chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 13:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:hpcstat
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
..
compare: chn:debug
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

3 Commits
hpcstat ... debug

Author SHA1 Message Date
chn
bf223cf347 Revert "remove wallpaper desktopeffect theme etc" 
This reverts commit 5b6a2623bc.
 2025-05-25 14:03:57 +08:00
chn
5b6a2623bc remove wallpaper desktopeffect theme etc 2025-05-25 13:55:48 +08:00
chn
dec023fcaa remove autostart programs 2025-05-25 13:51:59 +08:00
195 changed files with 4039 additions and 3943 deletions
Expand all files Collapse all files

5
.gitattributes vendored
View File

@@ -1 +1,6 @@
*.png filter=lfs diff=lfs merge=lfs -text
*.icm filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
*.webp filter=lfs diff=lfs merge=lfs -text
*.efi filter=lfs diff=lfs merge=lfs -text
flake/branch.nix merge=ours

3
.sops.yaml
View File

@@ -54,6 +54,3 @@ creation_rules:
- path_regex: devices/cross/secrets/chn.yaml$
key_groups:
- age: [ *chn, *pc, *one, *nas ]
- path_regex: devices/cross/secrets/acme.yaml$
key_groups:
- age: [ *chn, *nas, *pc, *one, *srv3, *vps4, *vps6, *srv2-node0, *srv1-node0 ]

89
devices/cross/secrets/acme.yaml
View File

@@ -1,89 +0,0 @@
acme:
token: ENC[AES256_GCM,data:Zm4vCgYbrm8wtYMYqtRkMF7hm8feTcZXITKbJgWsgagWbbHE5Z8zoA==,iv:RSRw188gjoAdhTErApuF8tBSsD+aT3LGhifcy417Qzw=,tag:4ZHfkW8aCJ6BW8mtL261yQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dlVnM2FHWmJNSXpDTzhR
Q2EyK3JENDFGNlFVT0pvYjExd0RDT0VQTUNBCjgwL256NnVGNXBVVG1WdmFVNWRI
NDdLL0hkZU5JRXFYM2ZtZG5pakpVT1kKLS0tIEl3VjA1bE1lbHMwQXpwSjBENnpB
VkpraG8vRFN6RHQ5ZWNrMDFhZGpSaVEKlpOVSF6oFpHIEAnY026JPOmyTB4MGJh1
44R3bbMIA1Zo4uZ/lySvWum/oh9h9UTPZPYybts/0NOiX9gqcBuH7w==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvOTJac2ljQ0FLYXIweFJp
bXM1Sit5WDQ2N0tqdllmc2c1ek9Rd1JJZkg4Cm9sY2JybkVlYlNZSE10ZS9YSU1q
UnRLQzNJWGV0aVUxeFFTV2M3cldJSEUKLS0tIE9MaU1BamhMTmtFQWFFNmZKQ0Jo
WXFtcjZlVVFuVHdLaTVzNnFvYTB6RGsKOondd9JP142bPU0Jl82/LpBiFvLYBlaS
CcP1V7NRC2gQpxHhhYRYN9fuFrWJnUzbAPaIMhMeG3sPIvS2LLwyCA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBURi9oQ2xvR3l1TU5id2Uw
STZDWjZ6R0sxVkNZZWdYSlRDTENxU1UxKzFrCkI4UWhGZjRIVEhiU250R2VUa21y
OWgzTWs5WEM5ZVFSS01zZHhsUlZVSkEKLS0tICtjOVIrSXcxUW9ReDFpbWtMOTEr
MmhzbEFiVzlobXN4ang0UjZRcHZrOXcKxexbMBS/tTp4MIW93R0K/2+gdIHDYpT6
x13rwFfMo/laZGJmtSwYQyRMacpfgsgzwq36qKCOLJ/J/ESht9AA0A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dzZoZ0lzQ0owSXNRcHlm
b1lqL0ZCN21YWFMyNENScnRjR1ZuVEVFWkVVCitxbW1HL3pGVHk3VndKcVpDdC9B
dWJ4MGpZckhYZEdOM1RzNlVqajFocGcKLS0tIC9GcnZyeEtJWHFIanZCTmVuYXRW
VThqakFKWE5tVTduZ1NkQ1h2NDdiSmcKsDg83RzJ33Q5v+DuyhYLaQCHY+bBTlY1
roC7Nic/mTGHV9NikjJpxJUrdIZ9PZcpRFV+7HEteosTNt9WKPWOkg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTVJ3S0sxbXRQd01TeEZX
bEprbTQ3M1BwZy9naWNFQzlqRXdFVVRlNEZvClJyeURyZCtoaU1idlZFU0wySUFm
TTdMM3JsbWZuY1R2TnVON2N5dGN2cVUKLS0tIE5qWmU2d1VDYVlRd09STWtRU1E3
OGhRV29PWlpOdXFhUWU0WTg3Ni9YR0kKmnbM7HuN39AecfIGPIIr+NcNoNBwbtM3
UHgKT6Y6JaCt5BFMFRwvB9hClQn6PUOMjkuIb0BYD2repwP0E3P8qQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYkN5ZlBGZ0pSenpIdjBh
SmNHMHk1SzFDWFduSFZYVW5kdUZBdittTlQ4Ci9VRGR2WnRKeUcxdUF5UkZXSmZR
dzRPbG9ITDlSWjk0ZHQ2b2Z0SnRKUFEKLS0tIERxL1NTekJWOVBmVDVIMWpkYjJB
M2xQQnhqbGFWaVhtSnZrZXpBTWNZckEKPGZDtSOZqDhMAG46CZR7Z9TguWC0k8eV
3RK/51cpDRP7CS6cQnYHlQycFjnL+e6sCiKZzWXQXdgoW/1DWysNHQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHV3hlbFUwQnk1RmROU2Qz
LzhrMDdZcHFrdlF4cGRLL1dmMy92T2Zpc0M0CnJNd3BPdjNLanBCaTY3Y3lsNk9Z
UjVLem1Hell5ZjZsdUE0Z2U4VVk2a1kKLS0tIGJUTFcyZG41T1JsRm9mdHZaYlNs
TlBuY214bHoxcmp6ZnlLQ3Nja1c4L3cKTbEnAk/lRZi27QomwPB+xT4eLDWygDZ/
B6H9JgCdDuh9azNx07GxCpybzMFZUQjqrzzHqfqxYqMoWKMJoHXmyA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETU85VW9zc3p3SmtaeC9l
TmpyOGE5WEtRUjV2VEdvb2J2aURvZFJLclFvCkt5QnI3THVUK2VHaDdzVjhNRkw2
U25rWU96WmowNk5xTE5odFJqcFI3N1UKLS0tIHhBQ3ZKekZ6d2VSd0NRSHJGdUJV
Y1d4TmRpRGJrUm45ajVHcDRzRG1VbUEKjZcnDgP4JqcUfixQXvwI9XSZMtiX5fwU
FxOyTyRyxaPbS5b8RBBXrRqiIMCaOkggzcU0LZVOs+nBtqiiaqlw1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNlRubFNJNVpKVFU2d2xK
amhYSC9Tem9IeExVT2lSN1VTaUZiZ3NPZmc4CkkrclY4WitoYllsVGdUMGphU0lz
WDhwYk5KckdTa0tlenk4Qk1odHpSb00KLS0tIDNwVnJLaCs0MzhTdVdsZVA1VVhU
RVQ1RFdXVk9TMWFWdHhTZ2dEVU51a28Kx2iABI3gz0lVLfzpnFKJkIxDFgSkOr9M
87HD5YsLAJ1ACiQzC+BONcdW3FZmu2K6xP/dJXgCYU+2iD39p/cJwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-09T13:04:33Z"
mac: ENC[AES256_GCM,data:xKqvMTW+TTKPtuHh/pSGvxXXIpeKtzVWgwKPibGX9UTIpnDNzfylmkT6OouqQyI/HTQmiL67ch6gaFSMAbXfpw7JA9YpKif6p84rs3RelKzRLKinDpUtcvWhY1DEA2nsNWOdFHxu7EZhHRbXttRoB372kdV5063MJRvwuqslMpo=,iv:T4ff9w1AYGO9JIzuJz6VbPoS19OcIy9zFvOMLp3F2LE=,tag:x5Yk7tVSilKK68ZRhAnsIw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

11
devices/cross/secrets/default.yaml
View File

@@ -28,14 +28,13 @@ users:
pen: ENC[AES256_GCM,data:XOKXV0YSFbHC3I3xO8fpWvYerNfVFg2afs+CUp2MZB+yt9KR5bTJdVOfUGldLbWH5CR4v5FxTrTujv24wJ710Rfyugxh9aFJ/w==,iv:tHLoO+XpdUk8S56QUiJQOpVO9C5epam9PMubMN+8fHw=,tag:H0srWRigNUedQMIAfJlfjg==,type:str]
#ENC[AES256_GCM,data:K6O0TIYYGZmM8iOwsQ==,iv:xtT8Psnoy51V9gsRo335+VT56FXTcMQ3d4/tnuWouew=,tag:k8irtZ33G3UFK++rzcmyiw==,type:comment]
reonokiy: ENC[AES256_GCM,data:fPKdOPAKbXUvK5Jj08T0iSD23mhhkTXCexgB5q3v5JS4c6V4S+W14WOkS4UHrMQls/rHslw0NyMzS5G27A+5vN+EN+xJZfuRGg==,iv:tSdNOgs61tyt7/hUKt8bfKvpq9qOQU14ligdxBs/ATs=,tag:6IoS/p2StKtFREIpxsWkdg==,type:str]
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
telegram:
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
user:
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
acme:
token: ENC[AES256_GCM,data:M8/R019chds8zr2BqnRnKP40NZxwq4fz06NaOeOOFYecLyDjIOq5mg==,iv:VPr4XD0Y+6G1P1xwMDyrWPiTvCYdiMV0nPcmqCvIA3Y=,tag:KEyCIHRmRkNviA4bMTMybg==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:MtmNo6hHlU75N6PvzF7P5i6Q+myV4Keb1JRXVeHxTennNpKfAndsKg==,iv:DqM91JX+1WX8Zqzha2Tm3ztFaSzKYQg+b9NvUm+6jxY=,tag:XnDTBL9MA/B8XfPZqdk7Eg==,type:str]
sops:
@@ -175,7 +174,7 @@ sops:
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T03:46:51Z"
mac: ENC[AES256_GCM,data:5M0XoU1HrzWBkY8N0fObYkeVuF9o8sH4NJAHeCgN5Lqc1gdW+qUnJ4FzJlpPepw87bhWNogXSl4/qRzDFiMpSrDgqaMPhZA0E9eimm659Poe02Rj3LVTOT7UGVaUck+IVgSDx1skQ3hc+yU7ytY5grSoz6rqn4u/uW/prb9BkoQ=,iv:Tt+JNSzZQx9C+FwoCDwctVLQc5rAh5XYOnjsgCSBTJo=,tag:AIz4HnaQ4c7fkdWluiQsYQ==,type:str]
lastmodified: "2025-05-14T01:17:28Z"
mac: ENC[AES256_GCM,data:r1FWYKz9aJtmhH7MLPqwZjG0W7LULScGd63CnIqsm2AbFIs6DgW33zDsgwrl1oblx/zYGda3irB5s1+otR38DU0VE7jqLYzHpb3eLsE986ZTwe9Tujy6BJm2Pyng60BJTTBwKU8awS2WpbTUivK1aVivNfBffQIL5Scv/qkyH3U=,iv:1USu0hh8IM2T/w1Fm/udGswPJcxKmvcG6XwlS2ku6iY=,tag:F/rZiGc3KTaNA0YtrWF3+w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.2

3
devices/cross/wireguard.nix
View File

@@ -2,7 +2,6 @@ inputs:
let
publicKey =
{
vps4 = "sUB97q3lPyGkFqPmjETzDP71J69ZVfaUTWs85+HA12g=";
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
@@ -62,7 +61,7 @@ let
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
(builtins.listToAttrs
(
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps4" "vps6" "srv3" ])
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps6" "srv3" ])
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ])
))
# 校内网络

13
devices/jykang.xmuhpc/default.nix
View File

@@ -1,8 +1,8 @@
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' .#jykang
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | grep -Fxv -f <(ssh jykang find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export | xz -T0 | pv > jykang.nar.xz
# cat data.nar | nix-store --import
{ inputs, localLib }:
let pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' .#jykang
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' -qR ./result | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' --export > data.nar
# cat data.nar | nix-store --import
inputs:
let pkgs = import inputs.nixpkgs (import ../../modules/system/nixpkgs/buildNixpkgsConfig.nix
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; };
@@ -10,7 +10,6 @@ let pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
in pkgs.symlinkJoin
{
name = "jykang";
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit pv btop ];
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs; };
}

2
devices/jykang.xmuhpc/files/.bashrc
View File

@@ -35,7 +35,7 @@ if [ -f /etc/bashrc ]; then
fi
if [ -z "${BASHRC_SOURCED-}" ]; then
export PATH=$HOME/.nix/state/gcroots/current/bin:$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts
export PATH=$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts:$HOME/.nix/state/gcroots/current/bin
export BASHRC_SOURCED=1
if [ "${HPCSTAT_SUBACCOUNT}" == "lyj" ]; then
export PATH=$HOME/wuyaping/lyj/bin:$PATH

2
devices/jykang.xmuhpc/files/.config/nix/nix.conf
View File

@@ -1,2 +0,0 @@
store = local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log
experimental-features = flakes nix-command

3
devices/jykang.xmuhpc/files/.ssh/authorized_keys
View File

@@ -10,8 +10,6 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlBxisj3sU9QC8UC5gX6sakf7G03ybbkmHtD2cybuZA qmx
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWU/OlrP8bJ5k7IqpIwUC1COuVsmrYVreW/ieEdPYdj ccy
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
@@ -19,6 +17,5 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFL+fpLRUHy6Bop91ACIUjyekWn+ZGCEOzfrqnaEsn+ yj
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat

20
devices/nas/default.nix
View File

@@ -4,7 +4,7 @@ inputs:
{
nixos =
{
model = { type = "server"; private = true; };
model = { type = "desktop"; private = true; };
system =
{
fileSystems =
@@ -19,15 +19,25 @@ inputs:
};
initrd.sshd = {};
nixpkgs.march = "silvermont";
network = {};
networking = {};
};
hardware.gpu.type = "intel";
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
sshd = {};
xray = { client.dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; xmuServer = {}; };
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
};
beesd."/".hashTableSizeMB = 10 * 128;
nfs."/" = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc")];
nfs."/" = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc";
};
};
};

5
devices/nas/secrets.yaml
View File

@@ -1,7 +1,6 @@
xray-client:
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
xray-xmu-server: ENC[AES256_GCM,data:3O5rFi5szla70M/c62JV4nGWKPSOREImrOucjeVYf9bde6K8,iv:PGCqlmHtaNuWOtAAeJ6O+CWFpMszijozU1OpUFrftjs=,tag:iGTOoNvQhhZy2FL9jy1KIQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
@@ -22,7 +21,7 @@ sops:
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-30T10:53:22Z"
mac: ENC[AES256_GCM,data:XJIKLsszOcJfL9RDcFs7nTDfVIxUGtwhKZhkC7eCKni03b3M/sl2cIwAJ/L20Q+riP2HFcS1ljQA+SjlnY29KWr7DqJ1dM0qcqHjMSlWjurMWPgD4Lf8C7kx2J+6naYiQotQb6y7AfRF9XxAJUaHQe9DdlqHT/bmbtVW5VN1tzs=,iv:IhU7Wo19KOsqxdlSuZg3KtDc08E0dUq2Ahb1J09iLK4=,tag:N9TumoFTKEw/4DT51Lyjjg==,type:str]
lastmodified: "2025-05-19T01:47:25Z"
mac: ENC[AES256_GCM,data:J79zVjfGgptSjh+ShPBOd+lJ9i+NuS2Uw7P4ZvF7xeahn7fbT8bercsBv1F1USwW2ituTBMZFmxaspGjAD+azEM2X7zSJnVtbKr+T9FY6i2N+kPIxdseyw93JLZ1pPTy9bQeXRAJYlJHyEw4zHEpMBbWSI88I+i43s2xkScwEuU=,iv:4Ge0dHPxa4zF++0eeHy8fH7t5ndFznhFAKnrV7WOOXs=,tag:+UG3b93zFo/EfOfCQrPoBg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

16
devices/one/default.nix
View File

@@ -17,16 +17,26 @@ inputs:
luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root"; offset = 4728064; };
rollingRootfs = {};
};
nixpkgs.march = "tigerlake";
};
hardware.gpu.type = "intel";
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
xray.client = {};
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
};
beesd."/".hashTableSizeMB = 64;
sshd = {};
waydroid = {};
kvm = {};
};
bugs = [ "xmunet" ];
};

BIN
devices/pc/bios/Bootx64.efi
View File

Binary file not shown.

BIN
devices/pc/bios/DisplayEngine.efi
View File

Binary file not shown.

BIN
devices/pc/bios/SetupBrowser.efi
View File

Binary file not shown.

BIN
devices/pc/bios/UiApp.efi
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Default.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native_HDR.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_REC709.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_sRGB.icm
View File

Binary file not shown.

85
devices/pc/default.nix
View File

@@ -17,7 +17,6 @@ inputs:
"/nix" = "/nix";
"/nix/rootfs/current" = "/";
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
};
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.nas"}:/" =
{ mountPoint = "/nix/remote/nas"; hard = false; };
@@ -29,35 +28,39 @@ inputs:
{ mapper = "swap"; ssd = true; before = [ "root1" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = {};
};
grub.windowsEntries."08D3-10DE" = "Windows";
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# SAHF FXSR XSAVE RDRND LZCNT HLE
"haswell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
remote.master.host.srv2-node0 = [ "skylake" ];
};
nix.marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# SAHF FXSR XSAVE RDRND LZCNT HLE
"haswell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
nixpkgs = { march = "znver4"; cuda.capabilities = [ "8.9" ]; };
kernel.variant = "cachyos-lts";
sysctl.laptop-mode = 5;
};
hardware = { gpu = { type = "nvidia"; nvidia.dynamicBoost = true; }; legion = {}; };
hardware =
{
cpus = [ "amd" ];
gpu = { type = "nvidia"; nvidia.dynamicBoost = true; };
legion = {};
};
services =
{
samba =
@@ -72,17 +75,30 @@ inputs:
};
};
sshd = {};
xray =
xray.client =
{
client.dnsmasq.hosts = builtins.listToAttrs
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
dnsmasq.hosts = builtins.listToAttrs
(
(builtins.map
(name: { inherit name; value = "144.34.225.59"; })
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
++ (builtins.map
(name: { inherit name; value = "0.0.0.0"; })
[ "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com" ])
)
// { "4006024680.com" = "192.168.199.1"; };
xmuClient = {};
// {
"4006024680.com" = "192.168.199.1";
"hpc.xmu.edu.cn" = "121.192.191.11";
};
};
acme.cert."debug.mirism.one" = {};
nix-serve = {};
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd."/" = { hashTableSizeMB = 4 * 128; threads = 4; };
@@ -105,17 +121,17 @@ inputs:
};
};
ollama = {};
podman = {};
docker = {};
ananicy = {};
keyd = {};
lumericalLicenseManager.macAddress = "74:5d:22:c7:d2:97";
searx = {};
kvm.aarch64 = true;
kvm = {};
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
nfs."/" = [ "192.168.84.0/24" ];
nfs."/" = "192.168.84.0/24";
};
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
packages = { mathematica = {}; vasp = {}; android-studio = {}; };
packages = { android-studio = {}; mathematica = {}; };
user.users = [ "chn" "test" ];
};
boot.loader.grub =
{
@@ -149,6 +165,7 @@ inputs:
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
# 允许kvm读取物理硬盘
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
networking.extraHosts = "144.34.225.59 mirism.one beta.mirism.one ng01.mirism.one";
services.colord.enable = true;
};
}

