packages: phonopy: update

system: networking: nebula: always restart
meilisearch: allow to use 16G memory
2026-01-12 04:19:22 +08:00 · 2023-09-20 21:36:57 +08:00 · 2023-09-20 16:51:46 +08:00 · 2023-09-20 09:18:45 +08:00 · 2023-09-19 21:36:30 +08:00 · 2023-09-19 19:47:42 +08:00
21 changed files with 375 additions and 530 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -730,16 +730,17 @@
        ]
      },
      "locked": {
-        "lastModified": 1694222210,
-        "narHash": "sha256-PzfwrGQMEpJk4lMK2a47bFbJpJFlAG/ihvZsL9U1Lik=",
+        "lastModified": 1693358717,
+        "narHash": "sha256-OYGe2Yay1QoodZZmvPYBFGAoTrRfyKLzFs2vON4gRek=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "5a63908466573a4a1c0466e38f33c42c73ec5136",
+        "rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
+        "rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
        "type": "github"
      }
    },
@@ -941,11 +942,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1694882942,
-        "narHash": "sha256-J99E0D5LQn8gMWm9r3lGAvPDF7vHyzMxvyHfo3HmXhs=",
+        "lastModified": 1695216922,
+        "narHash": "sha256-1KCzdiGdH/F7jiVvNIKvH3CBajl4wqUkvE1A5s2X100=",
        "owner": "CHN-beta",
        "repo": "nixpkgs",
-        "rev": "8eebdf8cffabee8bfb9b054759a5569dbd6de551",
+        "rev": "3d95a0a071d50aae39155117e39c19eea62c681c",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -17,7 +17,11 @@
    nur.url = "github:nix-community/NUR";
    nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
    nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
+    nix-vscode-extensions =
+    {
+      url = "github:nix-community/nix-vscode-extensions?rev=50c4bce16b93e7ca8565d51fafabc05e9f0515da";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
    impermanence.url = "github:nix-community/impermanence";
    qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -208,10 +212,9 @@
                };
                nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
                smartd.enable = true;
-                nginx = { enable = true; transparentProxy.enable = false; };
+                nginx = { enable = true; transparentProxy.externalIp = [ "192.168.82.3" ]; };
                misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
                misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
-                huginn.enable = true;
              };
              bugs =
              [
@@ -270,7 +273,7 @@
                  enable = true;
                  transparentProxy =
                  {
-                    externalIp = "74.211.99.69";
+                    externalIp = [ "74.211.99.69" "192.168.82.1" ];
                    map =
                    {
                      "ng01.mirism.one" = 7411;
@@ -282,7 +285,7 @@
                    enable = true;
                    map =
                    {
-                      "nix-store.chn.moe" = { upstream = "internal.pc.chn.moe"; rewriteHttps = true; };
+                      "nix-store.chn.moe" = { upstream = "internal.pc.chn.moe:443"; rewriteHttps = true; };
                      "anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
                      "podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
                    };
@@ -345,9 +348,10 @@
              services =
              {
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
+                fontconfig.enable = true;
                sshd.enable = true;
                rsshub.enable = true;
-                nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
+                nginx = { enable = true; transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ]; };
                wallabag.enable = true;
                misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
                misskey-proxy."xn--s8w913fdga.chn.moe" = {};
@@ -356,7 +360,6 @@
                xrdp = { enable = true; hostname = "vps7.chn.moe"; };
                vaultwarden.enable = true;
                vaultwarden-proxy.enable = true;
-                # huginn.enable = true;
              };
            };})
          ];
@@ -434,7 +437,7 @@
                groupshare.enable = true;
                smartd.enable = true;
              };
-              users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
+              users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
            };})
          ];
          "xmupc1" =
--- a/local/pkgs/default.nix
+++ b/local/pkgs/default.nix
@@ -26,4 +26,5 @@
  huginn = callPackage ./huginn {};
  v_sim = callPackage ./v_sim {};
  concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
+  eigengdb = python3Packages.callPackage ./eigengdb {};
 }
--- a/local/pkgs/eigengdb/default.nix
+++ b/local/pkgs/eigengdb/default.nix
@@ -0,0 +1,15 @@
+{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
+{
+  name = "eigengdb";
+  src = fetchFromGitHub
+  {
+    owner = "dmillard";
+    repo = "eigengdb";
+    rev = "c741edef3f07f33429056eff48d79a62733ed494";
+    sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
+  };
+  doCheck = false;
+  buildInputs = [ gdb ];
+  nativeBuildInputs = [ gdb ];
+  propagatedBuildInputs = [ numpy ];
+}
--- a/modules/packages/default.nix
+++ b/modules/packages/default.nix
@@ -29,101 +29,52 @@ inputs:
  [
    # >= server
    {
-      nixos.packages = with inputs.pkgs;
+      nixos =
      {
-        _packages = 
-        [
-          # shell
-          ksh
-          # basic tools
-          beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
-          # lsxx
-          pciutils usbutils lshw util-linux lsof
-          # top
-          iotop iftop htop btop powertop s-tui
-          # editor
-          nano bat
-          # downloader
-          wget aria2 curl
-          # file manager
-          tree exa trash-cli lsd broot file xdg-ninja mlocate
-          # compress
-          pigz rar upx unzip zip lzip p7zip
-          # file system management
-          sshfs e2fsprogs adb-sync duperemove compsize
-          # disk management
-          smartmontools hdparm
-          # encryption and authentication
-          apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
-          # networking
-          ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
-          # nix tools
