mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 03:18:45 +08:00
Compare commits
12 Commits
489a6d8866
...
b8b93e2b85
| Author | SHA1 | Date | |
|---|---|---|---|
| b8b93e2b85 | |||
| 5e648574fb | |||
| 3d08a3b498 | |||
| ff4bbd4b48 | |||
| 24d167cb3f | |||
| dda3eb369f | |||
| 60d7cddcb7 | |||
| 6bb54b042c | |||
| 32a38afebb | |||
| 22c31b4511 | |||
| dba0ed975b | |||
| beca8ed39c |
@ -64,14 +64,10 @@ inputs:
|
||||
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
|
||||
groupshare = {};
|
||||
smartd.enable = true;
|
||||
beesd =
|
||||
beesd.instances =
|
||||
{
|
||||
enable = true;
|
||||
instances =
|
||||
{
|
||||
root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
nix = { device = "/nix"; hashTableSizeMB = 128; };
|
||||
};
|
||||
root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
nix = { device = "/nix"; hashTableSizeMB = 128; };
|
||||
};
|
||||
frpClient =
|
||||
{
|
||||
|
||||
@ -62,11 +62,7 @@ inputs:
|
||||
{
|
||||
cpus = [ "amd" ];
|
||||
gpu = { type = "amd+nvidia"; prime.busId = { amd = "8:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; };
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
legion.enable = true;
|
||||
legion = {};
|
||||
};
|
||||
packages.packageSet = "workstation";
|
||||
virtualization =
|
||||
@ -109,7 +105,7 @@ inputs:
|
||||
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
|
||||
smartd.enable = true;
|
||||
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; }; };
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
|
||||
@ -34,15 +34,7 @@ inputs:
|
||||
kernel.patches = [ "cjktty" "lantian" "surface" ];
|
||||
networking.hostname = "surface";
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpu.type = "intel";
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
packages.packageSet = "desktop-fat";
|
||||
virtualization = { docker.enable = true; waydroid.enable = true; };
|
||||
services =
|
||||
@ -59,7 +51,7 @@ inputs:
|
||||
publicKey = "j7qEeODVMH31afKUQAmKRGLuqg8Bxd0dIPbo17LHqAo=";
|
||||
wireguardIp = "192.168.83.5";
|
||||
};
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 512; }; };
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
|
||||
};
|
||||
bugs = [ "xmunet" ];
|
||||
};
|
||||
|
||||
@ -67,7 +67,7 @@ inputs:
|
||||
coturn = {};
|
||||
httpua = {};
|
||||
mirism.enable = true;
|
||||
fail2ban.enable = true;
|
||||
fail2ban = {};
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
@ -77,7 +77,7 @@ inputs:
|
||||
listenIp = "74.211.99.69";
|
||||
lighthouse = true;
|
||||
};
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 64; }; };
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -52,7 +52,7 @@ inputs:
|
||||
};
|
||||
xrdp = { enable = true; hostname = [ "vps7.chn.moe" ]; };
|
||||
vaultwarden.enable = true;
|
||||
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 1024; };
|
||||
photoprism.enable = true;
|
||||
nextcloud.enable = true;
|
||||
freshrss.enable = true;
|
||||
@ -63,7 +63,7 @@ inputs:
|
||||
httpapi.enable = true;
|
||||
gitea.enable = true;
|
||||
grafana.enable = true;
|
||||
fail2ban.enable = true;
|
||||
fail2ban = {};
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
* 显卡:
|
||||
* 4090:24 G 显存。
|
||||
* 3090:24 G 显存。
|
||||
* 2080Ti: 12 G 显存。
|
||||
* 硬盘:2 T。
|
||||
|
||||
# 队列系统(SLURM)
|
||||
|
||||
@ -52,15 +52,7 @@ inputs:
|
||||
networking.hostname = "xmupc1";
|
||||
nix.remote.slave.enable = true;
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "amd" ];
|
||||
gpu.type = "nvidia";
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
|
||||
packages.packageSet = "workstation";
|
||||
virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
|
||||
services =
|
||||
@ -71,14 +63,10 @@ inputs:
|
||||
xray.client = {};
|
||||
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
|
||||
smartd.enable = true;
|
||||
beesd =
|
||||
beesd.instances =
|
||||
{
|
||||
enable = true;
|
||||
instances =
|
||||
{
|
||||
root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
