chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:container
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:vasp-debug
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

81 Commits
container ... vasp-debug

Author SHA1 Message Date
chn
12dbeb8de4 test 2025-02-26 11:46:14 +08:00
chn
8d9ef4d90a update nvidia 2025-02-26 10:10:03 +08:00
chn
f2f3008c9b update blog 2025-02-25 20:46:08 +08:00
chn
c88e5ea0b6 Revert "packages.sbatch-tui: do not use wrap" 
This reverts commit 789298596b.
 2025-02-25 20:44:28 +08:00
chn
e6cb5e0f42 update blog 2025-02-25 19:46:51 +08:00
chn
789298596b packages.sbatch-tui: do not use wrap 2025-02-25 19:35:35 +08:00
chn
cca4970246 packages.hpcstat: add sqlite3 bin 2025-02-25 19:26:18 +08:00
chn
178363e24a modules.user.chn: disable jykang debug 2025-02-25 19:25:58 +08:00
chn
38f9c86cfd packages.hpcstat: fix export file name 2025-02-25 18:55:02 +08:00
chn
5ec1dafb9e packages.hpcstat: fix subaccount export 2025-02-25 18:46:02 +08:00
chn
b2382557a6 packages.info: write to output 2025-02-25 13:11:20 +08:00
chn
9aa34c9c3c modules.services.slurm: push to hjp 2025-02-25 10:41:41 +08:00
chn
1404c42fbd secrets: move telegram/chat to telegram/user/chn 2025-02-25 10:34:04 +08:00
chn
b06bb55bdd packages.info: push notice 2025-02-25 10:28:23 +08:00
chn
7050a83125 modules.system: plymouth use simpledrm on efi boot 2025-02-23 14:51:40 +08:00
chn
0e7cd83bf0 modules.packages.desktop: add follow 2025-02-23 11:55:39 +08:00
chn
54d57bce46 devices.one: fix touchscreen 2025-02-22 11:44:50 +08:00
chn
461c8669e2 modules.virtualization: mount virtio-win.iso 2025-02-21 17:20:07 +08:00
chn
0f7502cb99 modules.packages.desktop: sandbox wechat 2025-02-21 13:25:54 +08:00
chn
1c5c5b91ba modules.packages.desktop: add obsidian 2025-02-19 19:33:48 +08:00
chn
3041dd1f6b devices.one: enable kvmHost 2025-02-18 08:30:37 +08:00
chn
c7aaa3fa1c devices.srv2.node0: enable ollama 2025-02-18 08:30:34 +08:00
chn
b00bd1f47e modules.services.ollama: update 2025-02-16 19:33:52 +08:00
chn
e92a536da2 modules.services.gitea: 整理 2025-02-15 19:53:18 +08:00
chn
ccc0db6ff7 modules.services.gitea: add LOGIN_REMEMBER_DAYS 2025-02-15 19:46:08 +08:00
chn
d309ebb0db modules.service.gitea: disable registration 2025-02-15 19:41:42 +08:00
chn
26fc0d71d8 modules.system: add plymouth theme 2025-02-15 12:01:47 +08:00
chn
82d27a66e6 devices.pc: switch to xanmod-latest kernel 2025-02-14 10:05:29 +08:00
chn
964bd11731 repackage blog 2025-02-13 17:11:22 +08:00
chn
56bd0d0b33 update blog 2025-02-13 17:08:31 +08:00
chn
b51f983321 modules.services.smartd: disable for vps 2025-02-13 12:51:54 +08:00
chn
b358685ec8 add some hyprland stuff 2025-02-13 12:44:07 +08:00
chn
01feb47942 Revert "devices.nas: enable gui" 
This reverts commit 9ead9eb054.
 2025-02-11 21:26:27 +08:00
chn
440327a265 modules.system.nixpkgs: remove support for steamos 2025-02-11 20:03:17 +08:00
chn
e599543982 modules.system.nixpkgs: 整理 2025-02-11 20:03:17 +08:00
chn
9ead9eb054 devices.nas: enable gui 2025-02-11 18:55:46 +08:00
chn
0c95d54f43 modules.model: type minimal -> vps 2025-02-11 18:55:46 +08:00
chn
c2871a15e9 modules.system.fileSystems.impermanence: fix 2025-02-11 18:55:46 +08:00
chn
c03f80b060 devices.pi3b: drop 2025-02-11 18:55:39 +08:00
chn
bd3e089791 devices.one: use xanmod-latest kernel 2025-02-11 18:25:03 +08:00
chn
90bc6720ed fix libvirt 2025-02-10 23:38:26 +08:00
chn
e52bc40376 整理 2025-02-10 23:38:04 +08:00
chn
777a35e473 modules.user.chn: fix remote-decrypt 2025-02-10 20:34:46 +08:00
chn
f34d8dcd9a modules.services.beesd: add bees to path 2025-02-10 10:55:01 +08:00
chn
6d5f947f4a devices.pc: 整理 2025-02-09 19:34:47 +08:00
chn
e87e7815ad update open-webui 2025-02-09 19:31:47 +08:00
chn
b4fa5cacb0 modules.system.fileSystems.luks.manual: 整理 2025-02-09 16:50:29 +08:00
chn
ead5304b49 modules.services.wireguard: 整理 2025-02-08 19:03:42 +08:00
chn
eeeb74d7cb update misskey 2025-02-08 10:31:56 +08:00
chn
809c8923f6 devices.srv2: add zzn 2025-02-06 10:24:45 +08:00
chn
ed72bd91b9 modules.packages.server: add libfido2 2025-02-05 10:22:17 +08:00
chn
5f7957560e modules.services: 整理 2025-02-04 21:55:54 +08:00
chn
cd65aeab6f fix pytorch 2025-02-04 21:55:11 +08:00
chn
8769ebde59 modules.user.chn.hyprland: add config 2025-02-04 11:01:43 +08:00
chn
a26994c946 modules.services.ollama: simplify 2025-02-04 09:24:55 +08:00
chn
df1b014c4c modules.user.chn.hyprland: enable 2025-02-03 19:42:18 +08:00
chn
f12a9c945f modules.packages.server: add kitty 2025-02-03 18:18:50 +08:00
chn
d6a686dfab packages.info: enhance 2025-02-03 10:33:49 +08:00
chn
8b1c09cdb1 flake: update nixos-wallpaper 2025-02-03 09:19:17 +08:00
chn
8b24eecb58 modules.bugs.iwlwifi: modify 2025-02-03 08:48:41 +08:00
chn
550250fa83 packages.info: finish 2025-02-02 23:32:44 +08:00
chn
f195c05031 packages.info: switch user 2025-02-02 22:01:46 +08:00
chn
4ebd8b0c71 packages.info: print username 2025-02-02 20:54:46 +08:00
chn
91237b73fe modules.system.gui: enable hyprland 2025-02-02 17:04:17 +08:00
chn
796eb0ae50 package.info: finish 2025-01-31 19:25:07 +08:00
chn
73449f929e packages.info: init 2025-01-31 09:16:44 +08:00
chn
78657b1c26 packages.nvhpc.stdenv: fix 2025-01-31 09:00:12 +08:00
chn
db8d3cf4c0 modules.services.sshd: adjust 2025-01-30 23:40:02 +08:00
chn
0588be0981 update misskey 2025-01-29 15:33:55 +08:00
chn
33f52fd862 packages.hpcstat: fix disk stat 2025-01-29 08:36:39 +08:00
chn
f3a77f1717 devices.srv2: remove p5000 2025-01-24 20:44:35 +08:00
chn
54c515e19c modules.bugs: add iwlwifi 2025-01-24 15:51:27 +08:00
chn
8dc402648d modules.packages.desktop: add paperwork 2025-01-23 20:20:50 +08:00
chn
968f0f2b15 modules.services.rsshub: update 2025-01-23 19:01:35 +08:00
chn
62e5fc9c2e modules.services.huginn: update 2025-01-23 18:50:30 +08:00
chn
4722f810a9 modules.services.prometheus: fix 2025-01-23 18:41:25 +08:00
chn
15ac7e993a modules.services.docker: fix 2025-01-23 18:33:52 +08:00
chn
089e2e5b73 modules.services.docker: fix firewall 2025-01-23 18:31:31 +08:00
chn
7ca28cf398 Revert "remove workaround" 
This reverts commit 09b7b587eb.
 2025-01-23 17:23:52 +08:00
chn
efc5f66cf7 modules.services.huginn: fix 2025-01-23 17:18:40 +08:00
chn
5dc25f5cf3 modules.services.grafana: fix 2025-01-22 21:35:15 +08:00
88 changed files with 1433 additions and 852 deletions
Expand all files Collapse all files

6
.sops.yaml
View File

@@ -4,7 +4,6 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
@@ -33,11 +32,6 @@ creation_rules:
- age:
- *chn
- *nas
- path_regex: devices/pi3b/.*$
key_groups:
- age:
- *chn
- *pi3b
- path_regex: devices/one/.*$
key_groups:
- age:

1
devices/cross/default.nix Normal file
View File

@@ -0,0 +1 @@
inputs: { imports = inputs.localLib.findModules ./.; }

22
devices/cross/luks-manual/default.nix Normal file
View File

@@ -0,0 +1,22 @@
inputs:
let devices =
{
nas =
{
"/dev/disk/by-uuid/a47f06e1-dc90-40a4-89ea-7c74226a5449".mapper = "root3";
"/dev/disk/by-uuid/b3408fb5-68de-405b-9587-5e6fbd459ea2".mapper = "root4";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
vps6."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
vps7."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
};
in
{
config =
{
nixos.system.fileSystems.luks.manual =
let inherit (inputs.config.nixos.model) hostname;
in if devices ? ${hostname} then devices.${hostname} else inputs.lib.mkOptionDefault null;
home-manager.users.chn.config.nixos.decrypt = devices;
};
}

0
modules/system/fileSystems/luks/nas.key → devices/cross/luks-manual/nas.key
View File

0
modules/system/fileSystems/luks/vps6.key → devices/cross/luks-manual/vps6.key
View File

0
modules/system/fileSystems/luks/vps7.key → devices/cross/luks-manual/vps7.key
View File

70
devices/cross/wireguard.nix Normal file
View File

@@ -0,0 +1,70 @@
inputs:
let devices =
{
vps6 =
{
peers = [ "pc" "nas" "one" "vps7" "srv2-node0" "srv1-node0" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";
lighthouse = true;
};
vps7 =
{
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
listenIp = "144.126.144.62";
};
pc =
{
peers = [ "vps6" ];
behindNat = true;
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
nas =
{
peers = [ "vps6" ];
behindNat = true;
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
one =
{
peers = [ "vps6" ];
behindNat = true;
publicKey = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
wireguardIp = "192.168.83.5";
};
srv2-node0 =
{
peers = [ "vps6" ];
behindNat = true;
publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
wireguardIp = "192.168.83.7";
};
srv1-node0 =
{
peers = [ "vps6" ];
behindNat = true;
publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
wireguardIp = "192.168.83.9";
};
};
in
{
config.nixos.services.wireguard = inputs.lib.mkIf (devices ? ${inputs.config.nixos.model.hostname})
(
let
buildConfig = cfg:
{
inherit (cfg) publicKey wireguardIp;
lighthouse = inputs.lib.mkIf (cfg ? lighthouse) cfg.lighthouse;
behindNat = inputs.lib.mkIf (cfg ? behindNat) cfg.behindNat;
listenIp = inputs.lib.mkIf (cfg ? listenIp) cfg.listenIp;
};
this = devices.${inputs.config.nixos.model.hostname};
in (buildConfig this) // { peers = builtins.map (peer: buildConfig (devices.${peer})) this.peers; }
);
}

20
devices/nas/default.nix
View File

@@ -24,17 +24,6 @@ inputs:
};
};
};
luks.manual =
{
enable = true;
devices =
{
"/dev/disk/by-uuid/a47f06e1-dc90-40a4-89ea-7c74226a5449".mapper = "root3";
"/dev/disk/by-uuid/b3408fb5-68de-405b-9587-5e6fbd459ea2".mapper = "root4";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
};
@@ -48,19 +37,12 @@ inputs:
{
sshd = {};
xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
smartd.enable = true;
beesd.instances =
{
root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
smartd = {};
};
};
};

12
devices/one/default.nix
View File

@@ -20,23 +20,17 @@ inputs:
rollingRootfs = {};
};
nixpkgs.march = "tigerlake";
kernel.variant = "cachyos";
# recent kernel make touchscreen not work
kernel.variant = "xanmod-lts";
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
xray.client.enable = true;
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
wireguardIp = "192.168.83.5";
};
sshd = {};
};
virtualization.kvmHost = { enable = true; gui = true; };
bugs = [ "xmunet" ];
};
};

54
devices/pc/default.nix
View File

@@ -25,35 +25,29 @@ inputs:
rollingRootfs = {};
};
grub.windowsEntries."08D3-10DE" = "Windows";
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
nix.marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
nixpkgs = { march = "znver4"; cuda.capabilities = [ "8.9" ]; };
kernel =
{
# TODO: switch to cachyos-lts
variant = "cachyos";
variant = "xanmod-latest";
patches = [ "hibernate-progress" ];
modules.modprobeConfig =
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
sysctl.laptop-mode = 5;
};
@@ -110,16 +104,8 @@ inputs:
};
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
gamemode = { enable = true; drmDevice = 0; };
slurm =
{
@@ -140,7 +126,7 @@ inputs:
ananicy = {};
keyd = {};
};
bugs = [ "xmunet" "backlight" "amdpstate" ];
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
packages = { android-studio = {}; mathematica = {}; };
};
boot.loader.grub =

