chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 15:59:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:docker
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
..
compare: chn:tested
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

6 Commits
docker ... tested

Author SHA1 Message Date
chn
6b90d5068b 暂存 2023-09-18 08:22:42 +08:00
chn
7243090020 fix 2023-09-18 07:36:30 +08:00
chn
ee2f976ae0 users: manually import sharedModules 2023-09-18 07:31:23 +08:00
chn
a85fb881a7 整理 users 2023-09-18 07:18:55 +08:00
chn
34c0ee6ced add wine-staging 2023-09-17 18:50:42 +08:00
chn
bdc7945e71 Revert "暂存" 
This reverts commit beffb2bb95.
 2023-09-17 12:48:11 +08:00
11 changed files with 391 additions and 371 deletions
Expand all files Collapse all files

4
flake.lock generated
View File

@@ -941,11 +941,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1694926133,
"lastModified": 1694855183,
"narHash": "sha256-WhYl7OMx0+QBzavtLQwghN1cZGmqfeWsZpmk9zJLkjs=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "92dee91f11ade35b4f668c9d604e6375d15978d8",
"rev": "2c861d560da5e65325d06cd9a106a59a4c70bdb8",
"type": "github"
},
"original": {

3
flake.nix
View File

@@ -356,7 +356,6 @@
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
vaultwarden.enable = true;
vaultwarden-proxy.enable = true;
# huginn.enable = true;
};
};})
];
@@ -434,7 +433,7 @@
groupshare.enable = true;
smartd.enable = true;
};
users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
};})
];
"xmupc1" =

