mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-11 22:49:56 +08:00
Compare commits
60 Commits
5de71b4f6d
...
legacy-250
| Author | SHA1 | Date | |
|---|---|---|---|
| e34356dc32 | |||
| 567d169fb0 | |||
| 158734ac14 | |||
| d1040e08b9 | |||
| 068823a913 | |||
| 9a42e1182e | |||
| a8cdc3b481 | |||
| 637d7deac4 | |||
| 105bac451e | |||
| 2252919c58 | |||
| 9f87c8157f | |||
| 15ba8be8a7 | |||
| 41a8d42aea | |||
| 1f98b7826a | |||
| 5e30415e27 | |||
| f172269043 | |||
| 8f1e4e847a | |||
| 02b36bdf84 | |||
| 08e28bf7c8 | |||
| 7809cf5c1b | |||
| facb79d588 | |||
| 2614e0f97f | |||
| 668000f122 | |||
| 76bc39e30d | |||
| 5ce896e86d | |||
| bed22df7b4 | |||
| 1fa911401b | |||
| c2963d6f10 | |||
| 3c9e3bded3 | |||
| 34f372511c | |||
| c3b2802c19 | |||
| b8fe6bb4d5 | |||
| 9a8b3ac002 | |||
| 33cf3d91a1 | |||
| 752d7ba5f2 | |||
| 7083246cb2 | |||
| c54597d52d | |||
| 8aed13cc4c | |||
| 32f110c2b4 | |||
| 7764cb1698 | |||
| 649ca35882 | |||
| b15e031090 | |||
| c0f5d6314d | |||
| 9f2134b258 | |||
| aecc119691 | |||
| 8996637b0a | |||
| bb60818ee6 | |||
| 3a2fd91ab2 | |||
| 25e19837a7 | |||
| d3bf75fc6f | |||
| 2534441f2d | |||
| e696455ab1 | |||
| e926fa0cf7 | |||
| be023ac1d5 | |||
| 6b080d7bed | |||
| a8fbca34c6 | |||
| 29f9309318 | |||
| e86581da43 | |||
| 1264a0e612 | |||
| 3967974068 |
11
.sops.yaml
11
.sops.yaml
@@ -7,8 +7,9 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- &srv2-node0 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- &srv2-node1 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- &srv2-node2 age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
|
||||
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
@@ -30,11 +31,13 @@ creation_rules:
|
||||
- path_regex: devices/srv1/node2/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node2 ] }]
|
||||
- path_regex: devices/srv2/secrets/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1 ] }]
|
||||
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1, *srv2-node2 ] }]
|
||||
- path_regex: devices/srv2/node0/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
|
||||
- path_regex: devices/srv2/node1/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
|
||||
- path_regex: devices/srv2/node2/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node2 ] }]
|
||||
- path_regex: devices/test/.*$
|
||||
key_groups: [{ age: [ *chn, *test ] }]
|
||||
- path_regex: devices/test-pc/.*$
|
||||
@@ -44,7 +47,7 @@ creation_rules:
|
||||
- path_regex: devices/cross/secrets/default.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
|
||||
*test, *test-pc, *test-pc-vm]
|
||||
*srv2-node2, *test, *test-pc, *test-pc-vm ]
|
||||
- path_regex: devices/cross/secrets/chn.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *nas ]
|
||||
|
||||
@@ -24,152 +24,156 @@ users:
|
||||
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
|
||||
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
|
||||
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
|
||||
#ENC[AES256_GCM,data:B8NX79g1IqmiNdO9pmq11g==,iv:Uf4dOMGCa73+YgFwNHUGmrVQW7zDavyUn8pVlZIlU0Y=,tag:Dp1g1k3x6LYgyHoyOnXdnQ==,type:comment]
|
||||
lilydjwg: ENC[AES256_GCM,data:/2Af4TldHmIbMzv8aDrlhElrsW+P//5cF7vQy/EzcKVa20WhLYIM1KICweZRdxE45FTWsxv+Fp21rBoQS89QePyVAw7POhtceA==,iv:Yv0J0GAWuBLSziHEBFPFSVg0kHjVf//f5ZKYLpyyjDA=,tag:+fJKhLhUWGqfjiSumH3dgQ==,type:str]
|
||||
telegram:
|
||||
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
|
||||
user:
|
||||
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
|
||||
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
|
||||
root: ENC[AES256_GCM,data:KFyR8e+rt0E9,iv:i13OWPwPGpHP8CEGGVm24KgqEOxrqeL+Y3mHBYuntms=,tag:CjKuwE+USmQq6gncXQDrJQ==,type:str]
|
||||
maxmind: ENC[AES256_GCM,data:KfTXvxX4zzXBfNMPmZY1z5jTHTByGfH9qEo6EUAQqZ1JOtNUomOWNQ==,iv:KcexOWAXFhWfli6bAMZ+61x960trZ3iE9UYMuOtJNms=,tag:reuuIe6MkONpeT44U6yUjQ==,type:str]
|
||||
acme:
|
||||
token: ENC[AES256_GCM,data:DrNdcyf2tiZ5nmjYmsG13V63ZuZhNG1c/kkGM7eXQWvRvDbu37nKWA==,iv:xc4gtNvZ/BYG+KmT1XgFfG3Z17bBLURazG8tz4/laxE=,tag:khnYVQWjiiaQC9VsJyLV6A==,type:str]
|
||||
tailscale: ENC[AES256_GCM,data:ajw332lHmxY8mdaxeG6zLui3Coc7z/3+ojBIcZHBY8KhpRbEiAj6n8yIIj/7BffR,iv:oqCBZsrYz6bMax96QQVWhcXnppx676TbUh3Vl4qJh00=,tag:557nZp1SE7NsUii7QUtSeQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR09MUytUL2h3cWlIanNF
|
||||
VWd6SVNWOGVlVVpGbGtyQWxnZlk0cEx2TFJzCmhtbGRFcDdlWDAxU3NneXloSS9U
|
||||
WXBtQmg4dFhOb3J3bThCUDliUmJ4NVUKLS0tIG1uQjdiODdHWVVrVGIwb2lPN1V1
|
||||
QjVyWFAzQTRDWXMyMXdUNytKcy9abmsKZ6maa6DoKPkDAYXGLVoLWIi3fzzs1SVF
|
||||
C/9y2PG/j7F8Pd4hUHl7ILWN/VNbYKQwGYp59+kKeAzeSHkJeTTKyg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBma1JoNldVdG1yNVYxVm5y
|
||||
SWVEemtFUUZHOVVRa2ZPNzkvRWxkTEN1MENBCnQ4elhUYmRuL0xPUVlBbFRNSUFp
|
||||
YTFIRVlHaEdJMlI4TENIS09HcVVrSHMKLS0tIGErY3pJaG1YdmthU3BzZWtCeWkw
|
||||
Qk5TekphSjFqVmg4dEkwWExjek9GK1EK+gzFgvWe2otn946O0roo2K4ADR/U96Co
|
||||
tw0wIOTxw6dtkntbvZHVz3Mh38K5mBpAjPLzyd4IjuUy2AkNSkwGew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaitpVkkvNEFOMEZXK2s0
|
||||
Z1o0UTZ4NFRrd2NqNzhNVWhncmdWWDlzZ2swCkthMU50WldYajN1eEZCRVRUZ2d6
|
||||
TU8za1R0aUdCV3hZaVlIRE01UHdYc2MKLS0tIFNWcFdVWGc5dUVtWnVVbGh1WFVU
|
||||
UzFsYS9tL0xNeDBmQWIrTVB2MkVtdVUKjMADWap5h4NGj3ESamUHz3+8AtO2sOL6
|
||||
wFm/sTfEuhFqO8bodtBXB/veQOrr97Dw8PhO/6CO5JdGTEyFIZ3DoQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMW4raDc4V0RWRkljb2E3
|
||||
a1Q3ZzBFVnVpWit0andqNmNrZkZqS1VSbjFnClM1WmVDbUV1TnAwRHJOU3ZsQVhF
|
||||
a0NQZng4VURGSStCT216OGJuNU9jaWcKLS0tIGY5YW9MUjJZd1Q3SVNEdGVTS25x
|
||||
bytMcjJTeVh6a25ZR0JjV2dIa3BZM0kKi/b439/DJPLu1ccqYmVDQMAOaT8Rae0U
|
||||
cJlTLPHiN+YINT1/NMT62UuPRbGq5puK4v2IXxWo4Xc1KVEwE4j78Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOFprRWZQaVpMQkxJN2Vw
|
||||
RVB6QXN6bDJPcEt3YURaby9PZm1FZHhDRmtZClBiV0JobHZRejhWVzhOZThRTTJ1
|
||||
UE91bzdWMjJvYllIWXBmQkNReThIc00KLS0tIGRLa0V1b3ZWSVQzc01sUlBMVzBz
|
||||
blZyM0FpelBoTE5Ia2J3S2c0WE5FcVEKKTJ5jzNLkLixv+8DlcTrR9sWs6GihPG6
|
||||
x9w/Zu5H4DK9EVFyksTujRZZMI6o4lHzl2VIrgkTNQUwIPtsqo5KMQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUWo3ck9qN2VybUJrNmdk
|
||||
Q1ZlMEJkRFh5OS90cHVheWhoUmNveGQ3Y2l3ClorWmlCUEhpWDAraUR6M1dlTTdR
|
||||
QTRCeTFRUUd6SFBaYXBDb1VFc0ZMbW8KLS0tIDVXMEhVQml5bW5MbXJqYWllZnJL
|
||||
TysxNXhwcllsZGJOejZXUEZkcU55M0UKvIwSQ49VO9cJfRPKzEzly4R6GAPOyi43
|
||||
5aWMh9Yu5EpZTUmyg5MByBdd1ENZZfqy0u9U1BiGxq7fj0DM/pYWjw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQWwvbXZoNHFxM1Y3L0pO
|
||||
cDlML1ZWWXppeWxaZjZwOFVvbHNubmxEYUI4ClB6Wm00dTRFUE8xTFNlUmdacjFU
|
||||
VGNiMFk1SHpOVnJ6RWdyVXk3WGkxZm8KLS0tIDFnamZqa1VqdUVXWFN5YW5CNGhh
|
||||
UHc5bCsvVFV2eDlLR2Q3STFCQXpZRzgKSVvG8HcDtBJAh8iNrQd+UKbgs/k5Yf2t
|
||||
KqMdODturfudk8QJn3pR97essszrsK/HS4yptp71bBSj3qK50Lp/rg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWHRSNFBqVHlSSHUwOXRS
|
||||
MTFPdFZQVzZ5VEpwVE5EN3hqYUZWbEtoNkNNCjRwRUlKVmFxTDNiOHh4TWYwcStP
|
||||
UGRLMmN5Rmx2K2VGRCtCOWNmaENEZmcKLS0tIE1oZUdxRFNXTEljd3ppWXpUUUhE
|
||||
OXMydGE5T0tCS3BUQ0k4bUlEdDdPVE0KFiFCbmzRDXz33uh/klHEDdTP13tGWV4V
|
||||
v7GLkjcoDyYf/4N7i8meu77E2zTMiTdDbUOF0oehFPTDrM1TwJ8LtQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSzJGeDJYUHRtV0hGb3I5
|
||||
ZUlBRnRKem1ucXk0VFZvb0xlSlBkeU1ZeFJvCmFJeXM3eGJBcC9IWHdSV05obVZq
|
||||
b0VOT1NzdzhKOWVYZytQOW5UTXlDS3MKLS0tIHc2U0crejgzTUtVbm9VN3pVNzda
|
||||
NVNQU1RNdldXR2ZoWCs5VlZYV1JyTWsKayt8OOhvopxjAyNMgRTwZVHaRGApUURE
|
||||
V0jeyb/l03hefxUkEsR1yxsQemwJAbbzhhjnsWjjxJ7Zt+bh4FdHiw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Rkc2MVhUc0tTUkNsenQ2
|
||||
aVM1dG9MSVpwaFloU1ZRWmVsaEtYVGY3NlFnCm5PM0VpWVFKdExJbExIMnZ0Tmw1
|
||||
eCtVdkRpVW9lcFA5bWwwbWNaYTMzejQKLS0tIHA4MTd1anM4NWtmQUx1cVlsWFVQ
|
||||
bk5iV2xRazdoZnY1dGhKSGFFdUFWY3MKGoxBih7fDQoZFxj8JjiRAl8D3/8xWBeq
|
||||
RS/8C6v+/V+Afnv9QN6uYt0l4YeGn8tv1TRNWXHZl0A6DFjzouwhZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2hsZGExRnFaclpUNEdr
|
||||
bkJJM2gySmtzUlVmZWoxZ3pST2l2dGtCdnhnClNWeVZqWTJ1Mk1pMGZCaXppU0lY
|
||||
RUtlT3YrQmZuVTZ3TjJYMlhGMTVMMncKLS0tIDJsaVQ3aHZIWHhXOFJ1WmpQUDNk
|
||||
SjBSRm4wWjhpUzFmVUtwdGUvbmVIV0EKzgfa9i+VJLPvBRrFbNavZtG1hK6jazoD
|
||||
WHkWedx4AUUJQQlp12Wetj/0yY9jF3BLv/wvEAusq6Z4dO2aHr3sRA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbE1uZlFXRUdkaGNWNGpn
|
||||
b2JiT1RoSWVLVSt5VHQ2bVRRU0tnVWRudDF3CnVsYXk1R3RGTXN4MkRORERRYXhq
|
||||
UFJkOTZ1ZzgxVXhxOVZ5akpqdDBKNUUKLS0tIGpDS1lGMTRKS0wyOGxyejZvT1F3
|
||||
WjVLek96VW5iNHhxSytvZDVDSWcyRW8KrGqY/w8wOaw+PEAVNMtTpsdSjk+gD+gz
|
||||
fzs9+4uo9Y2KzjCJ6oHIVC4Yz7VkG9Ipo9p6Jd82SJIGcuRtsVljKw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcWFOcXAyYjNoSEhLdEtC
|
||||
ang3bHJ2RmtaL2RManE0K3B0elg4aHJmODB3ClZLSXA5MmhVT2ZZSm9KSUlod3BB
|
||||
V05lT3h0a3NQZnMrNERwNk1LTHRiVlkKLS0tIElESTNEVUpZbk93WFpXNnRTYzY5
|
||||
K2tkMlVCRnBKdVRzWk9aQy9kUUx3L1kKNO9LsaJDfF0v/XCMYV0lmHLFakbVjj+H
|
||||
wGJZQYgu/sETDZQVMeu42fQ++IKElmpfq2/o6+gM7aI0RxLqnBryfw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUnJCdXloNk1FdnlMY3BZ
|
||||
QlFrdkJEYktwYlRLblhQeVZER2pEYWd2UUE0CnVaZDk0b3VoRjlVRVFXVmZQNUpR
|
||||
bngzcHFyaEREaVVIRnRhc3YwVzVwT1kKLS0tIEprbDl6NVZTSzZPZlF3NjVUODFD
|
||||
R2EvTERKTnpoWkdiRVd4c1Ywdm5OV2cK5DR+WLAYmTRVyIP3kx9ImL7oFou/xyJJ
|
||||
P2GNebydAIBPdRmnnPSk5qsGKxZBpiXesSpPCvf71NSp0ayQWtuaZg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYnBzd1k5UEhXZ0wxSU02
|
||||
elZkYlhDWC9CbWFkRlM2bCs2dzNTSlk4TUJnCm1WVnVxaUYwZ1QvNHJRb29ER21P
|
||||
UWhOb2tETWRJR09Sb0l6VXRMaU5KZlkKLS0tIFA3TldTUmJ0Y0xJemJPS0wwK05D
|
||||
SHVXTGUraDE4anJOZFFuaHBKV1lMSWMKemZfKWbI0YR4QuR5zqvGKSnU3HzwZHvo
|
||||
DJ9u2eq7R7OwtDscn9qCwPThORxLMWdI3n+3+XVwAysqW2efrvnGgA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbUtDNk9WUXBYREJpNnNy
|
||||
MDN0WVFRYzlGR0FxTmphMnIxcW5LcGZOWUZjCmRnd0ZNbWhwb3h4ZEVPSm00MGlN
|
||||
SjRYZllXOGVXNjdUazR6bHlSemVscTgKLS0tIFh6aVB0QzFsankzUWpGVG4rTnNp
|
||||
Y3ZGaDlwR0lmQkVnRWxVNGJqS3I5NHMKF7nBtR4gQQ3SMPgsRLczQXlUBFa/+2ND
|
||||
sAcakFO2SiXnfMJTaEdZmoH6gVDjtGhxb72jNbx4c92yFUYNJrAn+w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOFZQZmRHVUdjTXpDbFFm
|
||||
SGt1d2lmYXVZa21iSFhMOTUzMmRIU3BIOUI4CmFvT1BMZmE1eC9tV3dJbVJ4ME8z
|
||||
N25hc0NyZmtMbGFxYmtPSkFkSGZ4bFEKLS0tIE5sUFBTanJONjhtR3BnYjVYdlYr
|
||||
NVZNeDFJOGJIdFlacE9LMmFuakZYUkUKmuK+ogCs3WH9TiGiUfRZ9L98aqRli91A
|
||||
1xHYMJOc5FwI+jaHp1m7nkn+egIOmKvyyejI2ZHQ84tItS+aoiI0bw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRHdHMFAvRFRCNmNES2R0
|
||||
Q3ptRDVrQ3JHaXBxSUlldVd5WUNFc1ZQeDBFCnNiMFErODJhbk5LQ1VGd01oU1N2
|
||||
eXk4Q3VRcUNNWURDUitUMWNOQlJaeWsKLS0tIDRKQ2M1Rnpla3o1NTlCeC9wbGJo
|
||||
cGZxcDUyYzZBMXRpbi94RkcvQXc5aDAKrHpvCDpECN5HS1qeNoiOwKWpT46bLQBd
|
||||
404XgHar20AswgDIjAMp5KJ1pkluQ9j5pVKNFjqJ+9sb3RLYM7Z06Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMysyb2NzMXRlMUk3YnQx
|
||||
eFF4MEU2S0pvS1F4Q1JvUnVYcStDZURuMjJFCnRadVVNbm9IV01ScHlEK0kwK3ds
|
||||
Z1YxY1pMT2RZL0pUZ0pPOUZvQ2xYYmMKLS0tIDE5K2xjU2dFSGZkeHZUNDNUMFhj
|
||||
d0Y0ZS9ub1dVc0lSdXZlOXhMWEc4VkUK7S2XKWP/nHs/7wY6Qs2SaqY7HoAC3h3P
|
||||
S+xf/tGriY7pKXIA8OSn4v2NQGE44LA8sk18c6cpH0KxdgMh+sumXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3RhUHBORW1BNFh5M1c0
|
||||
QlhmUDY1T0ZmN2dGaUhLOVkxN2NiUklBU1hVCjY0MXBoNmw0ekpQYlMzdFZhNFA5
|
||||
NE9XdnlaaGdiSU1BYkRvcThaYmpVcTAKLS0tIGk4UHMwK20yQ2w0N0hoQnZYK2Fk
|
||||
czU0M2dQbU8rMkZJbEJaZ1NhcE1yZFEKUWe5IaDuPjfQ/m76m6DdvF8HWmDiVH1k
|
||||
IQk6sIJfbcINGOVP+JYGJPWgq6LGg1EdW4ONctosVk6kxRO30N0rVQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY05iS0V0aWdVWm5iYyts
|
||||
YlBNSEFQZ0Nxck5jaWZublZOeFhvbmxTOEV3ClIzYnZ4bGZrT1VpZVZlVTl2YXdD
|
||||
VmFEeUFPbTY3eHNXZk1jVXAzZ1paK2MKLS0tIHBsV0wwNllza3JZTzlqbE1DQ1Yy
|
||||
Rk1rdzk3Q0czUW5oSEh2NEtFNitHOTAKe2uoBtAswRNNSV//PI7djMWRy7mYyJpy
|
||||
j6a+cyUQ6ZTGsMTWIFTeymq83Kn/gZNxlgmFWc/NWN0t/i84yQM+iw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YXF5aGRobkFVdFQzRFBp
|
||||
NnhvdWtxU2dxa2s4d2FiYnBrdmMvakU1cFhvCnJ4NWVCc0t2ajFpdWVMM25XUnE4
|
||||
a3E3N0laOEYwNDBNdTc4WjdZR2R3M1EKLS0tIC9WRGpJSUhhM0JGZVJWaHlvSkRH
|
||||
bXErdTlYQWh3cmZITWxIeDYzaklWbmcKKG08GymtessnDUfg/AgmQh9eyJx25Y+c
|
||||
RyhAdNl6Lu2Hv7e/oqr23SmwFuhzgPl6eL8t1Nz3s1KraShZazjpQA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ0IwMHJZc0dFWmNVNkQ5
|
||||
WUJDeE44SEpyLzdVUDdQTHVEdGc2OFpiQjJnCkMxRlIrcGU5WVRtdFZqc2oxdjBh
|
||||
NkRzN0Q2MGNqZUZUMWNKRlF4czhubWsKLS0tIEdKVGU2RE01QzZ3WlJxU0RrUWtk
|
||||
