mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-11 23:09:22 +08:00
Compare commits
4 Commits
d3f38c3b55
...
tested
| Author | SHA1 | Date | |
|---|---|---|---|
| 6b90d5068b | |||
| 7243090020 | |||
| ee2f976ae0 | |||
| a85fb881a7 |
@@ -211,6 +211,7 @@
|
||||
nginx = { enable = true; transparentProxy.enable = false; };
|
||||
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
|
||||
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
|
||||
huginn.enable = true;
|
||||
};
|
||||
bugs =
|
||||
[
|
||||
@@ -432,7 +433,7 @@
|
||||
groupshare.enable = true;
|
||||
smartd.enable = true;
|
||||
};
|
||||
users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
|
||||
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
|
||||
};})
|
||||
];
|
||||
"xmupc1" =
|
||||
|
||||
@@ -29,101 +29,50 @@ inputs:
|
||||
[
|
||||
# >= server
|
||||
{
|
||||
nixos.packages = with inputs.pkgs;
|
||||
nixos =
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# shell
|
||||
ksh
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
nano bat
|
||||
# downloader
|
||||
wget aria2 curl
|
||||
# file manager
|
||||
tree exa trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz rar upx unzip zip lzip p7zip
|
||||
# file system management
|
||||
sshfs e2fsprogs adb-sync duperemove compsize
|
||||
# disk management
|
||||
smartmontools hdparm
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
|
||||
# nix tools
|
||||
nix-output-monitor nix-tree
|
||||
# office
|
||||
todo-txt-cli
|
||||
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2
|
||||
])];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
nix-index-database.comma.enable = true;
|
||||
nix-index.enable = true;
|
||||
zsh =
|
||||
packages = with inputs.pkgs;
|
||||
{
|
||||
enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
ohMyZsh =
|
||||
{
|
||||
enable = true;
|
||||
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
|
||||
customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
|
||||
};
|
||||
_packages =
|
||||
[
|
||||
# shell
|
||||
ksh
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
nano bat
|
||||
# downloader
|
||||
wget aria2 curl
|
||||
# file manager
|
||||
tree exa trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz rar upx unzip zip lzip p7zip
|
||||
# file system management
|
||||
sshfs e2fsprogs adb-sync duperemove compsize
|
||||
# disk management
|
||||
smartmontools hdparm
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
|
||||
# nix tools
|
||||
nix-output-monitor nix-tree
|
||||
# office
|
||||
todo-txt-cli
|
||||
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2
|
||||
])];
|
||||
};
|
||||
ccache.enable = true;
|
||||
command-not-found.enable = false;
|
||||
adb.enable = true;
|
||||
gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
autojump.enable = true;
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.gitFull;
|
||||
lfs.enable = true;
|
||||
config =
|
||||
{
|
||||
init.defaultBranch = "main";
|
||||
core = { quotepath = false; editor = "vim"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
fwupd.enable = true;
|
||||
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
|
||||
};
|
||||
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
|
||||
nixpkgs.config =
|
||||
{
|
||||
permittedInsecurePackages = with inputs.pkgs;
|
||||
[
|
||||
openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
|
||||
];
|
||||
allowUnfree = true;
|
||||
};
|
||||
home-manager =
|
||||
{
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
sharedModules =
|
||||
users.sharedModules =
|
||||
[{
|
||||
home.stateVersion = "22.11";
|
||||
programs =
|
||||
config.programs =
|
||||
{
|
||||
zsh =
|
||||
{
|
||||
@@ -238,80 +187,181 @@ inputs:
|
||||
};
|
||||
}];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
nix-index-database.comma.enable = true;
|
||||
nix-index.enable = true;
|
||||
zsh =
|
||||
{
|
||||
enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
ohMyZsh =
|
||||
{
|
||||
enable = true;
|
||||
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
|
||||
customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
|
||||
};
|
||||
};
|
||||
ccache.enable = true;
|
||||
command-not-found.enable = false;
|
||||
adb.enable = true;
|
||||
gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
autojump.enable = true;
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.gitFull;
|
||||
lfs.enable = true;
|
||||
config =
|
||||
{
|
||||
init.defaultBranch = "main";
|
||||
core = { quotepath = false; editor = "vim"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
fwupd.enable = true;
|
||||
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
|
||||
};
|
||||
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
|
||||
nixpkgs.config =
|
||||
{
|
||||
permittedInsecurePackages = with inputs.pkgs;
|
||||
[
|
||||
openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
|
||||
];
|
||||
allowUnfree = true;
|
||||
};
|
||||
home-manager =
|
||||
{
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
};
|
||||
}
|
||||
# >= desktop
|
||||
(
|
||||
mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
|
||||
{
|
||||
nixos.packages = with inputs.pkgs;
|
||||
nixos =
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# system management
|
||||
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
|
||||
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
|
||||
# nix tools
|
||||
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
|
||||
cinny-desktop # nur-xddxdd.wine-wechat thunder
|
||||
# browser
|
||||
google-chrome
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# password and key management
|
||||
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
|
||||
# download
|
||||
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
|
||||
# office
|
||||
unstablePackages.crow-translate zotero pandoc
|
||||
# development
|
||||
scrcpy
|
||||
# media
|
||||
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
|
||||
# text editor
|
||||
localPackages.typora
|
||||
# themes
|
||||
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
|
||||
arc-kde-theme materia-theme
|
||||
# news
|
||||
fluent-reader rssguard
|
||||
# davinci-resolve playonlinux
|
||||
weston cage openbox krita
|
||||
genymotion
|
||||
(
|
||||
vscode-with-extensions.override
|
||||
packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# system management
|
||||
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
|
||||
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
|
||||
# nix tools
|
||||
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
|
||||
cinny-desktop # nur-xddxdd.wine-wechat thunder
|
||||
# browser
|
||||
google-chrome
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# password and key management
|
||||
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
|
||||
# download
|
||||
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
|
||||
# office
|
||||
unstablePackages.crow-translate zotero pandoc
|
||||
# development
|
||||
scrcpy
|
||||
# media
|
||||
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
|
||||
# text editor
|
||||
localPackages.typora
|
||||
# themes
|
||||
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
|
||||
arc-kde-theme materia-theme
|
||||
# news
|
||||
fluent-reader rssguard
|
||||
# davinci-resolve playonlinux
|
||||
weston cage openbox krita
|
||||
genymotion
|
||||
(
|
||||
vscode-with-extensions.override
|
||||
{
|
||||
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
|
||||
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
|
||||
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate deepl-translate ])
|
||||
++ (with ms-python; [ isort python vscode-pylance ])
|
||||
++ (with ms-toolsai;
|
||||
[
|
||||
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
|
||||
])
|
||||
++ (with ms-vscode;
|
||||
[
|
||||
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
|
||||
test-adapter-converter
|
||||
])
|
||||
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
|
||||
++ [
|
||||
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
|
||||
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
|
||||
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
|
||||
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
|
||||
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
|
||||
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
|
||||
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
|
||||
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
|
||||
];
|
||||
}
|
||||
)
|
||||
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
|
||||
};
|
||||
users.sharedModules =
|
||||
[{
|
||||
config =
|
||||
{
|
||||
programs =
|
||||
{
|
||||
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
|
||||
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
|
||||
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate deepl-translate ])
|
||||
++ (with ms-python; [ isort python vscode-pylance ])
|
||||
++ (with ms-toolsai;
|
||||
chromium =
|
||||
{
|
||||
enable = true;
|
||||
extensions =
|
||||
[
|
||||
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
|
||||
])
|
||||
++ (with ms-vscode;
|
||||
[
|
||||
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
|
||||
test-adapter-converter
|
||||
])
|
||||
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
|
||||
++ [
|
||||
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
|
||||
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
|
||||
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
|
||||
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
|
||||
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
|
||||
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
|
||||
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
|
||||
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
|
||||
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
|
||||
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
|
||||
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
|
||||
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
|
||||
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
|
||||
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
|
||||
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
|
||||
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
|
||||
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
|
||||
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
|
||||
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
|
||||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
|
||||
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
|
||||
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
|
||||
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
|
||||
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
|
||||
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
|
||||
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
|
||||
];
|
||||
}
|
||||
)
|
||||
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
|
||||
};
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with inputs.pkgs.obs-studio-plugins;
|
||||
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
};
|
||||
home.file.".config/baloofilerc".text =
|
||||
''
|
||||
[Basic Settings]
|
||||
Indexing-Enabled=false
|
||||
'';
|
||||
};
|
||||
}];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
@@ -334,48 +384,6 @@ inputs:
|
||||
});
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
home-manager.sharedModules =
|
||||
[{
|
||||
programs =
|
||||
{
|
||||
chromium =
|
||||
{
|
||||
enable = true;
|
||||
extensions =
|
||||
[
|
||||
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
|
||||
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
|
||||
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
|
||||
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
|
||||
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
|
||||
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
|
||||
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
|
||||
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
|
||||
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
|
||||
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
|
||||
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
|
||||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
|
||||
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
|
||||
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
|
||||
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
|
||||
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
|
||||
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
|
||||
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
|
||||
];
|
||||
};
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with inputs.pkgs.obs-studio-plugins;
|
||||
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
};
|
||||
home.file.".config/baloofilerc".text =
|
||||
''
|
||||
[Basic Settings]
|
||||
Indexing-Enabled=false
|
||||
'';
|
||||
}];
|
||||
}
|
||||
)
|
||||
# >= workstation
|
||||
|
||||
@@ -19,7 +19,8 @@ inputs:
|
||||
./sshd.nix
|
||||
./vaultwarden.nix
|
||||
./frp.nix
|
||||
# ./docker.nix
|
||||
./docker.nix
|
||||
./huginn.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
|
||||
@@ -1,13 +1,11 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in
|
||||
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs: { options =
|
||||
{
|
||||
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
|
||||
image = mkOption { type = types.package; };
|
||||
imageName =
|
||||
mkOption { type = types.nonEmptyStr; default = with inputs.image; (imageName + ":" + imageTag); };
|
||||
ports = mkOption
|
||||
{
|
||||
type = types.listOf (types.oneOf
|
||||
@@ -29,75 +27,104 @@ inputs:
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) listToAttrs map;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) docker;
|
||||
in mkMerge
|
||||
[
|
||||
users = inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker));
|
||||
# users = map
|
||||
# (user: builtins.filter (container: container.user == user) (builtins.attrValues docker))
|
||||
# (inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker)));
|
||||
in mkIf (docker != {})
|
||||
{
|
||||
systemd.tmpfiles.rules = [ "d /run/docker-rootless 0755 root root" ];
|
||||
nixos =
|
||||
{
|
||||
virtualisation.oci-containers.containers = listToAttrs (map
|
||||
(container:
|
||||
virtualization.docker.enable = true;
|
||||
users.linger = users;
|
||||
};
|
||||
users =
|
||||
{
|
||||
users = listToAttrs (map
|
||||
(user:
|
||||
{
|
||||
name = "${container.name}";
|
||||
name = user;
|
||||
value =
|
||||
{
|
||||
image = container.value.imageName;
|
||||
imageFile = container.value.image;
|
||||
ports = map
|
||||
(port:
|
||||
(
|
||||
if builtins.typeOf port == "int" then "127.0.0.1::${toString port}"
|
||||
else ("${port.value.hostIp}:${toString port.value.hostPort}"
|
||||
+ ":${toString port.value.containerPort}/${port.value.protocol}")
|
||||
))
|
||||
container.value.ports;
|
||||
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
|
||||
environmentFiles =
|
||||
if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
|
||||
then [ inputs.config.sops.templates."${container.name}/env".path ]
|
||||
else if builtins.typeOf container.value.environmentFile == "bool" then []
|
||||
else [ container.value.environmentFile ];
|
||||
isSystemUser = true;
|
||||
group = user;
|
||||
autoSubUidGidRange = true;
|
||||
home = "/run/docker-rootless/${user}";
|
||||
createHome = true;
|
||||
};
|
||||
})
|
||||
(attrsToList docker));
|
||||
systemd.services = listToAttrs (concatLists (map
|
||||
(container:
|
||||
[
|
||||
users);
|
||||
groups = listToAttrs (map (user: { name = user; value = {}; }) users);
|
||||
};
|
||||
home-manager.users = listToAttrs (map
|
||||
(user:
|
||||
{
|
||||
name = user;
|
||||
value.config.systemd.user.services = listToAttrs (map
|
||||
(container:
|
||||
{
|
||||
name = "docker-${container.value.user}-daemon";
|
||||
inherit (container) name;
|
||||
value =
|
||||
{
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
inherit (inputs.systemd.user.services.docker) description path;
|
||||
serviceConfig = inputs.systemd.user.services.docker.serviceConfig //
|
||||
Unit =
|
||||
{
|
||||
User = container.value.user;
|
||||
Group = container.value.user;
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
ExecStart = inputs.systemd.user.services.docker.serviceConfig.ExecStart
|
||||
+ " -H unix:///var/run/docker-rootless/${container.value.user}.sock";
|
||||
After = [ "dbus.socket" ];
|
||||
Wants = [ "dbus.socket" ];
|
||||
};
|
||||
Install.WantedBy = [ "default.target" ];
|
||||
Service =
|
||||
{
|
||||
Type = "simple";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = inputs.pkgs.writeShellScript "docker-${container.name}.start"
|
||||
''
|
||||
docker rm -f ${container.name} || true
|
||||
echo "loading image"
|
||||
docker load -i ${container.value.image}
|
||||
echo "load finish"
|
||||
docker image ls
|
||||
${
|
||||
builtins.concatStringsSep " \\\n"
|
||||
(
|
||||
[
|
||||
"docker run --rm --name=${container.name}"
|
||||
"--add-host=host.docker.internal:host-gateway"
|
||||
]
|
||||
++ (
|
||||
if (builtins.typeOf container.value.environmentFile) == "string"
|
||||
then [ "--env-file ${container.value.environmentFile}" ]
|
||||
else if container.value.environmentFile
|
||||
then [ "--env-file ${inputs.config.sops.templates."${container.name}.env".path}" ]
|
||||
else []
|
||||
)
|
||||
++ (map
|
||||
(port: "-p ${port}")
|
||||
(map
|
||||
(port:
|
||||
if builtins.typeOf port == "int" then toString port
|
||||
else "${port.value.hostIp}:${toString port.value.hostPort}"
|
||||
+ ":${toString port.value.containerPort}/${port.value.protocol}"
|
||||
)
|
||||
container.value.ports))
|
||||
++ [ "${container.value.image.imageName}:${container.value.image.imageTag}" ]
|
||||
)
|
||||
}
|
||||
'';
|
||||
ExecStop = inputs.pkgs.writeShellScript "docker-${container.name}.stop"
|
||||
''
|
||||
docker stop ${container.name}
|
||||
docker system prune --volumes --force
|
||||
'';
|
||||
};
|
||||
unitConfig = { inherit (inputs.systemd.user.services.docker.unitConfig) StartLimitInterval; };
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "docker-${container.name}";
|
||||
value =
|
||||
{
|
||||
requires = [ "docker-${container.value.user}-daemon.service" ];
|
||||
after = [ "docker-${container.value.user}-daemon.service" ];
|
||||
environment.DOCKER_HOST = "unix:///var/run/docker-rootless/${container.value.user}.sock";
|
||||
serviceConfig = { User = container.value.user; Group = container.value.user; };
|
||||
};
|
||||
}
|
||||
])
|
||||
(attrsToList docker)));
|
||||
}
|
||||
(mkIf (docker != {})
|
||||
{
|
||||
systemd.tmpfiles.rules = [ "d /var/run/docker-rootless 0777" ];
|
||||
nixos.virtualization.docker.enable = true;
|
||||
})
|
||||
];
|
||||
})
|
||||
(builtins.filter (container: container.value.user == user) (attrsToList docker)));
|
||||
})
|
||||
users);
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,23 +1,58 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.huginn.enable = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
|
||||
config = inputs.lib.mkIf inputs.config.nixos.services.huginn.enable
|
||||
options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
nixos.services =
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) huginn;
|
||||
inherit (builtins) listToAttrs;
|
||||
in mkIf huginn.enable
|
||||
{
|
||||
docker.huginn =
|
||||
nixos.services =
|
||||
{
|
||||
image = inputs.pkgs.dockerTools.pullImage
|
||||
docker.huginn =
|
||||
{
|
||||
imageName = "huginn/huginn";
|
||||
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
|
||||
sha256 = "0ls97k8ic7w5j54jlpwh8rrvj1y4pl4106j9pyap105r6p7dziiz";
|
||||
finalImageName = "huginn/huginn";
|
||||
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
|
||||
image = inputs.pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "huginn/huginn";
|
||||
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
|
||||
sha256 = "sha256-P8bfzjW5gHCVv0kaEAi9xAe5c0aQXypJkYUfFtE8SVM=";
|
||||
finalImageName = "huginn/huginn";
|
||||
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
|
||||
};
|
||||
ports = [ 3000 ];
|
||||
environmentFile = true;
|
||||
};
|
||||
ports = [ 3000 ];
|
||||
environmentFile = true;
|
||||
# postgresql = { enable = true; instances.huginn = {}; };
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."huginn.env" =
|
||||
{
|
||||
content = let placeholder = inputs.config.sops.placeholder; in "";
|
||||
# ''
|
||||
# MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
|
||||
# HUGINN_DATABASE_NAME=huginn
|
||||
# HUGINN_DATABASE_USERNAME=huginn
|
||||
# HUGINN_DATABASE_PASSWORD=${placeholder."postgresql/huginn"}
|
||||
# DOMAIN=huginn.chn.moe
|
||||
# RAILS_ENV=production
|
||||
# FORCE_SSL=true
|
||||
# INVITATION_CODE=${placeholder."huginn/invitation_code"}
|
||||
# SMTP_DOMAIN=mail.chn.moe
|
||||
# SMTP_USER_NAME=bot@chn.moe
|
||||
# SMTP_PASSWORD="${placeholder."mail/bot"}"
|
||||
# SMTP_SERVER=mail.chn.moe
|
||||
# SMTP_SSL=true
|
||||
# EMAIL_FROM_ADDRESS=bot@chn.moe
|
||||
# TIMEZONE=Beijing
|
||||
# '';
|
||||
owner = inputs.config.users.users.huginn.name;
|
||||
};
|
||||
# secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "huginn/invitation_code" "mail/bot" ]);
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -66,5 +66,6 @@ inputs:
|
||||
# environment.variables.CPATH = "/run/current-system/sw/include";
|
||||
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
home-manager.sharedModules = [{ config.home.stateVersion = "22.11"; }];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -41,9 +41,12 @@ inputs:
|
||||
"${impermanence.root}" =
|
||||
{
|
||||
hideMounts = true;
|
||||
directories = []
|
||||
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
|
||||
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
|
||||
directories =
|
||||
[
|
||||
"/var/lib/systemd/linger"
|
||||
]
|
||||
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
|
||||
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
|
||||
};
|
||||
"${impermanence.nodatacow}" =
|
||||
{
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
inputs:
|
||||
let
|
||||
inherit (builtins) map attrNames;
|
||||
inherit (inputs.lib) mkMerge mkIf mkOption types;
|
||||
users =
|
||||
allUsers =
|
||||
{
|
||||
root =
|
||||
{
|
||||
@@ -16,11 +14,15 @@ inputs:
|
||||
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
|
||||
];
|
||||
};
|
||||
home-manager.users.root.programs.git =
|
||||
home-manager.users.root =
|
||||
{
|
||||
extraConfig.core.editor = inputs.lib.mkForce "vim";
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
imports = inputs.config.nixos.users.sharedModules;
|
||||
config.programs.git =
|
||||
{
|
||||
extraConfig.core.editor = inputs.lib.mkForce "vim";
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
};
|
||||
};
|
||||
};
|
||||
chn =
|
||||
@@ -44,78 +46,82 @@ inputs:
|
||||
])
|
||||
];
|
||||
};
|
||||
home-manager.users.chn.programs =
|
||||
home-manager.users.chn =
|
||||
{
|
||||
git =
|
||||
imports = inputs.config.nixos.users.sharedModules;
|
||||
config.programs =
|
||||
{
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
};
|
||||
ssh.matchBlocks = builtins.listToAttrs
|
||||
(
|
||||
(map
|
||||
(host:
|
||||
{
|
||||
name = host.name;
|
||||
value = { host = host.name; hostname = host.value; user = "chn"; };
|
||||
})
|
||||
(inputs.localLib.attrsToList
|
||||
{
|
||||
vps3 = "vps3.chn.moe";
|
||||
vps4 = "vps4.chn.moe";
|
||||
vps5 = "vps5.chn.moe";
|
||||
vps6 = "vps6.chn.moe";
|
||||
vps7 = "vps7.chn.moe";
|
||||
}))
|
||||
++ (map
|
||||
(host:
|
||||
{
|
||||
name = host;
|
||||
value =
|
||||
git =
|
||||
{
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
};
|
||||
ssh.matchBlocks = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(host:
|
||||
{
|
||||
host = host;
|
||||
hostname = "hpc.xmu.edu.cn";
|
||||
user = host;
|
||||
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
|
||||
};
|
||||
})
|
||||
[ "wlin" "jykang" "hwang" ])
|
||||
)
|
||||
// {
|
||||
xmupc1 =
|
||||
{
|
||||
host = "xmupc1";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
nas =
|
||||
{
|
||||
host = "nas";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 5440;
|
||||
};
|
||||
xmupc1-ext =
|
||||
{
|
||||
host = "xmupc1-ext";
|
||||
hostname = "vps3.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmuhk =
|
||||
{
|
||||
host = "xmuhk";
|
||||
hostname = "10.26.14.56";
|
||||
user = "xmuhk";
|
||||
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
||||
};
|
||||
xmuhk2 =
|
||||
{
|
||||
host = "xmuhk2";
|
||||
hostname = "183.233.219.132";
|
||||
user = "xmuhk";
|
||||
port = 62022;
|
||||
name = host.name;
|
||||
value = { host = host.name; hostname = host.value; user = "chn"; };
|
||||
})
|
||||
(inputs.localLib.attrsToList
|
||||
{
|
||||
vps3 = "vps3.chn.moe";
|
||||
vps4 = "vps4.chn.moe";
|
||||
vps5 = "vps5.chn.moe";
|
||||
vps6 = "vps6.chn.moe";
|
||||
vps7 = "vps7.chn.moe";
|
||||
}))
|
||||
++ (builtins.map
|
||||
(host:
|
||||
{
|
||||
name = host;
|
||||
value =
|
||||
{
|
||||
host = host;
|
||||
hostname = "hpc.xmu.edu.cn";
|
||||
user = host;
|
||||
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
|
||||
};
|
||||
})
|
||||
[ "wlin" "jykang" "hwang" ])
|
||||
)
|
||||
// {
|
||||
xmupc1 =
|
||||
{
|
||||
host = "xmupc1";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
nas =
|
||||
{
|
||||
host = "nas";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 5440;
|
||||
};
|
||||
xmupc1-ext =
|
||||
{
|
||||
host = "xmupc1-ext";
|
||||
hostname = "vps3.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmuhk =
|
||||
{
|
||||
host = "xmuhk";
|
||||
hostname = "10.26.14.56";
|
||||
user = "xmuhk";
|
||||
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
||||
};
|
||||
xmuhk2 =
|
||||
{
|
||||
host = "xmuhk2";
|
||||
hostname = "183.233.219.132";
|
||||
user = "xmuhk";
|
||||
port = 62022;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -134,7 +140,7 @@ inputs:
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.xll = {};
|
||||
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/xll".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
|
||||
};
|
||||
@@ -151,7 +157,7 @@ inputs:
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.zem = {};
|
||||
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/zem".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
|
||||
};
|
||||
@@ -168,7 +174,7 @@ inputs:
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.yjq = {};
|
||||
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/yjq".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
|
||||
};
|
||||
@@ -184,15 +190,48 @@ inputs:
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.yxy = {};
|
||||
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/yxy".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.nixos.users = mkOption { type = types.listOf (types.enum (attrNames users)); default = [ "root" "chn" ]; };
|
||||
config = mkMerge (map (user: mkIf (builtins.elem user inputs.config.nixos.users) users.${user}) (attrNames users));
|
||||
options.nixos.users = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
|
||||
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
|
||||
linger = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (builtins) map attrNames;
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.config.nixos) users;
|
||||
in mkMerge
|
||||
[
|
||||
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
|
||||
{
|
||||
system.activationScripts.linger = builtins.concatStringsSep "\n" (map
|
||||
(user: "${inputs.pkgs.systemd}/bin/loginctl enable-linger ${user}") users.linger);
|
||||
}
|
||||
# {
|
||||
# fileSystems."/var/lib/systemd/linger" =
|
||||
# {
|
||||
# device = (inputs.pkgs.stdenv.mkDerivation
|
||||
# {
|
||||
# name = "systemd-linger";
|
||||
# phases = [ "installPhase" ];
|
||||
# installPhase = builtins.concatStringsSep "\n"
|
||||
# (
|
||||
# [ "mkdir -p $out" ]
|
||||
# ++ (map (user: "touch $out/${user}") users.linger)
|
||||
# );
|
||||
# }).outPath;
|
||||
# options = [ "bind" "private" "x-gvfs-hide" ];
|
||||
# };
|
||||
# }
|
||||
];
|
||||
}
|
||||
|
||||
# environment.persistence."/impermanence".users.chn =
|
||||
@@ -236,4 +275,4 @@ inputs:
|
||||
# ".viminfo"
|
||||
# ".zsh_history"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
Reference in New Issue
Block a user