ inputs:
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
};
hardware.cpus = [ "intel" ];
services =
{
snapper.enable = true;
sshd.passwordAuthentication = true;
smartd.enable = true;
slurm =
{
enable = true;
@@ -31,39 +35,43 @@ inputs:
{
name = "n0"; address = "192.168.178.1";
cpu = { sockets = 4; cores = 20; threads = 2; };
memoryGB = 112;
memoryMB = 122880;
};
srv1-node1 =
{
name = "n1"; address = "192.168.178.2";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryGB = 112;
memoryMB = 30720;
};
srv1-node2 =
{
name = "n2"; address = "192.168.178.3";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryGB = 56;
memoryMB = 61440;
};
srv1-node3 =
{
name = "n3"; address = "192.168.178.4";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryMB = 38912;
};
};
partitions =
{
n0 = [ "srv1-node0" ];
n1 = [ "srv1-node1" ];
n2 = [ "srv1-node2" ];
all = [ "srv1-node0" "srv1-node1" "srv1-node2" ];
localhost = [ "srv1-node0" ];
old = [ "srv1-node1" "srv1-node3" ];
fdtd = [ "srv1-node2" ];
all = [ "srv1-node0" "srv1-node1" "srv1-node2" "srv1-node3" ];
};
tui.cpuQueues =
[
{ name = "n0"; mpiThreads = 8; openmpThreads = 10; }
{ name = "n1"; mpiThreads = 8; openmpThreads = 4; }
{ mpiThreads = 8; openmpThreads = 10; }
{ name = "old"; mpiThreads = 8; openmpThreads = 4; }
];
setupFirewall = true;
};
mariadb.mountFrom = "nodatacow";
xray.client.xray.serverName = "xserver2.vps9.chn.moe";
};
packages.vasp = {};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
};
};
}

39
devices/srv1/node0/default.nix
View File

@@ -8,18 +8,39 @@ inputs:
system =
{
nixpkgs.march = "cascadelake";
network.settings =
networking.static =
{
static =
{
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
masquerade = [ "eno146" ];
trust = [ "eno146" ];
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
};
services = { sshd.motd = true; beesd."/" = { hashTableSizeMB = 128; threads = 4; }; };
services =
{
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
wireguardIp = "192.168.83.9";
};
nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; };
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
samba =
{
enable = true;
hostsAllowed = "";
shares = { home.path = "/home"; root.path = "/"; };
};
};
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
};
# allow other machine access network by this machine
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
# TODO: why?
networking.firewall.trustedInterfaces = [ "eno146" ];
};
}

29
devices/srv1/node0/secrets.yaml
View File

@@ -1,29 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
tinc: ENC[AES256_GCM,data:tQLfvn0hrvdMx1WjWreSU7PwWhLFE6cyesc8EATRG/HiXOdmOo1Yx3n9VNywmzSdj+zKXcagnsRLX7/MsFJqnifNZ+2+L1+eMkSmP+J/ia3gwsJuLmh3Knn74d1njya59lJvSlGLJGtxbRdzd/Jx3cSbOVRAvOjLiYI+OjXgmoio8EmvL9XizVcFyOeNTG9IETSjygmCg1r99Mss0aBfWl7aTQmk1WHeEZFauS1PF9lrtEjoB2GeRGIEshW2ruecM3irDhxFNS4=,iv:SjUiLHoh3dvoT/fOuwKUSKvIm71ptZH6h0HQeNw5Lgc=,tag:/wW+LdccRODyZ0QTnxvW8g==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUpac093NWh3bnZqWkFY
WGorTlk3WWJRb0RYVWVQc1JacU9GZDhFN0RnCkJkQnJoTkZtYkFEQ1JDZXA1Qzdp
dWxtc3RFbUd4TEZobXBQVWVlL3VETVEKLS0tIExoMUNidEZob2dtTWhmS0VHbDJn
RFNiU0xMOG1UNVY5TTYrcW1GTnIwb0kKyCl+eqpGtqN047+t1C/c1prIaP3tm1jk
1ObtsmGwCxDyIkayqB3WF9DWhNHipXHZXrWT+JQJTD30BABBex+ufg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WXJ0dmh3RTBMci9pVVh6
cWsyNHVub2U1RFhLSnJPSFI1S2lGV21nYm1ZCll2TUQybmtaaTdYd0dGSXVNV1Y3
TC9zbWJQOENsQm1Nc1ZwUTMvczJGK0UKLS0tIHJRemNhdWpRa1pkRnhTZjhCODNM
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-12T08:54:25Z"
mac: ENC[AES256_GCM,data:FqqrUai8MNxO6gPQnRNqoROdQPiPnh42ixQgkWJxeBK3dnvNGCNAWtfUopnup6Qo0TcmAEQ38rmYFZbGlFLKMon0atov3tFmyvIAbOhHDnWxp+bTGDJJjw9Xs3vd4Yukd2ag2cgyS5hV9xO0N825oT3mzJFo6g8CukBLF3BH+kQ=,iv:3sfhIcSNVZsPw3tbyOjNi04NWpV+Nunx4i8d/RIsXtE=,tag:03Kx+HQ4uSR5QxBlBqc9Dw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

56
devices/srv1/node0/secrets/default.yaml Normal file
View File

@@ -0,0 +1,56 @@
wireguard:
privateKey: ENC[AES256_GCM,data:egNwovz+DTKoaGs/QQXR3MD7AImGlMlBnYsAZ1nuYnlgTVPM28aiLJ4iLGM=,iv:cFcf/sjqTmGqceNwHnzrhs1IvhDPRJi5YkyFVpjrsrs=,tag:yUwvNYCHjK+7+xkM2cuQNQ==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
acme:
token: ENC[AES256_GCM,data:k5QU1aHvd/hSG4yncffSwnxQvhULHd0I8wtrXD2FcOH3SWswkmzMOA==,iv:WB18Wsl0nxUQ6Om3SXP5+0BtFbNZ8fCXTyPJqj6a9Ik=,tag:dKpr52W7Wdwws87r3hQxqw==,type:str]
users:
#ENC[AES256_GCM,data:rNA32tcCmriP,iv:No3Hyee58jDzZaXOD8SJYzgQXXs58oAddwC5Q9mo55E=,tag:RgZO7fgZkAr3Pawqt0dwmQ==,type:comment]
xll: ENC[AES256_GCM,data:kq6gpuxBRbDP7Yi16WJrrsumnSfersI2kP5pT5efn5CjbL65JaW/Bff9P4OM6b3J21ObT0uRSmParBqW4OvN/UA4KXDhibqwRg==,iv:GvpNgy8kREgxp9v0cyIobgg2ZrrxylMmwq1hRaAoNA8=,tag:RpD/1FjWVglzt8sIAjjpsg==,type:str]
#ENC[AES256_GCM,data:nl+uNO7GVV4r,iv:8hUmN4uWOqJE0g1aYA5dqQq+0oCpYGKe//yuECpmyBM=,tag:79XibRYMadJNE5Uy1O+4Jw==,type:comment]
zem: ENC[AES256_GCM,data:t6zd/9ZoJWEkPhKyfaUXWQM2Y2unpUUq79SEKSt8nmWCQxlBk4PzMX031CwNde/0A4G3ARyIoU8vcFqp8NaBMA64INccKccrGQ==,iv:QOKpu7lm6uiPACNGa0QvHP81PP/4doS3r95h8/nexcs=,tag:J85l6pYh9WT/LyMbTrw+vA==,type:str]
#ENC[AES256_GCM,data:7SGmLzQyXKWo,iv:lr7nM0r7eMc+sCNO8OgwwELH41zTk3W/1i+0rnTc+9s=,tag:ZOkLRhEsFXX6bODu6wUyiQ==,type:comment]
yjq: ENC[AES256_GCM,data:8TF316O4M3UDoSA7rjBn12vUdHOcWXtrvuhqa6K65NaMhHU9rMrPHEikr0tqe5B5ojhh8PRRe+X/Dq19L4rJXThRfzdhALZzsA==,iv:2plZ2m0JuuUMQqYnyETCPH9x5jnLtNl396zvv7ay++s=,tag:X7YSLQOE9xnC63RWCht3GA==,type:str]
#ENC[AES256_GCM,data:yclOn8oHwLYQ,iv:Ba7Q84z6e9/3lv43wdN+bd/aqO/y5qR5I6Z5O6o7U6E=,tag:ecaNN9MgZqDYBCbTlsOZtw==,type:comment]
gb: ENC[AES256_GCM,data:piD2eh5iUXnCEkEyDULPkjbEG4Uc4izoVAuscbb9TPr7Q9WhCJX3FGRYrQp/wmZQ6UETR1jTejtbT9j/kI96BcN2onlwO/lqvw==,iv:oFWeoDp3GQA8aR+/AcJnhkovOWx7MgHoCKy5xdPIJMo=,tag:n2E+zuKckNAU7mOCJW+f1Q==,type:str]
#ENC[AES256_GCM,data:hfcOjdrvK+YD,iv:8rUsS1exsOx+2YEgdATNcWGKqmaCNbpY1EEq1Gv1utE=,tag:Z0lq2ctHBWDtx2tyxOSIBw==,type:comment]
wp: ENC[AES256_GCM,data:DUfGQpSg79W8KD/SWC2B4FqoPGoCrd1miczAQR5YApD00QopMmeDR28uTmHru2KU9DsjkdnWEbgfM49CwXt5FFJennqW36oYbg==,iv:D9+3CMZlJIHm+u14rAEikQoBM3jBQN8Lnx22DN2EIg4=,tag:ZegZmI1kf7Whcw3EE9dwPQ==,type:str]
#ENC[AES256_GCM,data:6pwUu43Lu5/h,iv:lZQ5F8v9VZRGuUoEMH15JLvx40N08ahTEbdEoKEuvsg=,tag:zPMQy6d9/RcukBO1cyeM4A==,type:comment]
hjp: ENC[AES256_GCM,data:dqoQ9hUbptm0//mlcFRrqLh1NpjxFPH+4jeyMG/x9Zvkszw7d71jvkO8KEPBfKnXpPBP2lvFyEqooIMWQJPYiIszHt2f0qSC7A==,iv:5nRcsaylcx74tQR1KddEpZUhmcynMvdHCcJYA7wfJnE=,tag:bGVKD1aDZJUlFg/zagP/eg==,type:str]
#ENC[AES256_GCM,data:Idordi28++/e,iv:5TR6Z14yluxPhrD7ye2mXEQpD53qS9/ZJIZ+S1sTqco=,tag:IkmLWXdxDmFQxtpJxL61pg==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:JuNtb5SRUrxfyjWFn3Be7EU51j/HlwiOpuN0m+Picf/2Bs97kflGnqGKstVRIjWEn4WzqscSaLRsbP9uFfSBHeJ152xfyOqkww==,iv:mQvIC6v+1fziRDYHYSFMOKof1ZcoFskpQDiCAF35sa0=,tag:0IL2VvdMorgE6oziscAB8Q==,type:str]
#ENC[AES256_GCM,data:kyJP952K5atd,iv:TLMUPKshuWqbQ6koiZ9eTXcoDS3jLXYy/gCZbMGrRl4=,tag:M2tLLogovoG2PCojt9CJ9Q==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:ifWnLx1YEewdviqHK8fdesM3c1m1T4g6twnz1cGv1yc4jit68pQWLrRMivdsM4tUcyU9GKwCaElVlvh+dgyy8EZQPKCbvJX6GA==,iv:T5FWReeZ0QOkGJiNfrVrUBhAhbXxlFQJKqQV2tzw9AQ=,tag:XClXGZDWGuoGxzPW7ne2Pg==,type:str]
#ENC[AES256_GCM,data:t8QUVYG4v7fE,iv:N8hDAV7wulPHcfnYTXuZRhb9dQPZqKpfMKK1+ITaZTA=,tag:eKMJDOmqoWWQbv/mm3LaAw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:VlAA+g7SRZyhPSl0Gd1KS7dCwNgRA/o+d8anN88A7E8bSE1ckeTSp+J4YrbbUlLasLhliOZ/nDC0rti+hckGCrjMwweMorSIWg==,iv:7u1yNrN7uxHCF1MsJ2qt1jyQ0ZYYCYKUHwRff50P9oI=,tag:3raCWjdButfmcdy8mH25Jw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUpac093NWh3bnZqWkFY
WGorTlk3WWJRb0RYVWVQc1JacU9GZDhFN0RnCkJkQnJoTkZtYkFEQ1JDZXA1Qzdp
dWxtc3RFbUd4TEZobXBQVWVlL3VETVEKLS0tIExoMUNidEZob2dtTWhmS0VHbDJn
RFNiU0xMOG1UNVY5TTYrcW1GTnIwb0kKyCl+eqpGtqN047+t1C/c1prIaP3tm1jk
1ObtsmGwCxDyIkayqB3WF9DWhNHipXHZXrWT+JQJTD30BABBex+ufg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WXJ0dmh3RTBMci9pVVh6
cWsyNHVub2U1RFhLSnJPSFI1S2lGV21nYm1ZCll2TUQybmtaaTdYd0dGSXVNV1Y3
TC9zbWJQOENsQm1Nc1ZwUTMvczJGK0UKLS0tIHJRemNhdWpRa1pkRnhTZjhCODNM
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:23Z"
mac: ENC[AES256_GCM,data:n7MVBKCUW4xpIiVO4ysBqlG89LjzpDBx9GJWQTrSenLWV/YrIGUxA6QDlRg7yhqV9ldF9Q7hDve1KHw7OxKRx5ot5OZiD3Bq3TwJfS2DarJ2vi9oc1J+CXXach8gp3m4C4RkPJ/y1i3jB2nRfSw5Z/TtdPMbvGXlHh+hhriAqxM=,iv:tyBcXMZzgeUOgYJtU1XkptPOlNoFwH+4z6xTD89aKOw=,tag:apXU989ZL+D8WhWKFTdXTg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node0/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRTJCOTJqclZqV2ZTb3NG\nSUV1VVNnUVpqZGVCc2hlTVBkQUVtVGlQdEhVCk1aNjhhbDZuajhQL1l1allHOXV1\naGRoWEpTZ2haTFFqRDhlclEySjVmMXMKLS0tIFpPdHZvekhDaS9yam5GSEVhZFlw\nZGN1QTVYQjZuUXd0NklqdytYRjRSNWcKC+AmUlZiefdfnP1l/sbQHBUaZGN6ciT8\n/yI2ed25uFGwCo0h+yLywbuNQTv7AiBFM3R+KBSjNDkFSgiGfblVNQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VHhFMi9RZ2VjeUxqTHAz\nZklRbkRGVkg3NDR2elYwbXRHZ1dSQTEwNXl3CkdidmwwVUZJWDllRVdYRWM0WEtX\ncXlHbnlZd1h1Ni9UTEtHK0Z2YzNHcWMKLS0tIHl5ME9UaDBFSkRXeEh4OWNRajZu\nOUdGcHA4Q1I4dS9RMUV0YUZBYmZyK3cKSxvVdG+P9+esK3miJdW9BqgJdEMEq4iS\njWgh5lmSQaat3UzjkOVPPp9Xu3DRpzTFq+dM8bdGDTbzAdrUhxj87w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-15T11:11:36Z",
"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

21
devices/srv1/node1/default.nix
View File

@@ -4,16 +4,25 @@ inputs:
{
nixos =
{
model.cluster.nodeType = "worker";
system =
{
nixpkgs.march = "broadwell";
network.settings =
{
static.eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; };
trust = [ "eno2" ];
};
networking.static.eno2 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd."/".threads = 4;
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
};
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

27
devices/srv1/node1/secrets.yaml
View File

@@ -1,27 +0,0 @@
tinc: ENC[AES256_GCM,data:s/mcjWKxEp8f6OgAUqkHg8IHA/coBtht20pqSdwGp9OBRta64xyzszeS6o8uW1cV65vm1qQR9XkC7nmBx7F9RAZpMwEYh3anAfzWvL1dd6nNl9NLaz9eqrRGJJH4lyMAmErQRF6epEe2Z0kfs3icsZJ3p8rmWSHjIETFR+pQvepTzLXfz7mi3EftqFxK6o5LXe6t2df7PD5q7x8loB7eu4Qyh14NrklgMifmGoNBsGdIBAiqbZ+3xMt2VgEk4wc7X2ZmBJFx19U=,iv:343e5eRAGxwhb4ITadyKJOcvCnLp5emgz737kBmYlig=,tag:O/cwMZJofSKxMhzFMBV+Mg==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:UxZlTqBDV5K3ywwERYYmW3ymTnioFQ7XS22I8ab5mdeI1TnD,iv:YR+07MWd5E97lz5iwMWjBLhd1tP0okhnodnmbWCVWxo=,tag:97EOKuBMdEm3ffdQuphMww==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRXgwcllHZmZHcHZmZllq
c2NrbnFSaVVBTnhSNk9Pb1ZSWGp6UlVaanlVCkNObzcwUlYwZDdyOTByOXA5M0lz
QTJQMFcvWGY2VmZFS1kydjJSWmgyazQKLS0tIEs0VHZJckcyZUZaWURqZjdoQkVI
Zzl2RUFBRCtuMkpidWU1cmZlZWU0OEEKyMO8I43PiG+1Eu/8aKuNPKeA50P1bSyD
Nv5xyKaqcs6737Gw/zk0tY7EkeeruDfemxgsb527g3hYogHNXr9oOw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcEo5a2srUTlhWXFQd2FJ
YmtBMzJqZE53R0J6TG80UWxMQ1A1WEpFNzJFCkJBSWQ3S2pTVnpGZ2JlRnpBYU1J
UWRKdEduQ1JMQ05GejVaakZYNzh4STgKLS0tIFBMVTN1MDcwVERucmoyWm5MQWcz
cWpEMWU1TjZKbnFTWm4xY2QwdWx3aFkK0O6p2piq8RKOcSTT49i0pnlt+gOk+QMF
r+EJU0zobWwe3PrDg8jjw5HpMxrpDzHcD0XMnVQW0Fd9pn6n4VfpUw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:16:01Z"
mac: ENC[AES256_GCM,data:IRQxlKzSfCkAYESUDAgmkMAzhOiaqBBQC8ZniMKPM/11VlHGQpV89qB1NDSisdrCqFi9Iu4/iG6g6W/mc39x/V5MLdrQO9G3cGm568KWzh3rBZmD0wlkuCzQP1phFJpeLpg1BLWLn4i0nIWE/ER77pVtV/iA/vOWj0lmDb+GWvg=,iv:AmH3GJjPw9QMa+1utaXkqIfNuXI2qPXUrEVwPF3u1Io=,tag:fe2RiW1r2TAyftPcsuvowQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