|
||||
nix = { device = "/nix"; hashTableSizeMB = 512; };
|
||||
};
|
||||
root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
|
||||
nix = { device = "/nix"; hashTableSizeMB = 512; };
|
||||
};
|
||||
wireguard =
|
||||
{
|
||||
@ -92,7 +80,7 @@ inputs:
|
||||
enable = true;
|
||||
cpu = { cores = 16; threads = 2; };
|
||||
memoryMB = 94208;
|
||||
gpus = { "p5000" = 1; "3090" = 1; "4090" = 1; };
|
||||
gpus = { "2080_ti" = 1; "3090" = 1; "4090" = 1; };
|
||||
};
|
||||
xrdp = { enable = true; hostname = [ "xmupc1.chn.moe" ]; };
|
||||
samba =
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* 内存:256 G。
|
||||
* 显卡:
|
||||
* 4090:24 G 显存。
|
||||
* 2080Ti:12 G 显存。
|
||||
* P5000:16 G 显存。
|
||||
* 硬盘:18 T。
|
||||
|
||||
# 支持的连接协议
|
||||
|
||||
@ -46,15 +46,7 @@ inputs:
|
||||
networking.hostname = "xmupc2";
|
||||
nix.remote.slave.enable = true;
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpu.type = "nvidia";
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; };
|
||||
packages.packageSet = "workstation";
|
||||
virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
|
||||
services =
|
||||
@ -65,11 +57,7 @@ inputs:
|
||||
xray.client = {};
|
||||
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
|
||||
smartd.enable = true;
|
||||
beesd =
|
||||
{
|
||||
enable = true;
|
||||
instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
|
||||
};
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
@ -82,20 +70,14 @@ inputs:
|
||||
enable = true;
|
||||
cpu = { sockets = 2; cores = 22; threads = 2; };
|
||||
memoryMB = 253952;
|
||||
gpus = { "4090" = 1; "2080_ti" = 1; };
|
||||
gpus = { "4090" = 1; "p5000" = 1; };
|
||||
};
|
||||
xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
hostsAllowed = "";
|
||||
shares = { home.path = "/home"; root.path = "/"; };
|
||||
};
|
||||
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
};
|
||||
bugs = [ "xmunet" ];
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" ];
|
||||
};
|
||||
powerManagement.cpuFreqGovernor = "ondemand";
|
||||
};
|
||||
}
|
||||
|
||||
18
flake.lock
18
flake.lock
@ -391,11 +391,11 @@
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708989027,
|
||||
"narHash": "sha256-14HU66SKCszBP0h+/g/5YLfSksSro+AeEUFFchH0VWA=",
|
||||
"lastModified": 1711262477,
|
||||
"narHash": "sha256-fK1OsvjJwQlTeGJHcngxM2iWICCJ/vnG1qJq6U3H7UQ=",
|
||||
"owner": "Mic92",
|
||||
"repo": "envfs",
|
||||
"rev": "3273ab593b97adf85e89210233bf7d9324177e46",
|
||||
"rev": "4aa4816dd9b5c38db4005ca18a42d8070242eec5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -624,11 +624,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698882062,
|
||||
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
|
||||
"lastModified": 1709336216,
|
||||
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
|
||||
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2264,11 +2264,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1699786194,
|
||||
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
|
||||
"lastModified": 1710781103,
|
||||
"narHash": "sha256-nehQK/XTFxfa6rYKtbi8M1w+IU1v5twYhiyA4dg1vpg=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
|
||||
"rev": "7ee5aaac63c30d3c97a8c56efe89f3b2aa9ae564",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@ -42,7 +42,7 @@ lib: rec
|
||||
# - all .nix file in the directory except for default.nix
|
||||
# - all directories containing a default.nix
|
||||
findModules = path:
|
||||
builtins.filter (path: path != null) (builtins.map
|
||||
mkModules (builtins.filter (path: path != null) (builtins.map
|
||||
(subPath:
|
||||
if subPath.value == "regular" && subPath.name != "default.nix"
|
||||
then if lib.strings.hasSuffix ".nix" subPath.name
|
||||
@ -53,5 +53,5 @@ lib: rec
|
||||
then "${path}/${subPath.name}"
|
||||
else null
|
||||
else null)
|
||||
(attrsToList (builtins.readDir path)));
|
||||
(attrsToList (builtins.readDir path))));
|
||||
}
|
||||
|
||||