12
devices/pc/secrets/default.yaml
View File

@@ -13,10 +13,11 @@ nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
searx:
secret-key: ENC[AES256_GCM,data:KhIP+Rz3rMfNgPEGTlKGvm6gl1/ZuPI=,iv:GcaLEJHKJO3n6IaeiFr9PaJ6eNx04/VjX3UgmBF429g=,tag:HkplyH9hTHUaEZ709TyitA==,type:str]
xray-xmu-client:
uuid: ENC[AES256_GCM,data:XiUkReTJLAxZNWFVeD6EiOtUX5tsyPLFi6QyDBdHyB4v5/mD,iv:QppdtP2CFDEVhlrmDJKYBGc1zYGJvpGYxLfsBAMxDSI=,tag:jzMSFRit+aBzWMkaa3+5hA==,type:str]
cookie: ENC[AES256_GCM,data:fx/cqNNpI71FslngfeXFQA==,iv:xZEtOsKgS/8xNqF4B6NKI9+klrpNcraW17KKirMnEfM=,tag:YyczKED2Yo0D6I+RvMjJLg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -36,7 +37,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-30T11:24:37Z"
mac: ENC[AES256_GCM,data:V6Gs9hCPIb42nW81Gmy1dz5LFLeX97UuzVbvst/rtuSJHdFzXKxYqIGjHNRK5mGWG/NdTXQ79ELlvpSOgKYAk6gn9ZMn9wCDDbe6spDoGBWL4Ky7mCiSPRcLZ++J+2nP0Q987kZ6IMdMWkFNJmOKWBX/nnp4/aicwyteqNHt4cI=,iv:1wWS0D4RJeWKERfqMQRB75Nh1oKSQzF+r5yOphMrg9Q=,tag:DBPZx1+X7nMLW9xsyEn62A==,type:str]
lastmodified: "2025-05-24T11:27:02Z"
mac: ENC[AES256_GCM,data:uNkThOX3NEUeiaJVavZ0rCpQRT+GbRXADiMuAwb/tg38fBrKQeUO9ohicl/UfiDFRTfCaiuH3T757jX2b51go2s0B6n7DOvPYYZ5EWGnM69RFxrdDfWfge8n8/SHmuKR9dPJb/eSa8HAs8uDnqBPoR5SqG5lnyZs3a7P/kjK2T4=,iv:snmnuYmcuyhGs4YrIGFLmDffFE9yecB/vsM0MvxBR4k=,tag:vbqA7jvVCFHvLoLmKbfO4g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2

5
devices/srv1/default.nix
View File

@@ -16,8 +16,10 @@ inputs:
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
};
hardware.cpus = [ "intel" ];
services =
{
sshd.passwordAuthentication = true;
@@ -60,8 +62,7 @@ inputs:
];
};
};
packages = { vasp = {}; lumerical = {}; };
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
};
};
}

19
devices/srv1/node0/default.nix
View File

@@ -8,21 +8,15 @@ inputs:
system =
{
nixpkgs.march = "cascadelake";
network =
networking.static =
{
static =
{
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
masquerade = [ "eno146" ];
trust = [ "eno146" ];
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
};
services =
{
sshd.motd = true;
xray.client.dnsmasq.extraInterfaces = [ "eno146" ];
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
beesd."/" = { hashTableSizeMB = 128; threads = 4; };
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
@@ -30,5 +24,10 @@ inputs:
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
};
# allow other machine access network by this machine
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
# TODO: why?
networking.firewall.trustedInterfaces = [ "eno146" ];
};
}

11
devices/srv1/node1/default.nix
View File

@@ -7,14 +7,13 @@ inputs:
system =
{
nixpkgs.march = "broadwell";
network =
{
static.eno2 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
trust = [ "eno2" ];
};
networking.static.eno2 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
};
services.beesd."/".threads = 4;
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

19
devices/srv1/node2/default.nix
View File

@@ -7,25 +7,26 @@ inputs:
system =
{
nixpkgs.march = "broadwell";
network =
networking.static =
{
static =
{
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
trust = [ "eno2" ];
bridge.br0.interfaces = [ "eno1" ];
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
fileSystems.mount.btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
};
services =
{
xray.client = {};
xray.client.enable = true;
beesd."/".threads = 4;
kvm.nodatacow = true;
};
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
# add a bridge for kvm
# 设置桥接之后不能再给eno1配置ip需要转而给 br0 配置ip
networking.bridges.br0.interfaces = [ "eno1" ];
};
}

22
devices/srv2/default.nix
View File

@@ -7,13 +7,18 @@ inputs:
model.type = "server";
system =
{
fileSystems.mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
fileSystems =
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc"}:/" =
{ mountPoint = "/nix/remote/pc"; hard = false; };
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc"}:/" =
{ mountPoint = "/nix/remote/pc"; hard = false; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs.cuda.capabilities =
[
@@ -30,7 +35,7 @@ inputs:
hardware.gpu.type = "nvidia";
services =
{
sshd = {};
sshd = { passwordAuthentication = true; groupBanner = true; };
slurm =
{
enable = true;
@@ -75,8 +80,7 @@ inputs:
};
};
};
packages.vasp = {};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" "zqq" "qmx" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" ];
};
};
}

20
devices/srv2/node0/default.nix
View File

@@ -5,30 +5,34 @@ inputs:
nixos =
{
model.cluster.nodeType = "master";
hardware.cpus = [ "intel" ];
system =
{
nixpkgs.march = "skylake";
network =
networking =
{
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
wireless = [ "409" ];
masquerade = [ "eno2" ];
trust = [ "eno2" ];
wireless = [ "4575G" ];
};
nix.remote.slave = {};
fileSystems.swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
};
services =
{
xray.client = { dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; }; };
xray.client =
{
enable = true;
dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
};
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
hpcstat = {};
ollama = {};
sshd = { groupBanner = true; motd = true; };
};
};
# allow other machine access network by this machine
systemd.network.networks."10-eno2".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

15
devices/srv2/node0/secrets.yaml
View File

@@ -6,9 +6,13 @@ mariadb:
hpcstat:
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
wireless:
#ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment]
"409": ENC[AES256_GCM,data:XJ2apDx9E4RM7YzK6wYzxn4eBkVS3l6LIaMtUai2MZ/W0xkaixyV/g/s+cVQtgph2gEcNoLOWbsxr3h8CsrOTA==,iv:O643ytrgHKB4RM6lZKZcr0fLmS2icRnek9praw43jWc=,tag:6Pk7CmiJyvAeW/1V4mvRJQ==,type:str]
#ENC[AES256_GCM,data:xrg3Wxj/ghbWgg==,iv:6stu7voI5no2Y3YmnMrvTS8hev3eqjoWAyD5zTgyehc=,tag:cxkS7y7S1oM+/SJmlT10fw==,type:comment]
457的5G: ENC[AES256_GCM,data:QjHlyGU4JIYymyh41T+c33T3EOpbqDOoD3U+v6/BzjlWLLeZQXU2hwPCVh4fi2bwn7yNkp4ygAYmFPVPZWoT1A==,iv:Tc6Guzsn5hkjWH6UWSb1KlfWCBXIi2OWdn/wttmCXnQ=,tag:FhyH6JmjSTuqSeFy+GyQhg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -28,7 +32,8 @@ sops:
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-10T10:08:37Z"
mac: ENC[AES256_GCM,data:ELeHLFJuOUs8CFIuu08zqp56AijpxxLKlfUo6cWmqwURy/BC6CTFqkNwsD8NirCzSsNTRnwk3pAVXPjJCrk8rnnH4uqiA639h3qMdEpHJLsVhv2+ounGObW7+R/IYJQaSmBWHzZimQsAbp2eVufu3mnu3wjUOhXM6xs0ofuxLWM=,iv:M7PK2S4Okb0MhsJ6d/bJfkMUOoXUMwbWVsHiuxE6Nt4=,tag:4QwSM0dU0mY5Xs03RS1FUw==,type:str]
lastmodified: "2025-04-10T10:44:43Z"
mac: ENC[AES256_GCM,data:6EeWT8IiCGyRdR/9WDoTTM8bBuhzf2LtP1kahCgfvFpU6g5HB+qG5O0eXaL0DMKg7OQJKHIS/wZVaEierVwno0CnP1WR7y9l6Rlab2nVG4YCNkEkwqZgIWFOUi0aZrZQc7WC3rUk1gxiJK38nEa4ebk8oqAbyHyKHsFAeUcMbqA=,iv:oqRLvYsXct+OwcymXslEH4o03vLNeV2eU/4zK8R+gKs=,tag:0d1DYjCGRewUd4aHPIpFSw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.2

13
devices/srv2/node1/default.nix
View File

@@ -4,19 +4,18 @@ inputs:
{
nixos =
{
hardware.cpus = [ "amd" ];
system =
{
nixpkgs.march = "znver3";
network =
{
static.enp58s0 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
trust = [ "enp58s0" ];
};
fileSystems.swap = [ "/nix/swap/swap" ];
networking.static.enp58s0 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
};
services.beesd."/".hashTableSizeMB = 64;
};
services.hardware.bolt.enable = true;
boot.initrd.systemd.network.networks."10-enp58s0" = inputs.config.systemd.network.networks."10-enp58s0";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "enp58s0" ];
};
}

5
devices/srv3/README.md
View File

@@ -41,9 +41,10 @@
独立的 IPv6 免费,但暂不支持(技术上没有准备好,如果有人有需要我就去准备)。
* 只卖朋友和朋友的朋友(总之得有人保证别拿去做坏事)。
若此定价对您来说仍然难以接受,可以联系我,打五折或者免费。
* 此价格 2025 年 9 月 17 日前有效。之后大概率也不会调整,但保留调整的权利
* 此价格有效期三个月2025-05-17 至 2025-08-17
05-17 前免费08-17 后定价会视情况调整(例如将流量计入收费项目,内存部分相应降价),在那之前会公布新的定价。
* 预计收入无法覆盖成本。如果某个月的收入高于成本,承诺会将多出的部分捐出去。
* 非 kvm 虚拟机的服务(例如,只跑一个 podman 容器,只跑某一个服务)定价私聊,大致上是上方价格再加上我的工作成本(事少的免费,事多的就要实收了)。
* 非 kvm 虚拟机的服务(例如,只跑一个 docker 容器,只跑某一个服务)定价私聊,大致上是上方价格再加上我的工作成本(事少的免费,事多的就要实收了)。
* 配置随时可以调整。所以按照自己这个月够用的来就行,不需要为未来留余量。但每次调整都需要重启虚拟机。
* 母鸡价格 40 美元每月,配置在下方列出。
* 机房: LAX3 IPsrv3.chn.moe

45
devices/srv3/default.nix
View File

@@ -15,21 +15,19 @@ inputs:
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/dev/mapper/swap" ];
rollingRootfs = {};
};
nixpkgs.march = "haswell";
initrd.sshd = {};
network =
networking.static.eno1 =
{
bridge.nixvirt.interfaces = [ "eno1" ];
static.nixvirt =
{
ip = "23.135.236.216";
mask = 24;
gateway = "23.135.236.1";
dns = "8.8.8.8";
};
ip = "23.135.236.216";
mask = 24;
gateway = "23.135.236.1";
dns = "8.8.8.8";
};
};
hardware.cpus = [ "intel" ];
services =
{
beesd."/" = { hashTableSizeMB = 128; threads = 4;};
@@ -38,14 +36,12 @@ inputs:
{
alikia =
{
memory.sizeMB = 1024;
cpu.count = 1;
hardware = { memoryMB = 1024; cpus = 1; };
network = { address = 2; portForward.tcp = [{ host = 5689; guest = 22; }]; };
};
pen =
{
memory.sizeMB = 512;
cpu.count = 1;
hardware = { memoryMB = 512; cpus = 1; };
network =
{
address = 3;
@@ -66,8 +62,7 @@ inputs:
test =
{
owner = "chn";
memory.sizeMB = 4096;
cpu.count = 4;
hardware = { memoryMB = 512; cpus = 1; };
network =
{
address = 4;
@@ -77,8 +72,7 @@ inputs:
};
reonokiy =
{
memory.sizeMB = 4 * 1024;
cpu.count = 4;
hardware = { memoryMB = 4 * 1024; cpus = 4; };
network = { address = 5; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
};
@@ -90,23 +84,26 @@ inputs:
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden = {};
photoprism = {};
vaultwarden.enable = true;
photoprism.enable = true;
nextcloud = {};
freshrss = {};
freshrss.enable = true;
send = {};
huginn = {};
httpapi = {};
gitea = {};
fz-new-order = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana = {};
fail2ban = {};
xray.server = {};
podman = {};
xray.server.serverName = "xserver.srv3.chn.moe";
docker = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
open-webui.ollamaHost = "192.168.83.3";
};
user.users = [ "chn" "aleksana" "alikia" "pen" "reonokiy" ];
};
# TODO: use a generic way
boot.initrd.systemd.network.networks."10-eno1" = inputs.config.systemd.network.networks."10-eno1";
};
}