50
devices/srv1/node1/secrets/default.yaml Normal file
View File

@@ -0,0 +1,50 @@
users:
#ENC[AES256_GCM,data:dgM035YLtZfl,iv:h7pHQ6YFa4hxcHMihQTegHmkaCMlfPtqdCqvJxSsXt8=,tag:V2v9C2TfErIOAihtTQpnSw==,type:comment]
xll: ENC[AES256_GCM,data:/YL4vowFLFbbYv06yaKWZH5UNBKs0L6LQ+6O0IsiUZpgW5fGfp2A5JTlH6ne7RGyyTE4GNId0MC7byQbTHHwO+5zVYWpzjDCfQ==,iv:5/VKGsIohoutZf3F4Qj8PruAXSivQ0zsg1pwLwZbCLs=,tag:/vsrCISEbgQ7HnubWOtKow==,type:str]
#ENC[AES256_GCM,data:oT8PFxQdwEt6,iv:eD/wF2toUAT991S0aO7NklpKSnMDH40+73IhU83H9t4=,tag:mxxAUdfHgC/hlvmLc2MlAA==,type:comment]
zem: ENC[AES256_GCM,data:RpmSTr2ZKfUNWg5vYbKB00AG18GNQs+kgx82E9Mg5hoc3HKmbAyIzjxloMn/Bw3MOTnof6Cf1ZzVCs53Wz8YbZFClLEVdKhMKA==,iv:NQJQOxQa/RaGzvGgarq5kWL8ojB1bejEiqJUCJLxgyU=,tag:8cFFQ5kKpZji4YvEYOyzOg==,type:str]
#ENC[AES256_GCM,data:keNqy5SdClQT,iv:N5LX7VJEwLHQ5HsFINs6LupP3rv/XAWFR2e/S52N+Oc=,tag:cqBh1bL1jAEk3mT0pLDd5A==,type:comment]
yjq: ENC[AES256_GCM,data:TagWplgUyhaEAuFpup0TRIxWXIEGwsG/V+gOo/pXSGor30B/BF7+wVozYTZ/iSN7OJJw8I7IZGvxvh0v01BGz1RQO6MEEpSj5A==,iv:TeXXYlhfae78cJFdZk0Nnm24sP43wi9UM80vHwKfXFU=,tag:lhae9Ona5OMlTBAJg3PiIA==,type:str]
#ENC[AES256_GCM,data:jmRMNpJLMqEo,iv:UOfzRSPDFsJ52sa2FVaQsVcU2P2bOYPzh4JLZ/8+hCg=,tag:8rCEYFELB2geXhfUjfZ18A==,type:comment]
gb: ENC[AES256_GCM,data:RneeGyzmdxCceKPzOHaTtS1l6NzuS07NYBxYrLICMLWHPog08FTINWEZx1JmqbAloVna3wE43kPPa9s1w3VbtPBhzRpTVZfUtA==,iv:1vu79FhPiWQ2/G5xzzBdyc790yv/aYKIQFPhaDpBmoA=,tag:vkpT1bDfVufBkDmOs7RomQ==,type:str]
#ENC[AES256_GCM,data:swW/4Fii+fHz,iv:9UZ8W6RY+n3XZkDCxSP/CQQn1Ji+mo2aqgmG9wTF/I4=,tag:2ifOyc0oGzM1iM3rouvvMw==,type:comment]
wp: ENC[AES256_GCM,data:/cIBL7orNYqu6Ybahdd1UVdTbS1SHr3GGb3ib4FDxPUlp/Xr4ARMX+01N6pOahVYwE8Hwp6nr4TdvwFpe2/AE6v2rbyclSzJgA==,iv:ZGwmAgwiC15K5NhajLCTiuW2mLT2gt0KUicDFmMY+JE=,tag:8rcoY6/weOkML90FyDfiSw==,type:str]
#ENC[AES256_GCM,data:6KbDgRf0Lmsh,iv:2vhLHgIzhCrdvQ7w6lCPKOmLlOVRJ5gJ+Pw5NSiMVVc=,tag:E6PwWCsUn3tZwV95zFbwhA==,type:comment]
hjp: ENC[AES256_GCM,data:0hzP2t4ck/0GVa2OoZxETCSQvp0QYN+0MJYl5aJ5hzSOXbwBPlTcIbjckpWDacx4iKGw+skhv1Nhz9lGrhgvddzqb/o1GWkKUw==,iv:OzKTIxDm+AgDAy4rP31kts0PKHuNqBZWc0Vsvh6X8CY=,tag:7Y/6qP+TJd1o0a96gKq5JQ==,type:str]
#ENC[AES256_GCM,data:PQmtt6/8T8Nm,iv:ZDUkaQts3hUQ1nncynoGw8gNV9jYvnXz9rOaqRC6yLE=,tag:jN8sUWnqoWbMlkLEqVKNkg==,type:comment]
zzn: ENC[AES256_GCM,data:YNB9leH/qgXpApA+bnsZiBlfbQSEiOoqhDgKCbwz33zPVc8KRShSS4kWEseiMlYLv7Kfbfy94cEKLOaWBjuRmMrODmC3HZ+rtQ==,iv:Ju02Sz0PHoBftz2W818hmXQ3J/fzLacWv+gy4eGXvjU=,tag:B6mvgWUclyHXgno07jhXQw==,type:str]
#ENC[AES256_GCM,data:UVi9/5NV0ySV,iv:E7ZZvvf6lNJdT4esykilJxhpTu7gqmu9w4w8rII/RSk=,tag:pnl3G0qt7ZzXlA9YWo7LiA==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:M4LHqgN/WYk9Nh7Pawft1tplh/FiADu6GoyImyLGBk8rbNNLT5AXuNYGj97tVYxI0Hwek+zhnmcjAWdDtmkVzE7TcD1WAZbkTA==,iv:GN/jHnEikITXkLRR/tXnhYiTE5bIDOg1d9DrYeASoY4=,tag:hkoAHHYX+q1topjXkRyK2g==,type:str]
#ENC[AES256_GCM,data:EVL/9hYcFl4F,iv:EZ8PMqklNEky0i940vwyQFXrgBoQRwwGDjBgRB18KGg=,tag:cnQzCU7XZ0EO6ojGaEk4Dg==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:7HOyyFtPjhxtvz3cG561aslZ1Ct+DmR290XOxz34sA/vyA+gjvHTWoIpKPGVzSU8vGfaLLV4ta/nOUsK/VfUj00ngwTdkEDkrg==,iv:rkDAE24gaE7MzOcIUX87oMyK6ra0Pt/vUNrIV9p7aFY=,tag:24NTkSu8Fd785uC2Lwr2XQ==,type:str]
#ENC[AES256_GCM,data:sa3uVs8+996Q,iv:eN3S4x/UROkZWV3U2pZpvULgoPdh42lM/Q+jZ13ohsk=,tag:IG0q/+ti4tthAejVp7MCPw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:jfeQWLGUWK4xfgRtS9RjjN76D+JLqTF526SI0XeYnUXtCsKhJYE88hgVnn7m/Af9g1OCj08+UDsM8cyKOJj3+m6h+IZQzCS4bg==,iv:Syf3SYAFvOtfOy4PeA/PcYbuUnABk6f5A+OmZYtdwv8=,tag:cib1RuKxGffjB7R5GSxotA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaHcyMnpWRTAwRzJ0MTFi
elk3QXNqdXQ2MEttNXhBOGF1Vlk5cW12YTM4ClRkUm5zUUo5NjVrNnBlSFFPOVVR
V3VxVWZQQ0VvTm9KZ2Y1L3BpRkFDTjgKLS0tIDJadStsQ1Vya0FMa21Da3ZhUDVN
RVVTQXY2NkdzbVFLY1pYYTRLSGM5WDgKbFabN/iH2YDJaSXdm+7EebKS/As1zH43
HjUp2LHN85/WQEx3VheZRGJBwpNn/Tdunhm0yTdNA1jpzQnO9bIMXg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TTlxNWhMS0dJbkZRSWsv
MitoM1NicmJzbVJBZnhUbnlJejBWVzU1TmpnCkxrVEs2eEE5VnVDN0NNaFZ0b3M0
SXFmc2JxblAvN29Eb2ZrR1llZkp6cmMKLS0tIGdQMjNIRXY2UGIxdGk2Q2V1MXJO
R1BkT1hoSWo1RlJnU0pCdTFYbDFoZmMKKF7cND1jSo+neTTJ+GwW4T0RTOX9mbME
58wjAtkrKSD2vDFMQ/vtPNiohAt6RMdClLVm50yh7Oh961YmvJYnbA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:35Z"
mac: ENC[AES256_GCM,data:UWDwXUfk4R9CfgU2gv1NZsusLq5+VTsvjGQNst99MuxLz4sox8CZuuYsDLB2dobKrJua107yqhbM8Ps42JJVHZEf3WHqP08tRbdIWNVoakYR6UJlNS3WZVR+LlheQI5PfJqPqa7VFgZeSVm7weIPCHqvHt+ak76oyJK1VsI0f+k=,iv:VL9s+LUA/TrOsJNQWC0/v0Yh+hT8uh2vitc9h1xHBEY=,tag:iA8yMpm+0ANAC+2BLN9Agw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node1/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:GHsftJ/b50XSTy3wCX/ms8iGhs7oQMrqw5R+7PxrjAm/VzcYJbAQjYButIeNYB2/r87IGKDEMAskowocqyuhamTZS9n6eElDBZrEoUXc9J/lZvXrNqBa2pDsR5a58X6Paj2kMn8Ke9M3vwHcgniEgZtC2h5u6VwbgPMZniqYT5w=,iv:KhGKrf0tXdLb0sWc6kB9lXjj9jOU+wsy76xGFRmwdz8=,tag:s+NBphi1n00GflKqujZcfA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYWdxSzIrQzRaVnh3K292\nVGkwdWUxanpQbEllWlNvaHBoQ2VYR2pXcVZVCk14ZmxlK1pSWnpCZC8yaE84b1Ew\nNTJUTDErTUVxZzBqdGFORDc1TEo0REkKLS0tIFZJeFIvd3BDOGkwenMrWlAyVHdh\nTzRHNU02RWY4clJ4dk1IV3R4c0VTd2cKeX/tLKOnkbcAhkgCY+T4XWBgc7eUFecn\nfqd6Kxfg6P75OT6Z4ACKsHDGznGk8fYk+Ms67MSCGzr1HXaR14/eVQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxODlXSGpsYk5BZ1piSUhX\nUnlTQXpycmV3YlhLM01SMXZ2ZzFXWEU5MVNZCnVUNFRUTTVNaWVUZWY4dklFMmhW\nWUc1azJFNGJTZFVlRkdSZEd0eUozbk0KLS0tIDhUTFE3cHpFblZTa056R0lscHR4\nSXpoT2QrOU9mcDV2ZjR1bjV4cHZCdXMKyVyxBRY9oyhfj0ZMVRtjf8TT0qRJULwN\nosghj6bPqOFl3C9zBne1Xn/2mOj5lkMZP6MAMPtaW8nvsf/LkZx/Hg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-16T03:08:59Z",
"mac": "ENC[AES256_GCM,data:SjmuJVeJsamHE7Yv5Lvoyjp0CysTo3K1nyJgPI7KKp21H8Xq59g9/zbth4pCdIMHyt43MNUXFkhYD/Ox9ySoDEi2pr7H2kM9fcFM0W/ObM/gm/lt5jTLzzS+OkKys+Yw/WA2nIStSNq7rAb/SKFbHvj1P9YBsJxlOnBzTW7uu8g=,iv:tNjnqRX1D+vY8w7RxZzo+HdfjK9pXJpB5MKnb7EyUXk=,tag:PuLU5zmUH14ZxuTUPIz20Q==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

38
devices/srv1/node2/default.nix
View File

@@ -4,27 +4,41 @@ inputs:
{
nixos =
{
model.cluster.nodeType = "worker";
system =
{
nixpkgs.march = "broadwell";
network.settings =
networking.static =
{
static =
{
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
trust = [ "eno2" ];
bridge.br0.interfaces = [ "eno1" ];
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
fileSystems.mount =
{
nfs."192.168.178.1:/home" = "/home";
btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
};
fileSystems.mount.btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
};
services =
{
beesd."/".threads = 4;
kvm.nodatacow = true;
xray.client.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
};
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
virtualization.kvmHost = { enable = true; gui = true; };
};
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
# add a bridge for kvm
# 设置桥接之后不能再给eno1配置ip需要转而给 br0 配置ip
networking.bridges.br0.interfaces = [ "eno1" ];
};
}

27
devices/srv1/node2/secrets.yaml
View File

@@ -1,27 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
tinc: ENC[AES256_GCM,data:vDPVgWBFmzDvF98/oJvJ6Yj0rDkkTJGYYRJrLY454fzg4EOyGe4FwR1GgHqFeHo6e1Tk76K3odGiUGyOcWOtTCbEKKIli76/P9KCAY6sItTwc1xsPw540vIZXqFv0/lNladhgGznXKMQ4U9bzKuM+KcxmLlTE2QGJAhPeFox7OQmSYba3ww24+XXJaGWL1fZZaLFABZ56bTggNmY2z+orThg2i5yMrO5TjaGXMcFsFJg7A6HzDCv1TuBNRPTMeiWTYqSDFQGUcU=,iv:T25lfAmdpPz+mWJEPu/NK/2PFFP6jfphYTijjEg5o7Q=,tag:oTNOi81SZnsDEjZVTngoQw==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WlJNWmp2VUxpcXR3NE92
TnNuLzg0SVZKdmt1cEVZU2FodXZPdmt6Rm5rClhrbDh3SzFlMU9LVFpEZDFLUGZZ
d2RBTVNCamNBWFVEVW9FMjYxcUE4Rm8KLS0tIHBwYjlMU2tnUTZweDBYcmZXUC9l
OWFUeE9xdldpTUQ3cDFENjU4YUVwSkUKp7yZGpvKMSm6rvsoPbcaqVznL3wzGEXB
OGzrmgY083Gyjb5P/0wPY0ShGMWfWQW6vGchoqVuwr4oHKT3APcrIg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRjBjdGFEMjR6QnQ0a3Nz
c2lmVWE0bFh3amRULytZOVhYS3dkL2JmRVhVClVQalh1WjJqcWcxT3ZXMWduN3Nl
UzdFNXNQUmtaaTVIVVFVYXkyZEFPUncKLS0tIExrTDA0OEJzQklQOHNJZzBJdzJP
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-12T08:54:06Z"
mac: ENC[AES256_GCM,data:XUduuj65erI3cgddmtVLy5PnVPzqMk5y6ikpE38G+QwN+/ZdS5ZQ/FD/BWnXFohH6gk/ClBhS6EJO3G4e1J0yI1HngHjy6SN8Hpe9EmfxrQEyyEGb4/NS0vk0iMDr76nqlb7+dBreYdte/VQakOxvPHlMWYPZZ6oQvfx9k+Vsz8=,iv:uUiaNgfvKz1+5d0GHVFWEeAMM4kBKGON3xmTq8XDVeU=,tag:/3T1+DQHUWuONNBPFavIPQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

52
devices/srv1/node2/secrets/default.yaml Normal file
View File

@@ -0,0 +1,52 @@
xray-client:
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
users:
#ENC[AES256_GCM,data:bAA1+Mx9xsFr,iv:5GWh+DyuRydCKm8K1kaiTJIt4ReEugHFnKYfan6RAE4=,tag:VqcWjIMIYhkSj6f/ZclTVw==,type:comment]
xll: ENC[AES256_GCM,data:lqzwlETuKuKa2wh+ickMFiWyprcnIBfRBjri+NWoltxib/LWzEEbyetRc4AKyVaBiDhsOTw6MazPNy2mhcAFwb6pM+QKce5ntA==,iv:VaGQux8MJNPZeHwDpM+yJ47XvOul0qRE8xVdSWjYRhY=,tag:rBWdTPmJX9YsP0l1FtVbJw==,type:str]
#ENC[AES256_GCM,data:AgppEXaJcXhQ,iv:gI4nUzfy7w9yqaWlT1NYk1cHdErCJsrlilwYSGxxCdw=,tag:/A6zwbvQdhX9MLfAdXIVqw==,type:comment]
zem: ENC[AES256_GCM,data:t0rCwed8EzXbEuwTabzSLUd/Gln3YD9IT56JNVHwlodAvFYwtTDJe3cy7K17TmIkL1Nk/hAGzQ2BIZJxaKq7A5pSNIUO1zqMUQ==,iv:jSKCoNKQ5a91kK19w5mE0lJ9lh391ACq64UtLvJ4kLI=,tag:d6+IrgLyCw05vvLcCF5+yQ==,type:str]
#ENC[AES256_GCM,data:s39KO3hHcrOK,iv:ICtP2r9JMjcieHZdyHpj5Z1DympJUcHq2jPpjUwSOzM=,tag:Es3YS+mEg5I3SIujfs50jQ==,type:comment]
yjq: ENC[AES256_GCM,data:gOc59J2eiND+qJJRwLYvTymfrjWNRWw8IwLxDdS2cSu0yTN5SWF1eEg+tYmDqqhPmXkIlenL8VyIZD2P+Qi+Vi7l1pZMnneRCw==,iv:TsWOmHlClMgpXbNsCyvs+wkTvvKViAooA36+O4eQesk=,tag:jp5ZO9tlCPNTNZXWXCUEeg==,type:str]
#ENC[AES256_GCM,data:JmmZl+8nta5Q,iv:qWGS5i+ntmJ9x3HFClVdfypQKqSTUx827OFu/wxx3HQ=,tag:SzvgJtIQb1Z02GDwkAhveQ==,type:comment]
gb: ENC[AES256_GCM,data:pgwGyp/QC+h05grD345pJrJefm4NWd0e6mQEzrsqCbjMi9Ak2nUD+K09mIKQJ39NttC+NQZezRmKUJjDBH50s0O69nBlPOJtgA==,iv:ZLm6KUzD8fTq4YpxhdYjtp7bbDjP7Sy+0fnDO0W5GY0=,tag:H2mNHIQvHe+3YzZ9ITVdOg==,type:str]
#ENC[AES256_GCM,data:94hwxSaMkbIB,iv:4Xjukoo7rxeu4SWjwFeLo5fwSX6a8mpkTOIpnOnR/Io=,tag:XOjY6ziyDdMNo53NFSjcJQ==,type:comment]
wp: ENC[AES256_GCM,data:9/aVAQskZyQrfhVFVHfpdTWDLdoP2ZO7gG6bNcRpOJEBle3V9XqVSwmLViIIysy4XxoR3cym/7WXB96O3C8feK7sbihaRpT+Dg==,iv:WPnDArVKqV7u3EIQ0CMectK1W6gXKOo37oOybyob3As=,tag:1R/0qjRzif4/sTFSs55NuQ==,type:str]
#ENC[AES256_GCM,data:RluXnmnn8CAI,iv:OqzKfed5CARE/KKur0GXDpLBqStEva7YVoQMQX4+FnU=,tag:prOaqWk6ARxEKvnhOnCZhw==,type:comment]
hjp: ENC[AES256_GCM,data:Tb9vCi68B88UZc/ZVSxEI+esKOLlFcAPAaMk9FDmkBycZmzDjHfkUKCxVcOMtqeNSluVZ/5IFgowaYbk9ncK6yoYTjXjj1Z0lA==,iv:COs+ijt0h+UygyhWDQV23NRd/xBcfeqz6CO7D+xw7t8=,tag:RaIMaGrgHkidB9vqLR6cNw==,type:str]
#ENC[AES256_GCM,data:pymPvP+KjTd2,iv:g5tmBMQevuzES9FVlRten8Vzy5nvgamDNPo6Vy018T4=,tag:sMYZAyyAzEyS5CsAyC7xtw==,type:comment]
zzn: ENC[AES256_GCM,data:CJ8cOBjblYIc0GoiPnIbbWfYDfpQW5u31R9T/P0/aVuxi6P44wYYH0posVGthR1laqHIlu8bzgeRyTbBYir/Mw1AGokAnFLEPQ==,iv:dJXFcZ9f3xe3rcPzOLd6AMFh6EyJXlv3/+uR2x9XYsw=,tag:4I1WqtloUSXNeQ6AlVPY5g==,type:str]
#ENC[AES256_GCM,data:r1Rl1+lfgMad,iv:9RGwiYlePcXZFDxw5uc1yEwZ4N3lStmE1cGmsj5dPls=,tag:yGChsxZtIzDjMUgIkd+PdA==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:IIZpTdr5jpidbxYCQ+fODOHdoWI51upPI3yxYlrAAd+RE62t6PzAvHKFmKPivbHmQS5RZrJXE7zm9JtwiodRmPl0pYLxYNBpFQ==,iv:WQc1pOungm1gEqYPk/MITbjs1l83ikcys47CARRgoFk=,tag:sS2mXDIWl32ZZzDtictv9g==,type:str]
#ENC[AES256_GCM,data:VtrWQKVtCHtA,iv:ap/n2HxQ7dgKOA8rIfenv9LOwwAh1na8+I9O/k/wMxs=,tag:Vl03ortuZ5OS2qcBMnc59g==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:fkxYmHEQnCjx/srKBgjreIR0S7mcXyl1h3H80PFsH3A/yCGnJbFCGK1GW1++Q+tziOnEWCTLZ/l9dlPuB5BFSK7iHiVXtkOfVQ==,iv:z6duWl+LFpS5RJnCGxb3yvgHp96uJYoSsAThWrbGYfg=,tag:AKWisEg506eOgdp/4tLU7g==,type:str]
#ENC[AES256_GCM,data:e8HuWaLrvHx5,iv:ZKvfRQtOMV6v3MSCDVoPEsxldI+ZRYJBwrKAD8YZzPc=,tag:tPL3IyjC8f+S+6MoMJSd0A==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:if1S/3AxNLkWvDQJom+4EPRBOpkAPNTkEcqHHLAuEJATSNLlIhVLOPgt10cM4LWx2TdG8V2TcZip9qnr4ABHMsPF5vm6Y53r9Q==,iv:Rba0So8DXJrSC88mjwT8j2AVy84TPm0R6AVf2ZmXNBg=,tag:qiSeYLrw/6QJ7vMiPEZ66A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WlJNWmp2VUxpcXR3NE92
TnNuLzg0SVZKdmt1cEVZU2FodXZPdmt6Rm5rClhrbDh3SzFlMU9LVFpEZDFLUGZZ
d2RBTVNCamNBWFVEVW9FMjYxcUE4Rm8KLS0tIHBwYjlMU2tnUTZweDBYcmZXUC9l
OWFUeE9xdldpTUQ3cDFENjU4YUVwSkUKp7yZGpvKMSm6rvsoPbcaqVznL3wzGEXB
OGzrmgY083Gyjb5P/0wPY0ShGMWfWQW6vGchoqVuwr4oHKT3APcrIg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRjBjdGFEMjR6QnQ0a3Nz
c2lmVWE0bFh3amRULytZOVhYS3dkL2JmRVhVClVQalh1WjJqcWcxT3ZXMWduN3Nl
UzdFNXNQUmtaaTVIVVFVYXkyZEFPUncKLS0tIExrTDA0OEJzQklQOHNJZzBJdzJP
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:42Z"
mac: ENC[AES256_GCM,data:tb6UXalJcNqd1bCJ4pdWQ5lctAXMrwAJsGagNIjtAklVx/0vibEBTvtVdI3CSNA3OuDguyXc/ECGEqlPNpoRq/F5JINfnirEbaBL6KhNkFxaSLVP7mu1u0KH93qhzA2j4jofderpxj+FvOOMVZNuZkrcSPDoufPA/ypY+YaKuu8=,iv:KPyXi7AD6FSmoZKYUDh2zLZnArvdcHau5XZHk8CbwI4=,tag:7T1jUJ7eNkY9VYt2eP+brg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node2/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:04fSLZEkne1LqLZNYpy1tFlKTVUgQNuX9L3cL66FVHD+LqGAyWJGlAnduY+fQMZdDhbBdeEnJKXjyQ2jdDCttuqbPRiJQChtD7ztf+oiP877N143iSY2G245aCjIrAzmFORkGZaQT7nD5oxgCPiLqJzkNPzgjN4HIDsVoYz6jtw=,iv:gTbiJmdXN/62/t53ddfDrYlNLe3AoujT4G03eFQXyZs=,tag:eAYfhXPERqsVKFSkcm+Abw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBb3JtVi92M2JUc3dKVzRt\na1kzNU8ycE1LTmdVZVNFNDNJZmpsTEdCK3hZCjNXajNpcGxXMDJxRjhPMmhFd2la\nZy8xUFZNZXhiVHFtbG9xVmJ3Q2d0NE0KLS0tIDlNWEJqcSsvQTFzc2FxL2F2bVVs\neS9UenMrYXNKbGJVTnZzN3VscWlrRk0K24RHbcTz56GV6AbQt7Yy9+1NClMpQFtk\nf/NO2RYuS0ciHwkJQEw7M48iJuwTSiv1pflXXkNvkl6/I7wPgS/eXw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSjFQbWd4SUhoOExTdnFk\nd3dVVytZaDAyc1F2eUowdmY0azFKbWJ2Z2pZCnhYQWJtVXVjTTRvTlI4SlVyVHh1\nZlBZTlFheVNKdzN5a0RHM3RkTDhzQncKLS0tIFlpbjRUSzdzS3ZuMW8welNRODdR\nWis0ajQrdUNqVWcwMWF4bVlUaWsrc00KfL/zF2RiAanljrNhRT99i2jPvLySMWXx\nEyzYRuTH8ZGXsX4T2VAPjreBt1ahJ/EgBWmCLibEVK62zWfdquAZKg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-20T05:31:41Z",
"mac": "ENC[AES256_GCM,data:7kp2KNU4O1yuBdu7cxzg8BytPWiP8hQ0/mWVKPPn4BXjFleyo8KzLC3XZn9Ovt2fHWiF/4hMreOPIDW1W+8n/DedLa2G+zkHiQDVBCyiLJ+FCELvNPdDwR37RvOJ0Oo3RtQaSK2xBhNwS2Qs1G7DemEGFrWXrZ/SeCG5H6bI4X4=,iv:zGG9jcC3McICjeYZd1aGud+VaUhLXg3J/demAqM4vUM=,tag:RINzMA36WfaTRuEy0cTQKQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