@ -1,77 +1,71 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.hardware = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
bluetooth.enable = mkOption { type = types.bool; default = false; };
|
||||
joystick.enable = mkOption { type = types.bool; default = false; };
|
||||
printer.enable = mkOption { type = types.bool; default = false; };
|
||||
sound.enable = mkOption { type = types.bool; default = false; };
|
||||
bluetooth = mkOption { type = types.nullOr (types.submodule {}); default = {}; };
|
||||
joystick = mkOption { type = types.nullOr (types.submodule {}); default = {}; };
|
||||
printer = mkOption { type = types.nullOr (types.submodule {}); default = {}; };
|
||||
sound = mkOption { type = types.nullOr (types.submodule {}); default = {}; };
|
||||
cpus = mkOption { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.config.nixos) hardware;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
in mkMerge
|
||||
[
|
||||
# bluetooth
|
||||
(mkIf hardware.bluetooth.enable { hardware.bluetooth.enable = true; })
|
||||
# joystick
|
||||
(mkIf hardware.joystick.enable { hardware = { xone.enable = true; xpadneo.enable = true; }; })
|
||||
# printer
|
||||
(
|
||||
mkIf hardware.printer.enable
|
||||
config = let inherit (inputs.config.nixos) hardware; in inputs.lib.mkMerge
|
||||
[
|
||||
# bluetooth
|
||||
(inputs.lib.mkIf (hardware.bluetooth != null) { hardware.bluetooth.enable = true; })
|
||||
# joystick
|
||||
(inputs.lib.mkIf (hardware.joystick != null) { hardware = { xone.enable = true; xpadneo.enable = true; }; })
|
||||
# printer
|
||||
(
|
||||
inputs.lib.mkIf (hardware.printer != null)
|
||||
{
|
||||
services =
|
||||
{
|
||||
services =
|
||||
{
|
||||
printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
|
||||
avahi = { enable = true; nssmdns = true; openFirewall = true; };
|
||||
};
|
||||
}
|
||||
)
|
||||
# sound
|
||||
(
|
||||
mkIf hardware.sound.enable
|
||||
{
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
environment.etc."wireplumber/main.lua.d/50-alsa-config.lua".text =
|
||||
let
|
||||
content = builtins.readFile
|
||||
(inputs.pkgs.wireplumber + "/share/wireplumber/main.lua.d/50-alsa-config.lua");
|
||||
matched = builtins.match
|
||||
".*\n([[:space:]]*)(--\\[\"session\\.suspend-timeout-seconds\"][^\n]*)[\n].*" content;
|
||||
spaces = builtins.elemAt matched 0;
|
||||
comment = builtins.elemAt matched 1;
|
||||
config = ''["session.suspend-timeout-seconds"] = 0'';
|
||||
in
|
||||
builtins.replaceStrings [(spaces + comment)] [(spaces + config)] content;
|
||||
}
|
||||
)
|
||||
# cpus
|
||||
(
|
||||
mkIf (hardware.cpus != [])
|
||||
{
|
||||
hardware.cpu = listToAttrs
|
||||
(map (name: { inherit name; value = { updateMicrocode = true; }; }) hardware.cpus);
|
||||
boot.initrd.availableKernelModules =
|
||||
let
|
||||
modules =
|
||||
{
|
||||
intel =
|
||||
[
|
||||
"intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
|
||||
];
|
||||
amd = [];
|
||||
};
|
||||
in
|
||||
concatLists (map (cpu: modules.${cpu}) hardware.cpus);
|
||||
}
|
||||
)
|
||||
];
|
||||
printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
|
||||
avahi = { enable = true; nssmdns = true; openFirewall = true; };
|
||||
};
|
||||
}
|
||||
)
|
||||
# sound
|
||||
(
|
||||
inputs.lib.mkIf (hardware.sound != null)
|
||||
{
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
environment.etc."wireplumber/main.lua.d/50-alsa-config.lua".text =
|
||||
let
|
||||
content = builtins.readFile
|
||||
(inputs.pkgs.wireplumber + "/share/wireplumber/main.lua.d/50-alsa-config.lua");
|
||||
matched = builtins.match
|
||||
".*\n([[:space:]]*)(--\\[\"session\\.suspend-timeout-seconds\"][^\n]*)[\n].*" content;
|
||||
spaces = builtins.elemAt matched 0;
|
||||
comment = builtins.elemAt matched 1;
|
||||
config = ''["session.suspend-timeout-seconds"] = 0'';
|
||||
in
|
||||
builtins.replaceStrings [(spaces + comment)] [(spaces + config)] content;
|
||||
}
|
||||
)
|
||||
# cpus
|
||||
(
|
||||
inputs.lib.mkIf (hardware.cpus != [])