65
devices/srv3/secrets.yaml
View File

@@ -66,6 +66,27 @@ freshrss:
chn: ENC[AES256_GCM,data:Z4UmsXv1KiVfZMIQOEHH,iv:pF5lQLggkxm9y7taDVcp366JKp8U+8akNEdPA+Nf9Uo=,tag:0TajgUI/VgM3FxG1j6c/jA==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:JDN913i+zf6+obWxrNAbgx1NJGPyewRm,iv:lqnjbSk46J0ZJN6ccbbiCiOK92W8fj2mWRwQHKqy2dc=,tag:UYZesryRlfAMo7xhKQ7zgw==,type:str]
fz-new-order:
token: ENC[AES256_GCM,data:JdMiu4du4S4fLg7b8LATG4g8NlahIFPvilGd1MsXNeMtnQs=,iv:fWBFYAVlfzi1dD/TpiA5N0JMY/LHTYPZGSh4sbK1BZc=,tag:LQTZe3DNk8xoy2+G4zld9A==,type:str]
uids:
#ENC[AES256_GCM,data:btt80rJcGg==,iv:DCBo36NMFiQO+dXom+AYTrSMYEAGCNXdMTJDIQVRlFA=,tag:LzoynD0J9surdmcFvVf/NQ==,type:comment]
user0: ENC[AES256_GCM,data:53ag/e8f4aVEkUVszd7MzxNpDBBIkqGMneASW9/m5xU=,iv:LEZoitbzvTFAiXKZAPPOok/WaKsuTWgvd41Rq4/FMP4=,tag:opV15bhvDF1FR0UURsm+Iw==,type:str]
#ENC[AES256_GCM,data:jXeZGm4rrw==,iv:hxZ6AU6FLzoUSJIeUh4zjuR6kvDfDhJCpvG47M+jRdc=,tag:AqMF7SJ96OEh0G8cgqvvuA==,type:comment]
user1: ENC[AES256_GCM,data:emM3ffDBmymM9367YJG0lvYpw7iRl24fHSd5G4C4g6U=,iv:sJ9zLlgU2zZGFpeuIZXtL0Dqvd8RwbKU/a6HFdZTnvU=,tag:L6M7H24DXMvV55pYRiX8WA==,type:str]
#ENC[AES256_GCM,data:gMDlZq2HXQ==,iv:hyJ2gkzrt0BZ3rO5rmz1tiS3jbrrA3VjpqjgPXQymjQ=,tag:aOWFyhuTjV9umsWJ0VjJDg==,type:comment]
user2: ENC[AES256_GCM,data:b4jqm4Xm9dU2tYqqddKcHYcOh0Ol9W309fpQPcG2cQo=,iv:EKUDKnbYX8MTqd/G4NaQUVZ4mZAw3GvAlDe7XIVvVZQ=,tag:+oO6MaA6PFVbnP2ahfAArw==,type:str]
#ENC[AES256_GCM,data:L0wkMIIuSA==,iv:j0LGq9Xe+Dru8bCwt93T51ZaK0ex/7CZJdBDn6jhq7w=,tag:EU4/62fe3p7QjpfSMAYHCQ==,type:comment]
user3: ENC[AES256_GCM,data:dWJzu6S6T598TiKqX48LUcT1BAc0/gVy1tAknkvmg8k=,iv:KWl/av7a3hj27p+S2hhe2QpcNMFGJPsnnCjcaqzjOqc=,tag:HQbtRPxO8OnfKIBqTDjKlA==,type:str]
#ENC[AES256_GCM,data:8/kYjPRSEA==,iv:etABb0TqNHhEs3/HGuRixEJUGhyXSTXI3cvhTTAUlXA=,tag:IfPzvdSamLcY1dRJls74GQ==,type:comment]
user4: ENC[AES256_GCM,data:F6tbn2WBo9HrM+fmtf70GrNJyZ6qJ2HrNdJG788zMKM=,iv:Dx/7MUJVZO61u/DqwrrqmWIVpx4Qpi88SMflCRvj7Wc=,tag:WH6tsk/69+EEz2DS1srrNw==,type:str]
config0:
username: ENC[AES256_GCM,data:DDGErXyt,iv:7Z3U++o930QhngC+NzNna32F2AKSWjEFnJYXY00rCM4=,tag:L83e1KTQkVwSWSwhTwTzYQ==,type:str]
password: ENC[AES256_GCM,data:Jy9Gbo0i,iv:ZthlQ0x5At9TUbh6MUiLkZUoVdCG0gp0SEyMtxKhnjM=,tag:fKmnopQ/sVFQsmb2ISOk0A==,type:str]
comment: ENC[AES256_GCM,data:lb51oO8l,iv:4Iac4P+zfa7/T+aq5429VbdHoK7+WZkj1nC+yPOoIy0=,tag:NRl5GjjKn4OHfIGDNh+3MA==,type:str]
config1:
username: ENC[AES256_GCM,data:/QlSea1D,iv:0gMEI2JJudtKHE9J7IlI8Hsfo0jQwCy2Ap8EXxVqUVo=,tag:2DnWRv1b2VhtV5wSnnOzqg==,type:str]
password: ENC[AES256_GCM,data:FHd4UPV2,iv:jI5BwcfxTBj2igdFUQtKS4LGnt5O96Kp3RPvnpXxFR8=,tag:Lfe8paHNQ44nRb/gk0oUbg==,type:str]
comment: ENC[AES256_GCM,data:QILd5mRa,iv:mmM6h721UIXTuRL7k9TDOPdRrqMuq5M8krz5yWR20Mw=,tag:ALpQZjR6W0X44rST8U74NQ==,type:str]
grafana:
secret: ENC[AES256_GCM,data:1Wfq8QmhzKBObdktheFPySzXYlOJzHWbYYQXgn3beLOwSlW9f7bUn+wIrRoj1e8WlFJkAU2xywzjzzy/UwpSYA==,iv:/0YoHTs54O+cT6VVt1U5CYXr2qEdY2kijOlnMZMW4d0=,tag:SD/IELlcgfS7p9NBEa6D/g==,type:str]
chn: ENC[AES256_GCM,data:8R92k7RH1491u6lfQdM0U3SG8TPi3vWhZyj810XSjnA=,iv:8v6ijLHgoTPT6MGoP/lWB+UEZCCgOpvfskWCJJ63Udo=,tag:k9SHzJ9d54Rny3n8EbksOw==,type:str]
@@ -75,8 +96,48 @@ xray-server:
user0: ENC[AES256_GCM,data:n6gIZGYdT6wEfKgizFvIE802AkpR8BpSPSZrQ5WP/aZWzLUL,iv:AxnwFOzmIRm3nTLpi8/4lkv+TjO4y4RZQtHO0GriD8o=,tag:nllDCaLZd6JNS2JqwvgVyg==,type:str]
#ENC[AES256_GCM,data:uhAauqQ1oQ==,iv:0Sr6YjarjkLmBq5H1ELb3SYBzrTVhqIE6qPxc9HYeKY=,tag:NvGGSY99Y7d3OTnpOr2p2g==,type:comment]
user1: ENC[AES256_GCM,data:EcEySx/n52rN5REPEWNjCuWywokvOetadbljqPpDPADTeeSk,iv:7r3CdvHJT1iZvx1Xn53It1ZxIkdLVIeQ+Q03zISm94k=,tag:8cIGZUlIhVgRc2FeU931kQ==,type:str]
#ENC[AES256_GCM,data:qbXmxTn+Mwk3zw==,iv:8F/0ELOwXMrKaigfRmwvGREujqNwM6XjIeaPyr6JS5U=,tag:PF/PAQCwzH7uOj+xgM0rKw==,type:comment]
user2: ENC[AES256_GCM,data:cA2oKqGsKuZyydMQspbSrWqsQIAde/VtGIPybC2gr3Bg355H,iv:YOj+6f6YR3Ze3x5IrqdqzXp9e3v1jdAu8re1Is6Q4eQ=,tag:n/CV6+PX/y+okpJwRraSDA==,type:str]
#ENC[AES256_GCM,data:VcLtO+6YWg==,iv:TWM3IY00V+LaJzk+E8ji/v7Ol4TCvSP/FHzFsV5MGIE=,tag:CijsW2O/AKpWgQUm6ipPeg==,type:comment]
user3: ENC[AES256_GCM,data:F3HK6znDEsN8UO7B9vBs03jyjqoQ+MGCcNJuOeglSBzLD2Hy,iv:TKBRe8Qmn9DL4AEilX20YcKbz6bydKsQUuUd5lyM2jE=,tag:nAyrTD4zkJ6CjLuj29zuJQ==,type:str]
#ENC[AES256_GCM,data:UFE3pg02VA==,iv:thT5OYPIHLIjKB7uiAk5vff8rtsgwncdo+U0KmW3uTE=,tag:qGWmSsI1mzg8ZbpunxBuyw==,type:comment]
user4: ENC[AES256_GCM,data:FYMQFFTCue+umBl5OwJvlZ+NyocsRbkycr+y1L6d6LPdR9px,iv:ZX9Z0dqmBvvXlz+oEYd7vQ5rW5lvmlc+bneDguQld30=,tag:y3d7aDWOtO0T3Yf5pGnffQ==,type:str]
#ENC[AES256_GCM,data:KuuPQQ==,iv:LGGqLFV4CnUMLWaNbHj6bRseetvdMdSOefV1FeYlJSA=,tag:wXlqKM2BuoMRZAwYbv5eOg==,type:comment]
user5: ENC[AES256_GCM,data:T5p0POx9Cnqdlp0blEYvAnRNIDOCNVdpOBR4rVQ1/07/rOCX,iv:EZx6ToeORzHoG+aEPi9oiTcwp4bOIAJpPUvemhYM96Q=,tag:aSS+RY5rEzr62mbE+JDanw==,type:str]
#ENC[AES256_GCM,data:tmlMaaDT4Q==,iv:zDBCjdBioiXGbJve03VcwCt81hiFxyKqql9rp6zW25g=,tag:cxedo8U2FICH5yMoPXwQMg==,type:comment]
user6: ENC[AES256_GCM,data:LzYfIXgZP0q9FpxDM6skSTiwOxEO+N5wuFq86KAazqe8zS/h,iv:Jh7bWMVr5U69L1uARLMUciWvv/aRjJJeEXvU5bo8e3A=,tag:PxesHErVSlkbuNeeRpQfEA==,type:str]
#ENC[AES256_GCM,data:boB2Ug==,iv:echGnXhoj2wX7GDj302nbirmzQFCqql2jtY0JaNyla4=,tag:7YnhNwCFZ9rOstanr0wGcw==,type:comment]
user7: ENC[AES256_GCM,data:s1O6GRn/9T9DWKlcXJTnOoAPZnPgHGBpZZcEDAKRtiYAI/5p,iv:JyaGsolN5WgQekPYxJiJbniuxLPf3+elHHbd3+ZrLtc=,tag:32wNUTqyyaKoPRQdB4U0SA==,type:str]
#ENC[AES256_GCM,data:cvG7WQcnwj+u9A==,iv:ui40+u9yE/Prksmiqed1NjuHyNP2RGtgSMazfI8ultc=,tag:he2F4i71Z8gFdW3fmRdhUA==,type:comment]
user8: ENC[AES256_GCM,data:roCYRvszJo7weozfIRoGgUhIs1f2a5/a2d1b/Iy6WEbbehOS,iv:tcOsL0SE4qMRPZIGOlzRIaMJvcapx2H9HK4D8qmSbIs=,tag:Z0skFdgtpjSR7jli3dwd5A==,type:str]
#ENC[AES256_GCM,data:IFXAXr0RVg/DCA==,iv:pKdnsUFX4XXJIZleA71fAfua1ibSa/2tgjdqnhbt/Rg=,tag:2Fv397j/uJDFZ/uvBxtrQw==,type:comment]
user9: ENC[AES256_GCM,data:5HP+OVmf+dsS8sDHakC7Yx1HVutMoTbITONHQiSvHw+17M9J,iv:TYDf7lx04pHohbGBbPJvOAoIGUKqil59k4Pt405/9kA=,tag:HUxT/uSR8sYCXQ8uX69Fqg==,type:str]
#ENC[AES256_GCM,data:7TJeKZM=,iv:FKcgDOtV417n1xmufqB3WENrbZ0V93sI5/XhiDYouMw=,tag:TchW2jgxZAXHvvMYY089dA==,type:comment]
user10: ENC[AES256_GCM,data:+u1KwJo3Y4enFM2RVr379GF7O6r9bWofUEZ2994IIC+Ce2NV,iv:ssKA5y3JM4tm+JdVznQFUAYmlrHaWd8hQXs6R/aEXN8=,tag:Q5uuM1sBZJRYBe4XXTL3ZQ==,type:str]
#ENC[AES256_GCM,data:O3qEWI+vFA==,iv:R7HLFRNszV6yXwciNfk/rTbDQYLmKsTCQFCfWIpJdfY=,tag:DjuM2a48/lDF11aLIf3Fgw==,type:comment]
user11: ENC[AES256_GCM,data:4HDGJq9nl8oGeQEo0XBEUiJweAaZ9yWc9Ib1TM91Djj2jH8d,iv:1i9/bZhHkhc8dP9Pg4gIRnCms61AP9VYxAG4acV3gpQ=,tag:vID9DEXZu3wGbXDqsLVEAg==,type:str]
#ENC[AES256_GCM,data:CdJubErTSg==,iv:UKn0lvbCzJnE241Tg3yjSx4xZNbp5sa/NfgIlRNU5z8=,tag:6FMGY6hbMQQFoN31z4e4uw==,type:comment]
user12: ENC[AES256_GCM,data:U+ynUYI+l6McI9oWF4PNiLUwvNowdseZ5gO8o73cX8MsXS2+,iv:r0KIBXczRkubZqyM/LUBPp/x9Zb/rvDJIKGGKkR3EfY=,tag:yn7806HD7ei57UtpuPjlkg==,type:str]
#ENC[AES256_GCM,data:3trgclrgDXhKUg==,iv:qyLmCBaB5ql950diUj7YlPi6P3a0hYH8adADEI0AGrU=,tag:Oleq79giA9/gYBO8Carznw==,type:comment]
user13: ENC[AES256_GCM,data:M6JXRrqnKrdihAA1aUg9zzJfhCK5TLLRf4wZkemnlHyaXnLL,iv:OA6i+BGYTr9gILE3jzFILLZvPRZeAvmSbXEStihN3aw=,tag:WcpTKRC8crDhzKHcxjtICQ==,type:str]
#ENC[AES256_GCM,data:VryB1AM=,iv:6FdWfpQ53bdpkXZ22gpy8GxKb1X7bak0K/Oa56mP7Uw=,tag:VBg7u7MSMl4Pr72W6ugYEg==,type:comment]
user14: ENC[AES256_GCM,data:g8y07VaxsuTs74L5xF/XDlmYetOfXFwHEr+FCHRtFLKwTAVq,iv:TjT49pTk97l3u1wGG7BmqZr/LAMC2765er3HGarOANw=,tag:zt1ojulNjWcuKIdix6NFJw==,type:str]
#ENC[AES256_GCM,data:Bawjfo3ubW1eXA==,iv:m2/ViC9AIZUV3Wl9EBYV5L0QQDw7QgXPpQ7WX22XpQ8=,tag:1wqpie9BuDi7BiDCvRIWog==,type:comment]
user15: ENC[AES256_GCM,data:2Ylnb7ZJgr3ha0rXrjkscPX9zJI2L9aydfL5Ndl2b9cJmVUC,iv:mu0GlGGXH4njmi4KzsvFSJN2zC5IcXVQ6oqVv2ClWpM=,tag:AIhnDqQehLyJY+wh7RWTYg==,type:str]
#ENC[AES256_GCM,data:uORLUE+excPAuw==,iv:K1Qch9qkg5T59+lcMC7vHWu1mnOv2dH5cOAZHX8HhgQ=,tag:chVMn/kb3Rr3f2igjbsAUA==,type:comment]
user16: ENC[AES256_GCM,data:D4lPjTb2kaYfUSCCRaMpGNtzLIfvPvfiJK+kkTQtSMOBglpN,iv:FCpHHBSKDYA+H6fgabNggXJlenzg5am5excBknpD1uU=,tag:FPQaBfLiZ5PBJa8gCpBfTA==,type:str]
#ENC[AES256_GCM,data:Cfs0Ul9BHWW/oQ==,iv:OOcRWmc7fy2RnE7+TtSBauKa1k1/unC1nFJ2SJ3yWqk=,tag:q6MjcXEYuep1eRw5BJspqw==,type:comment]
user17: ENC[AES256_GCM,data:2mzbUcGRye0cdgQxoTzSeKaM+m1dUPvKq61uBnGvZDFXrqQ7,iv:hxkruf0Xo1ZNJ/ym5YdLGJF5aK5nXZMJ46XC18Aksmc=,tag:KrUCTgDgYndxhi8QSYpGwA==,type:str]
#ENC[AES256_GCM,data:vHvpcqJaH2hPTg==,iv:S1WbgLU+15FMJr699YGY4f9r8wIg880tjJo6W6APhx0=,tag:F7fbA83eco8/Qd6u4vUMbA==,type:comment]
user18: ENC[AES256_GCM,data:LwZKy71ecB/E2EMIaUuFV0a7j+16EWo8LA9/0Gc8lpXAQpaT,iv:+cjrRDSvW7KFGDlpI6W+eDi3bux+eQl6NXNjnUoj7L0=,tag:PurtN+Vede0DNTQqbea1Ig==,type:str]
#ENC[AES256_GCM,data:rhbv9bL/0d7pGA==,iv:XvKiQWO72BfHhVRyti5ST9+f9tPUne2IcMNC08kD9r8=,tag:qhA6q4MrX3lAELrrGM8LCQ==,type:comment]
user19: ENC[AES256_GCM,data:jOyA913cS21eGwjUPY/XrQUBofoHwsCHghpmjzGx7cBzk/K0,iv:wXAnuSUhJ+gwGvMF7/YsfgeTHOvQC+S6rM5DzypvOuo=,tag:b/FsoypjkVYLSfyowNL2Nw==,type:str]
#ENC[AES256_GCM,data:Q48F7+SNdz7duKY=,iv:KIb6lIJWAVXKekBhwPztkySYDA7IP4jMjDsWy+waeFQ=,tag:s8hEz2zrh1ZXNKi/IuVV4Q==,type:comment]
user20: ENC[AES256_GCM,data:D6+eQdWO/W4P1ul9zQLpUQxqNA+kytz5ZHH6HmU/jwSuq3hU,iv:U4H7Ez0P3gWBLVeQ6O4PN4AmVP7Ij3oArhMmfT1BWic=,tag:l6TNsJFXXH/+yMcszkVRrQ==,type:str]
#ENC[AES256_GCM,data:F8qJksiC3Z8GbJc=,iv:yDBYQLUFFSXMn5Vo69rXzGBWzA+GkYw1qHS/ShisH7w=,tag:mnxj03thlYN5KhKDUO7hug==,type:comment]
user21: ENC[AES256_GCM,data:QeSxzBR6fLAyoUsA4aGKilYHcF42SNdkwjdwWZbxNvqZU6bf,iv:ocZGB4i8M7qM9Ypp3BUlGIdGL0AQx8NdO5yBZFLB6fk=,tag:WMFmljoJSnCU8BL/GfiZMg==,type:str]
#ENC[AES256_GCM,data:LxUne7UMT32f,iv:AyVaLB7Ni6HB5BE+InEG99TQsEzdQG7EXoHXC8PLGlQ=,tag:j5GoVfDsqoHypkxYFNPjyg==,type:comment]
user22: ENC[AES256_GCM,data:lzFvCb/zbTZs2jmYUfl3onGeWjBCdjxcIzAIff/fm6Qre+HZ,iv:eSiosE3eOrl7iLnOV41w+pwdtcske/4R1Bf1D1qxsOo=,tag:r69jFKp/FlxN3MEL5E6EXA==,type:str]
private-key: ENC[AES256_GCM,data:xz7xFt/g++E79bIl6AeBWATHDB+gHBIoXo5vdWTeyrAT1RtllgYie9k3Fg==,iv:x7fdmSINQA+F7a08jpuvCAg7vIZpsYaoX+EnitJMUCk=,tag:GAb/RRdAOlteIQPxeIMAXQ==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:OR3OA8qJsq1gAYiv1rShNa8eODzIxPOpVbqbnseSCMUNx4+FeOgReTLl7cXHPxbBkrJbsfEq5XYm1QtRtxotdw==,iv:6vz0ezsFuCNsBduNhm4VQ+it6oEJF/eMxktVFhdXgug=,tag:hmW7BwF9C53SAHhu2HBLYg==,type:str]
@@ -104,7 +165,7 @@ sops:
d0h3aDh5QXFZYWJFdmNVYnJxQ3pBeVUKTl0XVvtwJcz+RpSylgDPl/R8msInxvWX
eQGmrDHibeE1V+KSDiuNzC4MVRIrOnh1beHrhnVQ86HwPVgJqs2FoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-09T01:35:04Z"
mac: ENC[AES256_GCM,data:q2BolEBB6Ik8yx6NHnnE3Wcl2rGVZN86dpfLJrrFOxWd8fZyfBQ/00v4dUZSZw0aQoMj1V2RBDyVtScuRiH0NVb6+RfX+0t3zTEf6guuJdurczLBz9+D51+Th3KE1uk+UjI7J+Q/TOWTvoGMj8P4XZCXQsCDIct/vbLGqNB9CgM=,iv:/6xR7KXXLejm9Iuqcxc/7IqLEckNhmaJTKzJGonSrng=,tag:XdeCoEkHefw2HqTGSchUJA==,type:str]
lastmodified: "2025-05-16T02:55:19Z"
mac: ENC[AES256_GCM,data:fsqb3NvXwyoGWfcJEV04XcWiifB/zEW+LU8twQ2sY3cZWR5KHAWgVXCXrCunYiSy/Q5nf+ldTgoXKdmNu1pVOJQQXRCY1q1y9MV36msAfIUc1hdkDlo2ka5+d4aBcpqr5nPo5ZU6GJ5by1p8WIPSOWCGfsqMMlKhIWJ+8YaqokU=,iv:cfveyxa/0/qKRHc6wsjAC9stZSkgF85khnp3LTtF+K0=,tag:5vVFg0isyJcg3Twhq5Ouaw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

25
devices/test-pc-vm/default.nix Normal file
View File

@@ -0,0 +1,25 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
networking = {};
};
hardware.cpus = [ "amd" ];
services.sshd = {};
};
};
}

26
devices/test-pc-vm/secrets.yaml Normal file
View File

@@ -0,0 +1,26 @@
nixvirt:
chn: ENC[AES256_GCM,data:0llBtdnPLl8=,iv:0w0huoNCvIiaL77Thj1iAwRY5edDlN7I4mMwiNKCzOc=,tag:Eh1b7dymn7jQtL5/rsxC1Q==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcldLRERrOHdadVA4RXdQ
dmsxL1o5aDdJTitqdXBzRWxqVmZKUzFtTlUwCnc2a1N4WUNEVUhsSlFuSExjR0Rl
TlFnNjVpUkpmbWdxYW5oblk5dGQ0THMKLS0tIDFBa0FKQXBPYThFTUwvd2tIaU9p
TERYVkp3dkUxU2ZaTnFRamRKclRRa1EKosUuvJXekUIxIHL8s/QuZf+hCXQS5dMC
HqZ74f/jvIW8i/Etu29VtK3n8MD8W1EenhJjfxOvhpRpLpzQP2GImg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK2F0R1JRR2t6NDhXVnVD
Unh5QmxDaGJtWmhsb1ZDRkMzUlpSeU9GL3lNCkU0ZVYxaWs3MHZDQlNHS25WMTl3
VVVtQUlxeXNQNVQrSTdSbWYzSmlPVGMKLS0tIDlyRm1tYlR3WU9ISjc2T3BSY2FP
Z3h2QWh6eDB6L1krbU9SS050dUhEamMKHnvdCmLuhuIfeBRs3LJ6IEatqrlMJNnc
vhPTVgfn+M8dGo+odTTwlvr5XGzE5cMSxGtdSE33JsbBFfVyaPCFjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-16T05:29:11Z"
mac: ENC[AES256_GCM,data:s1HBVQUDbYP63EntEXe/+9mqFj2zGEtx3ibFauBYmjJvtvw2hs44ODNebMxjasT8zTYICJWWZJxwMvpUs/CbcmSjPAXTV8379lzlOmG2wZLezF+9jWdJi3ZDvM9Y1D0/4GnaIRHof/+kPn/ykFE/gQhP5PQ4OtoV+VTR2fuwDaA=,iv:TUTM8tyZxiAjU3afazfmse+LL53hrSFSCIX4KIDyQq8=,tag:Vx4GsOPAXaZz0rEjsJS8sw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

50
devices/test-pc/default.nix Normal file
View File

@@ -0,0 +1,50 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
networking = {};
};
hardware.cpus = [ "amd" ];
services =
{
sshd = {};
nixvirt =
{
subnet = 123;
instance =
{
chn =
{
hardware = { memoryMB = 2048; cpus = 4; };
network =
{
address = 2;
portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
};
};
chn2 =
{
owner = "chn";
hardware = { memoryMB = 2048; cpus = 4; };
network = { address = 3; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
};
};
};
};
};
}

27
devices/test-pc/secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
nixvirt:
chn: ENC[AES256_GCM,data:0llBtdnPLl8=,iv:0w0huoNCvIiaL77Thj1iAwRY5edDlN7I4mMwiNKCzOc=,tag:Eh1b7dymn7jQtL5/rsxC1Q==,type:str]
chn2: ENC[AES256_GCM,data:vlvFNwMfTMg=,iv:DKgX3DCvkfADF/Pj31bRTx/dfTiMxv/JaeN76Kppob8=,tag:SOioaCz/CvvLn2jB+08THQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SGQ0R20zci9aU1l4d2Fs
YkRZQ1FGUW1vSEd3S3FBdGlSTXB4dW54UVJJCk5MMEFZSzdYTFRQL1FRZUFWTXFh
cC90bUx2dkdHUFVoMkhyNjR6U0w1QTAKLS0tIDZHZE4yNlV4cFBTVGN4c3VYZXZ5
enZoU21MQ2VJbHlhSnhwUkNXZjV6OXcKzvdz1TNs/PDISx+QSi6cJ8vWNtZo4jfD
qsrwpxvHou/wptLzYg5gXQuXB0izpOW/AtqA1XqLcTUbLzcRhqFvMg==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWUJVZmdVbWxXck5EY0tR
cFRwZTlWVVpObjFneE95bXNPSUxjNE1DTlg0ClNQRy8yVmF6QWxuY3RGLzdJVEE4
WXEwb1NGVUlJWFRqeWlyN1J0eE15QnMKLS0tIENRQWJ0VXlzNHV6MXh0QUVRZlJu
RFFteDMzeGltVER3QjlpdUllZVNJS3MKyOMAu5xYr1z0YlNDFvaE4l4bposMTPUJ
K13yerfRBxDlOrMhG/lSovusBPkmS3HejDedGgYi1WMvgLuOkNWZ2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-18T01:55:44Z"
mac: ENC[AES256_GCM,data:wGHagytOT30EgjPezkaLXrqml/tn8oMzplYgThb9JbnXJzpCMnZnXeAlnRW/zdXY+Vt+kRfGCm2W/3sif5wB+gu5DCIeGC6OZy9brMVIQLceQ6Wp7IwPTDjMIGYtqe+T3QX6LFAMPUVZOHNBL9eRdO27G2TGP1ojH69MwNt4aQo=,iv:Rn26bQ8crsVFbLAxPcvLeQWwRP484rS/UFnmg8xeTwc=,tag:zs4S6VPNKFUZU6xxC2rIuQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

29
devices/test/default.nix Normal file
View File

@@ -0,0 +1,29 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "haswell";
networking = {};
};
hardware.cpus = [ "intel" ];
services =
{
sshd = {};
nginx = { enable = true; applications.example = {}; };
};
};
};
}

30
devices/test/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
hello: ENC[AES256_GCM,data:y6Kl7kHqgft7T1eiFEeIppvosCACIcVWIQm6TzjS6RgUkJEg17GEZFRy2zTvVg==,iv:wChah8rTtEkkR8pRHO9NdhaGBwsTrrP+tPp7k2SOdn0=,tag:jRdYgJoKz+Q+/m8l/03JoQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcldLRERrOHdadVA4RXdQ
dmsxL1o5aDdJTitqdXBzRWxqVmZKUzFtTlUwCnc2a1N4WUNEVUhsSlFuSExjR0Rl
TlFnNjVpUkpmbWdxYW5oblk5dGQ0THMKLS0tIDFBa0FKQXBPYThFTUwvd2tIaU9p
TERYVkp3dkUxU2ZaTnFRamRKclRRa1EKosUuvJXekUIxIHL8s/QuZf+hCXQS5dMC
HqZ74f/jvIW8i/Etu29VtK3n8MD8W1EenhJjfxOvhpRpLpzQP2GImg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK2F0R1JRR2t6NDhXVnVD
Unh5QmxDaGJtWmhsb1ZDRkMzUlpSeU9GL3lNCkU0ZVYxaWs3MHZDQlNHS25WMTl3
VVVtQUlxeXNQNVQrSTdSbWYzSmlPVGMKLS0tIDlyRm1tYlR3WU9ISjc2T3BSY2FP
Z3h2QWh6eDB6L1krbU9SS050dUhEamMKHnvdCmLuhuIfeBRs3LJ6IEatqrlMJNnc
vhPTVgfn+M8dGo+odTTwlvr5XGzE5cMSxGtdSE33JsbBFfVyaPCFjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-10T03:54:30Z"
mac: ENC[AES256_GCM,data:JMr6ybbOk7tDZKUo11bd0xwUfLUuE4DIB5sYOCEVuaXLpDirgMgNSQgayqnnYDLOC7kGA7wDbbcxWhdaT8TcyYwdeha3SgA9mjkruPtOZ4R+ozfLDeqa59h2P+xronaOCDdl9G2JbhLA+k/S2ImBP43iPbcycJViSQs0RrntMxY=,iv:3ZILO4L01r4I2SJWOxe4pp9XLWo6KPPl3t/IbIf07+8=,tag:jhf73Y42fOYmeQS2oA0qSA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

