create demo

.gitattributes

@@ -1 +0,0 @@
-*.png filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -1,3 +1,2 @@
 result
 result-man
-outputs

.sops.yaml

@@ -1,43 +0,0 @@
-keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
-  - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-  - &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
-  - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
-  - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
-  - &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
-  - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
-  - &xmupc1 age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-creation_rules:
-  - path_regex: secrets/pc/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *pc
-  - path_regex: secrets/vps6/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *vps6
-  - path_regex: secrets/vps7/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *vps7
-  - path_regex: secrets/nas/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *nas
-  - path_regex: secrets/xmupc1/.*$
-    key_groups:
-    - age:
-      - *chn
-  - path_regex: secrets/yoga/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *yoga
-  - path_regex: secrets/xmupc1/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *xmupc1

flake.nix

@@ -1,665 +1,48 @@
 {
-  description = "CNH's NixOS Flake";
+	description = "CNH's NixOS Flake";
 
-  inputs =
-  {
-    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.11";
-    nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
-    nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
-    home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
-    sops-nix =
-    {
-      url = "github:Mic92/sops-nix";
-      inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
-    };
-    aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nur.url = "github:nix-community/NUR";
-    nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-alien =
-    {
-      url = "github:thiagokokada/nix-alien";
-      inputs = { nixpkgs.follows = "nixpkgs"; nix-index-database.follows = "nix-index-database"; };
-    };
-    impermanence.url = "github:nix-community/impermanence";
-    qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
-    napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
-    deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
-    pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
-    lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
-    dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
-    plasma-manager =
-    {
-      url = "github:pjones/plasma-manager";
-      inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
-    };
-    nix-doom-emacs = { url = "github:nix-community/nix-doom-emacs"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
-  };
+	inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
-  outputs = inputs:
-    let
-      localLib = import ./local/lib inputs.nixpkgs.lib;
-    in
-    {
-      packages.x86_64-linux =
-      {
-        default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
-          (builtins.concatStringsSep "\n" (builtins.map
-            (system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
-            [ "pc" "vps6" "vps7" "nas" "surface" ]));
-      }
-      // (
-        builtins.listToAttrs (builtins.map
-          (system:
-          {
-            name = system;
-            value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
-          })
-          [ "pc" "vps6" "vps7" "nas" "surface" "xmupc1" ])
-      );
-      # ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
-      # ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
-      # systemd-machine-id-setup --root=/mnt/nix/persistent
-      nixosConfigurations =
-        let
-          system =
-          {
-            pc =
-            {
-              system =
-              {
-                fileSystems =
-                {
-                  mount =
-                  {
-                    vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
-                    btrfs =
-                    {
-                      "/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-                    };
-                  };
-                  decrypt.auto =
-                  {
-                    "/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
-                    "/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
-                      { mapper = "swap"; ssd = true; before = [ "root" ]; };
-                  };
-                  swap = [ "/dev/mapper/swap" ];
-                  resume = "/dev/mapper/swap";
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
-                };
-                grub =
-                {
-                  # TODO: install windows
-                  # windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
-                  installDevice = "efi";
-                };
-                nix =
-                {
-                  marches =
-                  [
-                    "znver2" "znver3" "znver4"
-                    # FXSR SAHF XSAVE
-                    "sandybridge"
-                    # FXSR PREFETCHW RDRND SAHF
-                    "silvermont"
-                    # FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
-                    "broadwell"
-                    # FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
-                    "skylake"
-                    # AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
-                    # SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
-                    "alderlake"
-                  ];
-                  keepOutputs = true;
-                };
-                nixpkgs =
-                  { march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
-                kernel.patches = [ "cjktty" "lantian" ];
-                impermanence.enable = true;
-                networking.hostname = "pc";
-                sysctl.laptop-mode = 5;
-              };
-              hardware =
-              {
-                cpus = [ "amd" ];
-                gpus = [ "amd" "nvidia" ];
-                bluetooth.enable = true;
-                joystick.enable = true;
-                printer.enable = true;
-                sound.enable = true;
-                legion.enable = true;
-              };
-              packages.packageSet = "workstation";
-              virtualization =
-              {
-                waydroid.enable = true;
-                docker.enable = true;
-                kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
-                # kvmGuest.enable = true;
-                nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
-              };
-              services =
-              {
-                snapper.enable = true;
-                fontconfig.enable = true;
-                samba =
-                {
-                  enable = true;
-                  private = true;
-                  hostsAllowed = "192.168. 127.";
-                  shares =
-                  {
-                    media.path = "/run/media/chn";
-                    home.path = "/home/chn";
-                    mnt.path = "/mnt";
-                    share.path = "/home/chn/share";
-                  };
-                };
-                sshd.enable = true;
-                xrayClient =
-                {
-                  enable = true;
-                  serverAddress = "74.211.99.69";
-                  serverName = "vps6.xserver.chn.moe";
-                  dns =
-                  {
-                    extraInterfaces = [ "docker0" ];
-                    hosts =
-                    {
-                      "mirism.one" = "74.211.99.69";
-                      "beta.mirism.one" = "74.211.99.69";
-                      "ng01.mirism.one" = "74.211.99.69";
-                      "debug.mirism.one" = "127.0.0.1";
-                      "initrd.vps6.chn.moe" = "74.211.99.69";
-                      "nix-store.chn.moe" = "127.0.0.1";
-                      "initrd.nas.chn.moe" = "192.168.1.185";
-                    };
-                  };
-                };
-                firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
-                acme = { enable = true; cert."debug.mirism.one" = {}; };
-                frpClient =
-                {
-                  enable = true;
-                  serverName = "frp.chn.moe";
-                  user = "pc";
-                  stcpVisitor."yy.vnc".localPort = 6187;
-                };
-                nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
-                smartd.enable = true;
-                misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
-                beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
-                wireguard =
-                {
-                  enable = true;
-                  peers = [ "vps6" ];
-                  publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
-                  wireguardIp = "192.168.83.3";
-                };
-              };
-              bugs = [ "xmunet" "suspend-hibernate-waydroid" "backlight" ];
-            };
-            vps6 =
-            {
-              system =
-              {
-                fileSystems =
-                {
-                  mount =
-                  {
-                    btrfs =
-                    {
-                      "/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-                    };
-                  };
-                  decrypt.manual =
-                  {
-                    enable = true;
-                    devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
-                    delayedMount = [ "/" ];
-                  };
-                  swap = [ "/nix/swap/swap" ];
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
-                };
-                grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
-                nixpkgs.march = "sandybridge";
-                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-                initrd.sshd.enable = true;
-                impermanence.enable = true;
-                networking.hostname = "vps6";
-              };
-              packages.packageSet = "server";
-              services =
-              {
-                snapper.enable = true;
-                sshd.enable = true;
-                xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
-                frpServer = { enable = true; serverName = "frp.chn.moe"; };
-                nginx =
-                {
-                  streamProxy.map =
-                  {
-                    "anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
-                    "podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
-                    "xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
-                  }
-                  // (builtins.listToAttrs (builtins.map
-                    (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.pc.chn.moe"; })
-                    [ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
-                  // (builtins.listToAttrs (builtins.map
-                    (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
-                    [
-                      "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
-                      "send" "kkmeeting" "api" "git" "grafana"
-                    ]));
-                  applications =
-                  {
-                    element.instances."element.chn.moe" = {};
-                    synapse-admin.instances."synapse-admin.chn.moe" = {};
-                    catalog.enable = true;
-                    blog.enable = true;
-                    main.enable = true;
-                  };
-                };
-                coturn.enable = true;
-                httpua.enable = true;
-                mirism.enable = true;
-                fail2ban.enable = true;
-                wireguard =
-                {
-                  enable = true;
-                  peers = [ "pc" "nas" "vps7" ];
-                  publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
-                  wireguardIp = "192.168.83.1";
-                  externalIp = "74.211.99.69";
-                  lighthouse = true;
-                };
-              };
-            };
-            vps7 =
-            {
-              system =
-              {
-                fileSystems =
-                {
-                  mount =
-                  {
-                    btrfs =
-                    {
-                      "/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-                    };
-                  };
-                  decrypt.manual =
-                  {
-                    enable = true;
-                    devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
-                    delayedMount = [ "/" ];
-                  };
-                  swap = [ "/nix/swap/swap" ];
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
-                };
-                grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
-                nixpkgs.march = "broadwell";
-                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-                initrd.sshd.enable = true;
-                impermanence.enable = true;
-                networking.hostname = "vps7";
-                gui.preferred = false;
-              };
-              packages.packageSet = "desktop";
-              services =
-              {
-                snapper.enable = true;
-                fontconfig.enable = true;
-                sshd.enable = true;
-                rsshub.enable = true;
-                wallabag.enable = true;
-                misskey.instances =
-                {
-                  misskey.hostname = "xn--s8w913fdga.chn.moe";
-                  misskey-old = { port = 9727; redis.port = 3546; meilisearch.enable = false; };
-                };
-                synapse.instances =
-                {
-                  synapse.matrixHostname = "synapse.chn.moe";
-                  matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
-                };
-                xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
-                vaultwarden.enable = true;
-                beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
-                photoprism.enable = true;
-                nextcloud.enable = true;
-                freshrss.enable = true;
-                send.enable = true;
-                huginn.enable = true;
-                fz-new-order.enable = true;
-                nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
-                httpapi.enable = true;
-                mastodon.enable = true;
-                gitea.enable = true;
-                grafana.enable = true;
-                fail2ban.enable = true;
-                wireguard =
-                {
-                  enable = true;
-                  peers = [ "vps6" ];
-                  publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
-                  wireguardIp = "192.168.83.2";
-                  externalIp = "95.111.228.40";
-                };
-              };
-            };
-            nas =
-            {
-              system =
-              {
-                fileSystems =
-                {
-                  mount =
-                  {
-                    vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
-                    btrfs =
-                    {
-                      "/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
-                      "/dev/mapper/nix"."/nix" = "/nix";
-                      "/dev/mapper/root1" =
-                      {
-                        "/nix/rootfs" = "/nix/rootfs";
-                        "/nix/persistent" = "/nix/persistent";
-                        "/nix/nodatacow" = "/nix/nodatacow";
-                        "/nix/rootfs/current" = "/";
-                        "/nix/backup" = "/nix/backup";
-                      };
-                    };
-                  };
-                  decrypt.manual =
-                  {
-                    enable = true;
-                    devices =
-                    {
-                      "/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
-                      "/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
-                      "/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
-                    };
-                    delayedMount = [ "/" "/nix" ];
-                  };
-                  swap = [ "/nix/swap/swap" ];
-                  rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
-                };
-                initrd.sshd.enable = true;
-                grub.installDevice = "efi";
-                nixpkgs.march = "silvermont";
-                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-                kernel.patches = [ "cjktty" ];
-                impermanence.enable = true;
-                networking.hostname = "nas";
-                gui.preferred = false;
-              };
-              hardware = { cpus = [ "intel" ]; gpus = [ "intel" ]; };
-              packages.packageSet = "desktop";
-              services =
-              {
-                snapper.enable = true;
-                fontconfig.enable = true;
-                samba =
-                {
-                  enable = true;
-                  hostsAllowed = "192.168. 127.";
-                  shares = { home.path = "/home"; root.path = "/"; };
-                };
-                sshd = { enable = true; passwordAuthentication = true; };
-                xrayClient =
-                {
-                  enable = true;
-                  serverAddress = "74.211.99.69";
-                  serverName = "vps6.xserver.chn.moe";
-                  dns.extraInterfaces = [ "docker0" ];
-                };
-                xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
-                groupshare.enable = true;
-                smartd.enable = true;
-                beesd =
-                {
-                  enable = true;
-                  instances =
-                  {
-                    root = { device = "/"; hashTableSizeMB = 2048; };
-                    nix = { device = "/nix"; hashTableSizeMB = 128; };
-                  };
-                };
-                frpClient =
-                {
-                  enable = true;
-                  serverName = "frp.chn.moe";
-                  user = "nas";
-                  stcp.hpc = { localIp = "hpc.xmu.edu.cn"; localPort = 22; };
-                };
-                nginx = { enable = true; applications.webdav.instances."local.webdav.chn.moe" = {}; };
-                wireguard =
-                {
-                  enable = true;
-                  peers = [ "vps6" ];
-                  publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
-                  wireguardIp = "192.168.83.4";
-                };
-              };
-              users.users = [ "chn" "xll" "zem" "yjq" "yxy" ];
-            };
-            surface =
-            {
-              system =
-              {
-                fileSystems =
-                {
-                  mount =
-                  {
-                    vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
-                    btrfs =
-                    {
-                      "/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-                    };
-                  };
-                  decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
-                    { mapper = "root"; ssd = true; };
-                  swap = [ "/nix/swap/swap" ];
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
-                };
-                nixpkgs.march = "skylake";
-                grub.installDevice = "efi";
-                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-                kernel.patches = [ "cjktty" ];
-                impermanence.enable = true;
-                networking.hostname = "surface";
-              };
-              hardware =
-              {
-                cpus = [ "intel" ];
-                gpus = [ "intel" ];
-                bluetooth.enable = true;
-                joystick.enable = true;
-                printer.enable = true;
-                sound.enable = true;
-              };
-              packages.packageSet = "desktop-fat";
-              virtualization.docker.enable = true;
-              services =
-              {
-                snapper.enable = true;
-                fontconfig.enable = true;
-                sshd.enable = true;
-                xrayClient =
-                {
-                  enable = true;
-                  serverAddress = "74.211.99.69";
-                  serverName = "vps6.xserver.chn.moe";
-                  dns.extraInterfaces = [ "docker0" ];
-                };
-                firewall.trustedInterfaces = [ "virbr0" ];
-              };
-              bugs = [ "xmunet" ];
-            };
-            xmupc1 =
-            {
-              system =
-              {
-                fileSystems =
-                {
-                  mount =
-                  {
-                    vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
-                    btrfs =
-                    {
-                      "/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
-                      "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-                    };
-                  };
-                  swap = [ "/dev/mapper/swap" ];
-                  resume = "/dev/mapper/swap";
-                  rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
-                };
-                grub.installDevice = "efi";
-                nixpkgs =
-                {
-                  march = "znver3";
-                  cuda =
-                  {
-                    enable = true;
-                    capabilities =
-                    [
-                      # 2080 Ti
-                      "7.5"
-                      # 3090
-                      "8.6"
-                      # 4090
-                      "8.9"
-                    ];
-                    forwardCompat = false;
-                  };
-                };
-                gui.preferred = false;
-                kernel.patches = [ "cjktty" ];
-                impermanence.enable = true;
-                networking.hostname = "xmupc1";
-              };
-              hardware =
-              {
-                cpus = [ "amd" ];
-                gpus = [ "nvidia" ];
-                bluetooth.enable = true;
-                joystick.enable = true;
-                printer.enable = true;
-                sound.enable = true;
-                gamemode.drmDevice = 1;
-              };
-              packages.packageSet = "workstation";
-              virtualization = { docker.enable = true; kvmHost = { enable = true; gui = true; }; };
-              services =
-              {
-                snapper.enable = true;
-                fontconfig.enable = true;
-                samba =
-                {
-                  enable = true;
-                  private = true;
-                  hostsAllowed = "192.168. 127.";
-                  shares =
-                  {
-                    media.path = "/run/media/chn";
-                    home.path = "/home/chn";
-                    mnt.path = "/mnt";
-                    share.path = "/home/chn/share";
-                  };
-                };
-                sshd.enable = true;
-                xrayClient =
-                {
-                  enable = true;
-                  serverAddress = "74.211.99.69";
-                  serverName = "vps6.xserver.chn.moe";
-                  dns.extraInterfaces = [ "docker0" ];
-                };
-                firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
-                acme = { enable = true; cert."debug.mirism.one" = {}; };
-                smartd.enable = true;
-                beesd = { enable = true; instances.root = { device = "/nix/persistent"; hashTableSizeMB = 2048; }; };
-                wireguard =
-                {
-                  enable = true;
-                  peers = [ "vps6" ];
-                  publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
-                  wireguardIp = "192.168.83.5";
-                };
-              };
-              bugs = [ "xmunet" "firefox" ];
-            };
-          };
-        in builtins.listToAttrs (builtins.map
-          (system:
-          {
-            name = system.name;
-            value = inputs.nixpkgs.lib.nixosSystem
-            {
-              system = "x86_64-linux";
-              specialArgs = { topInputs = inputs; inherit localLib; };
-              modules = localLib.mkModules
-              [
-                (inputs: { config.nixpkgs.overlays = [(final: prev:
-                  { localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
-                ./modules
-                { config.nixos = system.value; }
-              ];
-            };
-          })
-          (localLib.attrsToList system));
-      # sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
-      # nix-serve -p 5000
-      # nix copy --substitute-on-destination --to ssh://server /run/current-system
-      # nix copy --to ssh://nixos@192.168.122.56 ./result
-      # sudo nixos-install --flake .#bootstrap
-      #    --option substituters http://192.168.122.1:5000 --option require-sigs false
-      # sudo chattr -i var/empty
-      # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
-      # sudo nixos-rebuild switch --flake .#vps6 --log-format internal-json -v |& nom --json
-      # boot.shell_on_fail systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
-      # sudo usbipd
-      # ssh -R 3240:127.0.0.1:3240 root@192.168.122.57
-      # modprobe vhci-hcd
-      # sudo usbip bind -b 3-6
-      # usbip attach -r 127.0.0.1 -b 3-6
-      # systemd-cryptenroll --fido2-device=auto /dev/vda2
-      # systemd-cryptsetup attach root /dev/vda2
-      deploy =
-      {
-        sshUser = "root";
-        user = "root";
-        fastConnection = true;
-        autoRollback = false;
-        magicRollback = false;
-        nodes = builtins.listToAttrs (builtins.map
-          (node:
-          {
-            name = node;
-            value =
-            {
-              hostname = node;
-              profiles.system.path = inputs.self.nixosConfigurations.${node}.pkgs.deploy-rs.lib.activate.nixos
-                inputs.self.nixosConfigurations.${node};
-            };
-          })
-          [ "vps6" "vps7" "nas" "yoga" ]);
-      };
-      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
-      overlays.default = final: prev:
-        { localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); };
-    };
+	outputs = inputs:
+	{
+		nixosConfigurations =
+		{
+			"good-config" = inputs.nixpkgs.lib.nixosSystem
+			{
+				system = "x86_64-linux";
+				modules =
+				[({
+					nixpkgs.overlays = [(final: prev:
+					{
+						clang-hello = final.callPackage ({ llvmPackages }: llvmPackages.stdenv.mkDerivation
+						{
+							pname = "clang-hello";
+							version = "0";
+							phases = [ "installPhase" ];
+							installPhase = "clang --version > $out";
+						}) {};
+					})];
+				})];
+			};
+			"bad-config" = inputs.nixpkgs.lib.nixosSystem
+			{
+				system = "x86_64-linux";
+				modules =
+				[({
+					nixpkgs.overlays = [(final: prev:
+					{
+						clang-hello = final.callPackage ({ llvmPackages }: llvmPackages.stdenv.mkDerivation
+						{
+							pname = "clang-hello";
+							version = "0";
+							phases = [ "installPhase" ];
+							installPhase = "clang --version > $out";
+						}) {};
+					})];
+					programs.ccache.enable = true;
+					nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
+				})];
+			};
+		};
+	};
 }

local/lib/default.nix

@@ -1,40 +0,0 @@
-lib:
-{
-  attrsToList = Attrs: builtins.map ( name: { inherit name; value = Attrs.${name}; } ) ( builtins.attrNames Attrs );
-  mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
-    mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
-
-  # Behaviors of these two NixOS modules would be different:
-  # { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
-  # inputs: { environment.systemPackages = [ pkgs.hello ]; }
-  # The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
-  # So that we wrote a wrapper to make it always works like the first one.
-  mkModules = moduleList:
-    (builtins.map
-      (
-        let handle = module:
-          if ( builtins.typeOf module ) == "path" then (handle (import module))
-          else if ( builtins.typeOf module ) == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
-          else module;
-        in handle
-      )
-      moduleList);
-
-  # from: https://github.com/NixOS/nix/issues/3759
-  stripeTabs = text:
-    let
-      # Whether all lines start with a tab (or is empty)
-      shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix "  " line)) lines;
-      # Strip a leading tab from all lines
-      stripTab = lines: builtins.map (line: lib.strings.removePrefix "  " line) lines;
-      # Strip tabs recursively until there are none
-      stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines;
-    in
-      # Split into lines. Strip leading tabs. Concat back to string.
-      builtins.concatStringsSep "\n" (stripTabs (lib.strings.splitString "\n" text));
-  
-  # find an element in a list, return the index
-  findIndex = e: list:
-    let findIndex_ = i: list: if (builtins.elemAt list i) == e then i else findIndex_ (i + 1) list;
-    in findIndex_ 0 list;
-}

local/pkgs/biu/default.nix

@@ -1,17 +0,0 @@
-{
-  stdenv, fetchFromGitHub, cmake, pkg-config, ninja,
-  fmt, boost, magic-enum, libbacktrace, concurrencpp, tgbot-cpp, nameof, eigen, range-v3
-}: stdenv.mkDerivation rec
-{
-  name = "libbiu";
-  src = fetchFromGitHub
-  {
-    owner = "CHN-beta";
-    repo = "biu";
-    rev = "8ed2e52968f98d3a6ddbd01e86e57604ba3a7f54";
-    sha256 = "OqQ+QkjjIbpve/xn/DJA7ONw/bBg5zGNr+VJjc3o+K8=";
-  };
-  nativeBuildInputs = [ cmake pkg-config ninja ];
-  buildInputs = [ fmt boost magic-enum libbacktrace concurrencpp tgbot-cpp nameof eigen range-v3 ];
-  propagatedBuildInputs = buildInputs;
-}