28
devices/srv1/node3/default.nix Normal file
View File

@@ -0,0 +1,28 @@
inputs:
{
config =
{
nixos =
{
model.cluster.nodeType = "worker";
system =
{
nixpkgs.march = "broadwell";
networking.static.eno2 =
{ ip = "192.168.178.4"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
};
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

50
devices/srv1/node3/secrets/default.yaml Normal file
View File

@@ -0,0 +1,50 @@
users:
#ENC[AES256_GCM,data:uBjvj5Y6SIk8,iv:WxYu6Xkh2T7kb3uLqgkJJtHvCmWyvntcGfCKJfSfSmo=,tag:ueHbPNX3KOVO9RdQnw/nog==,type:comment]
xll: ENC[AES256_GCM,data:Cp2wBFygUBlZnf0oAAxB5L8/qD/LwKksp0YG4Ic7nay8E8kXJGSYDyTK5AdeVh8/MxLgVVY6LMWtUOzFe3WU1u71pgBGF4x+yw==,iv:wXfcHuJzqWmm++vysZW3z4TLEOkgWTUF/pqFDfgwny8=,tag:k9o2yp1AksTGOgREOLlprQ==,type:str]
#ENC[AES256_GCM,data:4CsCDEg/UChs,iv:ENErjaF65B1dCuD56/DCqe37WSCu1q28s2khMyF7I8E=,tag:q9mxHCAsuDGygseYU0pRDg==,type:comment]
zem: ENC[AES256_GCM,data:cPDlicY4vrQ5VTyfCVN0zH5EIV8kH2xqlFEUkmwO3TmKV69Qx0nE+6yiUhENKR72zY3p5w4ZFEtF7maqqklWvThkeSs059aFpA==,iv:g+nASIzOUZuyX5MCFcKOJKsKTQhcpSY4sIKArlVZh8o=,tag:WaAYcxHmFs6/EG3oy56xJA==,type:str]
#ENC[AES256_GCM,data:fu6KBkGEtzD/,iv:OzClxptcUbrbgmYYoQYcInG5Tl6HrjSRVrt3iIaSrqI=,tag:kc+AxJ7UI45j6eW69CiBkA==,type:comment]
yjq: ENC[AES256_GCM,data:QGpjtIrtio3Jc4kGam5cjqCHZJl2c0wWQAD8BXXhiWfwbQF+sQSTk2V3FbvOlHjqcT92ab8qWCCFjIqBH4DJUq+z/eleX6Y4wQ==,iv:aky2Q2kpEf2EhcR9UXIAyf+BSW9CIZCGbyZCp0l3X4c=,tag:RHLILdrK3duFA2iZDDigEw==,type:str]
#ENC[AES256_GCM,data:YUQ73+HZk69O,iv:wY5da+RRnPpXOD5+HdKkyYZ04ZpB3NBtRjRq5Utzlvw=,tag:BE8MhvbxTkn3rG4Pe/zitw==,type:comment]
gb: ENC[AES256_GCM,data:AkPFt/GGyeKdYtY/cW774Yi4rrxhTFRzXe/hf0rbwFESwf4pwgfdcr9e3bp6mfmNy86CCDMsUVPtg49q+DV+9CwHU1ETe1vIbg==,iv:L/kLfEjt3WEQmgAXjOAsnE2Sp45DQP9LLKcZe1FjnVs=,tag:HluImuMHEhiE8yAw3fjNQg==,type:str]
#ENC[AES256_GCM,data:WCkGncBugE2H,iv:ZN3edJuEDKrHo9OZs0jbU1ATI5+WpfVul5i7SK51ME0=,tag:rgxwqwPJcdDNMnRFlxNplA==,type:comment]
wp: ENC[AES256_GCM,data:n7S4got9Q/7s7rZQldnB1wJlB36uqjremc1UDeUmzs6I9Gp9YPj7dJBDAHBNzWruo83ciP6PygHcCmHzBojISgW/HdD5j9cgJw==,iv:ymjB5YWxJJXBA80a2MPYHXBV+bNxUhroPWu+1GJo4XY=,tag:GGVz7kzBrSomBityyZBdvg==,type:str]
#ENC[AES256_GCM,data:2aKW2wBhF2oG,iv:wXRX5ZAr5O0c/H1WvzK1+kG1NbZU92h89NgXB8lHfMk=,tag:gAW2oQxz2dUthyNvMlmxcA==,type:comment]
hjp: ENC[AES256_GCM,data:+9MKYP96nBdLFVcTkpSS/hiTLdTOf5+Rs3dpUus/ym7gl2+aA2rGtlGS+ozALeUV1seNlVAuyhclZG2dH9uhaudlQvQw5ntAzQ==,iv:eobXw5ahEl9I2HlXD+y3NtGFOlPulk+aKVFxuCRe2+g=,tag:zt6MveyltO2xxThG9grZqQ==,type:str]
#ENC[AES256_GCM,data:WLU7JBd7ZNES,iv:GkmmM1n0Squ0rundsz4Q+1dkF9BcCaV1hID8bt/gmxI=,tag:MMukyZlOeE0CcnI51VYPWg==,type:comment]
zzn: ENC[AES256_GCM,data:5uNrzv43K/TQlGDldxqUYscDoEduTJdRz0jgd5dBh3N3bMNHulZbD95IVAj87OkLgdOtlDPZz3DfB5oxKBVcV0XE/E7GwJKILg==,iv:SB/uOB1SdhC5zGCY/OzBRY6wgGQLwKYuFgekxZpX1Y4=,tag:ckOxmdXvhQjGMPssoLeMPQ==,type:str]
#ENC[AES256_GCM,data:xLPmYdIcIUz7,iv:NqaKJJgyMwfVfAYgEAMHXo1qLYfyOHhIcV++lseKcNQ=,tag:qXDuROf4A9T2H61KtrQUpQ==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:izqFF2JD0ZEeNlqrQ9sJcEcrnp/WmyJL46jszmR4fLwrFGcMoekSfOTkzjO8upogY5fIDsn02dwh4mLX74vA8DjeRTaDKZyyfw==,iv:lknYrGgDFQen2w8mtLNHewQXara1ikWvGdvVA8a6Fyg=,tag:EiiMBUhF6YOafD7MCIMA5A==,type:str]
#ENC[AES256_GCM,data:Zt6KCQ3chnLi,iv:RpMBGf2zDVWN13PpTr0Zj18ORdIZT2u34BestCjyLsU=,tag:aBuN2QGhxgnOXPC1NOoROQ==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:fAczfnHue47oHJm/8Hcu8iC+scxUQRNZlJWSCFnmtn8PzbOtPXGVLYaZJs3SRE0F7yYsOUZlHnEPaK5bFjCHioindbS0oimBfQ==,iv:F14TVM+UxXm0UbAgLmQpkI4v+jhQ84a4G8IuWRw1k/o=,tag:R+r0be31nLC0T6Isl9/sdA==,type:str]
#ENC[AES256_GCM,data:xccChTyxO80R,iv:tSxhbmVwhwD1IbXRNglS+WWMXfzUDaoJfCNqfKWqVko=,tag:XrFTahck6EKRf79NNeMRfg==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:LQAAYOKBVKRsVfwRJOr4jBCqnHKG60euQMngfuI82Dewwtnt4fKZ/iDg6otJIXwdMdiYI4ytr573GaAPyadt/UdDv+EqrLQ3qA==,iv:dD7djoiEBjrZCQCKkjzsVD+IK7T9sL02zxRG3b1uwQ8=,tag:sqJ0Q665aXVnPHWlTS0Rag==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQy8reUxHUm5leVk4dzhx
L0h2ZVVONnlEWlBXWlhKa082aXJGRlhIaUhZCkQxSFV3SHcyQjNCN3NyK3h0V1hN
SHVZYXJjenlPR2lrL1J0ZkpoTlQ3S1kKLS0tIEZPU2c4VHpzdEwzWTVTUk9OdDFI
em9JMjA0VFk3Q0NKSWt4YllkWHpYNWMKJxCl3tXFHSUfawt8pB21WLKvUWwTn+Jl
gz52soH0P/k7bg6Lx4gs5WywIIIOWnHg7p0BJS9BCmFWvXR442c2XQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaG1ZdERieVMzM2JjY3Zt
KzRTVCt6eVRsSmJXT3FKL0pSVHF0L25SSGlRCkg5bGVHcEhBam56bHdBcUZHRWF0
ODVkamc0RlJxNk5hRjMzTVRkYVNsam8KLS0tICsrTXdGMzZ2UmE1VmNyK3pwME1u
bHQzK1EvVEhvZFI5MjVxL0Q5UVZYdGsKJl2M3eOB0lRyu2VO1qDjW1pNJ9HhwAS6
g5yOa2fxLJn4bvmQAJYeNJ1Wi6sYaBvkbeOegjaKjW4ZvwhP5kWqRA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:50Z"
mac: ENC[AES256_GCM,data:pQDphBruG5s5trIOY1fvcCAnLDx+NcVJ6cEP48u92JRnM5cojYXbiFt6Mlq+bYLxkXb2PoKMBoohRbsNdYLRgz3BGAY//Kc5OHGWzi7r9t4/iuhcouZsV/6wHGnrJ0yECS2+LPkT+/JXnYv1ZJTpUR0TSmTvnCgJI6xpWt8HDSA=,iv:Oyn7UESWVDqh3kDFAX3opbC/XEYOa1s3wmGolc1uhTM=,tag:aasXTc9+bgLgCaLDNfbJGA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node3/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:9uBZv+GmpEqEbpE1E4szW3EPA6AJPUprWMQs2XwXq/VfrOfVG+Dz6PsAfPgOgii9KMPZb+358lfdhXbKF2cjflMw9Iz1wc2eU8vrbbU7toisLnuYBm2676wKzatQVbL0SHvlyScVIEwNphTJdIPJuMD0JrFMfDV7J/jdgwdpPRE=,iv:fk1YA7IXX/9/jU9jqAg4YrFZrprm9zoBw5avnKtvBnw=,tag:rfsCsir2C4UsUTgfvbRCVg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRm9wakd5Z2cwblM4a3c3\nVURGS3prTHJ5R1RzOGpXaXFOcFlNWGJCTGtjCmt3Q2M1Z0FaTGRscDlOamI2L2Yy\nQUlaNWJMcHdEVVIzMzdYVXdVZVpHd3MKLS0tIGlscllCSnJCS1JDNEVXWXhJVUNa\naFlPSU9lZnpPbFY3VkI3NkNtVlNTWHcKfRcjJroaUVDePl+mg22NndJfFciAuolg\nsOEaEZCH/cIJg0XTXfM18ZRUl4IuMmR3D2L4KAhzbfADNmC81mpMLw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeDBPMWZnRXRPbkRXQVpm\nL0pwWDE4blRuYUV6QVJyOHBITUJjU1ViR25rCjRJTmF0MDhjNEhFQVNHZ3M4QUJ4\nQ05DbTlVbjhMMDhTdGlZN01tRUxOZE0KLS0tIEExMXZTSzJjeEdqcHBNWjhGSFIx\nQmJaSHh4dHdUTjRmWUZIUFdmVkI3YncKvCunmgurC7YO0Y5FssulaJ/VDvuiR5Y+\nOxfMe34ilsF+k8bTBAuYLlDCl8uQ14cPiOLAhAw1vdFgs9o8cs9MUg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-20T06:03:27Z",
"mac": "ENC[AES256_GCM,data:sEMEYJDZhhza1HvtmQ9maK9gXgBNfNGDhvSySoz/GuiTrs2Hhae/YI+o6DvYHPDUoOJGVwLjHVhfoIYw9CvoCZNm8Gn3fUSeP372x2kRAjFJYJ56qovU5hz7H/m1Mm9CQ38PvnsWMgc+dB1q0h01g4x7/URfjJDlU+Rq4n3f6B4=,iv:v/P0xSTBjGrmhzeAiS0eaQ4Y7pls9xCKPq9gysLuINY=,tag:SsCPc1av/pGpZS5AqzJdxA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

32
devices/srv1/secrets/munge.key
View File

@@ -1,32 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c0lOZnZXY0ljWCs2aFoz\ncHVQNVJJK3loVEI1amIzYWU3YUJjbWtUa0I0CmJnaUhhT2pEeG1ySGxHOU1LMk5z\nak9RNkxXRkxBelVTYks1TXJuazNjRVEKLS0tIE9JbktPcGFvYWk2NWV1K2J1SXhT\nQVpubWhsUTJ4SWNXTFNvRjQ3aE1kUFEKeuatL0NX6KbvZL3hafjbNPeBFDFBxSOv\no6Jvm9s4/Lp5m6YRVcQyInAoycC+O7GYwfCKVbPNMAamOhDraIoE4w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOEFXV01sRXM5bTc2TGdE\nMWZraktqOUpTSWk0Vk1KNUdqNnVVNWptZkJJCktYMk5jL2ExTTMyY2NOUXdybUNi\nZ2hhTlBtaVZlZ3BDd0xBWTRoKzBJbmcKLS0tIEQyQlByNmtxdUFuQVZ6N3I3Rjdk\ndW1ldlIrZ0lxenZPMVNBcFJDMDM5QncK7p/F1Usnp2OQZ0Mp+cpQBY+ELu5n3UrD\nZN14dzPqnPpoC5nKOzGp7veg8ssH5VCX0xxI8ZJCihKwyJG/FP3pBQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeDhuTkJFclM3dS9wV3Nz\naFdrVS9KSENEMklhdVgxcFpEU2N2ZWVKL0VFCmFVSHhybW9YNU5HVHliL1VVcmNk\nWHpsQTFGMWYvc1loNGVGUm54K0VwYzAKLS0tIEhYOE9nMnk2OFl2dFZRWlNTVTZt\nM2VBaGpTMSs5bzJwMHdJREV5ZzVzbGsKu0al3a6aJ40GbcCH4tF0Va6XgNxXOZmM\n7HXqH6s25dqbKTa8iNpGeaJhjRBzkyLjq1uRtQ9X4vXg9RuRhNYPxQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaHJ6U0hlZGVkWHptby9T\nVk1ONHovUTZKZUFZaW9XZVVoRk9UVWMxUldRCkNacG5FelBQbVZCbWhvSkx2TFJi\nZmd1VXFRODZNWmlGT1hJcUszbTM1Y1kKLS0tIElXRzRsTldKbTV1ZlZLNUJhVWdn\ndnRTMnc0cHpKaC82Z05VYlJ3a3luTm8KNBEKH7yeyzSyCh5D6YYc3Oayie6xDWEl\nyJVZHVmk87fzDtmVSP07KbiWeGur9epHCEjA0et/76+RXObIQQ6XGQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-15T11:11:36Z",
"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

108
devices/srv2/default.nix
View File

@@ -1,108 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems.mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
nixpkgs.cuda.capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# A30
"8.0"
# 3090
"8.6"
# 4090
"8.9"
];
};
hardware.gpu.type = "nvidia";
services =
{
sshd = {};
slurm =
{
enable = true;
master = "srv2-node0";
node =
{
srv2-node0 =
{
name = "n0"; address = "192.168.178.1";
cpu = { sockets = 2; cores = 8; threads = 2; };
memoryGB = 80;
gpus = { "3090" = 1; "4090" = 1; };
};
srv2-node1 =
{
name = "n1"; address = "192.168.178.2";
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryGB = 240;
gpus."4090" = 1;
};
srv2-node2 =
{
name = "n2"; address = "192.168.178.3";
cpu = { sockets = 2; cores = 28; threads = 2; };
memoryGB = 496;
gpus.a30 = 2;
};
};
partitions =
{
all = [ "srv2-node0" "srv2-node1" "srv2-node2" ];
n0 = [ "srv2-node0" ];
n1 = [ "srv2-node1" ];
n2 = [ "srv2-node2" ];
};
defaultPartition = "all";
tui =
{
cpuQueues =
[
{ name = "n1"; mpiThreads = 8; openmpThreads = 5; memoryGB = 208; allocateCpus = 43; }
{ name = "n2"; mpiThreads = 8; openmpThreads = 6; memoryGB = 432; allocateCpus = 54; }
];
gpuQueues =
[
{ name = "all"; gpuIds = [ "3090" "4090" "a30" ]; }
{ name = "n0"; gpuIds = [ "3090" "4090" ]; }
{ name = "n1"; gpuIds = [ "4090" ]; }
{ name = "n2"; gpuIds = [ "a30" ]; }
];
};
timeLimit = "48:00:00";
};
xray.client.xray.serverName = "xserver2.vps9.chn.moe";
};
packages = { vasp = {}; lumerical = {}; };
user.users =
[
# 组内
"chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "qmx" "xly"
# 组外
"yxf" # 小芳同志
"hss" # 还没见到本人
"zzn" # 张宗南
"zqq" # 庄芹芹
"zgq" # 希望能接好班
"lly" # 这谁?
"ccy" # 陈超业
"twr" # 唐文睿,吴猛的学生
"lsp" # 李书平的不知道哪个学生要用
"stq" # 孙天骐
];
};
};
}

35
devices/srv2/node0/default.nix
View File

@@ -1,35 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.cluster.nodeType = "master";
system =
{
nixpkgs.march = "znver3";
network.settings =
{
static.enp58s0 = { ip = "192.168.178.1"; mask = 24; };
trust = [ "enp58s0" ];
masquerade = [ "enp58s0" ];
};
fileSystems =
{
swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
rollingRootfs.waitDevices = builtins.map (n: "/dev/disk/by-partlabel/srv2-node0-root${builtins.toString n}")
(builtins.genList (n: n + 2) 3);
};
kernel.patches = [ "btrfs" ];
};
services =
{
beesd."/".hashTableSizeMB = 10 * 128;
hpcstat = {};
sshd = { groupBanner = true; motd = true; };
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
};
};
services.hardware.bolt.enable = true;
};
}

31
devices/srv2/node0/secrets.yaml
View File

@@ -1,31 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
hpcstat:
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
tinc: ENC[AES256_GCM,data:9S3QK3lLT59GNhppHc1IoC7bN0mntbcQIZmVjtxOpQxzJDJQ63jBCfoupyfjmW3JCpWSWtelZ58VPeTOHZ6NXr2xJMitvqGAiJzsd9ZGYvlv6+OR2swXVyDMBhcQpU+1ui/5zEPFDWIxRMIoIJL3VO9la6gxHQY1st5p2REh3VpSu0R/b1ormlmSPyRtjCS4LlGpXF8FnHilE9wOLm6AhtGhq5nAHAwPCj/gVpDNI0Y+88shBbNTRG4ucXsEX3S/+IgDLElB7nE=,iv:nEa5NMxfi9rc194TMEldAw1E7Bw24qM5htVUerd1nNU=,tag:A8GB/LFeBNyAq7MfpSFaQw==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMmhpYzZ4eDJuWHlJMkZW
S2RZcXorSm1PeVdGdjBlekxuTTh2c0Z3OFI4CkU3K3FjdlhnMWpYRUI2Q0w4bFV1
bkQyOXVKdHlMRUJrMEdlTG1KMUREK2MKLS0tIEhhd1Zib3I5cW9ZODh1bmcrcTR2
SHdEbGcwaFhrMG83R213cjVzb25XUHcKcxYocTTMZw1V3o9pA1wAzmoHsMCmyMUh
Kk5PaZ9vF5IDL2H7f+OI1G6C1tJmgMWWbBh9xcSNv+qF/ydDuo4UIQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ0EyWGMxdEo1RUE3L3VU
ZVluRXlKcHRoOWI3bmRSbmNqcFlpUlZ5YjFnCmJQclRtdm5CYWxvY3VUSUxIaGRy
aElNUXAyYklnS2Z5SkVNR1JXRzg4RU0KLS0tIGVPQ2J0WjkwUWpoa2Z1WWNCTUJG
b3JKVnp1ZnRLcE9ocU9McVM3M3d4UjAKdu8xipFbNbIoYEcatUAUFe36CzP2E2HI
VSfPQWmRmb3/jF22b6Oy2B1DmDDvJ8T6+zUcp8J6C4Mln9oZj6dAZw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-27T06:32:42Z"
mac: ENC[AES256_GCM,data:x3Eod0i1X8/xee1DpHMzAqqEi4RruA+s1yrqOcH5xdWBZf3aosXGHvR/4+ev6enZ+HsuUOfN9dtfP5vMFSJXott+5tgXDL1hnk9x35dvMjRs1Q7VnOj20nWT/JUziz/2QgZQ5Y4Tfi3wq127GvITFn574LBKS76TqpLkSH+GUsQ=,iv:cxLYUKjJSJD6IigpmWZwcQNNolIYU9K0Go6WbewmJMU=,tag:lqC882yz/E4BvO4y9yz/yw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

21
devices/srv2/node1/default.nix
View File

@@ -1,21 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "skylake";
network.settings =
{ static.eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; }; trust = [ "eno2" ]; };
fileSystems.swap = [ "/nix/swap/swap" ];
};
services =
{
beesd."/" = {};
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
};
};
};
}

27
devices/srv2/node1/secrets.yaml
View File

@@ -1,27 +0,0 @@
tinc: ENC[AES256_GCM,data:0fOvjy/b+87HS+bcNENY3jfxcxMLcjeQh/hT5HIUG2aCiTLbsmlqXTR9j18ZwcKAAEbzzDSonpPmQv/kGeMyvk9B4Q0En8FSdBaW5y5HQVLf32KlSoq8+MBRPTQREcHHMDZ/tQw02aAdq0jvYpHnFIKiqOZFfGhKo2oS12wxlR33n+zwqwyBu5quN0ynbwG+BMZua9uJrlsfFe8ttu5BHzl5xdCTVzmJ7vV7H1K7lJBwlDF62Rn6zsQV2uGaUew1ScephX/KC40=,iv:eA6YLGY+d4BldBAsqFsrrUiTY3Xa7eJ687C3gS7ofG0=,tag:40QXjFYc0ht7/OuIPDo1Wg==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:i87JKtJD5CEcGioPILKgJKyDpBX/o56XFBwD8WCBfpoevt6F,iv:KMtg7KqO5q+SYossPyE7tF74vZ3yg8v3u+Q8F63hvxw=,tag:10VBfnyAfB5NkdL9GAX66g==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTzUvZG5PRzNzZGxTZkhm
N0hDdlp5S1p4aXFFUEc1d2RoUnVEOER0R0Q4CmpSTjFVa1FDQTYramRuS1k1WUFl
VlBCVFBleU4wZXA2ZFo1aEplMDl0Y2sKLS0tIEdmcnlNWnZtL2NhVU91S1ZaK3NY
b2R0MHI3aDNvUEc0TVRqM3BjOGRrSHMKD2SxfcKoxeuzF0spG3qt/q4D07JKK54o
+lgLCs+0A2cCHebxbeFPSRpd0kK1fY9O8yUmMPB8Y690mQPaNXOSQA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMzZXdjhISm1ITGdKeFNn
eHBrVDJXVzk5a2gxT1NDYVFEKzZHSGFONEZ3CkFtekZUQ3BPQkpTUVZNVUJnSGZZ
dFhKaENwd2xIdTF2aExNcHloTnVlK2sKLS0tIGZOcXpEL0ZVZ3BWeVhNVnRKb1U3
ZU40ZzNDU29HeGtMMVhELzBGMXZZVFkK16e15tjwN12BYnGutnGBWIs2KBCkOJww
wdgC+3aRnGjfb0Z8Htf8qUCW5omixcbaCmMoGmGsnkx1Agfr56qQ3w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:16:19Z"
mac: ENC[AES256_GCM,data:SvvHb6EPAkt96DprqDSTKIFwshSm2rxGtFmpB+q4l9ZUu1uCCVJM1Gnxaogxiwf1CAk3+I0908/vRp9rwALcyZdM47VJq4MST2FFmEYXn1109jrQCW1EgkXnMBJwP8ywe2JLlyRpPXcGJfC/HPuKMpyxts9EEk6TnEsdrEQFbwE=,iv:mb7ZqFuaq8xee2k9nw7zdW05puOuIdsTq7alkn5V6Ts=,tag:6ZsbryE20u4OEtUMVD5dDA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

21
devices/srv2/node2/default.nix
View File

@@ -1,21 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "icelake-server";
network.settings =
{ static.eno8303 = { ip = "192.168.178.3"; mask = 24; gateway = "192.168.178.1"; }; trust = [ "eno8303" ]; };
fileSystems.swap = [ "/nix/swap/swap" ];
};
services =
{
beesd."/" = {};
lumericalLicenseManager.macAddress = "b4:e9:b8:fc:9a:f9";
};
};
};
}

27
devices/srv2/node2/secrets.yaml
View File

@@ -1,27 +0,0 @@
tinc: ENC[AES256_GCM,data:zz2sNzrCiqUvyccyhG7hzpF3E8RMdWWdIW98j4Kw8rSGZEKtSkCX/YDibTRSOIuSn/hX7P9FqKgoOgKhqQcuh2gsRjaZSbccMhc3NqOXujL5y586PD9xCk2bUXDXzmRiHx8oiB1rOO86KQovfevl0yGtfpDmkuqt14OXNXvrVoCA4ChfUVwy0Yw53JlQrXl9ZndRvP6pHN4esv9UmUxrA8b//hFyJHPzSKiIfX6NGx+htH0P5UUSxKomYNqCrrtJG9RoXSgo2Go=,iv:jy4qmcl5QDaA6ub7/vHQpgiWIFj4tw0IKxGeg40W/E0=,tag:g6+jb5fInKukYWvIekyDxw==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:jPo7ixnm8KnAfdC3b02qGrts7/0nc0Ahizj0EkFa15b5zr0F,iv:S41TMqOH5mqhF36B/ouMfCjim364LeeGbDnwQYiP4Po=,tag:aoC9JOZjtbduEMFijvDprA==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcEVHTVJPT3NtZGdPZDl0
Ui95UlU3djhwYnNuRVI2OTA1WDI4aHFGTUFjCmxGWFZWUnltbCtWbzlVUVJxVjFh
RFRGaHlzUkVHT3VoRWlUOFhNNW96ZUEKLS0tIDgrYkRDMEw5WnF3TEF1bWRYaWQ3
bWN4ZFRTcEJ4dWFObzk3ME1vRlBpOGMKnZZJT6NiUEIHemSxd1ppqTxnHRRCiO7J
r4smy21Et/E63WE6fvfzEltXb6Wlj+/ZUEMHUhyB6nmUa4udtTwQmg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SmdEYkJneTlNY05hSVVP
VDlhSGpWVzBMUVVNMWMvSDhqdWNjcE92clNnCmlJd3pMTFVZQ1pwazFWK1EwUlJU
NWs0bE5raEpiNjRCVkRzZTRTb1M5YmcKLS0tIHd1Y0JuTVBlWlF3OER1d2F4YmVS
bkk0ZWpobXh5dnFteTVVamxGT1RUblkKLU7cgLazHAzsstKjMW2GvwXkfNOtPzx8
QKIIM0rOXYUsDUQozrxRu2SChCJ/zkAxeLm6rvD1JYVMcUfuswCRlQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:16:36Z"
mac: ENC[AES256_GCM,data:0T9DXFvsCdDibpxBVX/GIkziEf9vR6Aic1+vIZFVPUkWCBa4/X7u7NF6Aeul/oIGy8WEH6EwyvijkFiHi4gzCoqetdHGDLeYXkBxarpSgUlcvcVbgd3EHsLJ2nclK7VAgrAu9NJpuXbiLGDl3IJyuW9qK2tzc1/ZfJHglpgyEh8=,iv:90D1aDIy8pI2MzeaZ+OwmKB4r7O2O1sibg4z7gAz6rE=,tag:mjaIC40oW5JWdlUvq0Ea7w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

27
devices/srv2/secrets/munge.key
View File

@@ -1,27 +0,0 @@
{
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWam9aNkYxcEpURHI4N1lr\nOWFrUFA1a0hTUWNJM0FOMGNqT1h3d1dzRmlJCm9lOHBWRlRqY09DTW5oSmZtREtv\nUVI3aSsyWXczYmdRTG5VRWdCVFd4WEUKLS0tIGNjYmJDOVZKTjlENzFGVDJVMCtT\nWUsrRUpsM3dvQ3NkZnordnJ6djF6N1EKF53Up6zSFot6i2B+UO3H9NeFeyVA/R+X\naH9SuT+9Wox1lxDLhG/+S28tE4IyXZgbo+12sreQ3TkGslfxTwXTUA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUW1uTUpHT0dOOHIwVTQw\nU0pzUng1RGhPNXcvMU5xMlZpMTFUaTMvNEdrCjA2MEt0aGVYcEhwRm9LMFU1eFc1\nT3RVOVBvSEcrM2hCMVFQTlFCeE4zRzQKLS0tIFhKT0VOVVgwQ3VCUld4dUc0ZXB6\ncUJDQXZWbXpoQWNQTFM5TGM4VEhUajAKMab/tG8ol/s/LjT/g6q9tmL6GOkMdh5C\n9rbkUo4YhLx8ZnDGfD+kfvyr4E23E0Y5uOs4G/VFesiJwDziWchX2A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDblAwYkhXd2xJaEJQYzVx\nWmZjRXhxN1F1cDAvcTFGSW54UWs4a09yaWdrCm9iZ1NPTmN0ejJvQyt2UWhaY1BV\nUDhZWHNuWUNvVGZ4eGVNS1lnOHlnNE0KLS0tIE9OWGVRMUNObUt2alFnTmh1eEVH\nNzg3ODkzNmRYYndIK2xXR0pUWTB6Z2MKj3b0sJI7y/QhvBjQbAg6gpBFszuGUuvq\neBsTeiuXJdyZru54qOJ3k6DGAnsS8lIYptwpi2jC24ebwG3QSpGjzg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTzgwUXpjM3Z1c1VvdlNL\ndTdGdDlIcCtMVHJZeGs5ZUo4L2VNMUxFakNzCloyYUFLSDFHSjVhUzRoZWlPVFdS\nMWI5eXdMdGw1d3ZwcFNiNUZkSmxuZ2sKLS0tIHdsK1oxOUVMbUNxZ0toZlRsN1N6\nMUxNeTF0L0lRc3BnUExob0ZlaExVb0kKW7zPqfYAw8/RsGNpVBFhnObjfgqgxdkC\nEVQQYduAz+FkIdsN5/rrleyacbpCrEQcSTVTXpwLopoL/ukY1i0p/A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-09T07:59:38Z",
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

33
devices/vps4/default.nix
View File

@@ -1,33 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
initrd.sshd = {};
};
services =
{
sshd = {};
fail2ban = {};
xray.server.serverName = "xserver2.vps4.chn.moe";
};
};
};
}

25
devices/vps4/secrets.yaml
View File

@@ -1,25 +0,0 @@
tinc: ENC[AES256_GCM,data:MO+GKj5Ma1weblDjViBXUR5JS8fKoc5XQp6jVimhgip1MiulkUTgJ0Z+ecazAdBh9WnaI65SnLMXLMzk5wiJfblE5KJ+UlSvn7TXKvFPoWw9WXsU96to7D+IZNAYRXj6eMJ6g9j/u01Q348s5F9RE30C9jtk2mwM1n8yyAP/BuwcyyVZK6jOwtE5zsZyinGzLTCyD8pZqhVQ63qdrNMAdvNowl38cVm5pKYsiZiU9r8fzQJXS+5R65rJPxNKJ9CYBI3ca8OGJbY=,iv:bJgHF4CFagARNXFvkNFznzyUit6LsO75RiDTxZGsmr0=,tag:zDX6N6tDoooRUmovhgKsZw==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:46:11Z"
mac: ENC[AES256_GCM,data:yRB5Y6raz1eCV/gOoJapJfmtXOEafgu4NyIbUVuyOvwV8XJtMQ3mihvlbi1ETdmNLqo8okiU4I1C/Pbgd2rOuW2E8Ymmcf9WSak+z46+YcXXTjKvYn1XRetae9l9hbB9ib6uBI0FlkhXflpf83yTibSF9codVhRsfRzTHfWPx+A=,iv:U0S5bV5ntwj38TOXc4C1yp6eFnHLxogjQw7hrFqjGLM=,tag:48vY9CStBQLnSHxK/eV+2A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

86
devices/vps6/default.nix
View File

@@ -12,20 +12,32 @@ inputs:
{
btrfs =
{
"/dev/disk/by-uuid/0067ef91-06f7-416e-88cb-4880ce04afa4"."/boot" = "/boot";
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
initrd.sshd = {};
networking = {};
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
};
services =
{
snapper.enable = true;
sshd = {};
xray.server = {};
xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 22; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
@@ -33,66 +45,52 @@ inputs:
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
"xservernas.chn.moe" = { upstream = "tinc0.nas.chn.moe:443"; proxyProtocol = false; };
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; })
[ "xn--s8w913fdga" "matrix" ]))
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.pc.chn.moe"; })
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.pc.chn.moe"; })
[ "xn--qbtm095lrg0bfka60z" ]));
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "api" "git" "grafana" "peertube"
]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; })
[
"misskey"
]));
applications =
{
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
main = {};
main.enable = true;
nekomia.enable = true;
blog = {};
sticker = {};
tgapi = {};
short = {};
};
};
coturn = {};
httpua = {};
mirism = {};
mirism.enable = true;
fail2ban = {};
beesd."/" = {};
coredns.interface = "ens18";
headscale = {};
missgram = {};
wireguard =
{
enable = true;
peers = [ "pc" "nas" "one" "vps7" "xmupc1" "xmupc2" "pi3b" "srv1-node0" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";
lighthouse = true;
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
};
};
networking.nftables.tables.forward =
specialisation.generic.configuration =
{
family = "inet";
content =
let
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.srv2-node0";
pc = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.pc";
in
''
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
tcp dport 7012 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${pc}:22
}
chain output {
type nat hook output priority dstnat; policy accept;
# gid nginx
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
tcp dport 7011 fib daddr type local \
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
tcp dport 7012 fib daddr type local \
counter meta mark set meta mark | 4 dnat ip to ${pc}:22
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname tinc0 meta mark & 4 == 4 counter masquerade
}
'';
nixos.system.nixpkgs.march = inputs.lib.mkForce null;
system.nixos.tags = [ "generic" ];
};
};
}

83
devices/vps6/secrets.yaml
View File

@@ -1,15 +1,77 @@
acme:
token: ENC[AES256_GCM,data:lJc2A1Q5vxWQsSchA5pvXSYW+DjBCkdSbWVD7+Py+lG/6nGUmEAHVw==,iv:ZcysHsiLQzD/7vMn1wTCE5lw7/IgkH3oLem5xCjnf7Q=,tag:7EC+S79HRCG/Q+bqVcGVDw==,type:str]
frp:
token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str]
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
#ENC[AES256_GCM,data:93BxR0AEdQ==,iv:rf69GWpuxYt7fu1Fyv55pynuQDhi+TA5CwZK3cc3yBo=,tag:/hLy6atNMxLw6G3/qgMM4g==,type:comment]
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
#ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
user8: ENC[AES256_GCM,data:H1gPtqF8vryD0rVH7HYzpMuZ3lufOBYczKwaTr4PidQtTyQK,iv:wh7NwFc/1ogNrnTTpm5L9dBqDVkvWiIsJZelR2mtR4Q=,tag:oEFdMFZJ9UYhsSVdefJ4rg==,type:str]
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
user9: ENC[AES256_GCM,data:HVK9KvGfOcwn1joc3VrkjBjE6hrxQPOBD5RTtQUgBPepToh6,iv:VK9aQ64L/GajpledBxC8PNB1BdNYEqwcdL3GKttgxvs=,tag:O/piztCYBARtAFxTMNXGaA==,type:str]
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
user10: ENC[AES256_GCM,data:xjVkr/wy7OxRuNZKfQagfNxdVxTEyQP1ZhnR6jHy2gjBQ0RD,iv:G6iOBCHOqlvfEENY/ega/TUm81wgT2OOdZKZ6bPfg9o=,tag:p8AMa3bGsIl0hWQ09lSzgA==,type:str]
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
user11: ENC[AES256_GCM,data:BIZ2zRgGv5/9AexiZZvu+m4A62YUWtAkjWWMu89GteqpWMBq,iv:13IJcDf18LjoxJk7uoKnuFZT6Ihxrxsy7DBaAaiFqus=,tag:RN7wj+uPneCkqNlMRyYrXw==,type:str]
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str]
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
user13: ENC[AES256_GCM,data:ExbnvWDIBqga5+k2mpoT8AKBOXAvUNMjBTPXUKrmtWzz4l+L,iv:UI7CvSx2FHYGf6BEHS4e3iwHZZWkl2Zt5xg2WdKbLvY=,tag:ad0c7YW2Bxo+Dn+BoSZ0Ng==,type:str]
#ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
user14: ENC[AES256_GCM,data:dgNPPlJD5JOFPbKhlvlRHBLmUNKeDm/JAiawUVpBE7H07Box,iv:w+t9BkqYvlxVKr+x0MwtBz0/YSR/7z1OnZLIoPdW4gc=,tag:CR3GLbaO0jSQgA2HuwzRqg==,type:str]
#ENC[AES256_GCM,data:X80nhW5a/JQ1IQ==,iv:2UTsNLLDr4uBAEcPyvmep1fqH43JLUiHc/zqQWChfDk=,tag:DJEArs1nVnlcJgqM2uy17A==,type:comment]
user15: ENC[AES256_GCM,data:6AskiMLLl0HV6tm2rYpV46XW0jePQy+wme2oi3M7He7WsgVM,iv:lGfnFn69Vnjv5J3rp5sRazD5/B+8Nk8MNG7HIyf4HKA=,tag:Vbg82tdn3noOfhKVVx0Phg==,type:str]
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
user16: ENC[AES256_GCM,data:fo6KJXlPDn7+FmxjEJQo9d79rDYemLFx6LanYZcJpKJR7Gxq,iv:yEUKPNZ9idrSqyVO9fhksP/7bjPMT/LzNK2VSq503/c=,tag:M87D44SIo9JzDB3ZyKu7fA==,type:str]
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
user17: ENC[AES256_GCM,data:gQInIcNFxJuCSsMDGq4yTp5JdMMmJRy1tY3PGLoLuuIXWV0a,iv:ya4n9Z7T9/bxeHqi5QqwJprEzDMsT6X0BuEXRS67wWk=,tag:RcjQfAHv8uc3PgN5c4bySA==,type:str]
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
user18: ENC[AES256_GCM,data:dssxPEv8srXydunolaaDAYYo+BOXhp2PoqidOWH3z6NYBpyB,iv:WCLcMMwQJiHZBwreQpaOZp2saXvjBwgYUqSf7HQhMgA=,tag:5jsAVcgAgO+7JhBINz6tzQ==,type:str]
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
user19: ENC[AES256_GCM,data:+Mh15DR9xvFAwks86iuHEA9FpObKWTSuVOEzUDpBUS/h0hOz,iv:zYIkic2bibvwCBpomnJ9465mda1rbm3RERBZY9twXuc=,tag:bwdL6DAGgkGYhYFI2C4A+A==,type:str]
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
nginx:
#ENC[AES256_GCM,data:85LrqdTMIhSa,iv:mIQPYz8VPd5AxeMCQEdTGMD0Iqa5QEAa5+8JVFaj3JM=,tag:TcZd7S3WRPpEV9lHI1fzbw==,type:comment]
#ENC[AES256_GCM,data:rVTLpe3uIQ5LArPnEY8N8kjtHq8kZddbqR+nyUaia72Y7PWEfHzy6wgx3Q==,iv:AZEufH3zfVL0XbUh3CQZGYcx6zIMFV4tF+jHf73IplU=,tag:B/UbtQh5dGrctNih2uoO8w==,type:comment]
#ENC[AES256_GCM,data:InzwjKl3R4SJSXTz5u1Pt0kf2HYEtKfSkJO0cbPhhXADNp2/Tn0nwQJFy9EzpMvK9mw8+l5LadbY0tIwmTVvV5yxUQo78HcgXWInfp/zJ+GG1L/RQOHck74lEA==,iv:UBMRYPd0loOQBs3mNyndiKPu72aRA8HbOKWDfUWPQg8=,tag:t/ONqdwpWcbo/2vy5TOjlA==,type:comment]
#ENC[AES256_GCM,data:HTinhnsAbVujUOuLIVT/CkvdtTN9Nk7wZKZ5SyrPC+vZ/cB9E10FffMYLQ==,iv:Clby9A7MIUSknNFkzKuWEDL0yUW/ctd6KShCIEYrDZA=,tag:CJKORoXrspDjRmaSHUnlqw==,type:comment]
#ENC[AES256_GCM,data:cwAb68VgebTwCCeAFUbOG0CUAuggfRnLNv9NWldJN+E9NY4WKxs12Nz7yX/vtelcqqJ2TOUL78uAR88Nzavv7VtCTZRivWjRG6GvAUyRdv8lAZo=,iv:PScTSTCuVnsoZlvyTVL+ZgqqEm4m2/fUqWzPwE+PvuY=,tag:1jeRsHqgMheXbcnhRicsnw==,type:comment]
#ENC[AES256_GCM,data:V5XRrTvyeezkcJqw1/BhhZz5K/egpl+PtNwjAGELjWRp7IqDfRsInxBKEg==,iv:LdOTkL22HvaNbiUi6hG8o0ownfZ22OKFGxCuGPqG8xU=,tag:/06I/mLzBlgS489iuwFTuw==,type:comment]
#ENC[AES256_GCM,data:i9PXzaO1od7HimP/6vxYfh30SxFbdXRDcnXujH3VrvngFcWaVcXgigncp3cboi6RoERSZ6yakxviVyEBIS4v0qRfombj2UtJg8N3Kg==,iv:aohIMhAYfZhlGDrcEvi+Qc16nF8ZgrPUGhWj/7nl8Fs=,tag:o70qsk/2cAbZgbVBwfl3Ew==,type:comment]
maxmind-license: ENC[AES256_GCM,data:sESU6uK9EYLido9/0sXO2Zw1SjuKmxPh4r3giJcaG7068gn1kByjsA==,iv:htnFgnLrH35zSvmlRAdoRDLFIpKroKO5dW9TNK9soUc=,tag:6pJuc54SrKP5n0kJJ7fGyA==,type:str]
send:
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
coturn:
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
tinc: ENC[AES256_GCM,data:E3OrPA67R48x5FJUW0ZbERlclz8Z/XokAaGTeBQLPEHSeqEArHYSZkdJRZejFrBruJPlGZMPNBQzlIBXOfXKwMnlBDaGJIIJHIzPDGG9W7QF4IIRK/BjVZHFwfKvZtbUDGsqLcCSe5+ttmyucBaFGquXhnD/Tu09uyWtRvS10KAJLY0Z2/16CFB1+8egJIcYw2TFXObo+KR92Va0qwiDSepKaJtYLimDGRKk04QGj+BYa5y8PjIG6bz8UG82mmCiV7XM3EPlSMA=,iv:kawsklNGFbRhxKuUwvNL2WyBxuYu2T/uks1cJ4i8NhA=,tag:V+jAaxQX7JCiR5+wIVW4Nw==,type:str]
postgresql:
headscale: ENC[AES256_GCM,data:z2cyyT1TcIhNJCBeGn072aFI2nAioWZQvpyzoky4tWtMymKlw4ilOtSYAsp+kaNOoqvWSmoAQNJLNzeDk1iTCQ==,iv:hZdS/CAVBO0k/AmX3qw3YwTYgK49Aeu5QI3YCAduiZ0=,tag:2l4GPV/T2GHjAAUDX3LaEA==,type:str]
missgram: ENC[AES256_GCM,data:zUY6397ThfeHDD8/Msy3mWnTjXCkEhpgsUwcjXnhIiNET1J14hIojCbwUpdCtGTFF+RQOtaS9aGSp8ctQeWIwg==,iv:0+WeCoMFQFhnzjSfvz0ZnqK6FIn1QBHr9fB+tjBNSDk=,tag:Bf5krX2hxIPlkdiAXppSqA==,type:str]
missgram:
secret: ENC[AES256_GCM,data:qsxJue8mGAJejSxOoPd4MXD06upnk0fxUM5EKPBs/WI=,iv:HaHj/vJkIERUQ0Lr93s9kaApNWPjDcpLu2897qmCjqA=,tag:u73jUDd6pGKk1yir/oF4hQ==,type:str]
telegramBotToken: ENC[AES256_GCM,data:kNGhj1SjyK1H8NJmJLi90cpGtWmmGpFEFFT/JkDX4QqxbOC6BfFIMgzVsZ5GVQ==,iv:sccRmCs8HBAvi9mDAaz8OjxqXLAVXepJHaj7RrUt6kI=,tag:RuK3EdRMVhS9pVDw50lW6A==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:4DKPPqQkjb33rQzFIz863A2arDRQA9AivWFBaWTf0xXDX4hWvJFiIlJQfvE=,iv:0R2TH3CMxHgwVjojzjE2Gnp8SXonmBDLWF7hB33NiX0=,tag:vgtV8JkuCdspleN/SvgIqQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:LskBPmXZk3hRZ2bChXZjmRzzGd2A2GKrUZMknCDXTpTzOdP/RDibRvgI75HLWg==,iv:9lJKuGLD5HuQinWvvAvwWFAvEJofUGkJsxKNpqZrGmI=,tag:pTmTOlsYIY6Uqd69AtrnBA==,type:str]
chat: ENC[AES256_GCM,data:0ehCIvd7sBFc,iv:OwdiIoPrt/e1YgsCrYcqqMYhsJuEtKW2pSKNVxahMV4=,tag:ig2CfQxwzv2ppIutU6371w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -29,7 +91,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-28T09:13:01Z"
mac: ENC[AES256_GCM,data:rVjqBfoA/DUgb1Yqc3FzeMBPWJniAYKYcbLauh5flpKYfcTp01lr/pTbyB5BLEHZLOYwMf2PNjfG8zPDKv2z1cjYwoYEj9bur4N6pagR/NFuAoEvgOjm0YlrTVkskRmLxaqxYB749y4wWS04MvJhfPON4hWMdoYguPBmCpZMKqc=,iv:4ZVGsLKQNxqKmpaDcIpA21rAe51TKVR8diN5/d7SOQg=,tag:pIw/tqw+211V/0xK9M3hvg==,type:str]
lastmodified: "2024-12-14T12:02:33Z"
mac: ENC[AES256_GCM,data:2iQLMkj/qg+TQodFXqCaSOhj1G2NGGr1ZEDewDm/6H2zteppgEw4vRls5GPUrxTQnC22NHKqih7REWa0Xv7L4eALkxrVYqWkPVcxvlt1RauW8XrW1JJhhLj+E/52AKqOxGd1CviuyyQS2M2cZzk1t3gNDpSZ8YdmhjYPUHk2SCA=,iv:imFhB5A4LZYhE3NqIbQazMqBzEtdv/c6r7DcY9yJqKE=,tag:eRTl/1vbmI3YsLLEyFyIAg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.9.1