406
modules/packages/default.nix
View File

@@ -29,101 +29,50 @@ inputs:
[
# >= server
{
nixos.packages = with inputs.pkgs;
nixos =
{
_packages =
[
# shell
ksh
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
# lsxx
pciutils usbutils lshw util-linux lsof
# top
iotop iftop htop btop powertop s-tui
# editor
nano bat
# downloader
wget aria2 curl
# file manager
tree exa trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz rar upx unzip zip lzip p7zip
# file system management
sshfs e2fsprogs adb-sync duperemove compsize
# disk management
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
# nix tools
nix-output-monitor nix-tree
# office
todo-txt-cli
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2
])];
};
programs =
{
nix-index-database.comma.enable = true;
nix-index.enable = true;
zsh =
packages = with inputs.pkgs;
{
enable = true;
syntaxHighlighting.enable = true;
autosuggestions.enable = true;
enableCompletion = true;
ohMyZsh =
{
enable = true;
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
};
_packages =
[
# shell
ksh
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
# lsxx
pciutils usbutils lshw util-linux lsof
# top
iotop iftop htop btop powertop s-tui
# editor
nano bat
# downloader
wget aria2 curl
# file manager
tree exa trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz rar upx unzip zip lzip p7zip
# file system management
sshfs e2fsprogs adb-sync duperemove compsize
# disk management
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
# nix tools
nix-output-monitor nix-tree
# office
todo-txt-cli
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2
])];
};
ccache.enable = true;
command-not-found.enable = false;
adb.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
autojump.enable = true;
git =
{
enable = true;
package = inputs.pkgs.gitFull;
lfs.enable = true;
config =
{
init.defaultBranch = "main";
core = { quotepath = false; editor = "vim"; };
};
};
};
services =
{
fwupd.enable = true;
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
};
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
nixpkgs.config =
{
permittedInsecurePackages = with inputs.pkgs;
[
openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
];
allowUnfree = true;
};
home-manager =
{
useGlobalPkgs = true;
useUserPackages = true;
sharedModules =
users.sharedModules =
[{
home.stateVersion = "22.11";
programs =
config.programs =
{
zsh =
{
@@ -238,80 +187,181 @@ inputs:
};
}];
};
programs =
{
nix-index-database.comma.enable = true;
nix-index.enable = true;
zsh =
{
enable = true;
syntaxHighlighting.enable = true;
autosuggestions.enable = true;
enableCompletion = true;
ohMyZsh =
{
enable = true;
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
customPkgs = with inputs.pkgs; [ zsh-nix-shell ];
};
};
ccache.enable = true;
command-not-found.enable = false;
adb.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
autojump.enable = true;
git =
{
enable = true;
package = inputs.pkgs.gitFull;
lfs.enable = true;
config =
{
init.defaultBranch = "main";
core = { quotepath = false; editor = "vim"; };
};
};
};
services =
{
fwupd.enable = true;
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
};
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
nixpkgs.config =
{
permittedInsecurePackages = with inputs.pkgs;
[
openssl_1_1.name electron_19.name nodejs-16_x.name python2.name electron_12.name
];
allowUnfree = true;
};
home-manager =
{
useGlobalPkgs = true;
useUserPackages = true;
};
}
# >= desktop
(
mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
{
nixos.packages = with inputs.pkgs;
nixos =
{
_packages =
[
# system management
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
# nix tools
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
# instant messager
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
cinny-desktop # nur-xddxdd.wine-wechat thunder
# browser
google-chrome
# networking
remmina putty mtr-gui
# password and key management
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
# download
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
# office
unstablePackages.crow-translate zotero pandoc
# development
scrcpy
# media
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
# text editor
localPackages.typora
# themes
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
arc-kde-theme materia-theme
# news
fluent-reader rssguard
# davinci-resolve playonlinux
weston cage openbox krita
genymotion
(
vscode-with-extensions.override
packages = with inputs.pkgs;
{
_packages =
[
# system management
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
# nix tools
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
# instant messager
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
cinny-desktop # nur-xddxdd.wine-wechat thunder
# browser
google-chrome
# networking
remmina putty mtr-gui
# password and key management
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
# download
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
# office
unstablePackages.crow-translate zotero pandoc
# development
scrcpy
# media
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
# text editor
localPackages.typora
# themes
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
arc-kde-theme materia-theme
# news
fluent-reader rssguard
# davinci-resolve playonlinux
weston cage openbox krita
genymotion
(
vscode-with-extensions.override
{
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
++ (with intellsmi; [ comment-translate deepl-translate ])
++ (with ms-python; [ isort python vscode-pylance ])
++ (with ms-toolsai;
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
])
++ (with ms-vscode;
[
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
test-adapter-converter
])
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
++ [
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
];
}
)
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
};
users.sharedModules =
[{
config =
{
programs =
{
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
++ (with intellsmi; [ comment-translate deepl-translate ])
++ (with ms-python; [ isort python vscode-pylance ])
++ (with ms-toolsai;
chromium =
{
enable = true;
extensions =
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
])
++ (with ms-vscode;
[
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
test-adapter-converter
])
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
++ [
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
];
}
)
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
};
obs-studio =
{
enable = true;
plugins = with inputs.pkgs.obs-studio-plugins;
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
};
};
home.file.".config/baloofilerc".text =
''
[Basic Settings]
Indexing-Enabled=false
'';
};
}];
};
programs =
{
@@ -334,48 +384,6 @@ inputs:
});
};
services.pcscd.enable = true;
home-manager.sharedModules =
[{
programs =
{
chromium =
{
enable = true;
extensions =
[
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
];
};
obs-studio =
{
enable = true;
plugins = with inputs.pkgs.obs-studio-plugins;
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
};
};
home.file.".config/baloofilerc".text =
''
[Basic Settings]
Indexing-Enabled=false
'';
}];
}
)
# >= workstation
@@ -398,7 +406,7 @@ inputs:
# media
nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
# virtualization
wine virt-viewer bottles # wine64
wineWowPackages.stagingFull virt-viewer bottles # wine64
# text editor
appflowy notion-app-enhanced joplin-desktop standardnotes
# math, physics and chemistry