local/pkgs/chromiumos-touch-keyboard/default.nix

@@ -1,18 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, fetchurl, cmake }: stdenv.mkDerivation rec
-{
-  pname = "chromiumos-touch-keyboard";
-  version = "1.4.1";
-  src = fetchFromGitHub
-  {
-    owner = "CHN-beta";
-    repo = "chromiumos_touch_keyboard";
-    rev = "32b72240ccac751a1b983152f65aa5b19503ffcf";
-    sha256 = "eFesDSBS2VzTOVfepgXYGynWvkrCSdCV9C/gcG/Ocbg=";
-  };
-  cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-Wno-error=stringop-truncation" ];
-  nativeBuildInputs = [ cmake ];
-  postInstall =
-  ''
-    cp $out/etc/touch_keyboard/layouts/YB1-X9x-pc105.csv $out/etc/touch_keyboard/layout.csv
-  '';
-}

local/pkgs/citation-style-language/default.nix

@@ -1,30 +0,0 @@
-{ stdenvNoCC, texlive, fetchFromGitHub }: stdenvNoCC.mkDerivation (finalAttrs: rec
-{
-  pname = "citation-style-language";
-  version = "0.4.5";
-  passthru = {
-    pkgs = [ finalAttrs.finalPackage ];
-    tlDeps = with texlive; [ latex ];
-    tlType = "run";
-  };
-
-  src = fetchFromGitHub
-  {
-    owner = "zepinglee";
-    repo = "citeproc-lua";
-    rev = "v${version}";
-    sha256 = "XH+GH+t/10hr4bfaod8F9JPxmBnAQlDmpSvQNDQsslM=";
-    fetchSubmodules = true;
-  };
-
-  nativeBuildInputs = [ texlive.combined.scheme-full ];
-  dontConfigure = true;
-  dontBuild = true;
-  installPhase =
-  ''
-    runHook preInstall
-    export TEXMFHOME=$out
-    l3build install
-    runHook postInstall
-  '';
-})

local/pkgs/concurrencpp/default.nix

@@ -1,13 +0,0 @@
-{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec
-{
-  pname = "concurrencpp";
-  version = "0.1.7";
-  src = fetchFromGitHub
-  {
-    owner = "David-Haim";
-    repo = "concurrencpp";
-    rev = "v.${version}";
-    sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
-  };
-  nativeBuildInputs = [ cmake ];
-}

local/pkgs/cppcoro/cppcoro-include-utility.patch

@@ -1,12 +0,0 @@
-diff --git a/lib/static_thread_pool.cpp b/lib/static_thread_pool.cpp
-index 989a6a9..0b91b9c 100644
---- a/lib/static_thread_pool.cpp
-+++ b/lib/static_thread_pool.cpp
-@@ -12,6 +12,7 @@
- #include <cassert>
- #include <mutex>
- #include <chrono>
-+#include <utility>
- 
- namespace
- {

local/pkgs/cppcoro/default.nix

@@ -1,13 +0,0 @@
-{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation
-{
-  name = "cppcoro";
-  src = fetchFromGitHub
-  {
-    owner = "Garcia6l20";
-    repo = "cppcoro";
-    rev = "e1d53e620b0eee828915ada179cd7ca8e66ca855";
-    sha256 = "luBkf1x5kqXaVbQM01yWRmA5QvrQNZkFVCjRctJdnXc=";
-  };
-  nativeBuildInputs = [ cmake ];
-  patches = [ ./cppcoro-include-utility.patch ];
-}

local/pkgs/date/default.nix

@@ -1,18 +0,0 @@
-{ stdenv, fetchFromGitHub }: stdenv.mkDerivation
-{
-  name = "date";
-  src = fetchFromGitHub
-  {
-    owner = "HowardHinnant";
-    repo = "date";
-    rev = "cc4685a21e4a4fdae707ad1233c61bbaff241f93";
-    sha256 = "KilhBEeLMvHtS76Gu0UhzE8lhS1+sCwQ1UL4pswKXTs=";
-  };
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    runHook preInstall
-    mkdir -p $out
-    cp -r $src/{include,src} $out
-  '';
-}

local/pkgs/default.nix

@@ -1,48 +0,0 @@
-{ lib, pkgs }: with pkgs; rec
-{
-  typora = callPackage ./typora {};
-  vesta = callPackage ./vesta {};
-  oneapi = callPackage ./oneapi {};
-  rsshub = callPackage ./rsshub {};
-  misskey = callPackage ./misskey { nodejs = nodejs_21; };
-  mk-meili-mgn = callPackage ./mk-meili-mgn {};
-  # vasp = callPackage ./vasp
-  # {
-  #   stdenv = pkgs.lmix-pkgs.intel21Stdenv;
-  #   intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
-  #   ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
-  # };
-  vasp = callPackage ./vasp
-  {
-    openmp = llvmPackages.openmp;
-    openmpi = pkgs.openmpi.override { cudaSupport = false; };
-  };
-  vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
-  v_sim = callPackage ./v_sim {};
-  concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
-  eigengdb = python3Packages.callPackage ./eigengdb {};
-  nodesoup = callPackage ./nodesoup {};
-  matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup glad; };
-  zpp-bits = callPackage ./zpp-bits {};
-  eigen = callPackage ./eigen {};
-  nameof = callPackage ./nameof {};
-  pslist = callPackage ./pslist {};
-  glad = callPackage ./glad {};
-  chromiumos-touch-keyboard = callPackage ./chromiumos-touch-keyboard {};
-  yoga-support = callPackage ./yoga-support {};
-  tgbot-cpp = callPackage ./tgbot-cpp {};
-  biu = callPackage ./biu { inherit concurrencpp tgbot-cpp nameof; stdenv = gcc13Stdenv; };
-  citation-style-language = callPackage ./citation-style-language {};
-  mirism = callPackage ./mirism
-  {
-    inherit cppcoro nameof tgbot-cpp date;
-    nghttp2 = nghttp2-2305.override { enableAsioLib = true; };
-  };
-  cppcoro = callPackage ./cppcoro {};
-  date = callPackage ./date {};
-  esbonio = python3Packages.callPackage ./esbonio {};
-  pix2tex = python3Packages.callPackage ./pix2tex {};
-  pyreadline3 = python3Packages.callPackage ./pyreadline3 {};
-  torchdata = python3Packages.callPackage ./torchdata {};
-  torchtext = python3Packages.callPackage ./torchtext { inherit torchdata; };
-}

local/pkgs/eigen/default.nix

@@ -1,12 +0,0 @@
-{ lib, stdenv, fetchFromGitLab, cmake }: stdenv.mkDerivation rec
-{
-  name = "eigen";
-  src = fetchFromGitLab
-  {
-    owner = "libeigen";
-    repo = name;
-    rev = "6d829e766ff1b1ab867d93631163cbc63ed5798f";
-    sha256 = "BXUnizcRPrOyiPpoyYJ4VVOjlG49aj80mgzPKmEYPKU=";
-  };
-  nativeBuildInputs = [ cmake ];
-}

local/pkgs/eigengdb/default.nix

@@ -1,15 +0,0 @@
-{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
-{
-  name = "eigengdb";
-  src = fetchFromGitHub
-  {
-    owner = "dmillard";
-    repo = "eigengdb";
-    rev = "c741edef3f07f33429056eff48d79a62733ed494";
-    sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
-  };
-  doCheck = false;
-  buildInputs = [ gdb ];
-  nativeBuildInputs = [ gdb ];
-  propagatedBuildInputs = [ numpy ];
-}

local/pkgs/esbonio/default.nix

@@ -1,11 +0,0 @@
-{ lib, fetchPypi, buildPythonPackage }: buildPythonPackage rec
-{
-  pname = "esbonio";
-  version = "0.16.3";
-  src = fetchPypi
-  {
-    inherit pname version;
-    sha256 = "1ggxdzl95fy0zxpyd1pcylhif1x604wk4wy7sv9322hc84b708zx";
-  };
-  doCheck = false;
-}

local/pkgs/glad/default.nix

@@ -1,14 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, cmake, python3 }: stdenv.mkDerivation rec
-{
-  pname = "glad";
-  version = "0.1.36";
-  src = fetchFromGitHub
-  {
-    owner = "Dav1dde";
-    repo = "glad";
-    rev = "v${version}";
-    sha256 = "FtkPz0xchwmqE+QgS+nSJVYaAfJSTUmZsObV/IPypVQ=";
-  };
-  cmakeFlags = [ "-DGLAD_REPRODUCIBLE=ON" "-DGLAD_INSTALL=ON" ];
-  nativeBuildInputs = [ cmake python3 ];
-}

local/pkgs/matplotplusplus/default.nix

@@ -1,25 +0,0 @@
-{
-  stdenv, fetchFromGitHub, cmake, pkg-config, substituteAll,
-  gnuplot, libjpeg, libtiff, zlib, libpng, lapack, blas, fftw, opencv, nodesoup, cimg, glfw, libGL, python3, glad
-}: stdenv.mkDerivation
-{
-  pname = "matplotplusplus";
-  version = "1.2.0";
-  src = fetchFromGitHub
-  {
-    owner = "alandefreitas";
-    repo = "matplotplusplus";
-    rev = "a40344efa9dc5ea0c312e6e9ef4eb7238d98dc12";
-    sha256 = "6/dH/Rl2aAb8b+Ji5LwzkC+GWPOCBnYCrjy0qk8u/+I=";
-  };
-  cmakeFlags =
-  [
-    "-DBUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_EXAMPLES=OFF"
-    "-DMATPLOTPP_WITH_SYSTEM_NODESOUP=ON" "-DMATPLOTPP_WITH_SYSTEM_CIMG=ON"
-    "-DMATPLOTPP_BUILD_EXPERIMENTAL_OPENGL_BACKEND=ON" "-DGLAD_REPRODUCIBLE=ON"
-  ];
-  buildInputs = [ gnuplot libjpeg libtiff zlib libpng lapack blas fftw opencv nodesoup cimg glfw libGL glad ];
-  nativeBuildInputs = [ cmake pkg-config python3 ];
-  propagatedBuildInputs = [ libGL glad glfw ];
-  propagatedNativeBuildInputs = [ python3 ];
-}

local/pkgs/mirism/default.nix

@@ -1,29 +0,0 @@
-{
-  lib, stdenv, requireFile,
-  boost, nghttp2, brotli, nameof, cppcoro, tgbot-cpp, libbacktrace, fmt, date
-}: stdenv.mkDerivation rec
-{
-  name = "mirism";
-  # nix-store --query --hash $(nix store add-path . --name 'mirism')
-  src = requireFile
-  {
-    inherit name;
-    sha256 = "1q3f4q4ln9dz68dfc35jybgv861f7acqiiykkm7jxviz8jdgn8c7";
-    hashMode = "recursive";
-    message = "Source file not found.";
-  };
-  buildInputs = [ boost nghttp2.dev brotli nameof cppcoro tgbot-cpp libbacktrace fmt date ];
-  buildPhase =
-  ''
-    runHook preBuild
-    make ng01 beta
-    runHook postBuild
-  '';
-  installPhase =
-  ''
-    runHook preInstall
-    mkdir -p $out/bin
-    cp build/{ng01,beta} $out/bin
-    runHook postInstall
-  '';
-}

local/pkgs/misskey/default.nix

@@ -1,76 +0,0 @@
-{
-  lib, stdenv, mkPnpmPackage, fetchFromGitHub, fetchurl, nodejs, writeShellScript, buildFHSEnv,
-  bash, cypress, vips, pkg-config
-}:
-let
-  pname = "misskey";
-  version = "2023.12.2";
-  src = fetchFromGitHub
-  {
-    owner = "CHN-beta";
-    repo = "misskey";
-    rev = "cd1d0ab06eb6b7e06afdfae9a12b2d2829564229";
-    hash = "sha256-sKEZ1ZpyA/02CNwiOMIOS5f/csx6ELDwCVJYc+oMChM=";
-    fetchSubmodules = true;
-  };
-  originalPnpmPackage = mkPnpmPackage
-  {
-    inherit pname version src nodejs;
-    copyPnpmStore = true;
-  };
-  startScript = writeShellScript "misskey"
-  ''
-    export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress ]}:$PATH
-    export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
-    export NODE_ENV=production
-    pnpm run migrateandstart
-  '';
-in
-  stdenv.mkDerivation rec
-  {
-    inherit version src pname;
-    buildInputs =
-    [
-      bash nodejs nodejs.pkgs.typescript nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress vips pkg-config
-    ];
-    nativeBuildInputs = buildInputs;
-    CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
-    NODE_ENV = "production";
-    configurePhase =
-    ''
-      export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
-      export npm_config_nodedir=${nodejs}
-
-      runHook preConfigure
-
-      store=$(pnpm store path)
-      mkdir -p $(dirname $store)
-
-      cp -f ${originalPnpmPackage.passthru.patchedLockfileYaml} pnpm-lock.yaml
-      cp -RL ${originalPnpmPackage.passthru.pnpmStore} $store
-      chmod -R +w $store
-      pnpm install --frozen-lockfile --offline
-
-      runHook postConfigure
-    '';
-    buildPhase =
-    ''
-      runHook preBuild
-      pnpm run build
-      runHook postBuild
-    '';
-    installPhase =
-    ''
-      runHook preInstall
-      mkdir -p $out
-      mv * .* $out
-      mkdir -p $out/bin
-      cp ${startScript} $out/bin/misskey
-      mkdir -p $out/files
-      runHook postInstall
-    '';
-    passthru =
-    {
-      inherit originalPnpmPackage startScript;
-    };
-  }

local/pkgs/mk-meili-mgn/default.nix

@@ -1,16 +0,0 @@
-{ lib, fetchFromGitHub, rustPlatform, pkg-config, openssl }:
-rustPlatform.buildRustPackage rec
-{
-  pname = "mk-meili-mgn";
-  version = "20230827";
-  src = fetchFromGitHub
-  {
-    owner = "CHN-beta";
-    repo = "mk-meili-mgn";
-    rev = "53e282c992293ec735c9bc964f097b5bdbc3e48a";
-    hash = "sha256-KBSoEGfWKDXZHSzSzak1v0nxtQQGI15DQTyNAPhsIB4=";
-  };
-  cargoHash = "sha256-wNdMPPl2H2iSrNYjoij0Qg/c2S5RjTHpOMV1RfHU27g=";
-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ openssl ];
-}

local/pkgs/nameof/default.nix

@@ -1,20 +0,0 @@
-{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
-{
-  pname = "nameof";
-  version = "0.10.3";
-  src = fetchFromGitHub
-  {
-    owner = "Neargye";
-    repo = pname;
-    rev = "v${version}";
-    sha256 = "eHG0Y/BQGbwTrBHjq9SeSiIXaVqWp7PxIq7vCIECYPk=";
-  };
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    runHook preInstall
-    mkdir -p $out
-    cp -r $src/include $out
-    runHook postInstall
-  '';
-}

local/pkgs/nodesoup/default.nix

@@ -1,13 +0,0 @@
-{ stdenv, fetchFromGitHub, cmake, pkg-config, cairo, pcre2, xorg }: stdenv.mkDerivation rec
-{
-  name = "nodesoup";
-  src = fetchFromGitHub
-  {
-    owner = "olvb";
-    repo = "nodesoup";
-    rev = "3158ad082bb0cd1abee75418b12b35522dbca74f";
-    sha256 = "tFLq6QC3U3uvcuWsdRy2wnwcmAfH2MkI2oMcAiUBHSo=";
-  };
-  buildInputs = [ cairo pcre2.dev xorg.libXdmcp.dev ];
-  nativeBuildInputs = [ cmake pkg-config ];
-}

local/pkgs/pix2tex/default.nix

@@ -1,32 +0,0 @@
-{
-  lib, fetchFromGitHub, buildPythonPackage,
-  # general dependencies:
-  tqdm, munch, torch, opencv, requests, einops, transformers, tokenizers, numpy, pillow, pyyaml, pandas, timm,
-  albumentations,
-  # gui
-  pyqt6, pyqt6-webengine, pyside6, pynput, screeninfo,
-  # api
-  streamlit, fastapi, uvicorn, python-multipart,
-  # training
-  # python-Levenshtein, torchtext, imagesize
-  # highlight
-  pygments
-}: buildPythonPackage
-{
-  name = "pix2tex";
-  src = fetchFromGitHub
-  {
-    owner = "lukas-blecher";
-    repo = "LaTeX-OCR";
-    rev = "1781514fb8c92ea9f94057295fdae0e683f4648e";
-    hash = "sha256-I3B8eH7zV2zIogDt9znkEzp4EeBjY6NfI4jsl+v/8aM=";
-  };
-  patches = [ ./remove-version-requires.patch ];
-  propagatedBuildInputs =
-  [
-    tqdm munch torch opencv requests einops transformers tokenizers numpy pillow pyyaml pandas timm albumentations
-    pyqt6 pyqt6-webengine pyside6 pynput screeninfo
-    streamlit fastapi uvicorn python-multipart
-    pygments
-  ];
-}

local/pkgs/pix2tex/remove-version-requires.patch

@@ -1,13 +0,0 @@
-diff --git a/setup.py b/setup.py
-index 29b26cb..511012f 100644
---- a/setup.py
-+++ b/setup.py
-@@ -64,7 +64,7 @@ setuptools.setup(
-         'Pillow>=9.1.0',
-         'PyYAML>=5.4.1',
-         'pandas>=1.0.0',
--        'timm==0.5.4',
-+        'timm>=0.5.4',
-         'albumentations>=0.5.2',
-         'pyreadline3>=3.4.1; platform_system=="Windows"',
-     ],

local/pkgs/pslist/default.nix

@@ -1,27 +0,0 @@
-# http://launchpadlibrarian.net/632309499/pslist_1.4.0-4_all.deb
-# https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz
-{ lib, stdenv, fetchzip, perl, procps }: stdenv.mkDerivation
-{
-  pname = "pslist";
-  version = "1.4.0";
-  src = fetchzip
-  {
-    url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz";
-    sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
-  };
-  buildInstall = [ perl procps ];
-  installPhase =
-  ''
-    mkdir -p $out/bin
-    cp $src/pslist $out/bin
-    ln -s pslist $out/bin/rkill
-    ln -s pslist $out/bin/rrenice
-    mkdir -p $out/share/man/man1
-    cp $src/pslist.1 $out/share/man/man1
-    ln -s pslist.1 $out/share/man/man1/rkill.1
-    ln -s pslist.1 $out/share/man/man1/rrenice.1
-
-    sed -i 's|/usr/bin/perl|${perl}/bin/perl|' $out/bin/pslist
-    sed -i 's|/bin/ps|${procps}/bin/ps|' $out/bin/pslist
-  '';
-}

local/pkgs/pyreadline3/default.nix

@@ -1,14 +0,0 @@
-{
-  lib, fetchFromGitHub, buildPythonPackage
-}: buildPythonPackage rec
-{
-  pname = "pyreadline3";
-  version = "3.4.1";
-  src = fetchFromGitHub
-  {
-    owner = "pyreadline3";
-    repo = "pyreadline3";
-    rev = "v${version}";
-    hash = "sha256-02/gkx955NupVKXSu/xBQQtY4SEP4zxbNQYg1oQ/nGY=";
-  };
-}

local/pkgs/rsshub/default.nix

@@ -1,57 +0,0 @@
-{
-  lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs, writeShellScript,
-  chromium, bash
-}:
-let
-  name = "rsshub";
-  src = fetchFromGitHub
-  {
-    owner = "DIYgod";
-    repo = "RSSHub";
-    rev = "38a5b0c193bf77d71c4eea33db6e76bc8b565d0b";
-    hash = "sha256-gJsT9W2fFiy2IG89E5th49DpBHsPMfsdONyzAKDG48c=";
-  };
-  originalPnpmPackage = mkPnpmPackage { inherit name src nodejs; };
-  nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
-  rsshub-unwrapped = stdenv.mkDerivation
-  {
-    inherit src;
-    name = "${name}-unwrapped";
-    configurePhase = 
-    ''
-      export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
-      export npm_config_nodedir=${nodejs}
-
-      runHook preConfigure
-
-      ln -s ${nodeModules}/. node_modules
-
-      runHook postConfigure
-    '';
-    installPhase =
-    ''
-      runHook preInstall
-      mkdir -p $out
-      mv * .* $out
-      runHook postInstall
-    '';
-  };
-  startScript = writeShellScript "rsshub"
-  ''
-    cd ${rsshub-unwrapped}
-    export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm chromium ]}:$PATH
-    export CHROMIUM_EXECUTABLE_PATH=chromium
-    pnpm start
-  '';
-in stdenv.mkDerivation
-{
-  inherit name;
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    runHook preInstall
-    mkdir -p $out/bin
-    cp ${startScript} $out/bin/rsshub
-    runHook postInstall
-  '';
-}

local/pkgs/tgbot-cpp/default.nix

@@ -1,15 +0,0 @@
-{ stdenv, fetchFromGitHub, cmake, pkg-config, boost, openssl, zlib, curl }: stdenv.mkDerivation rec
-{
-  pname = "tgbot-cpp";
-  version = "1.7.2";
-  src = fetchFromGitHub
-  {
-    owner = "reo7sp";
-    repo = "tgbot-cpp";
-    rev = "v${version}";
-    sha256 = "TKirSxEUqFB1WtzNEfU4EJK3p7V5xcFIvA2+QVX7TlA=";
-  };
-  nativeBuildInputs = [ cmake pkg-config ];
-  buildInputs = [ boost openssl zlib curl.dev ];
-  propagatedBuildInputs = buildInputs;
-}

local/pkgs/torchdata/default.nix

@@ -1,20 +0,0 @@
-{
-  lib, fetchFromGitHub, buildPythonPackage,
-  torch, urllib3, requests, cmake, pkg-config, ninja
-}: buildPythonPackage rec
-{
-  pname = "torchdata";
-  version = "0.7.1";
-  src = fetchFromGitHub
-  {
-    owner = "pytorch";
-    repo = "data";
-    rev = "v${version}";
-    hash = "sha256-SOeu+mI4p2tHX0YyctrDBcrz2/zYcwH9GGJ+6ytRmjQ=";
-    fetchSubmodules = true;
-  };
-  dontUseCmakeConfigure = true;
-  pyproject = true;
-  propagatedBuildInputs = [ torch urllib3 requests ];
-  nativeBuildInputs = [ cmake pkg-config ninja ];
-}