-          nix-output-monitor nix-tree
-          # office
-          todo-txt-cli
-        ] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
-        _pythonPackages = [(pythonPackages: with pythonPackages;
-        [
-          inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
-          certifi charset-normalizer idna orjson psycopg2
-        ])];
-      };
-      programs =
-      {
-        nix-index-database.comma.enable = true;
-        nix-index.enable = true;
-        zsh =
+        packages = with inputs.pkgs;
        {
-          enable = true;
-          syntaxHighlighting.enable = true;
-          autosuggestions.enable = true;
-          enableCompletion = true;
-          ohMyZsh =
-          {
-            enable = true;
-            plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
-            customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
-          };
+          _packages = 
+          [
+            # shell
+            ksh
+            # basic tools
+            beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
+            # lsxx
+            pciutils usbutils lshw util-linux lsof
+            # top
+            iotop iftop htop btop powertop s-tui
+            # editor
+            nano bat
+            # downloader
+            wget aria2 curl
+            # file manager
+            tree exa trash-cli lsd broot file xdg-ninja mlocate
+            # compress
+            pigz rar upx unzip zip lzip p7zip
+            # file system management
+            sshfs e2fsprogs adb-sync duperemove compsize
+            # disk management
+            smartmontools hdparm
+            # encryption and authentication
+            apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
+            # networking
+            ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
+            # nix tools
+            nix-output-monitor nix-tree
+            # office
+            todo-txt-cli
+            # development
+            gdb
+          ] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
+          _pythonPackages = [(pythonPackages: with pythonPackages;
+          [
+            inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
+            certifi charset-normalizer idna orjson psycopg2 localPackages.eigengdb
+          ])];
        };
-        ccache.enable = true;
-        command-not-found.enable = false;
-        adb.enable = true;
-        gnupg.agent = { enable = true; enableSSHSupport = true; };
-        autojump.enable = true;
-        git =
-        {
-          enable = true;
-          package = inputs.pkgs.gitFull;
-          lfs.enable = true;
-          config =
-          {
-            init.defaultBranch = "main";
-            core = { quotepath = false; editor = "vim"; };
-          };
-        };
-      };
-      services =
-      {
-        fwupd.enable = true;
-        udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
-      };
-      nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
-      nixpkgs.config =
-      {
-        permittedInsecurePackages = with inputs.pkgs;
-        [
-          openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
-        ];
-        allowUnfree = true;
-      };
-      home-manager =
-      {
-        useGlobalPkgs = true;
-        useUserPackages = true;
-        sharedModules =
+        users.sharedModules =
        [{
-          home.stateVersion = "22.11";
-          programs =
+          config.programs =
          {
            zsh =
            {
@@ -131,7 +82,7 @@ inputs:
              initExtraBeforeCompInit =
              ''
                # p10k instant prompt
-                typeset -g POWERLEVEL9K_INSTANT_PROMPT=off
+                typeset -g POWERLEVEL9K_INSTANT_PROMPT=on
                P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
                [[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
                HYPHEN_INSENSITIVE="true"
@@ -238,80 +189,183 @@ inputs:
          };
        }];
      };
+      programs =
+      {
+        nix-index-database.comma.enable = true;
+        nix-index.enable = true;
+        zsh =
+        {
+          enable = true;
+          syntaxHighlighting.enable = true;
+          autosuggestions.enable = true;
+          enableCompletion = true;
+          ohMyZsh =
+          {
+            enable = true;
+            plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
+            customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
+          };
+        };
+        ccache.enable = true;
+        command-not-found.enable = false;
+        adb.enable = true;
+        gnupg.agent = { enable = true; enableSSHSupport = true; };
+        autojump.enable = true;
+        git =
+        {
+          enable = true;
+          package = inputs.pkgs.gitFull;
+          lfs.enable = true;
+          config =
+          {
+            init.defaultBranch = "main";
+            core = { quotepath = false; editor = "vim"; };
+          };
+        };
+      };
+      services =
+      {
+        fwupd.enable = true;
+        udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
+      };
+      nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
+      nixpkgs.config =
+      {
+        permittedInsecurePackages = with inputs.pkgs;
+        [
+          openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
+        ];
+        allowUnfree = true;
+      };
+      home-manager =
+      {
+        useGlobalPkgs = true;
+        useUserPackages = true;
+      };
    }
    # >= desktop
    (
      mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
      {
-        nixos.packages = with inputs.pkgs;
+        nixos =
        {
-          _packages =
-          [
-            # system management
-            gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
-            wayland-utils clinfo glxinfo vulkan-tools dracut etcher
-            # nix tools
-            ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
-            # instant messager
-            element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
-            cinny-desktop # nur-xddxdd.wine-wechat thunder
-            # browser
-            google-chrome
-            # networking
-            remmina putty mtr-gui
-            # password and key management