6
devices/vps4/default.nix
View File

@@ -17,17 +17,19 @@ inputs:
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
initrd.sshd = {};
network = {};
networking = {};
};
services =
{
sshd = {};
fail2ban = {};
xray.server = {};
beesd."/".hashTableSizeMB = 64;
xray.server.serverName = "xserver.vps4.chn.moe";
};
};
};

59
devices/vps4/secrets.yaml
View File

@@ -4,43 +4,27 @@ xray-server:
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
#ENC[AES256_GCM,data:4Y00hDJ+8Hjq3Q==,iv:XWZYNC1T5B55B43tcuzzvOOFtHqZJ9XDuEaYQOO5cR4=,tag:5oNFsqUtSiv8CY6aHyGjNQ==,type:comment]
user2: ENC[AES256_GCM,data:MRMdc7LRYqgRsfKKW6LnP14g3JoFT6g7jzkXW8gIAeqypyoc,iv:tfPBD2FkIljz3xasYNJsj3vh2lEObrvSZ95FyCgWcTs=,tag:B1PQpyX24DqrPscL/pjZmQ==,type:str]
#ENC[AES256_GCM,data:gGd3kkNcyIwOXg4=,iv:vILDvtdvopPM8lZDDpedvtXYHpoPvPn1A8AJca41r9A=,tag:2LMImcmdyPKsQDloq7041Q==,type:comment]
user3: ENC[AES256_GCM,data:+KUVcqy18t6Fd+QNgB5DeZkNSA6lsjebO+xnzxzIjWuZ9UmS,iv:qugbmBv9jk1yfH2s0A0jla0DR3jkdXLVUeWGcj6v68U=,tag:4FUf/guDzPqgDcb1086WTA==,type:str]
#ENC[AES256_GCM,data:jCgKe0t2xQ==,iv:UE48L/JpobN6LUd6Z9RlsUGSJ1sHHgiL6xj8lPztwJc=,tag:xnwWLQm+GIUzsfBO/TXhrg==,type:comment]
user4: ENC[AES256_GCM,data:3yrdvbcH/ToAQpTLppSVp2FNGjatyBInKP85bAY9OrEtzhhQ,iv:4zvb1nzKjrCNWWKelOnDhsNBAC7Ak6ZpJlvQKqGJrgc=,tag:dBOTBJDJhJsKHKg/vGmpxQ==,type:str]
#ENC[AES256_GCM,data:2ptsDQ==,iv:dEzyk6NQcFZQPx8h/ViCqtRaQ/8dfMTVKBq+iguk6nU=,tag:11SLIAhtcHja4G9HUXr9Ng==,type:comment]
user5: ENC[AES256_GCM,data:NO9rpzFkySistf9++oXpo1tBaa4XtPtcCGR+2IWmhQYEH/l1,iv:OG+U0avgo9mjmU3soxRNL71ZC7Ee4ijpsJMRn3jYvhw=,tag:QuBFX2KHgNJ+f3RwqEH4+Q==,type:str]
#ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
user7: ENC[AES256_GCM,data:Ie8M385wtRx8bWIdCupnda799kL0OLBsWdk9pHTY7IxxaZbn,iv:OrRYOkaC9uI9E1Eb8GYqmYr9VAUM895oO8NSdvxUPCQ=,tag:NZTUE4KnUjhg/auoALavTA==,type:str]
#ENC[AES256_GCM,data:Wwq+ypJgx6OcXA==,iv:dSvFz4I5tFx+ZVClxNGKwcbIQe7OY43OzAhqRiDK2TQ=,tag:CYUs1cJ/zqc+Y0yFec7Upw==,type:comment]
user8: ENC[AES256_GCM,data:2GyFDXIiAN3mTobwnY4czV2Egoin3B5Ih+aet3yT+krPTkPq,iv:NwrzO//HXwKMudgD+yK1hsj9o71RG6BfBle3logvuLE=,tag:WWpioPsnhHvVSrzAmN16Sg==,type:str]
#ENC[AES256_GCM,data:vVz6E2juGqXS1Q==,iv:9itEkwMsW8cqSzwV2EZtgJVgaW7aJJ5fw1rLuKFwiKM=,tag:9hRADkot8kELoYAgd6Dz7Q==,type:comment]
user9: ENC[AES256_GCM,data:HgSVrry+nKGW9X9N6h8hsI9VETKtSEi+/ZC9QvNZW4zETQxt,iv:ERgmCDPBpboA/+Sxeq6BvWoMxsv3Kkczqb/mbXz9pOk=,tag:bklzRg9toKy//6T8xdtbRw==,type:str]
#ENC[AES256_GCM,data:2sHxXec=,iv:aA61+cmDw4rHab7RuRRK3eUDx5d6gpmfw4RpQ6Nd0mc=,tag:H9kovJyn3Te3ir9X234VGA==,type:comment]
user10: ENC[AES256_GCM,data:CqrwaZp1fHd/WEGQH3xWI8DZ2/AavCqwTtwZeHmnrct5yoD3,iv:IBOHGQlw+uQt8Ryp/mCDcglfSPNXvvHOjNnrT+7nOHQ=,tag:tEkGEtPaOBK+P3LrQzOLsQ==,type:str]
#ENC[AES256_GCM,data:Rw4BWXZutQ==,iv:rXe2i1G/xQkpBl0wh6VIzaNoidCc3JL4sy6v5hcOF/M=,tag:2tZyH8B0ZL7XptKHk6TcAQ==,type:comment]
user12: ENC[AES256_GCM,data:CsbquwEn+iOKCzda8z26FYk2i5aPk2xzqGIYORiD4lotvnFE,iv:zHPmlT4LAc6NDjXrExze23dZZFIj0c1eR4WW74cu+qs=,tag:5MDFrZNgv54mK05ImSvpkw==,type:str]
#ENC[AES256_GCM,data:vqYkwGVcQ8yZbA==,iv:1ckVSiAgjuT/K0MuVHe8D2hHE7X2qxCHpb+y6nrFCsI=,tag:so9oFl6bXlJT2O+prplazw==,type:comment]
user13: ENC[AES256_GCM,data:KUraqncs8iPr7z+COfJ1z0TLNLlgctxy8FCav95+kkVXtStx,iv:Uv90bnVmmQh6f9pKOWmEKCul5VPxF7rrQ9GYrsCGPp8=,tag:I0r5o8xIYuq5/MIXSOHT3Q==,type:str]
#ENC[AES256_GCM,data:F2x+2zrePYDkCA==,iv:aTMeqvGVI43xLsN9submgciiJEjY4hYypJ9RJLIBYTE=,tag:quKW+MATVzRw1bda2jGjdg==,type:comment]
user16: ENC[AES256_GCM,data:BjnUUnNyqUvvPbfa1CeYvcVbMOwz6/Em4YhxRgmlicOSwro+,iv:LULwzjV5PRihTHNZFJ21IrDG3rW3qX4CYwF4Xu1KdZg=,tag:pZAI4OEx24d6h/h9JyQ/hA==,type:str]
#ENC[AES256_GCM,data:aka1O9hn/dZX3Q==,iv:rWik4cYtHY/Z3xQ0p/i49zTXVmKEQDV4OMn12UaQr3Q=,tag:hPm4bugH9RAtsykj0BJ0Pw==,type:comment]
user17: ENC[AES256_GCM,data:URZqRUDtG5FDrZDsmI7CFn4ilp97GJtgaVVB+j0dRUdtVGoq,iv:iUkcr6Oo29y5PIGF/GJRltn5DD19yEcBIsJAaYs43AI=,tag:gzSsjeQxvjvfFVkDHPkfvQ==,type:str]
#ENC[AES256_GCM,data:JkMniTrakuonAA==,iv:V5KmQL+C5O2mb3ktlm1ITjLaa1NxToQlyToqYbGme9U=,tag:UTZm05uyb5j0Pf9vuxyIxg==,type:comment]
user18: ENC[AES256_GCM,data:fFtnkBnaOktHaIfk7dN2U73UkloToiLvP3Pg2VAqPzvTE49h,iv:DZrba7RWmaeOQsqh3Kq/IuFS9so5u5ItK5WwV/65FYE=,tag:v+pOozYvrJJIsj7A/a3S/g==,type:str]
#ENC[AES256_GCM,data:gR0WsUYdBZBWjA==,iv:rnXZQaDNu+cEzneEa6/2pO+qUXl/fut8FJ3n90A6ATs=,tag:azNGPfWv+ZgOU/B5PMCVZg==,type:comment]
user19: ENC[AES256_GCM,data:S8VSoBIR/RqwctgYPtyIPEK2hXLr4LZ/jJvvFHA6CGgp9/Ff,iv:8eLCZEaiquwZyswwLkLoJcl7UPWTVYmQqZ2egAGFWWM=,tag:VgJiSt8eRcRhppMXkAkmKg==,type:str]
#ENC[AES256_GCM,data:vWW1bNyENgcspxI=,iv:xXCrjHyxVtodkVu/wgy1OrHGGm20nEd1iyparWcycYE=,tag:FRu132btquzXkiLXlnq1Iw==,type:comment]
user20: ENC[AES256_GCM,data:Wux6pzwor0B1A9d1y0QEpcNnYn1pObloHxghSONHcsQ266/7,iv:jWSuswV6vTQdL764I/zxFC5gkFOa5Qwj54rggmmZX7I=,tag:4hmqBTn0T3a6Sjt9lofwbg==,type:str]
#ENC[AES256_GCM,data:IJWHWxbhy+gxhxk=,iv:HzMi211JiVfHUhEJm+q/K0tCjUEXDhollUf8Bm+HVA0=,tag:P22Q/h+DUhhJayZftcvVfg==,type:comment]
user21: ENC[AES256_GCM,data:0X5x3SATZm25kVf8cu7TGm2t95DneLAqhP16fRQCtROzyZyg,iv:dmlwRmubnRq2fNdNz3lVlAVYpPjVHkFm60IvPcajjds=,tag:eDJYYf3eRw+FxfaHiRDk5Q==,type:str]
#ENC[AES256_GCM,data:O3ovvRYzFrQY,iv:/Zs8e6u7wdp18AacZ3WWBvn5PDtXDnQ6ZyqLiyYmvAY=,tag:HmhKBI3aRCIR34vOEnv1iA==,type:comment]
user22: ENC[AES256_GCM,data:ee0naewdOjIxA0QEpmUyOSu++sUJQneEufhJBHiyOR7jAPTU,iv:09fZ0dLUZHp9wM2lCiIcTzFey2AkWBmnUCfq8W3FM6Y=,tag:dHBVo/Ok3Q9vy1pIbWC1Kw==,type:str]
user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
wireguard: ENC[AES256_GCM,data:3h+cpSHULgwlI/zOI0IL4t4diDzm7qWW1sOWZqkFRWCB0CAfGyydGNlZkqA=,iv:pVpmw0aEDssQSr724h9NvJqFMHu0NupDfCSt1RWVnUk=,tag:fonuszujTzeo2HqO1OokEw==,type:str]
acme:
token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -60,7 +44,8 @@ sops:
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-09T07:42:38Z"
mac: ENC[AES256_GCM,data:fQm8aI6KdoJVxcl4MQP7Q6EZVqmmLFo9A3Hjo/tKZA+VOYvQWFBxIKwy5Cj0SBi4pWsSjwG6pJZ7m6Wh/dDK4KlgkoaXgAYj+efHtScOH5Gkb0sTpAkHNL+/CJ/cO1doXiXRGj47fn1QB9o9WBaomtOWQbzDts4eFs9pdm8TAq4=,iv:91Ilig4j0ELHEatTY7ALKwwr8AzYnRwhKbdWDcufZF4=,tag:UfwaudQTNKu+uryCZjo3mw==,type:str]
lastmodified: "2024-08-25T03:19:55Z"
mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.0

33
devices/vps6/default.nix
View File

@@ -17,16 +17,19 @@ inputs:
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
initrd.sshd = {};
network = {};
networking = {};
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
};
services =
{
sshd = {};
xray.server = {};
xray.server.serverName = "vps6.xserver.chn.moe";
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
@@ -46,7 +49,7 @@ inputs:
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
main = {};
main.enable = true;
nekomia.enable = true;
blog = {};
sticker = {};
@@ -55,31 +58,15 @@ inputs:
};
coturn = {};
httpua = {};
mirism = {};
mirism.enable = true;
fail2ban = {};
beesd."/" = {};
};
};
networking.nftables.tables.forward =
specialisation.generic.configuration =
{
family = "inet";
content = let srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0"; in
''
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
}
chain output {
type nat hook output priority dstnat; policy accept;
# gid nginx
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} tcp dport 7011 fib daddr type local \
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname wg0 meta mark & 4 == 4 counter masquerade
}
'';
nixos.system.nixpkgs.march = inputs.lib.mkForce null;
system.nixos.tags = [ "generic" ];
};
};
}

35
devices/vps6/secrets.yaml
View File

@@ -1,3 +1,5 @@
frp:
token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
@@ -5,39 +7,44 @@ xray-server:
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
user2: ENC[AES256_GCM,data:+MKTpaA8hO8q0kyY0V1csedLOtIf760Vr0+WllGe9lgMJ5da,iv:5txOM3sFOhKVX4EVozb8XHWLU0fUNxCF9YAwTYaTL6c=,tag:jkgOVgiEc5phY1XNETsdpA==,type:str]
#ENC[AES256_GCM,data:s6BwbmIwmC1J+vA27pPGh0Q+Rmowkd8ES3hYOny3vX+tjWtW+qiWBz2A9M4=,iv:XXPPaVyP7fEUhNJay2mjjC2f3Vg3wYtBUDoSYQt1Iew=,tag:B2WAfg2Oqwp0t0gE7Jdq6w==,type:comment]
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str]
#ENC[AES256_GCM,data:RVChRrOl3R8DiKPS7yduAu5RG7d4VkOZ5akRTp18mK7Hz/xQ7FpxlNqGJcQ=,iv:j7naYq9tD+G5dDB8+hyUVosA3p2O4wlkcxIBlO7hRdo=,tag:TvlSmZwTDGLCX7qOR5Clhg==,type:comment]
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
#ENC[AES256_GCM,data:nTsDaAIVIP28YBCw0XONqWoYziAYhszJhLBlJfbFM6w2NB0nQcYWAanhkkA=,iv:rezGcsfxcAUjTtBFd099TDrV+K59cb0gbJCCVqH+nCA=,tag:5g2Zl82MNuHTf12Tb0GWcg==,type:comment]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
user8: ENC[AES256_GCM,data:AnZb12dioiCamubOb6fsGWoM55zfPMeRbu+j8bRRcMfSQFJf,iv:rB+4B11JFC0oS2ExUW18f5WvhnE4EuHh3IiEyxWeY3A=,tag:jt+3yxDvhusvB8ppbdAwzw==,type:str]
#ENC[AES256_GCM,data:hG7EUK7V9QObh7rHKtgTESwNLOf16WXoQrCAAEiK8Nzsr7atwh9DqNIJAww=,iv:3zAY7CImCzvNmsVK/OG3VgYSUL1wdt+keYtuskGO7Gg=,tag:7JeGHrlVkAUOX7bhd8UJaA==,type:comment]
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
user9: ENC[AES256_GCM,data:+SA+VcZcy5ckuS/46Dn093VvuqxrIACuqMAMx6Ko5yw0DVdW,iv:TeLXb1WI7uhcPDkXYSlKIxdE6Kz+nCnlB+ZYpWcaF4I=,tag:YB0sPD9yHMARhiMJs7JKcA==,type:str]
#ENC[AES256_GCM,data:C6ri4a3iCXf7I3PWSoPk1y4143TTFugot1MMxdawWxGyfg/P7SYUBMs+T0U=,iv:v2lCOw+p0hJhXNsUpTSCvqNSBtPaPJGMrk6ukJYtB+w=,tag:WXq9rUYDQKN/cZzZ7CFQvA==,type:comment]
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
user10: ENC[AES256_GCM,data:Pec0CVGia/ZIaq7WerZlr0/waJ/Ev1OKwt7V3PBxBSFMLi7p,iv:wYTdhv4Xoe58KBIwV1vk/V4IcdVzQrBgmzGaRD7qHQs=,tag:IZVt5LmjTUge8XntujJlTA==,type:str]
#ENC[AES256_GCM,data:Gs2pJl4YMPRBDZCmd/1ycXJcArdIb8cUAQ+09OuRm7z/x1ATc9xVr7dE+C4b,iv:JYf4sTzJh7PoQe5yFAC60mJ5zKUIof7QKm5jMfiF5xE=,tag:/CJPT/OmblQvzqkQ1VCP/Q==,type:comment]
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
#ENC[AES256_GCM,data:JOabknMamJFImHErEcsrAMuYBXzJkw/Gm0+6rWrer2ePsoOakN/A3ByCPzwQ,iv:wnUFMeGfkUMkkpJBrFswy1SwJzVBDehEoilnzb43MgY=,tag:sXCKkiwtDp9v7ptpuAfOhQ==,type:comment]
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
user12: ENC[AES256_GCM,data:iTZViWyKkCU1y6mvB0NzkXf3I98U/+nCs21ZD6M285YKaU6q,iv:vFgA3sv/7ENcw3gyJLiiHLwroXtVJjAxZXViqjXF3mQ=,tag:u3b9Uu6TIPPYX0TW5X5Sjg==,type:str]
#ENC[AES256_GCM,data:LRRsL6u+FH3jHa8UAhEXrb3UTQss9piBle2aH2xuuFw0cupmRd5PlSOBIbvQ,iv:0cccpn4bWkrla6COI5g6pDDW1JoVK4UULYteXoJp38s=,tag:+EFlWxGIw7k85Q2RIL/YHg==,type:comment]
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
user13: ENC[AES256_GCM,data:ID/A7yCWQIWRoU7Emhel2ASZfTweqXYmpC5q6Fm6ptD0XfCu,iv:YrFjIilO4pH+QxVVDTqwkufj2VSC38y9lAJfD8w522I=,tag:1v/T7vWeh0LMi0OL0FVs9g==,type:str]
#ENC[AES256_GCM,data:JFKeeVBSBO8pWttZy/fTX1YaVV69Et1GmHVDLZ1E5vUY3BvajjjS04t7V5TG,iv:rZJQTe5+YgJ6X6uPoQcpTw4AF+gQCVSMe7maFetLEPg=,tag:H4ravqgOgQYgVXMayv7tXw==,type:comment]
#ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
#ENC[AES256_GCM,data:dpOaSMuXhIiwb+yD3TgOIKkeWBusQvqHbj4PuvH/anF5/P8JagplDpBSIimJ,iv:PkVIthbA21sFC4J4VmwZ/1HZqA6qbjVPnJoRszmeVbs=,tag:PcXPRYLzuC9F0YfNT4mi3A==,type:comment]
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
user16: ENC[AES256_GCM,data:esInSvj+a90TAl+b/n9m2iJsH7e6tlQRwSsoLBCy8KA9a0Z3,iv:U4c0pZzqS1s5H6XW3YRSCvDhtxnwCnyKR/tObefX2Rw=,tag:YtY/t4xsmZaj4lC39XQ5SA==,type:str]
#ENC[AES256_GCM,data:DeWybZ68gAH4cukohO+OQqeNrnRlUdclGHFeH8aBcn0aq1iWh1UCgtiT5xXd,iv:HYq+CiPWCswr+7+uwUblN8N6T38WU/qu9F5VzaLp4Gg=,tag:YKunlBxH4H71FRSuPxR8Uw==,type:comment]
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
user17: ENC[AES256_GCM,data:6h343SreoMqz5ZHkdyDI/je4v10r5zBV7cWc6Pj4x5sI2cvE,iv:7WSikMxAZJUnv3+GPq40d8r9JkKRRH/SPW5F5fy5HHY=,tag:6h5Z7+WXT/dLNeEIrC0UGw==,type:str]
#ENC[AES256_GCM,data:tkJTZZjJfQdU0EDQw9mmc1GRlSpqdwOdsE/QCw4BedDbixjElKqUC5MPRR/b,iv:/3obljBcGiXJfzlTQivkVcaWWcsiqokuU/DmUTchpwg=,tag:E80OLtqoM5XuGk2/xYBYKw==,type:comment]
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
user18: ENC[AES256_GCM,data:HJj0e6EHXEYmDXlZcS8UlfEQo/4y47w3sYKgb2Ojq6E4vMdE,iv:xThlGl/DDLLgoY5VkBSCx9HIvxy2ZlO5Q987vIMu0lA=,tag:gB07jP6Do4/6RmVaLB3Ecg==,type:str]
#ENC[AES256_GCM,data:LXBBph+nPScs6CSHPKwMSvcgFtWrmcOHEhhDZUNClb/7ixJFno82QnRwrnTp,iv:00I8csKFj65qeK8RPbbQ18oQZBrYKeFV3eGwfFXyGDc=,tag:uWUPNfu5Tmqr2LDkijc5cA==,type:comment]
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
user19: ENC[AES256_GCM,data:unW8dOhNbPNLWd7X2prpD82tcqUua7msq8nX3ykFs8STsuto,iv:OLaZ9XQDFGaA1VENgsSn/3HQXp957Zf9MD9GPZ4KLE8=,tag:UK27LK+De3AzbI2mEIsQpw==,type:str]
#ENC[AES256_GCM,data:ttTvPgRtQ4tYmYBSNaO+Bbs/Kz85vuNX+2Od4cOG6yD9yqrSdfLRwVvedVol,iv:ZWZX5rytwefvte/NgNlmmp9FN9vuZ62KVhVgVwX+g7s=,tag:uXx87i/ly6GkLgXA4+QULw==,type:comment]
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
user22: ENC[AES256_GCM,data:LClSrxtBzuJUD4J4QaYXHUr8XSi+N7Zh193j/YeBZRm9sjgf,iv:djiq3+iVnuKK2HveoCm/j8FezzrHRGnjbyoO6iGm6eA=,tag:N5hqYyvJGxnwT8wbxdnjiA==,type:str]
#ENC[AES256_GCM,data:FnindYeqk6g6aZgajHVejfHPqeF+uSX3QzbrDS6XLZz52aQF5ZQSiJQCaDha,iv:c/mrS0jfy5EzQe4Tkm0QqBH9/okJnCsRZFGhzSjeit0=,tag:e5otDw+I2d7moybCx4jeqw==,type:comment]
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
send:
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
@@ -64,7 +71,7 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-12T23:51:02Z"
mac: ENC[AES256_GCM,data:3QxWxinb3a7jvmHJO1kcePNwd/igurjFWVJw/sGKBuZpo47LU+W8132b9GpKs79AedDa5BM5yu0XN+CPrkviMcNuX5a3lLy8oI22a1N8fuKjEehld1Jq/boitGIsgJgb/M0Hn6yIq1ytuWuxoj2cOvmkEfNuyWRew+htI4DhJ/E=,iv:OyCWfcn218oaA970T9miIWIGSwOFeUbtWI0xO/02Hrw=,tag:c8riJplInFN1ZSPH3ze0QQ==,type:str]
lastmodified: "2025-05-18T07:37:52Z"
mac: ENC[AES256_GCM,data:nfUU2BsDuErJGm8sVB9shRv4N+cIFZmAF1vWF4iZmcJwjP2PekVWcp4COPAlapy5oVhMutr39oW6VsltTR27jVxhI4+dueurMU7KRLD5Bwpk5hQmMAfZxvl4GaP50zehJbCwfApiX9CcjwCUxUjraTs4rG6LK2+8d5Z0PYosm2A=,iv:TR63cpbe3z0K4bWpbEnv/DE9jnAJV1Zv+Aj0HXoA16Y=,tag:fS78JUapMvBtZCFtM1z07A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

