chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-11 23:09:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:2d1df77bc39976e917f136f6656f34966fde5c0a
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
compare: chn:ttyd
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

100 Commits
2d1df77bc3 ... ttyd

Author SHA1 Message Date
chn
8924f88901 pc: enable ttyd 2024-02-04 22:46:16 +08:00
chn
a07800192d system.gurb: fix efishell 2024-02-04 11:37:36 +08:00
chn
13b0c77e7a do not archive 2024-02-04 11:13:34 +08:00
chn
43e8215fc6 Merge branch 'main' into production 2024-02-03 20:52:43 +08:00
chn
abdf3f5f0b vps7: disable mastodon 2024-02-03 20:52:16 +08:00
chn
9b41ebd154 Revert "services.mastodon: security update to 4.2.5" 
This reverts commit 3a60acebb5.
 2024-02-03 20:51:55 +08:00
chn
21e8b5300a switch to production 2024-02-03 20:49:59 +08:00
chn
6967ab4839 Revert "switch to production build" 
This reverts commit 2fe4fb2a25.
 2024-02-03 20:45:25 +08:00
chn
3a60acebb5 services.mastodon: security update to 4.2.5 2024-02-03 20:39:47 +08:00
chn
26f0b20684 fix build for silvermont 2024-02-03 19:21:34 +08:00
chn
2fe4fb2a25 switch to production build 2024-02-03 19:14:42 +08:00
chn
641fd3bb97 fix vps7 build 2024-02-03 10:56:07 +08:00
chn
d37e47ff40 system.grub: fix efi shell 2024-02-02 23:39:12 +08:00
chn
67d3cac7a1 packages.server: add dmidecode 2024-02-01 14:32:23 +08:00
chn
3ffdf466bb system.grub: add efi shell 2024-02-01 13:56:09 +08:00
chn
c89af3fa52 system.grub: rewrite 2024-02-01 12:30:01 +08:00
chn
817613ea96 system.envfs: fix 2024-02-01 11:09:11 +08:00
chn
236ddddffc rewrite system.nix 2024-02-01 10:55:47 +08:00
chn
c08fd457cb system.nix: keepOutputs -> includeBuildDependencies 2024-02-01 10:43:54 +08:00
chn
a577616756 system.nix: autoOptimiseStore = false by default 2024-02-01 10:39:27 +08:00
chn
9e43844e14 system.impermanence: enable by default 2024-02-01 10:05:02 +08:00
chn
81521bcd3b system: add envfs 2024-02-01 10:03:15 +08:00
chn
e2674908fb packages.desktop: fix xclip 2024-02-01 09:56:30 +08:00
chn
7d43e6218d localPackages: fix mirism 2024-02-01 09:30:37 +08:00
chn
41552e2ea1 pc: envfs use upstream 2024-02-01 00:30:11 +08:00
chn
268c5bdf3a pc: enable envfs 2024-02-01 00:05:04 +08:00
chn
500d4ac79e 整理了一些plasma的配置 2024-01-31 22:49:30 +08:00
chn
d0603c5977 fix surface build 2024-01-31 22:05:18 +08:00
chn
a5fdf1ea1d pc: do not include build dependencies 2024-01-31 21:14:21 +08:00
chn
8774a6759a packages.workstation: add yuzu 2024-01-31 15:21:22 +08:00
chn
d354b555eb Revert "pc: enable envfs" 
This reverts commit 3a96911336.
 2024-01-30 20:21:35 +08:00
chn
3a96911336 pc: enable envfs 2024-01-30 19:34:10 +08:00
chn
08df40f3a3 nas: disable gui 2024-01-30 19:22:25 +08:00
chn
bffed3b584 vps7: disable gui 2024-01-30 19:21:36 +08:00
chn
c29eb53ee0 Revert "Revert "pc: include all build dependencies"" 
This reverts commit fbc6d5bee1.
 2024-01-30 13:34:54 +08:00
chn
42119af04d fix pc build 2024-01-30 11:46:06 +08:00
chn
9d5772ab1f Merge branch 'main' into next 2024-01-30 11:41:04 +08:00
chn
fbc6d5bee1 Revert "pc: include all build dependencies" 
This reverts commit 9f9e58e54e.
 2024-01-29 21:34:40 +08:00
chn
9f9e58e54e pc: include all build dependencies 2024-01-29 18:45:48 +08:00
chn
dc297d0d04 pc: enable snapper 2024-01-29 14:48:58 +08:00
chn
b59dc1b213 services.xray: do not bypass nvidia 2024-01-29 11:07:05 +08:00
chn
853aaf8183 system.nix: set max-jobs & max-substitution-jobs 2024-01-28 19:02:34 +08:00
chn
795acc3828 system.nix: limit max-substitution-jobs 2024-01-27 18:38:28 +08:00
chn
7cf371e78c system.grub: enable memtest86 2024-01-27 18:36:51 +08:00
chn
39fde66754 pc: enable beesd 2024-01-26 16:00:12 +08:00
chn
7a881491bd pc: do not autoOptimiseStore 2024-01-26 15:56:49 +08:00
chn
8e7c615b02 pc: disable beesd and snapper 2024-01-24 08:59:54 +08:00
chn
dbc6874ead update everything 2024-01-23 15:31:49 +08:00
chn
1a2f725a8e localPackages: zpp-bits use flake inputs 2024-01-22 21:11:00 +08:00
chn
0665f57988 pc: setup color profile 2024-01-22 10:54:31 +08:00
chn
15a9f0c05e packages.desktop: add xcalib 2024-01-22 10:50:36 +08:00
chn
82d834e93a pc: add color profiles 2024-01-22 00:52:49 +08:00
chn
c4cccacba3 packages.desktop: add argyllcms 2024-01-22 00:30:53 +08:00
chn
753709d494 pc: disable colord 2024-01-22 00:28:13 +08:00
chn
173d83daae localPackage.rsshub: use flake inputs 2024-01-21 23:45:43 +08:00
chn
cbe228c873 surface: enable waydroid 2024-01-21 18:14:11 +08:00
chn
eb2ab49388 packages: move some package from workstation to desktop-fat 2024-01-20 11:42:41 +08:00
chn
3fd0988582 surface: add maliit 2024-01-20 11:36:26 +08:00
chn
de3b40360b surface: enable iptsd 2024-01-20 11:10:27 +08:00
chn
bb9a1bfb68 Revert "surface: remove patch from nixos-hardware" 
This reverts commit 9d8442b1cf.
 2024-01-20 11:10:13 +08:00
chn
9d8442b1cf surface: remove patch from nixos-hardware 2024-01-20 10:04:00 +08:00
chn
26150244cb update aagl 2024-01-19 23:50:47 +08:00
chn
914eea92b6 services.wireguard: fix 2024-01-19 19:45:56 +08:00
chn
b2532ef44d services.xray: rename 2024-01-19 19:08:28 +08:00
chn
b600c81aa7 system.nix: comma use upstream nixpkgs-unstable 2024-01-19 10:39:08 +08:00
chn
01a5c290bc surface: enable swap 2024-01-18 22:38:29 +08:00
chn
16c9fa7c3d surface: disable iptsd 2024-01-18 22:12:28 +08:00
chn
9bf3faee63 system.gui: fix 2024-01-18 21:40:51 +08:00
chn
e1789991c4 allow deploy to surface 2024-01-18 21:38:11 +08:00
chn
3cbfe14cc2 system.gui: use wayland as default 2024-01-18 21:20:56 +08:00
chn
2df6396b84 localPackages.typora: update 2024-01-18 15:11:17 +08:00
chn
ce44fe7856 localPackages.misskey: use flake input 2024-01-18 14:45:50 +08:00
chn
de292de159 system: less log 2024-01-18 11:39:09 +08:00
chn
81b6831e1b do not blacklist module ideapad_laptop 2024-01-18 10:18:01 +08:00
chn
bd445d5034 surface: adjust 2024-01-17 16:22:07 +08:00
chn
0ca6df2499 nixos-hardware use upstream repo 2024-01-17 15:10:03 +08:00
chn
00d010a910 surface: fix kernel 2024-01-17 15:07:42 +08:00
chn
48f450bfe3 surface: add lantian patch 2024-01-17 14:31:09 +08:00
chn
7e4fe4837f surface: fix kernel 2024-01-17 14:27:55 +08:00
chn
13edf20710 use nixos-hardware from CHN-beta 2024-01-17 14:07:22 +08:00
chn
556a8d68fc surface: add config from nixos-hardware 2024-01-17 13:21:43 +08:00
chn
2e9972a8cd pc: enable waydroid 2024-01-17 12:16:03 +08:00
chn
30397a8443 pc: fix nvidia 2024-01-17 11:36:24 +08:00
chn
1fcecbb74d pc: disable waydroid 2024-01-17 09:38:55 +08:00
chn
d80d009e3a pc: enable virtualbox 2024-01-16 23:33:30 +08:00
chn
a9e0a57791 Revert "pc: enable anbox" 
This reverts commit 17430b943e.
 2024-01-16 23:15:57 +08:00
chn
17430b943e pc: enable anbox 2024-01-16 23:12:11 +08:00
chn
7e8bd6f959 pc: enable colord 2024-01-16 22:45:18 +08:00
chn
a624e98514 split machine config 2024-01-16 22:41:03 +08:00
chn
67a03b5ccc default use x11 2024-01-16 22:07:15 +08:00
chn
f64390d7a7 pc: switch back to nvidia 2024-01-16 22:00:21 +08:00
chn
d0158b1608 pc: prime use offload 2024-01-16 21:33:49 +08:00
chn
36da74115e try to fix amdgpu (failed) 2024-01-16 21:32:29 +08:00
chn
fd13dd7319 try to fix 2024-01-16 20:14:41 +08:00
chn
0e75a6f4e8 update kernel 2024-01-16 16:40:41 +08:00
chn
ccc102ea00 fix chromium 2024-01-16 01:18:22 +08:00
chn
4465522bc5 hardware: disable nvidia modesetting 2024-01-16 00:47:48 +08:00
chn
8ba5913eca surface: fix opencolorio 2024-01-16 00:14:14 +08:00
chn
478d760816 comment 2024-01-15 19:39:10 +08:00
chn
98f9bfd1e5 pc: use prime 2024-01-15 18:59:26 +08:00
52 changed files with 1640 additions and 1141 deletions
Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -1 +1,2 @@
*.png filter=lfs diff=lfs merge=lfs -text
*.icm filter=lfs diff=lfs merge=lfs -text