73
modules/services/docker.nix
View File

@@ -6,8 +6,6 @@ inputs:
{
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
image = mkOption { type = types.package; };
# imageName =
# mkOption { type = types.nonEmptyStr; default = with inputs.config.image; (imageName + ":" + imageTag); };
ports = mkOption
{
type = types.listOf (types.oneOf
@@ -30,13 +28,21 @@ inputs:
config =
let
inherit (inputs.lib) mkIf;
inherit (builtins) listToAttrs map concatLists;
inherit (builtins) listToAttrs map;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) docker;
users = inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker));
# users = map
# (user: builtins.filter (container: container.user == user) (builtins.attrValues docker))
# (inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker)));
in mkIf (docker != {})
{
nixos.virtualization.docker.enable = true;
systemd.tmpfiles.rules = [ "d /run/docker-rootless 0755 root root" ];
nixos =
{
virtualization.docker.enable = true;
users.linger = users;
};
users =
{
users = listToAttrs (map
@@ -49,59 +55,32 @@ inputs:
group = user;
autoSubUidGidRange = true;
home = "/run/docker-rootless/${user}";
createHome = true;
};
})
users);
groups = listToAttrs (map (user: { name = user; value = {}; }) users);
};
systemd =
{
tmpfiles.rules = map (user: "d /run/docker-rootless/${user} 0755 ${user} ${user}") users;
services = listToAttrs
(
(map
(user:
{
name = "docker-${user}-daemon";
value = let originalService = inputs.config.systemd.user.services.docker; in
{
wantedBy = [ "multi-user.target" ];
inherit (originalService) description path;
environment.XDG_RUNTIME_DIR = "/run/docker-rootless/${user}";
serviceConfig = originalService.serviceConfig //
{
User = user;
Group = user;
# from https://www.reddit.com/r/NixOS/comments/158azri/changing_user_slices_cgroup_controllers
Delegate = "memory pids cpu cpuset";
ExecStart = originalService.serviceConfig.ExecStart
+ " -H unix:///var/run/docker-rootless/${user}/docker.sock";
};
unitConfig = { inherit (originalService.unitConfig) StartLimitInterval; };
};
})
users)
++ (map
home-manager.users = listToAttrs (map
(user:
{
name = user;
value.config.systemd.user.services = listToAttrs (map
(container:
{
name = "docker-${container.name}";
inherit (container) name;
value =
{
requires = [ "docker-${container.value.user}-daemon.service" ];
after = [ "docker-${container.value.user}-daemon.service" ];
wantedBy = [ "multi-user.target" ];
path = [ inputs.config.virtualisation.docker.rootless.package ];
environment =
Unit =
{
XDG_RUNTIME_DIR = "/run/docker-rootless/${container.value.user}";
DOCKER_HOST = "unix:///run/docker-rootless/${container.value.user}/docker.sock";
After = [ "dbus.socket" ];
Wants = [ "dbus.socket" ];
};
serviceConfig =
Install.WantedBy = [ "default.target" ];
Service =
{
Type = "simple";
RemainAfterExit = true;
User = container.value.user;
Group = container.value.user;
ExecStart = inputs.pkgs.writeShellScript "docker-${container.name}.start"
''
docker rm -f ${container.name} || true
@@ -141,13 +120,11 @@ inputs:
docker stop ${container.name}
docker system prune --volumes --force
'';
# CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
# AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
};
};
})
(attrsToList docker))
);
};
(builtins.filter (container: container.value.user == user) (attrsToList docker)));
})
users);
};
}