13
devices/xmuhk/README.md
View File

@@ -1,13 +0,0 @@
# install nix
1. Build nix using `nix build github:NixOS/nixpkgs/nixos-24.11#nixStatic`, upload, create symlink `nix-store` `nix-build` etc. pointing to it.
2. Upload `.config/nix/nix.conf`.
# install or update packages
1. On nixos, make sure `/public/home/xmuhk/.nix` is mounted correctly.
2. Build using `sudo nix build --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' .#xmuhk` .
3. Diff store using `sudo nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' -qR ./result | grep -Fxv -f <(ssh xmuhk find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' --export | xz -T0 | pv > xmuhk.nar.xz` .
4. Upload `xmuhk.nar.xz` to hpc.
5. On hpc, `pv xmuhk.nar.xz | xz -d | nix-store --import` .
6. Create gcroot using `nix build /xxx-xmuhk -o .nix/state/gcroots/current`, where `/xxx-xmuhk` is the last path printed by `nix-store --import` .

69
devices/xmuhk/default.nix
View File

@@ -1,69 +0,0 @@
{ inputs, localLib }:
let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = "/public/home/xmuhk/.nix"; };
});
lumericalLicenseManager =
let
ip = "${pkgs.iproute2}/bin/ip";
awk = "${pkgs.gawk}/bin/awk";
sed = "${pkgs.gnused}/bin/sed";
chmod = "${pkgs.coreutils}/bin/chmod";
sing = "/public/software/singularity/singularity-3.8.3/bin/singularity";
in pkgs.writeShellScriptBin "lumericalLicenseManager"
''
echo "Cleaning up..."
${sing} instance stop lumericalLicenseManager || true
[ -d /tmp/lumerical ] && chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical || true
mkdir -p /tmp/lumerical
while true; do
if ! ss -tan | grep -q ".*TIME-WAIT .*:1084 "; then break; fi
sleep 10
done
echo "Extracting image..."
${sing} build --sandbox /tmp/lumerical/lumericalLicenseManager \
${inputs.self.src.lumerical.licenseManager.sifImageFile}
mkdir /tmp/lumerical/lumericalLicenseManager/public
echo 'Searching for en* interface...'
iface=$(${ip} -o link show | ${awk} -F': ' '/^[0-9]+: en/ {print $2; exit}')
if [ -n "$iface" ]; then
echo "Found interface: $iface"
echo 'Extracting MAC address...'
mac=$(${ip} link show "$iface" | ${awk} '/link\/ether/ {print $2}' | ${sed} 's/://g')
echo "Extracted MAC address: $mac"
else
echo "No interface starting with 'en' found." >&2
exit 1
fi
echo 'Creating license file...'
${sed} -i "s|xxxxxxxxxxxxx|$mac|" \
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
${sed} -i 's|2022.1231|2035.1231|g' \
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
echo "Starting license manager..."
${sing} instance start --writable /tmp/lumerical/lumericalLicenseManager lumericalLicenseManager
${sing} exec instance://lumericalLicenseManager /bin/sh -c \
"pushd /home/ansys_inc/shared_files/licensing; (./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"
cleanup() {
echo "Stopping license manager..."
${sing} instance stop lumericalLicenseManager
chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical
}
trap cleanup SIGINT SIGTERM SIGHUP EXIT
tail -f /dev/null
'';
in pkgs.symlinkJoin
{
name = "xmuhk";
paths = (with pkgs; [ hello btop htop iotop pv localPackages.lumerical.lumerical.cmd ])
++ [ lumericalLicenseManager ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs; };
}

2
devices/xmuhk/files/.config/nix/nix.conf
View File

@@ -1,2 +0,0 @@
store = local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log
experimental-features = flakes nix-command

20
doc/todo.md
View File

@@ -1,14 +1,6 @@
* 测试 huggin rsshub
* 打包 intel 编译器
* 切换到 niri清理 plasma
* 调整其它用户的 zsh 配置
* 调整 motd
* 找到 wg1 不能稳定工作的原因;确定 persistentKeepalive 发包的协议、是否会被正确 NAT。
* 备份系统
* 备份数据
* 清理 mariadb移动到 persistent
* 清理多余文件
* 移动日志到 persistent
* 更新 srv1
* 告知将代理改到 xserver2
* 准备单独一个的 archive
* 使用 wrap 好的 intel 编译器。
* 在挂载根目录前(创建 rootfs 时),按用户复制需要的文件
* 挑选一个好看的主题
* 尝试一些别的计算软件
* 解决 vscode 中的英语语法检查插件,尝试 valentjn.vscode-ltex
* 调整 xmupc1 xmupc2 启动分区

470
flake.lock generated
View File

@@ -1,36 +1,14 @@
{
"nodes": {
"aagl": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1750597708,
"narHash": "sha256-jpoh3tk4F4C0MZsXYqFt1fqm4qYOcyu3RtJlmpabpDo=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "5e4851010e05030553f2265ced86b155dfe0bb93",
"type": "github"
},
"original": {
"owner": "ezKEa",
"ref": "release-25.05",
"repo": "aagl-gtk-on-nix",
"type": "github"
}
},
"blog": {
"flake": false,
"locked": {
"lastModified": 1748787595,
"lastModified": 1742891194,
"lfs": true,
"narHash": "sha256-FFkwHb9DEdBjBaaH6JuhlmpP7ReSEWTy79P3i/eH708=",
"narHash": "sha256-MTP/2zAh8VUft3mlgLOWYRuYslDKDu+YRM6BM8r9L9w=",
"ref": "refs/heads/public",
"rev": "d9020a59f07f7ced60c854f324df8879b249e8b6",
"revCount": 32,
"rev": "99ec653eac9f8452500ee3a2d553728dd60a1a11",
"revCount": 27,
"type": "git",
"url": "https://git.chn.moe/chn/blog-public.git"
},
@@ -40,43 +18,34 @@
"url": "https://git.chn.moe/chn/blog-public.git"
}
},
"bscpkgs": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"blurred-wallpaper": {
"flake": false,
"locked": {
"lastModified": 1748433430,
"narHash": "sha256-rTmarmlP4SplEBAD+RM0kD5cB1F5g93H8ooSodxl8XE=",
"owner": "CHN-beta",
"repo": "bscpkgs",
"rev": "bd7d5b02b59c4807e551a43f43489f79206e326a",
"lastModified": 1746480265,
"narHash": "sha256-A1xKQy6ufGrW4yVGkYb8zBqRuQFFxtowCbao2GOP150=",
"owner": "bouteillerAlan",
"repo": "blurredwallpaper",
"rev": "6fa32cc6062c4852b9abb83f590314a2cab9b5ad",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"repo": "bscpkgs",
"owner": "bouteillerAlan",
"repo": "blurredwallpaper",
"type": "github"
}
},
"buildproxy": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"cachyos-lts": {
"locked": {
"lastModified": 1709212359,
"narHash": "sha256-La70ax79Hrp/Vz2G3gzI4fLgRd2z3lJrYLvCf+xcTj4=",
"owner": "polygon",
"repo": "nix-buildproxy",
"rev": "c26d73992ddae96812501b5ae1cc45037d8b10be",
"lastModified": 1743535541,
"narHash": "sha256-OlBtXY26w9OcAmpqrTvxaG4/rfDdavauQF2eRxb+ySs=",
"owner": "drakon64",
"repo": "nixos-cachyos-kernel",
"rev": "8516d89c4e0c4a25cea1be8431db3963359ee81b",
"type": "github"
},
"original": {
"owner": "polygon",
"repo": "nix-buildproxy",
"owner": "drakon64",
"repo": "nixos-cachyos-kernel",
"type": "github"
}
},
@@ -149,27 +118,6 @@
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"nur-linyinfeng",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"nur-xddxdd",
@@ -209,11 +157,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@@ -223,22 +171,6 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -254,58 +186,7 @@
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nur-linyinfeng",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@@ -359,42 +240,6 @@
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -583,21 +428,6 @@
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1749394952,
"narHash": "sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "64c6e53a3999957c19ab95cda78bde466d8374cc",
"type": "github"
},
"original": {
"owner": "gmodena",
"repo": "nix-flatpak",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@@ -661,31 +491,15 @@
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1750646418,
"narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos-wallpaper": {
"flake": false,
"locked": {
"lastModified": 1749300029,
"lastModified": 1744994349,
"lfs": true,
"narHash": "sha256-m5rQGDo9sogrNFtHNdf4CiUe4odqOVStj03ikUQX7NE=",
"narHash": "sha256-DMVWLep/yoR05kfYqjQxazjZXEUw/CRLoELajXQq3eM=",
"ref": "refs/heads/main",
"rev": "8da808801224ac49758e4df095922be0c84650c8",
"revCount": 8,
"rev": "5e4d102f5da8c27589083fb90e3f6edd8383ced8",
"revCount": 6,
"type": "git",
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
},
@@ -697,11 +511,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1751630609,
"narHash": "sha256-mJ1XnKiLnNapGSUwyGdFD8tmQTzuJm8z3qaFC27guqE=",
"lastModified": 1748069742,
"narHash": "sha256-GcfcL/c9Q696oftYwlKjTZS1UTTQR7jSzxNa+imZ+tI=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "b263408b62d74a1e7a298fc47135653a70c227aa",
"rev": "08e074b33507733ffb0ccb3006eb5fbad612ce6f",
"type": "github"
},
"original": {
@@ -792,11 +606,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1750554037,
"narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
"lastModified": 1746921044,
"narHash": "sha256-R4hz/Wl2QZDbgj09u9tDdQKY8SS9JIm0F2wc9LKOjD0=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "f6b1f449aa69592d8f9bce2d4141766b667294ac",
"rev": "5d04a9f5d569ed7632ee926021d6ab35729fd8d4",
"type": "github"
},
"original": {
@@ -842,45 +656,18 @@
"type": "github"
}
},
"nur-linyinfeng": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_2",
"nixos-stable": "nixos-stable",
"nixpkgs": [
"nixpkgs"
],
"nvfetcher": "nvfetcher",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1751049834,
"narHash": "sha256-xgLH6/ZtQJKWsham0Cj0nKGY8hde2fY8vZgSM5JfRik=",
"owner": "linyinfeng",
"repo": "nur-packages",
"rev": "d7a4ee64345bae20e75f40d6f35c705d22c216d4",
"type": "github"
},
"original": {
"owner": "linyinfeng",
"repo": "nur-packages",
"type": "github"
}
},
"nur-xddxdd": {
"inputs": {
"devshell": "devshell_2",
"flake-parts": "flake-parts_2",
"devshell": "devshell",
"flake-parts": "flake-parts",
"nix-index-database": "nix-index-database_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-24_05": "nixpkgs-24_05",
"nvfetcher": "nvfetcher_2",
"nvfetcher": "nvfetcher",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1748081225,
@@ -898,37 +685,8 @@
},
"nvfetcher": {
"inputs": {
"flake-compat": [
"nur-linyinfeng",
"flake-compat"
],
"flake-utils": [
"nur-linyinfeng",
"flake-utils"
],
"nixpkgs": [
"nur-linyinfeng",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732501185,
"narHash": "sha256-Z0BpHelaGQsE5VD9hBsBHsvMU9h+Xt0kfkDJyFivZOU=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "bdb14eab6fe9cefc29efe01e60c3a3f616d6b62a",
"type": "github"
},
"original": {
"owner": "berberman",
"repo": "nvfetcher",
"type": "github"
}
},
"nvfetcher_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nur-xddxdd",
"nixpkgs"
@@ -951,17 +709,16 @@
"openxlsx": {
"flake": false,
"locked": {
"lastModified": 1716560554,
"narHash": "sha256-Aqn1830lG4g7BbwEeePhvGawLarmrIMnF2MXROTUBCw=",
"lastModified": 1745313465,
"narHash": "sha256-HOYgrF3eU8yZIML6Soz7MHXlHpM4TB71zM/IGzwLHRY=",
"owner": "troldal",
"repo": "OpenXLSX",
"rev": "f85f7f1bd632094b5d78d4d1f575955fc3801886",
"rev": "86af3b043f6b13b09e591a920a49ea1f9724d4a1",
"type": "github"
},
"original": {
"owner": "troldal",
"repo": "OpenXLSX",
"rev": "f85f7f1bd632094b5d78d4d1f575955fc3801886",
"type": "github"
}
},
@@ -1022,7 +779,7 @@
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": [
"nur-xddxdd",
@@ -1061,10 +818,9 @@
},
"root": {
"inputs": {
"aagl": "aagl",
"blog": "blog",
"bscpkgs": "bscpkgs",
"buildproxy": "buildproxy",
"blurred-wallpaper": "blurred-wallpaper",
"cachyos-lts": "cachyos-lts",
"catppuccin": "catppuccin",
"concurrencpp": "concurrencpp",
"cppcoro": "cppcoro",
@@ -1080,7 +836,6 @@
"mumax": "mumax",
"nameof": "nameof",
"nc4nix": "nc4nix",
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-wallpaper": "nixos-wallpaper",
@@ -1091,7 +846,6 @@
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvirt": "nixvirt",
"nu-scripts": "nu-scripts",
"nur-linyinfeng": "nur-linyinfeng",
"nur-xddxdd": "nur-xddxdd",
"openxlsx": "openxlsx",
"phono3py": "phono3py",
@@ -1100,15 +854,15 @@
"py4vasp": "py4vasp",
"rsshub": "rsshub",
"rycee": "rycee",
"shadowrz": "shadowrz",
"slate": "slate",
"sops-nix": "sops-nix",
"sqlite-orm": "sqlite-orm",
"sticker": "sticker",
"stickerpicker": "stickerpicker",
"tgbot-cpp": "tgbot-cpp",
"ufo": "ufo",
"v-sim": "v-sim",
"vaspberry": "vaspberry",
"winapps": "winapps",
"zpp-bits": "zpp-bits"
}
},
@@ -1144,6 +898,42 @@
"type": "gitlab"
}
},
"shadowrz": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748056260,
"narHash": "sha256-bcUxYhdC/wCw20DeU3tHgdc80JLOAIsKUULH37fdU/M=",
"owner": "ShadowRZ",
"repo": "nur-packages",
"rev": "0c35cdecdf6ecec27c69810ca9f0346fca7c2ee8",
"type": "github"
},
"original": {
"owner": "ShadowRZ",
"repo": "nur-packages",
"type": "github"
}
},
"slate": {
"flake": false,
"locked": {
"lastModified": 1626631298,
"narHash": "sha256-3tbB16sWVUqiHAfeFc0FnFb0Cf6ZFxYWsYAyexeZVxk=",
"owner": "TheBigWazz",
"repo": "Slate",
"rev": "ff21b49c6e49b5a9f89497e4fea49a5a0c39bd6b",
"type": "github"
},
"original": {
"owner": "TheBigWazz",
"repo": "Slate",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@@ -1180,24 +970,6 @@
"type": "github"
}
},
"sticker": {
"flake": false,
"locked": {
"lastModified": 1748842256,
"lfs": true,
"narHash": "sha256-os0NWrft+N/HFy/+WRWup4fOHZLSLHANejih7qdXPxA=",
"ref": "refs/heads/main",
"rev": "2826c739c5602c5998afdcb3d041d521a214429a",
"revCount": 1,
"type": "git",
"url": "https://git.chn.moe/chn/sticker.git"
},
"original": {
"lfs": true,
"type": "git",
"url": "https://git.chn.moe/chn/sticker.git"
}
},
"stickerpicker": {
"flake": false,
"locked": {
@@ -1244,36 +1016,6 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tgbot-cpp": {
"flake": false,
"locked": {
@@ -1291,27 +1033,6 @@
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur-linyinfeng",
"nixpkgs"
]
},
"locked": {
"lastModified": 1750931469,
"narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nur-xddxdd",
@@ -1383,29 +1104,6 @@
"type": "github"
}
},
"winapps": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730460191,
"narHash": "sha256-CWaNjs2kOpmsR8ieVwqcd7EAz5Kd3y8I5huZyYgGqlA=",
"owner": "winapps-org",
"repo": "winapps",
"rev": "b18efc4497c0994182bbe482808583c11cc51a2e",
"type": "github"
},
"original": {
"owner": "winapps-org",
"ref": "feat-nix-packaging",
"repo": "winapps",
"type": "github"
}
},
"zpp-bits": {
"flake": false,
"locked": {

16
flake.nix
View File

@@ -3,6 +3,7 @@
inputs =
{
self.lfs = true;
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
@@ -23,14 +24,10 @@
url = "github:pjones/plasma-manager";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
bscpkgs = { url = "github:CHN-beta/bscpkgs"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
cachyos-lts.url = "github:drakon64/nixos-cachyos-kernel";
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; };
shadowrz = { url = "github:ShadowRZ/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -43,9 +40,11 @@
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
slate = { url = "github:TheBigWazz/Slate"; flake = false; };
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
hextra = { url = "github:imfing/hextra"; flake = false; };
@@ -60,10 +59,9 @@
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
phono3py = { url = "github:phonopy/phono3py"; flake = false; };
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
{
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };

2
flake/branch.nix
View File

@@ -1 +1 @@
"production"
"next"

13
flake/dns/config/chn.moe.nix
View File

@@ -4,12 +4,12 @@ let
{
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" ];
nas = [ "initrd.nas" ];
office = [ "srv2-node0" "xserverxmu" ];
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
office = [ "srv2-node0" ];
vps4 = [ "initrd.vps4" "xserver.vps4" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"ua" "xserver2" "xserver2.vps6" ""
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"ua" "vps6.xserver" ""
];
"xlog.autoroute" = [ "xlog" ];
"wg0.srv1-node0" = [ "wg0.srv1" ];
@@ -17,19 +17,18 @@ let
srv3 =
[
"chat" "freshrss" "huginn" "initrd.srv3" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
"xserver2.srv3" "example"
"xserver.srv3" "example"
];
srv1-node0 = [ "srv1" ];
srv2-node0 = [ "srv2" ];
"wg1.pc" = [ "nix-store" ];
"wg1.nas" = [ "nix-store.nas" ];
};
a =
{
nas = "192.168.1.2";
pc = "192.168.1.3";
one = "192.168.1.4";
office = "210.34.16.20";
office = "210.34.16.60";
srv1-node0 = "59.77.36.250";
vps4 = "104.234.37.61";
vps6 = "144.34.225.59";