11
devices/pc/secrets/default.yaml
View File

@@ -35,6 +35,11 @@ user:
zzn: ENC[AES256_GCM,data:xBSve41JclBYQULPN7yV/1Eyo3u+CHAewVetKHwjvl6Te0kk/+aLx6gs8EpOJGmVaiSAdt6F2ayHXUD8RXXpJIOnnEHk88kqbw==,iv:XPxMLvlVtaZvpWnau5Jwlj/5ty5Zyw4F44ix5G64Z84=,tag:uJfWb0PCebdMtxXMfueULQ==,type:str]
wechat2tg:
token: ENC[AES256_GCM,data:PrZWR8WiZ7grkpTLqMxwbnkwZttl7n0e1lc1mdHJiFUWq/PqG2wNBC27C58jMg==,iv:02XHhfpN8YPix0REbJDnsBbvCwifbdwBwfuJ2glbvjo=,tag:6aWNqBfwulsjMbl+D6L9vw==,type:str]
telegram:
token: ENC[AES256_GCM,data:fqOn2FiLDWZeTUV3hrLIclHTVE0LBDKUW7BK1bRCe0ni5D+hsbM2NdUPWaT4dQ==,iv:j7zQdnz7x7xqVAA882gyCQdjukOLOEvpJ+h5QdS6IP0=,tag:ypeg5xmiqtQ3n+WoF1mNqQ==,type:str]
user:
chn: ENC[AES256_GCM,data:mmofAUxaBCFW,iv:/+bGUlHeNT5WgTtkzxoTFNCE5G+JJcJa6i9Ccbbrf0E=,tag:ax4wPxgSbh+yWd7Gpkapaw==,type:str]
hjp: ENC[AES256_GCM,data:T/M4wXMHa8Ko4g==,iv:eGzdteZgYRmIQp3qD79+Mhsvo5e9DL1ezkypnnofL6o=,tag:WjTPnEvU4H4tZG3GccpZrw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -59,8 +64,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-14T01:12:53Z"
mac: ENC[AES256_GCM,data:Ak+LR+PkQG1g9wwlfLtDN2Dm8GdGfbb0qA9Spb3X0LkdCSFLBWqW0Jf88gHB0j/4HszYVaCAUFs+OlTvTjOtboOCTM7tH6z3dd0sU+EMHeK9cPz9kmDlF1LFFhD8dyqytEwq8/xN2MlTmbVoYQvVoGsrD8tP0B9NBPaQiLMPcrQ=,iv:9DthG+HGB3lCxb85YpfitNw2PWYwpdqWTo660gTOUew=,tag:yAH6o3LkGfvKF1UOdgWyyQ==,type:str]
lastmodified: "2025-02-25T02:37:11Z"
mac: ENC[AES256_GCM,data:JjbAGoJowO96UKmgrEbnovS5T0jko5kqP4jRvG7NwBbxC2l8HETRI6lFgLep9AJYCWj8BK1kPM2FA53RqrACALMl22hjQcQZLnKCI1fHzv8xg112Sw0aP2rT1AouEbVOVqFSsF+Qa6wxVzfoijoqgxnjkBF3c4Dryget2yXEIfY=,iv:R+C1fRI6Wv+w47wZ7Yp03OYX3UQD1eV7wkL9flsZ5eQ=,tag:JnBaUvqbwfBe9Ygl8FkLdQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.2

42
devices/pi3b/default.nix
View File

@@ -1,42 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
# TODO: reparition
vfat."/dev/disk/by-uuid/ABC6-6B3E" = "/boot";
btrfs."/dev/disk/by-uuid/c459c6c0-23a6-4ef2-945a-0bfafa9a45b6" =
{ "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
networking = {};
nixpkgs.arch = "aarch64";
kernel.variant = "nixos";
};
services =
{
snapper = null;
sshd = {};
xray.client.enable = true;
fail2ban = {};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "X5SwWQk3JDT8BDxd04PYXTJi5E20mZKP6PplQ+GDnhI=";
wireguardIp = "192.168.83.8";
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 32; };
};
};
};
}

33
devices/pi3b/secrets.yaml
View File

@@ -1,33 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:82Xg9VkmkLrKKcZfojA7dHqqMZh45n+eL4T5qZ1z/xy9k0q5,iv:/2j9flBDwjY6JW2mHYo1S2VE+ruu6gxrw8BzSyoiPcc=,tag:iq8wzfIRyq1T18k3vStVGw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:8whySpY/4WPWx2+t7IOgn+qjKCsv+BgRtaAFLrP8L0fV3TJdLob5vwDplHk=,iv:kXTDwOyJNzbjPtlzQqNsXtuk3EXFdF9CAsYkvImbyDE=,tag:tsK9nCMmwEb0c08rJ3Iwyg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TzU0U2Facm5yWkYrREgw
a1Fxc1MxaHYwRWUzUHpsbDBHYVoxb1NKVDAwCjNuUFlabzJ0aWtGMFBQb05nSlRP
akwrWDI0QnZBYkFmSUpWZFFnYmQ2aDQKLS0tIGlIQ3lTREN4WXgxV3pNdjdaakF6
ZnppV1ZRZzZ5Smt2NGsyRndjTFdnV00KaWVPGLWPnqINH6AHKS/84kuYy/v1v4Tb
QdehcMiq5ZF5XLqOX5sMDLu8h96FIklqOSTZNFkzr+s9VYv/UO58rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTEZERkRSZUdSN2dySnlI
aDFjdXFCWnlJZlpYQmR1WEE2RzdCaVp1WFEwCjd1N1ZpMUExZ0ZBWmFwSHg3RUs4
RkRYTjRMWmE5cTA4Z2JJUGgyN05HSmMKLS0tIFpKZmd2Q2k2bnNYK1V2ZnNQNUxH
aDU3Vm95ZkpvSTJDMjJEOFY1ZjhrQlUKLdMYiOj6tlzwLpwZsTQVSQ8hHart0ba3
NS7+SprzJRb0hQXrvyU6s9zho8dPOw8wiGbscmMXSVS/Kar3eQigmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-28T13:31:33Z"
mac: ENC[AES256_GCM,data:fuppF9gFh3O6ZqJRTcVxNqVlz2y5f4xR39JIeInKblh4hNhrdnQg7oh8repoZeXHVRewGeGyxSqzUg+Twy8J+q+d6TSmiDVViD/SHse5rPns2Egt671geF7JmGEB/yKSCbECjGCp0QFgYYEg/vUOaV3v1a0s7LLTE/t2haPIaYc=,iv:f4T7JGxKB3WmEtETuSH7ApKRJ8ptPwZPfspyqc8+vmM=,tag:GF5br+e/p6qHsNCTjfIBCA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
devices/srv1/default.nix
View File

@@ -23,7 +23,6 @@ inputs:
services =
{
sshd.passwordAuthentication = true;
smartd.enable = true;
slurm =
{
enable = true;

7
devices/srv1/node0/default.nix
View File

@@ -18,13 +18,6 @@ inputs:
{
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
wireguardIp = "192.168.83.9";
};
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
samba =
{

11
devices/srv1/node0/secrets/default.yaml
View File

@@ -25,6 +25,11 @@ users:
GROUPIII-2: ENC[AES256_GCM,data:ifWnLx1YEewdviqHK8fdesM3c1m1T4g6twnz1cGv1yc4jit68pQWLrRMivdsM4tUcyU9GKwCaElVlvh+dgyy8EZQPKCbvJX6GA==,iv:T5FWReeZ0QOkGJiNfrVrUBhAhbXxlFQJKqQV2tzw9AQ=,tag:XClXGZDWGuoGxzPW7ne2Pg==,type:str]
#ENC[AES256_GCM,data:t8QUVYG4v7fE,iv:N8hDAV7wulPHcfnYTXuZRhb9dQPZqKpfMKK1+ITaZTA=,tag:eKMJDOmqoWWQbv/mm3LaAw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:VlAA+g7SRZyhPSl0Gd1KS7dCwNgRA/o+d8anN88A7E8bSE1ckeTSp+J4YrbbUlLasLhliOZ/nDC0rti+hckGCrjMwweMorSIWg==,iv:7u1yNrN7uxHCF1MsJ2qt1jyQ0ZYYCYKUHwRff50P9oI=,tag:3raCWjdButfmcdy8mH25Jw==,type:str]
telegram:
token: ENC[AES256_GCM,data:OVbdcyczH4O7TUsTL0fX3fhx9mL+8QQF3b9SIShmH/gwcJ1jy9WtWtx9wHRvFA==,iv:SX/fLPMkqmslHcRlqQQhqwodC0FHhWrpp6GR2eSF/vQ=,tag:0odoc4CpoI6yA08OWxmYRw==,type:str]
user:
chn: ENC[AES256_GCM,data:3XT6iMfK3+Oi,iv:eqDWPQ0uOj/htImZmLyeYgcjLH4/8E5Yx46XJFp4KUc=,tag:7nVlWPnoLRAH0JrNJ2MGFA==,type:str]
hjp: ENC[AES256_GCM,data:JWw/yuOu4flIEg==,iv:i5xr1j9XHjY2UNoBMrpH7YiNb6Oeea7yJAZp+LIYQjQ=,tag:r5Jj2kRPZYpX21xpsVyClg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -49,8 +54,8 @@ sops:
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:23Z"
mac: ENC[AES256_GCM,data:n7MVBKCUW4xpIiVO4ysBqlG89LjzpDBx9GJWQTrSenLWV/YrIGUxA6QDlRg7yhqV9ldF9Q7hDve1KHw7OxKRx5ot5OZiD3Bq3TwJfS2DarJ2vi9oc1J+CXXach8gp3m4C4RkPJ/y1i3jB2nRfSw5Z/TtdPMbvGXlHh+hhriAqxM=,iv:tyBcXMZzgeUOgYJtU1XkptPOlNoFwH+4z6xTD89aKOw=,tag:apXU989ZL+D8WhWKFTdXTg==,type:str]
lastmodified: "2025-02-25T02:37:29Z"
mac: ENC[AES256_GCM,data:TAfa+s7zakHPggKZmnk6/WdffNi/uS872bv6rO9G+oMh6RsTW0YnqtgswjBsqaZkimYJyYaFmf0UfiuMbCXEmPMjRTBagYJ8i3yG4cmPpskZYtDQj/Xh/XkVulb/2v9WTG8IQ8g1FMrH1J6PkK2meqEG11h+3dI66FtmUD47beY=,iv:bfSElvPF53iotTZaQVflArNJ2FMV8ogySyQtr0Yy0FA=,tag:adL3coofeQGlIY+BUpxtMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.2

34
devices/srv2/default.nix
View File

@@ -18,28 +18,22 @@ inputs:
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs.cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
nixpkgs.cuda.capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
};
hardware.gpu = { type = "nvidia"; nvidia.open = false; };
services =
{
sshd = { passwordAuthentication = true; groupBanner = true; };
smartd.enable = true;
slurm =
{
enable = true;
@@ -58,7 +52,7 @@ inputs:
name = "n1"; address = "192.168.178.2";
cpu = { cores = 16; threads = 2; };
memoryMB = 80 * 1024;
gpus = { "p5000" = 1; "3090" = 1; "4090" = 1; };
gpus = { "3090" = 1; "4090" = 1; };
};
};
partitions =
@@ -75,12 +69,12 @@ inputs:
{ name = "n0"; mpiThreads = 8; openmpThreads = 5; }
{ name = "n1"; mpiThreads = 3; openmpThreads = 4; }
];
gpuIds = [ "4090" "3090" "p5000" ];
gpuIds = [ "4090" "3090" ];
gpuPartition = "all";
};
};
};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" ];
};
};
}

8
devices/srv2/node0/default.nix
View File

@@ -19,17 +19,11 @@ inputs:
{
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno2" ]; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; loadAverage = 8; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
wireguardIp = "192.168.83.7";
};
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
hpcstat = {};
ollama = {};
};
};
# allow other machine access network by this machine

8
devices/srv2/node0/secrets/default.yaml
View File

@@ -27,7 +27,9 @@ hpcstat:
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
telegram:
token: ENC[AES256_GCM,data:dCDqQhNiuIGJAdbun2uwCBV1smrpvKvwi5AGOs+QWK0ANNVBoSHuUNPeNH2Ivg==,iv:Vcp/OPW8IRPHlqumPxYAfVLtZbdG3rB8VeXM34xBYSk=,tag:vKMihlMdwrPY0XKErtgwIA==,type:str]
chat: ENC[AES256_GCM,data:zw2me9Jc7XKl,iv:b699uod4AtF37Ih/9qdQUZN/uhdN+UUeR0ojKogpuTI=,tag:BsDWzbk8175SX6b9ajsPlw==,type:str]
user:
chn: ENC[AES256_GCM,data:NoWnuxCZGkQx,iv:9eSyerth1oOTWJFdOeB1zL2QrXoPv+X2LTUDQZuxdkg=,tag:Ep66od22bQffeL41ff5a2w==,type:str]
hjp: ENC[AES256_GCM,data:+a6dMGEnrX5Dug==,iv:2l8TbmBNOB7nRfh9UoQi0S6CMRIYFeab6P3+8V8pwW0=,tag:AK4Rtu3N0o7Rqy0sjNe0EQ==,type:str]
wireless:
#ENC[AES256_GCM,data:xrg3Wxj/ghbWgg==,iv:6stu7voI5no2Y3YmnMrvTS8hev3eqjoWAyD5zTgyehc=,tag:cxkS7y7S1oM+/SJmlT10fw==,type:comment]
457的5G: ENC[AES256_GCM,data:QjHlyGU4JIYymyh41T+c33T3EOpbqDOoD3U+v6/BzjlWLLeZQXU2hwPCVh4fi2bwn7yNkp4ygAYmFPVPZWoT1A==,iv:Tc6Guzsn5hkjWH6UWSb1KlfWCBXIi2OWdn/wttmCXnQ=,tag:FhyH6JmjSTuqSeFy+GyQhg==,type:str]
@@ -55,8 +57,8 @@ sops:
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-11T11:25:26Z"
mac: ENC[AES256_GCM,data:RFoPSvTM1+sxQNxHVWYw/PYOmIYFiYg81/ICZMsDtQdwRYUzCAoOmJFeWAKNRWRJgRW9cNYvaowcjuLGXGcCoWlepJ9T48G16Id7sL99Y5BHeul9UHsZTF5dWGvL7JoKbJr4lVJBU/oGNtNJib7qe9TO2ts5JYU511acJUBMKx0=,iv:ZZKLZ3wXRR6pi9zZuuizYXm5EvJY90zD9V7Eymz9XOU=,tag:edIQTpwNjGxm1zPQ9pvhuw==,type:str]
lastmodified: "2025-02-25T02:36:44Z"
mac: ENC[AES256_GCM,data:VF48FNkamR6RPowHxQxlgRNQZqCGbHvO5d1mk3Tj0WW99wMFIo4wrH4i000lGlUGXWhuPlYcxHtDzP6/984fBKYvHg1Q0a/x1cXB812lvWNhDQZwpIG8lvr2AQyKYYYFMcpgxk8GZFRd4eY7evlVIfW2gqyUZflRbZzTmKCa2f4=,iv:ndLQpwtO6rPNuQdBU/MSTtVderU9H14jTJs0vClQl4A=,tag:h4lQ8JYVBoxhO9S+ncpVxQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

15
devices/vps6/default.nix
View File

@@ -16,12 +16,6 @@ inputs:
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
@@ -66,15 +60,6 @@ inputs:
httpua = {};
mirism.enable = true;
fail2ban = {};
wireguard =
{
enable = true;
peers = [ "pc" "nas" "one" "vps7" "srv2-node0" "pi3b" "srv1-node0" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";
lighthouse = true;
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
};
};