local/pkgs/torchtext/default.nix

@@ -1,20 +0,0 @@
-{
-  lib, fetchFromGitHub, buildPythonPackage,
-  tqdm, requests, torch, numpy, torchdata, cmake
-}: buildPythonPackage rec
-{
-  pname = "torchtext";
-  version = "0.16.1";
-  src = fetchFromGitHub
-  {
-    owner = "pytorch";
-    repo = "text";
-    rev = "v${version}";
-    hash = "sha256-4a33AWdd1VZwRL5vTawo0yplpw+qcNMetbfE1h1kafE=";
-    fetchSubmodules = true;
-  };
-  dontUseCmakeConfigure = true;
-  pyproject = true;
-  propagatedBuildInputs = [ tqdm requests torch numpy torchdata ];
-  nativeBuildInputs = [ cmake ];
-}

local/pkgs/typora/default.nix

@@ -1,42 +0,0 @@
-{ lib, stdenv, steam-run, fetchurl, writeShellScript }:
-let
-  typora-dist = stdenv.mkDerivation rec
-  {
-    pname = "typora-dist";
-    version = "1.7.6";
-    src = fetchurl
-    {
-      url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
-      sha256 = "19xgv83zk3mhniswwrb341sr9j4sb9pqy47jamrmkc3w8famxpd3";
-    };
-
-    dontFixup = true;
-
-    unpackPhase =
-    ''
-      ar x ${src}
-      tar xf data.tar.xz
-    '';
-    installPhase =
-    ''
-      mkdir -p $out
-      mv usr/share $out
-    '';
-  };
-in stdenv.mkDerivation rec
-{
-  pname = "typora";
-  inherit (typora-dist) version;
-  BuildInputs = [ typora-dist steam-run ];
-  startScript = writeShellScript "typora" "${steam-run}/bin/steam-run ${typora-dist}/share/typora/Typora $@";
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    mkdir -p $out/bin $out/share/applications
-    ln -s ${startScript} $out/bin/typora
-    cp ${typora-dist}/share/applications/typora.desktop $out/share/applications
-    sed -i "s|Exec=.*|Exec=${startScript} %U|g" $out/share/applications/typora.desktop
-    sed -i "s|Icon=.*|Icon=${typora-dist}/share/icons/hicolor/256x256/apps/typora.png|g" \
-      $out/share/applications/typora.desktop
-  '';
-}

local/pkgs/v_sim/default.nix

@@ -1,28 +0,0 @@
-{
-  stdenv, lib, fetchFromGitLab,
-  wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
-  glib, gtk3, epoxy, libyaml
-}:
-stdenv.mkDerivation
-{
-  pname = "v_sim";
-  version = "3.8.0_p20230824";
-  src = fetchFromGitLab
-  {
-    owner = "l_sim";
-    repo = "v_sim";
-    rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
-    sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
-  };
-  buildInputs = [ glib gtk3 epoxy libyaml ];
-  nativeBuildInputs =
-  [
-    autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
-    gtk-doc gfortran libxslt.bin
-  ];
-  enableParallelBuilding = true;
-  postPatch =
-  ''
-    ./autogen.sh
-  '';
-}

local/pkgs/vasp/default.nix

@@ -1,77 +0,0 @@
-# {
-#   stdenv, requireFile, config, rsync, intel-mpi, ifort,
-#   mkl
-# }:
-# stdenv.mkDerivation rec
-# {
-#   pname = "vasp";
-#   version = "6.4.0";
-#   # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
-#   src = requireFile
-#   {
-#     name = "${pname}-${version}";
-#     sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
-#     hashMode = "recursive";
-#     message = "Source file not found.";
-#   };
-#   VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
-#   MKLROOT = mkl;
-#   makeFlags = "DEPS=1";
-#   enableParallelBuilding = true;
-#   buildInputs = [ mkl intel-mpi ifort ];
-#   nativeBuildInputs = [ rsync ];
-#   configurePhase =
-#   ''
-#     cp arch/makefile.include.intel makefile.include
-#     echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
-#     echo "OBJECTS_LIB += getshmem.o" >> makefile.include
-#     mkdir -p bin
-#   '';
-#   installPhase =
-#   ''
-#     mkdir -p $out/bin
-#     for i in std gam ncl; do
-#       cp bin/vasp_$i $out/bin/vasp-cpu-${version}-$i
-#     done
-#   '';
-#   doStrip = false;
-#   doFixup = false;
-# }
-{
-  stdenvNoCC, requireFile, rsync, blas, scalapack, openmpi, openmp, gfortran, gcc, fftwMpi
-}:
-stdenvNoCC.mkDerivation rec
-{
-  pname = "vasp";
-  version = "6.4.0";
-  # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
-  src = requireFile
-  {
-    name = "${pname}-${version}";
-    sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
-    hashMode = "recursive";
-    message = "Source file not found.";
-  };
-  # VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
-  # MKLROOT = mkl;
-  makeFlags = "DEPS=1";
-  enableParallelBuilding = true;
-  buildInputs = [ blas scalapack openmpi openmp gfortran gfortran.cc gcc fftwMpi.dev fftwMpi ];
-  nativeBuildInputs = [ rsync ];
-  FFTW_ROOT = fftwMpi.dev;
-  configurePhase =
-  ''
-    cp ${./makefile.include/${version}-gnu} makefile.include
-    chmod +w makefile.include
-    echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
-    echo "OBJECTS_LIB += getshmem.o" >> makefile.include
-    mkdir -p bin
-  '';
-  installPhase =
-  ''
-    mkdir -p $out/bin
-    for i in std gam ncl; do
-      cp bin/vasp_$i $out/bin/vasp-gnu-${version}-$i
-    done
-  '';
-}

local/pkgs/vasp/makefile.include/6.4.0-gnu

@@ -1,94 +0,0 @@
-# Default precompiler options
-CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-              -DMPI -DMPI_BLOCK=8000 -Duse_collective \
-              -DscaLAPACK \
-              -DCACHE_SIZE=4000 \
-              -Davoidalloc \
-              -Dvasp6 \
-              -Duse_bse_te \
-              -Dtbdyn \
-              -Dfock_dblbuf \
-              -D_OPENMP
-
-CPP         = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)
-
-FC          = mpif90 -fopenmp
-FCL         = mpif90 -fopenmp
-
-FREE        = -ffree-form -ffree-line-length-none
-
-FFLAGS      = -w -ffpe-summary=none
-
-OFLAG       = -O3
-OFLAG_IN    = $(OFLAG)
-DEBUG       = -O0
-
-OBJECTS     = fftmpiw.o fftmpi_map.o fftw3d.o fft3dlib.o
-OBJECTS_O1 += fftw3d.o fftmpi.o fftmpiw.o
-OBJECTS_O2 += fft3dlib.o
-
-# For what used to be vasp.5.lib
-CPP_LIB     = $(CPP)
-FC_LIB      = $(FC)
-CC_LIB      = gcc
-CFLAGS_LIB  = -O
-FFLAGS_LIB  = -O1
-FREE_LIB    = $(FREE)
-
-OBJECTS_LIB = linpack_double.o
-
-# For the parser library
-CXX_PARS    = g++
-LLIBS       = -lstdc++
-
-##
-## Customize as of this point! Of course you may change the preceding
-## part of this file as well if you like, but it should rarely be
-## necessary ...
-##
-
-# When compiling on the target machine itself, change this to the
-# relevant target when cross-compiling for another architecture
-# VASP_TARGET_CPU ?= -march=native
-# FFLAGS     += $(VASP_TARGET_CPU)
-
-# For gcc-10 and higher (comment out for older versions)
-FFLAGS     += -fallow-argument-mismatch
-
-# BLAS and LAPACK (mandatory)
-# OPENBLAS_ROOT ?= /path/to/your/openblas/installation
-# BLASPACK    = -L$(OPENBLAS_ROOT)/lib -lopenblas
-BLASPACK    = -lblas
-
-# scaLAPACK (mandatory)
-# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
-# SCALAPACK   = -L$(SCALAPACK_ROOT)/lib -lscalapack
-SCALAPACK = -lscalapack
-
-LLIBS      += $(SCALAPACK) $(BLASPACK)
-
-# FFTW (mandatory)
-# FFTW_ROOT  ?= /path/to/your/fftw/installation
-# LLIBS      += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
-LLIBS      += -lfftw3 -lfftw3_omp
-INCS       += -I$(FFTW_ROOT)/include
-
-# HDF5-support (optional but strongly recommended)
-#CPP_OPTIONS+= -DVASP_HDF5
-#HDF5_ROOT  ?= /path/to/your/hdf5/installation
-#LLIBS      += -L$(HDF5_ROOT)/lib -lhdf5_fortran
-#INCS       += -I$(HDF5_ROOT)/include
-
-# For the VASP-2-Wannier90 interface (optional)
-#CPP_OPTIONS    += -DVASP2WANNIER90
-#WANNIER90_ROOT ?= /path/to/your/wannier90/installation
-#LLIBS          += -L$(WANNIER90_ROOT)/lib -lwannier
-
-# For the fftlib library (recommended)
-CPP_OPTIONS+= -Dsysv
-FCL        += fftlib.o
-CXX_FFTLIB  = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
-# INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
-INCS_FFTLIB = -I./include
-LIBS       += fftlib
-LLIBS      += -ldl

local/pkgs/vaspkit/default.nix

@@ -1,64 +0,0 @@
-{ stdenv, fetchurl, requireFile, autoPatchelfHook, makeWrapper, python3, attrsToList, gnused }:
-let
-  potcar = requireFile
-  {
-    name = "POTCAR";
-    sha256 = "01adpp9amf27dd39m8svip3n6ax822vsyhdi6jn5agj13lis0ln3";
-    hashMode = "recursive";
-    message = "POTCAR not found.";
-  };
-  unwrapped = stdenv.mkDerivation
-  {
-    pname = "vaspkit-unwrapped";
-    version = "1.4.1";
-    buildInputs = [ autoPatchelfHook stdenv.cc.cc ];
-    src = fetchurl
-    {
-      url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.1.4.1.linux.x64.tar.gz";
-      sha256 = "0i5m7nbvqk7hzxisyydjvs2l8lnvj9vsxa170783kv9zmp51lnvs";
-    };
-    installPhase =
-    ''
-      runHook preInstall
-      mkdir -p $out
-      cp -r * $out
-      runHook postInstall
-    '';
-  };
-  python = python3.withPackages (pythonPackages: with pythonPackages; [ numpy scipy matplotlib ]);
-  envirmentVariables =
-  {
-    LDA_PATH = "${potcar}/PAW_LDA";
-    PBE_PATH = "${potcar}/PAW_PBE";
-    GGA_PATH = "${potcar}/PAW_PW91";
-    VASPKIT_UTILITIES_PATH = "${unwrapped}/utilities";
-    PYTHON_BIN = "${python}/bin/python";
-    AUTO_PLOT = ".TRUE.";
-  };
-in
-  stdenv.mkDerivation rec
-  {
-    pname = "vaspkit";
-    inherit (unwrapped) version;
-    phases = [ "installPhase" ];
-    buildInputs = [ makeWrapper ];
-    nativeBuildInputs = [ gnused ];
-    replaceEnv = builtins.concatStringsSep "" (map
-      (variable: ''sed 's|\(${variable.name}\s*=\s*\)\(\S\+\)|\1${variable.value}|g' -i $out/.vaspkit'' + "\n")
-      (attrsToList envirmentVariables));
-    installPhase =
-    ''
-      runHook preInstall
-
-      # setup ~/.vaspkit
-      mkdir -p $out
-      cp ${unwrapped}/how_to_set_environment_variables $out/.vaspkit
-
-      # setup wrapper
-      makeWrapper ${unwrapped}/bin/vaspkit $out/bin/vaspkit --set HOME $out;
-    ''
-    + replaceEnv
-    + ''
-      runHook postInstall
-    '';
-  }

local/pkgs/vesta/default.nix

@@ -1,42 +0,0 @@
-{
-  lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook, makeWrapper,
-  glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
-}:
-
-stdenv.mkDerivation rec
-{
-  pname = "vesta";
-  version = "3.5.5";
-  src = fetchurl
-  {
-    url = "https://jp-minerals.org/vesta/archives/${version}/VESTA-gtk3.tar.bz2";
-    sha256 = "sRzQNJA7+hsjLWmykqe6bH0p1/aGEB8hCuxCyPzxYHs=";
-  };
-  desktopFile = fetchurl
-  {
-    url = "https://aur.archlinux.org/cgit/aur.git/plain/VESTA.desktop?h=vesta&id=4fae08afc37ee0fd88d14328cf0d6b308fea04d1";
-    sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
-  };
-
-  nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook makeWrapper ];
-  buildInputs = [ glib gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst ];
-
-  unpackPhase = "tar -xf ${src}";
-
-  installPhase =
-  ''
-    echo $out
-    mkdir -p $out/share/applications
-    cp ${desktopFile} $out/share/applications/vesta.desktop
-    sed -i "s|Exec=.*|Exec=$out/bin/vesta|" $out/share/applications/vesta.desktop
-    sed -i "s|Icon=.*|Icon=$out/opt/VESTA-gtk3/img/logo.png|" $out/share/applications/vesta.desktop
-
-    mkdir -p $out/opt
-    cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
-
-    mkdir -p $out/bin
-    makeWrapper $out/opt/VESTA-gtk3/VESTA $out/bin/vesta
-
-    patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
-  '';
-}

local/pkgs/yoga-support/default.nix

@@ -1,24 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, python3 }:
-let
-  python = python3.withPackages (ps: with ps; [ evdev pyudev ]);
-in stdenv.mkDerivation
-{
-  name = "yogabook-support";
-  src = fetchFromGitHub
-  {
-    owner = "jekhor";
-    repo = "yogabook-support";
-    rev = "8ecf7861e469ba4094115fff0e81d537135e3f22";
-    sha256 = "4UtiQooCaeUDHc9YE9EQRJ2MNKvOqqCv85k0YyI2BO4=";
-  };
-  buildInputs = [ python ];
-  installPhase =
-  ''
-    mkdir -p $out/bin
-    cp pen-key-handler yogabook-modes-handler $out/bin
-    mkdir -p $out/lib/udev/rules.d
-    cp 61-sensor-yogabook.rules $out/lib/udev/rules.d
-    mkdir -p $out/lib/udev/hwdb.d
-    cp 61-sensor-yogabook.hwdb $out/lib/udev/hwdb.d
-  '';
-}

local/pkgs/zpp-bits/default.nix

@@ -1,18 +0,0 @@
-{ stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
-{
-  pname = "zpp-bits";
-  version = "4.4.19";
-  src = fetchFromGitHub
-  {
-    owner = "eyalz800";
-    repo = "zpp_bits";
-    rev = "v${version}";
-    sha256 = "ejIwrvCFALuBQbQhTfzjBb11oMR/akKnboB60GWbjlQ=";
-  };
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    mkdir -p $out/include
-    cp $src/zpp_bits.h $out/include
-  '';
-}

modules/bugs/default.nix

@@ -1,92 +0,0 @@
-inputs:
-  let
-    inherit (inputs.localLib) stripeTabs;
-    inherit (builtins) map attrNames;
-    inherit (inputs.lib) mkMerge mkIf mkOption types;
-    bugs =
-    {
-      # suspend & hibernate do not use platform
-      suspend-hibernate-no-platform.systemd.sleep.extraConfig =
-      ''
-        SuspendState=freeze
-        HibernateMode=shutdown
-      '';
-      # reload iwlwifi after resume from hibernate
-      hibernate-iwlwifi =
-      {
-        systemd.services.reload-iwlwifi-after-hibernate =
-        {
-          description = "reload iwlwifi after resume from hibernate";
-          after = [ "systemd-hibernate.service" ];
-          serviceConfig.Type = "oneshot";
-          script = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in
-          ''
-            ${modprobe} -r iwlwifi
-            ${modprobe} iwlwifi
-            echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
-          '';
-          wantedBy = [ "systemd-hibernate.service" ];
-        };
-        nixos.system.kernel.modules.modprobeConfig =
-          [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
-      };
-      # disable wakeup on lid open
-      suspend-lid-no-wakeup.systemd.services.lid-no-wakeup =
-      {
-        description = "lid no wake up";
-        serviceConfig.Type = "oneshot";
-        script =
-          let
-            cat = "${inputs.pkgs.coreutils}/bin/cat";
-            grep = "${inputs.pkgs.gnugrep}/bin/grep";
-          in
-          ''
-            if ${cat} /proc/acpi/wakeup | ${grep} LID0 | ${grep} -q enabled
-            then
-              echo LID0 > /proc/acpi/wakeup
-            fi
-            if ${cat} /proc/acpi/wakeup | ${grep} XHCI | ${grep} -q enabled
-            then
-              echo XHCI > /proc/acpi/wakeup
-            fi
-          '';
-        wantedBy = [ "multi-user.target" ];
-      };
-      # xmunet use old encryption
-      xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
-        (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
-      suspend-hibernate-waydroid.systemd.services =
-        let
-          systemctl = "${inputs.pkgs.systemd}/bin/systemctl";
-        in
-        {
-          "waydroid-hibernate" =
-          {
-            description = "waydroid hibernate";
-            wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            serviceConfig.Type = "oneshot";
-            script = "${systemctl} stop waydroid-container";
-          };
-          "waydroid-resume" =
-          {
-            description = "waydroid resume";
-            wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            serviceConfig.Type = "oneshot";
-            script = "${systemctl} start waydroid-container";
-          };
-        };
-      firefox.programs.firefox.enable = inputs.lib.mkForce false;
-      power.boot.kernelParams = [ "cpufreq.default_governor=powersave" ];
-      backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
-    };
-  in
-    {
-      options.nixos.bugs = mkOption
-      {
-        type = types.listOf (types.enum (attrNames bugs));
-        default = [];
-      };
-      config = mkMerge (map (bug: mkIf (builtins.elem bug inputs.config.nixos.bugs) bugs.${bug}) (attrNames bugs));
-    }

modules/bugs/xmunet.patch

@@ -1,11 +0,0 @@
---- wpa_supplicant-2.10/src/crypto/tls_openssl.c	2022-01-16 15:51:29.000000000 -0500
-+++ src/crypto/tls_openssl.c.legacy	2022-09-29 10:10:02.999974141 -0400
-@@ -1048,7 +1048,7 @@
- 
- 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
- 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
--
-+	SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
- 	SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
- 
- #ifdef SSL_MODE_NO_AUTO_CHAIN

modules/default.nix

@@ -1,51 +0,0 @@
-inputs:
-  let
-    inherit (inputs) topInputs;
-    inherit (inputs.localLib) mkModules;
-  in
-  {
-    imports = mkModules
-    [
-      topInputs.home-manager.nixosModules.home-manager
-      topInputs.sops-nix.nixosModules.sops
-      topInputs.aagl.nixosModules.default
-      topInputs.nix-index-database.nixosModules.nix-index
-      topInputs.nur.nixosModules.nur
-      topInputs.nur-xddxdd.nixosModules.setupOverlay
-      topInputs.impermanence.nixosModules.impermanence
-      (inputs:
-      {
-        config =
-        {
-          nixpkgs.overlays =
-          [
-            topInputs.qchem.overlays.default
-            topInputs.nixd.overlays.default
-            topInputs.nix-alien.overlays.default
-            topInputs.napalm.overlays.default
-            topInputs.pnpm2nix-nzbr.overlays.default
-            topInputs.lmix.overlays.default
-            topInputs.aagl.overlays.default
-            (import "${topInputs.dguibert-nur-packages}/overlays/nvhpc-overlay")
-            (final: prev:
-            {
-              nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
-              nur-xddxdd = topInputs.nur-xddxdd.overlays.default final prev;
-              nur-linyinfeng = (topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
-              deploy-rs =
-                { inherit (prev) deploy-rs; inherit ((topInputs.deploy-rs.overlay final prev).deploy-rs) lib; };
-              # needed by mirism
-              nghttp2-2305 =
-                inputs.pkgs.callPackage "${inputs.topInputs.nixpkgs-2305}/pkgs/development/libraries/nghttp2" {};
-            })
-          ];
-          home-manager.sharedModules =
-          [
-            topInputs.plasma-manager.homeManagerModules.plasma-manager
-            topInputs.nix-doom-emacs.hmModule
-          ];
-        };
-      })
-      ./hardware ./packages ./system ./virtualization ./services ./bugs ./users
-    ];
-  }

modules/hardware/default.nix

@@ -1,228 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules [ ./legion.nix ];
-  options.nixos.hardware = let inherit (inputs.lib) mkOption types; in
-  {
-    bluetooth.enable = mkOption { type = types.bool; default = false; };
-    joystick.enable = mkOption { type = types.bool; default = false; };
-    printer.enable = mkOption { type = types.bool; default = false; };
-    sound.enable = mkOption { type = types.bool; default = false; };
-    cpus = mkOption { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
-    gpus = mkOption { type = types.listOf (types.enum [ "intel" "nvidia" "amd" ]); default = []; };
-    prime =
-    {
-      enable = mkOption { type = types.bool; default = false; };
-      mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
-      busId = mkOption { type = types.attrsOf types.str; default = {}; };
-    };
-    gamemode.drmDevice = mkOption { type = types.int; default = 0; };
-    halo-keyboard.enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkMerge mkIf;
-      inherit (inputs.config.nixos) hardware;
-      inherit (builtins) listToAttrs map concatLists;
-      inherit (inputs.localLib) attrsToList;
-    in mkMerge
-    [
-      # bluetooth
-      (mkIf hardware.bluetooth.enable { hardware.bluetooth.enable = true; })
-      # joystick
-      (mkIf hardware.joystick.enable { hardware = { xone.enable = true; xpadneo.enable = true; }; })
-      # printer
-      (
-        mkIf hardware.printer.enable
-        {
-          services =
-          {
-            printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
-            avahi = { enable = true; nssmdns = true; openFirewall = true; };
-          };
-        }
-      )
-      # sound
-      (
-        mkIf hardware.sound.enable
-        {
-          hardware.pulseaudio.enable = false;
-          services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
-          sound.enable = true;
-          security.rtkit.enable = true;
-          environment.etc."wireplumber/main.lua.d/50-alsa-config.lua".text =
-            let
-              content = builtins.readFile
-                (inputs.pkgs.wireplumber + "/share/wireplumber/main.lua.d/50-alsa-config.lua");
-              matched = builtins.match
-                ".*\n([[:space:]]*)(--\\[\"session\\.suspend-timeout-seconds\"][^\n]*)[\n].*" content;
-              spaces = builtins.elemAt matched 0;
-              comment = builtins.elemAt matched 1;
-              config = ''["session.suspend-timeout-seconds"] = 0'';
-            in
-              builtins.replaceStrings [(spaces + comment)] [(spaces + config)] content;
-        }
-      )
-      # cpus
-      (
-        mkIf (hardware.cpus != [])
-        {
-          hardware.cpu = listToAttrs
-            (map (name: { inherit name; value = { updateMicrocode = true; }; }) hardware.cpus);
-          boot.initrd.availableKernelModules =
-            let
-              modules =
-              {
-                intel =
-                [
-                  "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
-                ];
-                amd = [];
-              };
-            in
-              concatLists (map (cpu: modules.${cpu}) hardware.cpus);
-        }
-      )
-      # gpus
-      (
-        mkIf (hardware.gpus != [])
-        {
-          boot.initrd.availableKernelModules =
-            let
-              modules =
-              {
-                intel = [ "i915" ];
-                nvidia = [ "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ];
-                amd = [ "amdgpu" ];
-              };
-            in
-              concatLists (map (gpu: modules.${gpu}) hardware.gpus);
-          hardware =
-          {
-            opengl =
-            {
-              enable = true;
-              driSupport = true;
-              extraPackages =
-                with inputs.pkgs;
-                let
-                  packages =
-                  {
-                    intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
-                    nvidia = [ vaapiVdpau ];
-                    amd = [];
-                  };
-                in
-                  concatLists (map (gpu: packages.${gpu}) hardware.gpus);
-              driSupport32Bit = true;
-            };
-            nvidia = mkIf (builtins.elem "nvidia" hardware.gpus)
-            {
-              modesetting.enable = true;
-              powerManagement.enable = true;
-              dynamicBoost.enable = true;
-              nvidiaSettings = true;
-              package = inputs.config.boot.kernelPackages.nvidiaPackages.production;
-            };
-          };
-        }
-      )
-      (mkIf (builtins.elem "intel" hardware.gpus) { services.xserver.deviceSection = ''Driver "modesetting"''; })
-      # prime
-      (
-        mkIf hardware.prime.enable
-        {
-          hardware.nvidia = mkMerge
-          [
-            (
-              mkIf (hardware.prime.mode == "offload")
-              {
-                prime.offload = { enable = true; enableOffloadCmd = true; };
-                powerManagement = { finegrained = true; enable = true; };
-              }
-            )
-            (
-              mkIf (hardware.prime.mode == "sync")
-              {
-                prime = { sync.enable = true; };
-                # prime.forceFullCompositionPipeline = true;
-              }
-            )
-            {
-              prime = listToAttrs
-                (map (gpu: { inherit (gpu) value; name = "${gpu.name}BusId"; }) (attrsToList hardware.prime.busId));
-            }
-            
-          ];
-        }
-      )
-      { programs.gamemode.settings.gpu.gpu_device = "${toString hardware.gamemode.drmDevice}"; }
-      # halo-keyboard
-      (mkIf hardware.halo-keyboard.enable
-      (
-        let
-          keyboard = inputs.pkgs.localPackages.chromiumos-touch-keyboard;
-          support = inputs.pkgs.localPackages.yoga-support;
-        in
-        {
-          services.udev.packages = [ keyboard support ];
-          systemd.services =
-          {
-            touch-keyboard-handler.serviceConfig =
-            {
-              Type = "simple";
-              WorkingDirectory = "/etc/touch_keyboard";
-              ExecStart = "${keyboard}/bin/touch_keyboard_handler";
-            };
-            yogabook-modes-handler.serviceConfig =
-            {
-              Type = "simple";
-              ExecStart = "${support}/bin/yogabook-modes-handler";
-              StandardOutput = "journal";
-            };
-            monitor-sensor =
-            {
-              wantedBy = [ "default.target" ];
-              serviceConfig =
-              {
-                Type = "simple";
-                ExecStart = "${inputs.pkgs.iio-sensor-proxy}/bin/monitor-sensor --hinge";
-              };
-            };
-          };
-          environment.etc."touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
-          boot.initrd =
-          {
-            services.udev.packages = [ keyboard support ];
-            systemd =
-            {
-              extraBin =
-              {
-                touch_keyboard_handler = "${keyboard}/bin/touch_keyboard_handler";
-                yogabook-modes-handler = "${support}/bin/yogabook-modes-handler";
-              };
-              services =
-              {
-                touch-keyboard-handler =
-                {
-                  serviceConfig =
-                  {
-                    Type = "simple";
-                    WorkingDirectory = "/etc/touch_keyboard";
-                    ExecStart = "${keyboard}/bin/touch_keyboard_handler";
-                  };
-                };
-                yogabook-modes-handler.serviceConfig =
-                {
-                  Type = "simple";
-                  ExecStart = "${support}/bin/yogabook-modes-handler";
-                  StandardOutput = "journal";
-                };
-              };
-
-            };
-            extraFiles."/etc/touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
-          };
-        }
-      ))
-    ];
-}

modules/hardware/legion.nix

@@ -1,16 +0,0 @@
-inputs:
-{
-  options.nixos.hardware.legion = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.hardware) legion;
-    in mkIf legion.enable
-    {
-      environment.systemPackages = [ inputs.pkgs.lenovo-legion ];
-      boot.extraModulePackages = [ inputs.config.boot.kernelPackages.lenovo-legion-module ];
-    };
-}

modules/packages/default.nix

@@ -1,172 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules
-  [
-    ./server
-    ./desktop
-    ./desktop-fat
-    ./workstation
-  ];
-  options.nixos.packages =
-    let
-      inherit (inputs.lib) mkOption types;
-      packageSets =
-      [
-        # no gui, only used for specific purpose
-        "server"
-        # gui, for daily use, but not install large programs such as matlab
-        "desktop"
-        "desktop-fat"
-        # nearly everything
-        "workstation"
-      ];
-    in
-    {
-      packageSet = mkOption { type = types.enum packageSets; default = "server"; };
-      extraPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      excludePackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      extraPythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      excludePythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      extraPrebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      excludePrebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      _packageSets = mkOption
-      {
-        type = types.listOf types.nonEmptyStr;
-        readOnly = true;
-        default = builtins.genList (i: builtins.elemAt packageSets i)
-          ((inputs.localLib.findIndex inputs.config.nixos.packages.packageSet packageSets) + 1);
-      };
-      _packages = mkOption { type = types.listOf types.unspecified; default = []; };
-      _pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-      _prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
-    };
-  config =
-    let
-      inherit (builtins) concatLists map;
-    in
-    {
-      environment.systemPackages = let inherit (inputs.lib.lists) subtractLists; in with inputs.config.nixos.packages;
-        (subtractLists excludePackages (_packages ++ extraPackages))
-        ++ [
-          (inputs.pkgs.python3.withPackages (pythonPackages:
-            subtractLists
-              (concatLists (map (packageFunction: packageFunction pythonPackages) excludePythonPackages))
-              (concatLists (map (packageFunction: packageFunction pythonPackages)
-                (_pythonPackages ++ extraPythonPackages)))))
-          (inputs.pkgs.callPackage ({ stdenv }: stdenv.mkDerivation
-          {
-            name = "prebuild-packages";
-            propagateBuildInputs = subtractLists excludePrebuildPackages (_prebuildPackages ++ extraPrebuildPackages);
-            phases = [ "installPhase" ];
-            installPhase =
-            ''
-              runHook preInstall
-              mkdir -p $out
-              runHook postInstall
-            '';
-          }) {})
-        ];
-    };
-}
-
-    # programs.firejail =
-    # {
-    #   enable = true;
-    #   wrappedBinaries =
-    #   {
-    #     qq =
-    #     {
-    #       executable = "${inputs.pkgs.qq}/bin/qq";
-    #       profile = "${inputs.pkgs.firejail}/etc/firejail/linuxqq.profile";
-    #     };
-    #   };
-    # };
-
-# config.nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
-  # only replace stdenv for large and tested packages
-  # config.programs.ccache.packageNames = [ "webkitgtk" "libreoffice" "tensorflow" "linux" "chromium" ];
-  # config.nixpkgs.overlays = [(final: prev:
-  # {
-  #   libreoffice-qt = prev.libreoffice-qt.override (prev: { unwrapped = prev.unwrapped.override
-  #     (prev: { stdenv = final.ccacheStdenv.override { stdenv = prev.stdenv; }; }); });
-  #   python3 = prev.python3.override { packageOverrides = python-final: python-prev:
-  #     {
-  #       tensorflow = python-prev.tensorflow.override
-  #         { stdenv = final.ccacheStdenv.override { stdenv = python-prev.tensorflow.stdenv; }; };
-  #     };};
-  #   # webkitgtk = prev.webkitgtk.override (prev:
-  #   #   { stdenv = final.ccacheStdenv.override { stdenv = prev.stdenv; }; enableUnifiedBuilds = false; });
-  #   wxGTK31 = prev.wxGTK31.override { stdenv = final.ccacheStdenv.override { stdenv = prev.wxGTK31.stdenv; }; };
-  #   wxGTK32 = prev.wxGTK32.override { stdenv = final.ccacheStdenv.override { stdenv = prev.wxGTK32.stdenv; }; };
-  #   # firefox-unwrapped = prev.firefox-unwrapped.override
-  #   #   { stdenv = final.ccacheStdenv.override { stdenv = prev.firefox-unwrapped.stdenv; }; };
-  #   # chromium = prev.chromium.override
-  #   #   { stdenv = final.ccacheStdenv.override { stdenv = prev.chromium.stdenv; }; };
-  #   # linuxPackages_xanmod_latest = prev.linuxPackages_xanmod_latest.override
-  #   # {
-  #   #   kernel = prev.linuxPackages_xanmod_latest.kernel.override
-  #   #   {
-  #   #     stdenv = final.ccacheStdenv.override { stdenv = prev.linuxPackages_xanmod_latest.kernel.stdenv; };
-  #   #     buildPackages = prev.linuxPackages_xanmod_latest.kernel.buildPackages //
-  #   #       { stdenv = prev.linuxPackages_xanmod_latest.kernel.buildPackages.stdenv; };
-  #   #   };
-  #   # };
-  # })];
-  # config.programs.ccache.packageNames = [ "libreoffice-unwrapped" ];
-
-# cross-x86_64-pc-linux-musl/gcc
-# dev-cpp/cpp-httplib ? how to use
-# dev-cpp/cppcoro
-# dev-cpp/date
-# dev-cpp/nameof
-# dev-cpp/scnlib
-# dev-cpp/tgbot-cpp
-# dev-libs/pocketfft
-# dev-util/intel-hpckit
-# dev-util/nvhpc
-# kde-misc/wallpaper-engine-kde-plugin
-# media-fonts/arphicfonts
-# media-fonts/sarasa-gothic
-# media-gfx/flameshot
-# media-libs/libva-intel-driver
-# media-libs/libva-intel-media-driver
-# media-sound/netease-cloud-music
-# net-vpn/frp
-# net-wireless/bluez-tools
-# sci-libs/mkl
-# sci-libs/openblas
-# sci-libs/pfft
-# sci-libs/scalapack
-# sci-libs/wannier90
-# sci-mathematics/ginac
-# sci-mathematics/mathematica
-# sci-mathematics/octave
-# sci-physics/lammps::touchfish-os
-# sci-physics/vsim
-# sci-visualization/scidavis
-# sys-apps/flatpak
-# sys-cluster/modules
-# sys-devel/distcc
-# sys-fs/btrfs-progs
-# sys-fs/compsize
-# sys-fs/dosfstools
-# sys-fs/duperemove
-# sys-fs/exfatprogs
-# sys-fs/mdadm
-# sys-fs/ntfs3g
-# sys-kernel/dracut
-# sys-kernel/linux-firmware
-# sys-kernel/xanmod-sources
-# sys-kernel/xanmod-sources:6.1.12
-# sys-kernel/xanmod-sources::touchfish-os
-# sys-libs/libbacktrace
-# sys-libs/libselinux
-# x11-apps/xinput
-# x11-base/xorg-apps
-# x11-base/xorg-fonts
-# x11-base/xorg-server
-# x11-misc/imwheel
-# x11-misc/optimus-manager
-# x11-misc/unclutter-xfixes
-
-#   ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );

modules/packages/desktop-fat/chromium.nix

@@ -1,39 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "desktop-fat" inputs.config.nixos.packages._packageSets)
-    {
-      nixos.users.sharedModules =
-      [{
-        config.programs.chromium =
-        {
-          enable = true;
-          extensions =
-          [
-            { id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
-            { id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
-            { id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
-            { id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
-            { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
-            { id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
-            { id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
-            { id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
-            { id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
-            { id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
-            { id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
-            { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
-            { id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
-            { id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
-            { id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
-            { id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
-            { id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
-            { id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
-            { id = "nkbihfbeogaeaoehlefnkodbefgpgknn"; } # MetaMask
-            { id = "bpoadfkcbjbfhfodiogcnhhhpibjhbnh"; } # 沉浸式翻译
-          ];
-        };
-      }];
-    };
-}

modules/packages/desktop-fat/default.nix

@@ -1,48 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules
-  [
-    ./chromium.nix
-    ./steam.nix
-  ];
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "desktop-fat" inputs.config.nixos.packages._packageSets)
-    {
-      nixos =
-      {
-        packages = with inputs.pkgs;
-        {
-          _packages =
-          [
-            # system management
-            etcher btrfs-assistant snapper-gui libsForQt5.qtstyleplugin-kvantum
-            # password and key management
-            yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden
-            # download
-            qbittorrent nur-xddxdd.baidupcs-go wgetpaste
-            # development
-            scrcpy weston cage openbox krita
-            # media
-            spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
-            # editor
-            localPackages.typora
-            # themes
-            orchis-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme arc-kde-theme materia-theme
-            # news
-            fluent-reader
-            # nix tools
-            deploy-rs.deploy-rs nixpkgs-fmt
-            # instant messager
-            element-desktop telegram-desktop discord fluffychat
-            # browser
-            google-chrome
-            # office
-            crow-translate zotero pandoc ydict
-          ] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
-        };
-      };
-      programs.kdeconnect.enable = true;
-    };
-}

modules/packages/desktop-fat/steam.nix

@@ -1,23 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "desktop-fat" inputs.config.nixos.packages._packageSets)
-    {
-      programs.steam =
-      {
-        enable = true;
-        package = inputs.pkgs.steam.override (prev:
-        {
-          steam = prev.steam.overrideAttrs (prev:
-          {
-            postInstall = prev.postInstall +
-            ''
-              sed -i 's#Comment\[zh_CN\]=.*$#Comment\[zh_CN\]=思题慕®学习平台#' $out/share/applications/steam.desktop
-            '';
-          });
-        });
-      };
-    };
-}

modules/packages/desktop/default.nix

@@ -1,55 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules [ ./vscode.nix ];
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
-    {
-      nixos =
-      {
-        packages._packages = with inputs.pkgs;
-        [
-          # system management
-          gparted wl-clipboard-x11 kio-fuse
-          wayland-utils clinfo glxinfo vulkan-tools dracut
-          # networking
-          remmina putty mtr-gui
-          # media
-          mpv nomacs
-          # themes
-          tela-circle-icon-theme
-          firefoxpwa
-        ];
-        users.sharedModules =
-        [{
-          config.home.file.".config/baloofilerc".text =
-          ''
-            [Basic Settings]
-            Indexing-Enabled=false
-          '';
-        }];
-      };
-      programs =
-      {
-        adb.enable = true;
-        wireshark = { enable = true; package = inputs.pkgs.wireshark; };
-        firefox =
-        {
-          enable = true;
-          languagePacks = [ "zh-CN" "en-US" ];
-          nativeMessagingHosts.packages = [ inputs.pkgs.firefoxpwa ];
-        };
-        vim.package = inputs.pkgs.vim-full;
-      };
-      nixpkgs.config.packageOverrides = pkgs: 
-      {
-        telegram-desktop = pkgs.telegram-desktop.overrideAttrs (attrs:
-        {
-          patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./telegram.patch ];
-        });
-      };
-      services.pcscd.enable = true;
-    };
-}
-

modules/packages/desktop/telegram.patch

@@ -1,13 +0,0 @@
-diff --git a/Telegram/SourceFiles/data/data_sponsored_messages.cpp b/Telegram/SourceFiles/data/data_sponsored_messages.cpp
-index fa21af4..211f3bf 100644
---- a/Telegram/SourceFiles/data/data_sponsored_messages.cpp
-+++ b/Telegram/SourceFiles/data/data_sponsored_messages.cpp
-@@ -175,7 +175,7 @@ void SponsoredMessages::inject(
- }
- 
- bool SponsoredMessages::canHaveFor(not_null<History*> history) const {
--	return history->peer->isChannel();
-+	return false;
- }
- 
- void SponsoredMessages::request(not_null<History*> history, Fn<void()> done) {

modules/packages/desktop/vscode.nix

@@ -1,59 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "desktop" inputs.config.nixos.packages._packageSets)
-    {
-      nixos.packages = with inputs.pkgs;
-      {
-        _packages =
-        [(
-          vscode-with-extensions.override
-          {
-            vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
-              (with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
-              ++ (with github; [ copilot copilot-chat github-vscode-theme ])
-              ++ (with intellsmi; [ comment-translate deepl-translate ])
-              ++ (with ms-python; [ isort python vscode-pylance ])
-              ++ (with ms-toolsai;
-              [
-                jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
-              ])
-              ++ (with ms-vscode;
-              [
-                cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
-                test-adapter-converter
-              ])
-              ++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
-              ++ [
-                donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
-                llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
-                oderwat.indent-rainbow
-                twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
-                james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
-                yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
-                redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug
-                hbenl.vscode-test-explorer
-                jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
-                hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
-                feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
-                njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode webfreak.debug
-                gruntfuggly.todo-tree
-                # restrctured text
-                lextudio.restructuredtext trond-snekvik.simple-rst
-                # markdown
-                shd101wyy.markdown-preview-enhanced
-                # vasp
-                mystery.vasp-support
-              ];
-          }
-        )];
-        _pythonPackages = [(pythonPackages: with pythonPackages;
-        [
-          # required by vscode extensions restrucuredtext
-          localPackages.esbonio
-        ])];
-      };
-    };
-}

modules/packages/server/default.nix

@@ -1,134 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules
-  [
-    ./ssh
-    ./zsh
-    ./gpg.nix
-  ];
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) concatLists map listToAttrs;
-      inherit (inputs.localLib) attrsToList;
-    in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
-    {
-      nixos =
-      {
-        packages = with inputs.pkgs;
-        {
-          _packages = 
-          [
-            # shell
-            ksh
-            # basic tools
-            beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch localPackages.pslist
-            fastfetch reptyr
-            # lsxx
-            pciutils usbutils lshw util-linux lsof
-            # top
-            iotop iftop htop btop powertop s-tui
-            # editor
-            nano bat
-            # downloader
-            wget aria2 curl yt-dlp
-            # file manager
-            tree eza trash-cli lsd broot file xdg-ninja mlocate
-            # compress
-            pigz rar upx unzip zip lzip p7zip
-            # file system management
-            sshfs e2fsprogs adb-sync duperemove compsize exfatprogs
-            # disk management
-            smartmontools hdparm
-            # encryption and authentication
-            apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
-            # networking
-            ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
-            # nix tools
-            nix-output-monitor nix-tree ssh-to-age
-            # office
-            todo-txt-cli
-            # development
-            gdb try inputs.topInputs.plasma-manager.packages.x86_64-linux.rc2nix hexo-cli
-          ] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
-        };
-        users.sharedModules = [(home-inputs:
-        {
-          config.programs =
-          {
-            direnv = { enable = true; nix-direnv.enable = true; };
-            git =
-            {
-              enable = true;
-              lfs.enable = true;
-              extraConfig =
-              {
-                core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
-                advice.detachedHead = false;
-                merge.conflictstyle = "diff3";
-                diff.colorMoved = "default";
-              };
-              package = inputs.pkgs.gitFull;
-              delta =
-              {
-                enable = true;
-                options =
-                {
-                  side-by-side = true;
-                  navigate = true;
-                  syntax-theme = "GitHub";
-                  light = true;
-                  zero-style = "syntax white";
-                  line-numbers-zero-style = "#ffffff";
-                };
-              };
-            };
-            vim =
-            {
-              enable = true;
-              defaultEditor = true;
-              packageConfigurable = inputs.config.programs.vim.package;
-              settings =
-              {
-                number = true;
-                expandtab = false;
-                shiftwidth = 2;
-                tabstop = 2;
-              };
-              extraConfig =
-              ''
-                set clipboard=unnamedplus
-                colorscheme evening
-              '';
-            };
-          };
-        })];
-      };
-      programs =
-      {
-        nix-index-database.comma.enable = true;
-        nix-index.enable = true;
-        command-not-found.enable = false;
-        autojump.enable = true;
-        git =
-        {
-          enable = true;
-          package = inputs.pkgs.gitFull;
-          lfs.enable = true;
-          config =
-          {
-            init.defaultBranch = "main";
-            core = { quotepath = false; editor = "vim"; };
-          };
-        };
-        yazi.enable = true;
-        mosh.enable = true;
-      };
-      services =
-      {
-        fwupd.enable = true;
-        udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
-      };
-      home-manager = { useGlobalPkgs = true; useUserPackages = true; };
-    };
-}

modules/packages/server/gpg.nix

@@ -1,10 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
-    {
-      programs.gnupg.agent = { enable = true; pinentryFlavor = "tty"; };
-    };
-}