|
||||
{
|
||||
hardware.cpu = builtins.listToAttrs
|
||||
(map (name: { inherit name; value = { updateMicrocode = true; }; }) hardware.cpus);
|
||||
boot.initrd.availableKernelModules =
|
||||
let
|
||||
modules =
|
||||
{
|
||||
intel =
|
||||
[
|
||||
"intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
|
||||
];
|
||||
amd = [];
|
||||
};
|
||||
in
|
||||
builtins.concatLists (map (cpu: modules.${cpu}) hardware.cpus);
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
|
||||
@ -1,16 +1,10 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.hardware.legion = let inherit (inputs.lib) mkOption types; in
|
||||
options.nixos.hardware.legion = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.hardware) legion; in inputs.lib.mkIf (legion != null)
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
environment.systemPackages = [ inputs.pkgs.lenovo-legion ];
|
||||
boot.extraModulePackages = [ inputs.config.boot.kernelPackages.lenovo-legion-module ];
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.hardware) legion;
|
||||
in mkIf legion.enable
|
||||
{
|
||||
environment.systemPackages = [ inputs.pkgs.lenovo-legion ];
|
||||
boot.extraModulePackages = [ inputs.config.boot.kernelPackages.lenovo-legion-module ];
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.packages =
|
||||
let
|
||||
inherit (inputs.lib) mkOption types;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
config.nixos.user.sharedModules = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
|
||||
[{
|
||||
config.programs.plasma = inputs.lib.mkMerge
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
|
||||
@ -1,58 +1,55 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in
|
||||
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
instances = mkOption
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule
|
||||
{
|
||||
options =
|
||||
instances = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule
|
||||
{
|
||||
device = mkOption { type = types.nonEmptyStr; };
|
||||
hashTableSizeMB = mkOption { type = types.ints.unsigned; default = 1024; };
|
||||
threads = mkOption { type = types.ints.unsigned; default = 1; };
|
||||
};})
|
||||
]);
|
||||
default = {};
|
||||
options =
|
||||
{
|
||||
device = mkOption { type = types.nonEmptyStr; };
|
||||
hashTableSizeMB = mkOption { type = types.ints.unsigned; default = 1024; };
|
||||
threads = mkOption { type = types.ints.unsigned; default = 1; };
|
||||
};})
|
||||
]);
|
||||
default = {};
|
||||
};
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) beesd; in inputs.lib.mkIf (beesd != null)
|
||||
{
|
||||
services.beesd.filesystems = builtins.listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
inherit (instance) name;
|
||||
value =
|
||||
{
|
||||
spec = instance.value.device or instance.value;
|
||||
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
|
||||
extraOptions =
|
||||
[
|
||||
"--workaround-btrfs-send"
|
||||
"--thread-count" "${builtins.toString instance.value.threads or 1}"
|
||||
"--scan-mode" "3"
|
||||
];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList beesd.instances));
|
||||
systemd.slices.system-beesd.sliceConfig =
|
||||
{
|
||||
CPUSchedulingPolicy = "idle";
|
||||
IOSchedulingClass = "idle";
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
Nice = 19;
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) beesd;
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) map listToAttrs;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
in mkIf beesd.enable
|
||||
{
|
||||
services.beesd.filesystems = listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
inherit (instance) name;
|
||||
value =
|
||||
{
|
||||
spec = instance.value.device or instance.value;
|
||||
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
|
||||
extraOptions =
|
||||
[
|
||||
"--workaround-btrfs-send"
|
||||
"--thread-count" "${toString instance.value.threads or 1}"
|
||||
"--scan-mode" "3"
|
||||
];
|
||||
};
|
||||
})
|
||||