9
devices/vps6/secrets.yaml
View File

@@ -66,7 +66,8 @@ wireguard:
privateKey: ENC[AES256_GCM,data:4DKPPqQkjb33rQzFIz863A2arDRQA9AivWFBaWTf0xXDX4hWvJFiIlJQfvE=,iv:0R2TH3CMxHgwVjojzjE2Gnp8SXonmBDLWF7hB33NiX0=,tag:vgtV8JkuCdspleN/SvgIqQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:LskBPmXZk3hRZ2bChXZjmRzzGd2A2GKrUZMknCDXTpTzOdP/RDibRvgI75HLWg==,iv:9lJKuGLD5HuQinWvvAvwWFAvEJofUGkJsxKNpqZrGmI=,tag:pTmTOlsYIY6Uqd69AtrnBA==,type:str]
chat: ENC[AES256_GCM,data:0ehCIvd7sBFc,iv:OwdiIoPrt/e1YgsCrYcqqMYhsJuEtKW2pSKNVxahMV4=,tag:ig2CfQxwzv2ppIutU6371w==,type:str]
user:
chn: ENC[AES256_GCM,data:5kjoZ4G/NYRG,iv:jGMjDxKUJACTbC2SraMzKsXpC3QSIePJZSsjZ+8JG+c=,tag:dD8SPgIM/+VcmAd3fcZw8g==,type:str]
sops:
kms: []
gcp_kms: []
@@ -91,8 +92,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-14T12:02:33Z"
mac: ENC[AES256_GCM,data:2iQLMkj/qg+TQodFXqCaSOhj1G2NGGr1ZEDewDm/6H2zteppgEw4vRls5GPUrxTQnC22NHKqih7REWa0Xv7L4eALkxrVYqWkPVcxvlt1RauW8XrW1JJhhLj+E/52AKqOxGd1CviuyyQS2M2cZzk1t3gNDpSZ8YdmhjYPUHk2SCA=,iv:imFhB5A4LZYhE3NqIbQazMqBzEtdv/c6r7DcY9yJqKE=,tag:eRTl/1vbmI3YsLLEyFyIAg==,type:str]
lastmodified: "2025-02-25T02:32:20Z"
mac: ENC[AES256_GCM,data:mP+N/m77jBS1mQ4CsdRNZ38Z2da8BK00OqU+7q7LHxBpBzw+T9wQRQJ1esEq4cfTK8QLujJNZaFTixFHvo5a/mi0peymvdh4w+m5m9ph2UyKqcaRe+qt6MUuavkJYv86jBUxohnDAhPHmkXQOcgOGF1p7d47K08zUXqzOx4SETI=,iv:U5g1lMN5yzusKUPAfi+pZj7TAxnw8HEorMStDwnfnaU=,tag:nE4J/N4cjs0wyO+S6sY4Pw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.2

18
devices/vps7/default.nix
View File

@@ -16,12 +16,6 @@ inputs:
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
@@ -34,7 +28,7 @@ inputs:
services =
{
sshd = {};
rsshub.enable = true;
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
@@ -48,20 +42,12 @@ inputs:
nextcloud = {};
freshrss.enable = true;
send = {};
huginn.enable = true;
huginn = {};
fz-new-order = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana = {};
fail2ban = {};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
listenIp = "144.126.144.62";
};
xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
docker = {};
peertube = {};

8
devices/vps7/secrets.yaml
View File

@@ -32,6 +32,7 @@ rsshub:
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:DgpvRB7IuRe1KuPFqhCbtyFrC02AUlaA9UWS+d8ix0nweItXwZrkqC03lXQY7nJr54H3SfKXNhtUp4nJmV2hqNQOqekrXVsKrG++UmcAr5Ciw1lTmilqM220igJ9YwiHxtsZrWgp4sTPlTTQIFu5xrGnvlSntBjXAjzStTk1R4XRmLV427QuKbNNQ5MjPXS1PYrtN0d4/qXLx74pNd9ZsNd9F4V0E75Zt6vKE8F7aA==,iv:5Lu/HD8Iw655pg84eFs2eEQS68QqA99uMBHlgelZvrI=,tag:Pnd7VWIAgNt+1vo+vyWDpQ==,type:str]
mail:
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
synapse:
@@ -90,7 +91,8 @@ wireguard:
privateKey: ENC[AES256_GCM,data:TS+toaJRgAvC78XVwTciXe2IG8++vaqXVCi/u/8Aej6qq1B9Cb6f20cp5K0=,iv:T/NkLvcYiWzIDG3jWtuhe/sH2GT4z5f0xdUGbSL901I=,tag:qN7YokFBj3Kbbx4ijHTRnw==,type:str]
telegram:
token: ENC[AES256_GCM,data:Mr6KrAzYoDXA+dPT3oXqK2wm9ahTjZ5GVE/iRPsmcM+S2MABT+8ramyHz9oIFw==,iv:nIZ8rpSxz2GwMbDQFfG3xauMQjiriZ1oxFMrEQeH7sQ=,tag:y5U1T1vV/mmdE/CeaeTR8g==,type:str]
chat: ENC[AES256_GCM,data:8w/0EI64a1dC,iv:dHu9JHcUY7QPd9YBKXnrRXQB2K6jpnLrSFs+1IJmkio=,tag:3ucN3uNnBxxRF+cbLsa1nQ==,type:str]
user:
chn: ENC[AES256_GCM,data:75gj6MtpqZzq,iv:HekPpI2oJtD2UnbmQnTMXV0UwFzxdBKO5b2LpIcFSw4=,tag:bRFAeDk/YFivDAoNc5vwdA==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:aAZS,iv:Z+iJG7yC6HJeNdKCCpsZSc9Ny7kAt6GYfXUtZozMb4A=,tag:iMfwjqqmLvu5a8YpF7a0zQ==,type:comment]
@@ -129,8 +131,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-19T03:03:26Z"
mac: ENC[AES256_GCM,data:Y2V6OGImOqv25o+VMCtdYbD/VWXdyQLq2K0EjKk2hbalKPAK0qnU4NOEDl9Em+39Jxo6LYlDUyXHLNOWo77QGjgztR2pp+xaZmd9g2zRxMXZLiv3khLUX6tIEpI1b1EdgQ2id2D21YxU+89D9Jwxlp6Dd5bcHa4GxPplstha2jw=,iv:deYb0CZ6kaK8epuRQ/jW8flGYlrIHhCfJbF7E6Iw19A=,tag:ZAf4yRhyxoK/SYS0ApRivg==,type:str]
lastmodified: "2025-02-25T02:32:05Z"
mac: ENC[AES256_GCM,data:MnL2eu1sUS6RnWKJhi0Z3A/x4Qaw8Fgov1PdpkBMHuJVBvmcnT1w8AbsxbOZZMd2bp20NWIzosKXBNuoAJzQx+Mtigtw2mnAzs9zcLhHu6e7OvCDVQ3o9FUEz43V59VzLCDpyj2zvzFanPa9h/Aw6WTs2Qu16xaUB1FVFRzxYfg=,iv:FYNyF2KEWDbCDMTI5XCSeGOE4KSIFjX5VUqT20JMxCs=,tag:NcYVt8jtfAljJhs8m8gYFw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

70
flake.lock generated
View File

@@ -25,11 +25,11 @@
"blog": {
"flake": false,
"locked": {
"lastModified": 1736917794,
"narHash": "sha256-hPeMx01jxV9YrRil5pdd9byr4bLF/2VgveJwO9v2cgI=",
"lastModified": 1740487529,
"narHash": "sha256-DuEKkIU1LwT6iA9SZtXgAaL1Hx73bk2f4hLxKxTJV+0=",
"ref": "refs/heads/public",
"rev": "f75e004d65761a888bba816d6af860586039ef29",
"revCount": 13,
"rev": "af59d95111b08f5d566d44ffb84a4dd32cf7fd79",
"revCount": 19,
"type": "git",
"url": "https://git.chn.moe/chn/blog-public.git"
},
@@ -655,6 +655,22 @@
"type": "github"
}
},
"mac-style": {
"flake": false,
"locked": {
"lastModified": 1717900224,
"narHash": "sha256-tYB4fJ87UnYczaW8/w32cBzbwCw1+IDHp8BnHSyqNNg=",
"owner": "SergioRibera",
"repo": "s4rchiso-plymouth-theme",
"rev": "856bf3b7d239f995e4e9dde8458b9823cf0e96e4",
"type": "github"
},
"original": {
"owner": "SergioRibera",
"repo": "s4rchiso-plymouth-theme",
"type": "github"
}
},
"matplotplusplus": {
"flake": false,
"locked": {
@@ -674,11 +690,11 @@
"misskey": {
"flake": false,
"locked": {
"lastModified": 1737165545,
"narHash": "sha256-aQ6MuY3eqx7V7Hk+i1L7aQN1n9pZ8PMareqWUXsEp98=",
"lastModified": 1738981864,
"narHash": "sha256-7tl+1vlk5FAWd9z5VIVxF90KvuhxAeJEn1tLuKNTNdk=",
"ref": "refs/heads/chn-mod",
"rev": "e457a9d67945f27c44c470fba36980f32d11ef46",
"revCount": 26439,
"rev": "c557842f90fa618fa72f6cca6e719cfbbdaf1f10",
"revCount": 26500,
"submodules": true,
"type": "git",
"url": "https://github.com/CHN-beta/misskey"
@@ -858,11 +874,11 @@
"nixos-wallpaper": {
"flake": false,
"locked": {
"lastModified": 1715952274,
"narHash": "sha256-i2L4L9mV/wOl6QV+d8pyLZUHS+QIFJN5lYuQrP+CSjk=",
"lastModified": 1738512779,
"narHash": "sha256-481mZgrJ4OgXLh1Jz2I5+P+x55nd/4qMfHaBCYEpa0E=",
"ref": "refs/heads/main",
"rev": "1ad78b20b21c9f4f7ba5f4c897f74276763317eb",
"revCount": 1,
"rev": "293d281e645c464e986b4dca78e03b1f8c53ca0a",
"revCount": 2,
"type": "git",
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
},
@@ -873,11 +889,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1736304997,
"narHash": "sha256-P7sYpFZfVbr0FrT1ID+58HvCzRZObzGLa8QhyW2DGwA=",
"lastModified": 1740535747,
"narHash": "sha256-7GtX5FHZE2k+2jVK6wMNvDTkYUksXJaLsUZ3U89IA0g=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "24e16d8b21f698cbe372be67b645a1919bfd0d20",
"rev": "022a396dc97e656a7680e24a0fa0953ef98aa8bc",
"type": "github"
},
"original": {
@@ -963,6 +979,22 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1739698908,
"narHash": "sha256-7LBhwsoOLw6WPsjIQ86n9BXuQTnXlW7PjoIM5n9JwbU=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "12fbbac87857a29aac1f5f0a97f86d5bca1b43ef",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nu-scripts": {
"flake": false,
"locked": {
@@ -1239,6 +1271,7 @@
"impermanence": "impermanence",
"lepton": "lepton",
"lmod": "lmod",
"mac-style": "mac-style",
"matplotplusplus": "matplotplusplus",
"misskey": "misskey",
"mumax": "mumax",
@@ -1251,6 +1284,7 @@
"nixpkgs": "nixpkgs",
"nixpkgs-23.05": "nixpkgs-23.05",
"nixpkgs-23.11": "nixpkgs-23.11",
"nixpkgs-unstable": "nixpkgs-unstable",
"nu-scripts": "nu-scripts",
"nur-linyinfeng": "nur-linyinfeng",
"nur-xddxdd": "nur-xddxdd",
@@ -1279,11 +1313,11 @@
"rsshub": {
"flake": false,
"locked": {
"lastModified": 1734135595,
"narHash": "sha256-D0mAiHuAFLMBZvBzspbqAlqXXdhYG45fhrYVkCdmA48=",
"lastModified": 1737621586,
"narHash": "sha256-3rlojj//tAVCdPz9NkkgsSQqxe9478ExOL1LyH4spPM=",
"owner": "DIYgod",
"repo": "RSSHub",
"rev": "3a8d34ee3f8cc38907296e74e923754297e249d4",
"rev": "62a61e5e7945d539bf89175c96bac2b4ab148bba",
"type": "github"
},
"original": {

2
flake.nix
View File

@@ -6,6 +6,7 @@
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.11";
"nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
"nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -71,6 +72,7 @@
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
octodns-cloudflare = { url = "github:octodns/octodns-cloudflare"; flake = false; };
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in

7
flake/dev.nix
View File

@@ -48,4 +48,11 @@
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
info = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.info ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
}

6
flake/nixos.nix
View File

@@ -1,6 +1,6 @@
{ inputs, localLib }:
let
machine = [ "nas" "pc" "pi3b" "vps6" "vps7" "one" ];
machine = [ "nas" "pc" "vps6" "vps7" "one" ];
cluster = { srv1 = 4; srv2 = 2; };
in builtins.listToAttrs
(
@@ -10,13 +10,14 @@ in builtins.listToAttrs
name = system;
value = inputs.nixpkgs.lib.nixosSystem
{
system = let arch.pi3b = "aarch64-linux"; in arch.${system} or "x86_64-linux";
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
{ config = { nixpkgs.overlays = [ inputs.self.overlays.default ]; nixos.model.hostname = system; }; }
../modules
../devices/${system}
../devices/cross
];
};
})
@@ -44,6 +45,7 @@ in builtins.listToAttrs
../modules
../devices/${cluster.name}
../devices/${cluster.name}/${node}
../devices/cross
];
};
})

2
flake/packages.nix
View File

@@ -24,7 +24,7 @@
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
};
chn-bsub = pkgs.pkgsStatic.localPackages.chn-bsub;
blog = pkgs.callPackage inputs.blog { inherit (inputs) hextra; };
blog = pkgs.localPackages.blog;
vaspberry = pkgs.pkgsStatic.localPackages.vaspberry.override
{
gfortran = pkgs.pkgsStatic.gfortran;

13
flake/src.nix
View File

@@ -36,4 +36,17 @@
sha256 = "18gsw2850ig1mg4spp39i0ygfcwx0lqnamysn5whiax22m8d5z67";
};
};
huginn = pkgs.dockerTools.pullImage
{
imageName = "ghcr.io/huginn/huginn";
imageDigest = "sha256:fdaa76b95534f3c3a799d527821681dd61b8b6fc24de0a7e109fc665b627f115";
sha256 = "062c18360asnzl610n11vd46621cvkj26ay21l82f16r12k4qzwy";
finalImageName = "huginn/huginn";
finalImageTag = "latest";
};
misskey =
{
"https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.6/aiscript-dev-aiscript-languageserver-0.1.6.tgz" = "0092d5r67bhf4xkvrdn4a2rm1drjzy7b5sw8mi7hp4pqvpc20ylr";
"https://github.com/misskey-dev/tabler-icons/archive/refs/tags/3.29.0-mi.1913+5921534bc.tar.gz" = "1snwwcgxwlp9jwlq6pj4q0mypzp0c7b28m49mcwvr6dzq9vlpy2s";
};
}

60
modules/bugs/default.nix
View File

@@ -1,28 +1,38 @@
inputs:
let
inherit (inputs.localLib) stripeTabs;
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf mkOption types;
bugs =
let bugs =
{
# suspend & hibernate do not use platform
suspend-hibernate-no-platform.systemd.sleep.extraConfig =
''
SuspendState=freeze
HibernateMode=shutdown
'';
# xmunet use old encryption
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
iwlwifi =
{
nixos.system.kernel.modules.modprobeConfig =
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
systemd.services = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in
{
# suspend & hibernate do not use platform
suspend-hibernate-no-platform.systemd.sleep.extraConfig =
''
SuspendState=freeze
HibernateMode=shutdown
'';
# xmunet use old encryption
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
load-iwlwifi = rec
{ wantedBy = [ "hibernate.target" ]; before = wantedBy; script = "${modprobe} iwlwifi iwlmvm"; };
unload-iwlwifi = rec
{ wantedBy = [ "hibernate.target" ]; after = wantedBy; script = "${modprobe} -r iwlwifi iwlmvm"; };
};
in
{
options.nixos.bugs = mkOption
{
type = types.listOf (types.enum (attrNames bugs));
default = [];
};
config = mkMerge (map (bug: mkIf (builtins.elem bug inputs.config.nixos.bugs) bugs.${bug}) (attrNames bugs));
}
};
};
in
{
options.nixos.bugs = inputs.lib.mkOption
{
type = inputs.lib.types.listOf (inputs.lib.types.enum (builtins.attrNames bugs));
default = [];
};
config = inputs.lib.mkMerge (builtins.map
(bug: inputs.lib.mkIf (builtins.elem bug inputs.config.nixos.bugs) bugs.${bug})
(builtins.attrNames bugs));
}