40
modules/services/huginn.nix
View File

@@ -26,33 +26,33 @@ inputs:
ports = [ 3000 ];
environmentFile = true;
};
postgresql = { enable = true; instances.huginn = {}; };
# postgresql = { enable = true; instances.huginn = {}; };
};
sops =
{
templates."huginn.env" =
{
content = let placeholder = inputs.config.sops.placeholder; in
''
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
HUGINN_DATABASE_NAME=huginn
HUGINN_DATABASE_USERNAME=huginn
HUGINN_DATABASE_PASSWORD=${placeholder."postgresql/huginn"}
DOMAIN=huginn.chn.moe
RAILS_ENV=production
FORCE_SSL=true
INVITATION_CODE=${placeholder."huginn/invitation_code"}
SMTP_DOMAIN=mail.chn.moe
SMTP_USER_NAME=bot@chn.moe
SMTP_PASSWORD="${placeholder."mail/bot"}"
SMTP_SERVER=mail.chn.moe
SMTP_SSL=true
EMAIL_FROM_ADDRESS=bot@chn.moe
TIMEZONE=Beijing
'';
content = let placeholder = inputs.config.sops.placeholder; in "";
# ''
# MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
# HUGINN_DATABASE_NAME=huginn
# HUGINN_DATABASE_USERNAME=huginn
# HUGINN_DATABASE_PASSWORD=${placeholder."postgresql/huginn"}
# DOMAIN=huginn.chn.moe
# RAILS_ENV=production
# FORCE_SSL=true
# INVITATION_CODE=${placeholder."huginn/invitation_code"}
# SMTP_DOMAIN=mail.chn.moe
# SMTP_USER_NAME=bot@chn.moe
# SMTP_PASSWORD="${placeholder."mail/bot"}"
# SMTP_SERVER=mail.chn.moe
# SMTP_SSL=true
# EMAIL_FROM_ADDRESS=bot@chn.moe
# TIMEZONE=Beijing
# '';
owner = inputs.config.users.users.huginn.name;
};
secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "huginn/invitation_code" "mail/bot" ]);
# secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "huginn/invitation_code" "mail/bot" ]);
};
};
}

1
modules/system/default.nix
View File

@@ -66,5 +66,6 @@ inputs:
# environment.variables.CPATH = "/run/current-system/sw/include";
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
virtualisation.oci-containers.backend = "docker";
home-manager.sharedModules = [{ config.home.stateVersion = "22.11"; }];
};
}

9
modules/system/impermanence.nix
View File

@@ -41,9 +41,12 @@ inputs:
"${impermanence.root}" =
{
hideMounts = true;
directories = []
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
directories =
[
"/var/lib/systemd/linger"
]
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
};
"${impermanence.nodatacow}" =
{

205
modules/users/default.nix
View File

@@ -1,8 +1,6 @@
inputs:
let
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf mkOption types;
users =
allUsers =
{
root =
{
@@ -16,11 +14,15 @@ inputs:
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
];
};
home-manager.users.root.programs.git =
home-manager.users.root =
{
extraConfig.core.editor = inputs.lib.mkForce "vim";
userName = "chn";
userEmail = "chn@chn.moe";
imports = inputs.config.nixos.users.sharedModules;
config.programs.git =
{
extraConfig.core.editor = inputs.lib.mkForce "vim";
userName = "chn";
userEmail = "chn@chn.moe";
};
};
};
chn =
@@ -44,78 +46,82 @@ inputs:
])
];
};
home-manager.users.chn.programs =
home-manager.users.chn =
{
git =
imports = inputs.config.nixos.users.sharedModules;
config.programs =
{
userName = "chn";
userEmail = "chn@chn.moe";
};
ssh.matchBlocks = builtins.listToAttrs
(
(map
(host:
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
}))
++ (map
(host:
{
name = host;
value =
git =
{
userName = "chn";
userEmail = "chn@chn.moe";
};
ssh.matchBlocks = builtins.listToAttrs
(
(builtins.map
(host:
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
nas =
{
host = "nas";
hostname = "office.chn.moe";
user = "chn";
port = 5440;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
}))
++ (builtins.map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
nas =
{
host = "nas";
hostname = "office.chn.moe";
user = "chn";
port = 5440;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
};
};
};
};
@@ -134,7 +140,7 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.xll = {};
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/xll".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
};
@@ -151,7 +157,7 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.zem = {};
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/zem".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
};
@@ -168,7 +174,7 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yjq = {};
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/yjq".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
};
@@ -184,15 +190,48 @@ inputs:
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yxy = {};
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/yxy".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
};
};
in
{
options.nixos.users = mkOption { type = types.listOf (types.enum (attrNames users)); default = [ "root" "chn" ]; };
config = mkMerge (map (user: mkIf (builtins.elem user inputs.config.nixos.users) users.${user}) (attrNames users));
options.nixos.users = let inherit (inputs.lib) mkOption types; in
{
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
linger = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
config =
let
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.config.nixos) users;
in mkMerge
[
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
{
system.activationScripts.linger = builtins.concatStringsSep "\n" (map
(user: "${inputs.pkgs.systemd}/bin/loginctl enable-linger ${user}") users.linger);
}
# {
# fileSystems."/var/lib/systemd/linger" =
# {
# device = (inputs.pkgs.stdenv.mkDerivation
# {
# name = "systemd-linger";
# phases = [ "installPhase" ];
# installPhase = builtins.concatStringsSep "\n"
# (
# [ "mkdir -p $out" ]
# ++ (map (user: "touch $out/${user}") users.linger)
# );
# }).outPath;
# options = [ "bind" "private" "x-gvfs-hide" ];
# };
# }
];
}
# environment.persistence."/impermanence".users.chn =
@@ -236,4 +275,4 @@ inputs:
# ".viminfo"
# ".zsh_history"
# ];
# };
# };