4
flake/lib/default.nix → flake/lib.nix
View File

@@ -1,6 +1,6 @@
lib: rec
{
inherit (lib) attrsToList;
attrsToList = attrs: builtins.map (name: { inherit name; value = attrs.${name}; }) (builtins.attrNames attrs);
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
@@ -86,6 +86,4 @@ lib: rec
if (builtins.typeOf pattern) != "list" then throw "pattern should be a list"
else if pattern == [] then origin
else deepReplace (builtins.tail pattern) (replace ((builtins.head pattern) // { content = origin; }));
buildNixpkgsConfig = import ./buildNixpkgsConfig;
}

20
flake/packages.nix
View File

@@ -1,16 +1,17 @@
{ inputs, localLib }: rec
{
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
pkgs = (import inputs.nixpkgs
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = null; };
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [ inputs.self.overlays.default ];
});
hpcstat =
let
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
(prev: { doCheck = false; patches = prev.patches ++ [ ../packages/hpcstat/openssh.patch ];});
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
glaze = pkgs.pkgs-2411.pkgsStatic.glaze.overrideAttrs
glaze = pkgs.pkgsStatic.glaze.overrideAttrs
(prev: { cmakeFlags = prev.cmakeFlags ++ [ "-Dglaze_ENABLE_FUZZING=OFF" ]; });
# pkgsStatic.clangStdenv have a bug
# https://github.com/NixOS/nixpkgs/issues/177129
@@ -22,32 +23,27 @@
version = inputs.self.rev or "dirty";
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
};
inherit (pkgs.localPackages) blog;
inherit (pkgs.localPackages.pkgsStatic) chn-bsub;
vaspberry = pkgs.pkgsStatic.localPackages.vaspberry.override
{
gfortran = pkgs.pkgsStatic.gfortran;
lapack = pkgs.pkgsStatic.openblas;
};
jykang = import ../devices/jykang.xmuhpc { inherit inputs localLib; };
xmuhk = import ../devices/xmuhk { inherit inputs localLib; };
jykang = import ../devices/jykang.xmuhpc inputs;
src =
let getDrv = x:
if pkgs.lib.isDerivation x then [ x ]
else if builtins.isAttrs x then builtins.concatMap getDrv (builtins.attrValues x)
else if builtins.isList x then builtins.concatMap getDrv x
else [];
in pkgs.concatText "src" (getDrv (inputs.self.outputs.src));
in pkgs.writeClosure (getDrv (inputs.self.outputs.src));
dns-push = pkgs.callPackage ./dns
{
inherit localLib;
tokenPath = inputs.self.nixosConfigurations.pc.config.sops.secrets."acme/token".path;
octodns = pkgs.octodns.withProviders (_: with pkgs.octodns-providers; [ cloudflare ]);
};
archive =
let devices =
[ "nas" "one" "pc" "srv1-node0" "srv1-node1" "srv1-node2" "srv2-node0" "srv2-node1" "srv3" "vps4" "vps6" ];
in pkgs.writeText "archive" (builtins.concatStringsSep "\n" (builtins.map
(d: "${inputs.self.outputs.nixosConfigurations.${d}.config.system.build.toplevel}") devices));
}
// (builtins.listToAttrs (builtins.map
(system: { inherit (system) name; value = system.value.config.system.build.toplevel; })

68
flake/src.nix
View File

@@ -64,52 +64,6 @@
finalImageTag = "latest";
};
misskey = {};
lumerical =
{
lumerical = pkgs.requireFile
{
name = "lumerical.zip";
sha256 = "03nfacykfzal29jdmygrgkl0fqsc3yqp4ig86h1h9sirci87k94c";
hashMode = "recursive";
message = "Source not found.";
};
licenseManager =
{
crack = pkgs.requireFile
{
name = "crack";
sha256 = "1a1k3nlaidi0kk2xxamb4pm46iiz6k3sxynhd65y8riylrkck3md";
hashMode = "recursive";
message = "Source file not found.";
};
src = pkgs.requireFile
{
name = "src";
sha256 = "1h93r0bb37279dzghi3k2axf0b8g0mgacw0lcww5j3sx0sqjbg4l";
hashMode = "recursive";
message = "Source file not found.";
};
image = "7bb3a43bd1ad6103a57f700b13d11d486b6ea117838201e4a29d79b33ac72e3a";
imageFile = pkgs.requireFile
{
name = "lumericalLicenseManager.tar";
sha256 = "ftEZADv8Mgo5coNKs+gxPZPl/YTV3FMMgrF3wUIBEiQ=";
message = "Source not found.";
};
license = pkgs.requireFile
{
name = "license";
sha256 = "07rwin14py6pl1brka7krz7k2g9x41h7ks7dmp1lxdassan86484";
message = "Source file not found.";
};
sifImageFile = pkgs.requireFile
{
name = "lumericalLicenseManager.sif";
sha256 = "i0HGLiRWoKuQYYx44GBkDBbyUvFLbfFShi/hx7KBSuU=";
message = "Source file not found.";
};
};
};
vesta =
{
version = "3.90.5a";
@@ -160,32 +114,12 @@
mathematica = pkgs.mathematica.src;
oneapi =
{
src = pkgs.fetchurl
src = pkgs.fetchurl
{
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/2cf9c083-82b5-4a8f-a515-c599b09dcefc/"
+ "intel-oneapi-hpc-toolkit-2025.1.1.40_offline.sh";
sha256 = "1qjy9dsnskwqsk66fm99b3cch1wp3rl9dx7y884p3x5kwiqdma2x";
};
version = "2025.1";
fullVersion = "2025.1.1.40";
components =
[
"intel.oneapi.lin.dpcpp-cpp-common,v=2025.1.1+10"
"intel.oneapi.lin.dpcpp-cpp-common.runtime,v=2025.1.1+10"
"intel.oneapi.lin.ifort-compiler,v=2025.1.1+10"
"intel.oneapi.lin.compilers-common.runtime,v=2025.1.1+10"
"intel.oneapi.lin.mpi.runtime,v=2021.15.0+493"
"intel.oneapi.lin.umf,v=0.10.0+355"
"intel.oneapi.lin.tbb.runtime,v=2022.1.0+425"
"intel.oneapi.lin.compilers-common,v=2025.1.1+10"
];
};
rsshub = pkgs.dockerTools.pullImage
{
imageName = "diygod/rsshub";
imageDigest = "sha256:1f9d97263033752bf5e20c66a75e134e6045b6d69ae843c1f6610add696f8c22";
hash = "sha256-zN47lhQc3EX28LmGF4N3rDUPqumwmhfGn1OpvBYd2Vw=";
finalImageName = "rsshub";
finalImageTag = "latest";
};
}

8
modules/bugs/default.nix
View File

@@ -12,12 +12,8 @@ let bugs =
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
iwlwifi.boot.extraModprobeConfig =
''
options iwlwifi power_save=0
options iwlmvm power_scheme=1
options iwlwifi uapsd_disable=1
'';
iwlwifi.nixos.system.kernel.modules.modprobeConfig =
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
in
{

4
modules/default.nix
View File

@@ -6,12 +6,8 @@ inputs: let inherit (inputs) topInputs; in
topInputs.sops-nix.nixosModules.sops
topInputs.nix-index-database.nixosModules.nix-index
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
topInputs.catppuccin.nixosModules.catppuccin
topInputs.aagl.nixosModules.default
topInputs.nixvirt.nixosModules.default
# TODO: Remove after next release
"${topInputs.nixpkgs-unstable}/nixos/modules/services/hardware/lact.nix"
(inputs:
{
config =

29
modules/hardware/cpu.nix
View File

@@ -1,29 +0,0 @@
inputs:
{
options.nixos.hardware.cpu = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.enum [ "intel" "amd" ];
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
if march == null then null
else if inputs.lib.hasPrefix "znver" march then "amd"
else if (inputs.lib.hasSuffix "lake" march)
|| (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ])
then "intel"
else null;
};
config = let inherit (inputs.config.nixos.hardware) cpu; in inputs.lib.mkIf (cpu != null) (inputs.lib.mkMerge
[
(inputs.lib.mkIf (cpu == "intel")
{
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules =
[ "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp" ];
})
(inputs.lib.mkIf (cpu == "amd")
{
hardware.cpu.amd = { updateMicrocode = true; ryzen-smu.enable = true; };
environment.systemPackages = with inputs.pkgs; [ zenmonitor ];
programs.ryzen-monitor-ng.enable = true;
})
]);
}

26
modules/hardware/cpus.nix Normal file
View File

@@ -0,0 +1,26 @@
inputs:
{
options.nixos.hardware.cpus = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
config = let inherit (inputs.config.nixos.hardware) cpus; in inputs.lib.mkIf (cpus != [])
{
hardware.cpu = builtins.listToAttrs
(builtins.map (name: { inherit name; value = { updateMicrocode = true; }; }) cpus);
boot =
{
initrd.availableKernelModules =
let modules =
{
intel =
[
"intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
];
amd = [];
};
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) cpus);
};
environment.systemPackages =
let packages = with inputs.pkgs; { intel = []; amd = [ zenmonitor ]; };
in builtins.concatLists (builtins.map (cpu: packages.${cpu}) cpus);
};
}

2
modules/model.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.model = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
type = mkOption { type = types.enum [ "vps" "desktop" "server" ]; default = "vps"; };
private = mkOption { type = types.bool; default = false; };
cluster = mkOption
{

5
modules/packages/android-studio.nix
View File

@@ -1,7 +1,10 @@
inputs:
{
options.nixos.packages.android-studio = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
{
type = types.nullOr (types.submodule {});
default = null;
};
config = let inherit (inputs.config.nixos.packages) android-studio; in inputs.lib.mkIf (android-studio != null)
{
nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ];

94
modules/packages/desktop.nix
View File

@@ -15,8 +15,8 @@ inputs:
[
# system management
# TODO: module should add yubikey-touch-detector into path
gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror geekbench xpra
gparted yubikey-touch-detector btrfs-assistant
kdePackages.qtstyleplugin-kvantum cpu-x wl-mirror xpra
(
writeShellScriptBin "xclip"
''
@@ -24,66 +24,43 @@ inputs:
else exec ${wl-clipboard-x11}/bin/xclip "$@"; fi
''
)
# color management
argyllcms xcalib
# networking
remmina putty mtr-gui
remmina putty
# media
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins netease-cloud-music-gtk qcm
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio
(inkscape-with-extensions.override { inkscapeExtensions = null; })
# terminal
warp-terminal
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins qcm waifu2x-converter-cpp blender paraview vlc
obs-studio (inkscape-with-extensions.override { inkscapeExtensions = null; })
# themes
klassy-qt6 localPackages.slate localPackages.blurred-wallpaper
# development
adb-sync scrcpy dbeaver-bin cling aircrack-ng
weston cage openbox krita fprettify # jetbrains.clion
# desktop sharing
rustdesk-flutter
adb-sync scrcpy dbeaver-bin aircrack-ng fprettify
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden hashcat
electrum jabref john crunch
# download
qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
qbittorrent wgetpaste rclone
# editor
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq obsidian code-cursor
typora
# news
fluent-reader rssguard newsflash newsboat follow
fluent-reader newsflash follow
# nix tools
nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
nix-template nil bundix
nixpkgs-fmt nixd nix-serve nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
# required by vscode nix tools
nil
# instant messager
element-desktop telegram-desktop discord zoom-us slack nheko hexchat halloy
fluffychat signal-desktop qq nur-xddxdd.wechat-uos-sandboxed cinny-desktop
element-desktop telegram-desktop discord zoom-us slack nheko
# browser
google-chrome tor-browser
# office
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain davinci-resolve
ydict texstudio panoply pspp libreoffice-qt6-fresh ocrmypdf typst # paperwork
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain
ydict pspp libreoffice-qt6-fresh ocrmypdf typst
# required by ltex-plus.vscode-ltex-plus
ltex-ls ltex-ls-plus
# matplot++ needs old gnuplot
pkgs-2311.gnuplot
inputs.pkgs.pkgs-2311.gnuplot
# math, physics and chemistry
octaveFull ovito localPackages.vesta localPackages.v-sim jmol mpi geogebra6 localPackages.ufo
(quantum-espresso.override
{
stdenv = gcc14Stdenv;
gfortran = gfortran14;
wannier90 = wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; };
})
pkgs-2311.hdfview numbat qalculate-qt
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.mumax else emptyDirectory)
(if inputs.config.nixos.system.nixpkgs.cuda != null
then (lammps.override { stdenv = cudaPackages.backendStdenv; }).overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags ++
[ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
nativeBuildInputs = prev.nativeBuildInputs ++ [ cudaPackages.cudatoolkit ];
buildInputs = prev.buildInputs ++ [ mpi ];
})
else lammps-mpi)
octaveFull ovito localPackages.vesta localPackages.v-sim mpi geogebra6 localPackages.ufo
inputs.pkgs.pkgs-2311.hdfview qalculate-qt
# virtualization
virt-viewer bottles wineWowPackages.stagingFull genymotion playonlinux
bottles wineWowPackages.stagingFull
# media
nur-xddxdd.svp
# for kdenlive auto subtitle
@@ -93,15 +70,14 @@ inputs:
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py
tensorflow keras numpy
phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py numpy
])];
};
user.sharedModules =
[{
config.programs =
{
plasma = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
plasma =
{
enable = true;
configFile =
@@ -113,15 +89,9 @@ inputs:
inherit (inputs.topInputs) nixos-wallpaper;
isPicture = f: builtins.elem (inputs.lib.last (inputs.lib.splitString "." f))
[ "png" "jpg" "jpeg" "webp" ];
listDirRecursive =
let listDir = dir:
if dir.value == "directory" then builtins.concatLists
(builtins.map (f: listDir f) (inputs.localLib.attrsToList (builtins.readDir dir.name)))
else [ dir ];
in dir: listDir { name = dir; value = "directory"; };
in builtins.concatStringsSep "," (builtins.map (f: "${nixos-wallpaper}/${f.name}")
(builtins.filter (f: (isPicture f.name) && (f.value == "regular"))
(listDirRecursive nixos-wallpaper)));
(inputs.localLib.attrsToList (builtins.readDir nixos-wallpaper))));
};
powerdevil =
let config =
@@ -147,20 +117,8 @@ inputs:
adb.enable = true;
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
yubikey-touch-detector.enable = true;
kdeconnect.enable = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde") true;
kde-pim = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
{ enable = true; kmail = true; };
coolercontrol =
{
enable = true;
nvidiaSupport = if inputs.config.nixos.hardware.gpu.type == null then false
else inputs.lib.hasSuffix "nvidia" inputs.config.nixos.hardware.gpu.type;
};
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
alvr = { enable = true; openFirewall = true; };
kdeconnect.enable = true;
};
services = { pcscd.enable = true; lact.enable = true; };
services.pcscd.enable = true;
};
}

14
modules/packages/firefox.nix
View File

@@ -12,10 +12,11 @@ inputs:
{
enable = true;
languagePacks = [ "zh-CN" "en-US" ];
nativeMessagingHosts.packages = with inputs.pkgs; [ uget-integrator ];
nativeMessagingHosts.packages = with inputs.pkgs; [ uget-integrator firefoxpwa ];
};
nixos =
{
packages.packages._packages = [ inputs.pkgs.firefoxpwa ];
user.sharedModules =
[{
config =
@@ -24,11 +25,7 @@ inputs:
{
enable = true;
nativeMessagingHosts = with inputs.pkgs;
(
[ uget-integrator ]
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
[ kdePackages.plasma-browser-integration ])
);
[ kdePackages.plasma-browser-integration uget-integrator firefoxpwa ];
# TODO: use fixed-version of plugins
policies.DefaultDownloadDirectory = "\${home}/Downloads";
profiles.default =
@@ -37,9 +34,8 @@ inputs:
[
tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
metamask pakkujs rsshub-radar rsspreview tabliss tree-style-tab ublock-origin
wappalyzer grammarly zotero-connector smartproxy kiss-translator
] ++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
[ plasma-integration ]);
wappalyzer grammarly plasma-integration zotero-connector smartproxy kiss-translator
];
search = { default = "google"; force = true; };
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";

12
modules/packages/flatpak.nix
View File

@@ -1,12 +0,0 @@
inputs:
{
options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
{
services.flatpak = { enable = true; uninstallUnmanaged = true; };
};
}

22
modules/packages/lammps.nix Normal file
View File

@@ -0,0 +1,22 @@
inputs:
{
options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
{
nixos.packages.packages._packages =
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null;
in
if cuda then [((inputs.pkgs.lammps.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
.overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags ++ [ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.cudaPackages.cudatoolkit ];
buildInputs = prev.buildInputs ++ [ inputs.pkgs.mpi ];
}))]
else [ inputs.pkgs.lammps-mpi ];
};
}

13
modules/packages/lumerical.nix
View File

@@ -1,13 +0,0 @@
inputs:
{
options.nixos.packages.lumerical = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) lumerical; in inputs.lib.mkIf (lumerical != null)
{
nixos =
{
packages.packages._packages = [ inputs.pkgs.localPackages.lumerical.lumerical.cmd ];
services.lumericalLicenseManager = {};
};
};
}

5
modules/packages/mathematica.nix
View File

@@ -1,7 +1,10 @@
inputs:
{
options.nixos.packages.mathematica = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
{
type = types.nullOr (types.submodule {});
default = null;
};
config = let inherit (inputs.config.nixos.packages) mathematica; in inputs.lib.mkIf (mathematica != null)
{ nixos.packages.packages._packages = [ inputs.pkgs.mathematica ]; };
}

16
modules/packages/mumax.nix Normal file
View File

@@ -0,0 +1,16 @@
inputs:
{
options.nixos.packages.mumax = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default =
if (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
&& (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null)
then {}
else null;
};
config = let inherit (inputs.config.nixos.packages) mumax; in inputs.lib.mkIf (mumax != null)
{
nixos.packages.packages._packages = [ inputs.pkgs.localPackages.mumax ];
};
}

5
modules/packages/nushell.nix
View File

@@ -1,7 +1,10 @@
inputs:
{
options.nixos.packages.nushell = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
{
type = types.nullOr (types.submodule {});
default = {};
};
config = let inherit (inputs.config.nixos.packages) nushell; in inputs.lib.mkIf (nushell != null)
{
nixos =

19
modules/packages/minimal.nix → modules/packages/server.nix
View File

@@ -1,8 +1,8 @@
inputs:
{
options.nixos.packages.minimal = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.packages.server = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.packages) minimal; in inputs.lib.mkIf (minimal != null)
config = let inherit (inputs.config.nixos.packages) server; in inputs.lib.mkIf (server != null)
{
nixos.packages.packages =
{
@@ -30,27 +30,22 @@ inputs:
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool libfido2
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools openvpn
parted
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
# nix tools
nix-output-monitor nix-tree ssh-to-age nix-inspect
# development
gdb try rr hexo-cli gh nix-init hugo
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
(octodns.withProviders (_: with octodns-providers; [ cloudflare ]))
# stupid things
toilet lolcat localPackages.stickerpicker graph-easy
# office
pdfgrep ffmpeg-full hdf5
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
[ inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix ]);
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2 certifi
charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
# allow pandas read odf
odfpy
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus odfpy
# for vasp plot-workfunc.py
ase
])];

18
modules/packages/vasp.nix
View File

@@ -1,16 +1,24 @@
inputs:
{
options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
{
type = types.nullOr (types.submodule {});
# default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
# TODO: fix vasp
default = null;
};
# TODO: add more options to correctly configure VASP
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
{
nixos.packages.packages = with inputs.pkgs;
{
_packages =
[
localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.vasp.nvidia else emptyDirectory)
];
(
[ localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90 ]
++ (inputs.lib.optional
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.capabilities or null != null)
localPackages.vasp.nvidia)
);
_pythonPackages = [(_: [ localPackages.py4vasp ])];
};
};

7
modules/packages/vscode.nix
View File

@@ -72,12 +72,9 @@ inputs:
ltex-plus.vscode-ltex-plus
]
# jupyter
# TODO: pick all extensions from nixpkgs or nix-vscode-extensions, explicitly
# TODO: use last release
++ (with vscode-extensions.ms-toolsai;
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
datawrangler
]);
[ jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow ]);
extraFlags = builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags;
}
)];