SFhBMzYwMDN6bUZyOEo5R094QjgxSWMK61kBpZIHQyB7fPEHw69c2pKoR0+vP6U7
|
||||
1gHTVBIUvMc2UbuAvI3tSoNmSDYHpm8AE+1m0E3eZZFHbZYua9+hKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdlJ4QWRPUlpwSlJYaG5K
|
||||
UW05aURRSHlXSmJZekhoZGtlL2dLcUQ3VWhzCmRsM3NnQU1ITGNkNnJETlRpUVJI
|
||||
VUo0cHMxS3FyV2FsNk1iK2U1cnhaL00KLS0tIGx3enAzeHBOOG4zdkVXM21Ldm56
|
||||
ZFA3YVNEM1JTOW50NGxWaXllZFFnSWcKi2LFPb9Bo+XtViBFz7x8jn8Xpn6K5dbQ
|
||||
PJIepVai+5XuuhyUJXKf48b5jUT/FWIKHWFZicrLBuadWx7iHCX4Rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK2tkZXZkYWZWcEFhS1h2
|
||||
YTk2N3F4L3AzNzdmZXhLRXpOLzlRa1NNSXlnCjRNL3paejlRUTZrVEFwdWdzRzVp
|
||||
NVFReGwrZk9IdVhQSnFzK3lVMWRPOTgKLS0tIGs2azNoQm51ZDZrOEJDbEhRVTFu
|
||||
aVdEZ0s4SjljZFc5ZTJwK3ZON3VlRVkKB1apktkRqW0R/Epn3bZf/Aym5evUmxm+
|
||||
TLkJxTT6TVcgjobcpFvMmI+pqRWfh5Opj9a9lSe5QvsXxdgOs0mvzg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRDlUcStHUFc4Vm54YTVV
|
||||
M1V0Ujc2RENybTFVbHgxbVFZV0F2dlI1UTBnCnd2OWhTc1g5Yk0vR0Q5VmpHUitX
|
||||
Y29malU1VEN0WW5XVVFWTFg0S3RFSmMKLS0tIEJKZ0g1U1hWSUZvdjQ1YW14bnFR
|
||||
Wk83NU9XN1pxWHZ3MWo0VHpKek1HOXcKXdzEIlwE4riww33KCRcWEAv3vUQhSqG7
|
||||
4ndZSMOzl9LMGJM3tvX+49TpdoLn+pkrE8g2BcBZPA2UsO1a/ASj2w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlhIdTdtNkpZU3Y5T1Vl
|
||||
WjZXLzJYVDdweFpITEh6cmszOVYrZWI5eTM0CmNSTnd4T3g0dFNiTDNCM2hEOTVo
|
||||
OS85R0VqdEZkTlhGWFNRZFpXZGlWTFEKLS0tIHQ1YWJrZERJUlZwZnU3RThucVRL
|
||||
NHdwcGl2Wk11TFdCd25OTE1nVDNYd2MKOxa2f7bFgFE2zCR1kKtC6giQhr1P79W0
|
||||
MKxil/x2T8rBNkK6sN0PjkphKdg9LVit86ilHPwTgnkl9oz8Cs6X5A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMWw5OXk2bjdHWmg0VGJI
|
||||
MmtRNk5jUFBWc3gwZkVTbUIvNGN2ZlpZcFR3CkJ4Q01CU2tCZDF4djBOSEtzUjZS
|
||||
TFN0dWNlZDdmSnZYdlo5aUpRNDVXaG8KLS0tIDVFdllPdVFUbTFYeUlHUEdRMjNx
|
||||
dEUxemY4Nmp4djBFR2ZDMWZFS3VmOFEKCIeWZZslOeXVY3hqzyIEUeHPzN4Pk+xw
|
||||
hCtNDvShZqcjdR4qwHHQwPjiiZvVk6k0M+GPH2KXVarbIlkqiwHPzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL1ZjRzJNQVFNekFUVlQv
|
||||
SmJWMDRZMXNDaTNNd093b25kSk5nTDg0K244CmVLK08xKzlleXpWblRkbGZVMENi
|
||||
U0NGVVhycUN6OEZDNjFBUndSdnRLdE0KLS0tIHJEeTVIY2xwZWdqdG9JRVhsRENq
|
||||
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
|
||||
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbVpDMkEzSFRhMTE4MktT
|
||||
TWN4ZTRKUk1POWxsa0pPMzZZS2VtN1M3T244CjRJaFpaK0VpenNvWGZNZzdUVGdr
|
||||
RGVycHBJM2VnU29TQ3JmMEJyUTg1QVkKLS0tIGJlQ3NwMjFhSkkzRmwyaXlYZ3pN
|
||||
TXZuTFNpdElIUkNrcHA5T3NKQ0NvY1EKG2FGYxVFp/oa7kxpYD038uUHfZDuoQK+
|
||||
7hsk7Tn+KTjTYs0E7soMcGVr8GRcqcJFXRjt8hFtw9HLDlzaYK6uMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-06T01:03:09Z"
|
||||
mac: ENC[AES256_GCM,data:9pJpUNzMogdijzFpjkCw4wEuOGn8B6Q/sKqzA6Pq73fp42t59BbdtK6ClTWqDRUG5MMmLVXYqdlrjPeHeRtXuQ0USNNFY6jC/p35/gB/+Gh+qqLY48YtBPjsV7aYkF8bVhC8EeDZPXvw6Hz5r+e1crVxcbOjk1uFXFVdoDGgsuQ=,iv:0QKuxk9WvCgLMJCNkX0/S/YonY/bmTvvN27DKcZGzv4=,tag:S9S/J57/GHjmVLJhtLDqDw==,type:str]
|
||||
lastmodified: "2025-11-06T12:38:15Z"
|
||||
mac: ENC[AES256_GCM,data:aIN1vCZVyKnZYmsWwTuClQT+Xsqx46HpFQo/4ZYu4V8WcDtR8UaIH2K/vq6LiJ3bSD06xxR3U9Ljc67hhehiFLMJr00l4KoczLvYYiQZKWC95A/OTyK1UeMMyioBYguDrmIKQiR+sUF/juPn7BjXdygYuVzkH7iLiTz4DczjIhE=,iv:zOZY/pBxieuNhWXonF/mq/0NoM2pgfWMyekx1C+LV78=,tag:EYZndCzRzV+v3icoESW+CQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -34,10 +34,15 @@ let
|
||||
proxyJump = "srv1";
|
||||
};
|
||||
srv2-node0 =
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6"; extraAccess = [ "srv2" ]; };
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp"; extraAccess = [ "srv2" ]; };
|
||||
srv2-node1 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
|
||||
proxyJump = "srv2";
|
||||
};
|
||||
srv2-node2 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIK9FZUOZ51pWdm2grTXDdSGMZ3g9DkvHUBvY8bFoTZjy";
|
||||
proxyJump = "srv2";
|
||||
};
|
||||
};
|
||||
@@ -55,9 +60,9 @@ in
|
||||
hostNames =
|
||||
# 直接访问
|
||||
[ "${device.name}.chn.moe" ]
|
||||
# 通过 wirewireguard 访问
|
||||
++ (builtins.map (net: "${net}.${device.name}.chn.moe")
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net))
|
||||
# 通过 tinc 访问
|
||||
++ (builtins.map (net: "tinc0.${device.name}.chn.moe")
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.tinc))
|
||||
# 额外的域名
|
||||
++ (builtins.map (domain: "${domain}.chn.moe") device.value.extraAccess or []);
|
||||
};
|
||||
@@ -88,18 +93,16 @@ in
|
||||
})
|
||||
((device.value.extraAccess or []) ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
# 通过 wireguard 访问
|
||||
(builtins.concatLists (builtins.map
|
||||
(net: builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
name = "${net}.${name}";
|
||||
value = genericConfig // { host = "${net}.${name}"; hostname = "${net}.${name}.chn.moe"; };
|
||||
})
|
||||
((device.value.extraAccess or []) ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net)))
|
||||
# 通过 tinc 访问
|
||||
(builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
name = "tinc0.${name}";
|
||||
value = genericConfig // { host = "tinc0.${name}"; hostname = "tinc0.${name}.chn.moe"; };
|
||||
})
|
||||
(device.value.extraAccess or [] ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
]));
|
||||
}];
|
||||
};
|
||||
|
||||
@@ -1,213 +0,0 @@
|
||||
inputs:
|
||||
let
|
||||
publicKey =
|
||||
{
|
||||
vps4 = "sUB97q3lPyGkFqPmjETzDP71J69ZVfaUTWs85+HA12g=";
|
||||
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
|
||||
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
|
||||
srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
|
||||
srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww=";
|
||||
srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo=";
|
||||
srv2-node0 = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
|
||||
srv2-node1 = "wc+DkY/WlGkLeI8cMcoRHcCcITNqX26P1v5JlkQwWSc=";
|
||||
};
|
||||
dns = inputs.topInputs.self.config.dns.wireguard;
|
||||
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
|
||||
listenPort =
|
||||
{
|
||||
wg0 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name 51820)
|
||||
(builtins.attrNames publicKey));
|
||||
wg1 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name (51820 + dns.peer.${name}))
|
||||
(builtins.attrNames publicKey));
|
||||
};
|
||||
subnet = # 设备之间可以直接连接的子网。若一个设备可以主动接受连接,则设置它接受连接的 ip;否则设置为 null
|
||||
{
|
||||
wg0 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map
|
||||
(n: { name = n; value = null; })
|
||||
(inputs.lib.subtractLists [ "vps4" "vps6" ] (builtins.attrNames publicKey)))
|
||||
))
|
||||
];
|
||||
wg1 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" "srv1-node0" "srv2-node0" ])
|
||||
))
|
||||
# 校内网络
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "srv1-node0" "srv2-node0" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" ])
|
||||
))
|
||||
# 办公室或者宿舍局域网
|
||||
(builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "pc" "nas" ]))
|
||||
# 集群内部网络
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 3)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 2)))
|
||||
];
|
||||
};
|
||||
# 给定起止点,返回最短路径的第一跳的目的地
|
||||
# 如果两个设备不能连接,返回 null;
|
||||
# 如果可以直接、主动连接,返回 { address = xx; port = xx; };如果可以直接连接但是被动连接,返回 { address = null; };
|
||||
# 如果需要中转,返回 { jump = 下一跳; }
|
||||
connection =
|
||||
let
|
||||
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
|
||||
# 边中至少有一个端点是可以接受连接的
|
||||
netToEdges = subnet:
|
||||
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
|
||||
in inputs.lib.unique (builtins.concatLists (builtins.map
|
||||
(dev1: builtins.map
|
||||
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
|
||||
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
|
||||
devWithAddress));
|
||||
# 在一个图中加入一个边
|
||||
# current 的结构是:from.to = null or { address = xxx or null; length = l; jump = ""; }
|
||||
addEdge = current: newEdge: builtins.mapAttrs
|
||||
(nameFrom: valueFrom: builtins.mapAttrs
|
||||
(nameTo: valueTo:
|
||||
# 不处理自己到自己的路
|
||||
if nameFrom == nameTo then null
|
||||
# 如果要加入的边包含起点
|
||||
else if newEdge ? "${nameFrom}" then
|
||||
# 如果要加入的边包含终点,那么这两个点可以直连
|
||||
if newEdge ? "${nameTo}"
|
||||
then { address = newEdge.${nameTo}; length = 1; }
|
||||
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
|
||||
# 如果边的另外一个点到终点可以连接
|
||||
if current.${edgePoint2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边包不包含起点但包含终点
|
||||
else if newEdge ? "${nameTo}" then
|
||||
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
|
||||
# 如果起点与另外一个点可以相连
|
||||
if current.${nameFrom}.${edgePoint2} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果起点与另外一个点不可以相连,则不改变连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边不包含起点和终点
|
||||
else
|
||||
let
|
||||
edgePoints = builtins.attrNames newEdge;
|
||||
p1 = builtins.elemAt edgePoints 0;
|
||||
p2 = builtins.elemAt edgePoints 1;
|
||||
in
|
||||
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
|
||||
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
|
||||
else builtins.head (inputs.lib.sort
|
||||
(a: b: if a == null then false else if b == null then true else a.length < b.length)
|
||||
[
|
||||
# 原先的连接
|
||||
current.${nameFrom}.${nameTo}
|
||||
# 正着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 反着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
])
|
||||
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
|
||||
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
# 如果正着连接、反向连接都不行,那么就不更新连接
|
||||
else current.${nameFrom}.${nameTo})
|
||||
valueFrom)
|
||||
current;
|
||||
# 初始时,所有点之间都不连接
|
||||
init = builtins.listToAttrs (builtins.map
|
||||
(dev1:
|
||||
{
|
||||
name = dev1;
|
||||
value = builtins.listToAttrs (builtins.map
|
||||
(dev2: { name = dev2; value = null; })
|
||||
(builtins.attrNames publicKey));
|
||||
})
|
||||
(builtins.attrNames publicKey));
|
||||
in builtins.mapAttrs (_: v: builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges v))) subnet;
|
||||
networks = builtins.mapAttrs
|
||||
(n: v: builtins.listToAttrs (builtins.map
|
||||
(deviceName: inputs.lib.nameValuePair deviceName
|
||||
{
|
||||
ip = "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${deviceName}}";
|
||||
listenPort = listenPort.${n}.${deviceName};
|
||||
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(peerName:
|
||||
# 如果不能直连,就不用加 peer
|
||||
inputs.lib.optionals (v.${deviceName}.${peerName} ? address)
|
||||
[{
|
||||
name = peerName;
|
||||
value =
|
||||
{
|
||||
publicKey = publicKey.${peerName};
|
||||
allowedIPs =
|
||||
[ "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${peerName}}" ]
|
||||
++ builtins.map
|
||||
(destination:
|
||||
"192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${destination}}")
|
||||
(builtins.filter
|
||||
(destination: v.${deviceName}.${destination}.jump or null == peerName)
|
||||
(builtins.attrNames publicKey));
|
||||
}
|
||||
// inputs.lib.optionalAttrs (v.${deviceName}.${peerName}.address != null)
|
||||
{
|
||||
endpoint = "${v.${deviceName}.${peerName}.address}:"
|
||||
+ builtins.toString (listenPort.${n}.${peerName});
|
||||
};
|
||||
}])
|
||||
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
|
||||
})
|
||||
(builtins.attrNames publicKey))
|
||||
)
|
||||
connection;
|
||||
in { config.nixos.services.wireguard = builtins.mapAttrs (_: v: v.${inputs.config.nixos.model.hostname}) networks; }
|
||||
@@ -2,15 +2,23 @@
|
||||
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | grep -Fxv -f <(ssh jykang find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export | xz -T0 | pv > jykang.nar.xz
|
||||
# cat data.nar | nix-store --import
|
||||
{ inputs, localLib }:
|
||||
let pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = "haswell"; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
|
||||
});
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = "haswell"; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
|
||||
});
|
||||
python-lyj =
|
||||
let python = pkgs.pkgs-2411.python310.withPackages (_: [ pkgs.localPackages.pybinding ]);
|
||||
in pkgs.runCommand "python-lyj" { }
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${python}/bin/python3 $out/bin/python-lyj
|
||||
'';
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "jykang";
|
||||
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit pv btop ];
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