modules/packages/server/ssh/default.nix

@@ -1,169 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) concatLists map listToAttrs;
-      inherit (inputs.localLib) attrsToList;
-    in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
-    {
-      services.openssh.knownHosts =
-        let
-          servers =
-          {
-            vps6 =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
-              hostnames = [ "vps6.chn.moe" "wireguard.vps6.chn.moe" "74.211.99.69" "192.168.83.1" ];
-            };
-            "initrd.vps6" =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
-              hostnames = [ "initrd.vps6.chn.moe" "74.211.99.69" ];
-            };
-            vps7 =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
-              hostnames = [ "vps7.chn.moe" "wireguard.vps7.chn.moe" "ssh.git.chn.moe" "95.111.228.40" "192.168.83.2" ];
-            };
-            "initrd.vps7" =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
-              hostnames = [ "initrd.vps7.chn.moe" "95.111.228.40" ];
-            };
-            nas =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
-              hostnames = [ "wireguard.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" "192.168.83.4" ];
-            };
-            "initrd.nas" =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
-              hostnames = [ "initrd.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" ];
-            };
-            pc =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
-              hostnames = [ "wireguard.pc.chn.moe" "192.168.83.3" ];
-            };
-            hpc =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVpsQW3kZt5alHC6mZhay3ZEe2fRGziG4YJWCv2nn/O";
-              hostnames = [ "hpc.xmu.edu.cn" ];
-            };
-            github =
-            {
-              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
-              hostnames = [ "github.com" ];
-            };
-          };
-        in listToAttrs (concatLists (map
-          (server:
-          (
-            if builtins.pathExists ./ssh/${server.name}_rsa.pub then
-            [{
-              name = "${server.name}-rsa";
-              value =
-              {
-                publicKey = builtins.readFile ./ssh/${server.name}_rsa.pub;
-                hostNames = server.value.hostnames;
-              };
-            }]
-            else []
-          )
-          ++ (
-            if builtins.pathExists ./ssh/${server.name}_ecdsa.pub then
-            [{
-              name = "${server.name}-ecdsa";
-              value =
-              {
-                publicKey = builtins.readFile ./ssh/${server.name}_ecdsa.pub;
-                hostNames = server.value.hostnames;
-              };
-            }]
-            else []
-          )
-          ++ (
-            if server.value ? ed25519 then
-            [{
-              name = "${server.name}-ed25519";
-              value =
-              {
-                publicKey = server.value.ed25519;
-                hostNames = server.value.hostnames;
-              };
-            }]
-            else []
-          ))
-          (attrsToList servers)));
-      programs.ssh =
-      {
-        startAgent = true;
-        enableAskPassword = true;
-        askPassword = "${inputs.pkgs.systemd}/bin/systemd-ask-password";
-        extraConfig = "AddKeysToAgent yes";
-      };
-      environment.sessionVariables.SSH_ASKPASS_REQUIRE = "prefer";
-      nixos.users.sharedModules =
-      [(hmInputs: {
-        config.programs.ssh =
-        {
-          enable = true;
-          controlMaster = "auto";
-          controlPersist = "1m";
-          compression = true;
-          matchBlocks = builtins.listToAttrs
-          (
-            (builtins.map
-              (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
-              [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" ])
-            ++ (builtins.map
-              (host:
-              {
-                name = host;
-                value =
-                {
-                  host = host;
-                  hostname = "hpc.xmu.edu.cn";
-                  user = host;
-                  extraOptions =
-                  {
-                    PubkeyAcceptedAlgorithms = "+ssh-rsa";
-                    HostkeyAlgorithms = "+ssh-rsa";
-                    SetEnv =
-                      let
-                        usernameMap =
-                        {
-                          chn = "linwei/chn";
-                        };
-                        cdString =
-                          if host == "jykang" && (usernameMap ? ${hmInputs.config.home.username}) then
-                            ":chn_cd:${usernameMap.${hmInputs.config.home.username}}"
-                          else "";
-                      in "TERM=chn_unset_ls_colors${cdString}:xterm-256color";
-                    # in .bash_profile:
-                    # if [[ $TERM == chn_unset_ls_colors* ]]; then
-                    #   export TERM=${TERM#*:}
-                    #   export CHN_LS_USE_COLOR=1
-                    # fi
-                    # if [[ $TERM == chn_cd* ]]; then
-                    #   export TERM=${TERM#*:}
-                    #   cd ~/${TERM%%:*}
-                    #   export TERM=${TERM#*:}
-                    # fi
-                    # in .bashrc
-                    # [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
-                  };
-                };
-              })
-              [ "wlin" "jykang" "hwang" ])
-          )
-          // {
-            xmupc1 = { host = "xmupc1"; hostname = "office.chn.moe"; port = 6007; };
-            nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
-            gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
-          };
-        };
-      })];
-    };
-}

modules/packages/server/ssh/github_ecdsa.pub

@@ -1 +0,0 @@
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

modules/packages/server/ssh/github_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

modules/packages/server/ssh/hpc_ecdsa.pub

@@ -1 +0,0 @@
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDkkl7A9kWWBoi4b5g6Vus70ja1KhPfcZZjeU1/QbYdN8PRRw/hsGklrhefslKRbym/TMFS0ko0g5WUi9G5vbGw=

modules/packages/server/ssh/hpc_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgs8MvV2nczjGMZ548tuAhgvCEd4uHu0VhLDSwQG7Nh/UR4Pgc5T9Nf7Vfwg96Lah/pwD5my4RaWis6bLMmlkYyDBKFBOsGYQUe5J5XfZdxk8pz+7L0Hq6gPfAZAdNlUiuFVKsvkE+NF42NgJyXSYQicPbu5LQiFwZGXlW20+LO8uBQ1y1xabKVpg8XGwordduL99VepwEzeLK/st+UVfW+mKgxkf9TuxvD2fuYIDZM7y2rXqcjf4/6OXA5kACsYK1MgZSFxgO/m6+1uCC1qBDseMTA3D+Tsjf9VtcqUE9dMd/dJ/uuILHJ0+oIqkykTCecPLgJY3Vh8rAtln/lbId

modules/packages/server/ssh/nas_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0+xafJMnOGCHv6OLljaq8iJ3ZBaIezv7AJ9rVWJXFg/QJRYBwct35c4zaVom7If8F+Ss+BTLMp33HZ8gLpoat6LkjARjy65Ycog3NOnEposX2JjZEYXDbovxEmcJkDXAIVmnaBUi3r22z4UI8OqsHPeRXj017O0yQrQQYEAw/IO/tSNQZt2k8JHxAX50UTqGFdgkriO1fYHBocq48m0nn3sXrMuM3yBe5zy3NngOHxMn7UxjECmAElsuu/nu1x083pRnv5NSa+JxDGJ+S6Zhj3nGGNwZesa51I4cJjsYLxgmO/NxL1J86bDp6HhK9C9799ruG60pGTw6HcvbKTgx7klUgn4936wsy7qukWqp53MvqrLSJkRb/HHU9zZqvzcjbwet+Iv1OAAok5QC88j7Jgenk3nbZw4BNFd2r/8rOZuXheDnMKOa61dXxnvoAO3Euk0RPdZqW1slT/DDyD/kB6TPY7yOywNURNnrwzfSsmravKi6bGA5t2Ehhpf2LETM=

modules/packages/server/ssh/pc_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOyU7VvusseL2tDp7JkIXKGxRGQNHpYWVAPraUj17Xls7Z9e7HO6+GBiGP+bB9tZbzsoTNGHdXg8VaJmf98QAhhg0FcUb6IvWmfmPWzQ0MC8L+USqdDpaH7s9SOZF/yveNYCR5GOMmFdSW4OPVYIOrjPltDIe5S1SN2nOXvjxbLmuoMjg+5U4F0ii0ZaCRuMVDskeift+Amxe7iRnSzeDbECd0rJhaUb8gf3shz0Hp9lRUMej7cJH8LLP3m0s3Vk+kasKntz18MpJ6/3n+fR2aK75qkcq9FZaFA4tSIabh9eKoxlRCy7g8Qj6nNStW+ys/a1UYBFgAoTyE7e47o3dpcxR5oMLbeDwhOstWL0YOjEH1K5Wyj3eEOT71C6kuQBPcCJQ9q9hknRpW0mWe9Q6qaAzTgE9LLssijr/yTfYQk7zKEyo0i4f6buOfmyYZfnzfnCB3LiJKa98TVEEzrKYHIO44LwIkNf/YHOMDknzjYpav6HfDy+AebRHZFYhGax1YP/tP0Ve/FSq5rh6Vwuqa/zyfFUPZmZVf+EYXK7DdyuBhEZhBEu6QrjY60NRMTMLpnUZMcZXRAz9byMpAGcCYQv6gjU99ps8AkRjZNkn+FpAtDGT+oJxixQwyZMSxZ+ZuzkZGyBMeMplZXMMLICGZ2LRAgT0bxXLZUxHJBLwwnw==

modules/packages/server/ssh/vps6_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYiP+ELuG5KTmafVjBkY0ZSggJg+mDkvZpF8d7NljMst0YwKWV3IgHnkAGXdTd7jlRgm9HH6oc8rP2R6Q8EJmfr+xcL1IQIWKuYAoddHlpe2Ds4EE74xbgm5Elf7FpdYNHUH9XyVmMmIhVSpLw2N10jUhvYqw+h+xC2nObEKZuBOt/lqrTGbC/EMv3+sDv0ApBh8lKt2yfjt88pnAj1LKPANDgIYSyQOllHQWeUY/eD/5Qc9XWR3uWclslVaxriRmEA0sNZlOFCeRIyDbYpSzQBdcnojkwt7Z5kjhaqGlT9g00fdiqO0OMaeY/G8ki3QxqjONqTEDqK+DpEZFO6jyZARcY6ki0ANc0AO4qosEC3gEbAvVwyPwDFtyDggMTHlTzaw8iakMGSDEk10zKaUOgZYLzC2yCWYYQS5mae9wC1gkXIGD51/laeq2E7NpM+nha6kp9weLVyvwf0DLfwsiP+0qlCLrxBLTSRa0HQ+BnQMi4r16Ss7YJwLf/oXrbOVk=

modules/packages/server/ssh/vps7_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFwb7qi9/DvhpMvu43LRlTEC+3kPAA0KNeyk4FT4HlpRE/yxMxN6tgrP9vcx2c6TMfkRwIJKDcBuVVtKOVx+SDZo+nQBxpSz73v1qSmqlsy8D4gCk0a7cLgStb3Cvh0UZjJ5nVnxjzqY2CFnpnKYGmxL+a3qTj1KYPuA2wSsxkYVcHUfDj/uTtEDdRPaNTACsUxe1a57T/Tsjp+321+zKldYreozaABEBsexf9Z34+3vZvyQcfDB3QuxlBRPJBLik80QllpNpE1bqol8swoGEPbl/Ac7tNy+GtlwTG9SH1povmoT9K+8tjJaG2pD+z+vvgZQtJQh+aczYmEBJRZp3ksw1JH4eGqTWG/SDat9Isnx2NDhJe12b9izniDciuBScNySAazIDPidsCMUYjc9kgWdSOiODOtodj5IB+KazFVJgfpmzPv97LHVdjvR74usrgbFw2mYCw2YEiL3xjDYpQGmXSNklsQLwJiBe59oyS4QNpNYQzYD9StjgRIdvtmiM=

modules/packages/server/zsh/default.nix

@@ -1,78 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
-    {
-      nixos.users.sharedModules = [(home-inputs: { config.programs.zsh =
-      {
-        enable = true;
-        initExtraBeforeCompInit =
-        ''
-          # p10k instant prompt
-          P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
-          [[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
-          HYPHEN_INSENSITIVE="true"
-          export PATH=~/bin:$PATH
-          function br
-          {
-            local cmd cmd_file code
-            cmd_file=$(mktemp)
-            if broot --outcmd "$cmd_file" "$@"; then
-              cmd=$(<"$cmd_file")
-              command rm -f "$cmd_file"
-              eval "$cmd"
-            else
-              code=$?
-              command rm -f "$cmd_file"
-              return "$code"
-            fi
-          }
-          alias todo="todo.sh"
-        '';
-        plugins =
-        [
-          {
-            file = "powerlevel10k.zsh-theme";
-            name = "powerlevel10k";
-            src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
-          }
-          {
-            file = "p10k.zsh";
-            name = "powerlevel10k-config";
-            src = ./p10k-config;
-          }
-          {
-            name = "zsh-lsd";
-            src = inputs.pkgs.fetchFromGitHub
-            {
-              owner = "z-shell";
-              repo = "zsh-lsd";
-              rev = "65bb5ac49190beda263aae552a9369127961632d";
-              hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
-            };
-          }
-        ];
-        history =
-        {
-          path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
-          extended = true;
-          save = 100000000;
-          size = 100000000;
-        };
-      };})];
-      programs.zsh =
-      {
-        enable = true;
-        syntaxHighlighting.enable = true;
-        autosuggestions.enable = true;
-        enableCompletion = true;
-        ohMyZsh =
-        {
-          enable = true;
-          plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
-        };
-      };
-    };
-}

modules/packages/workstation/default.nix

@@ -1,104 +0,0 @@
-inputs:
-{
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-    in mkIf (builtins.elem "workstation" inputs.config.nixos.packages._packageSets)
-    {
-      nixos =
-      {
-        packages = with inputs.pkgs;
-        {
-          _packages =
-          [
-            # password and key management
-            electrum jabref
-            # system management
-            wl-mirror ventoy-full
-            # nix tools
-            nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
-            nix-prefetch-docker pnpm-lock-export bundix
-            # instant messager
-            zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack nur-linyinfeng.wemeet
-            cinny-desktop nheko
-            # office
-            libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
-            (texlive.combine { inherit (texlive) scheme-full; inherit (localPackages) citation-style-language; })
-            # development
-            jetbrains.clion android-studio dbeaver cling clang-tools_16 ccls fprettify aircrack-ng
-            # media
-            nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
-            # virtualization
-            wineWowPackages.stagingFull virt-viewer bottles # wine64
-            # text editor
-            appflowy notion-app-enhanced joplin-desktop standardnotes logseq
-            # math, physics and chemistry
-            mathematica octaveFull root ovito paraview localPackages.vesta # qchem.quantum-espresso
-            localPackages.vasp localPackages.vaspkit jmol localPackages.v_sim
-            # encryption and password management
-            john crunch hashcat
-            # container and vm
-            genymotion # davinci-resolve playonlinux
-            # browser
-            microsoft-edge
-            # news
-            rssguard newsflash newsboat
-          ];
-          _pythonPackages = [(pythonPackages: with pythonPackages;
-          [
-            phonopy tensorflow keras openai scipy scikit-learn jupyterlab autograd
-            # localPackages.pix2tex
-            inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
-            certifi charset-normalizer idna orjson psycopg2 localPackages.eigengdb
-          ])];
-          _prebuildPackages =
-          [
-            httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2
-            gcc13Stdenv
-          ];
-        };
-        users.sharedModules =
-        [{
-          config.programs =
-          {
-            obs-studio =
-            {
-              enable = true;
-              plugins = with inputs.pkgs.obs-studio-plugins;
-                [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
-            };
-            doom-emacs = { enable = true; doomPrivateDir = ./doom.d; };
-          };
-        }];
-      };
-      programs =
-      {
-        anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
-        honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
-        nix-ld.enable = true;
-        gamemode =
-        {
-          enable = true;
-          settings =
-          {
-            general.renice = 10;
-            gpu =
-            {
-              apply_gpu_optimisations = "accept-responsibility";
-              nv_powermizer_mode = 1;
-            };
-            custom = let notify-send = "${inputs.pkgs.libnotify}/bin/notify-send"; in
-            {
-              start = "${notify-send} 'GameMode started'";
-              end = "${notify-send} 'GameMode ended'";
-            };
-          };
-        };
-        chromium =
-        {
-          enable = true;
-          extraOpts.PasswordManagerEnabled = false;
-        };
-      };
-    };
-}

modules/packages/workstation/doom.d/init.el

@@ -1,191 +0,0 @@
-;;; init.el -*- lexical-binding: t; -*-
-
-;; This file controls what Doom modules are enabled and what order they load
-;; in. Remember to run 'doom sync' after modifying it!
-
-;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
-;;      documentation. There you'll find a "Module Index" link where you'll find
-;;      a comprehensive list of Doom's modules and what flags they support.
-
-;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
-;;      'C-c c k' for non-vim users) to view its documentation. This works on
-;;      flags as well (those symbols that start with a plus).
-;;
-;;      Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
-;;      directory (for easy access to its source code).
-
-(doom! :input
-       ;;chinese
-       ;;japanese
-       ;;layout            ; auie,ctsrnm is the superior home row
-
-       :completion
-       company           ; the ultimate code completion backend
-       ;;helm              ; the *other* search engine for love and life
-       ;;ido               ; the other *other* search engine...
-       ;;ivy               ; a search engine for love and life
-       vertico           ; the search engine of the future
-
-       :ui
-       ;;deft              ; notational velocity for Emacs
-       doom              ; what makes DOOM look the way it does
-       doom-dashboard    ; a nifty splash screen for Emacs
-       doom-quit         ; DOOM quit-message prompts when you quit Emacs
-       ;;(emoji +unicode)  ; 🙂
-       hl-todo           ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
-       ;;hydra
-       ;;indent-guides     ; highlighted indent columns
-       ;;ligatures         ; ligatures and symbols to make your code pretty again
-       ;;minimap           ; show a map of the code on the side
-       modeline          ; snazzy, Atom-inspired modeline, plus API
-       ;;nav-flash         ; blink cursor line after big motions
-       ;;neotree           ; a project drawer, like NERDTree for vim
-       ophints           ; highlight the region an operation acts on
-       (popup +defaults)   ; tame sudden yet inevitable temporary windows
-       ;;tabs              ; a tab bar for Emacs
-       ;;treemacs          ; a project drawer, like neotree but cooler
-       ;;unicode           ; extended unicode support for various languages
-       vc-gutter         ; vcs diff in the fringe
-       vi-tilde-fringe   ; fringe tildes to mark beyond EOB
-       ;;window-select     ; visually switch windows
-       workspaces        ; tab emulation, persistence & separate workspaces
-       ;;zen               ; distraction-free coding or writing
-
-       :editor
-       (evil +everywhere); come to the dark side, we have cookies
-       file-templates    ; auto-snippets for empty files
-       fold              ; (nigh) universal code folding
-       ;;(format +onsave)  ; automated prettiness
-       ;;god               ; run Emacs commands without modifier keys
-       ;;lispy             ; vim for lisp, for people who don't like vim
-       ;;multiple-cursors  ; editing in many places at once
-       ;;objed             ; text object editing for the innocent
-       ;;parinfer          ; turn lisp into python, sort of
-       ;;rotate-text       ; cycle region at point between text candidates
-       snippets          ; my elves. They type so I don't have to
-       ;;word-wrap         ; soft wrapping with language-aware indent
-
-       :emacs
-       dired             ; making dired pretty [functional]
-       electric          ; smarter, keyword-based electric-indent
-       ;;ibuffer         ; interactive buffer management
-       undo              ; persistent, smarter undo for your inevitable mistakes
-       vc                ; version-control and Emacs, sitting in a tree
-
-       :term
-       ;;eshell            ; the elisp shell that works everywhere
-       ;;shell             ; simple shell REPL for Emacs
-       ;;term              ; basic terminal emulator for Emacs
-       ;;vterm             ; the best terminal emulation in Emacs
-
-       :checkers
-       syntax              ; tasing you for every semicolon you forget
-       ;;(spell +flyspell) ; tasing you for misspelling mispelling
-       ;;grammar           ; tasing grammar mistake every you make
-
-       :tools
-       ;;ansible
-       ;;biblio            ; Writes a PhD for you (citation needed)
-       ;;debugger          ; FIXME stepping through code, to help you add bugs
-       ;;direnv
-       ;;docker
-       ;;editorconfig      ; let someone else argue about tabs vs spaces
-       ;;ein               ; tame Jupyter notebooks with emacs
-       (eval +overlay)     ; run code, run (also, repls)
-       ;;gist              ; interacting with github gists
-       lookup              ; navigate your code and its documentation
-       ;;lsp               ; M-x vscode
-       magit             ; a git porcelain for Emacs
-       ;;make              ; run make tasks from Emacs
-       ;;pass              ; password manager for nerds
-       ;;pdf               ; pdf enhancements
-       ;;prodigy           ; FIXME managing external services & code builders
-       ;;rgb               ; creating color strings
-       ;;taskrunner        ; taskrunner for all your projects
-       ;;terraform         ; infrastructure as code
-       ;;tmux              ; an API for interacting with tmux
-       ;;upload            ; map local to remote projects via ssh/ftp
-
-       :os
-       (:if IS-MAC macos)  ; improve compatibility with macOS
-       ;;tty               ; improve the terminal Emacs experience
-
-       :lang
-       ;;agda              ; types of types of types of types...
-       ;;beancount         ; mind the GAAP
-       ;;cc                ; C > C++ == 1
-       ;;clojure           ; java with a lisp
-       ;;common-lisp       ; if you've seen one lisp, you've seen them all
-       ;;coq               ; proofs-as-programs
-       ;;crystal           ; ruby at the speed of c
-       ;;csharp            ; unity, .NET, and mono shenanigans
-       ;;data              ; config/data formats
-       ;;(dart +flutter)   ; paint ui and not much else
-       ;;dhall
-       ;;elixir            ; erlang done right
-       ;;elm               ; care for a cup of TEA?
-       emacs-lisp        ; drown in parentheses
-       ;;erlang            ; an elegant language for a more civilized age
-       ;;ess               ; emacs speaks statistics
-       ;;factor
-       ;;faust             ; dsp, but you get to keep your soul
-       ;;fortran           ; in FORTRAN, GOD is REAL (unless declared INTEGER)
-       ;;fsharp            ; ML stands for Microsoft's Language
-       ;;fstar             ; (dependent) types and (monadic) effects and Z3
-       ;;gdscript          ; the language you waited for
-       ;;(go +lsp)         ; the hipster dialect
-       ;;(haskell +lsp)    ; a language that's lazier than I am
-       ;;hy                ; readability of scheme w/ speed of python
-       ;;idris             ; a language you can depend on
-       ;;json              ; At least it ain't XML
-       ;;(java +meghanada) ; the poster child for carpal tunnel syndrome
-       ;;javascript        ; all(hope(abandon(ye(who(enter(here))))))
-       ;;julia             ; a better, faster MATLAB
-       ;;kotlin            ; a better, slicker Java(Script)
-       ;;latex             ; writing papers in Emacs has never been so fun
-       ;;lean              ; for folks with too much to prove
-       ;;ledger            ; be audit you can be
-       ;;lua               ; one-based indices? one-based indices
-       markdown          ; writing docs for people to ignore
-       ;;nim               ; python + lisp at the speed of c
-       ;;nix               ; I hereby declare "nix geht mehr!"
-       ;;ocaml             ; an objective camel
-       org               ; organize your plain life in plain text
-       ;;php               ; perl's insecure younger brother
-       ;;plantuml          ; diagrams for confusing people more
-       ;;purescript        ; javascript, but functional
-       ;;python            ; beautiful is better than ugly
-       ;;qt                ; the 'cutest' gui framework ever
-       ;;racket            ; a DSL for DSLs
-       ;;raku              ; the artist formerly known as perl6
-       ;;rest              ; Emacs as a REST client
-       ;;rst               ; ReST in peace
-       ;;(ruby +rails)     ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
-       ;;rust              ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
-       ;;scala             ; java, but good
-       ;;(scheme +guile)   ; a fully conniving family of lisps
-       sh                ; she sells {ba,z,fi}sh shells on the C xor
-       ;;sml
-       ;;solidity          ; do you need a blockchain? No.
-       ;;swift             ; who asked for emoji variables?
-       ;;terra             ; Earth and Moon in alignment for performance.
-       ;;web               ; the tubes
-       ;;yaml              ; JSON, but readable
-       ;;zig               ; C, but simpler
-
-       :email
-       ;;(mu4e +org +gmail)
-       ;;notmuch
-       ;;(wanderlust +gmail)
-
-       :app
-       ;;calendar
-       ;;emms
-       ;;everywhere        ; *leave* Emacs!? You must be joking
-       ;;irc               ; how neckbeards socialize
-       ;;(rss +org)        ; emacs as an RSS reader
-       ;;twitter           ; twitter client https://twitter.com/vnought
-
-       :config
-       ;;literate
-       (default +bindings +smartparens))