47
modules/packages/winapps/default.nix
View File

@@ -1,47 +0,0 @@
inputs:
{
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
{
nixos.packages.packages._packages =
[
(inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {})
(inputs.pkgs.runCommand "winapps-windows" {}
''
mkdir -p $out/share/applications
cp ${inputs.pkgs.replaceVars ./windows.desktop { path = inputs.topInputs.winapps; }} \
$out/share/applications/windows.desktop
'')
]
++ builtins.map
(p: inputs.pkgs.runCommand "winapps-${p}" {}
''
mkdir -p $out/share/applications
source ${inputs.topInputs.winapps}/apps/${p}/info
# replace \ with \\
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/\\/\\\\/g')
# replace space with \s
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/ /\\s/g')
cat > $out/share/applications/${p}.desktop << EOF
[Desktop Entry]
Name=$NAME
Exec=winapps manual "$WIN_EXECUTABLE" %F
Terminal=false
Type=Application
Icon=${inputs.topInputs.winapps}/apps/${p}/icon.svg
StartupWMClass=$FULL_NAME
Comment=$FULL_NAME
Categories=$CATEGORIES
MimeType=$MIME_TYPES
EOF
'')
[
"access-o365" "acrobat-x-pro" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365"
"visual-studio-comm" "word-o365"
];
};
}

9
modules/packages/winapps/windows.desktop
View File

@@ -1,9 +0,0 @@
[Desktop Entry]
Name=Windows
Exec=winapps windows %F
Terminal=false
Type=Application
Icon=@path@/icons/windows.svg
StartupWMClass=Micorosoft Windows
Comment=Micorosoft Windows
Categories=Windows

1
modules/packages/zsh/default.nix
View File

@@ -63,7 +63,6 @@ inputs:
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
zstyle ':vcs_info:*' disable-patterns "/nix/remote/*"
'';
oh-my-zsh.theme = "";
};

2
modules/services/acme.nix
View File

@@ -48,7 +48,7 @@ inputs:
CLOUDFLARE_DNS_API_TOKEN=${inputs.config.sops.placeholder."acme/token"}
CLOUDFLARE_PROPAGATION_TIMEOUT=300
'';
secrets."acme/token".sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/acme.yaml";
secrets."acme/token".sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml";
};
};
}

1
modules/services/beesd.nix
View File

@@ -25,6 +25,7 @@ inputs:
inherit (fs.value) hashTableSizeMB;
extraOptions =
[
"--workaround-btrfs-send"
"--thread-count" "${builtins.toString fs.value.threads}"
"--loadavg-target" "${builtins.toString fs.value.loadAverage}"
"--scan-mode" "3"

31
modules/services/docker.nix Normal file
View File

@@ -0,0 +1,31 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkIf (docker != null)
{
virtualisation.docker =
{
enable = true;
# prevent create btrfs subvol
storageDriver = "overlay2";
daemon.settings.dns = [ "1.1.1.1" ];
rootless =
{
enable = true;
setSocketVariable = true;
daemon.settings =
{
features.buildkit = true;
# dns 127.0.0.1 make docker not work
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
live-restore = true;
};
};
};
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;
networking.firewall.trustedInterfaces = [ "docker0" ];
};
}

71
modules/services/freshrss.nix
View File

@@ -1,33 +1,52 @@
inputs:
{
options.nixos.services.freshrss = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.services.freshrss = let inherit (inputs.lib) mkOption types; in
{
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.str; default = "freshrss.chn.moe"; };
};});
default = null;
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "freshrss.chn.moe"; };
};
config = let inherit (inputs.config.nixos.services) freshrss; in inputs.lib.mkIf (freshrss != null)
{
services.freshrss =
config =
let
inherit (inputs.config.nixos.services) freshrss;
inherit (inputs.lib) mkIf;
in mkIf freshrss.enable
{
enable = true;
baseUrl = "https://${freshrss.hostname}";
defaultUser = "chn";
passwordFile = inputs.config.sops.secrets."freshrss/chn".path;
database = { type = "mysql"; passFile = inputs.config.sops.secrets."freshrss/db".path; };
services.freshrss =
{
enable = true;
baseUrl = "https://${freshrss.hostname}";
defaultUser = "chn";
passwordFile = inputs.config.sops.secrets."freshrss/chn".path;
database = { type = "mysql"; passFile = inputs.config.sops.secrets."freshrss/db".path; };
virtualHost = null;
};
sops.secrets =
{
"freshrss/chn".owner = inputs.config.users.users.freshrss.name;
"freshrss/db" = { owner = inputs.config.users.users.freshrss.name; key = "mariadb/freshrss"; };
};
systemd.services.freshrss-config.after = [ "mysql.service" ];
nixos.services =
{
mariadb = { enable = true; instances.freshrss = {}; };
nginx.https.${freshrss.hostname} =
{
location =
{
"/".static =
{
root = "${inputs.pkgs.freshrss}/p";
index = [ "index.php" ];
tryFiles = [ "$uri" "$uri/" "$uri/index.php" ];
};
"~ ^.+?\.php(/.*)?$".php =
{
root = "${inputs.pkgs.freshrss}/p";
fastcgiPass =
"unix:${inputs.config.services.phpfpm.pools.${inputs.config.services.freshrss.pool}.socket}";
};
};
};
};
};
sops.secrets =
{
"freshrss/chn".owner = inputs.config.users.users.freshrss.name;
"freshrss/db" = { owner = inputs.config.users.users.freshrss.name; key = "mariadb/freshrss"; };
};
systemd.services.freshrss-config.after = [ "mysql.service" ];
nixos.services =
{
mariadb = { enable = true; instances.freshrss = {}; };
nginx.https.${freshrss.hostname}.global.configName = "freshrss";
};
};
}

203
modules/services/frp.nix Normal file
View File

@@ -0,0 +1,203 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
frpClient =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
user = mkOption { type = types.nonEmptyStr; };
tcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
};
}));
default = {};
};
stcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
};
}));
default = {};
};
stcpVisitor = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
};
}));
default = {};
};
};
frpServer =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.lib.strings) splitString;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) frpClient frpServer;
inherit (builtins) map listToAttrs;
in mkMerge
[
(
mkIf frpClient.enable
{
systemd.services.frpc =
let
frpc = "${inputs.pkgs.frp}/bin/frpc";
config = inputs.config.sops.templates."frpc.json";
in
{
description = "Frp Client Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "always";
RestartSec = "5s";
ExecStart = "${frpc} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frpc.json" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = builtins.toJSON
{
auth.token = inputs.config.sops.placeholder."frp/token";
user = frpClient.user;
serverAddr = frpClient.serverName;
serverPort = 7000;
proxies =
(map
(tcp:
{
name = tcp.name;
type = "tcp";
transport.useCompression = true;
inherit (tcp.value) localIp localPort remotePort;
})
(attrsToList frpClient.tcp))
++ (map
(stcp:
{
name = stcp.name;
type = "stcp";
transport.useCompression = true;
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
allowUsers = [ "*" ];
inherit (stcp.value) localIp localPort;
})
(attrsToList frpClient.stcp));
visitors = map
(stcp:
{
name = stcp.name;
type = "stcp";
transport.useCompression = true;
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
serverUser = builtins.elemAt (splitString "." stcp.name) 0;
serverName = builtins.elemAt (splitString "." stcp.name) 1;
bindAddr = stcp.value.localIp;
bindPort = stcp.value.localPort;
})
(attrsToList frpClient.stcpVisitor);
};
};
secrets = listToAttrs
(
[{ name = "frp/token"; value = {}; }]
++ (map
(stcp: { name = "frp/stcp/${stcp.name}"; value = {}; })
(attrsToList (with frpClient; stcp // stcpVisitor)))
);
};
users =
{
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.user.gid.frp;
};
}
)
(
mkIf frpServer.enable
{
systemd.services.frps =
let
frps = "${inputs.pkgs.frp}/bin/frps";
config = inputs.config.sops.templates."frps.json";
in
{
description = "Frp Server Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${frps} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frps.json" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = builtins.toJSON
{
auth.token = inputs.config.sops.placeholder."frp/token";
transport.tls = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
{
force = true;
certFile = "${cert}/full.pem";
keyFile = "${cert}/key.pem";
serverName = frpServer.serverName;
};
};
};
secrets."frp/token" = {};
};
nixos.services.acme.cert.${frpServer.serverName}.group = "frp";
users =
{
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.user.gid.frp;
};
networking.firewall.allowedTCPPorts = [ 7000 ];
}
)
];
}

99
modules/services/fz-new-order/default.nix Normal file
View File

@@ -0,0 +1,99 @@
inputs:
{
options.nixos.services.fz-new-order = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) fz-new-order; in inputs.lib.mkIf (fz-new-order != null)
{
users =
{
users.fz-new-order =
{
uid = inputs.config.nixos.user.uid.fz-new-order;
group = "fz-new-order";
home = "/var/lib/fz-new-order";
createHome = true;
isSystemUser = true;
};
groups.fz-new-order.gid = inputs.config.nixos.user.gid.fz-new-order;
};
systemd =
{
timers.fz-new-order =
{
wantedBy = [ "timers.target" ];
timerConfig = { OnBootSec = "10m"; OnUnitActiveSec = "10m"; Unit = "fz-new-order.service"; };
};
services.fz-new-order = rec
{
description = "fz-new-order";
after = [ "network.target" ];
requires = after;
serviceConfig =
{
User = inputs.config.users.users."fz-new-order".name;
Group = inputs.config.users.users."fz-new-order".group;
WorkingDirectory = "/var/lib/fz-new-order";
ExecStart =
let
src = inputs.pkgs.replaceVars ./main.cpp
{ config_file = inputs.config.sops.templates."fz-new-order/config.json".path; };
binary = inputs.pkgs.stdenv.mkDerivation
{
name = "fz-new-order";
inherit src;
buildInputs = with inputs.pkgs; [ jsoncpp.dev cereal fmt httplib ];
dontUnpack = true;
buildPhase =
''
runHook preBuild
g++ -std=c++20 -O2 -o fz-new-order ${src} -ljsoncpp -lfmt
runHook postBuild
'';
installPhase =
''
runHook preInstall
mkdir -p $out/bin
cp fz-new-order $out/bin/fz-new-order
runHook postInstall
'';
};
in "${binary}/bin/fz-new-order";
};
};
tmpfiles.rules =
[
"d /var/lib/fz-new-order 0700 fz-new-order fz-new-order"
"Z /var/lib/fz-new-order - fz-new-order fz-new-order"
];
};
sops = let userNum = 5; configNum = 2; in
{
templates."fz-new-order/config.json" =
{
owner = inputs.config.users.users."fz-new-order".name;
group = inputs.config.users.users."fz-new-order".group;
content = let placeholder = inputs.config.sops.placeholder; in builtins.toJSON
{
token = placeholder."fz-new-order/token";
uids = builtins.map (j: placeholder."fz-new-order/uids/user${builtins.toString j}")
(builtins.genList (n: n) userNum);
config = builtins.map
(i: builtins.listToAttrs (builtins.map
(attrName: { name = attrName; value = placeholder."fz-new-order/config${toString i}/${attrName}"; })
[ "username" "password" "comment" ]))
(builtins.genList (n: n) configNum);
};
};
secrets =
{ "fz-new-order/token" = {}; }
// (builtins.listToAttrs (builtins.map
(i: { name = "fz-new-order/uids/user${toString i}"; value = {}; })
(builtins.genList (n: n) userNum)))
// (builtins.listToAttrs (builtins.concatLists (builtins.map
(i: builtins.map
(attrName: { name = "fz-new-order/config${builtins.toString i}/${attrName}"; value = {}; })
[ "username" "password" "comment" ])
(builtins.genList (n: n) configNum))));
};
};
}

244
modules/services/fz-new-order/main.cpp Normal file
View File

@@ -0,0 +1,244 @@
# include <iostream>
# include <set>
# include <sstream>
# include <filesystem>
# include <cereal/types/set.hpp>
# include <cereal/archives/json.hpp>
# include <fmt/format.h>
# include <fmt/ranges.h>
# include <httplib.h>
# include <json/json.h>
std::string urlencode(std::string s)
{
auto hexchar = [](unsigned char c, unsigned char &hex1, unsigned char &hex2)
{
hex1 = c / 16;
hex2 = c % 16;
hex1 += hex1 <= 9 ? '0' : 'a' - 10;
hex2 += hex2 <= 9 ? '0' : 'a' - 10;
};
const char *str = s.c_str();
std::vector<char> v(s.size());
v.clear();
for (std::size_t i = 0, l = s.size(); i < l; i++)
{
char c = str[i];
if
(
(c >= '0' && c <= '9')
|| (c >= 'a' && c <= 'z')
|| (c >= 'A' && c <= 'Z')
|| c == '-' || c == '_' || c == '.' || c == '!' || c == '~'
|| c == '*' || c == '\'' || c == '(' || c == ')'
)
v.push_back(c);
else
{
v.push_back('%');
unsigned char d1, d2;
hexchar(c, d1, d2);
v.push_back(d1);
v.push_back(d2);
}
}
return std::string(v.cbegin(), v.cend());
}
void oneshot
(
const std::string& username, const std::string& password, const std::string& comment,
const std::set<std::string>& wxuser, const std::string& token
)
{
httplib::Client fzclient("http://scmv9.fengzhansy.com:8882");
httplib::Client wxclient("http://wxpusher.zjiecode.com");
auto& log = std::clog;
try
{
// get JSESSIONID
auto cookie_jsessionid = [&]() -> std::string
{
log << "get /scmv9/login.jsp\n";
auto result = fzclient.Get("/scmv9/login.jsp");
if (result.error() != httplib::Error::Success)
throw std::runtime_error("request failed");
auto it = result.value().headers.find("Set-Cookie");
if (it == result.value().headers.end() || it->first != "Set-Cookie")
throw std::runtime_error("find cookie failed");
log << fmt::format("set_cookie JSESSIONID {}\n", it->second.substr(0, it->second.find(';')));
return it->second.substr(0, it->second.find(';'));
}();
// login
auto cookie_pppp = [&]() -> std::string
{
auto body = fmt::format("method=dologinajax&rand=1234&userc={}&mdid=P&passw={}", username, password);
httplib::Headers headers =
{
{ "X-Requested-With", "XMLHttpRequest" },
{
"User-Agent",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
},
{ "Content-Type", "application/x-www-form-urlencoded; charset=UTF-8" },
{ "Origin", "http://scmv9.fengzhansy.com:8882" },
{ "Referer", "http://scmv9.fengzhansy.com:8882/scmv9/login.jsp" },
{ "Cookie", cookie_jsessionid }
};
log << "post /scmv9/data.jsp\n";
auto result = fzclient.Post("/scmv9/data.jsp", headers, body, "application/x-www-form-urlencoded; charset=UTF-8");
if (result.error() != httplib::Error::Success)
throw std::runtime_error("request failed");
log << fmt::format("set_cookie pppp {}\n", fmt::format("pppp={}%40{}", username, password));
return fmt::format("pppp={}%40{}", username, password);
}();
// get order list
auto order_list = [&]() -> std::map<std::string, std::pair<std::string, std::string>>
{
auto body = fmt::format("method=dgate&rand=1234&op=scmmgr_pcggl&nv%5B%5D=opmode&nv%5B%5D=dd_qry&nv%5B%5D=bill&nv%5B%5D=&nv%5B%5D=storeid&nv%5B%5D=&nv%5B%5D=vendorid&nv%5B%5D={}&nv%5B%5D=qr_status&nv%5B%5D=&nv%5B%5D=ddprt&nv%5B%5D=%25&nv%5B%5D=fdate&nv%5B%5D=&nv%5B%5D=tdate&nv%5B%5D=&nv%5B%5D=shfdate&nv%5B%5D=&nv%5B%5D=shtdate&nv%5B%5D=&nv%5B%5D=fy_pno&nv%5B%5D=1&nv%5B%5D=fy_psize&nv%5B%5D=10", username);
httplib::Headers headers =
{
{ "X-Requested-With", "XMLHttpRequest" },
{
"User-Agent",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
},
{ "Content-Type", "application/x-www-form-urlencoded; charset=UTF-8" },
{ "Origin", "http://scmv9.fengzhansy.com:8882"
},
{ "Referer", "http://scmv9.fengzhansy.com:8882/scmv9/SCM/cggl_po_qry.jsp" },
{ "Cookie", fmt::format("{}; {}", cookie_jsessionid, cookie_pppp) }
};
log << "post /scmv9/data.jsp\n";
auto result = fzclient.Post("/scmv9/data.jsp", headers, body, "application/x-www-form-urlencoded; charset=UTF-8");
if (result.error() != httplib::Error::Success)
throw std::runtime_error("request failed");
log << fmt::format("get result {}\n", result.value().body);
std::stringstream result_body(result.value().body);
Json::Value root;
result_body >> root;
std::map<std::string, std::pair<std::string, std::string>> orders;
for (unsigned i = 0; i < root["dt"][1].size(); i++)
{
log << fmt::format
(
"insert order {} {} {}\n", root["dt"][1][i].asString(), root["dt"][2][i].asString(),
root["dt"][4][i].asString()
);
orders.insert({root["dt"][1][i].asString(), {root["dt"][2][i].asString(), root["dt"][4][i].asString()}});
}
return orders;
}();
// read order old
auto order_old = [&]() -> std::set<std::string>
{
if (!std::filesystem::exists("orders.json"))
return {};
else
{
std::ifstream ins("orders.json");
cereal::JSONInputArchive ina(ins);
std::set<std::string> data;
cereal::load(ina, data);
return data;
}
}();
// push new order info
for (const auto& order : order_list)
if (!order_old.contains(order.first))
{
auto body = fmt::format
(
"method=dgate&rand=1234&op=scmmgr_pcggl&nv%5B%5D=opmode&nv%5B%5D=ddsp_qry&nv%5B%5D=bill&nv%5B%5D={}",
order.first
);
httplib::Headers headers =
{
{ "X-Requested-With", "XMLHttpRequest" },
{
"User-Agent",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
},
{ "Content-Type", "application/x-www-form-urlencoded; charset=UTF-8" },
{ "Origin", "http://scmv9.fengzhansy.com:8882" },
{ "Referer", "http://scmv9.fengzhansy.com:8882/scmv9/SCM/cggl_po_qry.jsp" },
{ "Cookie", fmt::format("{}; {}", cookie_jsessionid, cookie_pppp) }
};
log << "post /scmv9/data.jsp\n";
auto result = fzclient.Post
("/scmv9/data.jsp", headers, body, "application/x-www-form-urlencoded; charset=UTF-8");
if (result.error() != httplib::Error::Success)
throw std::runtime_error("request failed");
log << fmt::format("get result {}\n", result.value().body);
std::stringstream result_body(result.value().body);
Json::Value root;
result_body >> root;
std::stringstream push_body;
double all_cost = 0;
push_body << fmt::format
(
"{} {} {}店\n", comment, order.second.second.substr(order.second.second.find('-') + 1),
order.second.first.substr(1, 2)
);
for (unsigned i = 0; i < root["dt"][6].size(); i++)
{
push_body << fmt::format
(
"{} {}{}\n", root["dt"][6][i].asString().substr(root["dt"][6][i].asString().length() - 4),
root["dt"][7][i].asString(), root["dt"][5][i].asString()
);
// 订货金额 maybe empty ???
if (root["dt"][10][i].asString() != "")
all_cost += std::stod(root["dt"][10][i].asString());
}
push_body << fmt::format("共{:.2f}元\n", all_cost);
log << fmt::format("push to wx {}\n", push_body.str());
auto encoded = urlencode(push_body.str());
for (const auto& wxu : wxuser)
{
auto path = fmt::format
("/api/send/message/?appToken={}&content={}&uid={}", token, encoded, wxu);
auto wxresult = wxclient.Get(path.c_str());
}
}
// save data
{
for (const auto& order : order_list)
if (!order_old.contains(order.first))
order_old.insert(order.first);
std::ofstream os("orders.json");
cereal::JSONOutputArchive oa(os);
cereal::save(oa, order_old);
}
}
catch (const std::exception& ex)
{
log << ex.what() << "\n" << std::flush;
std::terminate();
}
}
int main(int argc, char** argv)
{
Json::Value configs;
std::ifstream("@config_file@") >> configs;
auto config_uids = configs["uids"];
std::set<std::string> uids;
for (auto& uid : config_uids)
uids.insert(uid.asString());
for (auto& config : configs["config"])
oneshot
(
config["username"].asString(), config["password"].asString(), config["comment"].asString(),
uids, configs["token"].asString()
);
}