@@ -11,6 +11,8 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlBxisj3sU9QC8UC5gX6sakf7G03ybbkmHtD2cybuZA qmx
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWU/OlrP8bJ5k7IqpIwUC1COuVsmrYVreW/ieEdPYdj ccy
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXkM8TS8fDot22LTfU2jDVOqK20LmK8Rd7xO05vYns stq
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
|
||||
@@ -18,5 +20,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFL+fpLRUHy6Bop91ACIUjyekWn+ZGCEOzfrqnaEsn+ yj
|
||||
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat
|
||||
@@ -25,7 +25,7 @@ inputs:
|
||||
};
|
||||
initrd.sshd = {};
|
||||
nixpkgs.march = "alderlake";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
bridge.nixvirt.interfaces = [ "enp3s0" ];
|
||||
static.nixvirt = { ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
|
||||
xray-xmu-server: ENC[AES256_GCM,data:3O5rFi5szla70M/c62JV4nGWKPSOREImrOucjeVYf9bde6K8,iv:PGCqlmHtaNuWOtAAeJ6O+CWFpMszijozU1OpUFrftjs=,tag:iGTOoNvQhhZy2FL9jy1KIQ==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
@@ -82,6 +81,7 @@ open-webui:
|
||||
webui: ENC[AES256_GCM,data:6rpvA80i+HXkDQgYCDIHbXwDfxHq/5tXQRK4piI=,iv:vVIBHf/9LnY1z4zVZGB0ZRBRwLpdXKvNhsYWySxhsiY=,tag:JmbDJKlZ2dH13+drXyXXPg==,type:str]
|
||||
nixvirt:
|
||||
yumieko: ENC[AES256_GCM,data:tO+67mdCFH8=,iv:vl+PLSBfMDk7rGmpjuZ8TnEC1B8tni2pphC7cTmxQU0=,tag:RVW5UaUD0g0HDpoGp2/mAA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:IziBdx/fkWltRubpBYcCuZ/jwM7U6OUA8WAglvMRoCN3eFjQEm3GN+J30tfTt8P2ngwHmaKJ7ry7rB7nhLmIUzhNrLEHprwZwqhAIgpMHo4pcCfJBE5Y7ba+kTk3eOI4waxwmfRqFdccmmkDTtw0En0WtSj0/ysOM4n8mmgeYxc5KIUNfasc0IHfHVtNahljvFUpExeT6Tpu9Caa1cznnFQYlMXsEGkveUHNOcEq4DWCUEVCTOE4/jcSg2j3+dJre3/Qz1ELi78=,iv:PmkrR2nccHrKrXr5V+YBVP4eQHBxPIw16ePfgjP7wgY=,tag:jsAh/QfimQ4swHnEtQsiIQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -102,7 +102,7 @@ sops:
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-07T00:23:06Z"
|
||||
mac: ENC[AES256_GCM,data:Vmcv7Hof4ZR8uXOwbk8zeKSfVldCxJQ696m3mCe6ar5FKpGja0f2XbW8a7tpuYqfwNa5Z7OCovku40PZ/TSmq91hQlZ+zbXe66nPx3/ybbQUSu1rvujprv36kvp1BQwK5A2clLEX7Vo7fGsTq1jX1AFrNM7zTJABrET/7yqVdTE=,iv:IkODPE4AMMLpBNbgwbOpYLWpG7IkRPKVBiLfxKASmPs=,tag:9xfwdCvaWvVey24dLmkFSQ==,type:str]
|
||||
lastmodified: "2025-10-12T09:09:50Z"
|
||||
mac: ENC[AES256_GCM,data:G+Oj1/sOWkhx+w5vFigs9emeEYQ4J5GkFd6G14IE1UBopQ2TZ1eFrv0LF2SFiwcqVv9BFRzyytg82B4G0rNP2/no8kBUNZUvByf6fOpCfeNN092AZb//FhduUCyFFUkNuzo7yE8iKA5In4et0j2Ortm7qU07GdDJ0yX0FzGdd5k=,iv:E+YmDtfgnGX3WGxl84Dsugv+kWKIGN+Xsp0A+n+y+wY=,tag:x0dXm+V/bBFxxboHjWdlEg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -6,7 +6,6 @@ postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
|
||||
redis:
|
||||
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:9QoVM69efr3+UGEo/GPY6IBBxfcqE+3erRTrqSdeTf4XziVMlzWTMdhV9jU=,iv:3abQtZ8cpejqXsJPx6SvSS2cXAKMDkEKEhl9LE319RQ=,tag:1uBPK/0VLPPMzj4rl+iQMQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
|
||||
nix:
|
||||
@@ -16,6 +15,7 @@ searx:
|
||||
xray-xmu-client:
|
||||
uuid: ENC[AES256_GCM,data:XiUkReTJLAxZNWFVeD6EiOtUX5tsyPLFi6QyDBdHyB4v5/mD,iv:QppdtP2CFDEVhlrmDJKYBGc1zYGJvpGYxLfsBAMxDSI=,tag:jzMSFRit+aBzWMkaa3+5hA==,type:str]
|
||||
cookie: ENC[AES256_GCM,data:0jqSEZloX2/c8Zg4WTKkLw==,iv:BKLm1KMoRrH0uO6hPMsv2a7sG0AwNRrdbpmABP4BszA=,tag:pBs+rQIhhNO4Qr6q1V3MUA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:qI2KAyJiC9m+IOzTQ7SFjWnjzzkxvNe6R2yxyK+C/YnEK4JdYqEETIMuqAUQxaSyHjKk9x6kDs3YPC2AyNKf+lc22YoB35Eo5ym+3+GDDPTL4wL4aI4xnGHVLH3JrSFHDyIbvu8R2NLnSy2j4O5Uj+jJmOz/b1xV8zeLbdoFwLgZCbcxvqkIwMlJdDGjAtjEb8eDkjtVzSRSPXohgYgmhxKZyA5/7c41e+/X6RIsHHeOD+Ppz5jlYAkRrsvAxGTfrMN2xTZopxc=,iv:E/8ys6ucmmaKawqrgumJdjTsC17F7Y0RgnHYfu3RIPQ=,tag:OZM/HG88gyF9TZXwHcd3nA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -36,7 +36,7 @@ sops:
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T07:22:50Z"
|
||||
mac: ENC[AES256_GCM,data:f4fultak/52Gq6nn1hJJYw3AMeuR3J6gcxtPDG/WKkNV+B+gtabWp5R8J8wLWFJ4C1ZsGHDYMTvTfSUlDVdm1dGpxJtFzdfoBBdajj8s2mju6nMQUFoNFRmHDZEQBdIzfXpob1+7Rsr+bBmg7HnFvjR0ozuaQP9QHsHEZxJVbnU=,iv:xh4OIom1TFgKralXw6rrOR/1xpD5SpY2tHfJUq6v41o=,tag:0QOtWN6DcGf3/gorusbXtQ==,type:str]
|
||||
lastmodified: "2025-10-12T09:09:31Z"
|
||||
mac: ENC[AES256_GCM,data:fS6wbN3/rtHyo5Z06OIqeTSSJG+0urK5D5E1NF1aRFkZaoRjKG2tW3gC89WW+I411H/stw8LDzI4CBwC88OJnKjsjkkVgqDuY62/wYQIEtI6AFUqDrEasGaTjmzU/fAwiia3t1aBNX4vWarpTmeOfhvAV8zXgKKmCqKsruXYzzQ=,iv:QMM3V0Js1H1c2epv2a9PExb1w87bPenFWsZia7EywB4=,tag:LMgldBurc/qVtOjtLp4hAQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -12,7 +12,6 @@ inputs:
|
||||
mount.btrfs."/dev/disk/by-partlabel/r2s-root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
network = {};
|
||||
# uboot 起始位置 0x8000 字节,这个地方还在分区表内部;除此以外还需要预留一些空间,预留32M足够。
|
||||
uboot.buildArgs =
|
||||
{
|
||||
|
||||
@@ -8,7 +8,7 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "cascadelake";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
static =
|
||||
{
|
||||
|
||||
@@ -1,13 +1,9 @@
|
||||
wireguard: ENC[AES256_GCM,data:B5YdOhpXruQY1Hqb7hpIyPZinSNG+Ub/jE2/hiwZT2WCHjT6Ujz/W8eKbuk=,iv:XcfZb34SjYEsxvo6HEGCd7wy0dsrNIEJ0bORznZZceA=,tag:uFlbepSwch2wJCRITlVNTA==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:tQLfvn0hrvdMx1WjWreSU7PwWhLFE6cyesc8EATRG/HiXOdmOo1Yx3n9VNywmzSdj+zKXcagnsRLX7/MsFJqnifNZ+2+L1+eMkSmP+J/ia3gwsJuLmh3Knn74d1njya59lJvSlGLJGtxbRdzd/Jx3cSbOVRAvOjLiYI+OjXgmoio8EmvL9XizVcFyOeNTG9IETSjygmCg1r99Mss0aBfWl7aTQmk1WHeEZFauS1PF9lrtEjoB2GeRGIEshW2ruecM3irDhxFNS4=,iv:SjUiLHoh3dvoT/fOuwKUSKvIm71ptZH6h0HQeNw5Lgc=,tag:/wW+LdccRODyZ0QTnxvW8g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -27,8 +23,7 @@ sops:
|
||||
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
|
||||
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-10T10:44:35Z"
|
||||
mac: ENC[AES256_GCM,data:lfckL0SJXq+eY3d9SUHihE4Alp6VAI7ugoQygMsphi91yvmAZ1YBbrTVxjzQpL1dT+7zhOhzE2dTqCLXUl1gjbYYo1S6zco73EdU4k/AX3LEAhCJCxG1LVvN/Kf+XoMSauFM7z+E8zZJCvT9/Jijxy/Ty/XBoP9z7gmpQSuRntI=,iv:5hVa0bsv3B9/I+BSxNYOYHFRnM3BfP8GvhlM65lWLFo=,tag:gs2NOe7h6AqYbmCBUMd9FA==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-12T08:54:25Z"
|
||||
mac: ENC[AES256_GCM,data:FqqrUai8MNxO6gPQnRNqoROdQPiPnh42ixQgkWJxeBK3dnvNGCNAWtfUopnup6Qo0TcmAEQ38rmYFZbGlFLKMon0atov3tFmyvIAbOhHDnWxp+bTGDJJjw9Xs3vd4Yukd2ag2cgyS5hV9xO0N825oT3mzJFo6g8CukBLF3BH+kQ=,iv:3sfhIcSNVZsPw3tbyOjNi04NWpV+Nunx4i8d/RIsXtE=,tag:03Kx+HQ4uSR5QxBlBqc9Dw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -7,7 +7,7 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
static.eno2 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
wireguard: ENC[AES256_GCM,data:D4ukKVu4yn3hS3AZJqt3XTgZNbt44Vyiu6I5lCNw9c/VEqXBx3GDlKdcVPY=,iv:S1S0sU0vQcTahFI+GyBz1n/0LVsK3ImFDuLtuQxmgik=,tag:oZ1NWOCcsRb+kjfq/LcL2w==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:s/mcjWKxEp8f6OgAUqkHg8IHA/coBtht20pqSdwGp9OBRta64xyzszeS6o8uW1cV65vm1qQR9XkC7nmBx7F9RAZpMwEYh3anAfzWvL1dd6nNl9NLaz9eqrRGJJH4lyMAmErQRF6epEe2Z0kfs3icsZJ3p8rmWSHjIETFR+pQvepTzLXfz7mi3EftqFxK6o5LXe6t2df7PD5q7x8loB7eu4Qyh14NrklgMifmGoNBsGdIBAiqbZ+3xMt2VgEk4wc7X2ZmBJFx19U=,iv:343e5eRAGxwhb4ITadyKJOcvCnLp5emgz737kBmYlig=,tag:O/cwMZJofSKxMhzFMBV+Mg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -23,8 +19,7 @@ sops:
|
||||
cWpEMWU1TjZKbnFTWm4xY2QwdWx3aFkK0O6p2piq8RKOcSTT49i0pnlt+gOk+QMF
|
||||
r+EJU0zobWwe3PrDg8jjw5HpMxrpDzHcD0XMnVQW0Fd9pn6n4VfpUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:03:27Z"
|
||||
mac: ENC[AES256_GCM,data:13eXFmTRo9lZvQ3+iApHuei5r/OCSCs2gxqEe3nmavQgq1kQXKcD+4ciS/Shd9CJFZrjAu9oRByu5ZeZOnj11u6z3EmnXIwHptMEZe+N6r+Z2uKcBUa/TSJBnYcCrMQ1NM16GXRTi1bwpx4iT4v377lgd1orCa5C10iD6W3/9b0=,iv:FBGi1hSAu0Bz5NKz4mixfbUXbjI725RHccmEO4/jumo=,tag:vCHzTsTV7kJKNapFTxS55A==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-12T08:54:16Z"
|
||||
mac: ENC[AES256_GCM,data:Vk9TJgMM41NhB9XEzBRNuUxZ+pIdFTS4/9VoeBjVB8nMtRb0ZmjB9CTmYGXGxFfB/dg63qmXGfQITgKmtANXiQpMHXYdHw1xnEOTtlTa/ndp3xszVxAEBBhsVlAiXSYmAxKFtIw6W2Erpz1cFhkC0XjlE8/EGe1Srbre0JCzbCA=,iv:pmd1ZM0nhDyNZ6eiNkFEDX5Z0XRSbg2fAPEW6EonsIU=,tag:YM7H+B/IdFVkD5f519FOAg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -7,7 +7,7 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
static =
|
||||
{
|
||||
|
||||
@@ -1,11 +1,7 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:xoIm26btEBuHjgcIrB8gRHAaEdBq3/E5XtoF0YPxnSHB7k3GWJfAxeL4vrw=,iv:HuOFNUgGROF97beF6C4amspd+NV/2uO6OihNMz23hSY=,tag:YJjFM8mqYOuJEulpVHt8FA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:vDPVgWBFmzDvF98/oJvJ6Yj0rDkkTJGYYRJrLY454fzg4EOyGe4FwR1GgHqFeHo6e1Tk76K3odGiUGyOcWOtTCbEKKIli76/P9KCAY6sItTwc1xsPw540vIZXqFv0/lNladhgGznXKMQ4U9bzKuM+KcxmLlTE2QGJAhPeFox7OQmSYba3ww24+XXJaGWL1fZZaLFABZ56bTggNmY2z+orThg2i5yMrO5TjaGXMcFsFJg7A6HzDCv1TuBNRPTMeiWTYqSDFQGUcU=,iv:T25lfAmdpPz+mWJEPu/NK/2PFFP6jfphYTijjEg5o7Q=,tag:oTNOi81SZnsDEjZVTngoQw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -25,8 +21,7 @@ sops:
|
||||
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
|
||||
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:04:26Z"
|
||||
mac: ENC[AES256_GCM,data:JlAgVoTpT6NRT1gvYQre6N8PzHLxbC9z1E42OM40Qs/nhcjYnsRNPiUEvSUClgx+B2G99S/b9R/wQqovBQFtdRDdlCMhz0ZVgLe48ak74EOYn6fwXy37amXP6doW86wS/N2fQeKhyMiJPHurRGamm+jsUUALohx6p1zm47NWL0c=,iv:oQV5be92oyOj0h6IrEY70VfoJYqEFVMtI0PYEALIXfo=,tag:WlH+fTUlPynhupXpBvdl+g==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-12T08:54:06Z"
|
||||
mac: ENC[AES256_GCM,data:XUduuj65erI3cgddmtVLy5PnVPzqMk5y6ikpE38G+QwN+/ZdS5ZQ/FD/BWnXFohH6gk/ClBhS6EJO3G4e1J0yI1HngHjy6SN8Hpe9EmfxrQEyyEGb4/NS0vk0iMDr76nqlb7+dBreYdte/VQakOxvPHlMWYPZZ6oQvfx9k+Vsz8=,iv:uUiaNgfvKz1+5d0GHVFWEeAMM4kBKGON3xmTq8XDVeU=,tag:/3T1+DQHUWuONNBPFavIPQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -12,6 +12,7 @@ inputs:
|
||||
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
|
||||
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
nfs."nas.ts.chn.moe:/" = { mountPoint = "/nix/remote/nas"; neededForBoot = false; };
|
||||
};
|
||||
nixpkgs.cuda.capabilities =
|
||||
[
|
||||
@@ -19,6 +20,8 @@ inputs:
|
||||
"6.1"
|
||||
# 2080 Ti
|
||||
"7.5"
|
||||
# A30
|
||||
"8.0"
|
||||
# 3090
|
||||
"8.6"
|
||||
# 4090
|
||||
@@ -38,41 +41,50 @@ inputs:
|
||||
srv2-node0 =
|
||||
{
|
||||
name = "n0"; address = "192.168.178.1";
|
||||
cpu = { sockets = 2; cores = 22; threads = 2; };
|
||||
memoryGB = 240;
|
||||
gpus."4090" = 1;
|
||||
};
|
||||
srv2-node1 =
|
||||
{
|
||||
name = "n1"; address = "192.168.178.2";
|
||||
cpu = { sockets = 2; cores = 8; threads = 2; };
|
||||
memoryGB = 80;
|
||||
gpus = { "3090" = 1; "4090" = 1; };
|
||||
};
|
||||
srv2-node1 =
|
||||
{
|
||||
name = "n1"; address = "192.168.178.2";
|
||||
cpu = { sockets = 2; cores = 22; threads = 2; };
|
||||
memoryGB = 240;
|
||||
gpus."4090" = 1;
|
||||
};
|
||||
srv2-node2 =
|
||||
{
|
||||
name = "n2"; address = "192.168.178.3";
|
||||
cpu = { sockets = 2; cores = 28; threads = 2; };
|
||||
memoryGB = 496;
|
||||
gpus.a30 = 2;
|
||||
};
|
||||
};
|
||||
partitions =
|
||||
{
|
||||
all = [ "srv2-node0" "srv2-node1" ];
|
||||
all = [ "srv2-node0" "srv2-node1" "srv2-node2" ];
|
||||
n0 = [ "srv2-node0" ];
|
||||
n1 = [ "srv2-node1" ];
|
||||
n2 = [ "srv2-node2" ];
|
||||
};
|
||||
defaultPartition = "all";
|
||||
tui =
|
||||
{
|
||||
cpuQueues =
|
||||
[
|
||||
{ name = "n0"; mpiThreads = 8; openmpThreads = 5; memoryGB = 216; allocateCpus = 43; }
|
||||
{ name = "n1"; mpiThreads = 4; openmpThreads = 3; memoryGB = 32; allocateCpus = 12; }
|
||||
{ name = "n1"; mpiThreads = 8; openmpThreads = 5; memoryGB = 208; allocateCpus = 43; }
|
||||
{ name = "n2"; mpiThreads = 8; openmpThreads = 6; memoryGB = 432; allocateCpus = 54; }
|
||||
];
|
||||
gpuQueues =
|
||||
[
|
||||
{ name = "all"; gpuIds = [ "4090" "3090" ]; }
|
||||
{ name = "n0"; gpuIds = [ "4090" ]; }
|
||||
{ name = "n1"; gpuIds = [ "3090" "4090" ]; }
|
||||
{ name = "all"; gpuIds = [ "3090" "4090" "a30" ]; }
|
||||
{ name = "n0"; gpuIds = [ "3090" "4090" ]; }
|
||||
{ name = "n1"; gpuIds = [ "4090" ]; }
|
||||
{ name = "n2"; gpuIds = [ "a30" ]; }
|
||||
];
|
||||
};
|
||||
timeLimit = "48:00:00";
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
};
|
||||
packages = { vasp = {}; desktop = {}; lumerical = {}; };
|
||||
user.users =
|
||||
@@ -86,6 +98,10 @@ inputs:
|
||||
"zqq" # 庄芹芹
|
||||
"zgq" # 希望能接好班
|
||||
"lly" # 这谁?