modules/services/acme.nix

@@ -1,46 +0,0 @@
-inputs:
-{
-  options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    cert = mkOption
-    {
-      type = types.attrsOf (types.submodule (submoduleInputs: { options =
-      {
-        domains = mkOption
-          { type = types.nonEmptyListOf types.nonEmptyStr; default = [ submoduleInputs.config._module.args.name ]; };
-        group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-      };}));
-      default = {};
-    };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.services) acme;
-      inherit (builtins) map listToAttrs;
-      inherit (inputs.localLib) attrsToList;
-    in mkIf acme.enable
-    {
-      security.acme =
-      {
-        acceptTerms = true;
-        defaults.email = "chn@chn.moe";
-        certs = listToAttrs (map
-          (cert:
-          {
-            name = builtins.elemAt cert.value.domains 0;
-            value =
-            {
-              dnsResolver = "8.8.8.8";
-              dnsProvider = "cloudflare";
-              credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
-              extraDomainNames = builtins.tail cert.value.domains;
-              group = mkIf (cert.value.group != null) cert.value.group;
-            };
-          })
-          (attrsToList acme.cert));
-      };
-      sops.secrets."acme/cloudflare.ini" = {};
-    };
-}

modules/services/akkoma.nix

@@ -1,51 +0,0 @@
-inputs:
-{
-  options.nixos.services.akkoma = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "akkoma.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) akkoma;
-      inherit (inputs.lib) mkIf;
-    in mkIf akkoma.enable
-    {
-      services.akkoma =
-      {
-        enable = true;
-        config.":pleroma" =
-        {
-          "Pleroma.Web.Endpoint".url.host = akkoma.hostname;
-          "Pleroma.Repo" =
-          {
-            adapter = (inputs.pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
-            hostname = "127.0.0.1";
-            username = "akkoma";
-            password._secret = inputs.config.sops.secrets."akkoma/db".path;
-            database = "akkoma";
-          };
-          ":instance" =
-          {
-            name = "艹";
-            email = "grass@grass.squre";
-            description = "艹艹艹艹艹";
-          };
-        };
-      };
-      nixos.services =
-      {
-        nginx =
-        {
-          enable = true;
-          https."${akkoma.hostname}" =
-          {
-            global.tlsCert = "/var/lib/akkoma";
-            location."/".proxy = { upstream = "http://127.0.0.1:4000"; websocket = true; };
-          };
-        };
-        postgresql.instances.akkoma = {};
-      };
-      sops.secrets."akkoma/db" = { owner = "akkoma"; key = "postgresql/akkoma"; };
-    };
-}

modules/services/beesd.nix

@@ -1,47 +0,0 @@
-inputs:
-{
-  options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    instances = mkOption
-    {
-      type = types.attrsOf (types.oneOf
-      [
-        types.nonEmptyStr
-        (types.submodule { options =
-          { device = mkOption { type = types.nonEmptyStr; }; hashTableSizeMB = mkOption { type = types.int; }; };})
-      ]);
-      default = {};
-    };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) beesd;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) map listToAttrs;
-      inherit (inputs.localLib) attrsToList;
-    in mkIf beesd.enable
-      {
-        services.beesd.filesystems = listToAttrs (map
-          (instance:
-          {
-            inherit (instance) name;
-            value =
-            {
-              spec = instance.value.device or instance.value;
-              hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
-              extraOptions = [ "--thread-count" "1" "--scan-mode" "3" ];
-            };
-          })
-          (attrsToList beesd.instances));
-        systemd.slices.system-beesd.sliceConfig =
-        {
-          CPUSchedulingPolicy = "idle";
-          IOSchedulingClass = "idle";
-          IOSchedulingPriority = 4;
-          IOAccounting = true;
-          IOWeight = 1;
-          Nice = 19;
-        };
-      };
-}

modules/services/coturn.nix

@@ -1,37 +0,0 @@
-inputs:
-{
-  options.nixos.services.coturn = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "coturn.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) coturn;
-      inherit (inputs.lib) mkIf;
-    in mkIf coturn.enable
-      {
-        services.coturn = let keydir = inputs.config.security.acme.certs.${coturn.hostname}.directory; in
-        {
-          enable = true;
-          use-auth-secret = true;
-          static-auth-secret-file = inputs.config.sops.secrets."coturn/auth-secret".path;
-          realm = coturn.hostname;
-          cert = "${keydir}/full.pem";
-          pkey = "${keydir}/key.pem";
-          no-cli = true;
-        };
-        sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
-        nixos.services.acme =
-        {
-          enable = true;
-          cert.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
-        };
-        networking.firewall = with inputs.config.services.coturn;
-        {
-          allowedUDPPorts = [ listening-port tls-listening-port ];
-          allowedTCPPorts = [ listening-port tls-listening-port ];
-          allowedUDPPortRanges = [ { from = min-port; to = max-port; } ];
-        };
-      };
-}

modules/services/default.nix

@@ -1,122 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules
-  [
-    ./postgresql.nix
-    ./redis.nix
-    ./rsshub.nix
-    ./misskey.nix
-    ./nginx
-    ./meilisearch.nix
-    ./xray.nix
-    ./coturn.nix
-    ./synapse.nix
-    ./phpfpm.nix
-    ./xrdp.nix
-    ./groupshare.nix
-    ./acme.nix
-    ./samba.nix
-    ./sshd.nix
-    ./vaultwarden.nix
-    ./frp.nix
-    ./beesd.nix
-    ./snapper.nix
-    ./mariadb.nix
-    ./photoprism.nix
-    ./nextcloud.nix
-    ./freshrss.nix
-    ./kmscon.nix
-    ./fontconfig.nix
-    ./nix-serve.nix
-    ./send.nix
-    ./huginn.nix
-    ./httpua
-    ./fz-new-order
-    ./httpapi.nix
-    ./mirism.nix
-    ./mastodon.nix
-    ./gitea.nix
-    ./grafana.nix
-    ./fail2ban.nix
-    ./wireguard.nix
-    ./akkoma.nix
-  ];
-  options.nixos.services = let inherit (inputs.lib) mkOption types; in
-  {
-    firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
-    smartd.enable = mkOption { type = types.bool; default = false; };
-    wallabag.enable = mkOption { type = types.bool; default = false; };
-    noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkMerge mkIf;
-      inherit (inputs.localLib) stripeTabs attrsToList;
-      inherit (inputs.config.nixos) services;
-      inherit (builtins) map listToAttrs toString;
-    in mkMerge
-    [
-      { networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
-      (mkIf services.smartd.enable { services.smartd.enable = true; })
-      (
-        mkIf services.wallabag.enable
-        {
-          virtualisation.oci-containers.containers.wallabag =
-          {
-            image = "wallabag/wallabag:2.6.2";
-            imageFile = inputs.pkgs.dockerTools.pullImage
-            {
-              imageName = "wallabag/wallabag";
-              imageDigest = "sha256:241e5c71f674ee3f383f428e8a10525cbd226d04af58a40ce9363ed47e0f1de9";
-              sha256 = "0zflrhgg502w3np7kqmxij8v44y491ar2qbk7qw981fysia5ix09";
-              finalImageName = "wallabag/wallabag";
-              finalImageTag = "2.6.2";
-            };
-            ports = [ "127.0.0.1:4398:80/tcp" ];
-            extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
-            environmentFiles = [ inputs.config.sops.templates."wallabag/env".path ];
-          };
-          sops =
-          {
-            templates."wallabag/env".content =
-              let
-                placeholder = inputs.config.sops.placeholder;
-              in
-              ''
-                SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
-                SYMFONY__ENV__DATABASE_HOST=host.docker.internal
-                SYMFONY__ENV__DATABASE_PORT=5432
-                SYMFONY__ENV__DATABASE_NAME=wallabag
-                SYMFONY__ENV__DATABASE_USER=wallabag
-                SYMFONY__ENV__DATABASE_PASSWORD=${placeholder."postgresql/wallabag"}
-                SYMFONY__ENV__REDIS_HOST=host.docker.internal
-                SYMFONY__ENV__REDIS_PORT=8790
-                SYMFONY__ENV__REDIS_PASSWORD=${placeholder."redis/wallabag"}
-                SYMFONY__ENV__SERVER_NAME=wallabag.chn.moe
-                SYMFONY__ENV__DOMAIN_NAME=https://wallabag.chn.moe
-                SYMFONY__ENV__TWOFACTOR_AUTH=false
-              '';
-              # SYMFONY__ENV__MAILER_DSN=smtp://bot%%40chn.moe@${placeholder."mail/bot-encoded"}:mail.chn.moe
-              # SYMFONY__ENV__FROM_EMAIL=bot@chn.moe
-              # SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
-            secrets."mail/bot-encoded" = {};
-          };
-          nixos =
-          {
-            services =
-            {
-              nginx =
-              {
-                enable = true;
-                https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
-              };
-              postgresql = { enable = true; instances.wallabag = {}; };
-              redis.instances.wallabag = { user = "root"; port = 8790; };
-            };
-            virtualization.docker.enable = true;
-          };
-        }
-      )
-      (mkIf services.noisetorch.enable { programs.noisetorch.enable = true; })
-    ];
-}

modules/services/fail2ban.nix

@@ -1,19 +0,0 @@
-inputs:
-{
-  options.nixos.services.fail2ban = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) fail2ban;
-      inherit (inputs.lib) mkIf;
-    in mkIf fail2ban.enable
-    {
-      services.fail2ban =
-      {
-        enable = true;
-        ignoreIP = [ "127.0.0.0/8" "192.168.0.0/16" "vps6.chn.moe" ];
-      };
-    };
-}

modules/services/fontconfig.nix

@@ -1,27 +0,0 @@
-inputs:
-{
-  options.nixos.services.fontconfig = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.services) fontconfig;
-    in mkIf fontconfig.enable
-    {
-      fonts =
-      {
-        fontDir.enable = true;
-        packages = with inputs.pkgs;
-          [ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
-        fontconfig.defaultFonts =
-        {
-          emoji = [ "Noto Color Emoji" ];
-          monospace = [ "Noto Sans Mono CJK SC" "Sarasa Mono SC" "DejaVu Sans Mono"];
-          sansSerif = [ "Noto Sans CJK SC" "Source Han Sans SC" "DejaVu Sans" ];
-          serif = [ "Noto Serif CJK SC" "Source Han Serif SC" "DejaVu Serif" ];
-        };
-      };
-    };
-}

modules/services/freshrss.nix

@@ -1,52 +0,0 @@
-inputs:
-{
-  options.nixos.services.freshrss = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "freshrss.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) freshrss;
-      inherit (inputs.lib) mkIf;
-    in mkIf freshrss.enable
-    {
-      services.freshrss =
-      {
-        enable = true;
-        baseUrl = "https://${freshrss.hostname}";
-        defaultUser = "chn";
-        passwordFile = inputs.config.sops.secrets."freshrss/chn".path;
-        database = { type = "mysql"; passFile = inputs.config.sops.secrets."freshrss/db".path; };
-        virtualHost = null;
-      };
-      sops.secrets =
-      {
-        "freshrss/chn".owner = inputs.config.users.users.freshrss.name;
-        "freshrss/db" = { owner = inputs.config.users.users.freshrss.name; key = "mariadb/freshrss"; };
-      };
-      systemd.services.freshrss-config.after = [ "mysql.service" ];
-      nixos.services =
-      {
-        mariadb = { enable = true; instances.freshrss = {}; };
-        nginx.https.${freshrss.hostname} =
-        {
-          location =
-          {
-            "/".static =
-            {
-              root = "${inputs.pkgs.freshrss}/p";
-              index = [ "index.php" ];
-              tryFiles = [ "$uri" "$uri/" "$uri/index.php" ];
-            };
-            "~ ^.+?\.php(/.*)?$".php =
-            {
-              root = "${inputs.pkgs.freshrss}/p";
-              fastcgiPass =
-                "unix:${inputs.config.services.phpfpm.pools.${inputs.config.services.freshrss.pool}.socket}";
-            };
-          };
-        };
-      };
-    };
-}

modules/services/frp.nix

@@ -1,203 +0,0 @@
-inputs:
-{
-  options.nixos.services = let inherit (inputs.lib) mkOption types; in
-  {
-    frpClient =
-    {
-      enable = mkOption { type = types.bool; default = false; };
-      serverName = mkOption { type = types.nonEmptyStr; };
-      user = mkOption { type = types.nonEmptyStr; };
-      tcp = mkOption
-      {
-        type = types.attrsOf (types.submodule (inputs:
-        {
-          options =
-          {
-            localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
-            localPort = mkOption { type = types.ints.unsigned; };
-            remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
-            remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
-          };
-        }));
-        default = {};
-      };
-      stcp = mkOption
-      {
-        type = types.attrsOf (types.submodule (inputs:
-        {
-          options =
-          {
-            localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
-            localPort = mkOption { type = types.ints.unsigned; };
-          };
-        }));
-        default = {};
-      };
-      stcpVisitor = mkOption
-      {
-        type = types.attrsOf (types.submodule (inputs:
-        {
-          options =
-          {
-            localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
-            localPort = mkOption { type = types.ints.unsigned; };
-          };
-        }));
-        default = {};
-      };
-    };
-    frpServer =
-    {
-      enable = mkOption { type = types.bool; default = false; };
-      serverName = mkOption { type = types.nonEmptyStr; };
-    };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkMerge mkIf;
-      inherit (inputs.lib.strings) splitString;
-      inherit (inputs.localLib) attrsToList;
-      inherit (inputs.config.nixos.services) frpClient frpServer;
-      inherit (builtins) map listToAttrs;
-    in mkMerge
-    [
-      (
-        mkIf frpClient.enable
-        {
-          systemd.services.frpc =
-            let
-              frpc = "${inputs.pkgs.frp}/bin/frpc";
-              config = inputs.config.sops.templates."frpc.json";
-            in
-            {
-              description = "Frp Client Service";
-              after = [ "network.target" ];
-              serviceConfig =
-              {
-                Type = "simple";
-                User = "frp";
-                Restart = "always";
-                RestartSec = "5s";
-                ExecStart = "${frpc} -c ${config.path}";
-                LimitNOFILE = 1048576;
-              };
-              wantedBy= [ "multi-user.target" ];
-              restartTriggers = [ config.file ];
-            };
-          sops =
-          {
-            templates."frpc.json" =
-            {
-              owner = inputs.config.users.users.frp.name;
-              group = inputs.config.users.users.frp.group;
-              content = builtins.toJSON
-              {
-                auth.token = inputs.config.sops.placeholder."frp/token";
-                user = frpClient.user;
-                serverAddr = frpClient.serverName;
-                serverPort = 7000;
-                proxies =
-                (map
-                  (tcp:
-                  {
-                    name = tcp.name;
-                    type = "tcp";
-                    transport.useCompression = true;
-                    inherit (tcp.value) localIp localPort remotePort;
-                  })
-                  (attrsToList frpClient.tcp))
-                ++ (map
-                  (stcp:
-                  {
-                    name = stcp.name;
-                    type = "stcp";
-                    transport.useCompression = true;
-                    secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
-                    allowUsers = [ "*" ];
-                    inherit (stcp.value) localIp localPort;
-                  })
-                  (attrsToList frpClient.stcp));
-                visitors = map
-                  (stcp:
-                  {
-                    name = stcp.name;
-                    type = "stcp";
-                    transport = { useCompression = true; tls.enable = true; };
-                    secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
-                    serverUser = builtins.elemAt (splitString "." stcp.name) 0;
-                    serverName = builtins.elemAt (splitString "." stcp.name) 1;
-                    bindAddr = stcp.value.localIp;
-                    bindPort = stcp.value.localPort;
-                  })
-                  (attrsToList frpClient.stcpVisitor);
-              };
-            };
-            secrets = listToAttrs
-            (
-              [{ name = "frp/token"; value = {}; }]
-              ++ (map
-                (stcp: { name = "frp/stcp/${stcp.name}"; value = {}; })
-                (attrsToList (with frpClient; stcp // stcpVisitor)))
-            );
-          };
-          users =
-          {
-            users.frp = { uid = inputs.config.nixos.system.user.user.frp; group = "frp"; isSystemUser = true; };
-            groups.frp.gid = inputs.config.nixos.system.user.group.frp;
-          };
-        }
-      )
-      (
-        mkIf frpServer.enable
-        {
-          systemd.services.frps =
-            let
-              frps = "${inputs.pkgs.frp}/bin/frps";
-              config = inputs.config.sops.templates."frps.json";
-            in
-            {
-              description = "Frp Server Service";
-              after = [ "network.target" ];
-              serviceConfig =
-              {
-                Type = "simple";
-                User = "frp";
-                Restart = "on-failure";
-                RestartSec = "5s";
-                ExecStart = "${frps} -c ${config.path}";
-                LimitNOFILE = 1048576;
-              };
-              wantedBy= [ "multi-user.target" ];
-              restartTriggers = [ config.file ];
-            };
-          sops =
-          {
-            templates."frps.json" =
-            {
-              owner = inputs.config.users.users.frp.name;
-              group = inputs.config.users.users.frp.group;
-              content = builtins.toJSON
-              {
-                auth.token = inputs.config.sops.placeholder."frp/token";
-                transport.tls = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
-                {
-                  force = true;
-                  certFile = "${cert}/full.pem";
-                  keyFile = "${cert}/key.pem";
-                  serverName = frpServer.serverName;
-                };
-              };
-            };
-            secrets."frp/token" = {};
-          };
-          nixos.services.acme = { enable = true; cert.${frpServer.serverName}.group = "frp"; };
-          users =
-          {
-            users.frp = { uid = inputs.config.nixos.system.user.user.frp; group = "frp"; isSystemUser = true; };
-            groups.frp.gid = inputs.config.nixos.system.user.group.frp;
-          };
-          networking.firewall.allowedTCPPorts = [ 7000 ];
-        }
-      )
-    ];
-}