-            bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
-            # download
-            qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
-            # office
-            unstablePackages.crow-translate zotero pandoc
-            # development
-            scrcpy
-            # media
-            spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
-            # text editor
-            localPackages.typora
-            # themes
-            orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
-            arc-kde-theme materia-theme
-            # news
-            fluent-reader rssguard
-            # davinci-resolve playonlinux
-            weston cage openbox krita
-            genymotion
-            (
-              vscode-with-extensions.override
+          packages = with inputs.pkgs;
+          {
+            _packages =
+            [
+              # system management
+              gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
+              wayland-utils clinfo glxinfo vulkan-tools dracut etcher
+              # nix tools
+              ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
+              # instant messager
+              element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
+              cinny-desktop # nur-xddxdd.wine-wechat thunder
+              # browser
+              google-chrome
+              # networking
+              remmina putty mtr-gui
+              # password and key management
+              bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
+              # download
+              qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
+              # office
+              unstablePackages.crow-translate zotero pandoc
+              # development
+              scrcpy
+              # media
+              spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
+              # text editor
+              localPackages.typora
+              # themes
+              orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
+              arc-kde-theme materia-theme
+              # news
+              fluent-reader rssguard
+              # davinci-resolve playonlinux
+              weston cage openbox krita
+              genymotion hdfview
+              (
+                vscode-with-extensions.override
+                {
+                  vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
+                    (with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
+                    ++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
+                    ++ (with intellsmi; [ comment-translate deepl-translate ])
+                    ++ (with ms-python; [ isort python vscode-pylance ])
+                    ++ (with ms-toolsai;
+                    [
+                      jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
+                    ])
+                    ++ (with ms-vscode;
+                    [
+                      cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
+                      test-adapter-converter
+                    ])
+                    ++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
+                    ++ [
+                      donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
+                      llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
+                      oderwat.indent-rainbow
+                      twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
+                      james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
+                      yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
+                      redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug
+                      hbenl.vscode-test-explorer
+                      jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
+                      hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
+                      feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
+                      njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode webfreak.debug
+                    ];
+                }
+              )
+            ] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
+          };
+          users.sharedModules =
+          [{
+            config =
+            {
+              programs =
              {
-                vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
-                  (with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
-                  ++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
-                  ++ (with intellsmi; [ comment-translate deepl-translate ])
-                  ++ (with ms-python; [ isort python vscode-pylance ])
-                  ++ (with ms-toolsai;
+                chromium =
+                {
+                  enable = true;
+                  extensions =
                  [
-                    jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
-                  ])
-                  ++ (with ms-vscode;
-                  [
-                    cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
-                    test-adapter-converter
-                  ])
-                  ++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
-                  ++ [
-                    donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
-                    llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
-                    twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
-                    james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
-                    yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
-                    redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
-                    jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
-                    hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
-                    feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
-                    njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
+                    { id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
+                    { id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