|
||||
"ccy" # 陈超业
|
||||
"twr" # 唐文睿,吴猛的学生
|
||||
"lsp" # 李书平的不知道哪个学生要用
|
||||
"stq" # 孙天骐
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@@ -7,37 +7,30 @@ inputs:
|
||||
model.cluster.nodeType = "master";
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "skylake";
|
||||
network =
|
||||
nixpkgs.march = "znver3";
|
||||
network.settings =
|
||||
{
|
||||
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
|
||||
masquerade = [ "eno2" ];
|
||||
trust = [ "eno2" ];
|
||||
static.enp58s0 = { ip = "192.168.178.1"; mask = 24; };
|
||||
trust = [ "enp58s0" ];
|
||||
masquerade = [ "enp58s0" ];
|
||||
};
|
||||
nix.remote.slave = {};
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node0-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
};
|
||||
rollingRootfs.waitDevices = builtins.map (n: "/dev/disk/by-partlabel/srv2-node0-root${builtins.toString n}")
|
||||
(builtins.genList (n: n + 2) 3);
|
||||
};
|
||||
kernel.patches = [ "btrfs" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
|
||||
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
|
||||
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
xray.client.dnsmasq.extraInterfaces = [ "enp58s0" ];
|
||||
beesd."/".hashTableSizeMB = 10 * 128;
|
||||
hpcstat = {};
|
||||
ollama = {};
|
||||
sshd = { groupBanner = true; motd = true; };
|
||||
speedtest = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
|
||||
};
|
||||
};
|
||||
services.hardware.bolt.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,34 +1,31 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:TEi3LAZA0BaPxeXA1yFMD6fQPRKSndVyAzNycCD/5CYXmNVyO7zv4o23ahg=,iv:tEKFPyuqmpsWf0vDoSaw4Ai6S5DzacZFA4otNgnknxY=,tag:qZJzr/Yyoex2hDfVtT6nYA==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
|
||||
hpcstat:
|
||||
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
|
||||
wireless:
|
||||
#ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment]
|
||||
409的5G: ENC[AES256_GCM,data:K9wm3zedoil7jHgTcb+VmbdbkG2dgrMdr3BmDRUHDVADqLANMvnUMSecggYTO4HaiI9q6uv2/BSkluanD5K4Dw==,iv:7dGET3ULKlnaDMVmkuXDek+hQPLZ2VUbPqvEOX+5jlQ=,tag:MBGmQ0NNNqX+T9EsBiWCaw==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:9S3QK3lLT59GNhppHc1IoC7bN0mntbcQIZmVjtxOpQxzJDJQ63jBCfoupyfjmW3JCpWSWtelZ58VPeTOHZ6NXr2xJMitvqGAiJzsd9ZGYvlv6+OR2swXVyDMBhcQpU+1ui/5zEPFDWIxRMIoIJL3VO9la6gxHQY1st5p2REh3VpSu0R/b1ormlmSPyRtjCS4LlGpXF8FnHilE9wOLm6AhtGhq5nAHAwPCj/gVpDNI0Y+88shBbNTRG4ucXsEX3S/+IgDLElB7nE=,iv:nEa5NMxfi9rc194TMEldAw1E7Bw24qM5htVUerd1nNU=,tag:A8GB/LFeBNyAq7MfpSFaQw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
|
||||
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
|
||||
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
|
||||
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
|
||||
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMmhpYzZ4eDJuWHlJMkZW
|
||||
S2RZcXorSm1PeVdGdjBlekxuTTh2c0Z3OFI4CkU3K3FjdlhnMWpYRUI2Q0w4bFV1
|
||||
bkQyOXVKdHlMRUJrMEdlTG1KMUREK2MKLS0tIEhhd1Zib3I5cW9ZODh1bmcrcTR2
|
||||
SHdEbGcwaFhrMG83R213cjVzb25XUHcKcxYocTTMZw1V3o9pA1wAzmoHsMCmyMUh
|
||||
Kk5PaZ9vF5IDL2H7f+OI1G6C1tJmgMWWbBh9xcSNv+qF/ydDuo4UIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
|
||||
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
|
||||
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
|
||||
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
|
||||
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ0EyWGMxdEo1RUE3L3VU
|
||||
ZVluRXlKcHRoOWI3bmRSbmNqcFlpUlZ5YjFnCmJQclRtdm5CYWxvY3VUSUxIaGRy
|
||||
aElNUXAyYklnS2Z5SkVNR1JXRzg4RU0KLS0tIGVPQ2J0WjkwUWpoa2Z1WWNCTUJG
|
||||
b3JKVnp1ZnRLcE9ocU9McVM3M3d4UjAKdu8xipFbNbIoYEcatUAUFe36CzP2E2HI
|
||||
VSfPQWmRmb3/jF22b6Oy2B1DmDDvJ8T6+zUcp8J6C4Mln9oZj6dAZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-12T04:13:47Z"
|
||||
mac: ENC[AES256_GCM,data:W+e5d1scvV24AdVdl7Pisp9HxsXQ/tPjN2NV/Bd0RXZNBRB7LNQrSfk1GadboBnihW0ctAQOFk66PZsxwE2czfFL2/yzFxm9Cf11Mc822ZL3BwjnQBK4uR9LJrbjL7x1lFUk9v0AIPhjrir8F6dcX8mq6++hHNN0wjGaH3J9E0Y=,iv:RK7e4Dxog+Qsgk6gxK0f8PN8oF9bjWIrTyYK67Cdras=,tag:QSKsETYXbhnvhhjavP4UiA==,type:str]
|
||||
lastmodified: "2025-10-27T06:32:42Z"
|
||||
mac: ENC[AES256_GCM,data:x3Eod0i1X8/xee1DpHMzAqqEi4RruA+s1yrqOcH5xdWBZf3aosXGHvR/4+ev6enZ+HsuUOfN9dtfP5vMFSJXott+5tgXDL1hnk9x35dvMjRs1Q7VnOj20nWT/JUziz/2QgZQ5Y4Tfi3wq127GvITFn574LBKS76TqpLkSH+GUsQ=,iv:cxLYUKjJSJD6IigpmWZwcQNNolIYU9K0Go6WbewmJMU=,tag:lqC882yz/E4BvO4y9yz/yw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -6,21 +6,19 @@ inputs:
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "znver3";
|
||||
network =
|
||||
nixpkgs.march = "skylake";
|
||||
network.settings =
|
||||
{
|
||||
static.enp58s0 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "enp58s0" ];
|
||||
static.eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
fileSystems.swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
beesd."/".hashTableSizeMB = 64;
|
||||
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
|
||||
beesd."/" = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
};
|
||||
};
|
||||
services.hardware.bolt.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,30 +1,25 @@
|
||||
wireguard: ENC[AES256_GCM,data:zfyNpCZ2EhQdsz+/vknjtbT1vMLebil1tarIcxLoUQ3J5XOKTCQBay4jBL8=,iv:tF6I5HHhDMfoGAfrtkmvrlqsSpX9YZL8dtzxAgBCp5c=,tag:DeOFwrIGbwVtf42iO1dm6g==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:0fOvjy/b+87HS+bcNENY3jfxcxMLcjeQh/hT5HIUG2aCiTLbsmlqXTR9j18ZwcKAAEbzzDSonpPmQv/kGeMyvk9B4Q0En8FSdBaW5y5HQVLf32KlSoq8+MBRPTQREcHHMDZ/tQw02aAdq0jvYpHnFIKiqOZFfGhKo2oS12wxlR33n+zwqwyBu5quN0ynbwG+BMZua9uJrlsfFe8ttu5BHzl5xdCTVzmJ7vV7H1K7lJBwlDF62Rn6zsQV2uGaUew1ScephX/KC40=,iv:eA6YLGY+d4BldBAsqFsrrUiTY3Xa7eJ687C3gS7ofG0=,tag:40QXjFYc0ht7/OuIPDo1Wg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndWFBbXpxRlI3bmc2VFJD
|
||||
Y2hLK1RobnBYVEd1SXpiYXc5Wk1Ia09UUWgwCjE2WVZySnhXNzBtNGdJak9lbjE4
|
||||
dEp6NnNQc0dNNDZsb3Z4ek9zVk4xeDAKLS0tIGVLdDBxOVZ2ek1MN0MwTTlwZTh4
|
||||
T2VSaWx3UkxpZ2d6NC84djNpbGZUYUUKJHx6GZcnJpSoPE0HFvU+B4CsNtrcg8lx
|
||||
LGaLYmciM87kXY1enOEzDk6px9GX9hFy6/73XBJVrIU0OC/w671vHw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTzUvZG5PRzNzZGxTZkhm
|
||||
N0hDdlp5S1p4aXFFUEc1d2RoUnVEOER0R0Q4CmpSTjFVa1FDQTYramRuS1k1WUFl
|
||||
VlBCVFBleU4wZXA2ZFo1aEplMDl0Y2sKLS0tIEdmcnlNWnZtL2NhVU91S1ZaK3NY
|
||||
b2R0MHI3aDNvUEc0TVRqM3BjOGRrSHMKD2SxfcKoxeuzF0spG3qt/q4D07JKK54o
|
||||
+lgLCs+0A2cCHebxbeFPSRpd0kK1fY9O8yUmMPB8Y690mQPaNXOSQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUHUrcnoySm9CcVJCdXRk
|
||||
YmRzQ25mOFJBQjFtS01VWkxUTUU5WUI5WUdJCktLSFM3ZWl6N3ZUaTVpdWdNU09y
|
||||
RTFCczNTeHNhYzNmbWtjNTdOMW9ITnMKLS0tIHFNT3JCbFB6K0FodTJrS3FtRGVq
|
||||
c0I4VUdiZytoQWRsUUhBVStDR2VPT3MKDkDQ3sKJjotYUfoBWF85t3LYtz1OVFws
|
||||
2IdtJBHISb5j3xnAs/UUHDPzjUUsgb+sTHm9krQy3LDuELNY6KGMPw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMzZXdjhISm1ITGdKeFNn
|
||||
eHBrVDJXVzk5a2gxT1NDYVFEKzZHSGFONEZ3CkFtekZUQ3BPQkpTUVZNVUJnSGZZ
|
||||
dFhKaENwd2xIdTF2aExNcHloTnVlK2sKLS0tIGZOcXpEL0ZVZ3BWeVhNVnRKb1U3
|
||||
ZU40ZzNDU29HeGtMMVhELzBGMXZZVFkK16e15tjwN12BYnGutnGBWIs2KBCkOJww
|
||||
wdgC+3aRnGjfb0Z8Htf8qUCW5omixcbaCmMoGmGsnkx1Agfr56qQ3w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:05:21Z"
|
||||
mac: ENC[AES256_GCM,data:aPNsWBi4sm4UhX1qpk412eYNCZltKkRMWWgopZw6mjMLSOSb6E1yi8NjRJMj04RpE2XoVCkKP6R5Qo0I95wxY5qZHJuUp/5srqjAf/fHWz1QmXThogaMzM2jue7+NHUSQXrPnh0ZspXD47HyxMUOhlnewZ3EfOw7B5qKAYR1f6I=,iv:mnwtf0B7x5AbMzivg27zqIkhBdkDb5qq8eDBCGMdK0c=,tag:PCtirta++gCSsQsQo+bSmA==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-12T08:53:30Z"
|
||||
mac: ENC[AES256_GCM,data:+WZvi4HIk3P1ZKL5Bml4OgAsB4XdPVtlioVQYgaEGoTy/g3lqkCKRQok2ceQ85Mpj4NTf9PEK1Xlx8k07Mqrk51zINPNGOe2LCl233Wdbk9wCOOU3pdrj+Vj+zrd07P3KR/PVR79Mr/jrFgHRYKfdbGLOANyfDG3bUedTLLWcNw=,iv:oxpDJeSlGWl+331VJUyL+IaTezu1GPHJwo/8JKJ0+XA=,tag:fvT24Dtt1ECDCm5wJKWCwA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
33
devices/srv2/node2/default.nix
Normal file
33
devices/srv2/node2/default.nix
Normal file
@@ -0,0 +1,33 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "icelake-server";
|
||||
network.settings =
|
||||
{
|
||||
static.eno8303 = { ip = "192.168.178.3"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "eno8303" ];
|
||||
};
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node2-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
"/nix/remote/wlin" = "/data/gpfs01/wlin/.nix";
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
beesd."/" = {};
|
||||
lumericalLicenseManager.macAddress = "b4:e9:b8:fc:9a:f9";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
25
devices/srv2/node2/secrets.yaml
Normal file
25
devices/srv2/node2/secrets.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
tinc: ENC[AES256_GCM,data:zz2sNzrCiqUvyccyhG7hzpF3E8RMdWWdIW98j4Kw8rSGZEKtSkCX/YDibTRSOIuSn/hX7P9FqKgoOgKhqQcuh2gsRjaZSbccMhc3NqOXujL5y586PD9xCk2bUXDXzmRiHx8oiB1rOO86KQovfevl0yGtfpDmkuqt14OXNXvrVoCA4ChfUVwy0Yw53JlQrXl9ZndRvP6pHN4esv9UmUxrA8b//hFyJHPzSKiIfX6NGx+htH0P5UUSxKomYNqCrrtJG9RoXSgo2Go=,iv:jy4qmcl5QDaA6ub7/vHQpgiWIFj4tw0IKxGeg40W/E0=,tag:g6+jb5fInKukYWvIekyDxw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcEVHTVJPT3NtZGdPZDl0
|
||||
Ui95UlU3djhwYnNuRVI2OTA1WDI4aHFGTUFjCmxGWFZWUnltbCtWbzlVUVJxVjFh
|
||||
RFRGaHlzUkVHT3VoRWlUOFhNNW96ZUEKLS0tIDgrYkRDMEw5WnF3TEF1bWRYaWQ3
|
||||
bWN4ZFRTcEJ4dWFObzk3ME1vRlBpOGMKnZZJT6NiUEIHemSxd1ppqTxnHRRCiO7J
|
||||
r4smy21Et/E63WE6fvfzEltXb6Wlj+/ZUEMHUhyB6nmUa4udtTwQmg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SmdEYkJneTlNY05hSVVP
|
||||
VDlhSGpWVzBMUVVNMWMvSDhqdWNjcE92clNnCmlJd3pMTFVZQ1pwazFWK1EwUlJU
|
||||
NWs0bE5raEpiNjRCVkRzZTRTb1M5YmcKLS0tIHd1Y0JuTVBlWlF3OER1d2F4YmVS
|
||||
bkk0ZWpobXh5dnFteTVVamxGT1RUblkKLU7cgLazHAzsstKjMW2GvwXkfNOtPzx8
|
||||
QKIIM0rOXYUsDUQozrxRu2SChCJ/zkAxeLm6rvD1JYVMcUfuswCRlQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-27T06:34:19Z"
|
||||
mac: ENC[AES256_GCM,data:0US1WVfJ9dvXTL36XpM+veFfdUl56CxgYBSdXJe0+LPHZhpcM/R9O2DsD4kzGmvqB8d8gm140zr02F6H+tqP6IHYbNSU20uISheF4dfWFFu6DlHqx3+c9aRxrmX8PUlwHmyDsjK0Uu6wdsEeWiPqkXkA9lpDNkATlHgsbspH3Zw=,iv:21mFu3TB4+SxwBQgPGhbLQI/6SPL97j3hATo66XWUtQ=,tag:2sn70EntUBrJ5w7zy/7dpw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,28 +1,27 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeDlnOGlTYlY5a2wyaUxo\nSk5uaFVQWTY1Q25ad0NkSTQ2bTZEYU5ibWg4ClpnM1NLbFArUEtndjFGamgwdDBF\nWnNMalNRWWhLL2V3S1RWRHh3MGErUUUKLS0tIGt0MGJ4SzNDTWZNUHM0djFDSjdo\nbDMvbWRDVURzQmVWdGFQeDVWQmN5Q2MKBpbH7QXL1sf0c7ix9yd2r7vEBScixvBM\nom1tHgJmwxhep7DSyvjg/xslag7U2vF69gPrcAlnAndZsLCtsYdvyw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWam9aNkYxcEpURHI4N1lr\nOWFrUFA1a0hTUWNJM0FOMGNqT1h3d1dzRmlJCm9lOHBWRlRqY09DTW5oSmZtREtv\nUVI3aSsyWXczYmdRTG5VRWdCVFd4WEUKLS0tIGNjYmJDOVZKTjlENzFGVDJVMCtT\nWUsrRUpsM3dvQ3NkZnordnJ6djF6N1EKF53Up6zSFot6i2B+UO3H9NeFeyVA/R+X\naH9SuT+9Wox1lxDLhG/+S28tE4IyXZgbo+12sreQ3TkGslfxTwXTUA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa2Z5V0VPRWhYaXZ3STBa\nMWVsS01CYVBzeHM0T29pUWtQYlVyWCtheFRzCk5JYUpqN1cwWDFwUkZ2Q2xkL3U5\nRlNpMTQ2QTBQZFdYMmJIZjdnOWNjalEKLS0tIEZZREZPVmQxZ25MaHlMZ0VuWExT\nR2dJZ1lWdGt5dWNIM1FyQ2dZV0dlTTQKhUnA3pnoXb18/b/Jzyk0fC6GnmIMmYfl\nVgzCoCDSHNSvW/qUoT22hJfZCMFvIzOHEpmufMHCecZdisUozfWFuQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUW1uTUpHT0dOOHIwVTQw\nU0pzUng1RGhPNXcvMU5xMlZpMTFUaTMvNEdrCjA2MEt0aGVYcEhwRm9LMFU1eFc1\nT3RVOVBvSEcrM2hCMVFQTlFCeE4zRzQKLS0tIFhKT0VOVVgwQ3VCUld4dUc0ZXB6\ncUJDQXZWbXpoQWNQTFM5TGM4VEhUajAKMab/tG8ol/s/LjT/g6q9tmL6GOkMdh5C\n9rbkUo4YhLx8ZnDGfD+kfvyr4E23E0Y5uOs4G/VFesiJwDziWchX2A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYnBaYmprYTIySWFnOVhk\nTThHNEptc2luWTFxSTBBMnY1Q1FkQjNBaWlBClFRbWlIdmRRVnZ0TGJVTlhNRHN0\nS1JZZnJLU2xCS3Q4ZTBDWU9ScnBtOEEKLS0tIFNCMmtDd0VJR0JucUJSZHo3dHZl\nWm9ZQ0dOamZvSTNQNW1uWW85TGxRTWMKKm7NdN69Q7F+KcR7u3kTxhQuzikGUdEZ\n8AkowBgHRndxNgdC6wYV1VeqEkDxXqR/430+EQS0jQQrIXpuXkCDkQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDblAwYkhXd2xJaEJQYzVx\nWmZjRXhxN1F1cDAvcTFGSW54UWs4a09yaWdrCm9iZ1NPTmN0ejJvQyt2UWhaY1BV\nUDhZWHNuWUNvVGZ4eGVNS1lnOHlnNE0KLS0tIE9OWGVRMUNObUt2alFnTmh1eEVH\nNzg3ODkzNmRYYndIK2xXR0pUWTB6Z2MKj3b0sJI7y/QhvBjQbAg6gpBFszuGUuvq\neBsTeiuXJdyZru54qOJ3k6DGAnsS8lIYptwpi2jC24ebwG3QSpGjzg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTzgwUXpjM3Z1c1VvdlNL\ndTdGdDlIcCtMVHJZeGs5ZUo4L2VNMUxFakNzCloyYUFLSDFHSjVhUzRoZWlPVFdS\nMWI5eXdMdGw1d3ZwcFNiNUZkSmxuZ2sKLS0tIHdsK1oxOUVMbUNxZ0toZlRsN1N6\nMUxNeTF0L0lRc3BnUExob0ZlaExVb0kKW7zPqfYAw8/RsGNpVBFhnObjfgqgxdkC\nEVQQYduAz+FkIdsN5/rrleyacbpCrEQcSTVTXpwLopoL/ukY1i0p/A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-03-09T07:59:38Z",
|
||||
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,6 @@ inputs:
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
@@ -29,7 +28,7 @@ inputs:
|
||||
fail2ban = {};
|
||||
xray.server.serverName = "xserver2.vps4.chn.moe";
|
||||
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.nas.chn.moe"; })