(attrsToList beesd.instances));
|
||||
systemd.slices.system-beesd.sliceConfig =
|
||||
{
|
||||
CPUSchedulingPolicy = "idle";
|
||||
IOSchedulingClass = "idle";
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
Nice = 19;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
|
||||
@ -1,19 +1,9 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.fail2ban = let inherit (inputs.lib) mkOption types; in
|
||||
options.nixos.services.fail2ban = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services) fail2ban; in inputs.lib.mkIf (fail2ban != null)
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
services.fail2ban = { enable = true; ignoreIP = [ "127.0.0.0/8" "192.168.0.0/16" "vps6.chn.moe" ]; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) fail2ban;
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf fail2ban.enable
|
||||
{
|
||||
services.fail2ban =
|
||||
{
|
||||
enable = true;
|
||||
ignoreIP = [ "127.0.0.0/8" "192.168.0.0/16" "vps6.chn.moe" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.services.nginx = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
|
||||
@ -19,16 +19,10 @@ inputs:
|
||||
[
|
||||
{
|
||||
assertions =
|
||||
[
|
||||
{
|
||||
assertion = !inputs.config.nixos.system.envfs.enable;
|
||||
message = "Somehow xrdp could not start if envfs is enabled";
|
||||
}
|
||||
{
|
||||
assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
|
||||
message = "nvidiaBusId must be set if optimise type is nvidia";
|
||||
}
|
||||
];
|
||||
[{
|
||||
assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
|
||||
message = "nvidiaBusId must be set if optimise type is nvidia";
|
||||
}];
|
||||
}
|
||||
{
|
||||
services.xrdp =
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
config =
|
||||
{
|
||||
services = { dbus.implementation = "broker"; fstrim.enable = true; acpid.enable = true; };
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config = inputs.lib.mkIf inputs.config.nixos.system.envfs.enable (inputs.lib.mkMerge
|
||||
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null) (inputs.lib.mkMerge
|
||||
[
|
||||
(builtins.elemAt inputs.topInputs.envfs.nixosModules.envfs.imports 0 inputs)
|
||||
{ environment.variables.ENVFS_RESOLVE_ALWAYS = "1"; }
|
||||
|
||||
@ -20,7 +20,6 @@ inputs:
|
||||
hideMounts = true;
|
||||
directories =
|
||||
[
|
||||
"/home"
|
||||
"/root"
|
||||
"/var/db"
|
||||
"/var/lib"
|
||||
@ -29,9 +28,7 @@ inputs:
|
||||
"/var/backup"
|
||||
{ directory = "/var/lib/docker/volumes"; mode = "0710"; }
|
||||
"/srv"
|
||||
]
|
||||
++ (inputs.lib.optional inputs.config.nixos.system.networking.networkManager.enable
|
||||
{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; });
|
||||
];
|
||||
files =
|
||||
[
|
||||
"/etc/machine-id"
|
||||
|
||||
@ -66,6 +66,8 @@ inputs:
|
||||
keep-configuration=no
|
||||
'';
|
||||
};
|
||||
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
|
||||
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
|
||||
})
|
||||
# networkd
|
||||
(inputs.lib.mkIf (networking.networkd != null)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.mkModules (inputs.localLib.findModules ./.);
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.user = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" ]; };
|
||||
@ -78,6 +78,19 @@ inputs:
|
||||
home-manager.users = builtins.listToAttrs (builtins.map
|
||||
(name: { inherit name; value.imports = user.sharedModules; })
|
||||
user.users);
|
||||
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories = builtins.map
|
||||
(user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
|
||||
user.users;
|
||||
nixos.user.sharedModules =
|
||||
[{
|
||||
config.home.file =
|
||||
{
|
||||
".config/.keep".text = "";
|
||||
".local/.keep".text = "";
|
||||
".local/share/.keep".text = "";
|
||||
".local/state/.keep".text = "";
|
||||
};
|
||||
}];
|
||||
}
|
||||
# set hashedPassword if it exist in secrets
|
||||
(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user