2
modules/virtualization/default.nix
View File

@@ -31,8 +31,6 @@ inputs:
{
features.buildkit = true;
dns = [ "1.1.1.1" ];
# storage-driver = "overlay2";
storage-driver = "fuse-overlayfs";
};
};
enableNvidia = builtins.elem "nvidia" inputs.config.nixos.hardware.gpus;

9
secrets/pc.yaml
View File

@@ -12,17 +12,12 @@ nginx:
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
postgresql:
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
huginn: ENC[AES256_GCM,data:Hb3Lkg==,iv:jhYobzvZUhIF4qzD7bzH0M78HtoQiTUuxqULMkk/i1w=,tag:MKqehVphO+jKb1L6E0c6NQ==,type:str]
redis:
misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
nebula:
key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
huginn:
invitation_code: ENC[AES256_GCM,data:RVvK+w==,iv:lv/d3J2Ua1CcZiMugsbuHsSKHlXt6t7HmeTB+Szk91U=,tag:n3mgg6FabiLxvMIGeOgHIA==,type:str]
mail:
bot: ENC[AES256_GCM,data:+0C08g==,iv:V5BvmArE5+CkhK+yECLQwV4Nxpd/SiUVLj9iTF+kV0s=,tag:58dXyIZx43FOi51jSpWNkA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -47,8 +42,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-16T11:06:32Z"
mac: ENC[AES256_GCM,data:hZCeW25Tp5+f0pdnysxGIYMBDHC+/nFJTBFvWDrL3s86cyjsrQRcEI8levSHAayEL7eFSD7t1syNSmwD13H74xiWwqroQfRKUfURze1mg8GLkT/sBoL8aw2cZdboE5OE8jfQxGYgovZUuBEtfgVCi6QDR+Q21uXtsDhp3MnwOI0=,iv:shA2SmoVv9LqP5fRvCUNq3Ts8gvuAcOyIARwsXhUPKw=,tag:BEOMEzyeuCAZrCRTxxz8Kg==,type:str]
lastmodified: "2023-09-03T08:51:32Z"
mac: ENC[AES256_GCM,data:PlBRhBHJ067MzX77ZaG7XzQviTixWWEZboFM8h1ezmei+Pf2PY4oDxRfmEgAodXD2EpM0x4cao3NPzMeAYtJK0YUViZRzdSbya/60W6Xzv0nrbJHh3xvvJmLVsMXyD3KKMcafTOrBsxnCg0gRro778Z63XkN/S9tA2tZfdZLLcY=,iv:9N223T+lBjYt0WLvvERbAFE1Z30ejWwZNDjByFjlW98=,tag:iTD7+P5uFlwe/xEX80QgMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