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; })
|
||||
[
|
||||
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
|
||||
"photoprism" "nextcloud" "freshrss" "huginn" "api" "webdav" "chat"
|
||||
|
||||
@@ -39,7 +39,7 @@ xray-server:
|
||||
#ENC[AES256_GCM,data:O3ovvRYzFrQY,iv:/Zs8e6u7wdp18AacZ3WWBvn5PDtXDnQ6ZyqLiyYmvAY=,tag:HmhKBI3aRCIR34vOEnv1iA==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:ee0naewdOjIxA0QEpmUyOSu++sUJQneEufhJBHiyOR7jAPTU,iv:09fZ0dLUZHp9wM2lCiIcTzFey2AkWBmnUCfq8W3FM6Y=,tag:dHBVo/Ok3Q9vy1pIbWC1Kw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:3h+cpSHULgwlI/zOI0IL4t4diDzm7qWW1sOWZqkFRWCB0CAfGyydGNlZkqA=,iv:pVpmw0aEDssQSr724h9NvJqFMHu0NupDfCSt1RWVnUk=,tag:fonuszujTzeo2HqO1OokEw==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:MO+GKj5Ma1weblDjViBXUR5JS8fKoc5XQp6jVimhgip1MiulkUTgJ0Z+ecazAdBh9WnaI65SnLMXLMzk5wiJfblE5KJ+UlSvn7TXKvFPoWw9WXsU96to7D+IZNAYRXj6eMJ6g9j/u01Q348s5F9RE30C9jtk2mwM1n8yyAP/BuwcyyVZK6jOwtE5zsZyinGzLTCyD8pZqhVQ63qdrNMAdvNowl38cVm5pKYsiZiU9r8fzQJXS+5R65rJPxNKJ9CYBI3ca8OGJbY=,iv:bJgHF4CFagARNXFvkNFznzyUit6LsO75RiDTxZGsmr0=,tag:zDX6N6tDoooRUmovhgKsZw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -60,7 +60,7 @@ sops:
|
||||
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
|
||||
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T07:42:38Z"
|
||||
mac: ENC[AES256_GCM,data:fQm8aI6KdoJVxcl4MQP7Q6EZVqmmLFo9A3Hjo/tKZA+VOYvQWFBxIKwy5Cj0SBi4pWsSjwG6pJZ7m6Wh/dDK4KlgkoaXgAYj+efHtScOH5Gkb0sTpAkHNL+/CJ/cO1doXiXRGj47fn1QB9o9WBaomtOWQbzDts4eFs9pdm8TAq4=,iv:91Ilig4j0ELHEatTY7ALKwwr8AzYnRwhKbdWDcufZF4=,tag:UfwaudQTNKu+uryCZjo3mw==,type:str]
|
||||
lastmodified: "2025-10-12T08:53:17Z"
|
||||
mac: ENC[AES256_GCM,data:uJPxF01MX0WXrkSrjBY+GHM58gSZqKjs3777LNfou2VMfwWtmiEcOTrx+i9iWAWA1idnCoDfLy4EEIGo1EhLJBFcmMvSpoFBfJUvpTCefOLkTYW6J7AHI/Bd+aYK5UXYZxk4uoCURFt1inSCiDWAw2aQ+1g+j5a/HgRtTux9FEo=,iv:a/SuzpuHkq+D2tddrMaWjn1pLJJjpb2zzEbDkcVjH7o=,tag:+lq8vfZxBRmyG9U8KXTsHA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -21,7 +21,6 @@ inputs:
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
@@ -34,10 +33,13 @@ inputs:
|
||||
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
|
||||
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
|
||||
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
|
||||
"xservernas.chn.moe" = { upstream = "wg0.nas.chn.moe:443"; proxyProtocol = false; };
|
||||
"xservernas.chn.moe" = { upstream = "tinc0.nas.chn.moe:443"; proxyProtocol = false; };
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; })
|
||||
[ "xn--s8w913fdga" "matrix" ]))
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.pc.chn.moe"; })
|
||||
[ "xn--qbtm095lrg0bfka60z" ]));
|
||||
applications =
|
||||
{
|
||||
@@ -56,33 +58,30 @@ inputs:
|
||||
mirism = {};
|
||||
fail2ban = {};
|
||||
beesd."/" = {};
|
||||
# bind = {};
|
||||
bind = {};
|
||||
};
|
||||
};
|
||||
networking.nftables.tables.forward =
|
||||
{
|
||||
family = "inet";
|
||||
content =
|
||||
let
|
||||
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0";
|
||||
in
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname wg0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
content = let srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.srv2-node0"; in
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname tinc0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -43,9 +43,9 @@ send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
coturn:
|
||||
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:5M7EAy/6+2UASWkjxE0Jrxwl0aNdAVZaUjQnD1wU3YvOAQ/c2DSL8hVtKf8=,iv:a2tXFf1+aP0JhdNtzP8e82KJ71m2o8nx+G0wIx4VMig=,tag:l4TS4QBz2fIkC9/GnZgHnQ==,type:str]
|
||||
xray-xmu-client:
|
||||
cookie: ENC[AES256_GCM,data:RZ2WFnsX7s/PVqA7ZKhGqw==,iv:CknFoAcHIiIwJI1IEXkFdWXcOCAZr50pfwmQN72OI8o=,tag:w2pNU1APxlSQsGMIEdE2OA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:E3OrPA67R48x5FJUW0ZbERlclz8Z/XokAaGTeBQLPEHSeqEArHYSZkdJRZejFrBruJPlGZMPNBQzlIBXOfXKwMnlBDaGJIIJHIzPDGG9W7QF4IIRK/BjVZHFwfKvZtbUDGsqLcCSe5+ttmyucBaFGquXhnD/Tu09uyWtRvS10KAJLY0Z2/16CFB1+8egJIcYw2TFXObo+KR92Va0qwiDSepKaJtYLimDGRKk04QGj+BYa5y8PjIG6bz8UG82mmCiV7XM3EPlSMA=,iv:kawsklNGFbRhxKuUwvNL2WyBxuYu2T/uks1cJ4i8NhA=,tag:V+jAaxQX7JCiR5+wIVW4Nw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -66,7 +66,7 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T05:54:47Z"
|
||||
mac: ENC[AES256_GCM,data:OtHwr58A1UOfYxQR88ay76fWmAyWPl5YtNbAiv0LXPLZPRtLGBJKuTjMaHr17AMepFZ+u5IPV2r8z1AUDj0opLXlv3Ik/DJ2PCcQTOBH+/lnSgzJKWfdCip9/wFR6N3dT0PKKLuBiURB9ZCYmtnq6E5+Guadc6ATYDSEpwbENZQ=,iv:kXsYMGjAtUlv1UqFU8Xv0zagohnpHkzSI72mq5HKY7k=,tag:KR+1A8l2VvbzDZV/00hbJg==,type:str]
|
||||
lastmodified: "2025-10-12T08:53:02Z"
|
||||
mac: ENC[AES256_GCM,data:Nx+PkDiF0Rz1jqO93ylzCPAWOFoc9KFnMGixcHgvzl+hvxFMHFEx0CzPceLGBLaz3s22nSL5PPq2k2fPJ1Yi9+kndWsTQuTu7gHQLABCriFysTshcOHd9m5/I8vgKHNaaYGOfDNjhji8xL/naSx2rpCyJDKSygRvfPvBaNdOYMg=,iv:VRIOc8eSWSZPveq2sbojNs2u9qEyOOoomhGE+Jwgnw4=,tag:xKdg4x/DWjktD0QZpycwGg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
14
devices/wlin/default.nix
Normal file
14
devices/wlin/default.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = "haswell"; nixRoot = "/data/gpfs01/wlin/.nix"; nixos = false; };
|
||||
});
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "jykang";
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
33
flake.lock
generated
33
flake.lock
generated
@@ -25,12 +25,12 @@
|
||||
"blog": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1757155808,
|
||||
"lastModified": 1759333393,
|
||||
"lfs": true,
|
||||
"narHash": "sha256-dngkmShADPQOziASLZmwXNop0R6O4PlbHYOUAXfaoxs=",
|
||||
"narHash": "sha256-0ruJ4kw82hQZDLp5oIBG2Kq+SBeOUoTSMJzFofOz4Sg=",
|
||||
"ref": "refs/heads/public",
|
||||
"rev": "0b2cb19d9f9da2a8cab440c0053029ec93d263b7",
|
||||
"revCount": 36,
|
||||
"rev": "e6d2bc75a815a8ea73eea24091af10b4eb595b95",
|
||||
"revCount": 37,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/blog-public.git"
|
||||
},
|
||||
@@ -851,11 +851,11 @@
|
||||
},
|
||||
"nixpkgs-2311": {
|
||||
"locked": {
|
||||
"lastModified": 1735377590,
|
||||
"narHash": "sha256-U9W9H/HYoaKa5wzSL2IBmnFDhxlesuKAcKi/hl5xPvE=",
|
||||
"lastModified": 1760234929,
|
||||
"narHash": "sha256-4W0o4O8ANykPCOQD2Jb6pdGerDSLNzIVNF7AoVNMZvM=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0c3e74a65634ae3f43be7d0f6c3b5156ac54747b",
|
||||
"rev": "66170f3c82eecdee7dcd29a7e72ed87965bde4fc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1213,6 +1213,24 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pybinding": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1598796477,
|
||||
"narHash": "sha256-4DtGtQ40TEaM6qSydwsj9gD3JqpaCFpcvWJISwn69Zk=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "ec1128aaa84a1b43a74fb970479ce4544bd63179",
|
||||
"revCount": 774,
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/dean0x7d/pybinding"
|
||||
},
|
||||
"original": {
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/dean0x7d/pybinding"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"aagl": "aagl",
|
||||
@@ -1254,6 +1272,7 @@
|
||||
"plasma-manager": "plasma-manager",
|
||||
"pocketfft": "pocketfft",
|
||||
"py4vasp": "py4vasp",
|
||||
"pybinding": "pybinding",
|
||||
"rsshub": "rsshub",
|
||||
"rycee": "rycee",
|
||||
"sops-nix": "sops-nix",
|
||||
|
||||
@@ -64,6 +64,7 @@
|
||||
phono3py = { url = "github:phonopy/phono3py"; flake = false; };
|
||||
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
|
||||
speedtest = { url = "github:librespeed/speedtest"; flake = false; };
|
||||
pybinding = { url = "git+https://github.com/dean0x7d/pybinding?submodules=1"; flake = false; };
|
||||
};
|
||||
|
||||
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
localLib:
|
||||
{ lib, localLib }:
|
||||
let
|
||||
cname =
|
||||
{
|
||||
@@ -8,7 +8,7 @@ let
|
||||
[
|
||||
"initrd.vps4" "xserver2.vps4"
|
||||
# to nas
|
||||
"git" "grafana" "matrix" "peertube" "send" "vikunja" "铜锣湾" "xservernas" "chat" "freshrss" "huginn" "nextcloud"
|
||||
"git" "grafana" "peertube" "send" "vikunja" "xservernas" "chat" "freshrss" "huginn" "nextcloud"
|
||||
"photoprism" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
|
||||
];
|
||||
vps6 =
|
||||
@@ -19,13 +19,13 @@ let
|
||||
"铜锣湾实验室"
|
||||
];
|
||||
"xlog.autoroute" = [ "xlog" ];
|
||||
"wg0.srv1-node0" = [ "wg0.srv1" ];
|
||||
"wg0.srv2-node0" = [ "wg0.srv2" ];
|
||||
"tinc0.srv1-node0" = [ "tinc0.srv1" ];
|
||||
"tinc0.srv2-node0" = [ "tinc0.srv2" ];
|
||||
srv1-node0 = [ "srv1" ];
|
||||
srv2-node0 = [ "srv2" ];
|
||||
"wg1.pc" = [ "nix-store" ];
|
||||
"wg1.nas" = [ "nix-store.nas" ];
|
||||
"wg0.nas" = [ "ssh.git" ];
|
||||
"tinc0.pc" = [ "nix-store" ];
|
||||
"tinc0.nas" = [ "nix-store.nas" "ssh.git" ];
|
||||
autoroute = [ "铜锣湾" "matrix" ];
|
||||
};
|
||||
a =
|
||||
{
|
||||
@@ -39,9 +39,10 @@ let
|
||||
srv1-node1 = "192.168.178.2";
|
||||
srv1-node2 = "192.168.178.3";
|
||||
srv2-node1 = "192.168.178.2";
|
||||
srv2-node2 = "192.168.178.3";
|
||||
"409test" = "192.168.1.5";
|
||||
};
|
||||
wireguard = import ./wireguard.nix;
|
||||
tinc = import ./tinc.nix;
|
||||
in
|
||||
{
|
||||
"" =
|
||||
@@ -75,12 +76,6 @@ in
|
||||
// builtins.listToAttrs (builtins.map
|
||||
(a: {inherit (a) name; value = { inherit (a) value; type = "A"; }; })
|
||||
(localLib.attrsToList a))
|
||||
// builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(net: builtins.map
|
||||
(peer:
|
||||
{
|
||||
name = "${net.name}.${peer.name}";
|
||||
value = { type = "A"; value = "192.168.${builtins.toString net.value}.${builtins.toString peer.value}"; };
|
||||
})
|
||||
(localLib.attrsToList wireguard.peer))
|
||||
(localLib.attrsToList wireguard.net)))
|
||||
// lib.mapAttrs'
|
||||
(n: v: lib.nameValuePair "tinc0.${n}" { type = "A"; value = "192.168.85.${builtins.toString v}"; })
|
||||
tinc
|
||||
|
||||
12
flake/dns/config/tinc.nix
Normal file
12
flake/dns/config/tinc.nix
Normal file
@@ -0,0 +1,12 @@
|
||||
{
|
||||
vps4 = 2;
|
||||
vps6 = 1;
|
||||
pc = 3;
|
||||
nas = 4;
|
||||
srv1-node0 = 9;
|
||||
srv1-node1 = 6;
|
||||
srv1-node2 = 8;
|
||||
srv2-node0 = 7;
|
||||
srv2-node1 = 10;
|
||||
srv2-node2 = 11;
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
{
|
||||
net = { wg0 = 83; wg1 = 84; };
|
||||
peer =
|
||||
{
|
||||
vps4 = 2;
|
||||
vps6 = 1;
|
||||
pc = 3;
|
||||
nas = 4;
|
||||
srv1-node0 = 9;
|
||||
srv1-node1 = 6;
|
||||
srv1-node2 = 8;
|
||||
srv2-node0 = 7;
|
||||
srv2-node1 = 10;
|
||||
};
|
||||
}
|
||||
@@ -4,7 +4,7 @@ let
|
||||
let addTtl' = attrs: attrs // { octodns.cloudflare.auto-ttl = true; };
|
||||
in builtins.mapAttrs (n: v: if builtins.isList v then builtins.map addTtl' v else addTtl' v) config;
|
||||
config = builtins.listToAttrs (builtins.map
|
||||
(domain: { name = domain; value = import ./config/${domain}.nix localLib; })
|
||||
(domain: { name = domain; value = import ./config/${domain}.nix { inherit lib localLib; }; })
|
||||
[ "chn.moe" "nekomia.moe" "mirism.one" ]);
|
||||
configDir = symlinkJoin
|
||||
{
|
||||
@@ -15,7 +15,7 @@ let
|
||||
};
|
||||
meta.config = config //
|
||||
{
|
||||
wireguard = import ./config/wireguard.nix;
|
||||
tinc = import ./config/tinc.nix;
|
||||
"chn.moe" = config."chn.moe"
|
||||
// {
|
||||
# 查询域名对应的 ip
|
||||
|
||||
@@ -71,6 +71,7 @@ in platformConfig //
|
||||
boost188 = prev.boost188.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./boost188.patch ]; });
|
||||
inherit (final.pkgs-2411) iio-sensor-proxy;
|
||||
inherit (final.pkgs-unstable) bees;
|
||||
xray = prev.xray.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./xray.patch ]; });
|
||||
}
|
||||
// (
|
||||
let
|
||||
@@ -81,7 +82,22 @@ in platformConfig //
|
||||
{
|
||||
pkgs-2305 = "nixpkgs-2305";
|
||||
pkgs-2311 = "nixpkgs-2311";
|
||||
pkgs-2411 = { source = "nixpkgs-2411"; overlays = [ inputs.topInputs.bscpkgs.overlays.default ]; };
|
||||
pkgs-2411 =
|
||||
{
|
||||
source = "nixpkgs-2411";
|
||||
overlays =
|
||||
[
|
||||
inputs.topInputs.bscpkgs.overlays.default
|
||||
(final: prev: inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
{
|
||||
sphinx = prev.sphinx.overridePythonAttrs (prev:
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_xml_warnings" ]; });
|
||||
})];
|
||||
})
|
||||
];
|
||||
};
|
||||
pkgs-unstable =
|
||||
{
|
||||
source = "nixpkgs-unstable";
|
||||
|
||||
30
flake/lib/buildNixpkgsConfig/xray.patch
Normal file
30
flake/lib/buildNixpkgsConfig/xray.patch
Normal file
@@ -0,0 +1,30 @@
|
||||
diff --git a/app/dns/nameserver_doh.go b/app/dns/nameserver_doh.go
|
||||
index cba59423..19c6d34f 100644
|
||||
--- a/app/dns/nameserver_doh.go
|
||||
+++ b/app/dns/nameserver_doh.go
|
||||
@@ -1,7 +1,7 @@
|
||||
package dns
|
||||
|
||||
import (
|
||||
- "bytes"
|
||||
+ "encoding/base64"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
go_errors "errors"
|
||||