10
.sops.yaml
View File

@@ -3,7 +3,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
- &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &xmupc1 age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
creation_rules:
@@ -27,15 +27,11 @@ creation_rules:
- age:
- *chn
- *nas
- path_regex: secrets/xmupc1/.*$
- path_regex: secrets/surface/.*$
key_groups:
- age:
- *chn
- path_regex: secrets/yoga/.*$
key_groups:
- age:
- *chn
- *yoga
- *surface
- path_regex: secrets/xmupc1/.*$
key_groups:
- age:

99
devices/nas/default.nix Normal file
View File

@@ -0,0 +1,99 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root1" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
"/nix/backup" = "/nix/backup";
};
};
};
decrypt.manual =
{
enable = true;
devices =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
initrd.sshd.enable = true;
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
networking.hostname = "nas";
};
hardware = { cpus = [ "intel" ]; gpus = [ "intel" ]; };
packages.packageSet = "server";
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares = { home.path = "/home"; root.path = "/"; };
};
sshd = { enable = true; passwordAuthentication = true; };
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
groupshare.enable = true;
smartd.enable = true;
beesd =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 2048; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
};
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "nas";
stcp.hpc = { localIp = "hpc.xmu.edu.cn"; localPort = 22; };
};
nginx = { enable = true; applications.webdav.instances."local.webdav.chn.moe" = {}; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
};
users.users = [ "chn" "xll" "zem" "yjq" "yxy" ];
};
};
}

BIN
devices/pc/color/TPLCD_161B_Default.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native_HDR.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_REC709.icm LFS Executable file
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_sRGB.icm LFS Executable file
View File

Binary file not shown.

154
devices/pc/default.nix Normal file
View File

@@ -0,0 +1,154 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub =
{
# TODO: install windows
# windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
installDevice = "efi";
};
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "pc";
sysctl.laptop-mode = 5;
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
legion.enable = true;
};
packages.packageSet = "workstation";
virtualization =
{
waydroid.enable = true;
docker.enable = true;
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "74.211.99.69";
"beta.mirism.one" = "74.211.99.69";
"ng01.mirism.one" = "74.211.99.69";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "pc";
stcpVisitor."yy.vnc".localPort = 6187;
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; threads = 4; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
};
bugs = [ "xmunet" "backlight" "amdpstate" ];
};
# use plasma-x11 as default, instead of plasma-wayland
services.xserver.displayManager =
{
defaultSession = inputs.lib.mkForce "plasma";
setupCommands = "${inputs.pkgs.xcalib}/bin/xcalib -d :0 ${./color/TPLCD_161B_Default.icm}";
};
virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; };
hardware.nvidia.forceFullCompositionPipeline = true;
services.ttyd =
{
enable = true;
username = "ttyd";
passwordFile = inputs.pkgs.writeText "ttydpw" "0000";
};
};
}

81
devices/surface/default.nix Normal file
View File

@@ -0,0 +1,81 @@
inputs:
{
imports = inputs.localLib.mkModules [ inputs.topInputs.nixos-hardware.nixosModules.microsoft-surface-pro-intel ];
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/7179-9C69" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/c6d35075-85fe-4129-aaa8-f436ab85ce43"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/4f7420f9-ea19-4713-b084-2ac8f0a963ac" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/88bd9d44-928b-40a2-8f3d-6dcd257c4601" =
{ mapper = "swap"; ssd = true; before = [ "root" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
nixpkgs.march = "skylake";
grub.installDevice = "efi";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "lantian" ];
networking.hostname = "surface";
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop-fat";
virtualization = { docker.enable = true; waydroid.enable = true; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
};
bugs = [ "xmunet" ];
};
boot.kernelPackages =
let
originalKernel = inputs.pkgs.linuxPackages_xanmod_latest.kernel;
version = originalKernel.version;
majorVersion =
let versionArray = builtins.splitVersion version;
in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
repoFile = "${inputs.topInputs.nixos-hardware}/microsoft/surface/common/kernel/linux-package.nix";
inherit (inputs.pkgs.callPackage repoFile {}) repos;
patchDir = repos.linux-surface + "/patches/${majorVersion}";
patchFile = "${inputs.topInputs.nixos-hardware}/microsoft/surface/common/kernel/linux-6.6.x/patches.nix";
kernelPatches = inputs.pkgs.callPackage patchFile { inherit (inputs.lib) kernel; inherit version patchDir; };
in
inputs.lib.mkForce (inputs.pkgs.linuxPackagesFor (originalKernel.override
(prev: { kernelPatches = prev.kernelPatches ++ kernelPatches; })));
environment.systemPackages = with inputs.pkgs; [ maliit-keyboard maliit-framework ];
};
}

83
devices/vps6/default.nix Normal file
View File

@@ -0,0 +1,83 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.hostname = "vps6";
};
packages.packageSet = "server";
services =
{
snapper.enable = true;
sshd.enable = true;
xray.server = { enable = true; serverName = "vps6.xserver.chn.moe"; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
{
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.pc.chn.moe"; })
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana"
]));
applications =
{
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
blog.enable = true;
main.enable = true;
};
};
coturn.enable = true;
httpua.enable = true;
mirism.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "pc" "nas" "vps7" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";
lighthouse = true;
};
};
};
};
}

76
devices/vps7/default.nix Normal file
View File

@@ -0,0 +1,76 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "broadwell";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.hostname = "vps7";
};
packages.packageSet = "server";
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
rsshub.enable = true;
wallabag.enable = true;
misskey.instances =
{
misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
};
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
};
vaultwarden.enable = true;
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
photoprism.enable = true;
nextcloud.enable = true;
freshrss.enable = true;
send.enable = true;
huginn.enable = true;
fz-new-order.enable = true;
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
httpapi.enable = true;
gitea.enable = true;
grafana.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
listenIp = "95.111.228.40";
};
};
};
};
}

99
devices/xmupc1/default.nix Normal file
View File

@@ -0,0 +1,99 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efi";
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
gui.preferred = false;
kernel.patches = [ "cjktty" ];
networking.hostname = "xmupc1";
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
gamemode.drmDevice = 1;
};
packages.packageSet = "workstation";
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xray.client =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
smartd.enable = true;
beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.5";
};
};
bugs = [ "xmunet" "firefox" ];
};
};
}

645
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

598
flake.nix
View File

@@ -4,7 +4,7 @@
inputs =
{
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
@@ -13,7 +13,7 @@
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
};
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs-unstable"; };
nur.url = "github:nix-community/NUR";
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -24,13 +24,15 @@
inputs = { nixpkgs.follows = "nixpkgs"; nix-index-database.follows = "nix-index-database"; };
};
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
qchem = { url = "github:Nix-QChem/NixOS-QChem/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
# oneapi
lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
# nvhpc
dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
plasma-manager =
{
@@ -39,6 +41,22 @@
};
nix-doom-emacs = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nixos-hardware.url = "github:NixOS/nixos-hardware";
envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
zpp-bits = { url = "github:eyalz800/zpp_bits"; flake = false; };
citation-style-language = { url = "git+https://github.com/zepinglee/citeproc-lua?submodules=1"; flake = false; };
concurrencpp = { url = "github:David-Haim/concurrencpp"; flake = false; };
cppcoro = { url = "github:Garcia6l20/cppcoro"; flake = false; };
date = { url = "github:HowardHinnant/date"; flake = false; };
eigen = { url = "gitlab:libeigen/eigen"; flake = false; };
matplotplusplus = { url = "github:alandefreitas/matplotplusplus"; flake = false; };
nameof = { url = "github:Neargye/nameof"; flake = false; };
nodesoup = { url = "github:olvb/nodesoup"; flake = false; };
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
v-sim = { url = "gitlab:l_sim/v_sim"; flake = false; };
};
outputs = inputs:
@@ -65,562 +83,27 @@
# ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
# ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
# systemd-machine-id-setup --root=/mnt/nix/persistent
nixosConfigurations =
let
system =
nixosConfigurations = builtins.listToAttrs (builtins.map
(system:
{
name = system;
value = inputs.nixpkgs.lib.nixosSystem
{
pc =
{
system =
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
(moduleInputs:
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub =
{
# TODO: install windows
# windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
installDevice = "efi";
};
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
keepOutputs = true;
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel.patches = [ "cjktty" "lantian" ];
impermanence.enable = true;
networking.hostname = "pc";
sysctl.laptop-mode = 5;
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "amd" "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
legion.enable = true;
};
packages.packageSet = "workstation";
virtualization =
{
waydroid.enable = true;
docker.enable = true;
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
# kvmGuest.enable = true;
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "74.211.99.69";
"beta.mirism.one" = "74.211.99.69";
"ng01.mirism.one" = "74.211.99.69";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "pc";
stcpVisitor."yy.vnc".localPort = 6187;
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
};
bugs = [ "xmunet" "suspend-hibernate-waydroid" "backlight" ];
};
vps6 =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
impermanence.enable = true;
networking.hostname = "vps6";
};
packages.packageSet = "server";
services =
{
snapper.enable = true;
sshd.enable = true;
xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
{
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.pc.chn.moe"; })
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana"
]));
applications =
{
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
blog.enable = true;
main.enable = true;
};
};
coturn.enable = true;
httpua.enable = true;
mirism.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "pc" "nas" "vps7" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
externalIp = "74.211.99.69";
lighthouse = true;
};
};
};
vps7 =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "broadwell";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
impermanence.enable = true;
networking.hostname = "vps7";
gui.preferred = false;
};
packages.packageSet = "desktop";
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
rsshub.enable = true;
wallabag.enable = true;
misskey.instances =
{
misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
};
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
};
xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
vaultwarden.enable = true;
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
photoprism.enable = true;
nextcloud.enable = true;
freshrss.enable = true;
send.enable = true;
huginn.enable = true;
fz-new-order.enable = true;
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
httpapi.enable = true;
mastodon.enable = true;
gitea.enable = true;
grafana.enable = true;
fail2ban.enable = true;
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
externalIp = "95.111.228.40";
};
};
};
nas =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root1" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
"/nix/backup" = "/nix/backup";
};
};
};
decrypt.manual =
{
enable = true;
devices =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
initrd.sshd.enable = true;
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "nas";
gui.preferred = false;
};
hardware = { cpus = [ "intel" ]; gpus = [ "intel" ]; };
packages.packageSet = "desktop";
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares = { home.path = "/home"; root.path = "/"; };
};
sshd = { enable = true; passwordAuthentication = true; };
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
smartd.enable = true;
beesd =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 2048; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
};
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "nas";
stcp.hpc = { localIp = "hpc.xmu.edu.cn"; localPort = 22; };
};
nginx = { enable = true; applications.webdav.instances."local.webdav.chn.moe" = {}; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
};
users.users = [ "chn" "xll" "zem" "yjq" "yxy" ];
};
surface =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
{ mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
nixpkgs.march = "skylake";
grub.installDevice = "efi";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "surface";
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop-fat";
virtualization.docker.enable = true;
services =
{
snapper.enable = true;
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
};
bugs = [ "xmunet" ];
};
xmupc1 =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efi";
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
gui.preferred = false;
kernel.patches = [ "cjktty" ];
impermanence.enable = true;
networking.hostname = "xmupc1";
};
hardware =
{
cpus = [ "amd" ];
gpus = [ "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
gamemode.drmDevice = 1;
};
packages.packageSet = "workstation";
virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; cert."debug.mirism.one" = {}; };
smartd.enable = true;
beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.5";
};
};
bugs = [ "xmunet" "firefox" ];
};
config.nixpkgs.overlays = [(final: prev: { localPackages =
import ./local/pkgs { inherit (moduleInputs) lib; pkgs = final; topInputs = inputs; };})];
})
./modules
./devices/${system}
];
};
in builtins.listToAttrs (builtins.map
(system:
{
name = system.name;
value = inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
(inputs: { config.nixpkgs.overlays = [(final: prev:
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
./modules
{ config.nixos = system.value; }
];
};
})
(localLib.attrsToList system));
})
[ "pc" "vps6" "vps7" "nas" "surface" "xmupc1" ]);
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
# nix-serve -p 5000
# nix copy --substitute-on-destination --to ssh://server /run/current-system
@@ -656,10 +139,11 @@
inputs.self.nixosConfigurations.${node};
};
})
[ "vps6" "vps7" "nas" "yoga" ]);
[ "vps6" "vps7" "nas" "surface" ]);
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
overlays.default = final: prev:
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); };
config.archive = false;
};
}

18
local/pkgs/citation-style-language/default.nix
View File

@@ -1,22 +1,14 @@
{ stdenvNoCC, texlive, fetchFromGitHub }: stdenvNoCC.mkDerivation (finalAttrs: rec
{ stdenvNoCC, texlive, src }: stdenvNoCC.mkDerivation (finalAttrs:
{
pname = "citation-style-language";
version = "0.4.5";
passthru = {
name = "citation-style-language";
inherit src;
passthru =
{
pkgs = [ finalAttrs.finalPackage ];
tlDeps = with texlive; [ latex ];
tlType = "run";
};
src = fetchFromGitHub
{
owner = "zepinglee";
repo = "citeproc-lua";
rev = "v${version}";
sha256 = "XH+GH+t/10hr4bfaod8F9JPxmBnAQlDmpSvQNDQsslM=";
fetchSubmodules = true;
};
nativeBuildInputs = [ texlive.combined.scheme-full ];
dontConfigure = true;
dontBuild = true;

13
local/pkgs/concurrencpp/default.nix
View File

@@ -1,13 +1,6 @@
{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec
{ stdenv, cmake, src }: stdenv.mkDerivation
{
pname = "concurrencpp";
version = "0.1.7";
src = fetchFromGitHub
{
owner = "David-Haim";
repo = "concurrencpp";
rev = "v.${version}";
sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
};
name = "concurrencpp";
inherit src;
nativeBuildInputs = [ cmake ];
}

10
local/pkgs/cppcoro/default.nix
View File

@@ -1,13 +1,7 @@
{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation
{ stdenv, cmake, src }: stdenv.mkDerivation
{
name = "cppcoro";
src = fetchFromGitHub
{
owner = "Garcia6l20";
repo = "cppcoro";
rev = "e1d53e620b0eee828915ada179cd7ca8e66ca855";
sha256 = "luBkf1x5kqXaVbQM01yWRmA5QvrQNZkFVCjRctJdnXc=";
};
inherit src;
nativeBuildInputs = [ cmake ];
patches = [ ./cppcoro-include-utility.patch ];
}

11
local/pkgs/date/default.nix
View File

@@ -1,18 +1,13 @@
{ stdenv, fetchFromGitHub }: stdenv.mkDerivation
{ stdenv, src }: stdenv.mkDerivation
{
name = "date";
src = fetchFromGitHub
{
owner = "HowardHinnant";
repo = "date";
rev = "cc4685a21e4a4fdae707ad1233c61bbaff241f93";
sha256 = "KilhBEeLMvHtS76Gu0UhzE8lhS1+sCwQ1UL4pswKXTs=";
};
inherit src;
phases = [ "installPhase" ];
installPhase =
''
runHook preInstall
mkdir -p $out
cp -r $src/{include,src} $out
runHook postInstall
'';
}

28
local/pkgs/default.nix
View File

@@ -1,10 +1,10 @@
{ lib, pkgs }: with pkgs; rec
{ lib, pkgs, topInputs }: with pkgs; rec
{
typora = callPackage ./typora {};
vesta = callPackage ./vesta {};
oneapi = callPackage ./oneapi {};
rsshub = callPackage ./rsshub {};
misskey = callPackage ./misskey { nodejs = nodejs_21; };
rsshub = callPackage ./rsshub { src = topInputs.rsshub; };
misskey = callPackage ./misskey { nodejs = nodejs_21; src = topInputs.misskey; };
mk-meili-mgn = callPackage ./mk-meili-mgn {};
# vasp = callPackage ./vasp
# {
@@ -18,28 +18,28 @@
openmpi = pkgs.openmpi.override { cudaSupport = false; };
};
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
v_sim = callPackage ./v_sim {};
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
v-sim = callPackage ./v-sim { src = topInputs.v-sim; };
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; src = topInputs.concurrencpp; };
eigengdb = python3Packages.callPackage ./eigengdb {};
nodesoup = callPackage ./nodesoup {};
matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup glad; };
zpp-bits = callPackage ./zpp-bits {};
eigen = callPackage ./eigen {};
nameof = callPackage ./nameof {};
nodesoup = callPackage ./nodesoup { src = topInputs.nodesoup; };
matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup glad; src = topInputs.matplotplusplus; };
zpp-bits = callPackage ./zpp-bits { src = topInputs.zpp-bits; };
eigen = callPackage ./eigen { src = topInputs.eigen; };
nameof = callPackage ./nameof { src = topInputs.nameof; };
pslist = callPackage ./pslist {};
glad = callPackage ./glad {};
chromiumos-touch-keyboard = callPackage ./chromiumos-touch-keyboard {};
yoga-support = callPackage ./yoga-support {};
tgbot-cpp = callPackage ./tgbot-cpp {};
tgbot-cpp = callPackage ./tgbot-cpp { src = topInputs.tgbot-cpp; };
biu = callPackage ./biu { inherit concurrencpp tgbot-cpp nameof; stdenv = gcc13Stdenv; };
citation-style-language = callPackage ./citation-style-language {};
citation-style-language = callPackage ./citation-style-language { src = topInputs.citation-style-language; };
mirism = callPackage ./mirism
{
inherit cppcoro nameof tgbot-cpp date;
nghttp2 = nghttp2-2305.override { enableAsioLib = true; };
};
cppcoro = callPackage ./cppcoro {};
date = callPackage ./date {};
cppcoro = callPackage ./cppcoro { src = topInputs.cppcoro; };
date = callPackage ./date { src = topInputs.date; };
esbonio = python3Packages.callPackage ./esbonio {};
pix2tex = python3Packages.callPackage ./pix2tex {};
pyreadline3 = python3Packages.callPackage ./pyreadline3 {};

10
local/pkgs/eigen/default.nix
View File

@@ -1,12 +1,6 @@
{ lib, stdenv, fetchFromGitLab, cmake }: stdenv.mkDerivation rec
{ lib, stdenv, cmake, src }: stdenv.mkDerivation
{
name = "eigen";
src = fetchFromGitLab
{
owner = "libeigen";
repo = name;
rev = "6d829e766ff1b1ab867d93631163cbc63ed5798f";
sha256 = "BXUnizcRPrOyiPpoyYJ4VVOjlG49aj80mgzPKmEYPKU=";
};
inherit src;
nativeBuildInputs = [ cmake ];
}

4
local/pkgs/esbonio/default.nix
View File

@@ -1,11 +1,11 @@
{ lib, fetchPypi, buildPythonPackage }: buildPythonPackage rec
{
pname = "esbonio";
version = "0.16.3";
version = "0.16.4";
src = fetchPypi
{
inherit pname version;
sha256 = "1ggxdzl95fy0zxpyd1pcylhif1x604wk4wy7sv9322hc84b708zx";
sha256 = "1MBNBLCEBD6HtlxEASc4iZaXYyNdih2MIHoxK84jMdI=";
};
doCheck = false;
}

13
local/pkgs/matplotplusplus/default.nix
View File

@@ -1,17 +1,10 @@
{
stdenv, fetchFromGitHub, cmake, pkg-config, substituteAll,
stdenv, src, cmake, pkg-config, substituteAll,
gnuplot, libjpeg, libtiff, zlib, libpng, lapack, blas, fftw, opencv, nodesoup, cimg, glfw, libGL, python3, glad
}: stdenv.mkDerivation
{
pname = "matplotplusplus";
version = "1.2.0";
src = fetchFromGitHub
{
owner = "alandefreitas";
repo = "matplotplusplus";
rev = "a40344efa9dc5ea0c312e6e9ef4eb7238d98dc12";
sha256 = "6/dH/Rl2aAb8b+Ji5LwzkC+GWPOCBnYCrjy0qk8u/+I=";
};
name = "matplotplusplus";
inherit src;
cmakeFlags =
[
"-DBUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_EXAMPLES=OFF"

2
local/pkgs/mirism/default.nix
View File

@@ -8,7 +8,7 @@
src = requireFile
{
inherit name;
sha256 = "1q3f4q4ln9dz68dfc35jybgv861f7acqiiykkm7jxviz8jdgn8c7";
sha256 = "0f50pvdafhlmrlbf341mkp9q50v4ld5pbx92d2w1633f18zghbzf";
hashMode = "recursive";
message = "Source file not found.";
};

19
local/pkgs/misskey/default.nix
View File

@@ -1,21 +1,12 @@
{
lib, stdenv, mkPnpmPackage, fetchFromGitHub, fetchurl, nodejs, writeShellScript, buildFHSEnv,
bash, cypress, vips, pkg-config
lib, stdenv, mkPnpmPackage, fetchurl, nodejs, writeShellScript, buildFHSEnv,
bash, cypress, vips, pkg-config, src
}:
let
pname = "misskey";
version = "2023.12.2";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "misskey";
rev = "cd1d0ab06eb6b7e06afdfae9a12b2d2829564229";
hash = "sha256-sKEZ1ZpyA/02CNwiOMIOS5f/csx6ELDwCVJYc+oMChM=";
fetchSubmodules = true;
};
name = "misskey";
originalPnpmPackage = mkPnpmPackage
{
inherit pname version src nodejs;
inherit name src nodejs;
copyPnpmStore = true;
};
startScript = writeShellScript "misskey"
@@ -28,7 +19,7 @@ let
in
stdenv.mkDerivation rec
{
inherit version src pname;
inherit src name;
buildInputs =
[
bash nodejs nodejs.pkgs.typescript nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress vips pkg-config

13
local/pkgs/nameof/default.nix
View File

@@ -1,14 +1,7 @@
{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
{ lib, stdenv, src }: stdenv.mkDerivation
{
pname = "nameof";
version = "0.10.3";
src = fetchFromGitHub
{
owner = "Neargye";
repo = pname;
rev = "v${version}";
sha256 = "eHG0Y/BQGbwTrBHjq9SeSiIXaVqWp7PxIq7vCIECYPk=";
};
name = "nameof";
inherit src;
phases = [ "installPhase" ];
installPhase =
''

10
local/pkgs/nodesoup/default.nix
View File

@@ -1,13 +1,7 @@
{ stdenv, fetchFromGitHub, cmake, pkg-config, cairo, pcre2, xorg }: stdenv.mkDerivation rec
{ stdenv, src, cmake, pkg-config, cairo, pcre2, xorg }: stdenv.mkDerivation
{
name = "nodesoup";
src = fetchFromGitHub
{
owner = "olvb";
repo = "nodesoup";
rev = "3158ad082bb0cd1abee75418b12b35522dbca74f";
sha256 = "tFLq6QC3U3uvcuWsdRy2wnwcmAfH2MkI2oMcAiUBHSo=";
};
inherit src;
buildInputs = [ cairo pcre2.dev xorg.libXdmcp.dev ];
nativeBuildInputs = [ cmake pkg-config ];
}

11
local/pkgs/rsshub/default.nix
View File

@@ -1,16 +1,9 @@
{
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs, writeShellScript,
chromium, bash
lib, stdenv, mkPnpmPackage, nodejs, writeShellScript,
chromium, bash, src
}:
let
name = "rsshub";
src = fetchFromGitHub
{
owner = "DIYgod";
repo = "RSSHub";
rev = "38a5b0c193bf77d71c4eea33db6e76bc8b565d0b";
hash = "sha256-gJsT9W2fFiy2IG89E5th49DpBHsPMfsdONyzAKDG48c=";
};
originalPnpmPackage = mkPnpmPackage { inherit name src nodejs; };
nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
rsshub-unwrapped = stdenv.mkDerivation

13
local/pkgs/tgbot-cpp/default.nix
View File

@@ -1,14 +1,7 @@
{ stdenv, fetchFromGitHub, cmake, pkg-config, boost, openssl, zlib, curl }: stdenv.mkDerivation rec
{ stdenv, src, cmake, pkg-config, boost, openssl, zlib, curl }: stdenv.mkDerivation rec
{
pname = "tgbot-cpp";
version = "1.7.2";
src = fetchFromGitHub
{
owner = "reo7sp";
repo = "tgbot-cpp";
rev = "v${version}";
sha256 = "TKirSxEUqFB1WtzNEfU4EJK3p7V5xcFIvA2+QVX7TlA=";
};
name = "tgbot-cpp";
inherit src;
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ boost openssl zlib curl.dev ];
propagatedBuildInputs = buildInputs;

4
local/pkgs/typora/default.nix
View File

@@ -3,11 +3,11 @@ let
typora-dist = stdenv.mkDerivation rec
{
pname = "typora-dist";
version = "1.7.6";
version = "1.8.2-dev";
src = fetchurl
{
url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
sha256 = "19xgv83zk3mhniswwrb341sr9j4sb9pqy47jamrmkc3w8famxpd3";
sha256 = "0abi9m8h8k0228ajag26lxk756a7aqqixg608k85gnkdmibnq6mv";
};
dontFixup = true;

13
local/pkgs/v_sim/default.nix → local/pkgs/v-sim/default.nix
View File

@@ -1,19 +1,12 @@
{
stdenv, lib, fetchFromGitLab,
stdenv, lib, src,
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
glib, gtk3, epoxy, libyaml
}:
stdenv.mkDerivation
{
pname = "v_sim";
version = "3.8.0_p20230824";
src = fetchFromGitLab
{
owner = "l_sim";
repo = "v_sim";
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
};
name = "v-sim";
inherit src;
buildInputs = [ glib gtk3 epoxy libyaml ];
nativeBuildInputs =
[

13
local/pkgs/zpp-bits/default.nix
View File

@@ -1,14 +1,7 @@
{ stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
{ stdenv, src }: stdenv.mkDerivation
{
pname = "zpp-bits";
version = "4.4.19";
src = fetchFromGitHub
{
owner = "eyalz800";
repo = "zpp_bits";
rev = "v${version}";
sha256 = "ejIwrvCFALuBQbQhTfzjBb11oMR/akKnboB60GWbjlQ=";
};
inherit src;
name = "zpp-bits";
phases = [ "installPhase" ];
installPhase =
''

1
modules/bugs/default.nix
View File

@@ -80,6 +80,7 @@ inputs:
firefox.programs.firefox.enable = inputs.lib.mkForce false;
power.boot.kernelParams = [ "cpufreq.default_governor=powersave" ];
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
};
in
{

6
modules/hardware/default.nix
View File

@@ -109,7 +109,7 @@ inputs:
{
intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
nvidia = [ vaapiVdpau ];
amd = [];
amd = [ amdvlk rocmPackages.clr rocmPackages.clr.icd ];
};
in
concatLists (map (gpu: packages.${gpu}) hardware.gpus);
@@ -126,7 +126,8 @@ inputs:
};
}
)
(mkIf (builtins.elem "intel" hardware.gpus) { services.xserver.deviceSection = ''Driver "modesetting"''; })
(mkIf (builtins.elem "intel" hardware.gpus) { services.xserver.videoDrivers = [ "modesetting" ]; })
(mkIf (builtins.elem "amd" hardware.gpus) { services.xserver.videoDrivers = [ "modesetting" ]; })
# prime
(
mkIf hardware.prime.enable
@@ -151,7 +152,6 @@ inputs:
prime = listToAttrs
(map (gpu: { inherit (gpu) value; name = "${gpu.name}BusId"; }) (attrsToList hardware.prime.busId));
}
];
}
)