10
secrets/vps7.yaml
View File

@@ -1,6 +1,9 @@
acme:
cloudflare.ini: ENC[AES256_GCM,data:PJ3JhdSPCyxzdcRI4UFdESWgyAjIYGyuVaU9l0R3s8mJidtgavvSSMy0hC0G/2fauLB/Eqc3L3NppXFjlKVywVE=,iv:lZVlOf7P/Vs/+u/5YPKFXmdeYV9NP9kcVWd00w1OjB4=,tag:LfWZTvPQH4QPrNrYfZ/Z6Q==,type:str]
nginx:
#ENC[AES256_GCM,data:BwkND2sU5FkdN72C,iv:DNIdyY35BfBYtlJijfI17s7aP8zj5Y/kUAieAYSTr3w=,tag:016xmeOvZC3Grc8JLGcVaQ==,type:comment]
#ENC[AES256_GCM,data:NX8myRAMhMS7qx0T+471E9Wz//AKXt7FoY7P8cUOvJ/Xz+AKkB2VfP45gyPvds6zwwKuYtRLqvPD84afjE/mf2wAij3VEkprJKd5VMl+RQ==,iv:LYdigyW2VUlqo/3IvC7CRaiFsnxMyQIryHf2yFMJ+Yw=,tag:ttNAzJRCz/owZSe/V3eOPw==,type:comment]
#ENC[AES256_GCM,data:Ss47U7TQO6OS21/eLVnLGO/Gpz7V7I1mlQS2SC/6DQk3bySZK0Omyd3Nyctz7FX+ix1RbeRd7//JKNc8Dtj19jpicBFQpZMV,iv:j9QD7TmRvfzFLkLLlRcwrAHcklfGJ0R6Z3cpbli97vk=,tag:lhEkAmm/AV0gTLItdVcZ4A==,type:comment]
maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
@@ -11,7 +14,6 @@ postgresql:
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
huginn: ENC[AES256_GCM,data:s9Y9VGq4UYZael28LEwA0fF97HVZd7neM45zXxZUsRj75WCjif0jcl8nc2cLHhys7yfsZNxNgsDuOmLWX1l8mA==,iv:Hnx8Py6NELPkj0mVn4OQaU8+CIq3FMC/UZElY4WsB08=,tag:+5+Nyqvr2udUprIBm9dsaw==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
rsshub:
@@ -33,8 +35,6 @@ nebula:
key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
vaultwarden:
admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
huginn:
invitation_code: ENC[AES256_GCM,data:8YxfbtlHhzaQpEXpFua81W/Uifd9b2Pv,iv:7BfoOxA1B0ZzRrhoKG1R1f1nT5GkNqGB/gpgl7oa2oQ=,tag:cKoWVqCuaiwEuQdYUDgbSg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -59,8 +59,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-16T10:57:23Z"
mac: ENC[AES256_GCM,data:FXdxVeb2r36ONCfNBUcOOjjcnAx+uIlf1bIDpYdOZHKdVOEx1PMUMgBngnMgzuiMXIILOeH9tFE6gerkaaKnSao1RUE65UScLnqwzpRFlgwqI+gFS+Ng8gWUaZO3qVCr2lQCegYBtevqhAy8+Dmew4EkYEiD0MTIomZgnlPu5+I=,iv:wKqLmD4Vjr5mtA59e3O2dMYMK0LANBODVHAN2R8CEsY=,tag:dFUhQe09u0AAz15CWtiXkQ==,type:str]
lastmodified: "2023-09-16T06:00:05Z"
mac: ENC[AES256_GCM,data:1+Uqp+nb1zIkKVQzQWlEVBv3hAiBknHJSiVdEPxj4IzAAWc1okSsh8QYRkTA5WR54BL6I7xerITLvaqAIF1cNnmkZJ/bbbgXuQgwrrRfqDKzxOmtblQDxFO6A815VreLTfWjZN6/h3oEzH4DW+xRtd+js4n5L+nyLMee1O9kOi8=,iv:s6QN07djU9PAA2WRZ4xw2O0iDKqzmaEqVyRmeRoHNXE=,tag:y/KjOdf0cXl2XQbibjrVPQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3