@@ -188,14 +188,13 @@ func (s *DoHNameServer) sendQuery(ctx context.Context, noResponseErrCh chan<- er
|
||||
}
|
||||
|
||||
func (s *DoHNameServer) dohHTTPSContext(ctx context.Context, b []byte) ([]byte, error) {
|
||||
- body := bytes.NewBuffer(b)
|
||||
- req, err := http.NewRequest("POST", s.dohURL, body)
|
||||
+ query := fmt.Sprintf("%s?dns=%s", s.dohURL, base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(b))
|
||||
+ req, err := http.NewRequest("GET", query, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
req.Header.Add("Accept", "application/dns-message")
|
||||
- req.Header.Add("Content-Type", "application/dns-message")
|
||||
|
||||
req.Header.Set("X-Padding", strings.Repeat("X", int(crypto.RandBetween(100, 1000))))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
singles = [ "nas" "pc" "vps4" "vps6" "r2s" ];
|
||||
cluster = { srv1 = 3; srv2 = 2; };
|
||||
cluster = { srv1 = 3; srv2 = 3; };
|
||||
deviceModules = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
|
||||
@@ -28,7 +28,8 @@
|
||||
gfortran = pkgs.pkgsStatic.gfortran;
|
||||
lapack = pkgs.pkgsStatic.openblas;
|
||||
};
|
||||
jykang = import ../devices/jykang.xmuhpc { inherit inputs localLib; };
|
||||
jykang = import ../devices/jykang { inherit inputs localLib; };
|
||||
wlin = import ../devices/wlin { inherit inputs localLib; };
|
||||
xmuhk = import ../devices/xmuhk { inherit inputs localLib; };
|
||||
src =
|
||||
let getDrv = x:
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
netboot = pkgs.fetchurl
|
||||
{
|
||||
url = "https://boot.netboot.xyz/ipxe/netboot.xyz.iso";
|
||||
sha256 = "01hlslbi2i3jkzjwn24drhd2lriaqiwr9hb83r0nib9y1jvr3k5p";
|
||||
sha256 = "6GeOcugqElGPoPXeaWVpjcV5bCFxNLShGgN/sjsVzuI=";
|
||||
};
|
||||
};
|
||||
vasp =
|
||||
|
||||
@@ -5,8 +5,8 @@ inputs:
|
||||
type = types.nullOr (types.enum [ "intel" "amd" ]);
|
||||
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
|
||||
if march == null then null
|
||||
else if inputs.lib.hasPrefix "znver" march then "amd"
|
||||
else if (inputs.lib.hasSuffix "lake" march)
|
||||
else if inputs.lib.hasInfix "znver" march then "amd"
|
||||
else if (inputs.lib.hasInfix "lake" march)
|
||||
|| (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ])
|
||||
then "intel"
|
||||
else null;
|
||||
|
||||
@@ -63,7 +63,7 @@ inputs:
|
||||
forwardAgent = true;
|
||||
extraOptions.AddKeysToAgent = "yes";
|
||||
};
|
||||
"wg0.jykang" = jykang // { host = "wg0.jykang"; proxyJump = "wg0.srv2"; };
|
||||
"tinc0.jykang" = jykang // { host = "tinc0.jykang"; proxyJump = "tinc0.nas"; };
|
||||
};
|
||||
};
|
||||
})];
|
||||
|
||||
@@ -32,7 +32,7 @@ inputs:
|
||||
300 ; minimum
|
||||
)
|
||||
@ IN NS vps6.chn.moe.
|
||||
@ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "srv3"}
|
||||
@ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps4"}
|
||||
'';
|
||||
nullZone = inputs.pkgs.writeText "null.zone" "";
|
||||
in
|
||||
|
||||
@@ -22,7 +22,7 @@ inputs:
|
||||
ssh = "${inputs.pkgs.openssh}/bin/ssh -i ${key} -o StrictHostKeyChecking=no"
|
||||
+ " -o ForwardAgent=yes -o AddKeysToAgent=yes";
|
||||
key = inputs.config.nixos.system.sops.secrets."hpcstat/key".path;
|
||||
jykang = "${inputs.topInputs.self}/devices/jykang.xmuhpc/files";
|
||||
jykang = "${inputs.topInputs.self}/devices/jykang/files";
|
||||
ssh-agent = "${inputs.pkgs.openssh}/bin/ssh-agent";
|
||||
in
|
||||
{
|
||||
|
||||
@@ -40,19 +40,19 @@ inputs:
|
||||
'';
|
||||
systemd =
|
||||
{
|
||||
services = inputs.lib.mkIf (inputs.config.nixos.system.network == null)
|
||||
services = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "networkmanager")
|
||||
{
|
||||
nginx-proxy =
|
||||
let
|
||||
ip = "${inputs.pkgs.iproute2}/bin/ip";
|
||||
start = inputs.pkgs.writeShellScript "nginx-proxy.start"
|
||||
''
|
||||
${ip} rule add fwmark 2/2 table 200
|
||||
${ip} rule add fwmark 2/2 table 200 priority 5001
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 200
|
||||
'';
|
||||
stop = inputs.pkgs.writeShellScript "nginx-proxy.stop"
|
||||
''
|
||||
${ip} rule del fwmark 2/2 table 200
|
||||
${ip} rule del fwmark 2/2 table 200 priority 5001
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 200
|
||||
'';
|
||||
in
|
||||
@@ -70,13 +70,13 @@ inputs:
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network != null)
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "systemd-networkd")
|
||||
{
|
||||
"10-custom" =
|
||||
{
|
||||
matchConfig.Name = "lo";
|
||||
routes = [{ Table = 200; Destination = "0.0.0.0/0"; Type = "local"; }];
|
||||
routingPolicyRules = [{ FirewallMark = "2/2"; Table = 200; }];
|
||||
routingPolicyRules = [{ FirewallMark = "2/2"; Table = 200; Priority = 5001; }];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -44,6 +44,7 @@ inputs:
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
timeLimit = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) slurm; in inputs.lib.mkIf slurm.enable (inputs.lib.mkMerge
|
||||
[
|
||||
@@ -97,18 +98,17 @@ inputs:
|
||||
"State=UNKNOWN"
|
||||
])
|
||||
(inputs.localLib.attrsToList slurm.node);
|
||||
partitionName = builtins.map
|
||||
(partition:
|
||||
let nodes = builtins.concatStringsSep "," partition.value;
|
||||
in builtins.concatStringsSep " "
|
||||
[
|
||||
partition.name
|
||||
"Nodes=${builtins.concatStringsSep "," (builtins.map (n: slurm.node.${n}.name) partition.value)}"
|
||||
"Default=${if partition.name == slurm.defaultPartition then "YES" else "NO"}"
|
||||
"MaxTime=INFINITE"
|
||||
"State=UP"
|
||||
])
|
||||
(inputs.localLib.attrsToList slurm.partitions);
|
||||
partitionName = inputs.lib.mapAttrsToList
|
||||
(n: v: builtins.concatStringsSep " "
|
||||
[
|
||||
n
|
||||
"Nodes=${builtins.concatStringsSep "," (builtins.map (n: slurm.node.${n}.name) v)}"
|
||||
"Default=${if n == slurm.defaultPartition then "YES" else "NO"}"
|
||||
"MaxTime=${if slurm.timeLimit != null then slurm.timeLimit else "INFINITE"}"
|
||||
"State=UP"
|
||||
''TRESBillingWeights="CPU=1.0,Mem=0.1G,GRES/gpu=10"''
|
||||
])
|
||||
slurm.partitions;
|
||||
procTrackType = "proctrack/cgroup";
|
||||
controlMachine = slurm.master;
|
||||
controlAddr = slurm.node.${slurm.master}.address;
|
||||
@@ -131,7 +131,7 @@ inputs:
|
||||
|
||||
SlurmdDebug=debug2
|
||||
SlurmdParameters=l3cache_as_socket
|
||||
DebugFlags=NO_CONF_HASH
|
||||
DebugFlags=NO_CONF_HASH,CPU_Bind,Gres
|
||||
|
||||
# automatically resume node after drain
|
||||
ReturnToService=2
|
||||
@@ -153,6 +153,8 @@ inputs:
|
||||
# correctly set priority
|
||||
PriorityType=priority/multifactor
|
||||
PriorityWeightAge=10000
|
||||
PriorityWeightFairshare=10000
|
||||
AccountingStorageEnforce=associations
|
||||
|
||||
# use low resource as default
|
||||
DefCpuPerGPU=1
|
||||
@@ -225,7 +227,11 @@ inputs:
|
||||
};
|
||||
systemd =
|
||||
{
|
||||
services.slurmctld = { after = [ "suid-sgid-wrappers.service" ]; serviceConfig.MemorySwapMax = "0"; };
|
||||
services.slurmctld =
|
||||
{
|
||||
after = [ "suid-sgid-wrappers.service" "slurmdbd.service" ];
|
||||
serviceConfig.MemorySwapMax = "0";
|
||||
};
|
||||
tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
|
||||
};
|
||||
nixos.system.sops =
|
||||
@@ -233,7 +239,7 @@ inputs:
|
||||
secrets = { "slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; }; }
|
||||
// builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "telegram/${n}" {})
|
||||
[ "token" "user/chn" "user/hjp" ]);
|
||||
[ "token" "user/chn" "user/hjp" "user/root" ]);
|
||||
templates."info.yaml" =
|
||||
{
|
||||
owner = "slurm";
|
||||
@@ -241,7 +247,7 @@ inputs:
|
||||
{
|
||||
token = placeholder."telegram/token";
|
||||
user = builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair n placeholder."telegram/user/${n}") [ "chn" "hjp" ]);
|
||||
(n: inputs.lib.nameValuePair n placeholder."telegram/user/${n}") [ "chn" "hjp" "root" ]);
|
||||
slurmConf = "${inputs.config.services.slurm.etcSlurm}/slurm.conf";
|
||||
};
|
||||
};
|
||||
|
||||
31
modules/services/tailscale.nix
Normal file
31
modules/services/tailscale.nix
Normal file
@@ -0,0 +1,31 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.tailscale = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.services) tailscale; in inputs.lib.mkIf (tailscale != null)
|
||||
{
|
||||
services.tailscale =
|
||||
{
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
disableTaildrop = true;
|
||||
# authKeyParameters should not be set
|
||||
authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
|
||||
extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" "--netfilter-mode=off" ];
|
||||
extraSetFlags = [ "--accept-dns=false" "--netfilter-mode=off" ];
|
||||
};
|
||||
nixos.system.sops.secrets."tailscale" = {};
|
||||
networking.firewall.trustedInterfaces = [ inputs.config.services.tailscale.interfaceName ];
|
||||
users =
|
||||
{
|
||||
users.tailscale = { uid = inputs.config.nixos.user.uid.tailscale; group = "tailscale"; isSystemUser = true; };
|
||||
groups.tailscale.gid = inputs.config.nixos.user.gid.tailscale;
|
||||
};
|
||||
systemd.services.tailscaled.serviceConfig =
|
||||
{
|
||||
User = "tailscale";
|
||||
Group = "tailscale";
|
||||
AmbientCapabilities = [ "CAP_NET_RAW" "CAP_NET_ADMIN" "CAP_SYS_MODULE" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,50 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.wireguard = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
# wireguard 接口的 ip,不是 wireguard 监听的 ip(它实际上监听所有 ip)
|
||||
ip = mkOption { type = types.str; };
|
||||
# wireguard 接口的网段
|
||||
netmask = mkOption { type = types.int; default = 24; };
|
||||
# 设置 wireguard 监听的端口,如果不设置则随机,同时不开放防火墙
|
||||
listenPort = mkOption { type = types.nullOr types.int; default = null; };
|
||||
peer = mkOption { type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
publicKey = mkOption { type = types.nonEmptyStr; };
|
||||
endpoint = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
allowedIPs = mkOption { type = types.nonEmptyListOf types.nonEmptyStr; };
|
||||
};});};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) wireguard; in inputs.lib.mkIf (wireguard != {})
|
||||
{
|
||||
networking = inputs.lib.mkMerge (builtins.map
|
||||
(wg:
|
||||
{
|
||||
firewall =
|
||||
{
|
||||
allowedUDPPorts = inputs.lib.mkIf (wg.value.listenPort != null) [ wg.value.listenPort ];
|
||||
trustedInterfaces = [ wg.name ];
|
||||
};
|
||||
wireguard.interfaces.${wg.name} =
|
||||
{
|
||||
inherit (wg.value) listenPort;
|
||||
ips = [ "${wg.value.ip}/${builtins.toString wg.value.netmask}" ];
|
||||
privateKeyFile = inputs.config.nixos.system.sops.secrets.wireguard.path;
|
||||
peers = builtins.map
|
||||
(peer:
|
||||
{
|
||||
inherit (peer) name;
|
||||
inherit (peer.value) publicKey allowedIPs endpoint;
|
||||
persistentKeepalive = if peer.value.endpoint != null then 10 else null;
|
||||
})
|
||||
(inputs.localLib.attrsToList wg.value.peer);
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList wireguard));
|
||||
nixos.system.sops.secrets.wireguard = {};
|
||||
};
|
||||
}
|
||||
@@ -19,7 +19,8 @@ inputs:
|
||||
extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
};
|
||||
v2ray-forwarder.noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
|
||||
v2ray-forwarder.noproxyUsers =
|
||||
mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" "tailscale" ]; };
|
||||
};}));
|
||||
default = null;
|
||||
};
|
||||
@@ -59,7 +60,7 @@ inputs:
|
||||
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
|
||||
[
|
||||
{
|
||||
address = "https://1.12.12.12/dns-query";
|
||||
address = "https://223.5.5.5/dns-query";
|
||||
domains = [ "geosite:geolocation-cn" ];
|
||||
expectIPs = [ "geoip:cn" ];
|
||||
skipFallback = true;
|
||||
@@ -70,7 +71,7 @@ inputs:
|
||||
expectIPs = [ "geoip:!cn" ];
|
||||
skipFallback = true;
|
||||
}
|
||||
{ address = "https://1.12.12.12/dns-query"; expectIPs = [ "geoip:cn" ]; }
|
||||
{ address = "https://223.5.5.5/dns-query"; expectIPs = [ "geoip:cn" ]; }
|
||||
{ address = "8.8.8.8"; }
|
||||
];
|
||||
disableCache = true;
|
||||
@@ -109,6 +110,13 @@ inputs:
|
||||
}
|
||||
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "proxy-socks-in"; }
|
||||
{ port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
|
||||
{
|
||||
port = 10885;
|
||||
protocol = "socks";
|
||||
settings.udp = true;
|
||||
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
|
||||
tag = "common-socks-in";
|
||||
}
|
||||
];
|
||||
outbounds =
|
||||
[
|
||||
@@ -153,20 +161,28 @@ inputs:
|
||||
rules = builtins.map (rule: rule // { type = "field"; })
|
||||
[
|
||||
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ "1.12.12.12" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ "223.5.5.5" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ "8.8.8.8" ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
|
||||
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
|
||||
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
|
||||
{
|
||||
inboundTag = [ "common-in" ];
|
||||
inboundTag = [ "common-in" "common-socks-in" ];
|
||||
domain = [ "geosite:geolocation-cn" ];
|
||||
outboundTag = "direct";
|
||||
}
|
||||
{
|
||||
inboundTag = [ "common-in" "common-socks-in" ];
|
||||
domain = [ "geosite:geolocation-!cn" ];
|
||||
outboundTag = "proxy-vless";
|
||||
}
|
||||
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
|
||||
{
|
||||
inboundTag = [ "common-in" "common-socks-in" ];
|
||||
ip = [ "geoip:cn" "geoip:private" ];
|
||||
outboundTag = "direct";
|
||||
}
|
||||
{ inboundTag = [ "common-in" "common-socks-in" ]; outboundTag = "proxy-vless"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
@@ -198,7 +214,7 @@ inputs:
|
||||
restartTriggers = [ inputs.config.nixos.system.sops.templates."xray-client.json".file ];
|
||||
};
|
||||
}
|
||||
(inputs.lib.mkIf (inputs.config.nixos.system.network == null)
|
||||
(inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "networkmanager")
|
||||
{
|
||||
v2ray-forwarder =
|
||||
{
|
||||
@@ -211,25 +227,25 @@ inputs:
|
||||
RemainAfterExit = true;
|
||||
ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start"
|
||||
''
|
||||
${ip} rule add fwmark 1/1 table 100
|
||||
${ip} rule add fwmark 1/1 table 100 priority 5000
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
|
||||
''
|
||||
${ip} rule del fwmark 1/1 table 100
|
||||
${ip} rule del fwmark 1/1 table 100 priority 5000
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network != null)
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "systemd-networkd")
|
||||
{
|
||||
"10-custom" =
|
||||
{
|
||||
matchConfig.Name = "lo";
|
||||
routes = [{ Table = 100; Destination = "0.0.0.0/0"; Type = "local"; }];
|
||||
routingPolicyRules = [{ FirewallMark = "1/1"; Table = 100; }];
|
||||
routingPolicyRules = [{ FirewallMark = "1/1"; Table = 100; Priority = 5000; }];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -6,7 +6,6 @@ inputs:
|
||||
services =
|
||||
{
|
||||
dbus.implementation = "broker";
|
||||
fstrim.enable = true;
|
||||
acpid.enable = true;
|
||||
# TODO: set ipfs as separate service
|
||||
# kubo = { enable = true; autoMount = true; };
|
||||
|
||||
@@ -5,11 +5,12 @@ inputs:
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule { options =
|
||||
(types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
mountPoint = mkOption { type = types.nonEmptyStr; };
|
||||
hard = mkOption { type = types.bool; default = true; };
|
||||
};})
|
||||
neededForBoot = mkOption { type = types.bool; default = submoduleInputs.config.hard; };
|
||||
};}))
|
||||
]);
|
||||
default = {};
|
||||
};
|
||||
@@ -26,7 +27,7 @@ inputs:
|
||||
{
|
||||
device = device.name;
|
||||
fsType = "nfs4";
|
||||
neededForBoot = device.value.hard or true;
|
||||
neededForBoot = device.value.neededForBoot or true;
|
||||
options = builtins.concatLists
|
||||
[
|
||||
[
|
||||
|
||||
@@ -46,7 +46,7 @@ inputs:
|
||||
# resolved does not work in initrd, causing network.target to fail
|
||||
services.resolved.enable = false;
|
||||
systemd.network =
|
||||
let inherit (inputs.config.nixos.system.network) dhcp static bridge; in
|
||||
let inherit (inputs.config.nixos.system.network.settings) dhcp static bridge; in
|
||||
let
|
||||
networks = inputs.lib.unique
|
||||
(
|
||||
|
||||
@@ -30,7 +30,7 @@ inputs:
|
||||
# netowrk for srv1
|
||||
"bnx2x" "tg3"
|
||||
# network for srv2
|
||||
"e1000e" "igb" "atlantic" "igc"
|
||||
"e1000e" "igb" "atlantic" "igc" "tg3"
|
||||
# network for srv3
|
||||
"igb"
|
||||
# touchscreen for one
|
||||
|
||||
@@ -1,45 +1,57 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.system.network = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
options.nixos.system.network = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
# null: use network-manager; otherwise use networkd
|
||||
type = types.nullOr (types.submodule { options =
|
||||
settings = mkOption
|
||||
{
|
||||
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
static = mkOption
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
static = mkOption
|
||||
{
|
||||
ip = mkOption { type = types.nonEmptyStr; };
|
||||
mask = mkOption { type = types.ints.unsigned; };
|
||||
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
bridge = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
ip = mkOption { type = types.nonEmptyStr; };
|
||||
mask = mkOption { type = types.ints.unsigned; };
|
||||
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
bridge = mkOption
|
||||
{
|
||||
interfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
wireless =
|
||||
{
|
||||
# wpa_passphrase SSID(wifi name) PSK(password)
|
||||
networks = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
fourAddr = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
trust = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
masquerade = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = null;
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
interfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
wireless =
|
||||
{
|
||||
# wpa_passphrase SSID(wifi name) PSK(password)
|
||||
networks = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
fourAddr = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
trust = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
masquerade = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
implementation = mkOption
|
||||
{
|
||||
type = types.enum [ "systemd-networkd" "networkmanager" ];
|
||||
default = if inputs.config.nixos.model.type == "desktop" then "networkmanager" else "systemd-networkd";
|
||||
};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system) network; in inputs.lib.mkMerge
|
||||
[
|
||||
# general config
|
||||
{
|
||||
assertions =
|
||||
[{
|
||||
assertion = network.implementation == "networkmanager" -> network.settings == null;
|
||||
message = "only systemd-networkd is supported when network settings is set";
|
||||
}];
|
||||
boot.kernel.sysctl =
|
||||
{
|
||||
"net.core.rmem_max" = 67108864;
|
||||
@@ -65,110 +77,114 @@ inputs:
|
||||
};
|
||||
networking.nftables = { enable = true; flushRuleset = false; };
|
||||
}
|
||||
(inputs.localLib.mkConditional (network == null)
|
||||
(inputs.lib.mkIf (network.implementation == "networkmanager")
|
||||
{
|
||||
networking.networkmanager =
|
||||
{
|
||||
networking.networkmanager =
|
||||
{
|
||||
enable = true;
|
||||
settings.device.keep-configuration = "no";
|
||||
};
|
||||
environment.persistence."/nix/persistent".directories =
|
||||
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
|
||||
}
|
||||
enable = true;
|
||||
settings.device.keep-configuration = "no";
|
||||
};
|
||||
environment.persistence."/nix/persistent".directories =
|
||||
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
|
||||
})
|
||||
(inputs.lib.mkIf (network.implementation == "systemd-networkd")
|
||||
{
|
||||
systemd.network.enable = true;
|
||||
networking.useNetworkd = true;
|
||||
# dnsable dns fallback, use provided dns servers or no dns
|
||||
services.resolved.fallbackDns = [];
|
||||
})
|
||||
(inputs.lib.mkIf (network.implementation == "systemd-networkd" && network.settings != null)
|
||||
{
|
||||
systemd.network =
|
||||
{
|
||||
systemd.network =
|
||||
{
|
||||
enable = true;
|
||||
networks = inputs.lib.mkMerge
|
||||
[
|
||||
(builtins.listToAttrs (builtins.map
|
||||
networks = inputs.lib.mkMerge
|
||||
[
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network;
|
||||
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
})
|
||||
network.settings.dhcp))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
|
||||
routes = inputs.lib.mkIf (network.value.gateway != null)
|
||||
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.settings.static)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
bridgeConfig = {};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.settings.bridge)))
|
||||
(builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(bridge: builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network;
|
||||
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
networkConfig.Bridge = bridge.name;
|
||||
linkConfig.RequiredForOnline = "enslaved";
|
||||
};
|
||||
})
|
||||
network.dhcp))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
|
||||
routes = inputs.lib.mkIf (network.value.gateway != null)
|
||||
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.static)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
bridgeConfig = {};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.bridge)))
|
||||
(builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(bridge: builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network;
|
||||
networkConfig.Bridge = bridge.name;
|
||||
linkConfig.RequiredForOnline = "enslaved";
|
||||
};
|
||||
}) bridge.value.interfaces)
|
||||
(inputs.localLib.attrsToList network.bridge))))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.networkConfig.IPMasquerade = "both"; })
|
||||
network.masquerade))
|
||||
];
|
||||
netdevs = builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.netdevConfig = { Name = network; Kind = "bridge"; }; })
|
||||
(builtins.attrNames network.bridge));
|
||||
};
|
||||
networking =
|
||||
}) bridge.value.interfaces)
|
||||
(inputs.localLib.attrsToList network.settings.bridge))))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.networkConfig.IPMasquerade = "both"; })
|
||||
network.settings.masquerade))
|
||||
];
|
||||
netdevs = builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.netdevConfig = { Name = network; Kind = "bridge"; }; })
|
||||
(builtins.attrNames network.settings.bridge));
|
||||
};
|
||||
networking =
|
||||
{
|
||||
wireless = inputs.lib.mkIf (network.settings.wireless.networks != null)
|
||||
{
|
||||
useNetworkd = true;
|
||||
wireless = inputs.lib.mkIf (network.wireless.networks != null)
|
||||
{
|
||||
enable = true;
|
||||
# wpa_passphrase SSID password
|
||||
networks = builtins.listToAttrs (builtins.map
|
||||
(network: { name = network; value.pskRaw = "ext:${network}"; }) network.wireless.networks);
|
||||
secretsFile = inputs.config.nixos.system.sops.templates."wireless.env".path;
|
||||
};
|
||||
firewall.trustedInterfaces = network.trust;
|
||||
enable = true;
|
||||
# wpa_passphrase SSID password
|
||||
networks = builtins.listToAttrs (builtins.map
|
||||
(network: { name = network; value.pskRaw = "ext:${network}"; }) network.settings.wireless.networks);
|
||||
secretsFile = inputs.config.nixos.system.sops.templates."wireless.env".path;
|
||||
};
|
||||
# dnsable dns fallback, use provided dns servers or no dns
|
||||
services.resolved.fallbackDns = [];
|
||||
nixos.system.sops = inputs.lib.mkIf (network.wireless.networks != null)
|
||||
{
|
||||
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
|
||||
(network: "${network}=${inputs.config.nixos.system.sops.placeholder."wireless/${network}"}")
|
||||
network.wireless.networks);
|
||||
secrets = builtins.listToAttrs (builtins.map
|
||||
(network: inputs.lib.nameValuePair "wireless/${network}" {})
|
||||
network.wireless.networks);
|
||||
};
|
||||
services.udev.extraRules = inputs.lib.mkIf (network.wireless.fourAddr)
|
||||
''
|
||||
ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="wlp*", RUN+="${inputs.pkgs.iw}/bin/iw dev %k set 4addr on"
|
||||
'';
|
||||
firewall.trustedInterfaces = network.settings.trust;
|
||||
};
|
||||
nixos.system.sops = inputs.lib.mkIf (network.settings.wireless.networks != null)
|
||||
{
|
||||
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
|
||||
(network: "${network}=${inputs.config.nixos.system.sops.placeholder."wireless/${network}"}")
|
||||
network.settings.wireless.networks);
|
||||
secrets = builtins.listToAttrs (builtins.map
|
||||
(network: inputs.lib.nameValuePair "wireless/${network}" {})
|
||||
network.settings.wireless.networks);
|
||||
};
|
||||
services.udev.extraRules = inputs.lib.mkIf (network.settings.wireless.fourAddr)
|
||||
''
|
||||
ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="wlp*", RUN+="${inputs.pkgs.iw}/bin/iw dev %k set 4addr on"
|
||||
'';
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
@@ -20,23 +20,5 @@ inputs:
|
||||
inherit inputs;
|
||||
nixpkgs = nixpkgs // { nixRoot = null; nixos = true; inherit (inputs.config.nixos.model) arch; };
|
||||
};
|
||||
boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
|
||||
(
|
||||
let configName =
|
||||
if inputs.config.nixos.system.kernel.variant == "xanmod-unstable" then "structuredExtraConfig"
|
||||
else "extraStructuredConfig";
|
||||
in
|
||||
[{
|
||||
name = "native kernel";
|
||||
patch = null;
|
||||
${configName} =
|
||||
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; znver5 = "MZEN5"; };