77
devices/vps7/default.nix Normal file
View File

@@ -0,0 +1,77 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
initrd.sshd = {};
networking = {};
};
services =
{
snapper.enable = true;
sshd = {};
rsshub.enable = true;
misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe";
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
photoprism.enable = true;
nextcloud = {};
freshrss.enable = true;
send = {};
huginn.enable = true;
fz-new-order = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana.enable = true;
fail2ban = {};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
listenIp = "144.126.144.62";
};
xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
docker = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
};
};
specialisation.generic.configuration =
{
nixos.system.nixpkgs.march = inputs.lib.mkForce null;
system.nixos.tags = [ "generic" ];
};
};
}

134
devices/vps7/secrets.yaml Normal file
View File

@@ -0,0 +1,134 @@
acme:
token: ENC[AES256_GCM,data:D5D9Voteggfoc7Hj/xdhGEHmFIkG2H0Y0t2AfSY7hjRlsQhUoAzCRg==,iv:JLUjY/6DJrNsG0YZ0WD/Dmjgjsbx26VANAQvZnyj6l4=,tag:WBQv8AvPW5+XK8FAzppnNw==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
led: ENC[AES256_GCM,data:Owax7cyp,iv:NCEKyicVCYZNgxJzlO90heUmwPjfXbZEcyXX09XQKI4=,tag:WMTCVMVCD9sJgAhRUsqvYg==,type:str]
maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
youtube-client-id: ENC[AES256_GCM,data:dPo4+HsfXHdxrgF9F0qJmOGcSHDCn2KIkHx3ZYZU94iv8ImiPI9dTRfoz0zq8UIN7rwIKidQu9GxCRrg9aXk34pc35SXzEh8JQ==,iv:ROVHb0QjVsNae9eJevG6qc5dc4gkrGt+Y7S2QYrzmQ4=,tag:Advoh75OKPC7CnIeL4GFbA==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:c/ALpo/4qJdccMgYiSLg9ZgG7ddaMYxHwJYZ/ogJN2ED21k=,iv:CkrIq+Vpuq28CsRNwdKRLnBq6L8NF37y4xhhnmHQHqQ=,tag:SKtHpm/QZWnGViDtSKlUUQ==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
mail:
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:9MDq0eXLHjJ8Cd2d1iogS1lnjI0A2+0ZK8OtLKRLqT16BVzQQJyhbkAYwkn1+9ppfrazsHFGrk7DVsA7PWjdmA==,iv:SOjwZIyzkMK9Q1fGkmBSr6nSIarNe/WeD91GPJRuZjg=,tag:1GljmXdK80NKTPSg6xJz0A==,type:str]
registration: ENC[AES256_GCM,data:MmRJ3el59XaTwFImuCsiAm2zXeGhgvyUyw9AIv7FvxR4N3YWnHKALcQJtG52N4bmLXU=,iv:vm2R7XGzGET0eTcD2trl3xD2I09NzYmx5NPIY4KK4xM=,tag:exm8/ehPufeqtp6j61ap0Q==,type:str]
macaroon: ENC[AES256_GCM,data:2/8GuF/a+ocVtLN0PU17JDvXw/RoXX/CXFHPlI9THl5bY8lBm6tEawijnOKVoFLovfU=,iv:GPAr3ZjqLf9ixevsZoQgs4cPkv0VL4WJoFfQZOdThlw=,tag:HRt/igDEfUJ3K39mG7b9Fg==,type:str]
form: ENC[AES256_GCM,data:Z9cYL9ibRWmOhAYtB269n0cWZSvL4zGgc03ZRag0m8cz2j0god/Fn/w6kx3cyGK1C70=,iv:Yst6WSV63IvbMF5nnicIoBj77eSwVMnAHtHrKo2UcDk=,tag:4qf6F2rdctcCf4J9vECvYg==,type:str]
signing-key: ENC[AES256_GCM,data:BbPJiNcVTqMAL2XG3K3CIbsb8EM4r8ct/WxPK10FHRwAnqChKy3CAviYU9gewO/tNZXHvUYUAUbPww==,iv:IZB/40EE3DIxAqagdH/a4kcSmiec5l24XLCQKCQNaRo=,tag:/1t0WAPBYmYrPTx4V4wgkw==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:MwZKkYMefshuk46Cne4wn9ooFH8RCDbrxp+MbLJWli9iPHuzJJzUuQNU9EDL0aNbzyYEMt/7DErw42z6KrpGww==,iv:u/SVVTgfJO2FakiYU+uLHXjA4tHU/W6ASsR3S31+pWs=,tag:VTeKNOKwm2bsiZAOVXeBOQ==,type:str]
registration: ENC[AES256_GCM,data:+pA61vTg12lYUyXjLrHSY7y/ExfTQffLlGUI4HBOSFFPTck7bu68FrCaHOIBTtEMfjU=,iv:Ex/phkBZxglG8HiRz+m7h2HNanpq2Pxwbm08vdM3xFc=,tag:mM3YEa70FnCeYIUthK4TeA==,type:str]
macaroon: ENC[AES256_GCM,data:/+RaayKiPPpVV7OWWdaSkSSRHMjb8d58lZcpvltN9cYkN1btvMViEgdLSlfqzRRlPUE=,iv:pg9GXgNsrVWKlUAiCKZ2pYXugRH6MsBIMpHKoYWYLik=,tag:/mj5Ak7XAX/FH7sNPEVALw==,type:str]
form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:yFDD8GHjZWHN/Yh53DseevKAhDVwrHX60e8sGZnF4BUsUuPA/4S2PRzj7CtlpFzUH3kb0i+HkLKRvbchg93U3as=,iv:JGG7daEKs0oMKTNVi9GS7PrXn/8rFtVkHknACsEQR+g=,tag:RSN6fojLsI4dcuPu2eTiWA==,type:comment]
admin_token: ENC[AES256_GCM,data:OpjREmxJSRj+aGVoP8KKRE7ClNqRtaV8va4WLVmpl1AO6D0q/GapJvhORHQb5s5ZjIAgvWTz1w+fh050Q9sPwRsNUke3FIcyeNy7k0PHgnnVIdxnU1Vn9KMz/SovjQ0/qEQ7tArvW/EXtKfwnP9lsz9m94VBvA==,iv:9AvDqMa2PeQOSrP2th3YBgA2RxPl3oKZTyUzi/yjRTM=,tag:HYFTQDgWvBsHQk8IZxWkfw==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str]
huginn: ENC[AES256_GCM,data:1Tdg1WDwGgFSXdChgif8knWS24BIFYnmaiSjJXxs5uj/v/5fJ1alb4K4XHW/kFRjQbuAOFfJiJ9ogJ1KAyk17A==,iv:qLMaQpVaKrjP7g2lWzhaNLghxwiV4YJmyYY1hrpu5I8=,tag:566JCENvOxgwD7tM3aQBiw==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:1rglLrLtRf3yXQwfHDMZLewk8ueIbMFOC+1mtoAyLKnDmcQAoEQZ1vHw/hpKkFXJQ+QyX3sP8eUjRXuBEIVl3A==,iv:lfEGPEw9ybSdOYLDdaGCLXKgCvgRxn3k9eIy2DJHDYU=,tag:j4qRexbEAgK5HAGhr/wxfA==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:XGcgfuRozJ/xowtmFPSW,iv:yZ9LTuVE8dGyrtE3vxLA2jLErvmt67XC0jefl1njiOM=,tag:J5d+oGFWhfXEFwVOnsJ2iA==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:+m2AabRzUiCFy3MAKTB8d1IE05WHTcmZ,iv:ccdIPHl9N+bvPR/QCwZUwZOfWTeW6gWhhBjOpL85JRg=,tag:Ir2085K04XUGkAuoCG+7VQ==,type:str]
fz-new-order:
token: ENC[AES256_GCM,data:qhwWRflJbW1QMOhiPfbTIrEdQJyVtfZ1QycCgstdKD1Nh40=,iv:GvZ8MJig64l34jkvuJbMMjyNaPT5yz0/pFCc6KEPTvA=,tag:cMXo/6F9thl8k2iAhT507Q==,type:str]
uids:
#ENC[AES256_GCM,data:O3DOE3jFCg==,iv:9shUoHCLXsJPKHELlyWdreouEcyOqhsfVI2KaqwC4CU=,tag:tYKVv+/DuesSijZwWGdrig==,type:comment]
user0: ENC[AES256_GCM,data:2sieulGmi7mCYrJH24djrrmHArrFbOHZ9wUuKvY4f2k=,iv:lb5ODFOeQQ+D9HZnMw48n/DGRB7L51U4frBVcPx1mvk=,tag:MwZua6u+G478uGOwtGu4fQ==,type:str]
#ENC[AES256_GCM,data:yeA9zF8Tug==,iv:VZuWLZnt1RBmkBWudKVvgJkYfqxIj/umEHVCfR6IG3k=,tag:1kj7HyjVT59n05VYJ1uP+w==,type:comment]
user1: ENC[AES256_GCM,data:Aw0ydspmf+PXKU27Pdzn4q/nY4sxXCADL1WGB7vm3eo=,iv:uTmVvGlW1HfdvoNbupSw3GyShsWTGVCoNrvVJ5BPUy0=,tag:k9KIoCWM6bSprwR8dmN+Hg==,type:str]
#ENC[AES256_GCM,data:4G7DyLVVgQ==,iv:Ht/exln1QtL2BxjCaOTIXHRPDiSFYP4zIa7VaeMCuhE=,tag:btVLXf+WS/YgzRFbVFoAfQ==,type:comment]
user2: ENC[AES256_GCM,data:P5gmhaQ+VOWVOjTrsx34zUS8dsqIkzCwOImIE8TIfUc=,iv:IoJIUcNJmaBTyr0Ut6R7BN/UqyK8p4HtiwbXUl171pE=,tag:k99PGSL1cEALTmFVWH1uSg==,type:str]
#ENC[AES256_GCM,data:TGrZBuCRgQ==,iv:9IOJ3Bkw9udS/y93TTtZ9o79aDq3Bb+DMEogJG77iqA=,tag:S/XcPX1f89IyfZnMoR9s/A==,type:comment]
user3: ENC[AES256_GCM,data:cAzf2X20rtQYyz1rLK6b4jo8utuUOdUHVYfCWdfPTDY=,iv:L5cg7aNdfnLTH2dKl4bWCqaujJ9tIvBJrJIoDIaBLwk=,tag:9Al6Wig4lz1my6hgozSsIA==,type:str]
#ENC[AES256_GCM,data:b4iJ73sUoQ==,iv:A2hmi7lCR15E5jVR8E71GQuHgF4TdjDuQadXOtBon6k=,tag:eopTJdjN16u7PtpZdhKymQ==,type:comment]
user4: ENC[AES256_GCM,data:nUJ0lPuFOUVGCtq0IRSh5dAkAna7hoow1YOtFEgSoZc=,iv:D8phoZxdbQ2/Zaeq8498eRb0a7SZD5WnVdKv+u2pBak=,tag:Obu01n34JjyAVnF0f3uKzg==,type:str]
config0:
username: ENC[AES256_GCM,data:p8+q8u1A,iv:9s52kS5yLB4vQuGVXNtA4amZqT3eHTTybsbsQZRiFnk=,tag:7SA4SEzMHpP9H/rwoE+UJQ==,type:str]
password: ENC[AES256_GCM,data:58+gFodT,iv:ohZlT1BwnzCYv84xHgFsLRkiPMpE8lB8QVHwr0QtDWc=,tag:XF047RnXs6IbKsTnsm0D6g==,type:str]
comment: ENC[AES256_GCM,data:T4XcbF1c,iv:hHdsMjU8rzPiduhT05v98pgDqxRW/Km5zmXCEZaT2AI=,tag:LWvwIEfbW2IuDELr4fEXKg==,type:str]
config1:
username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
grafana:
secret: ENC[AES256_GCM,data:QYhopqGcHGr+24qYlfaTdMtnyzmIZYG4PcvS9KYqC24W3M+HmloCkPHh7Y3ZTVg8MnrDGOcbA9YPLdY7eh/u4g==,iv:dh7egVIem2bgDbmWJ1sqH9fLdIYbAIQjnjNvyuEjVq0=,tag:DbIRVHbCcpKGcNc6sDTasA==,type:str]
chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:TS+toaJRgAvC78XVwTciXe2IG8++vaqXVCi/u/8Aej6qq1B9Cb6f20cp5K0=,iv:T/NkLvcYiWzIDG3jWtuhe/sH2GT4z5f0xdUGbSL901I=,tag:qN7YokFBj3Kbbx4ijHTRnw==,type:str]
telegram:
token: ENC[AES256_GCM,data:Mr6KrAzYoDXA+dPT3oXqK2wm9ahTjZ5GVE/iRPsmcM+S2MABT+8ramyHz9oIFw==,iv:nIZ8rpSxz2GwMbDQFfG3xauMQjiriZ1oxFMrEQeH7sQ=,tag:y5U1T1vV/mmdE/CeaeTR8g==,type:str]
chat: ENC[AES256_GCM,data:8w/0EI64a1dC,iv:dHu9JHcUY7QPd9YBKXnrRXQB2K6jpnLrSFs+1IJmkio=,tag:3ucN3uNnBxxRF+cbLsa1nQ==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:aAZS,iv:Z+iJG7yC6HJeNdKCCpsZSc9Ny7kAt6GYfXUtZozMb4A=,tag:iMfwjqqmLvu5a8YpF7a0zQ==,type:comment]
user0: ENC[AES256_GCM,data:Q8MFrN/3SRgzSlwTx2GmpP/gvG1vpYiVgjsESzUoomsJaigP,iv:oLsf7AX3FE0tFOkJAbqrZVrCa6UxKjp450Sl1rs2Vs0=,tag:5w+AX0p4Or1GAQsEU3NxOQ==,type:str]
#ENC[AES256_GCM,data:j3zVwqHmag==,iv:8+ol60wNlbV2RzMBe47VxIrZuec8aXDUNcQvHcxKuiA=,tag:1AgCMfZf9vzWiWDS6hkw2Q==,type:comment]
user1: ENC[AES256_GCM,data:ucCiL7uoSafFUP9IiwKOjJqgwNxNLmuHxYXsLYl0fBgbCT3F,iv:RbNPwvSWibODQqySRc+YW65nUvRwaeXT0eDh02sfrwM=,tag:iE7GGrkBxljBT9HdPzDOfA==,type:str]
#ENC[AES256_GCM,data:x7dwVDe22M8=,iv:+fT7VUxZGd8SgS0PnEBqHLPLDuywu4s01iWB6TA/BKQ=,tag:CxfP7xSd4L9RBulSfViHaQ==,type:comment]
user2: ENC[AES256_GCM,data:e6PbRg30dzOJSXNmU6TML4AaFsSWEvZwN7MHAEX6fEW2p3hW,iv:Y+YYAO6hY9e/T8LSCr34M7riGmSzFIocmWwAwWjnZQs=,tag:LTkdGcRyrx7HqvbSYSsv4A==,type:str]
#ENC[AES256_GCM,data:j83rYg==,iv:3oEdAoVz7aMcezcy2chTO0LQTtKpTrJJoQZx3PC03BU=,tag:ABteEIyr2Y6MbGQhmrQySQ==,type:comment]
user3: ENC[AES256_GCM,data:Uk0Ax9FVzmmYs+ggWy7z6FEkuj2tppGlvnQdoW6PDI1VA9oI,iv:wSxigXleRUalQR1/TzKfdUVrdyEUuq+Wg42gSv1QMAI=,tag:qn6nBWv6MlGhMarCfI13BA==,type:str]
private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb0FWUkoxeWZ4K1lOb2k5
cUZXQktjSTY3djFZOEJyL1dWd0dmWHV4Y3dzClMvSWNiNk9YSzFoRmhQSG9wb1NG
ejRUeStyKy9qYWFwWHJraXFWREdhZFkKLS0tIExMb3VCWm13ZkJ3UXcrM3IrRGQv
ZjhMWlAyRUpUYkVjb2lidHZPNkg4SUEKctTzocxhVXJ56sHH4BO6QkS5Rn9k/y2U
IrZHT9b3nyyyZxhctOArjBXohwt1asNeAe7qsTypTtAMgKTRwggX9Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Vi8vRTFFTW5tNW9OdnNQ
MEpxeXY5MnRzTE9GUkRLMVl1cTRBcU1FSmhnCkdmY3RCcy9oS2lZOVJ0Ni9RL041
UWo0TkxMblRqSkZoaDVYZm9xRFBCeDgKLS0tIEFVVkl0bUdoN3FVcThVRHpmVEJk
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-13T03:06:27Z"
mac: ENC[AES256_GCM,data:aIgKGuyrNWt2etXCtqHXxXwLSTkGhX3wk9NcHXv4u/rkZ3wUz8iJv24whMIN+ZFhQmNV1TLuPncd/O6bYra1YmG0FXSyBkgfQdVbCAR7ys1yXpdz00zcC7zMqm3CeNui89DZH27P5z6cDtNG4Z/dLz6lpln/ummYcdcb+/7KbZQ=,iv:Gl8turVRflUOB3PWqLfwU4JPoy0k9zLKir4CKB9628s=,tag:aJ8PDOfn/XBeklIlSkC2vg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

39
devices/vps9/default.nix
View File

@@ -1,39 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-partlabel/vps9-boot"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
};
grub.installDevice = "/dev/disk/by-path/pci-0000:06:0a.0";
nixpkgs.march = "znver3";
initrd.sshd = {};
};
services =
{
sshd = {};
fail2ban = {};
xray.server.serverName = "xserver2.vps9.chn.moe";
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; })
[
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
"nextcloud" "freshrss" "huginn" "api" "webdav"
]);
};
};
};
}

25
devices/vps9/secrets.yaml
View File

@@ -1,25 +0,0 @@
tinc: ENC[AES256_GCM,data:8XXuOm+sb8Pda3Aiwhv9jdX6Alxy+UUbG1+ZnvM5nIJa8K4RXjSAWv9DEVh2SDpqee1uzhf2IMOBCYzicubb/BPA0vQ90SCC607B/pYb4dFuBiir/4ma5JdIliJmt9yP8qfFZKXYPsocArYoC+IUiwnxNCVjz+Pv+OwYSKJBeSlkwnRr2MAWY/KGeKEcoDrPcRohHvG9f+bcqFuTW40UdMOJNhKM2jKJh0aKcWYJOXGjAdy+41vCvWXH2FIanx0/Zt9qsPb2A8s=,iv:AmNHeAIN8DyzpXdpyM65bzpc4/6egGE7ggjBt04MpkY=,tag:Wl9/b/msR1M/EtnIhws1AQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSDRKMEc0WkR6OHQ1YU5D
cFlOeHd3RHVvYVp1NUsyR2dmaEdXUmRLdWdFCjBBcnRDZUdMNTd2WDdOeWdWZDVV
cGljYlcveEFUWHFlRHNQY3liVlRKcmMKLS0tIEVIalhmamtlSEZNQVNjWUM2R1dH
YWVEN1F3MWVLR1NQeFdHZTZGeTZLWjAKSIgVt9oXe9xuJjPGcemmg/Dj6YCJyTvf
5IxdvzGExdX4J93evZC8Zae0WqtCcmveCftyzt+hfCL1A2NHLfxARA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRUJQWDM1Wk9uZ0lITnU1
Tm1iUkY1VGlsc2lsV2pFQ0ZqVTQ2aUY1eVFzClpYSytyK2dGSHJUdmtiWGovbWkz
UEFFZlhMMzIrTDc1dHExYmRuYndmTmsKLS0tIERUSjJXN1IwVUFjWTFnOUhQZ2Fu
VUFBcEpmTDRaWGg2eVZGS0tDdVp0K3cK25bDJaKLhjBUjkJWBNskR0XVOML+3dTl
04hKjDrs2TMBB5G9k6pBqqLZhoofxb1UOhlYNXlLE20HSuVntWjCNw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:45:25Z"
mac: ENC[AES256_GCM,data:5X0wV19ir/HvL3bcKv1b+Uw3lt33WpOWZxw3Lcbb1pY4FS2wfKimoFgKtPGM3Xj6cTtfNqw/b/ts5D4scgXH8f2lnYX6Dfk9mtGDQXYZWOJmpLZW5l6EVXZB4Dkc7LJzU0sQ9OwWUFpB746sDZFiwLUWvlgeKeHknJ70p+Psv7I=,iv:cEDWeQPkCuscvthUPJjFu8TD5LqRaJ5MrGG7VdSLfH8=,tag:6gdgy5hkogRBZi/n+slRYw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

12
devices/wlin.xmuhpc/.bash_profile Normal file
View File

@@ -0,0 +1,12 @@
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATH

43
devices/wlin.xmuhpc/.bashrc Normal file
View File

@@ -0,0 +1,43 @@
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
export PATH=$PATH:/data/gpfs01/wlin/bin
# User specific aliases and functions
export PATH=/data/gpfs01/wlin/bin/vaspkit.1.4.1/bin:${PATH}
#export PATH=~/bin:/data/gpfs01/wlin/opt/mpich_ifort/bin:$PATH
#export LD_LIBRARY_PATH=/data/gpfs01/wlin/opt/mpich_ifort/lib:$LD_LIBRARY_PATH
#export PATH=~/bin:/data/gpfs01/wlin/opt/mpich/bin:$PATH
#export LD_LIBRARY_PATH=/data/gpfs01/wlin/opt/mpich/lib:$LD_LIBRARY_PATH
export P4_RSHCOMMAND=ssh
shopt -s cdspell
export HISTCONTROL=ignoredups
#shopt -s histappend
PROMPT_COMMAND='history -a'
export C3_RSH="ssh -x"
export OMP_NUM_THREADS=1
export MKL_NUM_THREADS=1
alias grep='grep --color'
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S `whoami`@${USER_IP}: "
export HISTFILESIZE=1000000
export PROMPT_COMMAND="history -a; history -r; $PROMPT_COMMAND"
shopt -s histappend
# Auto add env parameter $PROMPT_COMMAND when use non-Linux tty login by ssh.
if [ "$SSH_CONNECTION" != '' -a "$TERM" != 'linux' ]; then
declare -a HOSTIP
HOSTIP=`echo $SSH_CONNECTION |awk '{print $3}'`
export PROMPT_COMMAND='echo -ne "\033]0;${USER}@$HOSTIP:[${HOSTNAME%%.*}]:${PWD/#$HOME/~} \007"'
fi
ulimit -s unlimited
export PYTHONPATH=/data/gpfs01/wlin/bin/VaspBandUnfolding-master:${PYTHONPATH}
# vsts, see https://theory.cm.utexas.edu/vtsttools/scripts.html
export PATH=$PATH:/data/gpfs01/wlin/yjj/vtstscripts-1022
export PERL5LIB=/data/gpfs01/wlin/yjj/vtstscripts-1022

9
devices/wlin/bsub.nix
View File

@@ -1,9 +0,0 @@
{
normal = [ 4 4 20 ];
normal_1day = [ 4 7 28 ];
normal_1week = [ 4 7 28 ];
normal_2week = [ 6 8 48 ];
normal_1day_new = [ 4 6 24 ];
ocean_530_1day = [ 4 6 24 ];
ocean6226R_1day = [ 4 8 32 ];
}

25
devices/wlin/default.nix
View File

@@ -1,25 +0,0 @@
# sudo nix build --store 'local?store=/data/gpfs01/wlin/.nix/store&state=/data/gpfs01/wlin/.nix/state&log=/data/gpfs01/wlin/.nix/log' .#wlin
# sudo nix-store --store 'local?store=/data/gpfs01/wlin/.nix/store&state=/data/gpfs01/wlin/.nix/state&log=/data/gpfs01/wlin/.nix/log' -qR ./result | grep -Fxv -f <(ssh wlin find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/wlin/.nix/store&state=/data/gpfs01/wlin/.nix/state&log=/data/gpfs01/wlin/.nix/log' --export | pv > wlin.nar
# cat wlin.nar | nix-store --import
{ inputs, localLib }:
let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = "haswell"; nixRoot = "/data/gpfs01/wlin/.nix"; nixos = false; };
});
python = pkgs.python3.withPackages (ps: with ps; [ phonopy ]);
chn-bsub = pkgs.localPackages.chn-bsub.override
(prev: { bsubConfig = builtins.toFile "bsub.yaml" (builtins.toJSON (import ./bsub.nix)); });
wlin = pkgs.symlinkJoin
{
name = "wlin";
paths = with pkgs;
[
gnuplot localPackages.vaspkit pv python localPackages.vasp.intel chn-bsub hwloc
lsd glibc glibc.bin
];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs chn-bsub; archive = pkgs.closureInfo { rootPaths = [ wlin.drvPath ]; }; };
};
in wlin

3
devices/wlin/files/.bash_profile
View File

@@ -1,3 +0,0 @@
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

10
devices/wlin/files/.bashrc
View File

@@ -1,10 +0,0 @@
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
if [ -z "${BASHRC_SOURCED-}" ]; then
export PATH=$HOME/.nix/state/gcroots/current/bin:$HOME/bin:$PATH
ulimit -s unlimited
export HISTFILESIZE=1000000
export BASHRC_SOURCED=1
fi

2
devices/wlin/files/.config/nix/nix.conf
View File

@@ -1,2 +0,0 @@
store = local?store=/data/gpfs01/wlin/.nix/store&state=/data/gpfs01/wlin/.nix/state&log=/data/gpfs01/wlin/.nix/log
experimental-features = flakes nix-command

13
devices/xmuhk/README.md
View File

@@ -1,13 +0,0 @@
# install nix
1. Build nix using `nix build github:NixOS/nixpkgs/nixos-24.11#nixStatic`, upload, create symlink `nix-store` `nix-build` etc. pointing to it.
2. Upload `.config/nix/nix.conf`.
# install or update packages
1. On nixos, make sure `/public/home/xmuhk/.nix` is mounted correctly.
2. Build using `sudo nix build --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' .#xmuhk` .
3. Diff store using `sudo nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' -qR ./result | grep -Fxv -f <(ssh xmuhk find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' --export | xz -T0 | pv > xmuhk.nar.xz` .
4. Upload `xmuhk.nar.xz` to hpc.
5. On hpc, `pv xmuhk.nar.xz | xz -d | nix-store --import` .
6. Create gcroot using `nix build /xxx-xmuhk -o .nix/state/gcroots/current`, where `/xxx-xmuhk` is the last path printed by `nix-store --import` .

70
devices/xmuhk/default.nix
View File

@@ -1,70 +0,0 @@
{ inputs, localLib }:
let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; nixRoot = "/public/home/xmuhk/.nix"; nixos = false; };
});
lumericalLicenseManager =
let
ip = "${pkgs.iproute2}/bin/ip";
awk = "${pkgs.gawk}/bin/awk";
sed = "${pkgs.gnused}/bin/sed";
chmod = "${pkgs.coreutils}/bin/chmod";
sing = "/public/software/singularity/singularity-3.8.3/bin/singularity";
in pkgs.writeShellScriptBin "lumericalLicenseManager"
''
echo "Cleaning up..."
${sing} instance stop lumericalLicenseManager || true
[ -d /tmp/lumerical ] && chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical || true
mkdir -p /tmp/lumerical
while true; do
if ! ss -tan | grep -q ".*TIME-WAIT .*:1084 "; then break; fi
sleep 10
done
echo "Extracting image..."
${sing} build --sandbox /tmp/lumerical/lumericalLicenseManager \
${inputs.self.src.lumerical.licenseManager.sifImageFile}
mkdir /tmp/lumerical/lumericalLicenseManager/public
echo 'Searching for en* interface...'
iface=$(${ip} -o link show | ${awk} -F': ' '/^[0-9]+: en/ {print $2; exit}')
if [ -n "$iface" ]; then
echo "Found interface: $iface"
echo 'Extracting MAC address...'
mac=$(${ip} link show "$iface" | ${awk} '/link\/ether/ {print $2}' | ${sed} 's/://g')
echo "Extracted MAC address: $mac"
else
echo "No interface starting with 'en' found." >&2
exit 1
fi
echo 'Creating license file...'
${sed} -i "s|xxxxxxxxxxxxx|$mac|" \
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
${sed} -i 's|2022.1231|2035.1231|g' \
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
echo "Starting license manager..."
${sing} instance start --writable /tmp/lumerical/lumericalLicenseManager lumericalLicenseManager
${sing} exec instance://lumericalLicenseManager /bin/sh -c \
"pushd /home/ansys_inc/shared_files/licensing; (./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"
cleanup() {
echo "Stopping license manager..."
${sing} instance stop lumericalLicenseManager
chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical
}
trap cleanup SIGINT SIGTERM SIGHUP EXIT
tail -f /dev/null
'';
xmuhk = pkgs.symlinkJoin
{
name = "xmuhk";
paths = (with pkgs; [ hello btop htop iotop pv localPackages.lumerical.lumerical.cmd ])
++ [ lumericalLicenseManager ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs; archive = pkgs.closureInfo { rootPaths = [ xmuhk.drvPath ]; }; };
};
in xmuhk

2
devices/xmuhk/files/.config/nix/nix.conf
View File

@@ -1,2 +0,0 @@
store = local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log
experimental-features = flakes nix-command

298
devices/xmupc1/README.md Normal file
View File

@@ -0,0 +1,298 @@
# 硬件
* CPU16 核 32 线程。
* 内存96 G。
* 显卡:
* 409024 G 显存。
* 309024 G 显存。
* P5000: 16 G 显存。
* 硬盘2 T。
# 队列系统SLURM
## 基本概念
SLURM 是一个用来对任务排队的系统,轮到某个任务时,再调用其它程序来执行这个任务。
## 常用命令
我做了一个 TUI 界面,用起来比较简单,大多情况下可以满足需求。命令为:
```bash
sbatch-tui
```
```bash
sbatch
```
如果需要在提交任务时指定更详细的细节,或者要编写脚本批量提交任务,则在 `sbatch` 后面加上参数,这时是直接调用来自 SLURM 的 `sbatch` 命令。
常用的参数见下文。更详细的内容见 SLURM 的官方文档。
提交一个 VASP GPU 任务的例子:
```bash
sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" --output=output.txt vasp-nvidia
```
* `--gpus` 指定使用GPU 的情况:
* 要占用任意一个 GPU排到这个任务时哪个空闲就使用哪个`--gpus=1`。要占用任意两个就写 `--gpus=2`,以此类推。
但一般来说,**单个任务不要占用超过一个 GPU**,多个显卡的速度会比单个更慢。
* 要指定具体使用哪个 GPU 时,写 `--gpus=4090:1`。2080 Ti 需要写为 `2080_ti`P5000 需要写为 `p5000`
* 当需要使用多个不同类型的显卡(例如,指定使用一个 3090 和一个 4090`--gres=gpu:3090:1,gpu:4090:1`
* `--ntasks-per-gpu=1` 对于 VASP 来说一定要写。
* `--job-name=xxx` 指定任务的名字。可以简写为 `-J`。也可以不指定。
* 默认情况下,一个 task 会搭配分配一个 CPU 核(一个线程),一般已经够用。如果一定要修改,用 `--cpus-per-task`
* `vasp-nvidia` 指调用 std 版本,要使用 gam 或 ncl 版本时,写为例如 `vasp-nvidia-gam`
提交一个 VASP CPU 任务的例子:
```bash
sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great job" --output=output.txt vasp-intel
```
* `--ntasks=4 --cpus-per-task=4` 指定使用占用多少核。
* CPU 的调度是个非常复杂的问题,而且 slurm 和 Intel MPI 之间的兼容性也不算好,因此**推荐照抄下面的设置**。
也可以自己测试一下怎样分配更好,但不要随意地设置。不同的设置会成倍地影响性能。
* 对于 xmupc1`--ntasks=3 --cpus-per-task=4`
* 对于 xmupc2`--ntasks=4 --cpus-per-task=10`
* `--hint=nomultithread` 记得写。
* `--job-name=xxx` 指定任务的名字。可以简写为 `-J`。也可以不指定。
* `vasp-intel` 指调用 std 版本,要使用 gam 或 ncl 版本时,写为例如 `vasp-intel-gam`
要把其它程序提交到队列里,也是类似的写法。请自行举一反三。
要列出已经提交(包括已经完成、取消、失败)的任务:
```bash
squeue -t all -l
```
取消一个任务:
```bash
# 按任务的 id 取消
scancel 114514
# 按任务的名字取消
scancel -n my_great_job
# 取消一个用户的所有任务
scancel -u chn
```
要将自己已经提交的一个任务优先级提到最高(相应降低其它任务的优先级,使得总体来说不影响别人的任务):
```bash
scontrol top 114514
sudo scontrol update JobId=3337 Nice=-2147483645
```
要显示一个任务的详细信息(不包括服务器重启之前算过的任务):
```bash
scontrol show job 114514
```
要显示一个任务的详细信息(包括服务器重启之前算过的任务):
```bash
sacct --units M --format=ALL -j 114514 | bat -S
```
## `sbatch` 的更多参数
```bash
# 提交一个新任务,但是礼让后面的任务(推迟到指定时间再开始排队)
--begin=16:00 --begin=now+1hour
# 指定工作目录
--chdir=/path/to/your/workdir
# 指定备注
--comment="my great job"
# 指定任务的 ddl算不完就杀掉
--deadline=now+1hour
# 标准错误输出写到别的文件里
--error=error.log
# 将一些环境变量传递给任务(=ALL是默认行为
--export=ALL,MY_ENV_VAR=my_value
# 不传递现在的环境变量
--export=NONE
# 打开一个文件作为标准输入
--input=
# 发生一些事件(任务完成等)时发邮件
--mail-type=NONE,BEGIN,END,FAIL,REQUEUE,ALL --mail-user=chn@chn.moe
# 要求分配内存(不会真的限制内存使用,只是在分配资源时会考虑)
--mem=20G --mem-per-cpu --mem-per-gpu
# 输出文件是否覆盖
--open-mode={append|truncate}
# 指定输出文件
-o, --output=<filename_pattern>
# 不排队,直接跑(超额分配)
-s, --oversubscribe
# 包裹一个二进制程序
--wrap=
# 设置为最低优先级
--nice=10000
```
# 支持的连接协议
## SSH
ssh 就是 putty winscp 之类的工具使用的那个协议。
* 地址xmupc1.chn.moe
* 端口6007
* 用户名:自己名字的拼音首字母
* 可以用密码登陆,也可以用证书登陆。
从一台服务器登陆到其它服务器,只需要使用 `ssh`` 命令:
```bash
ssh jykang
ssh xmupc1
ssh xmupc2
ssh user@host
```
直接从另外一台服务器下载文件,可以使用 `rsync` 命令:
```bash
rsync -avzP jykang:/path/to/remote/directory_or_file /path/to/local/directory
```
将另外一个服务器的某个目录挂载到这个服务器,可以使用 `sshfs` 命令:
```bash
sshfs jykang:/path/to/remote/directory /path/to/local/directory
```
用完之后记得卸载(不卸载也不会有什么后果,只是怕之后忘记了以为这是本地的目录,以及如果网络不稳定的话,运行在这里的软件可能会卡住):
```bash
umount /path/to/local/directory
```
如果不喜欢敲命令来挂载/卸载远程目录,也可以 RDP 登陆后用 dolphin。
## RDP
就是 windows 那个远程桌面。
* 地址xmupc1.chn.moe
* 用户名:自己名字的拼音首字母
* 密码和 ssh 一样(使用同样的验证机制)。
RDP 暂时没有硬件加速(主要是毛玻璃之类的特效会有点卡)。
记得在连接时点击“显示选项”将“体验”中的连接速度改为“LAN10 Mbps 或更高)”,不然会很卡。
## samba
samba 就是 windows 共享文件夹的那个协议。
* 地址:因为懒得管理暂时禁用。
在 windows 上,可以直接在资源管理器中输入 `\\xmupc1.chn.moe` 访问。
也可以将它作为一个网络驱动器添加(地址同样是 `\\xmupc1.chn.moe`)。
# 计算软件
## VASP
VASP 有很多很多个版本,具体来说:
* VASP 可以用不同的编译器编译。目前安装的有nvidia、intel。nvidia 使用 GPU 计算intel 能用 CPU 计算。其它版本性能不佳,没有安装。
* VASP 的 std/gam/ncl 版本有一点区别,一般用 std只有一个 gamma 点的时候用 gam 会快一点,系统中存在方向不平行的磁矩时必须用 ncl。
* 无论哪个版本,都集成了下面这些补丁:
* HDF5用于生成 hdf5 格式的输出文件。
* wannier90我也不知道干啥的随手加上的。
* OPTCELL如果存在一个 `OPTCELL` 文件VASP 会据此决定弛豫时仅优化哪几个晶胞参数。
* MPI shared memory用来减小内存占用。
* VTST tools用来计算 neb。
如何提交 VASP 到队列系统已经在上面介绍过了。下面的例子是,如果要直接运行一个任务的写法:
```bash
vasp-nvidia-env mpirun -np 1 -x CUDA_DEVICE_ORDER=PCI_BUS_ID -x CUDA_VISIBLE_DEVICES=0 -x OMP_NUM_THREADS=4 vasp-std
vasp-intel-env mpirun -n 2 -genv OMP_NUM_THREADS=4 vasp-std
```
其中 `CUDA_VISIBLE_DEVICES` 用于指定用哪几个显卡计算(多个显卡用逗号分隔)。
要查看显卡的编号,可以用 `CUDA_DEVICE_ORDER=PCI_BUS_ID vasp-nvidia-env nvaccelinfo` 命令。
这里 `vasp-xxx-env` 命令的作用是,进入一个安装了对应版本的 VASP 的环境,实际上和 VASP 关系不大;
后面的 `mpirun xxx` 才是真的调用 VASP。
所以实际上你也可以在这个环境里做别的事情,例如执行上面的 `nvaccelinfo` 命令。
要使用 VTST tools 里带的脚本,需要在命令前加上 `vtstscripts` 。例如:
```bash
vtstscripts dist.pl POSCAR.init POSCAR.final
```
## mumax
问龚斌,我没用过。
## lammps
除了我应该没人用,就不写了。
## quantum espresso
我也只用过一次。大规模用到了再说吧。
# 其它软件
我自己电脑上有的软件,服务器都有装,用于科研的比如 VESTA 什么的。可以自己去菜单里翻一翻。
## 操作系统
操作系统是 NixOS是一个相对来说比较小众的系统。
它是一个所谓“函数式”的系统。
也就说,理想情况下,系统的状态(包括装了什么软件、每个软件和服务的设置等等)是由一组配置文件唯一决定的(这组配置文件放在 `/etc/nixos` 中)。
要修改系统的状态(新增软件、修改设置等等),只需要修改这组配置文件,然后要求系统应用这组配置文件就可以了,
系统会自动计算出应该怎么做(增加、删除、修改哪些文件,重启哪些服务等等)。
这样设计有许多好处,例如可以方便地回滚到之前任意一个时刻的状态(方便在调试时试错);
一份配置文件可以描述多台机器的系统,在一台上调试好后在其它机器上直接部署;
以及适合抄或者引用别人写好的配置文件。
以上都是对于管理员来说的好处。对于用户来说的好处不是太多,但是也有一些。
举个例子,如果用户需要使用一个没有安装的软件(例如 `phonopy`,当然实际上这个已经装了),只需要在要执行的命令前加一个逗号:
```bash
, phonopy --dim 2 2 2
```
系统就会帮你下载所有的依赖,并在一个隔离的环境中运行这个命令(不会影响这之后系统的状态)。
还有一个命令可能也有用,叫 `try`。
它会在当前的文件系统上添加一个 overlay之后执行的命令对文件的修改只会发生在这个 overlay 上;
命令执行完成后,它会告诉你哪些文件发生了改变,然后可以选择实际应用这些改变还是丢弃这些改变。
例如:
```bash
try phonopy --dim 2 2 2
```
这个命令和 NixOS 无关,只是突然想起来了。
## 文件系统
文件系统是 BtrFS。它的好处有
* 同样的内容只占用一份空间;以及内容会被压缩存储(在读取时自动解压)。这样大致可以节省一半左右的空间。
例如现在 xll 目录里放了 213 G 文件,但只占用了 137 G 空间。
* 每小时自动备份,放置在 `/nix/persistent/.snapshots` 中,大致上会保留最近一周的备份。如果你误删了什么文件,可以去里面找回。
## ZSH
所谓 “shell” 就是将敲击的一行行命令转换成操作系统能理解的系统调用C 语言的函数)的那个东西,也就是负责解释敲进去的命令的意思的那个程序。
大多情况下默认的 shell 是 bash但我装的服务器上用 zsh。
zsh 几乎完全兼容 bash 的语法,除此以外有一些顺手的功能:
* 如果忘记了曾经输入过的一个命令,输入其中的几个连续的字母或者单词(不一定是开头的几个字母),然后按 `` 键,就会自动在历史命令中依次搜索。
例如我输入 `install` 按几下 `` 键,就可以找到 `sudo nixos-rebuild boot --flake . --install-bootloader --option substituters https://nix-store.chn.moe` 这个东西。
* 如果从头开始输入一个曾经输入过的命令,会用浅灰色提示这个命令。要直接补全全部命令,按 `` 键。要补全一个单词,按 `Ctrl` + `` 键。
* 常用的命令,以及常用命令的常用选项,按几下 `tab` 键,会自动补全或者弹出提示。