+                    { id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
+                    { id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
+                    { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
+                    { id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
+                    { id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
+                    { id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
+                    { id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
+                    { id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
+                    { id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
+                    { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
+                    { id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
+                    { id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
+                    { id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
+                    { id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
+                    { id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
+                    { id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
                  ];
-              }
-            )
-          ] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
+                };
+                obs-studio =
+                {
+                  enable = true;
+                  plugins = with inputs.pkgs.obs-studio-plugins;
+                    [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
+                };
+              };
+              home.file.".config/baloofilerc".text =
+              ''
+                [Basic Settings]
+                Indexing-Enabled=false
+              '';
+            };
+          }];
        };
        programs =
        {
@@ -334,48 +388,6 @@ inputs:
          });
        };
        services.pcscd.enable = true;
-        home-manager.sharedModules =
-        [{
-          programs =
-          {
-            chromium =
-            {
-              enable = true;
-              extensions =
-              [
-                { id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
-                { id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
-                { id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
-                { id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
-                { id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
-                { id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
-                { id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
-                { id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
-                { id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
-                { id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
-                { id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
-                { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
-                { id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
-                { id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
-                { id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
-                { id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
-                { id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
-                { id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
-              ];
-            };
-            obs-studio =
-            {
-              enable = true;
-              plugins = with inputs.pkgs.obs-studio-plugins;
-                [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
-            };
-          };
-          home.file.".config/baloofilerc".text =
-          ''
-            [Basic Settings]
-            Indexing-Enabled=false
-          '';
-        }];
      }
    )
    # >= workstation
@@ -398,7 +410,7 @@ inputs:
            # media
            nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
            # virtualization
-            wine virt-viewer bottles # wine64
+            wineWowPackages.stagingFull virt-viewer bottles # wine64
            # text editor
            appflowy notion-app-enhanced joplin-desktop standardnotes
            # math, physics and chemistry
@@ -578,4 +590,4 @@ inputs:
 # x11-misc/optimus-manager
 # x11-misc/unclutter-xfixes

-#   ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
+#   ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -19,8 +19,6 @@ inputs:
    ./sshd.nix
    ./vaultwarden.nix
    ./frp.nix
-    ./docker.nix
-    ./huginn.nix
  ];
  options.nixos.services = let inherit (inputs.lib) mkOption types; in
  {
--- a/modules/services/docker.nix
+++ b/modules/services/docker.nix
@@ -1,133 +0,0 @@
-inputs:
-{
-  options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.attrsOf (types.submodule (inputs: { options =
-    {
-      user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
-      image = mkOption { type = types.package; };
-      imageName =
-        mkOption { type = types.nonEmptyStr; default = with inputs.config.image; (imageName + ":" + imageTag); };
-      ports = mkOption
-      {
-        type = types.listOf (types.oneOf
-        [
-          types.ints.unsigned
-          types.submodule (inputs: { options =
-          {
-            hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
-            hostPort = mkOption { type = types.ints.unsigned; };
-            containerPort = mkOption { type = types.ints.unsigned; };
-            protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
-          };})
-        ]);
-        default = [];
-      };
-      environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
-    };}));
-    default = {};
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) listToAttrs map concatLists;
-      inherit (inputs.localLib) attrsToList;
-      inherit (inputs.config.nixos.services) docker;
-    in mkIf (docker != {})
-    {
-      virtualisation.oci-containers.containers = listToAttrs (map
-        (container:
-        {
-          name = "${container.name}";
-          value =
-          {
-            image = container.value.imageName;
-            imageFile = container.value.image;
-            ports = map