|
||||
in
|
||||
{
|
||||
GENERIC_CPU = inputs.lib.kernel.no;
|
||||
${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
|
||||
};
|
||||
}]
|
||||
);
|
||||
};
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@ inputs:
|
||||
xmuhk = { host = "xmuhk"; hostname = "10.26.14.64"; user = "xmuhk"; };
|
||||
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
|
||||
jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:xterm-256color";
|
||||
"wg0.jykang" = jykang;
|
||||
"tinc0.jykang" = jykang;
|
||||
};
|
||||
extraConfig = inputs.lib.mkIf inputs.config.nixos.model.private
|
||||
''
|
||||
@@ -33,7 +33,7 @@ inputs:
|
||||
+ " chn@chn-PC";
|
||||
".ssh/id_ed25519.pub".text =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOH3AvxMlB3omzH6SFQt0Z5+f05x9nMJpFfSLH4OIYV+ chn@pc";
|
||||
".ssh/id_ed25519_sk.pub".source = ./id_ed25519_sk.pub;
|
||||
".ssh/id_ed25519_sk.pub".source = "${inputs.topInputs.self}/modules/user/keys/chn";
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(type:
|
||||
|
||||
@@ -37,6 +37,11 @@ inputs:
|
||||
qmx = 1023;
|
||||
yumieko = 1024;
|
||||
xly = 1025;
|
||||
ccy = 1026;
|
||||
twr = 1027;
|
||||
lsp = 1028;
|
||||
lilydjwg = 1029;
|
||||
stq = 1030;
|
||||
misskey-misskey = 2000;
|
||||
misskey-misskey-old = 2001;
|
||||
frp = 2002;
|
||||
@@ -50,6 +55,7 @@ inputs:
|
||||
synapse-matrix = 2010;
|
||||
hpcstat = 2011;
|
||||
speedtest = 2012;
|
||||
tailscale = 2013;
|
||||
};
|
||||
};
|
||||
gid = mkOption
|
||||
@@ -86,11 +92,7 @@ inputs:
|
||||
# ssh-keygen -t ed25519-sk -O resident
|
||||
# ssh-keygen -K
|
||||
openssh.authorizedKeys.keys =
|
||||
let
|
||||
keys = [ "rsa" "ed25519" "ed25519_sk" ];
|
||||
getKey = user: key: inputs.lib.optional (builtins.pathExists ./${user}/id_${key}.pub)
|
||||
(builtins.readFile ./${user}/id_${key}.pub);
|
||||
in builtins.concatLists (builtins.map (key: getKey userName key) keys);
|
||||
inputs.lib.optionals (builtins.pathExists ./keys/${userName}) [(builtins.readFile ./keys/${userName})];
|
||||
};
|
||||
})
|
||||
user.users);
|
||||
@@ -121,12 +123,7 @@ inputs:
|
||||
users.users.root =
|
||||
{
|
||||
shell = inputs.pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = inputs.lib.mkMerge
|
||||
[
|
||||
[(builtins.readFile ./chn/id_ed25519_sk.pub)]
|
||||
(inputs.lib.mkIf (inputs.config.nixos.model.cluster.clusterName or null == "srv1")
|
||||
[(builtins.readFile ./zgq/id_ed25519.pub)])
|
||||
];
|
||||
openssh.authorizedKeys.keys = [(builtins.readFile ./keys/chn)];
|
||||
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
||||
};
|
||||
home-manager.users.root = homeInputs:
|
||||
|
||||
1
modules/user/keys/ccy
Normal file
1
modules/user/keys/ccy
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWU/OlrP8bJ5k7IqpIwUC1COuVsmrYVreW/ieEdPYdj ccy
|
||||
1
modules/user/keys/lsp
Normal file
1
modules/user/keys/lsp
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4ZwF9Glc/InBz2D/ZTgs+raJBykAD5Lg6empFDO0TG lsp
|
||||
1
modules/user/keys/stq
Normal file
1
modules/user/keys/stq
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXkM8TS8fDot22LTfU2jDVOqK20LmK8Rd7xO05vYns stq
|
||||
1
modules/user/keys/twr
Normal file
1
modules/user/keys/twr
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmidUGM0CNYimWa8PBA0NrXXXvlhl8ERYUoZVi08n4s twr
|
||||
11
modules/user/zgq.nix
Normal file
11
modules/user/zgq.nix
Normal file
@@ -0,0 +1,11 @@
|
||||
inputs:
|
||||
{
|
||||
config = let inherit (inputs.config.nixos) user; in inputs.lib.mkIf (builtins.elem "zgq" user.users)
|
||||
{
|
||||
users.users = inputs.lib.mkIf (inputs.config.nixos.model.cluster.clusterName or null == "srv1")
|
||||
{
|
||||
zgq.extraGroups = [ "wheel" ];
|
||||
root.openssh.authorizedKeys.keys = [(builtins.readFile ./keys/zgq)];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,8 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config = let inherit (inputs.config.nixos) user; in inputs.lib.mkIf (builtins.elem "zgq" user.users)
|
||||
{
|
||||
users.users.zgq.extraGroups = inputs.lib.mkIf (inputs.config.nixos.model.cluster.clusterName or null == "srv1")
|
||||
[ "wheel" ];
|
||||
};
|
||||
}
|
||||
@@ -147,6 +147,11 @@ inputs: rec
|
||||
atomkit = inputs.pkgs.callPackage ./atomkit.nix { src = inputs.topInputs.self.src.atomkit; };
|
||||
xinli = inputs.pkgs.callPackage ./xinli
|
||||
{ inherit biu; stdenv = inputs.pkgs.clang18Stdenv; inherit (inputs.pkgs.pkgs-unstable) httplib; };
|
||||
pybinding = inputs.pkgs.pkgs-2411.python310Packages.callPackage ./pybinding
|
||||
{
|
||||
src = inputs.topInputs.pybinding;
|
||||
buildProxy = inputs.pkgs.lib.mkBuildproxy ./pybinding/proxy.nix;
|
||||
};
|
||||
|
||||
fromYaml = content: builtins.fromJSON (builtins.readFile
|
||||
(inputs.pkgs.runCommand "toJSON" {}
|
||||
|
||||
1
packages/hpcstat/share/keys/06
Normal file
1
packages/hpcstat/share/keys/06
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFL+fpLRUHy6Bop91ACIUjyekWn+ZGCEOzfrqnaEsn+ yj
|
||||
1
packages/hpcstat/share/keys/ccy
Normal file
1
packages/hpcstat/share/keys/ccy
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWU/OlrP8bJ5k7IqpIwUC1COuVsmrYVreW/ieEdPYdj ccy
|
||||
1
packages/hpcstat/share/keys/stq
Normal file
1
packages/hpcstat/share/keys/stq
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXkM8TS8fDot22LTfU2jDVOqK20LmK8Rd7xO05vYns stq
|
||||
@@ -17,12 +17,15 @@ namespace hpcstat
|
||||
{ "4C2HKaBqgAzhPLjH/BuQZOjGx85NEeUA+UkkWkRzl8k", { "yxf", "Xiaofang Ye" } },
|
||||
{ "8jCEhKYtIVn4H69+fotWDFUYWHyiRN1+JCGeiDHaf5E", { "hss", "Shanshan He" } },
|
||||
{ "SUoYlxc2OVSH5YJqptKhl5o1Q2TW+PG+bBvpXfHNITI", { "qmx", "Mingxuan Qiu" } },
|
||||
{ "gtibfPaDxwsV1q6kZbsNsy5TKL5rfLlK3fSM/fVQTAY", { "ccy", "Chaoye Chen" } },
|
||||
{ "XWP5goo/Xj6FxvrG7lKSJ4otEBKUsSOF7V2brwpBcik", { "stq", "Tianqi Sun" } },
|
||||
{ "7bmG24muNsaAZkCy7mQ9Nf2HuNafmvUO+Hf1bId9zts", { "00", "Yaping Wu" } },
|
||||
{ "dtx0QxdgFrXn2SYxtIRz43jIAH6rLgJidSdTvuTuews", { "01", "Jing Li" } },
|
||||
{ "8crUO9u4JiVqw3COyjXfzZe87s6XZFhvi0LaY0Mv6bg", { "02", "Huahan Zhan" } },
|
||||
{ "QkmIYw7rmDEAP+LDWxm6L2/XLnAqTwRUB7B0pxYlOUs", { "03", "Na Gao" } },
|
||||
{ "WfUP4s0BzEspDweDIrOIed4MbW4v9W1spbp0EN6O5dk", { "04", "Duanjun Cai" } },
|
||||
{ "VmVTvYnOOXOFcw+RH2AuUcj7hioieIJhwGOCDCfm0/w", { "05", "Xu Li" } },
|
||||
{ "tEH7GFCWYWw6hlVtWj1Gbr7RoajeL8G6mIdD96HhoNo", { "06", "Jun Yin" } },
|
||||
{ "6NmbGMvtcNlsmN61ZtiV1cg0aOGeM8sCa4rk2brsS4k", { "hpcstat", "hpcstat" } }
|
||||
};
|
||||
}
|
||||
|
||||
@@ -154,8 +154,11 @@ int main()
|
||||
if (context == "epilog_slurmctld" && !output_file.empty())
|
||||
{
|
||||
auto text = "\n--------------------\n{}\n--------------------\n"_f(info);
|
||||
biu::exec<{.SearchPath = true, .Stdin = biu::IoType::String}>
|
||||
({.Program = "tee", .Args = { "-a", output_file }, .Stdin = text}, switch_user(uid, gid));
|
||||
biu::exec<{.Stdin = biu::IoType::String, .Stdout = biu::IoType::Close}>
|
||||
(
|
||||
{.Program = "/run/current-system/sw/bin/tee", .Args = { "-a", output_file }, .Stdin = text},
|
||||
switch_user(uid, gid)
|
||||
);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
12
packages/pybinding/default.nix
Normal file
12
packages/pybinding/default.nix
Normal file
@@ -0,0 +1,12 @@
|
||||
{ src, buildPythonPackage, setuptools, cmake, buildProxy, distutils, numpy, scipy, matplotlib, pytest }:
|
||||
buildPythonPackage
|
||||
{
|
||||
name = "pybinding";
|
||||
inherit src;
|
||||
pyproject = true;
|
||||
build-system = [ setuptools cmake distutils ];
|
||||
dependencies = [ numpy scipy matplotlib pytest ];
|
||||
dontUseCmakeConfigure = true;
|
||||
preBuild = ''source ${buildProxy}'';
|
||||
patches = [ ./fix.patch ];
|
||||
}
|
||||
24
packages/pybinding/fix.patch
Normal file
24
packages/pybinding/fix.patch
Normal file
@@ -0,0 +1,24 @@
|
||||
diff --git a/cppcore/include/numeric/arrayref.hpp b/cppcore/include/numeric/arrayref.hpp
|
||||
index e1ef1ba..722ebdc 100644
|
||||
--- a/cppcore/include/numeric/arrayref.hpp
|
||||
+++ b/cppcore/include/numeric/arrayref.hpp
|
||||
@@ -7,6 +7,7 @@
|
||||
#include <numeric>
|
||||
#include <stdexcept>
|
||||
#include <array>
|
||||
+#include <cstdint>
|
||||
|
||||
namespace cpb { namespace num {
|
||||
|
||||
diff --git a/cppmodule/deps/pybind11/include/pybind11/attr.h b/cppmodule/deps/pybind11/include/pybind11/attr.h
|
||||
index 6962d6fc..f8261bc3 100644
|
||||
--- a/cppmodule/deps/pybind11/include/pybind11/attr.h
|
||||
+++ b/cppmodule/deps/pybind11/include/pybind11/attr.h
|
||||
@@ -11,6 +11,7 @@
|
||||
#pragma once
|
||||
|
||||
#include "cast.h"
|
||||
+#include <cstdint>
|
||||
|
||||
NAMESPACE_BEGIN(PYBIND11_NAMESPACE)
|
||||
|
||||
130
packages/pybinding/proxy.nix
Normal file
130
packages/pybinding/proxy.nix
Normal file
@@ -0,0 +1,130 @@
|
||||
{ fetchurl }:
|
||||
[
|
||||
{
|
||||
url = "https://gitlab.com/libeigen/eigen/-/archive/3.3.3/eigen-3.3.3.tar.gz";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://gitlab.com/libeigen/eigen/-/archive/3.3.3/eigen-3.3.3.tar.gz";
|
||||
hash = "sha256-/XJpQ5C9joFYYgVxfSz4I+cY9YS3eaFV23R9HmhIGi4=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "application/octet-stream";
|
||||
"content-disposition" = "attachment; filename=eigen-3.3.3.tar.gz";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/mapbox/variant/v1.1.4/include/mapbox/variant.hpp";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/mapbox/variant/v1.1.4/include/mapbox/variant.hpp";
|
||||
hash = "sha256-TsAoFQ3nrnXwS8cxg2RLiu6U7CxZGYHmIm7mHemTgSA=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "31575";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/mapbox/variant/v1.1.4/include/mapbox/recursive_wrapper.hpp";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/mapbox/variant/v1.1.4/include/mapbox/recursive_wrapper.hpp";
|
||||
hash = "sha256-Su1xw27Ctf7TM8isDU8SGXiKg9rM9LvxEh8bUiaGnR0=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "2632";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/mapbox/variant/v1.1.4/include/mapbox/variant_visitor.hpp";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/mapbox/variant/v1.1.4/include/mapbox/variant_visitor.hpp";
|
||||
hash = "sha256-JiPsMvUm0V8P/cXxM3BMHrCAk+cU2JGzWAoK5T2e9DI=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "743";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://github.com/p12tic/libsimdpp/archive//v2.0-rc2.tar.gz";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://github.com/p12tic/libsimdpp/archive//v2.0-rc2.tar.gz";
|
||||
hash = "sha256-dLYHn29FfiMm8HGclKiB/XN4Xu71mpKGjGmTWcuXndg=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-disposition" = "attachment; filename=libsimdpp-2.0-rc2.tar.gz";
|
||||
"content-type" = "application/x-gzip";
|
||||
"content-length" = "287439";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/format.h";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/format.h";
|
||||
hash = "sha256-7v0pfyt2c2KDtMhot68W9nt13pN+j2OswuuKeB/ZnBs=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "119800";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/format.cc";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/format.cc";
|
||||
hash = "sha256-cwjmLJljDJ/iQbF5dD6PHnvUSGYfx1Elfq1kebFVzE0=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "28777";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/ostream.h";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/ostream.h";
|
||||
hash = "sha256-is8VgEdM7FovPR6X3MuRGoPfd+Gm7vtHT+3r6rZasII=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "2830";
|
||||
};
|
||||
}
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/ostream.cc";
|
||||
file = fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/fmtlib/fmt/3.0.2/fmt/ostream.cc";
|
||||
hash = "sha256-NKg67BJHmwd5YAIkOqjNEDjvqSspLFHN2+23W5XImSQ=";
|
||||
};
|
||||
status_code = 200;
|
||||
headers =
|
||||
{
|
||||
"content-type" = "text/plain; charset=utf-8";
|
||||
"content-length" = "1073";
|
||||
};
|
||||
}
|
||||
]
|
||||
@@ -104,7 +104,7 @@ namespace sbatch
|
||||
}();
|
||||
auto mem_string = [&]
|
||||
{
|
||||
if (State_.MemorySchemeSelected == 0) return "--mem=24G"s;
|
||||
if (State_.MemorySchemeSelected == 0) return "--mem=32G"s;
|
||||
else if (State_.MemorySchemeSelected == 1) return "--mem=0"s;
|
||||
else if (State_.MemorySchemeSelected == 2) return "--mem={}G"_f(State_.Memory);
|
||||
else std::unreachable();
|
||||
|
||||
@@ -149,7 +149,7 @@ namespace sbatch
|
||||
}();
|
||||
auto mem_string = [&]
|
||||
{
|
||||
if (State_.MemorySchemeSelected == 0) return "--mem=24G"s;
|
||||
if (State_.MemorySchemeSelected == 0) return "--mem=32G"s;
|
||||
else if (State_.MemorySchemeSelected == 1) return "--mem=0"s;
|
||||
else if (State_.MemorySchemeSelected == 2) return "--mem={}G"_f(State_.Memory);
|
||||
else std::unreachable();
|
||||
|
||||
Reference in New Issue
Block a user