84
modules/default.nix
View File

@@ -1,46 +1,40 @@
inputs:
let
inherit (inputs) topInputs;
inherit (inputs.localLib) mkModules;
in
{
imports = mkModules
[
topInputs.home-manager.nixosModules.home-manager
topInputs.sops-nix.nixosModules.sops
topInputs.nix-index-database.nixosModules.nix-index
topInputs.nur-xddxdd.nixosModules.setupOverlay
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
topInputs.chaotic.nixosModules.default
{ config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
topInputs.catppuccin.nixosModules.catppuccin
topInputs.aagl.nixosModules.default
(inputs:
inputs: let inherit (inputs) topInputs; in
{
imports = inputs.localLib.mkModules
[
topInputs.home-manager.nixosModules.home-manager
topInputs.sops-nix.nixosModules.sops
topInputs.nix-index-database.nixosModules.nix-index
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
topInputs.chaotic.nixosModules.default
{ config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
topInputs.catppuccin.nixosModules.catppuccin
topInputs.aagl.nixosModules.default
(inputs:
{
config =
{
config =
{
nixpkgs.overlays =
[
topInputs.qchem.overlays.default
topInputs.bscpkgs.overlays.default
topInputs.aagl.overlays.default
(final: prev:
{
nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
nur-xddxdd = topInputs.nur-xddxdd.overlays.default final prev;
nur-linyinfeng = (topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
firefox-addons = (import "${topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
inherit (import topInputs.gricad { pkgs = final; }) intel-oneapi intel-oneapi-2022;
})
];
home-manager.sharedModules =
[
topInputs.plasma-manager.homeManagerModules.plasma-manager
topInputs.catppuccin.homeManagerModules.catppuccin
];
};
})
./hardware ./packages ./system ./virtualization ./services ./bugs ./user ./model.nix
];
}
nixpkgs.overlays =
[
topInputs.qchem.overlays.default
topInputs.bscpkgs.overlays.default
topInputs.aagl.overlays.default
topInputs.nur-xddxdd.overlays.inSubTree
(final: prev:
{
nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions.${prev.system};
nur-linyinfeng = (topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
firefox-addons = (import "${topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
inherit (import topInputs.gricad { pkgs = final; }) intel-oneapi intel-oneapi-2022;
})
];
home-manager.sharedModules =
[
topInputs.plasma-manager.homeManagerModules.plasma-manager
topInputs.catppuccin.homeManagerModules.catppuccin
];
};
})
] ++ (inputs.localLib.findModules ./.);
}

2
modules/hardware/default.nix
View File

@@ -24,7 +24,7 @@ inputs:
printing =
{
enable = true;
drivers = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.arch == "x86_64") [ inputs.pkgs.cnijfilter2 ];
drivers = [ inputs.pkgs.cnijfilter2 ];
# TODO: remove in next update
browsed.enable = false;
};

2
modules/model.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.model = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
type = mkOption { type = types.enum [ "vps" "desktop" "server" ]; default = "vps"; };
private = mkOption { type = types.bool; default = false; };
cluster = mkOption
{

8
modules/packages/desktop/default.nix
View File

@@ -52,20 +52,20 @@ inputs:
# download
qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
# editor
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq obsidian
# news
fluent-reader rssguard newsflash newsboat
fluent-reader rssguard newsflash newsboat follow
# nix tools
nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
nix-template nil pnpm-lock-export bundix
# instant messager
element-desktop telegram-desktop discord zoom-us slack nur-linyinfeng.wemeet nheko
fluffychat signal-desktop qq nur-xddxdd.wechat-uos cinny-desktop
fluffychat signal-desktop qq nur-xddxdd.wechat-uos-sandboxed cinny-desktop
# browser
google-chrome tor-browser microsoft-edge
# office
crow-translate zotero pandoc libreoffice-qt texliveFull poppler_utils pdftk pdfchain davinci-resolve
ydict texstudio panoply pspp
ydict texstudio panoply pspp paperwork
# matplot++ needs old gnuplot
inputs.pkgs."pkgs-23.11".gnuplot
# math, physics and chemistry

2
modules/packages/lammps.nix
View File

@@ -8,7 +8,7 @@ inputs:
config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
{
nixos.packages.packages._packages =
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null;
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null;
in
if cuda then [((inputs.pkgs.lammps.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
.overrideAttrs (prev:

2
modules/packages/mumax.nix
View File

@@ -5,7 +5,7 @@ inputs:
type = types.nullOr (types.submodule {});
default =
if (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
&& (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
&& (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null)
then {}
else null;
};

11
modules/packages/server.nix
View File

@@ -10,7 +10,7 @@ inputs:
[
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq zellij ipfetch localPackages.pslist
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils kitty
# lsxx
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc acpica-tools
# top
@@ -22,13 +22,13 @@ inputs:
# file manager
tree eza trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz upx unzip zip lzip p7zip
pigz upx unzip zip lzip p7zip rar
# file system management
sshfs e2fsprogs duperemove compsize exfatprogs
# disk management
smartmontools hdparm megacli gptfdisk
smartmontools hdparm gptfdisk megacli
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool libfido2
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
# nix tools
@@ -41,8 +41,7 @@ inputs:
# office
pdfgrep ffmpeg-full # todo-txt-cli
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2

2
modules/packages/vasp.nix
View File

@@ -14,7 +14,7 @@ inputs:
(
[ localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90 ]
++ (inputs.lib.optional
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null)
localPackages.vasp.nvidia)
);
_pythonPackages = [(_: [ localPackages.py4vasp ])];

1
modules/services/beesd.nix
View File

@@ -55,5 +55,6 @@ inputs:
IOWeight = 1;
Nice = 19;
};
nixos.packages.packages._packages = [ inputs.pkgs.bees ];
};
}

28
modules/services/default.nix
View File

@@ -3,18 +3,20 @@ inputs:
imports = inputs.localLib.findModules ./.;
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
smartd.enable = mkOption { type = types.bool; default = false; };
noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.model.type == "desktop"; };
smartd = mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
noisetorch = mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos) services;
inherit (builtins) map listToAttrs toString;
in mkMerge
[
(mkIf services.smartd.enable { services.smartd.enable = true; })
(mkIf services.noisetorch.enable { programs.noisetorch.enable = true; })
];
config = let inherit (inputs.config.nixos.services) smartd noisetorch; in inputs.lib.mkMerge
[
(inputs.lib.mkIf (smartd != null) { services.smartd.enable = true; })
(inputs.lib.mkIf (noisetorch != null) { programs.noisetorch.enable = true; })
];
}

54
modules/services/docker.nix
View File

@@ -2,39 +2,29 @@ inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkMerge
[
(
inputs.lib.mkIf (docker != null)
{
virtualisation.docker =
{
enable = true;
rootless =
{
enable = true;
setSocketVariable = true;
daemon.settings =
{
features.buildkit = true;
# dns 127.0.0.1 make docker not work
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
};
};
};
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf inputs.config.nixos.system.nixpkgs.cuda.enable true;
}
)
# some docker settings should be set unconditionally, as some services depend on them
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkIf (docker != null)
{
virtualisation.docker =
{
virtualisation.docker =
enable = true;
# prevent create btrfs subvol
storageDriver = "overlay2";
daemon.settings.dns = [ "1.1.1.1" ];
rootless =
{
# prevent create btrfs subvol
storageDriver = "overlay2";
daemon.settings.dns = [ "1.1.1.1" ];
enable = true;
setSocketVariable = true;
daemon.settings =
{
features.buildkit = true;
# dns 127.0.0.1 make docker not work
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
};
};
}
];
};
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;
networking.firewall.trustedInterfaces = [ "docker0" ];
};
}

23
modules/services/gitea.nix
View File

@@ -43,7 +43,8 @@ inputs:
SMTP_PORT = 465;
USER = "bot@chn.moe";
};
service.REGISTER_MANUAL_CONFIRM = true;
service.DISABLE_REGISTRATION = true;
security.LOGIN_REMEMBER_DAYS = 365;
};
};
nixos.services =
@@ -51,22 +52,16 @@ inputs:
nginx =
{
enable = true;
https."${gitea.hostname}".location =
https.${gitea.hostname}.location =
{
"/".proxy.upstream = "http://127.0.0.1:3002";
"/robots.txt".static.root =
let
robotsFile = inputs.pkgs.fetchurl
{
url = "https://gitea.com/robots.txt";
sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
};
robotsDir = inputs.pkgs.runCommand "robots.txt" {}
''
mkdir -p $out
cp ${robotsFile} $out/robots.txt
'';
in "${robotsDir}";
let robotsFile = inputs.pkgs.fetchurl
{
url = "https://gitea.com/robots.txt";
sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
};
in "${inputs.pkgs.runCommand "robots.txt" {} "mkdir -p $out; cp ${robotsFile} $out/robots.txt"}";
};
};
postgresql.instances.gitea = {};

3
modules/services/grafana.nix
View File

@@ -75,6 +75,7 @@ inputs:
static_configs =
[{ targets = [ "127.0.0.1:${toString inputs.config.services.prometheus.exporters.node.port}" ]; }];
}];
extraFlags = [ "--storage.tsdb.max-block-chunk-segment-size=16MB" ];
};
};
nixos.services =
@@ -82,7 +83,7 @@ inputs:
nginx =
{
enable = true;
https."${grafana.hostname}".location."/".proxy =
https.${grafana.hostname}.location."/".proxy =
{ upstream = "http://127.0.0.1:3001"; websocket = true; };
};
postgresql.instances.grafana = {};

4
modules/services/hpcstat.nix
View File

@@ -16,7 +16,7 @@ inputs:
curl = "${inputs.pkgs.curl}/bin/curl";
cat = "${inputs.pkgs.coreutils}/bin/cat";
token = inputs.config.sops.secrets."telegram/token".path;
chat = inputs.config.sops.secrets."telegram/chat".path;
chat = inputs.config.sops.secrets."telegram/user/chn".path;
date = "${inputs.pkgs.coreutils}/bin/date";
hpcstat = "${inputs.pkgs.localPackages.hpcstat}/bin/hpcstat";
ssh = "${inputs.pkgs.openssh}/bin/ssh -i ${key} -o StrictHostKeyChecking=no"
@@ -108,7 +108,7 @@ inputs:
sops.secrets =
{
"telegram/token" = { group = "telegram"; mode = "0440"; };
"telegram/chat" = { group = "telegram"; mode = "0440"; };
"telegram/user/chn" = { group = "telegram"; mode = "0440"; };
"hpcstat/key" = { owner = "hpcstat"; group = "hpcstat"; };
};
users =

4
modules/services/httpapi.nix
View File

@@ -36,10 +36,10 @@ inputs:
let
placeholder = inputs.config.sops.placeholder;
request = "https://api.telegram.org/bot${placeholder."telegram/token"}"
+ "/sendMessage?chat_id=${placeholder."telegram/chat"}&text=";
+ "/sendMessage?chat_id=${placeholder."telegram/user/chn"}&text=";
in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
};
secrets = { "telegram/token" = {}; "telegram/chat" = {}; };
secrets = { "telegram/token" = {}; "telegram/user/chn" = {}; };
};
systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
};

103
modules/services/huginn.nix
View File

@@ -1,65 +1,58 @@
inputs:
{
options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "huginn.chn.moe"; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) huginn;
in mkIf huginn.enable
type = types.nullOr (types.submodule { options =
{
virtualisation.oci-containers.containers.huginn =
hostname = mkOption { type = types.str; default = "huginn.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) huginn; in inputs.lib.mkIf (huginn != null)
{
virtualisation.oci-containers.containers.huginn =
{
image = "huginn/huginn:5a1509b51188e0d16868be893c983d6fcfd232a5";
imageFile = inputs.topInputs.self.src.huginn;
ports = [ "127.0.0.1:3000:3000/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."huginn/env".path ];
};
sops =
{
templates."huginn/env".content = let placeholder = inputs.config.sops.placeholder; in
''
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
HUGINN_DATABASE_NAME=huginn
HUGINN_DATABASE_USERNAME=huginn
HUGINN_DATABASE_PASSWORD=${placeholder."mariadb/huginn"}
DOMAIN=${huginn.hostname}
RAILS_ENV=production
FORCE_SSL=true
INVITATION_CODE=${placeholder."huginn/invitationCode"}
SMTP_DOMAIN=mail.chn.moe
SMTP_USER_NAME=bot@chn.moe
SMTP_PASSWORD="${placeholder."mail/bot"}"
SMTP_SERVER=mail.chn.moe
SMTP_SSL=true
EMAIL_FROM_ADDRESS=bot@chn.moe
TIMEZONE=Beijing
DO_NOT_CREATE_DATABASE=true
'';
secrets = { "huginn/invitationCode" = {}; "mail/bot" = {}; };
};
nixos =
{
services =
{
image = "huginn/huginn:5a1509b51188e0d16868be893c983d6fcfd232a5";
imageFile = inputs.pkgs.dockerTools.pullImage
nginx =
{
imageName = "ghcr.io/huginn/huginn";
imageDigest = "sha256:6f7a5b41457b94490210221a8bd3aae32d4ebfc2652f97c14919aa8036d7294e";
sha256 = "1ha6c6bwdpdl98cwwxw5fan0j77ylgaziidqhnyh6anpzq35f540";
finalImageName = "huginn/huginn";
finalImageTag = "5a1509b51188e0d16868be893c983d6fcfd232a5";
};
ports = [ "127.0.0.1:3000:3000/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."huginn/env".path ];
};
sops =
{
templates."huginn/env".content = let placeholder = inputs.config.sops.placeholder; in
''
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
HUGINN_DATABASE_NAME=huginn
HUGINN_DATABASE_USERNAME=huginn
HUGINN_DATABASE_PASSWORD=${placeholder."mariadb/huginn"}
DOMAIN=${huginn.hostname}
RAILS_ENV=production
FORCE_SSL=true
INVITATION_CODE=${placeholder."huginn/invitationCode"}
SMTP_DOMAIN=mail.chn.moe
SMTP_USER_NAME=bot@chn.moe
SMTP_PASSWORD="${placeholder."mail/bot"}"
SMTP_SERVER=mail.chn.moe
SMTP_SSL=true
EMAIL_FROM_ADDRESS=bot@chn.moe
TIMEZONE=Beijing
DO_NOT_CREATE_DATABASE=true
'';
secrets = { "huginn/invitationCode" = {}; "mail/bot" = {}; };
};
nixos =
{
services =
{
nginx =
{
enable = true;
https."${huginn.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
};
mariadb.instances.huginn = {};
enable = true;
https.${huginn.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
};
mariadb.instances.huginn = {};
docker = {};
};
};
};
}