15
modules/packages/desktop-fat/default.nix
View File

@@ -17,7 +17,7 @@ inputs:
_packages =
[
# system management
etcher btrfs-assistant snapper-gui libsForQt5.qtstyleplugin-kvantum
etcher btrfs-assistant snapper-gui libsForQt5.qtstyleplugin-kvantum ventoy-full
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden
# download
@@ -25,7 +25,8 @@ inputs:
# development
scrcpy weston cage openbox krita
# media
spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
waifu2x-converter-cpp inkscape blender
# editor
localPackages.typora
# themes
@@ -33,13 +34,17 @@ inputs:
# news
fluent-reader
# nix tools
deploy-rs.deploy-rs nixpkgs-fmt
deploy-rs.deploy-rs nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps
nix-prefetch-docker
# instant messager
element-desktop telegram-desktop discord fluffychat
element-desktop telegram-desktop discord fluffychat zoom-us signal-desktop slack nur-linyinfeng.wemeet
# browser
google-chrome
# office
crow-translate zotero pandoc ydict
crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
(texlive.combine { inherit (texlive) scheme-full; inherit (localPackages) citation-style-language; })
# math, physics and chemistry
octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
};
};

24
modules/packages/desktop/default.nix
View File

@@ -11,15 +11,26 @@ inputs:
packages._packages = with inputs.pkgs;
[
# system management
gparted wl-clipboard-x11 kio-fuse
wayland-utils clinfo glxinfo vulkan-tools dracut
gparted kio-fuse wayland-utils clinfo glxinfo vulkan-tools dracut
(
writeShellScriptBin "xclip"
''
#!${bash}/bin/bash
if [ "$XDG_SESSION_TYPE" = "x11" ]; then
exec ${xclip}/bin/xclip "$@"
else
exec ${wl-clipboard-x11}/bin/xclip "$@"
fi
''
)
# color management
argyllcms xcalib
# networking
remmina putty mtr-gui
# media
mpv nomacs
# themes
tela-circle-icon-theme
firefoxpwa
];
users.sharedModules =
[{
@@ -34,12 +45,7 @@ inputs:
{
adb.enable = true;
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
firefox =
{
enable = true;
languagePacks = [ "zh-CN" "en-US" ];
nativeMessagingHosts.packages = [ inputs.pkgs.firefoxpwa ];
};
firefox = { enable = true; languagePacks = [ "zh-CN" "en-US" ]; };
vim.package = inputs.pkgs.vim-full;
};
nixpkgs.config.packageOverrides = pkgs:

2
modules/packages/server/default.nix
View File

@@ -25,7 +25,7 @@ inputs:
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch localPackages.pslist
fastfetch reptyr
# lsxx
pciutils usbutils lshw util-linux lsof
pciutils usbutils lshw util-linux lsof dmidecode
# top
iotop iftop htop btop powertop s-tui
# editor

6
modules/packages/server/ssh/default.nix
View File

@@ -41,6 +41,11 @@ inputs:
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
hostnames = [ "initrd.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" ];
};
surface =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdm3DcfHdcLP0oSpVrWwIZ/b9lZuakBSPwCFz2BdTJ7";
hostnames = [ "192.168.1.166" ];
};
pc =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
@@ -161,6 +166,7 @@ inputs:
// {
xmupc1 = { host = "xmupc1"; hostname = "office.chn.moe"; port = 6007; };
nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
surface = { host = "surface"; hostname = "192.168.1.166"; };
gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
};
};

1
modules/packages/server/ssh/surface_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJAyDl52UVGFPTV/rXFERrXAMY5qZ3g+tpg9HOGdw86G4Nr8Xp/cTxZjF4kSfIkSrGblAV9Lm4US0fW3pGOQu5qQrSAENxqHxdlEyzt7izyF2CklDUeTjs3KHOIZMvSli4z014NPcswBbjwB9Lyrw0fCQ9P1vYkrUHEzL2SMxdack1EQPcMF4MxblDqc+eQhdMCkKE8T1Cb1ZqxeLVMPn9CwjG18JoxL+/xs+MjcsSXYWcoqYTfgfhguMbh0D4Eo32MHS/IzRSxnOHJxhG5xYePcyBlb/CxQuYA+RTqKNE85j7GcL2oEmeZ1b++/9qFT9grwVh+UOBRO2xiMzKDF24nXPJ+eLyd6Z/3swGT4rTVDnrXV5eZUkWLHN093IdLJCTtPVrKV9OxEKr5sU2W0edpirNrlGq7/MYkJX9EbQctDFA69XfQkZlGK9xGutqSgEaVlY54fS0Due+NDrNBPfMKJ9MTmFDOY+NYn05El2rMD39OKbGbCR5ASwSSBlcQeE=

19
modules/packages/workstation/default.nix
View File

@@ -14,27 +14,21 @@ inputs:
# password and key management
electrum jabref
# system management
wl-mirror ventoy-full
wl-mirror
# nix tools
nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
nix-prefetch-docker pnpm-lock-export bundix
nix-template nil nix-alien pnpm-lock-export bundix
# instant messager
zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack nur-linyinfeng.wemeet
cinny-desktop nheko
# office
libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
(texlive.combine { inherit (texlive) scheme-full; inherit (localPackages) citation-style-language; })
qq nur-xddxdd.wechat-uos cinny-desktop nheko
# development
jetbrains.clion android-studio dbeaver cling clang-tools_16 ccls fprettify aircrack-ng
# media
nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
nur-xddxdd.svp
# virtualization
wineWowPackages.stagingFull virt-viewer bottles # wine64
# text editor
appflowy notion-app-enhanced joplin-desktop standardnotes logseq
# math, physics and chemistry
mathematica octaveFull root ovito paraview localPackages.vesta # qchem.quantum-espresso
localPackages.vasp localPackages.vaspkit jmol localPackages.v_sim
mathematica paraview localPackages.vasp jmol # qchem.quantum-espresso
# encryption and password management
john crunch hashcat
# container and vm
@@ -43,13 +37,14 @@ inputs:
microsoft-edge
# news
rssguard newsflash newsboat
yuzu-early-access
];
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy tensorflow keras openai scipy scikit-learn jupyterlab autograd
# localPackages.pix2tex
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2 localPackages.eigengdb
certifi charset-normalizer idna orjson psycopg2
])];
_prebuildPackages =
[

12
modules/services/beesd.nix
View File

@@ -8,8 +8,14 @@ inputs:
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule { options =
{ device = mkOption { type = types.nonEmptyStr; }; hashTableSizeMB = mkOption { type = types.int; }; };})
(types.submodule
{
options =
{
device = mkOption { type = types.nonEmptyStr; };
hashTableSizeMB = mkOption { type = types.ints.unsigned; default = 1024; };
threads = mkOption { type = types.ints.unsigned; default = 1; };
};})
]);
default = {};
};
@@ -30,7 +36,7 @@ inputs:
{
spec = instance.value.device or instance.value;
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
extraOptions = [ "--thread-count" "1" "--scan-mode" "3" ];
extraOptions = [ "--thread-count" "${toString instance.value.threads or 1}" "--scan-mode" "3" ];
};
})
(attrsToList beesd.instances));

101
modules/services/wireguard.nix
View File

@@ -3,45 +3,88 @@ inputs:
options.nixos.services.wireguard = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
peers = mkOption { type = types.nonEmptyListOf types.nonEmptyStr; default = []; };
# wg genkey | wg pubkey
publicKey = mkOption { type = types.nonEmptyStr; };
wireguardIp = mkOption { type = types.nonEmptyStr; };
externalIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
lighthouse = mkOption { type = types.bool; default = false; };
behindNat = mkOption
{
type = types.bool;
default = inputs.config.nixos.services.xray.client.enable;
};
listenIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
# if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820
listenPort = mkOption
{
type = types.ints.unsigned;
default = if inputs.config.nixos.services.wireguard.behindNat then 51821 else 51820;
};
wireguardIp = mkOption { type = types.nonEmptyStr; };
peers = mkOption { type = types.nonEmptyListOf types.nonEmptyStr; default = []; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.lib) mkIf mkMerge;
inherit (inputs.config.nixos.services) wireguard;
inherit (builtins) map toString;
in mkIf wireguard.enable
{
networking =
let
# if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820
port = 51820 + (if inputs.config.nixos.services.xrayClient.enable then 1 else 0);
in
inherit (builtins) map toString listToAttrs filter;
in mkMerge
[
{
assertions =
[{
assertion = !wireguard.behindNat -> wireguard.listenIp != null;
message = "wireguard.listenIp should be not null when behindNat is false.";
}];
}
(
mkIf wireguard.enable
{
firewall = { allowedUDPPorts = [ port ]; trustedInterfaces = [ "wireguard" ]; };
wireguard.interfaces.wireguard =
networking =
{
ips = [ "${wireguard.wireguardIp}/24" ];
listenPort = port;
privateKeyFile = inputs.config.sops.secrets."wireguard/privateKey".path;
peers = map
firewall = { allowedUDPPorts = [ wireguard.listenPort ]; trustedInterfaces = [ "wireguard" ]; };
wireguard.interfaces.wireguard =
{
ips = [ "${wireguard.wireguardIp}/24" ];
inherit (wireguard) listenPort;
privateKeyFile = inputs.config.sops.secrets."wireguard/privateKey".path;
peers = map
(peer:
{
publicKey = peer.publicKey;
allowedIPs = [ (if peer.lighthouse then "192.168.83.0/24" else "${peer.wireguardIp}/32") ];
endpoint = mkIf (!peer.behindNat) "${peer.listenIp}:${builtins.toString peer.listenPort}";
persistentKeepalive = 3;
})
(map
(peer: inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard)
wireguard.peers);
};
};
sops.secrets."wireguard/privateKey" = {};
# somehow fix wireguard connection
systemd.services = mkIf wireguard.behindNat (listToAttrs (map
(peer:
{
name = "wireguard-ping-${peer.name}";
value =
{
description = "ping ${peer.name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
ExecStart = "${inputs.pkgs.iputils}/bin/ping -i 3 ${peer.value.wireguardIp}";
Restart = "always";
};
};
})
(filter (peer: !peer.value.behindNat) (map
(peer:
{
publicKey = peer.publicKey;
allowedIPs = [ (if peer.lighthouse then "192.168.83.0/24" else "${peer.wireguardIp}/32") ];
endpoint = mkIf (peer.externalIp != null) "${peer.externalIp}:51820";
persistentKeepalive = 3;
name = peer;
value = inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard;
})
(map
(peer: inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard)
wireguard.peers);
};
};
sops.secrets."wireguard/privateKey" = {};
};
wireguard.peers))));
}
)
];
}

41
modules/services/xray.nix
View File

@@ -1,8 +1,8 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
options.nixos.services.xray = let inherit (inputs.lib) mkOption types; in
{
xrayClient =
client =
{
enable = mkOption { type = types.bool; default = false; };
serverAddress = mkOption { type = types.nonEmptyStr; };
@@ -13,7 +13,7 @@ inputs:
extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
}; }; };
};
xrayServer =
server =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
@@ -23,12 +23,19 @@ inputs:
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos.services) xrayClient xrayServer;
inherit (inputs.config.nixos.services) xray;
inherit (builtins) map listToAttrs toString genList length concatStringsSep;
in mkMerge
[
{
assertions =
[{
assertion = !(xray.client.enable && xray.server.enable);
message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
}];
}
(
mkIf xrayClient.enable
mkIf xray.client.enable
{
services =
{
@@ -40,14 +47,10 @@ inputs:
no-poll = true;
log-queries = true;
server = [ "127.0.0.1#10853" ];
interface = xrayClient.dns.extraInterfaces ++ [ "lo" ];
interface = xray.client.dns.extraInterfaces ++ [ "lo" ];
bind-dynamic = true;
ipset =
[
"/developer.download.nvidia.com/noproxy_net"
"/yuanshen.com/noproxy_net"
];
address = map (host: "/${host.name}/${host.value}") (attrsToList xrayClient.dns.hosts);
ipset = [ "/yuanshen.com/noproxy_net" ];
address = map (host: "/${host.name}/${host.value}") (attrsToList xray.client.dns.hosts);
};
};
xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
@@ -130,7 +133,7 @@ inputs:
protocol = "vless";
settings.vnext =
[{
address = xrayClient.serverAddress;
address = xray.client.serverAddress;
port = 443;
users =
[{
@@ -145,7 +148,7 @@ inputs:
security = "reality";
realitySettings =
{
serverName = xrayClient.serverName;
serverName = xray.client.serverName;
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
fingerprint = "firefox";
};
@@ -308,7 +311,7 @@ inputs:
}
)
(
mkIf xrayServer.enable (let userList = genList (n: n) 30; in
mkIf xray.server.enable (let userList = genList (n: n) 30; in
{
services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; };
sops =
@@ -351,7 +354,7 @@ inputs:
realitySettings =
{
dest = "127.0.0.1:${fallbackPort}";
serverNames = [ xrayServer.serverName ];
serverNames = [ xray.server.serverName ];
privateKey = inputs.config.sops.placeholder."xray-server/private-key";
minClientVer = "1.8.0";
shortIds = [ "" ];
@@ -493,12 +496,12 @@ inputs:
};
nixos.services =
{
acme = { enable = true; cert.${xrayServer.serverName}.group = inputs.config.users.users.nginx.group; };
acme = { enable = true; cert.${xray.server.serverName}.group = inputs.config.users.users.nginx.group; };
nginx =
{
enable = true;
transparentProxy.map."${xrayServer.serverName}" = 4726;
https."${xrayServer.serverName}" =
transparentProxy.map."${xray.server.serverName}" = 4726;
https."${xray.server.serverName}" =
{
listen.main = { proxyProtocol = false; addToTransparentProxy = false; };
location."/".return.return = "400";

3
modules/system/default.nix
View File

@@ -16,6 +16,7 @@ inputs:
./sops.nix
./user.nix
./sysctl.nix
./envfs.nix
];
config =
{
@@ -24,7 +25,7 @@ inputs:
boot =
{
supportedFilesystems = [ "ntfs" ];
consoleLogLevel = 7;
# consoleLogLevel = 7;
};
hardware.enableAllFirmware = true;
environment.sessionVariables = rec

12
modules/system/envfs.nix Normal file
View File

@@ -0,0 +1,12 @@
inputs:
{
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = true; };
};
config = inputs.lib.mkMerge
[
(builtins.elemAt inputs.topInputs.envfs.nixosModules.envfs.imports 0 inputs)
{ environment.variables.ENVFS_RESOLVE_ALWAYS = "1"; }
];
}

104
modules/system/grub.nix
View File

@@ -7,44 +7,78 @@ inputs:
# "efi" using efi, "efiRemovable" using efi with install grub removable, or dev path like "/dev/sda" using bios
installDevice = mkOption { type = types.str; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.localLib) mkConditional attrsToList stripeTabs;
inherit (inputs.config.nixos.system) grub;
inherit (builtins) concatStringsSep map;
in { boot.loader =
config = let inherit (inputs.config.nixos.system) grub; in inputs.lib.mkMerge
[
# general settings
{ boot.loader.grub = { enable = true; useOSProber = false; }; }
# grub timeout
{ boot.loader.timeout = grub.timeout; }
# grub install
{
timeout = grub.timeout;
grub =
boot.loader =
{
enable = true;
useOSProber = false;
extraEntries = concatStringsSep "\n" (map
(system:
''
menuentry "${system.value}" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root ${system.name}
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'')
(attrsToList grub.windowsEntries));
device =
if grub.installDevice == "efi" || grub.installDevice == "efiRemovable" then "nodev"
else grub.installDevice;
efiSupport = grub.installDevice == "efi" || grub.installDevice == "efiRemovable";
efiInstallAsRemovable = grub.installDevice == "efiRemovable";
grub =
{
device = if builtins.elem grub.installDevice [ "efi" "efiRemovable" ] then "nodev" else grub.installDevice;
efiSupport = builtins.elem grub.installDevice [ "efi" "efiRemovable" ];
efiInstallAsRemovable = grub.installDevice == "efiRemovable";
};
efi =
{
canTouchEfiVariables = grub.installDevice == "efi";
efiSysMountPoint = inputs.lib.mkIf (builtins.elem grub.installDevice [ "efi" "efiRemovable" ]) "/boot/efi";
};
};
efi =
}
# extra grub entries
{
boot.loader.grub =
{
canTouchEfiVariables = grub.installDevice == "efi";
efiSysMountPoint =
if grub.installDevice == "efi" || grub.installDevice == "efiRemovable" then "/boot/efi"
else inputs.options.boot.loader.efi.efiSysMountPoint.default;
memtest86.enable = true;
extraFiles = inputs.lib.mkIf (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
{ "shell.efi" = "${inputs.pkgs.edk2-uefi-shell}/shell.efi"; };
extraEntries = inputs.lib.mkMerge (builtins.concatLists
[
(builtins.map
(system:
''
menuentry "${system.value}" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root ${system.name}
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'')
(inputs.localLib.attrsToList grub.windowsEntries))
[
''
menuentry "System shutdown" {
echo "System shutting down..."
halt
}
menuentry "System restart" {
echo "System rebooting..."
reboot
}
''
(
inputs.lib.optionalString (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
''
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
menuentry "UEFI Shell" {
insmod fat
insmod chain
chainloader @bootRoot@/shell.efi
}
''
)
]
]);
};
};};
}
];
}

2
modules/system/impermanence.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
options.nixos.system.impermanence = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
enable = mkOption { type = types.bool; default = true; };
persistence = mkOption { type = types.nonEmptyStr; default = "/nix/persistent"; };
root = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs/current"; };
nodatacow = mkOption { type = types.nullOr types.nonEmptyStr; default = "/nix/nodatacow"; };

113
modules/system/nix.nix
View File

@@ -4,61 +4,82 @@ inputs:
{
# marches allowed to be compiled on this machine
marches = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
keepOutputs = mkOption { type = types.bool; default = false; };
includeBuildDependencies = mkOption { type = types.bool; default = inputs.topInputs.self.config.archive; };
substituters = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
autoOptimiseStore = mkOption { type = types.bool; default = true; };
autoOptimiseStore = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.config.nixos.system) nix;
in
config = let inherit (inputs.config.nixos.system) nix; in inputs.lib.mkMerge
[
# general nix config
{
nix.settings =
{
nix =
system-features = [ "big-parallel" "nixos-test" "benchmark" ];
experimental-features = [ "nix-command" "flakes" ];
keep-failed = true;
max-substitution-jobs = 1;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
show-trace = true;
max-jobs = 1;
cores = 0;
keep-going = true;
};
systemd.services.nix-daemon = { serviceConfig.CacheDirectory = "nix"; environment.TMPDIR = "/var/cache/nix"; };
}
# nix daemon use lower io/cpu priority
{
nix = { daemonIOSchedClass = "idle"; daemonCPUSchedPolicy = "idle"; };
systemd.services.nix-daemon.serviceConfig = { Slice = "-.slice"; Nice = "19"; };
}
# nix channel & nix flake registry
{
nix =
{
registry =
{
settings =
{
system-features = [ "big-parallel" "nixos-test" "benchmark" ] ++ (map
(march: "gccarch-${march}")
(
if nix.marches == null then
(with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ])
else nix.marches
));
experimental-features = [ "nix-command" "flakes" ];
keep-outputs = nix.keepOutputs;
keep-failed = true;
auto-optimise-store = nix.autoOptimiseStore;
substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
show-trace = true;
max-jobs = 2;
cores = 0;
keep-going = true;
};
daemonIOSchedClass = "idle";
daemonCPUSchedPolicy = "idle";
registry =
{
nixpkgs.flake = inputs.topInputs.nixpkgs;
nixpkgs-unstable.flake = inputs.topInputs.nixpkgs-unstable;
nixos.flake = inputs.topInputs.self;
};
nixPath = [ "nixpkgs=${inputs.topInputs.nixpkgs}" ];
nixpkgs.flake = inputs.topInputs.nixpkgs;
nixpkgs-unstable.flake = inputs.topInputs.nixpkgs-unstable;
nixos.flake = inputs.topInputs.self;
};
systemd.services.nix-daemon =
{
serviceConfig = { CacheDirectory = "nix"; Slice = "-.slice"; Nice = "19"; };
environment = { TMPDIR = "/var/cache/nix"; };
};
environment.etc =
nixPath = [ "nixpkgs=${inputs.topInputs.nixpkgs}" ];
};
environment =
{
etc =
{
"channels/nixpkgs".source = inputs.topInputs.nixpkgs.outPath;
"channels/nixpkgs-unstable".source = inputs.topInputs.nixpkgs-unstable.outPath;
"nixos".source = inputs.topInputs.self.outPath;
};
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
# gui.enable
variables.COMMA_NIXPKGS_FLAKE = "nixpkgs-unstable";
};
}
# marches
{
nix.settings.system-features = map
(march: "gccarch-${march}")
(
if nix.marches == null then
(with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ])
else nix.marches
);
}
# includeBuildDependencies
{
nix.settings.keep-outputs = nix.includeBuildDependencies;
system.includeBuildDependencies = nix.includeBuildDependencies;
}
# substituters
{
nix.settings.substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
}
# autoOptimiseStore
{
nix.settings.auto-optimise-store = nix.autoOptimiseStore;
}
# c++ include path
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
];
}

2
modules/system/nixpkgs.nix
View File

@@ -24,7 +24,7 @@ inputs:
nixpkgs =
let
permittedInsecurePackages =
[ "openssl_1_1" "electron_19" "python2" "electron_12" "electron_24" "zotero" ];
[ "openssl_1_1" "electron_19" "python2" "electron_12" "electron_24" "zotero" "electron_25" ];
hostPlatform = mkConditional (nixpkgs.march != null)
{ system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
"x86_64-linux";

216
modules/users/chn/plasma.nix
View File

@@ -1,104 +1,158 @@
inputs:
{
# plasma-manager is not mature, so only use
config.home-manager.users.chn.config.programs.plasma =
{
enable = true;
shortcuts =
{
shortcuts = inputs.lib.mkMerge
[
# firefox
{ "firefox.desktop"._launch = "Meta+B"; }
# crow translate
"io.crow_translate.CrowTranslate.desktop"."TranslateSelectedText" = "Ctrl+Alt+E";
{ "io.crow_translate.CrowTranslate.desktop".TranslateSelectedText = "Ctrl+Alt+E"; }
# display
"kded5"."display" = [ "Display" "Meta+P" ];
"kwin"."view_actual_size" = "Meta+0";
"kwin"."view_zoom_in" = ["Meta++" "Meta+="];
"kwin"."view_zoom_out" = "Meta+-";
"org_kde_powerdevil"."Decrease Screen Brightness" = "Monitor Brightness Down";
"org_kde_powerdevil"."Increase Screen Brightness" = "Monitor Brightness Up";
# volume
"kmix" =
{
"decrease_volume" = "Volume Down";
"increase_volume" = "Volume Up";
"mic_mute" = [ "Meta+Volume Mute" ];
"mute" = "Volume Mute";
};
kded5.display = [ "Display" "Meta+P" ];
kwin = { view_actual_size = "Meta+0"; view_zoom_in = [ "Meta++" "Meta+=" ]; view_zoom_out = "Meta+-"; };
org_kde_powerdevil =
{
"Decrease Screen Brightness" = "Monitor Brightness Down";
"Increase Screen Brightness" = "Monitor Brightness Up";
};
}
# volume
{
kmix =
{
decrease_volume = "Volume Down";
increase_volume = "Volume Up";
mic_mute = [ "Meta+Volume Mute" ];
mute = "Volume Mute";
};
}
# session
"ksmserver"."Lock Session" = [ "Meta+L" "Screensaver" ];
"ksmserver"."Log Out" = "Ctrl+Alt+Del";
"org_kde_powerdevil"."Turn Off Screen" = "Meta+Ctrl+L";
# mouse
"kwin"."MoveMouseToCenter" = "Meta+F6";
{
ksmserver = { "Lock Session" = [ "Meta+L" "Screensaver" ]; "Log Out" = "Ctrl+Alt+Del"; };
org_kde_powerdevil."Turn Off Screen" = "Meta+Ctrl+L";
}
# window
"kwin"."Overview" = "Meta+Tab";
"kwin"."Show Desktop" = "Meta+D";
"kwin"."Suspend Compositing" = "Alt+Shift+F12";
"kwin"."Walk Through Windows" = "Alt+Tab";
"kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Backtab";
"kwin"."Window Above Other Windows" = "Meta+Shift+PgUp";
"kwin"."Window Below Other Windows" = "Meta+Shift+PgDown";
"kwin"."Window Close" = "Alt+F4";
"kwin"."Window Maximize" = "Meta+PgUp";
"kwin"."Window Minimize" = "Meta+PgDown";
"kwin"."Window Operations Menu" = "Alt+F3";
"kwin"."Window Quick Tile Bottom" = "Meta+Down";
"kwin"."Window Quick Tile Left" = "Meta+Left";
"kwin"."Window Quick Tile Right" = "Meta+Right";
"kwin"."Window Quick Tile Top" = "Meta+Up";
{
kwin =
{
Overview = "Meta+Tab";
"Show Desktop" = "Meta+D";
"Suspend Compositing" = "Alt+Shift+F12";
"Walk Through Windows" = "Alt+Tab";
"Walk Through Windows (Reverse)" = "Alt+Shift+Backtab";
"Window Above Other Windows" = "Meta+Shift+PgUp";
"Window Below Other Windows" = "Meta+Shift+PgDown";
"Window Close" = "Alt+F4";
"Window Maximize" = "Meta+PgUp";
"Window Minimize" = "Meta+PgDown";
"Window Operations Menu" = "Alt+F3";
"Window Quick Tile Bottom" = "Meta+Down";
"Window Quick Tile Left" = "Meta+Left";
"Window Quick Tile Right" = "Meta+Right";
"Window Quick Tile Top" = "Meta+Up";
};
}
# virtual desktop
"kwin"."Switch One Desktop Down" = "Meta+Ctrl+Down";
"kwin"."Switch One Desktop Up" = "Meta+Ctrl+Up";
"kwin"."Switch One Desktop to the Left" = "Meta+Ctrl+Left";
"kwin"."Switch One Desktop to the Right" = "Meta+Ctrl+Right";
"kwin"."Window One Desktop Down" = "Meta+Ctrl+Shift+Down";
"kwin"."Window One Desktop Up" = "Meta+Ctrl+Shift+Up";
"kwin"."Window One Desktop to the Left" = "Meta+Ctrl+Shift+Left";
"kwin"."Window One Desktop to the Right" = "Meta+Ctrl+Shift+Right";
{
kwin =
{
"Switch One Desktop Down" = "Meta+Ctrl+Down";
"Switch One Desktop Up" = "Meta+Ctrl+Up";
"Switch One Desktop to the Left" = "Meta+Ctrl+Left";
"Switch One Desktop to the Right" = "Meta+Ctrl+Right";
"Window One Desktop Down" = "Meta+Ctrl+Shift+Down";
"Window One Desktop Up" = "Meta+Ctrl+Shift+Up";
"Window One Desktop to the Left" = "Meta+Ctrl+Shift+Left";
"Window One Desktop to the Right" = "Meta+Ctrl+Shift+Right";
};
}
# media
"mediacontrol"."nextmedia" = "Media Next";
"mediacontrol"."pausemedia" = "Media Pause";
"mediacontrol"."playpausemedia" = [ "Pause" "Media Play" ];
"mediacontrol"."previousmedia" = "Media Previous";
"mediacontrol"."stopmedia" = "Media Stop";
{
mediacontrol =
{
nextmedia = "Media Next";
pausemedia = "Media Pause";
playpausemedia = [ "Pause" "Media Play" ];
previousmedia = "Media Previous";
stopmedia = "Media Stop";
};
}
# dolphin
"org.kde.dolphin.desktop"."_launch" = "Meta+E";
{ "org.kde.dolphin.desktop"._launch = "Meta+E"; }
# konsole
"org.kde.konsole.desktop"."_launch" = "Ctrl+Alt+T";
{ "org.kde.konsole.desktop"._launch = "Ctrl+Alt+T"; }
# krunner
"org.kde.krunner.desktop"."_launch" = "Alt+Space";
{ "org.kde.krunner.desktop"._launch = "Alt+Space"; }
# screenshot
"org.kde.spectacle.desktop"."ActiveWindowScreenShot" = "Meta+Print";
"org.kde.spectacle.desktop"."CurrentMonitorScreenShot" = [ ];
"org.kde.spectacle.desktop"."FullScreenScreenShot" = "Shift+Print";
"org.kde.spectacle.desktop"."OpenWithoutScreenshot" = [ ];
"org.kde.spectacle.desktop"."RectangularRegionScreenShot" = "Meta+Shift+Print";
"org.kde.spectacle.desktop"."WindowUnderCursorScreenShot" = "Meta+Ctrl+Print";
"org.kde.spectacle.desktop"."_launch" = "Print";
{
"org.kde.spectacle.desktop" =
{
OpenWithoutScreenshot = "Ctrl+Print";
RectangularRegionScreenShot = "Print";
};
}
# settings
"systemsettings.desktop"."_launch" = "Meta+I";
{ "systemsettings.desktop"._launch = "Meta+I"; }
# yakuake
"yakuake"."toggle-window-state" = "Meta+Space";
};
configFile =
{
{ yakuake.toggle-window-state = "Meta+Space"; }
# virt-manager
{ "virt-manager.desktop"._launch = "Meta+V"; }
];
configFile = inputs.lib.mkMerge
[
# baloo
# "baloofilerc"."Basic Settings"."Indexing-Enabled" = false;
# dolphin
"dolphinrc"."General"."ShowFullPath" = true;
"dolphinrc"."PreviewSettings"."Plugins" = "blenderthumbnail,comicbookthumbnail,djvuthumbnail,ebookthumbnail,exrthumbnail,marble_thumbnail_geojson,marble_thumbnail_gpx,jpegthumbnail,marble_thumbnail_kmz,marble_thumbnail_kml,kraorathumbnail,windowsimagethumbnail,windowsexethumbnail,mltpreview,mobithumbnail,opendocumentthumbnail,marble_thumbnail_osm,palathumbcreator,gsthumbnail,rawthumbnail,svgthumbnail,imagethumbnail,fontthumbnail,directorythumbnail,textthumbnail,webarchivethumbnail,ffmpegthumbs,audiothumbnail";
{
dolphinrc =
{
General = { ShowFullPath = true; FilterBar = true; RememberOpenedTabs = false; };
PreviewSettings.Plugins = builtins.concatStringsSep ","
[
"blenderthumbnail"
"comicbookthumbnail"
"djvuthumbnail"
"ebookthumbnail"
"exrthumbnail"
"marble_thumbnail_geojson"
"marble_thumbnail_gpx"
"jpegthumbnail"
"marble_thumbnail_kmz"
"marble_thumbnail_kml"
"kraorathumbnail"
"windowsimagethumbnail"
"windowsexethumbnail"
"mltpreview"
"mobithumbnail"
"opendocumentthumbnail"
"marble_thumbnail_osm"
"palathumbcreator"
"gsthumbnail"
"rawthumbnail"
"svgthumbnail"
"imagethumbnail"
"fontthumbnail"
"directorythumbnail"
"textthumbnail"
"webarchivethumbnail"
"ffmpegthumbs"
"audiothumbnail"
];
};
}
# theme
{
kcminputrc.Mouse.cursorTheme = "breeze_cursors";
}
]
{
"kcminputrc"."Mouse"."cursorTheme" = "breeze_cursors";
"kdeglobals"."KDE"."widgetStyle" = "kvantum";

30
secrets/surface/default.yaml
View File

@@ -1,5 +1,5 @@
xray-client:
uuid: ENC[AES256_GCM,data:WQUDaTeOsY61st6HQKjGKuVoQIy6Gpf0dMzJeIqMUV/4sihj,iv:R6IZzIAmn7rknxD5HWGRE618pdUyEWB0F2tO9+EfunI=,tag:u+50NAK8LwzyUNt0GVyabw==,type:str]
uuid: ENC[AES256_GCM,data:WEBAH3PQM5ahNpH/kvTtcjcJ2GllmmRlBR2oclG6AimGenSg,iv:TMp0WTOe9fuELSZoVGenl5XSZUFoiYUBEMWMn4NFv1g=,tag:GJTE0EELcZkrnGAKLYer1g==,type:str]
sops:
kms: []
gcp_kms: []
@@ -9,23 +9,23 @@ sops:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTmlZdld6eWtrZzVTR1Fs
RXhTczRsOVNrMWIyWm9ud1lzYVJUbGJnc2drCmVKTHlVNXFZUTh5bmlncHA1MmlE
UnovM0tONHBHTkY4TS9FRmRkRFkrcjgKLS0tIGxxbzV4Z09CdWkyY3d1MFBNL2dO
MGFMaGM3WW5LRXd1T2ZPTkpBdWRTR00Ktnuqblw4rS9fXb2CTzY7BjpDK6K1wx97
tV1FeuKcEXpp8AMKOdbKTOznnolI4sTnz2l0iP1m7bk6f9PGNjyQhw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzV1pvWkVGSFg5TVAvRlhu
TnFnMEszcDRWWHlQanAyRkRpQWdqQkdhTzFvCjBqUG4xNFBiRnlSeTNQSmdkVkdD
UlVCQjRFVExuZHdrSnViajZGZ3c2dWsKLS0tIHlQYU5VeGpEQzllMmxLSnJZZzZx
N1R3Mkhxa0dOVlJiU0V2OEZVVzZVMFkKae3c1axl22uxh9wMygAHs6q1WA5ImOS8
uzKSthWSqtC7DMqgUFaaSjBYM2TN3l402syx71xVFyyAmCcGZbbJcg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
- recipient: age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaQkxFc1U2R2RndVRHcisv
ZGg0VXhDYnpsQVV0Q3habXRiSHhTVTVUOUZ3CkFMUTMzL3NFcHpwaklZZStIYktW
WUpwWi9xQ3MyNXl1aVREcC9KeFlsWE0KLS0tIEJVR1VFRHNBSVVaVlJsNFJtWXAv
YmphYnp4YTQyV0VrT0h4RlNSRVptbkEKao+OYKlwgLcbMe75+RcdlxmYtvgheqp2
SwEhhlV8QNWylkOU+S38C3+oiQqlPZQkwOyBMfB5eoTUM8xCLjf1og==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSHJVRGIwQUFpVER5SWxq
YjJOT0lXN3dFOFpjMFlWV3JCbmZFN0hnNEJBClpQUEczK2RWTGlVTmJRbVZaUC8y
bEFrL1RjTTNlYVNnRVRBZlRjaTlnUEEKLS0tIE5GM01pTGFFcWVVSWEvUHE3Z08r
a2xybTRFUFZZN20zajZJTVNwVEpGcEEKglmFMk7z1q5IlZ+lZf9M0HtknmvcYt/P
2/z5e8wLN1Hy0Zsbv0yIL/NmqwxAOGJOdzz7ElJszk/Y4kUr9aRasg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-20T18:23:21Z"
mac: ENC[AES256_GCM,data:Dn2yxA/8GjPpmI5oWybiv0JNiiHDbleTtYZaM7GTMStP15N4Yo1tzVqlfzy6QWdLvcyZtoodamnry9yj+A7dP1sj0Fgkiq2FnzIp+JuJXkKH7AYWKugOmzKz7Kky2SEDU2r1UoucIbW9SRbgyukXPLpGRUGqIZNLR6OZ3w0atTA=,iv:sKyg1opbnQsQs/ZteTjEyarFU/HgmSSe+Frmvwfpylk=,tag:Sc6z4SnXOxICQ+TN7C6ZVA==,type:str]
lastmodified: "2024-01-17T08:21:40Z"
mac: ENC[AES256_GCM,data:8+nUsgM47gMZmCQwPgqzM95UuYgF3UStE+XiOPPaed/VIk9e2fNLu9vR+wEgb04pR29BQTWV0qx7xqF/IzFbMYLfujgfDQoOf5pTFi5E6WTFp/MDlq8DSwxJqegEvshoAcRMt2Ur8VKbEZ/ya+yZipEZBPyGHkvi0kS8AOULbb8=,iv:txSZzGGtMVMwi1ogcAJdNqm0bb8so0RVJvkbu0QMHT4=,tag:6TQ7LYfoOrCTPMBAPQqwyg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1

5
secrets/vps6/default.yaml
View File

@@ -10,7 +10,6 @@ xray-server:
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
#ENC[AES256_GCM,data:vEit6GESM5G+Xw==,iv:A7uisdmzB2qiPeYkut6k8D3xxpVIBy/JE9cctC/cDQQ=,tag:ZY7Ttu5AUqjIxB4BIHEucQ==,type:comment]
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
@@ -101,8 +100,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-15T02:27:33Z"
mac: ENC[AES256_GCM,data:h0hMsSWYcXdlcxf8YlN247LK4kKwYnULn4Eq5HD4Y6oUtwzLn0PYROGjDb+S8qAsijvz631xl2U/pgLtfXZ+ILfAujJIznlFnvjYMqCUZiQAkoqysP1YBY4qdYdsubUdNNShdgTyXqDKf7vEJeXT6T+XBo0vIWfkBXcCk6io18U=,iv:yBpn2iJaKnljl9UtXLeZXL/HlBykdjFDfhAn606q9jo=,tag:utqbfbb9yEmhifoCG1ATmQ==,type:str]
lastmodified: "2024-01-15T11:39:07Z"
mac: ENC[AES256_GCM,data:cjP8ZDujb+RhdK5fa51if+mlx2EpfA4TTmlRbExfIDnahM8deF7qmXhOXeRIF7TrdK7HrxxOsNm2F300sbtEV0CJBsu0Wf9V3JuCuf2deEhABVSEh5f44ZCg4fLCFKCidn6GZPGjk+nEbFd+U5elcDHaqbdhdMeu3iMIf/xncac=,iv:uTv//gOvqdOKWWFvDsvdix66UiHmKzf2Dz2FuJYCfcY=,tag:qzXfKyyltjZVN8sux5mElA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1