-              (port:
-              (
-                if builtins.typeOf port == "int" then toString port
-                else ("${port.value.hostIp}:${toString port.value.hostPort}"
-                  + ":${toString port.value.containerPort}/${port.value.protocol}")
-              ))
-              container.value.ports;
-            extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
-            environmentFiles =
-              if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
-                then [ inputs.config.sops.templates."${container.name}.env".path ]
-              else if builtins.typeOf container.value.environmentFile == "bool" then []
-              else [ container.value.environmentFile ];
-          };
-        })
-        (attrsToList docker));
-      systemd =
-      {
-        services = listToAttrs (concatLists (map
-          (container: let user = container.value.user; in
-          [
-            {
-              name = "docker-${user}-daemon";
-              value = let originalService = inputs.config.systemd.user.services.docker; in
-              {
-                wantedBy = [ "multi-user.target" ];
-                inherit (originalService) description path;
-                environment.XDG_RUNTIME_DIR = "/run/docker-rootless/${user}";
-                serviceConfig = originalService.serviceConfig //
-                {
-                  User = user;
-                  Group = user;
-                  # AmbientCapabilities = "CAP_NET_BIND_SERVICE";
-                  ExecStart = originalService.serviceConfig.ExecStart
-                    + " -H unix:///var/run/docker-rootless/${user}/docker.sock";
-                };
-                unitConfig = { inherit (originalService.unitConfig) StartLimitInterval; };
-              };
-            }
-            {
-              name = "docker-${container.name}";
-              value =
-              {
-                requires = [ "docker-${user}-daemon.service" ];
-                after = [ "docker-${user}-daemon.service" ];
-                environment =
-                {
-                  XDG_RUNTIME_DIR = "/run/docker-rootless/${user}";
-                  DOCKER_HOST = "unix:///run/docker-rootless/${user}/docker.sock";
-                };
-                serviceConfig =
-                {
-                  User = user;
-                  Group = user;
-                  CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-                  AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-                };
-              };
-            }
-          ])
-          (attrsToList docker)));
-        tmpfiles.rules = map
-          (container: with container.value; "d /run/docker-rootless/${user} 0755 ${user} ${user}")
-          (attrsToList docker);
-      };
-      nixos.virtualization.docker.enable = true;
-      users =
-      {
-        users = listToAttrs (map
-          (container:
-          {
-            name = container.value.user;
-            value =
-            {
-              isSystemUser = true;
-              group = container.value.user;
-              autoSubUidGidRange = true;
-              home = "/run/docker-rootless/${container.value.user}";
-            };
-          })
-          (attrsToList docker));
-        groups = listToAttrs (map
-          (container: { name = container.value.user; value = {}; })
-          (attrsToList docker));
-      };
-    };
-}
--- a/modules/services/huginn.nix
+++ b/modules/services/huginn.nix
@@ -1,58 +0,0 @@
-inputs:
-{
-  options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.services) huginn;
-      inherit (builtins) listToAttrs;
-    in mkIf huginn.enable
-    {
-      nixos.services =
-      {
-        docker.huginn =
-        {
-          image = inputs.pkgs.dockerTools.pullImage
-          {
-            imageName = "huginn/huginn";
-            imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
-            sha256 = "sha256-P8bfzjW5gHCVv0kaEAi9xAe5c0aQXypJkYUfFtE8SVM=";
-            finalImageName = "huginn/huginn";
-            finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
-          };
-          ports = [ 3000 ];
-          environmentFile = true;
-        };
-        postgresql = { enable = true; instances.huginn = {}; };
-      };
-      sops =
-      {
-        templates."huginn.env" =
-        {
-          content = let placeholder = inputs.config.sops.placeholder; in
-          ''
-            MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
-            HUGINN_DATABASE_NAME=huginn
-            HUGINN_DATABASE_USERNAME=huginn
-            HUGINN_DATABASE_PASSWORD=${placeholder."postgresql/huginn"}
-            DOMAIN=huginn.chn.moe
-            RAILS_ENV=production
-            FORCE_SSL=true
-            INVITATION_CODE=${placeholder."huginn/invitation_code"}
-            SMTP_DOMAIN=mail.chn.moe
-            SMTP_USER_NAME=bot@chn.moe
-            SMTP_PASSWORD="${placeholder."mail/bot"}"
-            SMTP_SERVER=mail.chn.moe
-            SMTP_SSL=true
-            EMAIL_FROM_ADDRESS=bot@chn.moe
-            TIMEZONE=Beijing
-          '';
-          owner = inputs.config.users.users.huginn.name;
-        };
-        secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "huginn/invitation_code" "mail/bot" ]);
-      };
-    };
-}
--- a/modules/services/meilisearch.nix
+++ b/modules/services/meilisearch.nix
@@ -89,7 +89,7 @@ inputs:
                env = "production"
                dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
                log_level = "INFO"
-                max_indexing_memory = "8Gb"
+                max_indexing_memory = "16Gb"
                max_indexing_threads = 1
              '';
              owner = inputs.config.users.users.misskey.name;
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -6,7 +6,7 @@ inputs:
    transparentProxy =
    {
      enable = mkOption { type = types.bool; default = true; };
-      externalIp = mkOption { type = types.nonEmptyStr; };
+      externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
      map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
    };
    httpProxy = mkOption
@@ -230,7 +230,7 @@ inputs:
          }
          server
          {
-            listen ${nginx.transparentProxy.externalIp}:443;