modules/services/fz-new-order/default.nix

@@ -1,115 +0,0 @@
-inputs:
-{
-  options.nixos.services.fz-new-order = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) fz-new-order;
-      inherit (inputs.localLib) attrsToList;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) map listToAttrs toString concatLists;
-    in mkIf fz-new-order.enable
-    {
-      users =
-      {
-        users.fz-new-order =
-        {
-          uid = inputs.config.nixos.system.user.user.fz-new-order;
-          group = "fz-new-order";
-          home = "/var/lib/fz-new-order";
-          createHome = true;
-          isSystemUser = true;
-        };
-        groups.fz-new-order.gid = inputs.config.nixos.system.user.group.fz-new-order;
-      };
-      systemd =
-      {
-        timers.fz-new-order =
-        {
-          wantedBy = [ "timers.target" ];
-          timerConfig =
-          {
-            OnBootSec = "10m";
-            OnUnitActiveSec = "10m";
-            Unit = "fz-new-order.service";
-          };
-        };
-        services.fz-new-order = rec
-        {
-          description = "fz-new-order";
-          after = [ "network.target" ];
-          requires = after;
-          serviceConfig =
-          {
-            User = inputs.config.users.users."fz-new-order".name;
-            Group = inputs.config.users.users."fz-new-order".group;
-            WorkingDirectory = "/var/lib/fz-new-order";
-            ExecStart =
-              let
-                src = inputs.pkgs.substituteAll
-                {
-                  src = ./main.cpp;
-                  config_file = inputs.config.sops.templates."fz-new-order/config.json".path;
-                };
-                binary = inputs.pkgs.stdenv.mkDerivation
-                {
-                  name = "fz-new-order";
-                  inherit src;
-                  buildInputs = with inputs.pkgs; [ jsoncpp.dev cereal fmt httplib ];
-                  dontUnpack = true;
-                  buildPhase =
-                  ''
-                    runHook preBuild
-                    g++ -std=c++20 -O2 -o fz-new-order ${src} -ljsoncpp -lfmt
-                    runHook postBuild
-                  '';
-                  installPhase =
-                  ''
-                    runHook preInstall
-                    mkdir -p $out/bin
-                    cp fz-new-order $out/bin/fz-new-order
-                    runHook postInstall
-                  '';
-                };
-              in "${binary}/bin/fz-new-order";
-          };
-        };
-        tmpfiles.rules =
-        [
-          "d /var/lib/fz-new-order 0700 fz-new-order fz-new-order"
-          "Z /var/lib/fz-new-order - fz-new-order fz-new-order"
-        ];
-      };
-      sops = let userNum = 6; configNum = 2; in
-      {
-        templates."fz-new-order/config.json" =
-        {
-          owner = inputs.config.users.users."fz-new-order".name;
-          group = inputs.config.users.users."fz-new-order".group;
-          content = let placeholder = inputs.config.sops.placeholder; in builtins.toJSON
-          {
-            manager = placeholder."fz-new-order/manager";
-            token = placeholder."fz-new-order/token";
-            uids = map (j: placeholder."fz-new-order/uids/user${toString j}") (builtins.genList (n: n) userNum);
-            config = map
-              (i: listToAttrs (map
-                (attrName: { name = attrName; value = placeholder."fz-new-order/config${toString i}/${attrName}"; })
-                [ "username" "password" "comment" ]))
-              (builtins.genList (n: n) configNum);
-          };
-        };
-        secrets =
-          { "fz-new-order/manager" = {}; "fz-new-order/token" = {}; }
-          // (listToAttrs (map
-            (i: { name = "fz-new-order/uids/user${toString i}"; value = {}; })
-            (builtins.genList (n: n) userNum)))
-          // (listToAttrs (concatLists (map
-            (i: map
-              (attrName: { name = "fz-new-order/config${toString i}/${attrName}"; value = {}; })
-              [ "username" "password" "comment" ])
-            (builtins.genList (n: n) configNum))));
-      };
-    };
-}

modules/services/fz-new-order/main.cpp

@@ -1,254 +0,0 @@
-# include <iostream>
-# include <set>
-# include <sstream>
-# include <filesystem>
-# include <cereal/types/set.hpp>
-# include <cereal/archives/json.hpp>
-# include <fmt/format.h>
-# include <fmt/ranges.h>
-# include <httplib.h>
-# include <json/json.h>
-
-std::string urlencode(std::string s)
-{
-  auto hexchar = [](unsigned char c, unsigned char &hex1, unsigned char &hex2)
-  {
-    hex1 = c / 16;
-    hex2 = c % 16;
-    hex1 += hex1 <= 9 ? '0' : 'a' - 10;
-    hex2 += hex2 <= 9 ? '0' : 'a' - 10;
-  };
-  const char *str = s.c_str();
-  std::vector<char> v(s.size());
-  v.clear();
-  for (std::size_t i = 0, l = s.size(); i < l; i++)
-  {
-    char c = str[i];
-    if
-    (
-      (c >= '0' && c <= '9')
-        || (c >= 'a' && c <= 'z')
-        || (c >= 'A' && c <= 'Z')
-        || c == '-' || c == '_' || c == '.' || c == '!' || c == '~'
-        || c == '*' || c == '\'' || c == '(' || c == ')'
-    )
-      v.push_back(c);
-    else
-    {
-      v.push_back('%');
-      unsigned char d1, d2;
-      hexchar(c, d1, d2);
-      v.push_back(d1);
-      v.push_back(d2);
-    }
-  }
-  return std::string(v.cbegin(), v.cend());
-}
-
-void oneshot
-(
-  const std::string& username, const std::string& password, const std::string& comment,
-  const std::set<std::string>& wxuser, const std::set<std::string>& manager, const std::string& token
-)
-{
-  httplib::Client fzclient("http://scmv9.fengzhansy.com:8882");
-  httplib::Client wxclient("http://wxpusher.zjiecode.com");
-  auto& log = std::clog;
-
-  try
-  {
-    // get JSESSIONID
-    auto cookie_jsessionid = [&]() -> std::string
-    {
-      log << "get /scmv9/login.jsp\n";
-      auto result = fzclient.Get("/scmv9/login.jsp");
-      if (result.error() != httplib::Error::Success)
-        throw std::runtime_error("request failed");
-      auto it = result.value().headers.find("Set-Cookie");
-      if (it == result.value().headers.end() || it->first != "Set-Cookie")
-        throw std::runtime_error("find cookie failed");
-      log << fmt::format("set_cookie JSESSIONID {}\n", it->second.substr(0, it->second.find(';')));
-      return it->second.substr(0, it->second.find(';'));
-    }();
-
-    // login
-    auto cookie_pppp = [&]() -> std::string
-    {
-      auto body = fmt::format("method=dologinajax&rand=1234&userc={}&mdid=P&passw={}", username, password);
-      httplib::Headers headers =
-      {
-        { "X-Requested-With", "XMLHttpRequest" },
-        {
-          "User-Agent",
-          "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
-        },
-        { "Content-Type", "application/x-www-form-urlencoded; charset=UTF-8" },
-        { "Origin", "http://scmv9.fengzhansy.com:8882" },
-        { "Referer", "http://scmv9.fengzhansy.com:8882/scmv9/login.jsp" },
-        { "Cookie", cookie_jsessionid }
-      };
-      log << "post /scmv9/data.jsp\n";
-      auto result = fzclient.Post("/scmv9/data.jsp", headers, body, "application/x-www-form-urlencoded; charset=UTF-8");
-      if (result.error() != httplib::Error::Success)
-        throw std::runtime_error("request failed");
-      log << fmt::format("set_cookie pppp {}\n", fmt::format("pppp={}%40{}", username, password));
-      return fmt::format("pppp={}%40{}", username, password);
-    }();
-
-    // get order list
-    auto order_list = [&]() -> std::map<std::string, std::pair<std::string, std::string>>
-    {
-      auto body = fmt::format("method=dgate&rand=1234&op=scmmgr_pcggl&nv%5B%5D=opmode&nv%5B%5D=dd_qry&nv%5B%5D=bill&nv%5B%5D=&nv%5B%5D=storeid&nv%5B%5D=&nv%5B%5D=vendorid&nv%5B%5D={}&nv%5B%5D=qr_status&nv%5B%5D=&nv%5B%5D=ddprt&nv%5B%5D=%25&nv%5B%5D=fdate&nv%5B%5D=&nv%5B%5D=tdate&nv%5B%5D=&nv%5B%5D=shfdate&nv%5B%5D=&nv%5B%5D=shtdate&nv%5B%5D=&nv%5B%5D=fy_pno&nv%5B%5D=1&nv%5B%5D=fy_psize&nv%5B%5D=10", username);
-      httplib::Headers headers =
-      {
-        { "X-Requested-With", "XMLHttpRequest" },
-        {
-          "User-Agent",
-          "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
-        },
-        { "Content-Type", "application/x-www-form-urlencoded; charset=UTF-8" },
-        { "Origin", "http://scmv9.fengzhansy.com:8882"
-        },
-        { "Referer", "http://scmv9.fengzhansy.com:8882/scmv9/SCM/cggl_po_qry.jsp" },
-        { "Cookie", fmt::format("{}; {}", cookie_jsessionid, cookie_pppp) }
-      };
-      log << "post /scmv9/data.jsp\n";
-      auto result = fzclient.Post("/scmv9/data.jsp", headers, body, "application/x-www-form-urlencoded; charset=UTF-8");
-      if (result.error() != httplib::Error::Success)
-        throw std::runtime_error("request failed");
-      log << fmt::format("get result {}\n", result.value().body);
-      std::stringstream result_body(result.value().body);
-      Json::Value root;
-      result_body >> root;
-      std::map<std::string, std::pair<std::string, std::string>> orders;
-      for (unsigned i = 0; i < root["dt"][1].size(); i++)
-      {
-        log << fmt::format
-        (
-          "insert order {} {} {}\n", root["dt"][1][i].asString(), root["dt"][2][i].asString(),
-          root["dt"][4][i].asString()
-        );
-        orders.insert({root["dt"][1][i].asString(), {root["dt"][2][i].asString(), root["dt"][4][i].asString()}});
-      }
-      return orders;
-    }();
-
-    // read order old
-    auto order_old = [&]() -> std::set<std::string>
-    {
-      if (!std::filesystem::exists("orders.json"))
-        return {};
-      else
-      {
-        std::ifstream ins("orders.json");
-        cereal::JSONInputArchive ina(ins);
-        std::set<std::string> data;
-        cereal::load(ina, data);
-        return data;
-      }
-    }();
-
-    // push new order info
-    for (const auto& order : order_list)
-      if (!order_old.contains(order.first))
-      {
-        for (const auto& user : manager)
-        {
-          auto path = fmt::format
-          (
-            "/api/send/message/?appToken={}&content={}&uid={}",
-            token, urlencode(fmt::format("push {}", order.first)), user
-          );
-          auto wxresult = wxclient.Get(path.c_str());
-        }
-
-        auto body = fmt::format
-        (
-          "method=dgate&rand=1234&op=scmmgr_pcggl&nv%5B%5D=opmode&nv%5B%5D=ddsp_qry&nv%5B%5D=bill&nv%5B%5D={}",
-          order.first
-        );
-        httplib::Headers headers =
-        {
-          { "X-Requested-With", "XMLHttpRequest" },
-          {
-            "User-Agent",
-            "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
-          },
-          { "Content-Type", "application/x-www-form-urlencoded; charset=UTF-8" },
-          { "Origin", "http://scmv9.fengzhansy.com:8882" },
-          { "Referer", "http://scmv9.fengzhansy.com:8882/scmv9/SCM/cggl_po_qry.jsp" },
-          { "Cookie", fmt::format("{}; {}", cookie_jsessionid, cookie_pppp) }
-        };
-        log << "post /scmv9/data.jsp\n";
-        auto result = fzclient.Post
-          ("/scmv9/data.jsp", headers, body, "application/x-www-form-urlencoded; charset=UTF-8");
-        if (result.error() != httplib::Error::Success)
-          throw std::runtime_error("request failed");
-        log << fmt::format("get result {}\n", result.value().body);
-        std::stringstream result_body(result.value().body);
-        Json::Value root;
-        result_body >> root;
-
-        std::stringstream push_body;
-        double all_cost = 0;
-        push_body << fmt::format
-        (
-          "{} {} {}店\n", comment, order.second.second.substr(order.second.second.find('-') + 1),
-          order.second.first.substr(1, 2)
-        );
-        for (unsigned i = 0; i < root["dt"][6].size(); i++)
-        {
-          push_body << fmt::format
-          (
-            "{} {}{}\n", root["dt"][6][i].asString().substr(root["dt"][6][i].asString().length() - 4),
-            root["dt"][7][i].asString(), root["dt"][5][i].asString()
-          );
-          // 订货金额 maybe empty ???
-          if (root["dt"][10][i].asString() != "")
-            all_cost += std::stod(root["dt"][10][i].asString());
-        }
-        push_body << fmt::format("共{:.2f}元\n", all_cost);
-        log << fmt::format("push to wx {}\n", push_body.str());
-        auto encoded = urlencode(push_body.str());
-            
-        for (const auto& wxu : wxuser)
-        {
-          auto path = fmt::format
-            ("/api/send/message/?appToken={}&content={}&uid={}", token, encoded, wxu);
-          auto wxresult = wxclient.Get(path.c_str());
-        }
-      }
-
-    // save data
-    {
-      for (const auto& order : order_list)
-        if (!order_old.contains(order.first))
-          order_old.insert(order.first);
-      std::ofstream os("orders.json");
-      cereal::JSONOutputArchive oa(os);
-      cereal::save(oa, order_old);
-    }
-  }
-  catch (const std::exception& ex)
-  {
-    log << ex.what() << "\n" << std::flush;
-    std::terminate();
-  }
-}
-
-int main(int argc, char** argv)
-{
-  Json::Value configs;
-  std::ifstream("@config_file@") >> configs;
-  auto config_uids = configs["uids"];
-  std::set<std::string> uids;
-  for (auto& uid : config_uids)
-    uids.insert(uid.asString());
-  for (auto& config : configs["config"])
-    oneshot
-    (
-      config["username"].asString(), config["password"].asString(), config["comment"].asString(),
-      uids, { configs["manager"].asString() }, configs["token"].asString()
-    );
-}
-

modules/services/gitea.nix

@@ -1,54 +0,0 @@
-inputs:
-{
-  options.nixos.services.gitea = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "git.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) gitea;
-      inherit (inputs.lib) mkIf;
-    in mkIf gitea.enable
-    {
-      services.gitea =
-      {
-        enable = true;
-        lfs.enable = true;
-        mailerPasswordFile = inputs.config.sops.secrets."gitea/mail".path;
-        database =
-          { createDatabase = false; type = "postgres"; passwordFile = inputs.config.sops.secrets."gitea/db".path; };
-        settings =
-        {
-          session.COOKIE_SECURE = true;
-          server =
-          {
-            ROOT_URL = "https://${gitea.hostname}";
-            DOMAIN = gitea.hostname;
-            HTTP_PORT = 3002;
-            SSH_DOMAIN = "ssh.${gitea.hostname}";
-          };
-          mailer =
-          {
-            ENABLED = true;
-            FROM = "bot@chn.moe";
-            PROTOCOL = "smtps";
-            SMTP_ADDR = "mail.chn.moe";
-            SMTP_PORT = 465;
-            USER = "bot@chn.moe";
-          };
-        };
-      };
-      nixos.services =
-      {
-        nginx = { enable = true; https."${gitea.hostname}".location."/".proxy.upstream = "http://127.0.0.1:3002"; };
-        postgresql.instances.gitea = {};
-      };
-      sops.secrets =
-      {
-        "gitea/mail" = { owner = "gitea"; key = "mail/bot"; };
-        "gitea/db" = { owner = "gitea"; key = "postgresql/gitea"; };
-        "mail/bot" = {};
-      };
-    };
-}

modules/services/grafana.nix

@@ -1,67 +0,0 @@
-inputs:
-{
-  options.nixos.services.grafana = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "grafana.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) grafana;
-      inherit (inputs.lib) mkIf;
-    in mkIf grafana.enable
-    {
-      services.grafana =
-      {
-        enable = true;
-        declarativePlugins = with inputs.pkgs.grafanaPlugins; [];
-        settings =
-        {
-          users = { verify_email_enabled = true; default_language = "zh-CN"; allow_sign_up = true; };
-          smtp =
-          {
-            enabled = true;
-            host = "mail.chn.moe";
-            user = "bot@chn.moe";
-            password = "$__file{${inputs.config.sops.secrets."grafana/mail".path}}";
-            from_address = "bot@chn.moe";
-            ehlo_identity = grafana.hostname;
-            startTLS_policy = "MandatoryStartTLS";
-          };
-          server = { root_url = "https://${grafana.hostname}"; http_port = 3001; enable_gzip = true; };
-          security =
-          {
-            secret_key = "$__file{${inputs.config.sops.secrets."grafana/secret".path}}";
-            admin_user = "chn";
-            admin_password = "$__file{${inputs.config.sops.secrets."grafana/chn".path}}";
-            admin_email = "chn@chn.moe";
-          };
-          database =
-          {
-            type = "postgres";
-            host = "127.0.0.1:5432";
-            user = "grafana";
-            password = "$__file{${inputs.config.sops.secrets."grafana/db".path}}";
-          };
-        };
-      };
-      nixos.services =
-      {
-        nginx =
-        {
-          enable = true;
-          https."${grafana.hostname}".location."/".proxy =
-            { upstream = "http://127.0.0.1:3001"; websocket = true; };
-        };
-        postgresql.instances.grafana = {};
-      };
-      sops.secrets = let owner = inputs.config.systemd.services.grafana.serviceConfig.User; in
-      {
-        "grafana/mail" = { owner = owner; key = "mail/bot"; };
-        "grafana/secret".owner = owner;
-        "grafana/chn".owner = owner;
-        "grafana/db" = { owner = owner; key = "postgresql/grafana"; };
-        "mail/bot" = {};
-      };
-    };
-}

modules/services/groupshare.nix

@@ -1,46 +0,0 @@
-inputs:
-{
-  options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    # hard to read value from inputs.config.users.users.xxx.home, causing infinite recursion
-    mountPoints = mkOption { type = types.listOf types.str; default = []; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) listToAttrs map concatLists concatStringsSep;
-      inherit (inputs.config.nixos.services) groupshare;
-      users = inputs.config.users.groups.groupshare.members;
-    in mkIf groupshare.enable
-    {
-      users.groups.groupshare.gid = inputs.config.nixos.system.user.group.groupshare;
-      systemd.tmpfiles.rules = [ "d /var/lib/groupshare" ]
-        ++ (concatLists (map
-          (user:
-          [
-            "d /var/lib/groupshare/${user} 2750 ${user} groupshare"
-            "Z /var/lib/groupshare/${user} - ${user} groupshare"
-            ("A /var/lib/groupshare/${user} - - - - "
-              # d 指 default, 即目录下新创建的文件和目录的权限
-              # 大写 X 指仅给目录执行权限
-              # m 指 mask, 即对于所有者以外的用户, 该用户的权限最大为 m 指定的权限
-              + (concatStringsSep "," (concatLists (map
-                (perm: [ "d:${perm}" perm ])
-                [ "u:${user}:rwX" "g:groupshare:r-X" "o::---" "m::r-x" ]))))
-          ])
-          users));
-      fileSystems = listToAttrs (map
-        (mountPoint:
-        {
-          name = mountPoint;
-          value =
-          {
-            device = "/var/lib/groupshare";
-            options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
-            depends = [ "/home" "/var/lib" ];
-          };
-        })
-        groupshare.mountPoints);
-    };
-}

modules/services/httpapi.nix

@@ -1,45 +0,0 @@
-inputs:
-{
-  options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) httpapi;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) toString map;
-    in mkIf httpapi.enable
-    {
-      nixos.services =
-      {
-        phpfpm.instances.httpapi = {};
-        nginx.https.${httpapi.hostname}.location =
-        {
-          "/files".static.root = "/srv/api";
-          "/led".static = { root = "/srv/api"; detectAuth.users = [ "led" ]; };
-          "/notify.php".php =
-          {
-            root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
-            fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
-          };
-        };
-      };
-      sops =
-      {
-        templates."httpapi/notify.php" =
-        {
-          owner = inputs.config.users.users.httpapi.name;
-          group = inputs.config.users.users.httpapi.group;
-          content =
-            let
-              placeholder = inputs.config.sops.placeholder;
-              request = "https://api.telegram.org/${placeholder."httpapi/token"}/sendMessage?chat_id=861886506&text=";
-            in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
-        };
-        secrets."httpapi/token" = {};
-      };
-      systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
-    };
-}

modules/services/httpua/default.nix

@@ -1,25 +0,0 @@
-inputs:
-{
-  options.nixos.services.httpua = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "ua.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) httpua;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) toString;
-    in mkIf httpua.enable
-    {
-      nixos.services =
-      {
-        phpfpm.instances.httpua = {};
-        nginx.http.${httpua.hostname}.php =
-        {
-          root = toString ./.;
-          fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi;
-        };
-      };
-    };
-}

modules/services/httpua/index.php

@@ -1 +0,0 @@
-<?php echo $_SERVER['HTTP_USER_AGENT']; ?>

modules/services/huginn.nix

@@ -1,66 +0,0 @@
-inputs:
-{
-  options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "huginn.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.services) huginn;
-    in mkIf huginn.enable
-    {
-      virtualisation.oci-containers.containers.huginn =
-      {
-        image = "huginn/huginn:2d5fcafc507da3e8c115c3479e9116a0758c5375";
-        imageFile = inputs.pkgs.dockerTools.pullImage
-        {
-          imageName = "ghcr.io/huginn/huginn";
-          imageDigest = "sha256:aa694519b196485c6c31582dde007859fc8b8bbe9b1d4d94c6db8558843d0458";
-          sha256 = "0471v20d7ilwx81kyrxjcb90nnmqyyi9mwazbpy3z4rhnzv7pz76";
-          finalImageName = "huginn/huginn";
-          finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
-        };
-        ports = [ "127.0.0.1:3000:3000/tcp" ];
-        extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
-        environmentFiles = [ inputs.config.sops.templates."huginn/env".path ];
-      };
-      sops =
-      {
-        templates."huginn/env".content = let placeholder = inputs.config.sops.placeholder; in
-        ''
-          MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
-          HUGINN_DATABASE_NAME=huginn
-          HUGINN_DATABASE_USERNAME=huginn
-          HUGINN_DATABASE_PASSWORD=${placeholder."mariadb/huginn"}
-          DOMAIN=${huginn.hostname}
-          RAILS_ENV=production
-          FORCE_SSL=true
-          INVITATION_CODE=${placeholder."huginn/invitationCode"}
-          SMTP_DOMAIN=mail.chn.moe
-          SMTP_USER_NAME=bot@chn.moe
-          SMTP_PASSWORD="${placeholder."mail/bot"}"
-          SMTP_SERVER=mail.chn.moe
-          SMTP_SSL=true
-          EMAIL_FROM_ADDRESS=bot@chn.moe
-          TIMEZONE=Beijing
-          DO_NOT_CREATE_DATABASE=true
-        '';
-        secrets = { "huginn/invitationCode" = {}; "mail/bot" = {}; };
-      };
-      nixos =
-      {
-        services =
-        {
-          nginx =
-          {
-            enable = true;
-            https."${huginn.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
-          };
-          mariadb.instances.huginn = {};
-        };
-        virtualization.docker.enable = true;
-      };
-    };
-}

modules/services/kmscon.nix

@@ -1,19 +0,0 @@
-inputs:
-{
-  options.nixos.services.kmscon = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.services) kmscon;
-    in mkIf kmscon.enable
-    {
-      services.kmscon =
-      {
-        enable = true;
-        fonts = [{ name = "FiraCode Nerd Font Mono"; package = inputs.pkgs.nerdfonts; }];
-      };
-    };
-}