103
devices/xmupc1/default.nix Normal file
View File

@@ -0,0 +1,103 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount =
{
# TODO: reparition
vfat."/dev/disk/by-uuid/467C-02E3" = "/boot";
btrfs =
{
"/dev/disk/by-uuid/2f9060bc-09b5-4348-ad0f-3a43a91d158b"."/nix" = "/nix";
"/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
};
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
nix.remote.slave.enable = true;
};
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
virtualization.kvmHost = { enable = true; gui = true; };
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.enable = true;
smartd.enable = true;
beesd.instances =
{
root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 512; };
};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.6";
};
slurm =
{
enable = true;
master = "xmupc1";
node.xmupc1 =
{
name = "xmupc1"; address = "127.0.0.1";
cpu = { cores = 16; threads = 2; };
memoryMB = 94208;
gpus = { "p5000" = 1; "3090" = 1; "4090" = 1; };
};
partitions.localhost = [ "xmupc1" ];
tui = { cpuQueues = [{ mpiThreads = 3; openmpThreads = 4; }]; gpuIds = [ "p5000" "3090" "4090" ]; };
};
xrdp = { enable = true; hostname = [ "xmupc1.chn.moe" ]; };
samba =
{
enable = true;
hostsAllowed = "";
shares = { home.path = "/home"; root.path = "/"; };
};
groupshare = {};
hpcstat = {};
docker = {};
};
bugs = [ "xmunet" "amdpstate" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" ];
};
services.hardware.bolt.enable = true;
};
}

61
devices/xmupc1/secrets/default.yaml Normal file
View File

@@ -0,0 +1,61 @@
acme:
token: ENC[AES256_GCM,data:KKMdZgzciiM+n0Hdsb8vivjmCw6SiqJMbEAmvFwFQgvS9zpCNSyh+g==,iv:GbNJrVLmFudVzgoLdf+j8JsEPRvrQhBu3+2585grReQ=,tag:3tNL+2hoz2R9aOz0TUTjVQ==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:/7R7w+fiMw54Cmd7y/wT/s8RMqFMf3Fc0Mph0ZhURmCzowkmLEhtmw==,iv:i+Z+2NbssI864Edwf73SQfaeFuWoqr+U8eQ/8R23FOk=,tag:8ITlkS97vlsmHM1HDk6/3A==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:4PM/d263HgBseIgRplgo5ahJ8u8HuPznXt2hW5O+VawS6WjP,iv:98Ymj4eiCGQPMcaHBI9zJAaRagm82mF0LY2c9bzA+/s=,tag:8imXq/hxAxS5XKy0uWIBPw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:Azaqung7llErB7/IdnOnEkwjQ39yQHKcO7VgvMDCDTExM7nS0zx+yMYX4ls=,iv:FX8oLHMBVEnKkYOg8q2A9vFmtRZDws5T87+lEl7+2G8=,tag:DdOQUbNKB6JK7Tp6McQ0Og==,type:str]
users:
#ENC[AES256_GCM,data:1RG/IM/UrLCk,iv:LY2QCBN0gYwuhVwS/WIrjt4MEHhjPPQG+cjTZJhU6Zc=,tag:AEL+smmitSqW+D70K74LbQ==,type:comment]
xll: ENC[AES256_GCM,data:YauaeGHDVAnMXp9hSz4r4jNsioF79Q+WplfsYGpl4g5FxoakhfjRlnfzrLmMO3mWEIBOmDqeShbDEulyV5O47CIBGaMUUHe+Gg==,iv:RNwRfghJBb0PO4A/T5d5J1U0NsXdygXlWq/FfF8MO4U=,tag:BOh666TYGbCCHcgB/uBhTw==,type:str]
#ENC[AES256_GCM,data:zxOQcoOzJNBK,iv:YJQB8lV+nhwm5XYMpDIyt0IDHBlHTiHO8cpgXkXe/dQ=,tag:re5ekGkYRewPdxv83mtLUQ==,type:comment]
zem: ENC[AES256_GCM,data:bIxVN4T3Gh3aSa1gylkPmW3/uT5xQAlruC+L3zk0Tc3KvwBCQA5DpxXU8ZxjeK0P0xGi02U7gFWgm+yxp6otdCsUEmWed4EHHw==,iv:vpKpY0nRUwuI5mCcYTOD3zN/E21wHl4ZbRDUPoFmdhQ=,tag:m5WTzCgOTC7oqU4yfV9gkQ==,type:str]
#ENC[AES256_GCM,data:ZnMFN0WzjKDd,iv:t1YHrNoHOohYsdBOqoV6OtfS5ig6CTS8jW5mKy0oSQA=,tag:WkgrH1ZXcbHruxJY/hVsmg==,type:comment]
yjq: ENC[AES256_GCM,data:ua0DINHutjt2Pk+SfHRQRV99mT3Cnw6rRKO8VRIAlP0dY6QhK9wkNdyRYWYRBKVrWgyFQMGNFYAxIpymjF/X7mBOVI2sOHLgkw==,iv:PUZ6S0KICuqoSA2sDLxdL4gtAOQnQXOUY+5f3qDZgpc=,tag:f39P34vAUOrV23BsKkRarA==,type:str]
#ENC[AES256_GCM,data:6qNjSdjck4Vz,iv:c/GNqCNgRgwgL+2f6Vumtjb/ub9WCBSy8R02NRCDqk8=,tag:b/tucJsHTjSfcK0vgHtE8A==,type:comment]
gb: ENC[AES256_GCM,data:3eAKBiJoC1owCHTFd3Xq8vI8VK980evePc92xCXJJ21M9D1MdbwN8ySZ3Ovjk7VfQmEo8oRv1Ll1sftyrXYoeTHmJsNDxCpR6A==,iv:Ju/ERNuGrgO5kYlbvmkbLJkgiW3Elou34AsJTFITCUg=,tag:POVlxYh9kZ1BMSbt97IVOQ==,type:str]
#ENC[AES256_GCM,data:/2y613pek/CO,iv:gqSh74Ac0BxPdO+fOsQ0K8t2YduwyTVOjMq/A5Wmoz0=,tag:jLUYXu7f27FruwH5rUUZSA==,type:comment]
wp: ENC[AES256_GCM,data:3jeHpeu1YlFhK2+o19q2/JyJPhZFivPbUQzJJbJZ15GzAVh7i1VsTSN31LufXAgsC8KjZHAPhEZlGYvnGpCvPzoISQa5NVAJdQ==,iv:bL3ohgbjA2agFKDwgw0H3LgiHTWB4Y5KlQAtHfEMr+w=,tag:SfLtj7iDcmV3dgOlITFvxA==,type:str]
#ENC[AES256_GCM,data:YIlY7n5pcJTp,iv:Y/+ogxaMgSl0vcMPRr3qdSHjjnnhY+N2Q6jFojzIDyQ=,tag:zat02jxJ8jI2uk8noslmHQ==,type:comment]
hjp: ENC[AES256_GCM,data:Ii4P9ZsUOEh3cqt3AKWlgUH1CMNnmHln9QNWdTRR3vZXkkR5j5qKAIrAltml/i3xFlt4hftYNufnupog4UlAVWQJhYBlhCSE4g==,iv:eKWmUcKItjd1dsvVP1se5CAhIFqV/eVH03gPJhBau1E=,tag:ZTE0BTSoDpJGqECklGjs2g==,type:str]
#ENC[AES256_GCM,data:hCgqHfpmeJ1Z,iv:pEKUNxhUyNAVtniTIQ2IpMPmXr2O+twq2/3Y2lIoqdw=,tag:RTqcI0XCoOymQD3r4+yS9Q==,type:comment]
zzn: ENC[AES256_GCM,data:/CSffToFJiBotXZ5rPkz0UNgI/iC0ftusPF2Ce6Of3XckjpCcikWj6n3ahJ24XsWQjp3EvacOiBorh+Kg16LjCEl0P2RMIitTQ==,iv:u9IFdp/jw7ehTshPzQVssLeh33iBYCPjSyJSLsc5EVo=,tag:/KXgmU7dcTKG8C4Y7NcMhw==,type:str]
#ENC[AES256_GCM,data:TN/ycWtGSCNY,iv:pSilXx4zKs53XX/L0+QFbwv13rutQG11sU0EgVhaJEA=,tag:L+MpcYYlsMnSpS1JQdnwIQ==,type:comment]
lly: ENC[AES256_GCM,data:XkRaNI0SqooptH/OexBCzZ4RYvA3s7qXbpCtLVidJ4pZU/o7EHlIcvMbeRxqdujhXNQ+vbS3o7CmhwJK2JVVPCCVsd6k0gMDdw==,iv:v/2mgDuR+/lb8mtyv6sn4Z9XXnuDoXkT0DeNQ7850fU=,tag:T8xxo9C7kFSNlLDjEaZK0Q==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
hpcstat:
key: ENC[AES256_GCM,data:POK329h/joF7WdSBwSE1EkYH/pZ9X+wiTKcVWLZjmh7gM9d7HONbN/PqsYNFTHJVR0GgysqpLEcPN2OFGs/SSeH86o04cAdjAVznKZgt1Q34QGYy6b+io15P3lbmK0kTKmeGt5qEhGkBh6BVBoSyqbKAknvUqJ17ZkL17kyRaKffm3Zais7keEJCFdyRF6oSz2kl2CvEmKNWPWDdO9EpgqgYlm9mwu95/k9Hx5eyUjiFpxc3fdFTESGbe0ZYAqKQ0eLFfLLorQp0pAzxCbbxIzZEgyxjzkICXKa1n7Zz6h1ON2Rsqq0Q4hEYJdWGLtvOH/VLVxvNWjW4Er6i3lWGhZRiDDrxLErQGONI+X7QqbneFCnMCZGln3pAfNtOr+KX58ij/egyzmb7bKZrARqnm+X+/I/L0+VS1PfDdLP53GaX7mfKYpcH6z7O2F/zjpuXQTV8njs64YlvgyYXsCaghEUBzehsruwRsBEkTIb4R2AlqItpbesMnNNUJ4Cr/B7Bw6O+gHeJ+oK4ZPBYbgso,iv:B2eWjydl8m8nbcPw2fZfxCnj57utWM9ABj2eJ1pRKWQ=,tag:5W9ZwVSJvm1KvZnf/E5Tug==,type:str]
telegram:
token: ENC[AES256_GCM,data:Mu7guAFUu+UoHvo/h1blcI6Kg3mvng6zNc/HKXuCdf73ujziK0mXwPcf7t7d/w==,iv:BkA4d0OJ4lTD7csZJQHcDnYe7SYcFbwRVYOQAWOQ2lQ=,tag:GuJ4z5pe2znTY3xNT2WF+w==,type:str]
chat: ENC[AES256_GCM,data:OC8ElUPmfsVL,iv:WgZMJP2ugZbqZyihdNtL1xMH8u9VpLNzO8DGpDL4w4k=,tag:u4cKABikuMUbCIm5zCnk6A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RWIreCtMeTZ0UE9Zd2di
VE9tR0x6SUNyWjlPV1BqMU5Tb0RTSXNGN2hNCkxuVjFFb0xJZTBMekxqdE96RlRh
czF0dHQxdVhsNE5tVWg0Q2RmYktsWDgKLS0tIFY3dHRlbFpsWUsyTzA3RVR1Qyts
UUJHMU13cm1lOXhRYzhSWlFyTFltYWcKDUxABRGskWWpHEFL44gHYzAqaQ3AmBDt
LcL/4IiEs3TwOpuY+WTVx8JKZBOsxcSlNahiDuCnoTbL4gZTPnd0pA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwbHd4ZHhsTk5leDlreC9E
TVAzRXVuS0Judk5zTGVWRVhWSUhpMFdscEg0ClVFYzZYZG9hNjJKTlRVZ1I3eXVq
M2Y5by85dE1QM25yQ3g3bFVSL2tsVlkKLS0tIHVYbGxrT0hOQkZ5SHBsQ3UyaVly
ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-26T12:26:52Z"
mac: ENC[AES256_GCM,data:TiF/QAh6Y8Xn+3B1rlg+FvZFJ4fGP+szvvopbiEzO6AWBYp8dcD6MmaZstVzJL1BrRIQ3GENcq7EVyfZMWQlW8aRsVF/RrWOSpAKI1tiWDl+10Ov3zjr+Q8sFYTfblWXYH7Tq9pcWBChj1Kj88Ri5xRRfJTuelQoL0igHQBwfFM=,iv:ikzexH8P3CYu7SrRXwWd1Ar3+PEXSSjSVj5E3jwcZyQ=,tag:i5/F33/KcDJVQ4ceYtRErQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
devices/xmupc1/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:tuEymMXW0f7Rui5wrz/xozphTEq6ffkYIfNIoURFNHwH2Cg+aKHz2ox0gk02BJARhPMDrxCYlChkcrEI0ma/T0eBe9sWz3tA8AOwU1lHSZ06d/JWzW7IUIyTac2mnjt3/jY/qpnR4A8wtHwD0j4zkzXgUgFwq7k/fs24acEE4Jo=,iv:iDTS0xswLrwkOYmfomE5hluVONgJYia/RjINDy7T3R0=,tag:oIYNpFCuT2D+X1QEJJiHew==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aFRRa0NsOUp5MEg3UHcx\nc3g1VFZEQS9Tci9QSnNFYnIrT3hUdVU5cWxjCnU5UXVEdTFXczJzcHVvSjF2WHdB\nYmpyQVVaUFozKzJIZThBbXUxb2k2YzAKLS0tIHE1QXVrOXo1Y3VXMzJJYitWU3Qv\neDF1cndrSi94clh1cS9NczN0UW9pOXcKtrnIj3WovMYdcg5nWnnyRhJhTGLrlwxW\nxQ6bmNrfbZedmCNdjY2lPXmudMXJ8YlWe/HGCe94x3iFlaSwCIGUsA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocFl1SHJEemRySlBnMmNn\nVW9RS1NNdlo4M3l2WGlQaHJmbDBHcjMwaVVnCnY5WExPOXZJVEdYSlJ6UTRBMGJj\ncmlYaUNVV1hnWTNkaWVuV2VuaXN2eU0KLS0tIDBTYnd2NmVYTUJKaHZWRWo3ZlUx\nTEtPZWc2RE1XNG9WTXFOTllWVUVWeUkK+9aLz1rygGAQjpG+oMNUtrDkQaDfg+2q\nnl/CtZZrFD6NXGw6Di0X5t9fQu295NTJ/0qjXnfMigG8gDtxkE+/7g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-02-26T06:04:53Z",
"mac": "ENC[AES256_GCM,data:y0RkPyUwwff95BFL951TxS/x5ORzMsxFJVjopSw+8iVtswD8MT1nmsbwyth4C9OnJ/IAtnZk/CjAt72a68AZpPI+2W/JqJq20ohFoquDNhTlsoyLWdO3Vjrd+Wo3hp0+iKQ3e/uYrF1sTqQO9a3OIxu2sVLM0gEDmIe2nJpLJQo=,iv:EjXTQvVdjzfClNfQ3rPxAFVWVqr7sSOz4ap+nshPEAk=,tag:DcIlf9W7NNqQ+gf8f46MwQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

39
devices/xmupc1/tunnel.md Normal file
View File

@@ -0,0 +1,39 @@
# 使用 SSH 隧道连接
在学校外且不使用厦大 VPN 时,无法直接连接到学校的服务器,可以通过下面的方法连接到:
首先连接到 vps6.chn.moe。这个服务器在校外洛杉矶因此可以直接连接到。
同时,它通过别的方式与学校的服务器保持着连接,利用这个保持着的连接,跳回到学校的服务器。
这个跳转的过程不需要手动操作,只需要将软件设置好即可。
## PuTTY
1. 首先设置一个名为 `vps6` 的会话。
1. 在 Session 页,填入 `vps6.chn.moe` 作为 Host Name。
2. 在 Connection -> SSH -> Auth -> Credentials 页,在 “Private key file for authentication“ 选择密钥文件。
3. 在 Connection -> Data 页,在 “Auto-login username” 填写用户名。
4. 回到 Session 页,在 “Saved Sessions” 填入 `vps6` 并点击 “Save” 保存配置。
2. 再设置一个名为 `wireguard.xmupc1` 的会话。
1. 在 Session 页,填入 `wireguard.xmupc1.chn.moe` 作为 Host Name。
2. 在 Connection -> SSH -> Auth -> Credentials 页和 Connection -> Data 页,需要修改的设置与在 `vps6` 会话中相同。
3. 在 Connection -> Proxy 页,设置 Proxy type 为 `SSH to proxy and use port forwarding`Proxy hostname 为 `vps6`
4. 回到 Session 页,在 “Saved Sessions” 填入 `wireguard.xmupc1` 并点击 “Save” 保存配置。
之后双击双击 `wireguard.xmupc1` 会话即可连接到学校的服务器。
## WinSCP
1. 在登陆界面,点击 “新建站点”。
1. 设置 “文件协议” 为 `SCP`,“主机名” 为 `wireguard.xmupc1.chn.moe`,并输入用户名。
2. 然后点击右下角 “高级” 继续修改设置。
3. 在 连接 -> 隧道 页,勾选 “通过 SSH 隧道进行连接”,主机名填写 `vps6.chn.moe`,选择密钥文件,并填写用户名。
4. 在 SSH -> 验证 页,选择密钥文件。
5. 点击 “确定”,再点击 “保存”。
## OpenSSH
下面是一个命令的示例:
```bash
ssh -J username@vps6.chn.moe username@wireguard.xmupc1.chn.moe
```