+            ${concatStringsSep "\n            " (map (ip: "listen ${ip}:443;") nginx.transparentProxy.externalIp)}
            ssl_preread on;
            proxy_bind $remote_addr transparent;
            proxy_pass $transparent_proxy_backend;
--- a/modules/services/ssh-ca.pub
+++ b/modules/services/ssh-ca.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature
--- a/modules/services/sshd.nix
+++ b/modules/services/sshd.nix
@@ -17,19 +17,11 @@ inputs:
        settings =
        {
          X11Forwarding = true;
-          TrustedUserCAKeys = "${./ssh-ca.pub}";
          ChallengeResponseAuthentication = false;
          PasswordAuthentication = sshd.passwordAuthentication;
          KbdInteractiveAuthentication = false;
          UsePAM = true;
        };
-        extraConfig =
-        ''
-          Match User root
-            PasswordAuthentication no
-          Match User chn
-            PasswordAuthentication no
-        '';
      };
    };
 }
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -66,5 +66,6 @@ inputs:
    # environment.variables.CPATH = "/run/current-system/sw/include";
    # environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
    virtualisation.oci-containers.backend = "docker";
+    home-manager.sharedModules = [{ home.stateVersion = "22.11"; }];
  };
 }
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@@ -41,7 +41,7 @@ inputs:
        "${impermanence.root}" =
        {
          hideMounts = true;
-          directories = []
+          directories = [ "/var/lib/systemd/linger" ]
            ++ (if inputs.config.services.xserver.displayManager.sddm.enable then
              [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
        };
--- a/modules/system/networking/nebula/default.nix
+++ b/modules/system/networking/nebula/default.nix
@@ -49,5 +49,6 @@ inputs:
        secrets."nebula/key" = {};
      };
      networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
+      systemd.services."nebula@nebula".serviceConfig.Restart = "always";
    };
 }
--- a/modules/system/nixpkgs.nix
+++ b/modules/system/nixpkgs.nix
@@ -33,6 +33,7 @@ inputs:
      (
        mkConditional (nixpkgs.march != null)
        {
+          programs.ccache.enable = true;
          nixpkgs =
          {
            hostPlatform = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@@ -25,13 +25,6 @@ inputs:
              "es256"
              "+presence"
            ])
-            (builtins.concatStringsSep ","
-            [
-              "WgLCnlQcGP4uVHI8OZrJWoLK6ezHtl404NVGsfH2LXsq0TNVZ7l2OidGpbYqIJwTn5yKu6t0MI7KdHYD18T/HA=="
-              "GVPuwp38yb+A1Uur22hywW7mQJPOxuLXXKLlM9FU2bvVhpwdjWDvg+BB5YFAL9NjTW22V7Hy/a9UuSmZejs7dw=="
-              "es256"
-              "+presence"
-            ])
          ])
        ]);
      };
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -1,26 +1,33 @@
 inputs:
  let
-    inherit (builtins) map attrNames;
-    inherit (inputs.lib) mkMerge mkIf mkOption types;
-    users =
+    allUsers =
    {
      root =
      {
        users.users.root =
        {
          shell = inputs.pkgs.zsh;
+          autoSubUidGidRange = true;
          hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
          openssh.authorizedKeys.keys =
          [
-            ("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
-              + "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
+            (builtins.concatStringsSep ""
+            [
+              "sk-ssh-ed25519@openssh.com "
+              "AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
+              "chn@pc"
+            ])
          ];
        };
-        home-manager.users.root.programs.git =
+        home-manager.users.root =
        {
-          extraConfig.core.editor = inputs.lib.mkForce "vim";
-          userName = "chn";
-          userEmail = "chn@chn.moe";
+          imports = inputs.config.nixos.users.sharedModules;
+          config.programs.git =
+          {
+            extraConfig.core.editor = inputs.lib.mkForce "vim";
+            userName = "chn";
+            userEmail = "chn@chn.moe";
+          };
        };
      };
      chn =
@@ -36,86 +43,94 @@ inputs:
          hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
          openssh.authorizedKeys.keys =
          [
+            # ykman fido credentials list
+            # ykman fido credentials delete f2c1ca2d
+            # ssh-keygen -t ed25519-sk -O resident
+            # ssh-keygen -K
            (builtins.concatStringsSep ""
            [
              "sk-ssh-ed25519@openssh.com "
-              "AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh+Vso8FsUNFwPXFAAAABHNzaDo= "
-              "chn@chn.moe"
+              "AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
+              "chn@pc"
            ])
          ];
        };
-        home-manager.users.chn.programs =
+        home-manager.users.chn =
        {
-          git =
+          imports = inputs.config.nixos.users.sharedModules;
+          config.programs =
          {
-            userName = "chn";
-            userEmail = "chn@chn.moe";
-          };
-          ssh.matchBlocks = builtins.listToAttrs
-          (
-            (map
-              (host:
-              {
-                name = host.name;
-                value = { host = host.name; hostname = host.value; user = "chn"; };
-              })
-              (inputs.localLib.attrsToList
-              {
-                vps3 = "vps3.chn.moe";
-                vps4 = "vps4.chn.moe";
-                vps5 = "vps5.chn.moe";
-                vps6 = "vps6.chn.moe";
-                vps7 = "vps7.chn.moe";
-              }))
-            ++ (map
-              (host:
-              {
-                name = host;
-                value =
+            git =
+            {
+              userName = "chn";
+              userEmail = "chn@chn.moe";
+            };
+            ssh.matchBlocks = builtins.listToAttrs
+            (
+              (builtins.map
+                (host:
                {
-                  host = host;
-                  hostname = "hpc.xmu.edu.cn";
-                  user = host;
-                  extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
-                };
-              })
-              [ "wlin" "jykang" "hwang" ])
-          )
-          // {