45
modules/services/gitea.nix
View File

@@ -1,19 +1,20 @@
inputs:
{
options.nixos.services.gitea = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.services.gitea = let inherit (inputs.lib) mkOption types; in
{
type = types.nullOr (types.submodule { options =
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "git.chn.moe"; };
ssh = mkOption
{
hostname = mkOption { type = types.str; default = "git.chn.moe"; };
ssh =
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.str; default = "ssh.${inputs.config.nixos.services.gitea.hostname}"; };
port = mkOption { type = types.nullOr types.ints.unsigned; default = null; };
};
};});
default = null;
};});
default = null;
};
};
config = let inherit (inputs.config.nixos.services) gitea; in inputs.lib.mkIf (gitea != null)
config = let inherit (inputs.config.nixos.services) gitea; in inputs.lib.mkIf gitea.enable
{
services.gitea =
{
@@ -30,8 +31,8 @@ inputs:
ROOT_URL = "https://${gitea.hostname}";
DOMAIN = gitea.hostname;
HTTP_PORT = 3002;
SSH_DOMAIN = gitea.ssh.hostname;
SSH_PORT = inputs.lib.mkIf (gitea.ssh.port != null) gitea.ssh.port;
SSH_DOMAIN = inputs.lib.mkIf (gitea.ssh != null) gitea.ssh.hostname;
SSH_PORT = inputs.lib.mkIf ((gitea.ssh.port or null) != null) gitea.ssh.port;
};
mailer =
{
@@ -44,22 +45,24 @@ inputs:
};
service.DISABLE_REGISTRATION = true;
security.LOGIN_REMEMBER_DAYS = 365;
"git.timeout" = builtins.listToAttrs (builtins.map (n: { name = n; value = 1800; })
[ "DEFAULT" "MIGRATE" "MIRROR" "CLONE" "PULL" "GC" ]);
};
};
nixos.services =
{
nginx.https.${gitea.hostname}.location =
nginx =
{
"/".proxy.upstream = "http://127.0.0.1:3002";
"/robots.txt".static.root =
let robotsFile = inputs.pkgs.fetchurl
{
url = "https://gitea.com/robots.txt";
sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
};
in "${inputs.pkgs.runCommand "robots.txt" {} "mkdir -p $out; cp ${robotsFile} $out/robots.txt"}";
enable = true;
https.${gitea.hostname}.location =
{
"/".proxy.upstream = "http://127.0.0.1:3002";
"/robots.txt".static.root =
let robotsFile = inputs.pkgs.fetchurl
{
url = "https://gitea.com/robots.txt";
sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
};
in "${inputs.pkgs.runCommand "robots.txt" {} "mkdir -p $out; cp ${robotsFile} $out/robots.txt"}";
};
};
postgresql.instances.gitea = {};
};

7
modules/services/grafana.nix
View File

@@ -80,7 +80,12 @@ inputs:
};
nixos.services =
{
nginx.https.${grafana.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3001"; websocket = true; };
nginx =
{
enable = true;
https.${grafana.hostname}.location."/".proxy =
{ upstream = "http://127.0.0.1:3001"; websocket = true; };
};
postgresql.instances.grafana = {};
};
sops.secrets = let owner = inputs.config.systemd.services.grafana.serviceConfig.User; in

66
modules/services/httpapi.nix
View File

@@ -1,45 +1,47 @@
inputs:
{
options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
{
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
};});
default = null;
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
};
config = let inherit (inputs.config.nixos.services) httpapi; in inputs.lib.mkIf (httpapi != null)
{
nixos.services =
config =
let
inherit (inputs.config.nixos.services) httpapi;
inherit (inputs.lib) mkIf;
inherit (builtins) toString map;
in mkIf httpapi.enable
{
phpfpm.instances.httpapi = {};
nginx.https.${httpapi.hostname}.location =
nixos.services =
{
"/files".static.root = "/srv/api";
"/led".static = { root = "/srv/api"; detectAuth.users = [ "led" ]; };
"/notify.php".php =
phpfpm.instances.httpapi = {};
nginx.https.${httpapi.hostname}.location =
{
root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
"/files".static.root = "/srv/api";
"/led".static = { root = "/srv/api"; detectAuth.users = [ "led" ]; };
"/notify.php".php =
{
root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
};
};
};
};
sops =
{
templates."httpapi/notify.php" =
sops =
{
owner = inputs.config.users.users.httpapi.name;
group = inputs.config.users.users.httpapi.group;
content =
let
placeholder = inputs.config.sops.placeholder;
request = "https://api.telegram.org/bot${placeholder."telegram/token"}"
+ "/sendMessage?chat_id=${placeholder."telegram/user/chn"}&text=";
in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
templates."httpapi/notify.php" =
{
owner = inputs.config.users.users.httpapi.name;
group = inputs.config.users.users.httpapi.group;
content =
let
placeholder = inputs.config.sops.placeholder;
request = "https://api.telegram.org/bot${placeholder."telegram/token"}"
+ "/sendMessage?chat_id=${placeholder."telegram/user/chn"}&text=";
in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
};
secrets = let sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml"; in
{ "telegram/token" = { inherit sopsFile; }; "telegram/user/chn" = { inherit sopsFile; }; };
};
secrets = let sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml"; in
{ "telegram/token" = { inherit sopsFile; }; "telegram/user/chn" = { inherit sopsFile; }; };
systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
};
systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
};
}

5
modules/services/httpua.nix → modules/services/httpua/default.nix
View File

@@ -14,10 +14,7 @@ inputs:
{
phpfpm.instances.httpua = {};
nginx.http.${httpua.hostname}.php =
{
root = builtins.toString (inputs.pkgs.writeTextDir "index.php" "<?php echo $_SERVER['HTTP_USER_AGENT']; ?>");
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi;
};
{ root = "${./.}"; fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi; };
};
};
}

1
modules/services/httpua/index.php Normal file
View File

@@ -0,0 +1 @@
<?php echo $_SERVER['HTTP_USER_AGENT']; ?>

11
modules/services/huginn.nix
View File

@@ -15,13 +15,14 @@ inputs:
image = "ghcr.io/huginn/huginn:latest";
imageFile = inputs.topInputs.self.src.huginn;
ports = [ "127.0.0.1:3000:3000/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."huginn/env".path ];
};
sops =
{
templates."huginn/env".content = let placeholder = inputs.config.sops.placeholder; in
''
MYSQL_PORT_3306_TCP_ADDR=host.containers.internal
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
HUGINN_DATABASE_NAME=huginn
HUGINN_DATABASE_USERNAME=huginn
HUGINN_DATABASE_PASSWORD=${placeholder."mariadb/huginn"}
@@ -44,9 +45,13 @@ inputs:
{
services =
{
nginx.https.${huginn.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
nginx =
{
enable = true;
https.${huginn.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
};
mariadb.instances.huginn = {};
podman = {};
docker = {};
};
};
};

100
modules/services/kvm.nix
View File

@@ -5,17 +5,21 @@ inputs:
type = types.nullOr (types.submodule { options =
{
nodatacow = mkOption { type = types.bool; default = false; };
aarch64 = mkOption { type = types.bool; default = false; };
autoSuspend = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) kvm; in inputs.lib.mkIf (kvm != null)
{
nix.settings.system-features = [ "kvm" ];
boot = let inherit (inputs.config.nixos.hardware) cpu; in
boot =
{
kernelModules = { intel = [ "kvm-intel" ]; amd = []; }.${cpu};
extraModprobeConfig = { intel = "options kvm_intel nested=1"; amd = ""; }.${cpu};
kernelModules =
let modules = { intel = [ "kvm-intel" ]; amd = []; };
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) inputs.config.nixos.hardware.cpus);
extraModprobeConfig =
let configs = { intel = "options kvm_intel nested=1"; amd = ""; };
in builtins.concatStringsSep "\n" (builtins.map (cpu: configs.${cpu}) inputs.config.nixos.hardware.cpus);
};
virtualisation =
{
@@ -29,8 +33,7 @@ inputs:
parallelShutdown = 4;
qemu =
{
ovmf.packages = with inputs.pkgs;
([ OVMF.fd ] ++ inputs.lib.optionals kvm.aarch64 [ pkgsCross.aarch64-multiplatform.OVMF.fd ]);
ovmf.packages = with inputs.pkgs; [ OVMF.fd pkgsCross.aarch64-multiplatform.OVMF.fd ];
swtpm.enable = true;
};
};
@@ -40,17 +43,82 @@ inputs:
{
persistence."/nix/nodatacow".directories = inputs.lib.mkIf kvm.nodatacow
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }];
systemPackages = with inputs.pkgs;
[ win-spice guestfs-tools virt-manager virt-viewer inputs.config.virtualisation.libvirtd.qemu.package ];
systemPackages = with inputs.pkgs; [ qemu_full win-spice guestfs-tools virt-manager virt-viewer ];
};
systemd.mounts =
[{
what = "${inputs.topInputs.nixvirt.lib.guest-install.virtio-win.iso}";
where = "/var/lib/libvirt/images/virtio-win.iso";
options = "bind";
wantedBy = [ "local-fs.target" ];
}];
# libvirt does not setup "allow udp {53, 67}" by default
systemd =
{
services =
let
virsh = "${inputs.pkgs.libvirt}/bin/virsh";
hibernate = inputs.pkgs.writeShellScript "libvirt-hibernate"
''
if [ "$(LANG=C ${virsh} domstate $1)" = 'running' ]
then
if ${virsh} dompmsuspend "$1" disk
then
echo "Waiting for $1 to suspend"
while ! [ "$(LANG=C ${virsh} domstate $1)" = 'shut off' ]
do
sleep 1
done
echo "$1 suspended"
touch "/tmp/libvirt.$1.suspended"
else
echo "Failed to suspend $1"
fi
fi
'';
resume = inputs.pkgs.writeShellScript "libvirt-resume"
''
if [ "$(LANG=C ${virsh} domstate $1)" = 'shut off' ] && [ -f "/tmp/libvirt.$1.suspended" ]
then
if ${virsh} start "$1"
then
echo "Waiting for $1 to resume"
while ! [ "$(LANG=C ${virsh} domstate $1)" = 'running' ]
do
sleep 1
done
echo "$1 resumed"
rm "/tmp/libvirt.$1.suspended"
else
echo "Failed to resume $1"
fi
fi
'';
makeHibernate = machine:
{
name = "libvirt-hibernate-${machine}";
value =
{
description = "libvirt hibernate ${machine}";
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
serviceConfig = { Type = "oneshot"; ExecStart = "${hibernate} ${machine}"; };
};
};
makeResume = machine:
{
name = "libvirt-resume-${machine}";
value =
{
description = "libvirt resume ${machine}";
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
serviceConfig = { Type = "oneshot"; ExecStart = "${resume} ${machine}"; };
};
};
makeServices = serviceFunction: builtins.map serviceFunction kvm.autoSuspend;
in builtins.listToAttrs (makeServices makeHibernate ++ makeServices makeResume);
mounts =
[{
what = "${inputs.topInputs.nixvirt.lib.guest-install.virtio-win.iso}";
where = "/var/lib/libvirt/images/virtio-win.iso";
options = "bind";
wantedBy = [ "local-fs.target" ];
}];
};
# workaround a libvirt bug
# https://github.com/NixOS/nixpkgs/issues/263359#issuecomment-1987267279
networking.firewall.interfaces."virbr*".allowedUDPPorts = [ 53 67 ];
hardware.ksm.enable = true;

26
modules/services/lumericalLicenseManager/Dockerfile
View File

@@ -1,26 +0,0 @@
# 大概这样做:
# cp -r ~/repo/stuff/44/Lumerical_Suite_2023_R1_CentOS/{LicenseManager,Crack,License} .
# podman build .
# podman image save --format oci-archive 6803f9562b941c23db81a2eae5914561f96fa748536199a010fe6f24922b2878 -o image.tar
# singularity build image.sif oci-archive://image.tar
# nix store add-file ./image.tar --name lumericalLicenseManager.tar
# nix hash file /nix/store/v626n153vdr8sib52623gx1ych8zfsa6-lumericalLicenseManager.tar
# nix store add-file ./image.sif --name lumericalLicenseManager.sif
# nix hash file /nix/store/wr4i09smarzwyn1g2jhxlpkxghcwa01l-lumericalLicenseManager.sif
FROM centos:7
USER root
COPY ./LicenseManager /tmp/LicenseManager
RUN chmod +x /tmp/LicenseManager/INSTALL && \
/tmp/LicenseManager/INSTALL -silent -install_dir /home/ansys_inc -lm && \
rm -rf /tmp/LicenseManager
COPY ./Crack/ansys_inc/ /home/ansys_inc
# RUN sed -i "s|127.0.0.1|0.0.0.0|g" /home/ansys_inc/shared_files/licensing/tools/tomcat/conf/server.xml
RUN chmod -R 777 /home/ansys_inc
RUN ln -s ld-linux-x86-64.so.2 /lib64/ld-lsb-x86-64.so.3
COPY ./License/license.txt /home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
WORKDIR /home/ansys_inc/shared_files/licensing
CMD ["/bin/sh", "-c", "(./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"]

37
modules/services/lumericalLicenseManager/default.nix
View File

@@ -1,37 +0,0 @@
inputs:
{
options.nixos.services.lumericalLicenseManager = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
macAddress = mkOption
{
type = types.str;
default = if inputs.config.nixos.system.network != null then "00:01:23:45:67:89" else null;
};
createFakeInterface = mkOption { type = types.bool; default = inputs.config.nixos.system.network != null; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) lumericalLicenseManager;
in inputs.lib.mkIf (lumericalLicenseManager != null)
{
virtualisation.oci-containers.containers.lumericalLicenseManager =
{
inherit (inputs.topInputs.self.src.lumerical.licenseManager) image imageFile;
extraOptions = [ "--network=host" ];
volumes =
let
macAddress = builtins.replaceStrings [ ":" ] [ "" ] lumericalLicenseManager.macAddress;
license = inputs.pkgs.localPackages.lumerical.license.override { inherit macAddress; };
in [ "${license}:/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic" ];
};
nixos.services.podman = {};
systemd.network = inputs.lib.mkIf lumericalLicenseManager.createFakeInterface
{
netdevs.ensFakeLumerical.netdevConfig = { Kind = "dummy"; Name = "ensFakeLumerical"; };
networks."10-ensFakeLumerical" =
{ matchConfig.Name = "ensFakeLumerical"; linkConfig.MACAddress = lumericalLicenseManager.macAddress; };
};
};
}

125
modules/services/mirism.nix
View File

@@ -1,60 +1,75 @@
inputs:
{
options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) mirism; in inputs.lib.mkIf (mirism != null)
options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in
{
users =
{
users.mirism = { uid = inputs.config.nixos.user.uid.mirism; group = "mirism"; isSystemUser = true; };
groups.mirism.gid = inputs.config.nixos.user.gid.mirism;
};
systemd =
{
services = builtins.listToAttrs (builtins.map
(instance:
{
name = "mirism-${instance}";
value =
{
description = "mirism ${instance}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
User = inputs.config.users.users.mirism.name;
Group = inputs.config.users.users.mirism.group;
ExecStart = "${inputs.pkgs.localPackages.mirism-old}/bin/${instance}";
RuntimeMaxSec = "1d";
Restart = "always";
};
};
})
[ "ng01" "beta" ]);
tmpfiles.rules = builtins.concatLists (builtins.map
(dir: [ "d /srv/${dir}mirism 0700 nginx nginx" "Z /srv/${dir}mirism - nginx nginx" ])
[ "" "entry." ]);
};
nixos.services =
{
nginx =
{
transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };
https = builtins.listToAttrs (builtins.map
(instance: inputs.lib.nameValuePair "${instance}mirism.one"
{ location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; }; })
[ "entry." "" ]);
};
acme.cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; };
};
environment.etc = builtins.listToAttrs (builtins.concatLists (builtins.map
(instance:
[
(inputs.lib.nameValuePair "letsencrypt/live/${instance}.mirism.one/fullchain.pem"
{ source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem"; })
(inputs.lib.nameValuePair "letsencrypt/live/${instance}.mirism.one/privkey.pem"
{ source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem"; })
])
[ "ng01" "beta" ]));
enable = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.config.nixos.services) mirism;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs toString concatLists;
in mkIf mirism.enable
{
users =
{
users.mirism = { uid = inputs.config.nixos.user.uid.mirism; group = "mirism"; isSystemUser = true; };
groups.mirism.gid = inputs.config.nixos.user.gid.mirism;
};
systemd =
{
services = listToAttrs (map
(instance:
{
name = "mirism-${instance}";
value =
{
description = "mirism ${instance}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
User = inputs.config.users.users.mirism.name;
Group = inputs.config.users.users.mirism.group;
ExecStart = "${inputs.pkgs.localPackages.mirism-old}/bin/${instance}";
RuntimeMaxSec = "1d";
Restart = "always";
};
};
})
[ "ng01" "beta" ]);
tmpfiles.rules = concatLists (map
(dir: [ "d /srv/${dir}mirism 0700 nginx nginx" "Z /srv/${dir}mirism - nginx nginx" ])
[ "" "entry." ]);
};
nixos.services =
{
nginx =
{
enable = true;
transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };
https = listToAttrs (map
(instance:
{
name = "${instance}mirism.one";
value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };
})
[ "entry." "" ]);
};
acme.cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; };
};
environment.etc = listToAttrs (concatLists (map
(instance:
[
{
name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";
value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";
}
{
name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";
value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";
}
])
[ "ng01" "beta" ]));
};
}

18
modules/services/misskey.nix
View File

@@ -119,13 +119,17 @@ inputs:
postgresql.instances = builtins.listToAttrs (builtins.map
(instance: { name = "misskey_${builtins.replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
(inputs.localLib.attrsToList misskey.instances));
nginx.https = builtins.listToAttrs (builtins.map
(instance: with instance.value;
{
name = hostname;
value.location."/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
})
(inputs.localLib.attrsToList misskey.instances));
nginx =
{
enable = inputs.lib.mkIf (misskey.instances != {}) true;
https = builtins.listToAttrs (builtins.map
(instance: with instance.value;
{
name = hostname;
value.location."/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
})
(inputs.localLib.attrsToList misskey.instances));
};
};
};
}

4
modules/services/nextcloud.nix
View File

@@ -57,13 +57,13 @@ inputs:
};
in builtins.listToAttrs (builtins.map
(package: { name = package; value = inputs.pkgs.fetchNextcloudApp (getInfo package); })
[ "phonetrack" "twofactor_webauthn" "calendar" ]);
[ "maps" "phonetrack" "twofactor_webauthn" "calendar" ]);
};
nixos.services =
{
postgresql.instances.nextcloud = {};
redis.instances.nextcloud.port = 3499;
nginx.https.${nextcloud.hostname}.global.configName = nextcloud.hostname;
nginx = { enable = true; https.${nextcloud.hostname}.global.configName = nextcloud.hostname; };
};
sops =
{

18
modules/services/nfs.nix
View File

@@ -1,16 +1,20 @@
inputs:
{
options.nixos.services.nfs = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.attrsOf (types.nonEmptyListOf types.nonEmptyStr); default = {}; }; # export = accessLimit
{ type = types.attrsOf types.nonEmptyStr; default = {}; }; # export = accessLimit
config = let inherit (inputs.config.nixos.services) nfs; in inputs.lib.mkIf (nfs != {})
{
services.nfs.server =
services =
{
enable = true;
exports =
let clientString = clients: builtins.concatStringsSep " " (builtins.map
(client: "${client}(rw,no_root_squash,sync,crossmnt)") clients);
in inputs.lib.concatLines (inputs.lib.mapAttrsToList (n: v: "${n} ${clientString v}") nfs);
rpcbind.enable = true;
nfs.server =
{
enable = true;
exports = builtins.concatStringsSep "\n" (builtins.map
(export: "${export.name} ${export.value}(rw,no_root_squash,sync,crossmnt)")
(inputs.localLib.attrsToList nfs));
};
};
networking.firewall.allowedTCPPorts = [ 2049 ];
};
}

26
modules/services/nginx/applications/main.nix
View File

@@ -1,13 +1,23 @@
inputs:
{
options.nixos.services.nginx.applications.main = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services.nginx.applications) main; in inputs.lib.mkIf (main != null)
options.nixos.services.nginx.applications.main = let inherit (inputs.lib) mkOption types; in
{
nixos.services.nginx.https."chn.moe".location =
{
"/".return.return = "302 https://xn--s8w913fdga.chn.moe/@chn";
"/.well-known/matrix/server".proxy = { setHeaders.Host = "matrix.chn.moe"; upstream = "https://matrix.chn.moe"; };
};
enable = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications) main;
inherit (inputs.lib) mkIf;
in mkIf main.enable
{
nixos.services.nginx.https."chn.moe".location =
{
"/".return.return = "302 https://xn--s8w913fdga.chn.moe/@chn";
"/.well-known/matrix/server".proxy =
{
setHeaders.Host = "matrix.chn.moe";
upstream = "https://matrix.chn.moe";
};
};
};
}

2
modules/services/nginx/applications/sticker/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/config.json
/sticker-import.session

2
modules/services/nginx/applications/sticker.nix → modules/services/nginx/applications/sticker/default.nix
View File

@@ -11,7 +11,7 @@ inputs:
mkdir -p $out
cp -r ${inputs.topInputs.stickerpicker}/web/* $out
chmod -R +w $out
cp -r ${inputs.topInputs.sticker}/web/* $out
cp -r ${./web}/* $out
'');
index = [ "index.html" ];
};

1
modules/services/nginx/applications/sticker/web/packs/LINE_nachonekodayo.json Normal file
View File

File diff suppressed because one or more lines are too long

1
modules/services/nginx/applications/sticker/web/packs/Mare_by_WuMingv2Bot.json Normal file
View File

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More