modules/services/mariadb.nix

@@ -1,59 +0,0 @@
-inputs:
-{
-  options.nixos.services.mariadb = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    instances = mkOption
-    {
-      type = types.attrsOf (types.submodule (submoduleInputs: { options =
-      {
-        database = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-        user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-        passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-      };}));
-      default = {};
-    };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) mariadb;
-      inherit (inputs.lib) mkAfter mkIf;
-      inherit (inputs.localLib) attrsToList;
-      inherit (builtins) map listToAttrs concatStringsSep filter;
-    in mkIf mariadb.enable
-    {
-      services =
-      {
-        mysql =
-        {
-          enable = true;
-          package = inputs.pkgs.mariadb;
-          settings.mysqld.skip_name_resolve = true;
-          ensureDatabases = map (db: db.value.database) (attrsToList mariadb.instances);
-          ensureUsers = map
-            (db: { name = db.value.user; ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES"; })
-            (attrsToList mariadb.instances);
-        };
-        mysqlBackup =
-        {
-          enable = true;
-          singleTransaction = true;
-          databases = map (db: db.value.database) (attrsToList mariadb.instances);
-        };
-      };
-      systemd.services.mysql.postStart = mkAfter (concatStringsSep "\n" (map
-        (db:
-          let
-            passwordFile =
-              if db.value.passwordFile or null != null then db.value.passwordFile
-              else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
-            mysql = "${inputs.config.services.mysql.package}/bin/mysql";
-          in
-            # force user use password auth
-            ''echo "ALTER USER '${db.value.user}' IDENTIFIED BY '$(cat ${passwordFile})';" | ${mysql} -N'')
-        (attrsToList mariadb.instances)));
-      sops.secrets = listToAttrs (map
-        (db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
-        (filter (db: db.value.passwordFile == null) (attrsToList mariadb.instances)));
-    };
-}

modules/services/mastodon.nix

@@ -1,83 +0,0 @@
-inputs:
-{
-  options.nixos.services.mastodon = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "dudu.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) mastodon;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) toString;
-    in mkIf mastodon.enable
-    {
-      services.mastodon =
-      {
-        enable = true;
-        streamingProcesses = 1;
-        enableUnixSocket = false;
-        localDomain = mastodon.hostname;
-        database =
-        {
-          createLocally = false;
-          host = "127.0.0.1";
-          passwordFile = inputs.config.sops.secrets."mastodon/postgresql".path;
-        };
-        redis.createLocally = false;
-        smtp =
-        {
-          createLocally = false;
-          user = "bot@chn.moe";
-          port = 465;
-          passwordFile = inputs.config.sops.secrets."mastodon/mail".path;
-          host = "mail.chn.moe";
-          fromAddress = "bot@chn.moe";
-          authenticate = true;
-        };
-        extraEnvFiles = [ inputs.config.sops.templates."mastodon/env".path ];
-      };
-      nixos.services =
-      {
-        postgresql = { enable = true; instances.mastodon = {}; };
-        redis.instances.mastodon.port = inputs.config.services.mastodon.redis.port;
-        nginx =
-        {
-          enable = true;
-          https."${mastodon.hostname}".location =
-          {
-            "/system/".alias.path = "/var/lib/mastodon/public-system/";
-            "/".static =
-              { root = "${inputs.config.services.mastodon.package}/public"; tryFiles = [ "$uri" "@proxy" ]; };
-            "@proxy".proxy =
-              { upstream = "http://127.0.0.1:${toString inputs.config.services.mastodon.webPort}"; websocket = true; };
-            "/api/v1/streaming/".proxy =
-            {
-              upstream = "http://unix:/run/mastodon-streaming/streaming-1.socket";
-              websocket = true;
-            };
-          };
-        };
-      };
-      sops =
-      {
-        secrets =
-        {
-          "mastodon/mail" = { owner = "mastodon"; key = "mail/bot"; };
-          "mastodon/postgresql" = { owner = "mastodon"; key = "postgresql/mastodon"; };
-        };
-        templates."mastodon/env" =
-        {
-          owner = "mastodon";
-          content =
-          ''
-            REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/mastodon"}
-            SMTP_SSL=true
-            SMTP_AUTH_METHOD=plain
-          '';
-        };
-      };
-      environment.systemPackages = [ inputs.config.services.mastodon.package ];
-      # sudo -u mastodon mastodon-tootctl accounts modify chn --role Owner
-    };
-}

modules/services/meilisearch.nix

@@ -1,114 +0,0 @@
-inputs:
-{
-  options.nixos.services.meilisearch = let inherit (inputs.lib) mkOption types; in
-  {
-    instances = mkOption
-    {
-      type = types.attrsOf (types.submodule (submoduleInputs: { options =
-      {
-        user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-        port = mkOption { type = types.ints.unsigned; };
-      };}));
-      default = {};
-    };
-    ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) meilisearch;
-      inherit (inputs.localLib) stripeTabs attrsToList;
-      inherit (builtins) map listToAttrs concatLists;
-    in
-    {
-      systemd =
-      {
-        services = listToAttrs (map
-          (instance:
-          {
-            name = "meilisearch-${instance.name}";
-            value =
-            {
-              description = "meiliSearch ${instance.name}";
-              wantedBy = [ "multi-user.target" ];
-              after = [ "network.target" ];
-              # environment.RUST_BACKTRACE = "full";
-              serviceConfig =
-              {
-                User = instance.value.user;
-                Group = inputs.config.users.users.${instance.value.user}.group;
-                ExecStart =
-                  let
-                    meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
-                    {
-                      RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
-                        ++ (
-                          let inherit (inputs.config.nixos.system.nixpkgs) march;
-                          in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
-                        );
-                    });
-                    config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
-                  in
-                    "${meilisearch}/bin/meilisearch --config-file-path ${config}";
-                Restart = "always";
-                StartLimitBurst = 3;
-                LimitNOFILE = "infinity";
-                LimitNPROC = "infinity";
-                LimitCORE = "infinity";
-                CPUSchedulingPolicy = "idle";
-                IOSchedulingClass = "idle";
-                IOSchedulingPriority = 4;
-                IOAccounting = true;
-                IOWeight = 1;
-                Nice = 19;
-                Slice = "-.slice";
-              }
-              // (if meilisearch.ioLimitDevice != null then
-              {
-                IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
-                IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
-                # iostat -dx 1
-                IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
-                IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
-              } else {});
-            };
-          })
-          (attrsToList meilisearch.instances));
-        tmpfiles.rules = concatLists (map
-          (instance:
-            let
-              user = instance.value.user;
-              group = inputs.config.users.users.${instance.value.user}.group;
-              dir = "/var/lib/meilisearch/${instance.name}";
-            in
-              [ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
-          (attrsToList meilisearch.instances));
-      };
-      sops =
-      {
-        templates = listToAttrs (map
-          (instance:
-          {
-            name = "meilisearch-${instance.name}.toml";
-            value =
-            {
-              content =
-              ''
-                db_path = "/var/lib/meilisearch/${instance.name}"
-                http_addr = "0.0.0.0:${toString instance.value.port}"
-                master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
-                env = "production"
-                dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
-                log_level = "INFO"
-                max_indexing_memory = "16Gb"
-                max_indexing_threads = 1
-              '';
-              owner = instance.value.user;
-            };
-          })
-          (attrsToList meilisearch.instances));
-        secrets = listToAttrs (map
-          (instance: { name = "meilisearch/${instance.name}"; value = {}; })
-          (attrsToList meilisearch.instances));
-      };
-    };
-}

modules/services/mirism.nix

@@ -1,75 +0,0 @@
-inputs:
-{
-  options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) mirism;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) map listToAttrs toString concatLists;
-    in mkIf mirism.enable
-    {
-      users =
-      {
-        users.mirism = { uid = inputs.config.nixos.system.user.user.mirism; group = "mirism"; isSystemUser = true; };
-        groups.mirism.gid = inputs.config.nixos.system.user.group.mirism;
-      };
-      systemd =
-      {
-        services = listToAttrs (map
-          (instance:
-          {
-            name = "mirism-${instance}";
-            value =
-            {
-              description = "mirism ${instance}";
-              after = [ "network.target" ];
-              wantedBy = [ "multi-user.target" ];
-              serviceConfig =
-              {
-                User = inputs.config.users.users.mirism.name;
-                Group = inputs.config.users.users.mirism.group;
-                ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";
-                RuntimeMaxSec = "1d";
-                Restart = "always";
-              };
-            };
-          })
-          [ "ng01" "beta" ]);
-        tmpfiles.rules = concatLists (map
-          (dir: [ "d /srv/${dir}mirism 0700 nginx nginx" "Z /srv/${dir}mirism - nginx nginx" ])
-          [ "" "entry." ]);
-      };
-      nixos.services =
-      {
-        nginx =
-        {
-          enable = true;
-          transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };
-          https = listToAttrs (map
-            (instance:
-            {
-              name = "${instance}mirism.one";
-              value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };
-            })
-            [ "entry." "" ]);
-        };
-        acme = { enable = true; cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; }; };
-      };
-      environment.etc = listToAttrs (concatLists (map
-        (instance:
-        [
-          {
-            name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";
-            value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";
-          }
-          {
-            name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";
-            value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";
-          }
-        ])
-        [ "ng01" "beta" ]));
-    };
-}

modules/services/misskey.nix

@@ -1,173 +0,0 @@
-inputs:
-{
-  options.nixos.services.misskey.instances = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.attrsOf (types.submodule { options =
-    {
-      autoStart = mkOption { type = types.bool; default = true; };
-      port = mkOption { type = types.ints.unsigned; default = 9726; };
-      redis.port = mkOption { type = types.ints.unsigned; default = 3545; };
-      hostname = mkOption { type = types.nonEmptyStr; default = "misskey.chn.moe"; };
-      meilisearch =
-      {
-        enable = mkOption { type = types.bool; default = true; };
-        port = mkOption { type = types.ints.unsigned; default = 7700; };
-      };
-    };});
-    default = {};
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) misskey;
-      inherit (inputs.localLib) attrsToList;
-      inherit (inputs.lib) mkMerge mkIf;
-      inherit (builtins) map listToAttrs toString replaceStrings filter;
-    in
-    {
-      systemd = mkMerge (map
-        (instance:
-        {
-          services."misskey-${instance.name}" = rec
-          {
-            enable = instance.value.autoStart;
-            description = "misskey ${instance.name}";
-            after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
-              ++ (if instance.value.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ]
-                else []);
-            requires = after;
-            wantedBy = [ "multi-user.target" ];
-            environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
-            serviceConfig = rec
-            {
-              User = inputs.config.users.users."misskey-${instance.name}".name;
-              Group = inputs.config.users.users."misskey-${instance.name}".group;
-              WorkingDirectory = "/var/lib/misskey/${instance.name}/work";
-              ExecStart = "${WorkingDirectory}/bin/misskey";
-              CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
-              AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
-              Restart = "always";
-            };
-          };
-          tmpfiles.rules = let dir = "/var/lib/misskey/${instance.name}/files"; owner = "misskey-${instance.name}"; in
-            [ "d ${dir} 0700 ${owner} ${owner}" "Z ${dir} - ${owner} ${owner}" ];
-        })
-        (attrsToList misskey.instances));
-      fileSystems = mkMerge (map
-        (instance:
-        {
-          "/var/lib/misskey/${instance.name}/work" =
-          {
-            device = "${inputs.pkgs.localPackages.misskey}";
-            options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
-          };
-          "/var/lib/misskey/${instance.name}/work/files" =
-          {
-            device = "/var/lib/misskey/${instance.name}/files";
-            options = [ "bind" "private" "x-gvfs-hide" "X-fstrim.notrim" ];
-          };
-        })
-        (attrsToList misskey.instances));
-      sops.templates = listToAttrs (map
-        (instance:
-        {
-          name = "misskey/${instance.name}.yml";
-          value =
-          {
-            content =
-              let
-                placeholder = inputs.config.sops.placeholder;
-                redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
-                meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
-              in
-              ''
-                url: https://${instance.value.hostname}/
-                port: ${toString instance.value.port}
-                db:
-                  host: 127.0.0.1
-                  port: 5432
-                  db: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
-                  user: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
-                  pass: ${placeholder."postgresql/misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"}
-                  extra:
-                    statement_timeout: 600000
-                dbReplications: false
-                redis:
-                  host: 127.0.0.1
-                  port: ${toString redis.port}
-                  pass: ${placeholder."redis/misskey-${instance.name}"}
-                id: 'aid'
-                proxyBypassHosts:
-                  - api.deepl.com
-                  - api-free.deepl.com
-                  - www.recaptcha.net
-                  - hcaptcha.com
-                  - challenges.cloudflare.com
-                proxyRemoteFiles: true
-                signToActivityPubGet: true
-                maxFileSize: 1073741824
-              ''
-              + (if instance.value.meilisearch.enable then
-              ''
-                meilisearch:
-                  host: 127.0.0.1
-                  port: ${toString meilisearch.port}
-                  apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
-                  ssl: false
-                  index: misskey
-                  scope: globa
-              '' else "");
-            owner = inputs.config.users.users."misskey-${instance.name}".name;
-          };
-        })
-        (attrsToList misskey.instances));
-      users = mkMerge (map
-        (instance:
-        {
-          users."misskey-${instance.name}" =
-          {
-            uid = inputs.config.nixos.system.user.user."misskey-${instance.name}";
-            group = "misskey-${instance.name}";
-            home = "/var/lib/misskey/${instance.name}";
-            createHome = true;
-            isSystemUser = true;
-          };
-          groups."misskey-${instance.name}".gid = inputs.config.nixos.system.user.group."misskey-${instance.name}";
-        })
-        (attrsToList misskey.instances));
-      nixos.services =
-      {
-        redis.instances = listToAttrs (map
-          (instance: { name = "misskey-${instance.name}"; value.port = instance.value.redis.port; })
-          (attrsToList misskey.instances));
-        postgresql =
-        {
-          enable = mkIf (misskey.instances != {}) true;
-          instances = listToAttrs (map
-            (instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
-            (attrsToList misskey.instances));
-        };
-        meilisearch.instances = listToAttrs (map
-          (instance:
-          {
-            name = "misskey-${instance.name}";
-            value =
-            {
-              user = inputs.config.users.users."misskey-${instance.name}".name;
-              port = instance.value.meilisearch.port;
-            };
-          })
-          (filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances)));
-        nginx =
-        {
-          enable = mkIf (misskey.instances != {}) true;
-          https = listToAttrs (map
-            (instance: with instance.value;
-            {
-              name = hostname;
-              value.location."/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
-            })
-            (attrsToList misskey.instances));
-        };
-      };
-    };
-}

modules/services/nextcloud.nix

@@ -1,98 +0,0 @@
-inputs:
-{
-  options.nixos.services.nextcloud = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "nextcloud.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) nextcloud;
-      inherit (inputs.localLib) attrsToList;
-      inherit (inputs.lib) mkIf mkMerge;
-      inherit (builtins) map listToAttrs toString replaceStrings filter toJSON;
-    in mkIf nextcloud.enable
-    {
-      services.nextcloud =
-      {
-        enable = true;
-        hostName = nextcloud.hostname;
-        appstoreEnable = false;
-        https = true;
-        package = inputs.pkgs.nextcloud27;
-        maxUploadSize = "10G";
-        config =
-        {
-          dbtype = "pgsql";
-          dbpassFile = inputs.config.sops.secrets."nextcloud/postgresql".path;
-          dbport = 5432;
-          adminuser = "admin";
-          adminpassFile = inputs.config.sops.secrets."nextcloud/admin".path;
-          overwriteProtocol = "https";
-          defaultPhoneRegion = "CN";
-        };
-        configureRedis = true;
-        extraOptions =
-        {
-          mail_domain = "chn.moe";
-          mail_from_address = "bot";
-          mail_smtphost = "mail.chn.moe";
-          mail_smtpport = 465;
-          mail_smtpsecure = "ssl";
-          mail_smtpauth = true;
-          mail_smtpname = "bot@chn.moe";
-          updatechecker = false;
-        };
-        secretFile = inputs.config.sops.templates."nextcloud/secret".path;
-        extraApps =
-          let
-            githubRelease = repo: file: "https://github.com/${repo}/releases/download/${file}";
-          in
-          {
-            # nix-prefetch-url --unpack
-            maps = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "nextcloud/maps" "v1.1.1/maps-1.1.1.tar.gz";
-              sha256 = "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9";
-              license = "agpl3";
-            };
-            phonetrack = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "julien-nc/phonetrack" "v0.7.6/phonetrack-0.7.6.tar.gz";
-              sha256 = "1p15vw7c5c1h08czyxi1r6svjd5hjmnc0i6is4vl3xq2kfjmcyyx";
-              license = "agpl3";
-            };
-            twofactor_webauthn = inputs.pkgs.fetchNextcloudApp
-            {
-              url = githubRelease "nextcloud-releases/twofactor_webauthn" "v1.3.0/twofactor_webauthn-v1.3.0.tar.gz";
-              sha256 = "0z6m2chq5kxc8f10g6n1lh51yi10svy2qp5gp0v8xs71apqcc2wx";
-              license = "agpl3";
-            };
-          };
-        };
-      nixos.services =
-      {
-        postgresql = { enable = true; instances.nextcloud = {}; };
-        redis.instances.nextcloud.port = 3499;
-        nginx = { enable = true; https.${nextcloud.hostname}.global.configName = nextcloud.hostname; };
-      };
-      sops =
-      {
-        templates."nextcloud/secret" =
-        {
-          content = toJSON
-          {
-            redis.password = inputs.config.sops.placeholder."redis/nextcloud";
-            mail_smtppassword = inputs.config.sops.placeholder."mail/bot";
-          };
-          owner = inputs.config.users.users.nextcloud.name;
-        };
-        secrets =
-        {
-          "nextcloud/postgresql" = { key = "postgresql/nextcloud"; owner = inputs.config.users.users.nextcloud.name; };
-          "nextcloud/admin".owner = inputs.config.users.users.nextcloud.name;
-        };
-      };
-      systemd.services.nextcloud-setup = rec { requires = [ "postgresql.service" ]; after = requires; };
-    };
-}

modules/services/nginx/applications/blog.nix

@@ -1,17 +0,0 @@
-inputs:
-{
-  options.nixos.services.nginx.applications.blog = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services.nginx.applications) blog;
-      inherit (inputs.lib) mkIf;
-    in mkIf blog.enable
-    {
-      nixos.services.nginx.https."blog.chn.moe".location."/".static =
-        { root = "/srv/blog"; index = [ "index.html" ]; };
-      systemd.tmpfiles.rules = [ "d /srv/blog 0700 nginx nginx" "Z /srv/blog - nginx nginx" ];
-    };
-}

modules/services/nginx/applications/catalog.nix

@@ -1,17 +0,0 @@
-inputs:
-{
-  options.nixos.services.nginx.applications.catalog = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services.nginx.applications) catalog;
-      inherit (inputs.lib) mkIf;
-    in mkIf catalog.enable
-    {
-      nixos.services.nginx.https."catalog.chn.moe".location."/".static =
-        { root = "/srv/catalog"; index = [ "index.html" ]; };
-      systemd.tmpfiles.rules = [ "d /srv/catalog 0700 nginx nginx" "Z /srv/catalog - nginx nginx" ];
-    };
-}

modules/services/nginx/applications/default.nix

@@ -1,13 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules
-  [
-    ./element.nix
-    ./synapse-admin.nix
-    ./kkmeeting.nix
-    ./webdav.nix
-    ./blog.nix
-    ./catalog.nix
-    ./main.nix
-  ];
-}

modules/services/nginx/applications/element.nix

@@ -1,38 +0,0 @@
-inputs:
-{
-  options.nixos.services.nginx.applications.element.instances = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.attrsOf (types.submodule (submoduleInputs: { options =
-    {
-      hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-      defaultServer = mkOption { type = types.nullOr types.nonEmptyStr; default = "matrix.chn.moe"; };
-    };}));
-    default = {};
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services.nginx.applications.element) instances;
-      inherit (inputs.localLib) attrsToList;
-      inherit (builtins) map listToAttrs toString;
-    in
-    {
-      nixos.services.nginx.https = listToAttrs (map
-        (instance: with instance.value;
-        {
-          name = hostname;
-          value.location."/".static =
-          {
-            root =
-              if defaultServer == null then toString inputs.pkgs.element-web
-              else toString (inputs.pkgs.element-web.override { conf =
-              {
-                default_server_config."m.homeserver" =
-                  { base_url = "https://${defaultServer}"; server_name = defaultServer; };
-                disable_guests = false;
-              };});
-            index = [ "index.html" ];
-          };
-        })
-        (attrsToList instances));
-    };
-}

modules/services/nginx/applications/kkmeeting.nix

@@ -1,18 +0,0 @@
-inputs:
-{
-  options.nixos.services.nginx.applications.kkmeeting = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "kkmeeting.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services.nginx.applications) kkmeeting;
-      inherit (inputs.lib) mkIf;
-    in mkIf kkmeeting.enable
-    {
-      nixos.services.nginx.https.${kkmeeting.hostname}.location."/".static =
-        { root = "/srv/kkmeeting"; index = "auto"; charset = "utf-8"; };
-      systemd.tmpfiles.rules = [ "d /srv/kkmeeting 0700 nginx nginx" "Z /srv/kkmeeting - nginx nginx" ];
-    };
-}

modules/services/nginx/applications/main.nix

@@ -1,23 +0,0 @@
-inputs:
-{
-  options.nixos.services.nginx.applications.main = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services.nginx.applications) main;
-      inherit (inputs.lib) mkIf;
-    in mkIf main.enable
-    {
-      nixos.services.nginx.https."chn.moe".location =
-      {
-        "/".return.return = "302 https://xn--s8w913fdga.chn.moe/@chn";
-        "/.well-known/matrix/server".proxy =
-        {
-          setHeaders.Host = "matrix.chn.moe";
-          upstream = "https://matrix.chn.moe";
-        };
-      };
-    };
-}