-            xmupc1 =
-            {
-              host = "xmupc1";
-              hostname = "office.chn.moe";
-              user = "chn";
-              port = 6007;
-            };
-            nas =
-            {
-              host = "nas";
-              hostname = "office.chn.moe";
-              user = "chn";
-              port = 5440;
-            };
-            xmupc1-ext =
-            {
-              host = "xmupc1-ext";
-              hostname = "vps3.chn.moe";
-              user = "chn";
-              port = 6007;
-            };
-            xmuhk =
-            {
-              host = "xmuhk";
-              hostname = "10.26.14.56";
-              user = "xmuhk";
-              # identityFile = "~/.ssh/xmuhk_id_rsa";
-            };
-            xmuhk2 =
-            {
-              host = "xmuhk2";
-              hostname = "183.233.219.132";
-              user = "xmuhk";
-              port = 62022;
+                  name = host.name;
+                  value = { host = host.name; hostname = host.value; user = "chn"; };
+                })
+                (inputs.localLib.attrsToList
+                {
+                  vps3 = "vps3.chn.moe";
+                  vps4 = "vps4.chn.moe";
+                  vps5 = "vps5.chn.moe";
+                  vps6 = "vps6.chn.moe";
+                  vps7 = "vps7.chn.moe";
+                }))
+              ++ (builtins.map
+                (host:
+                {
+                  name = host;
+                  value =
+                  {
+                    host = host;
+                    hostname = "hpc.xmu.edu.cn";
+                    user = host;
+                    extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
+                  };
+                })
+                [ "wlin" "jykang" "hwang" ])
+            )
+            // {
+              xmupc1 =
+              {
+                host = "xmupc1";
+                hostname = "office.chn.moe";
+                user = "chn";
+                port = 6007;
+              };
+              nas =
+              {
+                host = "nas";
+                hostname = "office.chn.moe";
+                user = "chn";
+                port = 5440;
+              };
+              xmupc1-ext =
+              {
+                host = "xmupc1-ext";
+                hostname = "vps3.chn.moe";
+                user = "chn";
+                port = 6007;
+              };
+              xmuhk =
+              {
+                host = "xmuhk";
+                hostname = "10.26.14.56";
+                user = "xmuhk";
+                # identityFile = "~/.ssh/xmuhk_id_rsa";
+              };
+              xmuhk2 =
+              {
+                host = "xmuhk2";
+                hostname = "183.233.219.132";
+                user = "xmuhk";
+                port = 62022;
+              };
            };
          };
        };
@@ -134,7 +149,7 @@ inputs:
          shell = inputs.pkgs.zsh;
          autoSubUidGidRange = true;
        };
-        home-manager.users.xll = {};
+        home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
        sops.secrets."users/xll".neededForUsers = true;
        nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
      };
@@ -151,7 +166,7 @@ inputs:
          shell = inputs.pkgs.zsh;
          autoSubUidGidRange = true;
        };
-        home-manager.users.zem = {};
+        home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
        sops.secrets."users/zem".neededForUsers = true;
        nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
      };
@@ -168,7 +183,7 @@ inputs:
          shell = inputs.pkgs.zsh;
          autoSubUidGidRange = true;
        };
-        home-manager.users.yjq = {};
+        home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
        sops.secrets."users/yjq".neededForUsers = true;
        nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
      };
@@ -184,15 +199,27 @@ inputs:
          shell = inputs.pkgs.zsh;
          autoSubUidGidRange = true;
        };
-        home-manager.users.yxy = {};
+        home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
        sops.secrets."users/yxy".neededForUsers = true;
        nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
      };
    };
  in
  {
-    options.nixos.users = mkOption { type = types.listOf (types.enum (attrNames users)); default = [ "root" "chn" ]; };
-    config = mkMerge (map (user: mkIf (builtins.elem user inputs.config.nixos.users) users.${user}) (attrNames users));
+    options.nixos.users = let inherit (inputs.lib) mkOption types; in
+    {
+      users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
+      sharedModules = mkOption { type = types.listOf types.anything; default = []; };
+    };
+    config =
+      let
+        inherit (builtins) map attrNames;
+        inherit (inputs.lib) mkMerge mkIf;
+        inherit (inputs.config.nixos) users;
+      in mkMerge
+      [
+        (mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
+      ];
  }

 # environment.persistence."/impermanence".users.chn =
@@ -236,4 +263,4 @@ inputs:
 #     ".viminfo"
 #     ".zsh_history"
 #   ];
-# };
+# };
--- a/modules/virtualization/default.nix
+++ b/modules/virtualization/default.nix
@@ -31,7 +31,6 @@ inputs:
            {
              features.buildkit = true;
              dns = [ "1.1.1.1" ];
-              storage-driver = "fuse-overlayfs";
            };
          };
          enableNvidia = builtins.elem "nvidia" inputs.config.nixos.hardware.gpus;
--- a/secrets/pc.yaml
+++ b/secrets/pc.yaml
@@ -7,22 +7,15 @@ frp:
 store:
    signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
 nginx:
-    #ENC[AES256_GCM,data:sHSfWhEO9PHWTY0r,iv:XSyOSkzEVOjMF/9vjEVpcuKH6B2mdE5D7l9VKrSILO0=,tag:2YkAoPW5GqOjFpPF5IvApg==,type:comment]
-    #ENC[AES256_GCM,data:Oaxg1nXYHLNOAF2V8lNF+4OtJz5bXOdEleXi89AW+dQvDgj0HMAAlxLiixlfhFW48Clcu+C+4opFZUk+4Q3GBePTQWeabgEFAZi+MgnVoiXzfizQpmve,iv:/NyV6W0vaXvS5qFKPw+7Iqe9po1VKQDLbHaC9Fa8Mto=,tag:JiCKJxhpAI9k11N9WxfZew==,type:comment]
    maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
 postgresql:
    misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
-    huginn: ENC[AES256_GCM,data:Hb3Lkg==,iv:jhYobzvZUhIF4qzD7bzH0M78HtoQiTUuxqULMkk/i1w=,tag:MKqehVphO+jKb1L6E0c6NQ==,type:str]