29
devices/xmupc2/README.md Normal file
View File

@@ -0,0 +1,29 @@
# 硬件
* CPU44 核 88 线程。
* 内存256 G。
* 显卡:
* 409024 G 显存。
* ~~P500016 G 显存~~暂时拔掉了,否则 4090 供电不够。
* 硬盘18 T。
# 支持的连接协议
## SSH
* 地址xmupc2.chn.moe
* 端口6394
* 用户名:自己名字的拼音首字母
* 可以用密码登陆,也可以用证书登陆。
## RDP
* 地址xmupc2.chn.moe:3390
* 用户名:自己名字的拼音首字母
* 密码和 ssh 一样(使用同样的验证机制)。
## samba
因端口冲突暂时禁用。
其它内容请阅读 [xmupc1](../xmupc1) 的说明,两台机器的软件大致是一样的。

95
devices/xmupc2/default.nix Normal file
View File

@@ -0,0 +1,95 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/23CA-F4C4" = "/boot";
btrfs =
{
"/dev/disk/by-uuid/d187e03c-a2b6-455b-931a-8d35b529edac" =
{ "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs =
{
march = "skylake";
cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
nix =
{
marches =
[
"broadwell" "skylake"
# AVX512F CLWB AVX512VL AVX512BW AVX512DQ AVX512CD AVX512VNNI
# "cascadelake"
];
remote.slave.enable = true;
};
grub.windowsEntries."8F50-83B8" = "";
};
hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; };
virtualization.kvmHost = { enable = true; gui = true; };
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.enable = true;
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
wireguardIp = "192.168.83.7";
};
slurm =
{
enable = true;
master = "xmupc2";
node.xmupc2 =
{
name = "xmupc2"; address = "127.0.0.1";
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryMB = 253952;
gpus."4090" = 1;
};
partitions.localhost = [ "xmupc2" ];
tui = { cpuQueues = [{ mpiThreads = 8; openmpThreads = 10; }]; gpuIds = [ "4090" ]; };
};
xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
docker = {};
};
bugs = [ "xmunet" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" ];
};
};
}

54
devices/xmupc2/secrets/default.yaml Normal file
View File

@@ -0,0 +1,54 @@
acme:
token: ENC[AES256_GCM,data:Wb7Gons3HCMK5WGIZpG4XrrqZ5G6bymjuKMW6IUjLiK0CIXFz/ARNg==,iv:zc4BgHcc+O7SHQbJkff11fBwgsd+TFtvSEGJ/qrzVo4=,tag:K+Nu9kenTtTnin4+hDCdWA==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:FPVSD8otQMNpbESNEHXCfQjB/zi3OVwZoyLijUtnHQlQzec7KVSiGw==,iv:DkkwCqvRmcFHQIXseh2fycCxZboJMYhHPu67GddenY4=,tag:iHEC8r5GcuB1QcZ5Uf8Skw==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:0Vw9NVs/Kxc52zUlmeAPFeOG8msdL0YopjhzFKRWhv6+kfb+SFObOP8EJ2M=,iv:KgIZIawbnN+1sIcMjNECkdtujPbg7yQktKVc25SXavI=,tag:b79oZP+GZKmM3OVFshvFhg==,type:str]
users:
#ENC[AES256_GCM,data:FP1Mr1TmRI4L,iv:3K4LMbOQPvF1ORWNyaXDoC5MXn3yColR4eKs9sm9y5s=,tag:f3guTegVXw1A6aqolKQnqA==,type:comment]
xll: ENC[AES256_GCM,data:CAEd+usnLKoQZ+0PLEiJfbZpz2pyn+I/edC2KbNXBXZPAgT7IDENMnSQyxme899KqRVL4nLrtHs82aA8+kl/dE+QYSTCFVVuHg==,iv:Hs8rb0Iu5Xw74p9/cL2gWfPLh61VaLzIltKUSjRFZjc=,tag:/u5vI0oTMQbNoCEzhcWqOw==,type:str]
#ENC[AES256_GCM,data:UIns0CnC/QmJ,iv:Gn4XDPcdTyDLXAgGq7qwayrN206Gx7JsJ3V9G+4bTyA=,tag:FITVs8Tgkiq1XoS8joXM1Q==,type:comment]
zem: ENC[AES256_GCM,data:znpGuS8LVxaztnwQlIwu3hykWRBUtQvOsniLaOasXDbw9lHGX8lwwYJuCE+0I14HmiZK/RrrouIwfAfcjZQzPyjJ/SRoOG1Vyg==,iv:YXHX43y99/w9102vhsvFLVOUtJmuRnLVLu+ywfn9URY=,tag:AzsmkXOyX7y/D+ndteuMmA==,type:str]
#ENC[AES256_GCM,data:6vMItERptBsX,iv:G0sDjEfLciheMxTZbeLIbWKlimPD1ANIk/VVdhQifXA=,tag:oR9FEdVx6W+0uDeKfb37iw==,type:comment]
yjq: ENC[AES256_GCM,data:sGPQ0xALULREnhzl9g/V91M5osMglsSps6R4gYn5OZc/4xVC1phF3qajVN3YMOr7kKgkHbF2Rjm6/2vuK0k1iYZnFswUAmFlmw==,iv:5vG1hn7SlX6HCpas2BgxBSwWqLby8OCxcH3EKNvceIc=,tag:TVwFBAuosKnEOZecq1phXw==,type:str]
#ENC[AES256_GCM,data:ALHxkRABA+ll,iv:r1IDiHLFcTdLID3q16zrLTavAwQfddC7bXMKcFZFveI=,tag:4Pd0/Q1BmH4gJjaM4hbqqQ==,type:comment]
gb: ENC[AES256_GCM,data:z4CrtdmdLJJ0qZzr7qvihnluJQgjtciX56KdEmtemiRu0llEJk9qz6a23aJ7m40Sfc38elF1/LsvjOuBOC87+BVkKDCj76phag==,iv:WrFVxkr3snmqDXZx5kAYCLp7ixEIzxoT7El3rV7Ovqg=,tag:iExf2Y/HObHQrKMTRvqn7A==,type:str]
#ENC[AES256_GCM,data:XfNExliq7noL,iv:K+rFlZHF1oY5rsTzaO0mgxiE1VlKdtPTifAaesg321k=,tag:Dja8NmPWZdJkf/J/96/wAw==,type:comment]
wp: ENC[AES256_GCM,data:yjMDez28pJUo6riIHypQQgjGFbuLwy87eG4ek/+Li2w8b4Cm5JckRvs26o+S0blfICc8WqIqEJGakT2wVBE5O1jGfniKn3PhTA==,iv:dOA318XRd2EXxmTIlk6GhlAR/FBpbKkbPJJCXTwFCxM=,tag:9MkXNUuAoplAzE+4eJpr0w==,type:str]
#ENC[AES256_GCM,data:YGcTkNCeu3m7,iv:jYmVrfRFwQoX1XxeSzS23wRMAD/AnzYBXQjI76Ke2FE=,tag:WJfSmjdggzPojDcJ6GzP+A==,type:comment]
hjp: ENC[AES256_GCM,data:0R5SfBFKuLGurwINnTj31FOrwwfY9bqVS1rG/a0HqIYd+Ui8/2ffFBx0Et+tYIqcxXEJpGbvse43V0naNKmFKlLanfcy9YV/Hg==,iv:mpAUmcVHWWLoreEsG9ha09jxte8mQCLt/A7nm04iX9Y=,tag:bia9pjL0MAcs9vj1gKCVCQ==,type:str]
#ENC[AES256_GCM,data:Q3TFPjvcDmKh,iv:eZ1NXGQr9HogxWa46T26WL63nvqho2/KSji8Dgse76o=,tag:iSGPRMCMolp7LVFjJGPotg==,type:comment]
lly: ENC[AES256_GCM,data:tP/NtJcMUtZPvuAqoM6KhCMybhsTxKSq4WWW3SBzQ/O0FmUXhECQc5CQnI4J9PlalP7Ug+uUQzeBMnHN84pkKNIeHVJhqjU8Zw==,iv:7TPPuSfXypSRnnhuy8LJSXIB+KB+3vWV0G7AbCZpB6s=,tag:iSLgRxOHgUolByFyvwltNQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-26T12:27:03Z"
mac: ENC[AES256_GCM,data:q1EihAxiS23XoKWt4ogBo34pP7J6i/yFglmmvFIdWKIgwaoXWFexKrdu1oRZBIxISW+3b/NzkuUm1anu3sGFGiirDpllg8wu8ezXJJODb8yTU0HJpZ/9vjBPm+ZBt5zFzGky7kmW+qOFfUsZkr8dCiJil/Z0HrXrY2d59ksxhto=,iv:7b6ePa4xXdjrj8O2JWAptsONz8gPApS3roYMuRyrztU=,tag:uzOcc8H2W6VvGDkrex5M6A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
devices/xmupc2/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYmNFOFlnbm1FdXdGWUNr\nOGN3THhDUyt4SDVzcHY5dEYrSWsrQm1UOFJvCmhXaWFlcC8wazROaXZzcm9tUnFM\nQlphZ0x6c0RhbzY0aGVFbXdOa1BHbG8KLS0tIHF2YUNTVnZ3Z25FSnFlTEdmdXhE\nb3Z2UEp1c2UrOUp3NEdNcE5HSFptbzAKWGSTwv6xUNs/f+p0Bhpzg8zZ7EVK8kMm\no13fru2Cnqrw8Cj0zfx+7LODpBVzo03fLYKqZ6kbPZGa12ihk+fD4g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRVMrenM2Q1ZheFVPc2Rz\nYVd6UGoxbkpSQlZsNFN1dmIzSkl6SERwaTBRCjlHV3MvTEpxbDY4OHZjeUd5NmRF\nRmc1NzVCMTA0bDhwajNlMWZKTlNKK2cKLS0tIHRZZ0cxY2dwV21iRDlmeE5UZkM4\nK1dKV24yY3FKV2J3U2VzZWt2QnBSTHcKn8mq+1RnJG/nBbH2mAFpSFSTHDWvMqJj\nsziW9lK0cH6bPxhcpDO4oG8K08bdGHUVGtx2Zk81CDqzfamlMzzG2Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-09T07:59:38Z",
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

2
doc/branch.md
View File

@@ -1,2 +0,0 @@
* archive: archive
* one-fprint: test fingerpint on one

10
doc/todo.md
View File

@@ -1,10 +0,0 @@
* 打包 intel 编译器
* 切换到 niri清理 plasma
* 调整其它用户的 zsh 配置
* 调整 motd
* 找到 wg1 不能稳定工作的原因;确定 persistentKeepalive 发包的协议、是否会被正确 NAT。
* 清理 mariadb移动到 persistent
* 清理多余文件
* 移动日志到 persistent
* 准备单独一个的 archive
* 测试透明代理代理其它机器的情况

12
doc/upgrade.md
View File

@@ -1,12 +0,0 @@
* merge upstream, update flake
* update src
* fix all build errors
* update modules (synapse)
* update postgresql nextcloud
* update stateVersion
* switch
* fix disabled packages
* upstream patches
* merge upstream again
* switch
* build all

9
doc/迁移服务器.md
View File

@@ -1,9 +0,0 @@
1. 调整代码,编译。
2. 将系统上传到新机。不要 rebuild。
3. 如果原机数据比较多,则先传输一个快照过去。
4. 将原机停机,修改 dns。
5. 传输原机的数据到新机,但不要替换子卷。
6. 替换 initrd ssh keyrebuild。
7. 替换子卷。
8. 替换 luks 密钥。
9. 重启。

1421
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

83
flake.nix
View File

@@ -3,80 +3,83 @@
inputs =
{
self.submodules = true;
nixpkgs.url = ./nixpkgs;
nixpkgs-2505.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
home-manager = { url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.11";
"nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
"nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:CHN-beta/nur-xddxdd"; inputs.nixpkgs.follows = "nixpkgs"; };
impermanence.url = "github:CHN-beta/impermanence";
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
bscpkgs = { url = "github:CHN-beta/bscpkgs"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; };
niri = { url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; };
nix4vscode =
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions =
{
url = "github:nix-community/nix4vscode?rev=6c603c201b11dafda616940bac1f295144ac1c41";
url = "github:nix-community/nix-vscode-extensions?rev=7aa26ebccf778efe880fda1290db9c1da56ffa4f";
inputs.nixpkgs.follows = "nixpkgs";
};
dankmaterialshell = { url = "github:AvengeMedia/DankMaterialShell"; inputs.nixpkgs.follows = "nixpkgs"; };
harmonia.url = "github:nix-community/harmonia";
nix-cachyos-kernel = { url = "github:CHN-beta/nix-cachyos-kernel"; inputs.nixpkgs.follows = "nixpkgs"; };
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem/master"; inputs.nixpkgs.follows = "nixpkgs"; };
plasma-manager =
{
url = "github:pjones/plasma-manager";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
chaotic =
{
url = "github:chaotic-cx/nyx";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
catppuccin.url = "github:catppuccin/nix";
bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1&rev=4c0425d6a229d3a75f2ff01cc30cf90434381cec"; flake = false; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
zpp-bits = { url = "github:eyalz800/zpp_bits"; flake = false; };
concurrencpp = { url = "github:David-Haim/concurrencpp"; flake = false; };
cppcoro = { url = "github:Garcia6l20/cppcoro"; flake = false; };
date = { url = "github:HowardHinnant/date"; flake = false; };
eigen = { url = "gitlab:libeigen/eigen"; flake = false; };
matplotplusplus = { url = "github:alandefreitas/matplotplusplus"; flake = false; };
nameof = { url = "github:Neargye/nameof"; flake = false; };
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
slate = { url = "github:TheBigWazz/Slate"; flake = false; };
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
mumax = { url = "github:mumax/3"; flake = false; };
lmod = { url = "github:TACC/Lmod"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
git-lfs-transfer = { url = "github:charmbracelet/git-lfs-transfer"; flake = false; };
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
hextra = { url = "github:imfing/hextra"; flake = false; };
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp?ref=v0.10.2"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog-public.git?lfs=1"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog-public.git"; flake = false; };
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
vaspberry = { url = "github:Infant83/VASPBERRY"; flake = false; };
ufo = { url = "git+https://git.chn.moe/chn/ufo.git"; flake = false; };
highfive = { url = "git+https://github.com/CHN-beta/HighFive?submodules=1"; flake = false; };
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
phono3py = { url = "github:phonopy/phono3py/v3.19.4"; flake = false; };
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
speedtest = { url = "github:librespeed/speedtest"; flake = false; };
pybinding = { url = "git+https://github.com/dean0x7d/pybinding?submodules=1"; flake = false; };
brokenaxes = { url = "github:bendichter/brokenaxes"; flake = false; };
mirism-old = { url = "github:CHN-beta/mirism-old-public"; flake = false; };
sqlgen = { url = "git+https://github.com/getml/sqlgen?submodules=1"; flake = false; };
reflectcpp = { url = "git+https://github.com/getml/reflect-cpp?submodules=1"; flake = false; };
linux-asus = { url = "github:CHN-beta/linux-g14/6.18"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
{
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
overlays.default = final: prev:
{ localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
config.dns = inputs.self.packages.x86_64-linux.dns-push.meta.config;
config = { archive = false; branch = "production"; };
devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
src = import ./flake/src.nix { inherit inputs; };
apps.x86_64-linux.dns-push = { type = "app"; program = "${inputs.self.packages.x86_64-linux.dns-push}"; };
};
}

54
flake/dev.nix
View File

@@ -1,65 +1,51 @@
{ inputs }: let inherit (inputs.self.nixosConfigurations.pc) pkgs; in
{
biu = pkgs.mkShell
biu = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.biu ];
packages = [ pkgs.llvmPackages.clang-tools ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
hpcstat = pkgs.mkShell
hpcstat = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ (pkgs.localPackages.hpcstat.override { version = null; }) ];
packages = [ pkgs.llvmPackages.clang-tools ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
sbatch-tui = pkgs.mkShell
sbatch-tui = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.sbatch-tui ];
packages = [ pkgs.llvmPackages.clang-tools ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
ufo = pkgs.mkShell
ufo = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.ufo ];
packages = [ pkgs.llvmPackages.clang-tools ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
chn-bsub = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.chn-bsub ];
packages = [ pkgs.llvmPackages.clang-tools ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
info = pkgs.mkShell
winjob =
let inherit (pkgs) clang-tools_18; in let inherit (inputs.self.packages.x86_64-w64-mingw32) pkgs winjob;
in pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
{
inputsFrom = [ winjob ];
packages = [ clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
mirism = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.info ];
packages = [ pkgs.llvmPackages.clang-tools ];
inputsFrom = [ pkgs.localPackages.mirism ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
vm = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.vm ];
packages = [ pkgs.llvmPackages.clang-tools ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
xinli = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.xinli ];
packages = [ pkgs.llvmPackages.clang-tools ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
missgram = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.missgram ];
packages = [ pkgs.llvmPackages.clang-tools ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
}

14
flake/dns/config.yaml
View File

@@ -1,14 +0,0 @@
providers:
config:
class: octodns.provider.yaml.YamlProvider
directory: env/OCTODNS_CONFIG
cloudflare:
class: octodns_cloudflare.CloudflareProvider
token: env/CLOUDFLARE_TOKEN
pagerules: false
zones:
'*':
sources:
- config
targets:
- cloudflare

88
flake/dns/config/chn.moe.nix
View File

@@ -1,88 +0,0 @@
{ lib, localLib }:
let
cname =
{
nas = [ "initrd.nas" ];
office = [ "xserverxmu" "srv2-node0" ];
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "initrd.vps6" "sticker" "synapse-admin" "tgapi" "ua" "xserver2"
"xserver2.vps6" "s" "headscale" "missgram"
# to pc
""
];
"xlog.autoroute" = [ "xlog" ];
"tinc0.srv1-node0" = [ "tinc0.srv1" ];
"tinc0.srv2-node0" = [ "tinc0.srv2" ];
srv1-node0 = [ "srv1" ];
srv2-node0 = [ "srv2" ];
"pc.ts" = [ "nix-store" "chat" ];
"nas.ts" = [ "ssh.git" ];
autoroute = [ "" "matrix" ];
vps9 =
[
"initrd.vps9" "xserver2.vps9"
# to nas
"git" "grafana" "peertube" "send" "vikunja" "xservernas" "freshrss" "huginn" "nextcloud"
"rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
];
};
a =
{
nas = "192.168.1.2";
pc = "192.168.1.3";
office = "210.34.16.21";
srv1-node0 = "59.77.36.250";
vps4 = "104.234.37.61";
vps6 = "144.34.225.59";
vps9 = "154.3.39.17";
search = "127.0.0.1";
srv1-node1 = "192.168.178.2";
srv1-node2 = "192.168.178.3";
srv2-node1 = "192.168.178.2";
srv2-node2 = "192.168.178.3";
"409test" = "192.168.1.5";
};
tinc = import ./tinc.nix;
tailscale = import ./tailscale.nix;
in
{
"" =
[
{ type = "ALIAS"; value = "vps6.chn.moe."; }
{
type = "MX";
values =
[
{ exchange = "tuesday.mxrouting.net."; preference = 10; }
{ exchange = "tuesday-relay.mxrouting.net."; preference = 20; }
];
}
{ type = "TXT"; value = "v=spf1 include:mxlogin.com -all"; }
];
"_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
autoroute = { type = "NS"; values = "vps6.chn.moe."; };
ts = { type = "NS"; values = "vps6.chn.moe."; };
"mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
"webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
"x._domainkey" =
{
type = "TXT";
value = ''v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CjW96ffx1tVrJkt630lSRrdEF495OAkFbUxwgZm+EjMhdQtG3erl+AzcyjK3gJpg2ylqOYxCFElerqiN9IiggYy4z6tJwVqoh7bucMbO5J4EJQvFdbyRveq7LVm+n5Qgr/CRi6105zfpzX0NbQZoLINSJMCGOmWcYPZZYv7T260ghVFkn4qVpAkFqvvc+RBtY9P96nPZ+omYvpKDV+JReNanxBZRoxuKQDpYPZhV7E6mLulzHzFyuwDLg7THBCcmEr3DlAAeZcLdm6cTdwYTG2cMv2CUiocSdxmrZeBaWa1Xef+70ddrr823o105l6PP437L4337JIMH19g9iTT+QIDAQAB'';
};
}
// builtins.listToAttrs (builtins.concatLists (builtins.map
(cname: builtins.map
(name: { inherit name; value = { type = "CNAME"; value = "${cname.name}.chn.moe."; }; })
cname.value)
(localLib.attrsToList cname)))
// builtins.listToAttrs (builtins.map
(a: {inherit (a) name; value = { inherit (a) value; type = "A"; }; })
(localLib.attrsToList a))
// lib.mapAttrs'
(n: v: lib.nameValuePair "tinc0.${n}" { type = "A"; value = "192.168.85.${builtins.toString v}"; })
tinc
// lib.mapAttrs'
(n: v: lib.nameValuePair "${n}.ts" { type = "A"; value = "100.97.101.${builtins.toString v}"; })
tailscale

Some files were not shown because too many files have changed in this diff Show More