2
modules/services/nginx/applications/blog.nix
View File

@@ -8,6 +8,6 @@ inputs:
config = let inherit (inputs.config.nixos.services.nginx.applications) blog; in inputs.lib.mkIf (blog != null)
{
nixos.services.nginx.https."blog.chn.moe".location."/".static =
{ root = builtins.toString inputs.topInputs.self.packages.x86_64-linux.blog; index = [ "index.html" ]; };
{ root = "${inputs.pkgs.localPackages.blog}"; index = [ "index.html" ]; };
};
}

6
modules/services/ollama.nix
View File

@@ -6,10 +6,8 @@ inputs:
{
services =
{
ollama.enable = true;
open-webui =
{ enable = true; package = inputs.pkgs.genericPackages.open-webui; environment.WEBUI_AUTH = "False"; };
nextjs-ollama-llm-ui.enable = true;
ollama = { enable = true; package = inputs.pkgs.pkgs-unstable.ollama; };
open-webui = { enable = true; environment.WEBUI_AUTH = "False"; package = inputs.pkgs.pkgs-unstable.open-webui; };
};
nixos.packages.packages._packages = [ inputs.pkgs.oterm ];
};

135
modules/services/rsshub.nix
View File

@@ -1,82 +1,73 @@
inputs:
{
options.nixos.services.rsshub = let inherit (inputs.lib) mkOption types; in
options.nixos.services.rsshub = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 5221; };
hostname = mkOption { type = types.nonEmptyStr; default = "rsshub.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) rsshub;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs toString;
in mkIf rsshub.enable
type = types.nullOr (types.submodule { options =
{
systemd =
hostname = mkOption { type = types.nonEmptyStr; default = "rsshub.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) rsshub; in inputs.lib.mkIf (rsshub != null)
{
systemd =
{
services.rsshub =
{
services.rsshub =
description = "rsshub";
after = [ "network.target" "redis-rsshub.service" ];
requires = [ "redis-rsshub.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
description = "rsshub";
after = [ "network.target" "redis-rsshub.service" ];
requires = [ "redis-rsshub.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
User = inputs.config.users.users.rsshub.name;
Group = inputs.config.users.users.rsshub.group;
EnvironmentFile = inputs.config.sops.templates."rsshub/env".path;
WorkingDirectory = "${inputs.pkgs.localPackages.rsshub}";
ExecStart = "${inputs.pkgs.localPackages.rsshub}/bin/rsshub";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
restartTriggers = [ inputs.config.sops.templates."rsshub/env".content ];
};
tmpfiles.rules = [ "d /var/cache/rsshub 0700 rsshub rsshub" ];
};
sops =
{
templates."rsshub/env".content =
let
placeholder = inputs.config.sops.placeholder;
redis = inputs.config.nixos.services.redis.instances.rsshub;
in
''
PORT=${toString rsshub.port}
CACHE_TYPE=redis
REDIS_URL='redis://:${placeholder."redis/rsshub"}@127.0.0.1:${toString redis.port}'
PIXIV_REFRESHTOKEN='${placeholder."rsshub/pixiv-refreshtoken"}'
YOUTUBE_KEY='${placeholder."rsshub/youtube-key"}'
YOUTUBE_CLIENT_ID='${placeholder."rsshub/youtube-client-id"}'
YOUTUBE_CLIENT_SECRET='${placeholder."rsshub/youtube-client-secret"}'
YOUTUBE_REFRESH_TOKEN='${placeholder."rsshub/youtube-refresh-token"}'
TWITTER_AUTH_TOKEN='${placeholder."rsshub/twitter-auth-token"}'
XDG_CONFIG_HOME='/var/cache/rsshub/chromium'
XDG_CACHE_HOME='/var/cache/rsshub/chromium'
BILIBILI_COOKIE_data0='${placeholder."rsshub/bilibili-cookie"}'
'';
secrets = (listToAttrs (map (secret: { name = "rsshub/${secret}"; value = {}; })
[
"pixiv-refreshtoken"
"youtube-key" "youtube-client-id" "youtube-client-secret" "youtube-refresh-token"
"twitter-auth-token"
"bilibili-cookie"
]));
};
users =
{
users.rsshub = { uid = inputs.config.nixos.user.uid.rsshub; group = "rsshub"; isSystemUser = true; };
groups.rsshub.gid = inputs.config.nixos.user.gid.rsshub;
};
nixos.services =
{
redis.instances.rsshub.port = 7116;
nginx =
{
enable = true;
https.${rsshub.hostname}.location."/".proxy.upstream = "http://127.0.0.1:${toString rsshub.port}";
User = "rsshub";
Group = "rsshub";
EnvironmentFile = inputs.config.sops.templates."rsshub/env".path;
WorkingDirectory = "${inputs.pkgs.localPackages.rsshub}";
ExecStart = "${inputs.pkgs.localPackages.rsshub}/bin/rsshub";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
restartTriggers = [ inputs.config.sops.templates."rsshub/env".content ];
};
tmpfiles.rules = [ "d /var/cache/rsshub 0700 rsshub rsshub" ];
};
sops =
{
templates."rsshub/env".content = let placeholder = inputs.config.sops.placeholder; in
''
PORT=5221
CACHE_TYPE=redis
REDIS_URL='redis://:${placeholder."redis/rsshub"}@127.0.0.1:7116'
PIXIV_REFRESHTOKEN='${placeholder."rsshub/pixiv-refreshtoken"}'
YOUTUBE_KEY='${placeholder."rsshub/youtube-key"}'
YOUTUBE_CLIENT_ID='${placeholder."rsshub/youtube-client-id"}'
YOUTUBE_CLIENT_SECRET='${placeholder."rsshub/youtube-client-secret"}'
YOUTUBE_REFRESH_TOKEN='${placeholder."rsshub/youtube-refresh-token"}'
TWITTER_AUTH_TOKEN='${placeholder."rsshub/twitter-auth-token"}'
ZHIHU_COOKIES='${placeholder."rsshub/zhihu-cookies"}'
XDG_CONFIG_HOME='/var/cache/rsshub/chromium'
XDG_CACHE_HOME='/var/cache/rsshub/chromium'
BILIBILI_COOKIE_data0='${placeholder."rsshub/bilibili-cookie"}'
'';
secrets = (builtins.listToAttrs (builtins.map (secret: { name = "rsshub/${secret}"; value = {}; })
[
"pixiv-refreshtoken"
"youtube-key" "youtube-client-id" "youtube-client-secret" "youtube-refresh-token"
"twitter-auth-token"
"bilibili-cookie"
"zhihu-cookies"
]));
};
users =
{
users.rsshub = { uid = inputs.config.nixos.user.uid.rsshub; group = "rsshub"; isSystemUser = true; };
groups.rsshub.gid = inputs.config.nixos.user.gid.rsshub;
};
nixos.services =
{
redis.instances.rsshub.port = 7116;
nginx = { enable = true; https.${rsshub.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5221"; };
};
};
}

2
modules/services/send.nix
View File

@@ -29,7 +29,7 @@ inputs:
nginx =
{
enable = true;
https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; };
https.${send.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; };
};
redis.instances.send = { user = "root"; port = 9184; };
};

56
modules/services/slurm.nix
View File

@@ -51,8 +51,8 @@ inputs:
let
inherit (inputs.config.nixos.system.nixpkgs) cuda;
inherit (inputs.pkgs.cudaPackages) cuda_nvml_dev;
additionalInputs = inputs.lib.optionals cuda.enable [ cuda_nvml_dev cuda_nvml_dev.lib ];
additionalFlags = inputs.lib.optional cuda.enable "-L${cuda_nvml_dev.lib}/lib/stubs";
additionalInputs = inputs.lib.optionals (cuda != null) [ cuda_nvml_dev cuda_nvml_dev.lib ];
additionalFlags = inputs.lib.optional (cuda != null) "-L${cuda_nvml_dev.lib}/lib/stubs";
in
{
buildInputs = prev.buildInputs or [] ++ additionalInputs;
@@ -201,22 +201,56 @@ inputs:
StorageLoc=slurm
'';
};
extraConfig =
''
PrologSlurmctld=${inputs.config.security.wrapperDir}/slurm-info
EpilogSlurmctld=${inputs.config.security.wrapperDir}/slurm-info
'';
};
systemd =
{
services.slurmctld.after = [ "suid-sgid-wrappers.service" ];
tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
};
sops =
{
secrets = { "slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; }; }
// builtins.listToAttrs (builtins.map (n: { name = "telegram/${n}"; value = {}; })
[ "token" "user/chn" "user/hjp" ]);
templates."info.yaml" =
{
owner = "slurm";
content = let inherit (inputs.config.sops) placeholder; in builtins.toJSON
{
token = placeholder."telegram/token";
user = builtins.listToAttrs (builtins.map (n: { name = n; value = placeholder."telegram/user/${n}"; })
[ "chn" "hjp" ]);
slurmConf = "${inputs.config.services.slurm.etcSlurm}/slurm.conf";
};
};
};
security.wrappers.info =
{
source =
let info = inputs.pkgs.localPackages.info.override
{
slurm = inputs.config.services.slurm.package;
configFile = inputs.config.sops.templates."info.yaml".path;
};
in "${info}/bin/info";
program = "slurm-info";
owner = "slurm";
group = "slurm";
permissions = "544";
capabilities = "cap_setuid,cap_setgid+ep";
};
systemd.tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
sops.secrets."slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; };
nixos =
{
packages.packages._packages = [ inputs.pkgs.localPackages.sbatch-tui ];
user.sharedModules = [{ home.packages =
[
(inputs.pkgs.writeShellScriptBin "sbatch"
''
if [ "$#" -eq 0 ]; then
sbatch-tui
else
/run/current-system/sw/bin/sbatch "$@"
fi
'')
''if [ "$#" -eq 0 ]; then sbatch-tui; else /run/current-system/sw/bin/sbatch "$@"; fi'')
];}];
services.mariadb = { enable = true; instances.slurm = {}; };
};

12
modules/services/sshd/banner.txt
View File

@@ -1,10 +1,10 @@
░▒▓█▓▒░ ░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░ ░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░

1
modules/services/wechat2tg.nix
View File

@@ -44,5 +44,6 @@ inputs:
'';
secrets."wechat2tg/token" = {};
};
nixos.services.docker = {};
};
}

125
modules/services/wireguard.nix
View File

@@ -1,91 +1,58 @@
inputs:
{
options.nixos.services.wireguard = let inherit (inputs.lib) mkOption types; in
options.nixos.services.wireguard = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
# wg genkey | wg pubkey
publicKey = mkOption { type = types.nonEmptyStr; };
lighthouse = mkOption { type = types.bool; default = false; };
behindNat = mkOption
{
type = types.bool;
default = inputs.config.nixos.services.xray.client.enable;
};
listenIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
# if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820
listenPort = mkOption
{
type = types.ints.unsigned;
default = if inputs.config.nixos.services.wireguard.behindNat then 51821 else 51820;
};
wireguardIp = mkOption { type = types.nonEmptyStr; };
peers = mkOption { type = types.nonEmptyListOf types.nonEmptyStr; default = []; };
type = types.nullOr (types.submodule (submoduleInputs: { options =
let generalOption =
{
publicKey = mkOption { type = types.nonEmptyStr; };
lighthouse = mkOption { type = types.bool; default = false; };
behindNat = mkOption { type = types.bool; default = false; };
listenIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
wireguardIp = mkOption { type = types.nonEmptyStr; };
};
in generalOption
// { peers = mkOption { type = types.nonEmptyListOf (types.submodule { options = generalOption; }); }; };
}));
default = null;
};
config =
let
inherit (inputs.lib) mkIf mkMerge;
inherit (inputs.config.nixos.services) wireguard;
inherit (builtins) map toString listToAttrs filter;
in mkIf wireguard.enable (mkMerge
config = let inherit (inputs.config.nixos.services) wireguard; in inputs.lib.mkIf (wireguard != null)
{
assertions =
[
{
assertions =
[{
assertion = !wireguard.behindNat -> wireguard.listenIp != null;
message = "wireguard.listenIp should be not null when behindNat is false.";
}];
assertion = !wireguard.behindNat -> wireguard.listenIp != null;
message = "wireguard.listenIp should not be null when behindNat is false.";
}
{
networking =
{
firewall =
{
allowedUDPPorts = inputs.lib.mkIf (!wireguard.behindNat) [ wireguard.listenPort ];
trustedInterfaces = [ "wireguard" ];
};
wireguard.interfaces.wireguard =
{
ips = [ "${wireguard.wireguardIp}/24" ];
inherit (wireguard) listenPort;
privateKeyFile = inputs.config.sops.secrets."wireguard/privateKey".path;
peers = map
(peer:
{
publicKey = peer.publicKey;
allowedIPs = [ (if peer.lighthouse then "192.168.83.0/24" else "${peer.wireguardIp}/32") ];
endpoint = mkIf (!peer.behindNat) "${peer.listenIp}:${builtins.toString peer.listenPort}";
persistentKeepalive = mkIf peer.lighthouse 5;
})
(map
(peer: inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard)
wireguard.peers);
};
};
sops.secrets."wireguard/privateKey" = {};
# somehow fix wireguard connection
systemd.services = mkIf wireguard.behindNat (listToAttrs (map
assertion = inputs.config.nixos.services.xray.client.enable -> wireguard.behindNat;
message = "Wireguard is behind NAT when xray client is enabled.";
}
];
networking =
{
firewall =
{
allowedUDPPorts = inputs.lib.mkIf (!wireguard.behindNat) [ 51820 ];
trustedInterfaces = [ "wireguard" ];
};
wireguard.interfaces.wireguard =
{
ips = [ "${wireguard.wireguardIp}/24" ];
# if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820
listenPort = inputs.localLib.mkConditional wireguard.behindNat 51821 51820;
privateKeyFile = inputs.config.sops.secrets."wireguard/privateKey".path;
peers = builtins.map
(peer:
{
name = "wireguard-ping-${peer.name}";
value =
{
description = "ping ${peer.name}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
ExecStart = "${inputs.pkgs.iputils}/bin/ping -i 5 ${peer.value.wireguardIp}";
Restart = "always";
};
};
inherit (peer) publicKey;
allowedIPs = [ (if peer.lighthouse then "192.168.83.0/24" else "${peer.wireguardIp}/32") ];
endpoint = inputs.lib.mkIf (!peer.behindNat) "${peer.listenIp}:51820";
persistentKeepalive = inputs.lib.mkIf peer.lighthouse 5;
})
(filter (peer: !peer.value.behindNat) (map
(peer:
{
name = peer;
value = inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard;
})
wireguard.peers))));
}
]);
wireguard.peers;
};
};
sops.secrets."wireguard/privateKey" = {};
};
}

8
modules/services/xray.nix
View File

@@ -458,7 +458,7 @@ inputs:
(map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList)
// (builtins.listToAttrs (map
(name: { name = "telegram/${name}"; value = { group = "telegram"; mode = "0440"; }; })
[ "token" "chat" ]))
[ "token" "user/chn" ]))
// { "xray-server/private-key" = {}; };
};
systemd =
@@ -490,7 +490,7 @@ inputs:
sed = "${inputs.pkgs.gnused}/bin/sed";
cat = "${inputs.pkgs.coreutils}/bin/cat";
token = inputs.config.sops.secrets."telegram/token".path;
chat = inputs.config.sops.secrets."telegram/chat".path;
chat = inputs.config.sops.secrets."telegram/user/chn".path;
in
''
message='${inputs.config.nixos.model.hostname} xray:\n'
@@ -539,8 +539,8 @@ inputs:
nginx =
{
enable = true;
transparentProxy.map."${xray.server.serverName}" = 4726;
https."${xray.server.serverName}" =
transparentProxy.map.${xray.server.serverName} = 4726;
https.${xray.server.serverName} =
{
listen.main = { proxyProtocol = false; addToTransparentProxy = false; };
location."/".return.return = "400";

9
modules/system/default.nix
View File

@@ -16,6 +16,15 @@ inputs:
{
supportedFilesystems = [ "ntfs" "nfs" "nfsv4" ];
# consoleLogLevel = 7;
plymouth =
{
enable = true;
theme = "mac-style";
themePackages = [(inputs.pkgs.callPackage inputs.topInputs.mac-style {})];
};
kernelParams = inputs.lib.mkIf
(builtins.elem inputs.config.nixos.system.grub.installDevice [ "efi" "efiRemovable" ])
[ "plymouth.use-simpledrm" ];
};
hardware = { enableAllFirmware = true; bluetooth.enable = true; sensor.iio.enable = true; };
environment =

2
modules/system/fileSystems/impermanence.nix
View File

@@ -55,7 +55,7 @@ inputs:
inputs.config.nixos.user.users);
}
# 对于桌面用途的 chn有一些需要 persist 的目录
(inputs.lib.mkIf (inputs.config.nixos.model.type == "desktop" && builtins.elem "chn" inputs.config.nixos.user.users)
(inputs.lib.mkIf (inputs.config.nixos.model.type == "desktop")
{
"/nix/persistent".users.chn.directories =
[

21
modules/system/fileSystems/luks/default.nix → modules/system/fileSystems/luks.nix
View File

@@ -12,19 +12,14 @@ inputs:
};});
default = {};
};
manual =
manual = mkOption
{
enable = mkOption { type = types.bool; default = false; };
devices = mkOption
type = types.nullOr (types.attrsOf (types.submodule { options =
{
type = types.attrsOf (types.submodule { options =
{
mapper = mkOption { type = types.nonEmptyStr; };
ssd = mkOption { type = types.bool; default = false; };
};});
default = {};
};
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
mapper = mkOption { type = types.nonEmptyStr; };
ssd = mkOption { type = types.bool; default = false; };
};}));
default = null;
};
};
config = let inherit (inputs.config.nixos.system.fileSystems) luks; in inputs.lib.mkMerge
@@ -56,7 +51,7 @@ inputs:
})
(builtins.filter (device: device.value.before != null) (inputs.localLib.attrsToList luks.auto)));
};})
(inputs.lib.mkIf luks.manual.enable
(inputs.lib.mkIf (luks.manual != null)
{
boot.initrd =
{
@@ -71,7 +66,7 @@ inputs:
serviceConfig.Type = "oneshot";
script = builtins.concatStringsSep "\n" (builtins.map
(device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done")
(inputs.localLib.attrsToList luks.manual.devices));
(inputs.localLib.attrsToList luks.manual));
};
extraBin.cryptsetup = "${inputs.pkgs.cryptsetup}/bin/cryptsetup";
};

BIN
modules/system/fileSystems/luks/vps4.key
View File

Binary file not shown.

2
modules/system/grub.nix
View File

@@ -30,7 +30,7 @@ inputs:
{
boot.loader.grub =
{
memtest86.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.arch == "x86_64") true;
memtest86.enable = true;
extraFiles = inputs.lib.mkIf (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
{ "shell.efi" = "${inputs.pkgs.genericPackages.edk2-uefi-shell}/shell.efi"; };
extraEntries = inputs.lib.mkMerge (builtins.concatLists

13
modules/system/gui.nix
View File

@@ -20,6 +20,7 @@ inputs:
sessionVariables.GTK_USE_PORTAL = "1";
persistence."/nix/rootfs/current".directories =
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }];
systemPackages = with inputs.pkgs; [ waybar ];
};
xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
i18n.inputMethod =
@@ -29,7 +30,17 @@ inputs:
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
};
programs.dconf.enable = true;
programs =
{
dconf.enable = true;
hyprland = { enable = true; withUWSM = true; };
# waybar should not be pull in by graphical-session.target
waybar.enable = false;
iio-hyprland.enable = true;
hyprlock.enable = true;
uwsm.enable = true;
};
})
# prefer gui or not
(inputs.localLib.mkConditional (builtins.elem inputs.config.nixos.model.type [ "desktop" ])

9
modules/system/kernel/default.nix
View File

@@ -35,9 +35,7 @@ inputs:
# network for srv2
"e1000e" "igb" "atlantic" "igc"
]
++ (inputs.lib.optionals (kernel.variant != "nixos") [ "crypto_simd" ])
# for pi3b to show message over hdmi while boot
++ (inputs.lib.optionals (kernel.variant == "nixos") [ "vc4" "bcm2835_dma" "i2c_bcm2835" ]);
++ (inputs.lib.optionals (kernel.variant != "nixos") [ "crypto_simd" ]);
extraModulePackages = with inputs.config.boot.kernelPackages; [ v4l2loopback zenpower ];
extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
kernelParams = [ "delayacct" ];
@@ -49,7 +47,6 @@ inputs:
cachyos = inputs.pkgs.linuxPackages_cachyos;
cachyos-lto = inputs.pkgs.linuxPackages_cachyos-lto;
cachyos-server = inputs.pkgs.linuxPackages_cachyos-server;
rpi3 = inputs.pkgs.linuxPackages_rpi3;
zen = inputs.pkgs.linuxPackages_zen;
}.${kernel.variant};
kernelPatches =
@@ -87,10 +84,6 @@ inputs:
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
}
(
inputs.lib.mkIf (kernel.variant == "rpi3")
{ boot.initrd = { systemd.enableTpm2 = false; includeDefaultModules = false; }; }
)
# enable scx when using cachyos
(
inputs.lib.mkIf (builtins.elem kernel.variant [ "cachyos" "cachyos-lto" "cachyos-server" ])

114
modules/system/nixpkgs.nix
View File

@@ -1,114 +0,0 @@
inputs:
{
options.nixos.system.nixpkgs = let inherit (inputs.lib) mkOption types; in
{
arch = mkOption { type = types.enum [ "x86_64" "aarch64" ]; default = "x86_64"; };
march = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
cuda =
{
enable = mkOption { type = types.bool; default = false; };
capabilities = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
forwardCompat = mkOption { type = types.nullOr types.bool; default = null; };
};
};
config =
let
inherit (builtins) map listToAttrs filter tryEval attrNames concatStringsSep toString;
inherit (inputs.lib) mkIf mkMerge;
inherit (inputs.lib.strings) hasPrefix splitString;
inherit (inputs.localLib) mkConditional attrsToList;
inherit (inputs.config.nixos.system) nixpkgs;
in
{
nixpkgs =
let
hostPlatform = if nixpkgs.march != null
then { system = "${nixpkgs.arch}-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
else "${nixpkgs.arch}-linux";
cudaConfig = inputs.lib.optionalAttrs nixpkgs.cuda.enable
(
{ cudaSupport = true; }
// (inputs.lib.optionalAttrs (nixpkgs.cuda.capabilities != null)
{ cudaCapabilities = nixpkgs.cuda.capabilities; })
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
);
allowInsecurePredicate = p: inputs.lib.warn
"Allowing insecure package ${p.name or "${p.pname}-${p.version}"}" true;
in
{
inherit hostPlatform;
config = cudaConfig //
{
inherit allowInsecurePredicate;
allowUnfree = true;
qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda.enable; };
android_sdk.accept_license = true;
}
// (if nixpkgs.march == null then {} else
{
# TODO: change znver4 after update oneapi
# TODO: test znver3 do use AVX
oneapiArch = let match = {};
in match.${nixpkgs.march} or nixpkgs.march;
nvhpcArch = nixpkgs.march;
# contentAddressedByDefault = true;
enableCcache = true;
});
overlays =
[(final: prev:
let
inherit (final) system;
genericPackages = import inputs.topInputs.nixpkgs
{
inherit system;
config = { allowUnfree = true; inherit allowInsecurePredicate; };
};
in
{ inherit genericPackages; }
// (
let
source =
{
"pkgs-23.11" = "nixpkgs-23.11";
"pkgs-23.05" = "nixpkgs-23.05";
};
packages = name: import inputs.topInputs.${source.${name}}
{
localSystem = hostPlatform;
config = cudaConfig //
{
allowUnfree = true;
# contentAddressedByDefault = true;
inherit allowInsecurePredicate;
};
};
in builtins.listToAttrs (map
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
)
// (
inputs.lib.optionalAttrs (nixpkgs.march != null)
{
# -march=xxx cause embree build failed
# https://github.com/embree/embree/issues/115
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
}
)
)];
};
programs.ccache = { enable = true; cacheDir = "/var/lib/ccache"; };
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
boot.kernelPatches = mkIf (nixpkgs.march != null && inputs.config.nixos.system.kernel.variant != "steamos")
[{
name = "native kernel";
patch = null;
extraStructuredConfig =
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; };
in
{
GENERIC_CPU = inputs.lib.kernel.no;
${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
};
}];
};
}

130
modules/system/nixpkgs/default.nix Normal file
View File

@@ -0,0 +1,130 @@
inputs:
{
options.nixos.system.nixpkgs = let inherit (inputs.lib) mkOption types; in
{
march = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
cuda = mkOption
{
type = types.nullOr (types.submodule { options =
{
capabilities = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
forwardCompat = mkOption { type = types.nullOr types.bool; default = false; };
};});
default = null;
};
};
config = let inherit (inputs.config.nixos.system) nixpkgs; in
{
nixpkgs =
let
hostPlatform = if nixpkgs.march != null
then { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
else "x86_64-linux";
cudaConfig = inputs.lib.optionalAttrs (nixpkgs.cuda != null)
(
{ cudaSupport = true; }
// (inputs.lib.optionalAttrs (nixpkgs.cuda.capabilities != null)
{ cudaCapabilities = nixpkgs.cuda.capabilities; })
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
);
allowInsecurePredicate = p: inputs.lib.warn
"Allowing insecure package ${p.name or "${p.pname}-${p.version}"}" true;
in
{
inherit hostPlatform;
config = cudaConfig //
{
inherit allowInsecurePredicate;
allowUnfree = true;
qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda != null; };
android_sdk.accept_license = true;
}
// (if nixpkgs.march == null then {} else
{
# TODO: change znver4 after update oneapi
# TODO: test znver3 do use AVX
oneapiArch = let match = {}; in match.${nixpkgs.march} or nixpkgs.march;
nvhpcArch = nixpkgs.march;
# contentAddressedByDefault = true;
enableCcache = true;
});
overlays =
[(final: prev:
let
inherit (final) system;
genericPackages = import inputs.topInputs.nixpkgs
{ inherit system; config = { allowUnfree = true; inherit allowInsecurePredicate; }; };
in
{ inherit genericPackages; }
// (
let
source =
{
"pkgs-23.11" = "nixpkgs-23.11";
"pkgs-23.05" = "nixpkgs-23.05";
pkgs-unstable =
{
source = "nixpkgs-unstable";
overlay = final: prev:
{}
// inputs.lib.optionalAttrs (nixpkgs.march != null)
{
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
{
scipy = prev.scipy.overridePythonAttrs (prev:
{ disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
})];
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
ctranslate2 = (prev.ctranslate2.override { withCUDA = false; withCuDNN = false; })
.overrideAttrs (prev:
{ cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
}
// inputs.lib.optionalAttrs (nixpkgs.cuda != null)
{
ollama = prev.ollama.overrideAttrs (prev:
{ patches = prev.patches or [] ++ [ ./ollama.patch ]; });
};
};
};
packages = name: import inputs.topInputs.${source.${name}.source or source.${name}}
{
localSystem = hostPlatform;
config = cudaConfig //
{
allowUnfree = true;
# contentAddressedByDefault = true;
inherit allowInsecurePredicate;
};
overlays = [(source.${name}.overlay or (_: _: {}))];
};
in builtins.listToAttrs (builtins.map
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
)
// (
inputs.lib.optionalAttrs (nixpkgs.march != null)
{
# -march=xxx cause embree build failed
# https://github.com/embree/embree/issues/115
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
simde = prev.simde.override { stdenv = final.genericPackages.stdenv; };
}
)
)];
};
programs.ccache = { enable = true; cacheDir = "/var/lib/ccache"; };
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
[{
name = "native kernel";
patch = null;
extraStructuredConfig =
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; };
in
{
GENERIC_CPU = inputs.lib.kernel.no;
${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
};
}];
};
}

12
modules/system/nixpkgs/ollama.patch Normal file
View File

@@ -0,0 +1,12 @@
diff --color -ur src/llama/ggml-impl.h src.patched/llama/ggml-impl.h
--- src/llama/ggml-impl.h 2025-02-16 17:06:37.983174514 +0800
+++ src.patched/llama/ggml-impl.h 2025-02-16 17:07:53.002206262 +0800
@@ -48,7 +48,7 @@
#include <arm_neon.h>
#endif
-#if defined(__F16C__)
+#if defined(__F16C__) && !defined(__CUDACC__)
#include <immintrin.h>
#endif

24
modules/user/chn/default.nix
View File

@@ -12,8 +12,16 @@ inputs:
subGidRanges = [{ startGid = 100000; count = 65536; } ];
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
};
home-manager.users.chn =
home-manager.users.chn = hmInputs:
{
options.nixos.decrypt = inputs.lib.mkOption
{
type = inputs.lib.types.attrsOf (inputs.lib.types.attrsOf (inputs.lib.types.submodule { options =
{
mapper = inputs.lib.mkOption { type = inputs.lib.types.nonEmptyStr; };
ssd = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
};}));
};
config =
{
programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
@@ -24,15 +32,7 @@ inputs:
[
(
let
servers = builtins.filter
(system: system.value.enable)
(builtins.map
(system:
{
name = system.config.nixos.model.hostname;
value = system.config.nixos.system.fileSystems.luks.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
servers = inputs.localLib.attrsToList hmInputs.config.nixos.decrypt;
cat = "${inputs.pkgs.coreutils}/bin/cat";
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
ssh = "${inputs.pkgs.openssh}/bin/ssh";
@@ -42,13 +42,13 @@ inputs:
(builtins.map (system: builtins.concatStringsSep "\n"
[
"decrypt-${system.name}() {"
" key=$(${cat} ${inputs.topInputs.self}/modules/system/fileSystems/luks/${system.name}.key \\"
" key=$(${cat} ${inputs.topInputs.self}/devices/cross/luks-manual/${system.name}.key \\"
" | ${gpg} --decrypt)"
(builtins.concatStringsSep "\n" (builtins.map
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
+ (if device.value.ssd then "--allow-discards " else "")
+ "${device.name} ${device.value.mapper} -")
(inputs.localLib.attrsToList system.value.devices)))
(inputs.localLib.attrsToList system.value)))
"}"
])
servers)

276
modules/user/chn/hyprland.conf Normal file
View File

@@ -0,0 +1,276 @@
################
### MONITORS ###
################
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,auto
###################
### MY PROGRAMS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use
$terminal = kitty
$fileManager = dolphin
$menu = wofi --show drun
#################
### AUTOSTART ###
#################
# Autostart necessary processes (like notifications daemons, status bars, etc.)
# Or execute your favorite apps at launch like this:
# exec-once = $terminal
# exec-once = nm-applet &
# exec-once = waybar & hyprpaper & firefox
#############################
### ENVIRONMENT VARIABLES ###
#############################
# See https://wiki.hyprland.org/Configuring/Environment-variables/
env = XCURSOR_SIZE,24
env = HYPRCURSOR_SIZE,24
#####################
### LOOK AND FEEL ###
#####################
# Refer to https://wiki.hyprland.org/Configuring/Variables/
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 5
gaps_out = 20
border_size = 2
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = false
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
layout = dwindle
}
# https://wiki.hyprland.org/Configuring/Variables/#decoration
decoration {
rounding = 10
# Change transparency of focused and unfocused windows
active_opacity = 1.0
inactive_opacity = 1.0
shadow {
enabled = true
range = 4
render_power = 3
color = rgba(1a1a1aee)
}
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur {
enabled = true
size = 3
passes = 1
vibrancy = 0.1696
}
}
# https://wiki.hyprland.org/Configuring/Variables/#animations
animations {
enabled = yes, please :)
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = easeOutQuint,0.23,1,0.32,1
bezier = easeInOutCubic,0.65,0.05,0.36,1
bezier = linear,0,0,1,1
bezier = almostLinear,0.5,0.5,0.75,1.0
bezier = quick,0.15,0,0.1,1
animation = global, 1, 10, default
animation = border, 1, 5.39, easeOutQuint
animation = windows, 1, 4.79, easeOutQuint
animation = windowsIn, 1, 4.1, easeOutQuint, popin 87%
animation = windowsOut, 1, 1.49, linear, popin 87%
animation = fadeIn, 1, 1.73, almostLinear
animation = fadeOut, 1, 1.46, almostLinear
animation = fade, 1, 3.03, quick
animation = layers, 1, 3.81, easeOutQuint
animation = layersIn, 1, 4, easeOutQuint, fade
animation = layersOut, 1, 1.5, linear, fade
animation = fadeLayersIn, 1, 1.79, almostLinear
animation = fadeLayersOut, 1, 1.39, almostLinear
animation = workspaces, 1, 1.94, almostLinear, fade
animation = workspacesIn, 1, 1.21, almostLinear, fade
animation = workspacesOut, 1, 1.94, almostLinear, fade
}
# Ref https://wiki.hyprland.org/Configuring/Workspace-Rules/
# "Smart gaps" / "No gaps when only"
# uncomment all if you wish to use that.
# workspace = w[tv1], gapsout:0, gapsin:0
# workspace = f[1], gapsout:0, gapsin:0
# windowrulev2 = bordersize 0, floating:0, onworkspace:w[tv1]
# windowrulev2 = rounding 0, floating:0, onworkspace:w[tv1]
# windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
# windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle {
pseudotile = true # Master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = true # You probably want this
}
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master {
new_status = master
}
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
force_default_wallpaper = -1 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false # If true disables the random hyprland logo / anime girl background. :(
}
#############
### INPUT ###
#############
# https://wiki.hyprland.org/Configuring/Variables/#input
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = false
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
###################
### KEYBINDINGS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
$mainMod = SUPER # Sets "Windows" key as main modifier
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, Q, exec, $terminal
bind = $mainMod, C, killactive,
bind = $mainMod, M, exit,
bind = $mainMod, E, exec, $fileManager
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, $menu
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
# Laptop multimedia keys for volume and LCD brightness
bindel = ,XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+
bindel = ,XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-
bindel = ,XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
bindel = ,XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle
bindel = ,XF86MonBrightnessUp, exec, brightnessctl s 10%+
bindel = ,XF86MonBrightnessDown, exec, brightnessctl s 10%-
# Requires playerctl
bindl = , XF86AudioNext, exec, playerctl next
bindl = , XF86AudioPause, exec, playerctl play-pause
bindl = , XF86AudioPlay, exec, playerctl play-pause
bindl = , XF86AudioPrev, exec, playerctl previous
##############################
### WINDOWS AND WORKSPACES ###
##############################
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# See https://wiki.hyprland.org/Configuring/Workspace-Rules/ for workspace rules
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
# Ignore maximize requests from apps. You'll probably like this.
windowrulev2 = suppressevent maximize, class:.*
# Fix some dragging issues with XWayland
windowrulev2 = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0

50
modules/user/chn/hyprland.nix Normal file
View File

@@ -0,0 +1,50 @@
inputs:
{
config = inputs.lib.mkIf (inputs.config.nixos.packages.desktop != null)
{
home-manager.users.chn.config =
{
programs.hyprlock =
{
enable = true;
settings =
{
general = { disable_loading_bar = true; hide_cursor = true; };
background.path = "${inputs.topInputs.nixos-wallpaper}/twitter-1884592003595592025.jpg";
input-field =
[{
# as least one entry is required even it is default
position = "0, 0";
# size = "200, 50";
# position = "0, -80";
# font_color = "rgb(202, 211, 245)";
# inner_color = "rgb(91, 96, 120)";
# outer_color = "rgb(24, 25, 38)";
# outline_thickness = 5;
# placeholder_text = '\'<span foreground="##cad3f5">Password...</span>'\';
# shadow_passes = 2;
}];
};
};
wayland.windowManager.hyprland =
{
enable = true;
settings =
{
};
extraConfig = builtins.readFile ./hyprland.conf;
systemd.enable = false;
xwayland.enable = true;
};
services.hyprpaper =
{
enable = true;
settings =
{
preload = [ "${inputs.topInputs.nixos-wallpaper}/twitter-1884592003595592025.jpg" ];
wallpaper = [ ",${inputs.topInputs.nixos-wallpaper}/twitter-1884592003595592025.jpg" ];
};
};
};
};
}

2
modules/user/chn/ssh.nix
View File

@@ -12,7 +12,7 @@ inputs:
{
xmuhk = { host = "xmuhk"; hostname = "10.26.14.56"; user = "xmuhk"; };
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:chn_debug:xterm-256color";
jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:xterm-256color";
"wireguard.jykang" = jykang;
}
// (builtins.listToAttrs (builtins.map

81
modules/virtualization/default.nix → modules/virtualization.nix
View File

@@ -11,43 +11,44 @@ inputs:
kvmGuest.enable = mkOption { default = false; type = types.bool; };
nspawn = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
config = let inherit (inputs.lib) mkMerge mkIf; in mkMerge
config = inputs.lib.mkMerge
[
# kvmHost
(
mkIf inputs.config.nixos.virtualization.kvmHost.enable
(inputs.lib.mkIf inputs.config.nixos.virtualization.kvmHost.enable
{
nix.settings.system-features = [ "kvm" ];
boot =
{
nix.settings.system-features = [ "kvm" ];
boot =
kernelModules =
let modules = { intel = [ "kvm-intel" ]; amd = []; };
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) inputs.config.nixos.hardware.cpus);
extraModprobeConfig =
let configs = { intel = "options kvm_intel nested=1"; amd = ""; };
in builtins.concatStringsSep "\n" (builtins.map (cpu: configs.${cpu}) inputs.config.nixos.hardware.cpus);
};
virtualisation =
{
libvirtd =
{
kernelModules =
let modules = { intel = [ "kvm-intel" ]; amd = []; };
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) inputs.config.nixos.hardware.cpus);
extraModprobeConfig =
let configs = { intel = "options kvm_intel nested=1"; amd = ""; };
in builtins.concatStringsSep "\n" (builtins.map (cpu: configs.${cpu}) inputs.config.nixos.hardware.cpus);
};
virtualisation =
{
libvirtd =
enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
shutdownTimeout = 30;
parallelShutdown = 4;
qemu =
{
enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
shutdownTimeout = 30;
parallelShutdown = 4;
qemu =
{
ovmf.packages = with inputs.pkgs; [ OVMF.fd pkgsCross.aarch64-multiplatform.OVMF.fd ];
swtpm.enable = true;
};
ovmf.packages = with inputs.pkgs; [ OVMF.fd pkgsCross.aarch64-multiplatform.OVMF.fd ];
swtpm.enable = true;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with inputs.pkgs; [ qemu_full win-spice ] ++
(if (inputs.config.nixos.virtualization.kvmHost.gui) then [ virt-manager ] else []);
systemd.services =
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with inputs.pkgs; [ qemu_full win-spice ] ++
(if (inputs.config.nixos.virtualization.kvmHost.gui) then [ virt-manager ] else []);
systemd =
{
services =
let
virsh = "${inputs.pkgs.libvirt}/bin/virsh";
hibernate = inputs.pkgs.writeShellScript "libvirt-hibernate"
@@ -110,14 +111,22 @@ inputs:
};
makeServices = serviceFunction: builtins.map serviceFunction
inputs.config.nixos.virtualization.kvmHost.autoSuspend;
in builtins.listToAttrs (makeServices makeHibernate ++ makeServices makeResume);
mounts =
let iso = inputs.pkgs.runCommand "virtio-win.iso" {}
''${inputs.pkgs.cdrtools}/bin/mkisofs -o $out ${inputs.pkgs.virtio-win}'';
in
builtins.listToAttrs (makeServices makeHibernate ++ makeServices makeResume);
}
)
[{
what = "${iso}";
where = "/var/lib/libvirt/images/virtio-win.iso";
options = "bind";
wantedBy = [ "local-fs.target" ];
}];
};
})
# kvmGuest
(
mkIf inputs.config.nixos.virtualization.kvmGuest.enable
{ services = { qemuGuest.enable = true; spice-vdagentd.enable = true; xserver.videoDrivers = [ "qxl" ]; }; }
(inputs.lib.mkIf inputs.config.nixos.virtualization.kvmGuest.enable
{ services = { qemuGuest.enable = true; spice-vdagentd.enable = true; xserver.videoDrivers = [ "qxl" ]; }; }
)
# nspawn
{

3
packages/biu/include/biu/format.hpp
View File

@@ -6,6 +6,7 @@
# include <biu/concepts.hpp>
# include <fmt/format.h>
# include <fmt/ostream.h>
# include <yaml-cpp/yaml.h>
namespace biu
{
@@ -74,4 +75,6 @@ namespace fmt
template <typename Char, typename... Ts> struct formatter<std::variant<Ts...>, Char>
: basic_ostream_formatter<Char> {};
template <typename Char> struct formatter<YAML::Node, Char> : basic_ostream_formatter<Char> {};
}

2
packages/biu/include/biu/logger.hpp
View File

@@ -61,6 +61,8 @@ namespace biu
public: const char* what() const noexcept final {return Message_.c_str();}
};
public: template <typename Function> static void try_exec(Function&& function);
// Monitor the start and end of a function, as well as corresponding thread.
// This object should be construct at the beginning of the function, and should never be passed to another
// function or thread.

10
packages/biu/include/biu/logger.tpp
View File

@@ -5,6 +5,7 @@
# include <biu/logger.hpp>
# include <biu/common.hpp>
# include <biu/format.hpp>
# include <boost/exception/diagnostic_information.hpp>
namespace biu
{
@@ -66,7 +67,14 @@ namespace biu
template <typename FinalException> Logger::Exception<FinalException>::Exception(const std::string& message)
{
Logger::Guard log(message);
log.print_exception(nameof::nameof_full_type<FinalException>(), message, Stacktrace_, {});
log.print_exception<FinalException>(nameof::nameof_full_type<FinalException>(), message, Stacktrace_, {});
}
template <typename Function> inline void Logger::try_exec(Function&& function)
{
Logger::Guard log;
try { function(); }
catch (...) { log.error(boost::current_exception_diagnostic_information()); }
}
inline thread_local unsigned Logger::Guard::Indent_ = 0;

9
packages/default.nix
View File

@@ -2,7 +2,12 @@ inputs: rec
{
vesta = inputs.pkgs.callPackage ./vesta.nix {};
rsshub = inputs.pkgs.callPackage ./rsshub.nix { inherit mkPnpmPackage; src = inputs.topInputs.rsshub; };
misskey = inputs.pkgs.callPackage ./misskey.nix { inherit mkPnpmPackage; src = inputs.topInputs.misskey; };
misskey = inputs.pkgs.callPackage ./misskey.nix
{
inherit mkPnpmPackage;
src = inputs.topInputs.misskey;
extraIntegritySha256 = inputs.topInputs.self.src.misskey;
};
vaspkit = inputs.pkgs.callPackage ./vaspkit.nix { inherit (inputs.localLib) attrsToList; };
v-sim = inputs.pkgs.callPackage ./v-sim.nix { src = inputs.topInputs.v-sim; };
concurrencpp = inputs.pkgs.callPackage ./concurrencpp.nix { src = inputs.topInputs.concurrencpp; };
@@ -120,6 +125,8 @@ inputs: rec
nglview = inputs.pkgs.python3Packages.callPackage ./nglview.nix { src = inputs.topInputs.self.src.nglview; };
octodns-cloudflare = inputs.pkgs.python3Packages.callPackage ./octodns-cloudflare.nix
{ src = inputs.topInputs.octodns-cloudflare; };
info = inputs.pkgs.callPackage ./info { inherit biu; stdenv = inputs.pkgs.clang18Stdenv; };
blog = inputs.pkgs.callPackage inputs.topInputs.blog { inherit (inputs.topInputs) hextra; };
fromYaml = content: builtins.fromJSON (builtins.readFile
(inputs.pkgs.runCommand "toJSON" {}

2
packages/hpcstat/default.nix
View File

@@ -10,7 +10,7 @@
nativeBuildInputs = [ cmake pkg-config makeWrapper ];
cmakeFlags = lib.optionals (version != null) [ "-DHPCSTAT_VERSION=${version}" ];
postInstall =
if standalone then "cp ${openssh}/bin/{ssh-add,ssh-keygen} ${duc}/bin/duc $out/bin"
if standalone then "cp ${openssh}/bin/{ssh-add,ssh-keygen} ${duc}/bin/duc ${sqlite}/bin/sqlite3 $out/bin"
else
''
wrapProgram $out/bin/hpcstat --set HPCSTAT_SHAREDIR $out/share/hpcstat \

5
packages/hpcstat/src/disk.cpp
View File

@@ -8,16 +8,13 @@ namespace hpcstat::disk
{
{ "caiduanjun", true },
{ "Gaona", true },
{ "huangkai", true },
{ "huangshengli", false },
{ "kangjunyong", true },
{ "lijing", true },
{ "linwei", true },
{ "Lixu", true },
{ "wanghao", false },
{ "wuyaping", true },
{ "wuzhiming", true },
{ "zhanhuahan", false }
{ "zhanhuahan", true }
};
bool stat()

2
packages/hpcstat/src/main.cpp
View File

@@ -168,7 +168,7 @@ int main(int argc, const char** argv)
auto begin = sys_seconds(sys_days(month(month_n) / 1 / year_n)).time_since_epoch().count();
auto end = sys_seconds(sys_days(month(month_n) / 1 / year_n + months(1)))
.time_since_epoch().count();
if (!sql::export_data(begin, end, "{}{}.xlsx"_f(year_n, month_n))) return 1;
if (!sql::export_data(begin, end, "{}{:0>2}.xlsx"_f(year_n, month_n))) return 1;
}
else if (args[1] == "push")
{

5
packages/hpcstat/src/sql.cpp
View File

@@ -308,10 +308,11 @@ namespace hpcstat::sql
key ? "{}::SHA256:{}"_f(Keys[*key].PubkeyFilename, *key) : "(unknown)"
);
for (auto& [key_subaccount, stat] : stat_subaccount)
std::cout << "| {}::{} | {:.2f} | {} | {} | {} | {} | `{}::{}` |\n"_f
std::cout << "| {}::{} | {:.2f} | {}/{}/{} | {}/{}/{} | `{}::{}` |\n"_f
(
Keys[key_subaccount.first].Username, key_subaccount.second, stat.CpuTime,
stat.LoginInteractive, stat.LoginNonInteractive, stat.FinishJobSuccess, stat.FinishJobFailed,
stat.LoginInteractive + stat.LoginNonInteractive, stat.LoginInteractive, stat.LoginNonInteractive,
stat.FinishJobSuccess + stat.FinishJobFailed, stat.FinishJobSuccess, stat.FinishJobFailed,
Keys[key_subaccount.first].PubkeyFilename, key_subaccount.first
);
// export to excel

1
packages/info/.envrc Normal file
View File

@@ -0,0 +1 @@
use flake .#info

27
packages/info/CMakeLists.txt Normal file
View File

@@ -0,0 +1,27 @@
cmake_minimum_required(VERSION 3.14)
project(info VERSION 0.0.0 LANGUAGES CXX)
enable_testing()
include(GNUInstallDirs)
if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
message("Setting build type to 'Release' as none was specified.")
set(CMAKE_BUILD_TYPE Release CACHE STRING "Choose the type of build." FORCE)
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
endif()
find_package(biu REQUIRED)
find_path(SLURM_INCLUDE_PATH slurm/spank.h REQUIRED)
find_library(SLURM_LIBRARY slurm REQUIRED)
find_package(Boost REQUIRED COMPONENTS process)
add_executable(info src/main.cpp)
target_include_directories(info PRIVATE ${SLURM_INCLUDE_PATH})
target_link_libraries(info PRIVATE biu::biu ${SLURM_LIBRARY} Boost::process)
target_compile_features(info PRIVATE cxx_std_23)
target_compile_definitions(info PRIVATE INFO_CONFIG_FILE="${INFO_CONFIG_FILE}")
install(TARGETS info RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
get_property(ImportedTargets DIRECTORY "${CMAKE_SOURCE_DIR}" PROPERTY IMPORTED_TARGETS)
message("Imported targets: ${ImportedTargets}")
message("List of compile features: ${CMAKE_CXX_COMPILE_FEATURES}")
message("CMake build type: ${CMAKE_BUILD_TYPE}")

8
packages/info/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{ lib, stdenv, cmake, pkg-config, configFile ? null, slurm, biu }: stdenv.mkDerivation
{
name = "info";
src = ./.;
buildInputs = [ slurm biu ];
nativeBuildInputs = [ cmake pkg-config ];
cmakeFlags = lib.optional (configFile != null) [ "-DINFO_CONFIG_FILE=${configFile}" ];
}

172
packages/info/src/main.cpp Normal file
View File

@@ -0,0 +1,172 @@
# include <biu.hpp>
# include <tgbot/tgbot.h>
# include <slurm/slurm.h>
# include <slurm/slurmdb.h>
# include <boost/process.hpp>
# include <boost/process/v2.hpp>
# ifndef INFO_CONFIG_FILE
# define INFO_CONFIG_FILE "/etc/info.yaml"
# endif
struct switch_user
{
std::uint32_t uid, gid;
switch_user(std::uint32_t uid, std::uint32_t gid) : uid(uid), gid(gid) {}
boost::system::error_code on_exec_setup(auto&&...)
{
// first set gid then set uid, otherwise failed
if (setegid(gid) != 0 || seteuid(uid) != 0)
return boost::system::error_code{errno, boost::system::system_category()};
else return {};
}
};
int main()
{
using namespace biu::literals;
biu::Logger::init(std::make_shared<std::ofstream>("/var/log/slurmctld/info.log", std::ios::app),
biu::Logger::Level::Info);
biu::Logger::Guard log;
biu::Logger::try_exec([]
{
// 读取配置
std::string token;
std::map<std::string, std::string> user_map;
std::string slurm_conf;
std::map<std::string, std::string> context_map
{
{ "prolog_slurmctld", "Begin" },
{ "epilog_slurmctld", "End" }
};
{
auto config = YAML::LoadFile(INFO_CONFIG_FILE);
token = config["token"].as<std::string>();
user_map = config["user"].as<std::map<std::string, std::string>>();
slurm_conf = config["slurmConf"].as<std::string>();
}
// 读取用户名、任务 id、阶段
std::string user;
std::uint32_t jid;
std::string context;
{
auto user_cstr = std::getenv("SLURM_JOB_USER");
if (!user_cstr) throw std::runtime_error("SLURM_JOB_USER not found");
user = user_cstr;
if (!user_map.contains(user)) return;
auto jid_cstr = std::getenv("SLURM_JOB_ID");
if (!jid_cstr) throw std::runtime_error("SLURM_JOB_ID not found");
jid = std::stoul(jid_cstr);
auto context_cstr = std::getenv("SLURM_SCRIPT_CONTEXT");
if (!context_cstr) throw std::runtime_error("SLURM_SCRIPT_CONTEXT not found");
if (!context_map.contains(context_cstr)) throw std::runtime_error("unknown SLURM_SCRIPT_CONTEXT");
context = context_cstr;
}
YAML::Node info;
std::uint32_t uid, gid;
std::string output_file;
// slurm 只能初始化一次,之后即使 fini 再初始化也会无法连接到数据库
slurm_init(slurm_conf.c_str());
// 从 slurm 处查询信息
{
job_info_msg_t* job_info;
auto slurm_result = slurm_load_job(&job_info, jid, 0);
if (slurm_result != SLURM_SUCCESS) throw std::runtime_error("slurm_load_job failed: {}"_f(slurm_strerror(slurm_result)));
else if (job_info->record_count != 1) throw std::runtime_error("job_info->record_count != 1");
else
{
auto null_to_empty = [](const char* str) { return str ? str : ""; };
auto timepoint = [](time_t time)
{ return "{:%Y-%m-%d %H:%M:%S}"_f(*std::localtime(&time)); };
auto get_status = [](int code)
{ return std::vector{ "{}"_f(job_states(code & 0xff)), "{:#x}"_f(code) }; };
info["Job Id"] = job_info->job_array->job_id;
info["Job Name"] = null_to_empty(job_info->job_array->name);
info["Working Directory"] = null_to_empty(job_info->job_array->work_dir);
info["Output File"] = null_to_empty(job_info->job_array->std_out);
output_file = null_to_empty(job_info->job_array->std_out);
info["Partition"] = null_to_empty(job_info->job_array->partition);
info["Submit Time"] = timepoint(job_info->job_array->submit_time);
info["Start Time"] = timepoint(job_info->job_array->start_time);
if (context == "epilog_slurmctld") info["End Time"] = timepoint(job_info->job_array->end_time);
// not working on epilog_slurmctld
// info["Nodes"] = null_to_empty(job_info->job_array->nodes);
info["Nodes"] = null_to_empty(std::getenv("SLURM_JOB_NODELIST"));
info["TREs Allocated"] = null_to_empty(job_info->job_array->tres_alloc_str);
info["GREs Allocated"] = null_to_empty(job_info->job_array->gres_total);
if (context == "epilog_slurmctld") info["Exit Code"] = job_info->job_array->exit_code;
info["Status"] = get_status(job_info->job_array->job_state);
info["Status"].SetStyle(YAML::EmitterStyle::Flow);
info["User ID"] = job_info->job_array->user_id;
uid = job_info->job_array->user_id;
info["Group ID"] = job_info->job_array->group_id;
gid = job_info->job_array->group_id;
}
slurm_free_job_info_msg(job_info);
}
// 从 slurmdbd 处查询信息
// 有问题,先不用这段代码
// if (context == "epilog_slurmctld")
if (false)
{
auto conn = slurmdb_connection_get(nullptr);
if (!conn) throw std::runtime_error("slurmdb_connection_get failed.");
// 构造查询
// from: https://github.com/ksyx/turingopt/blob/20d88df423c0722839d1f0d185708da0af7c07a7/watcher/src/main.cpp#L329
auto query = reinterpret_cast<slurmdb_job_cond_t*>
(std::calloc(1, sizeof(slurmdb_job_cond_t)));
query->flags |= JOBCOND_FLAG_NO_TRUNC;
query->db_flags = SLURMDB_JOB_FLAG_NOTSET;
query->step_list = slurm_list_create(slurm_destroy_selected_step);
auto step = new slurm_selected_step_t
{nullptr, NO_VAL, NO_VAL, {jid, NO_VAL, NO_VAL}};
slurm_list_append(query->step_list, step);
// 查询
auto result = slurmdb_jobs_get(conn, query);
if (slurm_list_count(result) != 1) throw std::runtime_error("slurmdb_jobs_get failed.");
auto data = reinterpret_cast<slurmdb_job_rec_t*>(slurm_list_pop(result));
// 读取需要的信息并清理
slurm_list_destroy(result);
slurmdb_destroy_job_cond(query);
auto null_to_empty = [](const char* str) { return str ? str : ""; };
info["Nodes"] = null_to_empty(data->nodes);
slurmdb_destroy_job_rec(data);
auto close_result = slurmdb_connection_close(&conn);
if (close_result != SLURM_SUCCESS) throw std::runtime_error("slurmdb_connection_close failed.");
}
slurm_fini();
// 发送消息
{
TgBot::Bot bot(token);
std::stringstream ss;
ss << "<b>{}</b> {} {}\n"_f(context_map[context], info["Job Id"], info["Job Name"]);
ss << "<blockquote expandable>{}</blockquote>"_f(info);
bot.getApi().sendMessage
(user_map[user], ss.str(), nullptr, nullptr, nullptr, "HTML");
}
// 写入消息
if (context == "epilog_slurmctld" && !output_file.empty())
{
auto text = "\n--------------------\n{}\n--------------------\n"_f(info);
boost::asio::io_context context;
boost::system::error_code ec;
boost::asio::writable_pipe wp{context};
boost::process::v2::process proc
(
context, "/run/current-system/sw/bin/tee", { "-a", output_file.c_str() },
boost::process::v2::process_stdio{wp, nullptr, nullptr}, switch_user(uid, gid)
);
boost::asio::write(wp, boost::asio::buffer(text));
wp.close();
proc.wait();
}
});
}

49
packages/misskey.nix
View File

@@ -1,29 +1,28 @@
{
lib, mkPnpmPackage, nodejs, writeShellScript, src,
lib, mkPnpmPackage, nodejs, writeShellScript, src, extraIntegritySha256,
bash, cypress, vips, python3
}: (mkPnpmPackage.override { inherit nodejs; })
{
inherit src extraIntegritySha256;
extraNativeBuildInputs = [ bash nodejs.pkgs.typescript nodejs.pkgs.gulp python3 ];
extraAttrs =
{
inherit src;
extraIntegritySha256."https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.6/aiscript-dev-aiscript-languageserver-0.1.6.tgz" = "0092d5r67bhf4xkvrdn4a2rm1drjzy7b5sw8mi7hp4pqvpc20ylr";
extraNativeBuildInputs = [ bash nodejs.pkgs.typescript nodejs.pkgs.gulp python3 ];
extraAttrs =
{
CYPRESS_INSTALL_BINARY = "0";
NODE_ENV = "production";
postInstall =
let startScript = writeShellScript "misskey"
''
export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress ]}:$PATH
export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
export NODE_ENV=production
export COREPACK_ENABLE_STRICT=0
pnpm run migrateandstart
'';
in
''
mkdir -p $out/bin
cp ${startScript} $out/bin/misskey
mkdir -p $out/files
'';
};
}
CYPRESS_INSTALL_BINARY = "0";
NODE_ENV = "production";
postInstall =
let startScript = writeShellScript "misskey"
''
export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm nodejs.pkgs.gulp cypress ]}:$PATH
export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
export NODE_ENV=production
export COREPACK_ENABLE_STRICT=0
pnpm run migrateandstart
'';
in
''
mkdir -p $out/bin
cp ${startScript} $out/bin/misskey
mkdir -p $out/files
'';
};
}

4
packages/nvhpc/stdenv.nix
View File

@@ -66,6 +66,10 @@ let
export LD_LIBRARY_PATH=${compilerDir}/lib''${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
# allow access to libcuda.so
export LD_LIBRARY_PATH=/run/opengl-driver/lib''${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
# set NCCL_SOCKET_IFNAME to lo if not set
if [ -z "$NCCL_SOCKET_IFNAME" ]; then
export NCCL_SOCKET_IFNAME==lo
fi
exec "$@"
'';
wrapper = (wrapCCWith

3
packages/vasp/intel/default.nix
View File

@@ -37,6 +37,9 @@ let vasp = stdenv.mkDerivation
# tell openmpi use ifx
OMPI_F90 = "ifx";
dontStrip = true;
dontPatchELF = true;
};
in writeShellScriptBin "vasp-intel"
''

3
packages/vasp/intel/makefile.include
View File

@@ -19,7 +19,8 @@ FREE = -free -names lowercase
FFLAGS = -assume byterecl -w
OFLAG = -O2
# OFLAG = -O2
OFLAG = -g
OFLAG_IN = $(OFLAG)
DEBUG = -O0

2
packages/vasp/nvidia/default.nix
View File

@@ -35,6 +35,8 @@ let vasp = stdenv.mkDerivation
MKLROOT = mkl;
QD = "${stdenv.cc.cc}/Linux_x86_64/${stdenv.cc.cc.version}/compilers/extras/qd";
};
dontStrip = true;
dontPatchELF = true;
};
in writeShellScriptBin "vasp-nvidia"
''

3
packages/vasp/nvidia/makefile.include
View File

@@ -24,7 +24,8 @@ FREE = -Mfree
FFLAGS = -Mbackslash -Mlarge_arrays
OFLAG = -fast
# OFLAG = -fast
OFLAG = -g
DEBUG = -Mfree -O0 -traceback