 redis:
    misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
 meilisearch:
    misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
 nebula:
    key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
-huginn:
-    invitation_code: ENC[AES256_GCM,data:RVvK+w==,iv:lv/d3J2Ua1CcZiMugsbuHsSKHlXt6t7HmeTB+Szk91U=,tag:n3mgg6FabiLxvMIGeOgHIA==,type:str]
-mail:
-    bot: ENC[AES256_GCM,data:+0C08g==,iv:V5BvmArE5+CkhK+yECLQwV4Nxpd/SiUVLj9iTF+kV0s=,tag:58dXyIZx43FOi51jSpWNkA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -47,8 +40,8 @@ sops:
            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-16T11:06:32Z"
-    mac: ENC[AES256_GCM,data:hZCeW25Tp5+f0pdnysxGIYMBDHC+/nFJTBFvWDrL3s86cyjsrQRcEI8levSHAayEL7eFSD7t1syNSmwD13H74xiWwqroQfRKUfURze1mg8GLkT/sBoL8aw2cZdboE5OE8jfQxGYgovZUuBEtfgVCi6QDR+Q21uXtsDhp3MnwOI0=,iv:shA2SmoVv9LqP5fRvCUNq3Ts8gvuAcOyIARwsXhUPKw=,tag:BEOMEzyeuCAZrCRTxxz8Kg==,type:str]
+    lastmodified: "2023-09-18T12:02:13Z"
+    mac: ENC[AES256_GCM,data:cO1AngVyJaj+M91wUCG4mGLRjYDF57CdV1UyYeWBXozNl1VxgTWlUFfQJFC5gIGKohAXhGT0SERLGPRVIkacd0hvuHdeHHyp7kzrwQGZTkfxu6oknlvXEXNUdrIiwoers5aJQbbdlEHI6jKL794VRtkykp3bJs0tSeI+v4EA6kI=,iv:YE+oJN+ZJ+1zmze0+GOYG/G8UI7VrVGO1Iwut6mrBfg=,tag:gF8EQSIbVoAzbb4kmWB/uA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/secrets/vps7.yaml
+++ b/secrets/vps7.yaml
@@ -1,6 +1,9 @@
 acme:
    cloudflare.ini: ENC[AES256_GCM,data:PJ3JhdSPCyxzdcRI4UFdESWgyAjIYGyuVaU9l0R3s8mJidtgavvSSMy0hC0G/2fauLB/Eqc3L3NppXFjlKVywVE=,iv:lZVlOf7P/Vs/+u/5YPKFXmdeYV9NP9kcVWd00w1OjB4=,tag:LfWZTvPQH4QPrNrYfZ/Z6Q==,type:str]
 nginx:
+    #ENC[AES256_GCM,data:BwkND2sU5FkdN72C,iv:DNIdyY35BfBYtlJijfI17s7aP8zj5Y/kUAieAYSTr3w=,tag:016xmeOvZC3Grc8JLGcVaQ==,type:comment]
+    #ENC[AES256_GCM,data:NX8myRAMhMS7qx0T+471E9Wz//AKXt7FoY7P8cUOvJ/Xz+AKkB2VfP45gyPvds6zwwKuYtRLqvPD84afjE/mf2wAij3VEkprJKd5VMl+RQ==,iv:LYdigyW2VUlqo/3IvC7CRaiFsnxMyQIryHf2yFMJ+Yw=,tag:ttNAzJRCz/owZSe/V3eOPw==,type:comment]
+    #ENC[AES256_GCM,data:Ss47U7TQO6OS21/eLVnLGO/Gpz7V7I1mlQS2SC/6DQk3bySZK0Omyd3Nyctz7FX+ix1RbeRd7//JKNc8Dtj19jpicBFQpZMV,iv:j9QD7TmRvfzFLkLLlRcwrAHcklfGJ0R6Z3cpbli97vk=,tag:lhEkAmm/AV0gTLItdVcZ4A==,type:comment]
    maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
 redis:
    rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
@@ -11,7 +14,6 @@ postgresql:
    misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
    synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
    vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
-    huginn: ENC[AES256_GCM,data:s9Y9VGq4UYZael28LEwA0fF97HVZd7neM45zXxZUsRj75WCjif0jcl8nc2cLHhys7yfsZNxNgsDuOmLWX1l8mA==,iv:Hnx8Py6NELPkj0mVn4OQaU8+CIq3FMC/UZElY4WsB08=,tag:+5+Nyqvr2udUprIBm9dsaw==,type:str]
 meilisearch:
    misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
 rsshub:
@@ -33,8 +35,6 @@ nebula:
    key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
 vaultwarden:
    admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
-huginn:
-    invitation_code: ENC[AES256_GCM,data:8YxfbtlHhzaQpEXpFua81W/Uifd9b2Pv,iv:7BfoOxA1B0ZzRrhoKG1R1f1nT5GkNqGB/gpgl7oa2oQ=,tag:cKoWVqCuaiwEuQdYUDgbSg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -59,8 +59,8 @@ sops:
            SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
            HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-16T10:57:23Z"
-    mac: ENC[AES256_GCM,data:FXdxVeb2r36ONCfNBUcOOjjcnAx+uIlf1bIDpYdOZHKdVOEx1PMUMgBngnMgzuiMXIILOeH9tFE6gerkaaKnSao1RUE65UScLnqwzpRFlgwqI+gFS+Ng8gWUaZO3qVCr2lQCegYBtevqhAy8+Dmew4EkYEiD0MTIomZgnlPu5+I=,iv:wKqLmD4Vjr5mtA59e3O2dMYMK0LANBODVHAN2R8CEsY=,tag:dFUhQe09u0AAz15CWtiXkQ==,type:str]
+    lastmodified: "2023-09-16T06:00:05Z"
+    mac: ENC[AES256_GCM,data:1+Uqp+nb1zIkKVQzQWlEVBv3hAiBknHJSiVdEPxj4IzAAWc1okSsh8QYRkTA5WR54BL6I7xerITLvaqAIF1cNnmkZJ/bbbgXuQgwrrRfqDKzxOmtblQDxFO6A815VreLTfWjZN6/h3oEzH4DW+xRtd+js4n5L+nyLMee1O9kOi8=,iv:s6QN07djU9PAA2WRZ4xw2O0iDKqzmaEqVyRmeRoHNXE=,tag:y/KjOdf0cXl2XQbibjrVPQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
Author	SHA1	Message	Date
chn	11efee5bb3	packages: phonopy: update	2023-09-20 21:36:57 +08:00
chn	d48beec819	system: networking: nebula: always restart	2023-09-20 16:51:46 +08:00
chn	6bf6eabaa3	meilisearch: allow to use 16G memory	2023-09-20 09:18:45 +08:00
chn	273fcbb7c5	packages: enable p10k instant prompt	2023-09-19 21:36:30 +08:00
chn	22aadba0da	packages: add eigengdb	2023-09-19 19:47:42 +08:00
chn	5555396f5d	vscode: add native debugger	2023-09-19 19:05:40 +08:00
chn	d935330515	lock: downgrade nix-vscode-extensions	2023-09-19 18:51:36 +08:00
chn	a215b50761	vscode: use stable version	2023-09-19 18:44:03 +08:00
chn	52fd57469e	packages: update vscode	2023-09-19 18:36:49 +08:00
chn	b003a1be43	packages: add gdb	2023-09-19 16:52:49 +08:00
chn	c3901eeeb8	packages: add hdfview	2023-09-19 13:15:58 +08:00
chn	77c4a604e9	nixpkgs: enable ccache	2023-09-19 12:33:08 +08:00
chn	1a2d11cef8	nix-store: fix	2023-09-18 23:45:11 +08:00
chn	bfec0e24a0	nginx: externalIp allow multiple ips	2023-09-18 23:33:40 +08:00
chn	de9945635b	pc: enable nginx transparent proxy	2023-09-18 23:29:41 +08:00
chn	915fcc348d	vps7: enable fontconfig	2023-09-18 21:30:02 +08:00
chn	91475e40d3	security: disable u2f auth for backup key	2023-09-18 20:59:50 +08:00
chn	565b7dd6bc	sshd: use key without fido2 pin	2023-09-18 20:46:49 +08:00
chn	5a2b46898d	sshd: remove ca key support	2023-09-18 20:25:17 +08:00
chn	3850b9bc05	删除 docker huginn linger 太难搞了，一年之内不再搞	2023-09-18 20:02:33 +08:00
chn	fb8c3cf89d	add docker	2023-09-18 19:21:04 +08:00
chn	df5be06957	users: enable linger	2023-09-18 19:08:04 +08:00
chn	894607b933	users: root: enable autoSubUidGidRange	2023-09-18 14:03:17 +08:00
chn	aec4d38497	清理，放弃使用 rootless docker	2023-09-18 14:02:05 +08:00
chn	2312a8398c	temp	2023-09-18 06:47:49 +08:00
chn	2e4a542c06	system: set home-manager state version	2023-09-18 05:45:56 +08:00
chn	69c7177b73	users: minor fix	2023-09-18 05:40:04 +08:00
chn	981643af44	users: add linger option	2023-09-18 05:35:56 +08:00
chn	5f88cd5cf5	users: manually import sharedModules	2023-09-18 05:28:02 +08:00
chn	a519053c2a	整理 users	2023-09-18 05:16:38 +08:00
chn	34c0ee6ced	add wine-staging	2023-09-17 18:50:42 +08:00
chn	bdc7945e71	Revert "暂存" This reverts commit `beffb2bb95`.	2023-09-17 12:48:11 +08:00
				`@@ -1 +0,0 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature`