chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:libvirt-cow
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:debug
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

203 Commits
libvirt-co ... debug

Author SHA1 Message Date
chn
bf223cf347 Revert "remove wallpaper desktopeffect theme etc" 
This reverts commit 5b6a2623bc.
 2025-05-25 14:03:57 +08:00
chn
5b6a2623bc remove wallpaper desktopeffect theme etc 2025-05-25 13:55:48 +08:00
chn
dec023fcaa remove autostart programs 2025-05-25 13:51:59 +08:00
chn
c3e9ac4d3d devices.pc: add test user 2025-05-25 13:37:46 +08:00
chn
759f68a0f7 Revert "switch to kde 6.3.4" 
This reverts commit 57d73b193e.
 2025-05-25 13:37:00 +08:00
chn
57d73b193e switch to kde 6.3.4 2025-05-25 13:32:50 +08:00
chn
6d528c35d7 Revert "modules.system.nixpkgs: patch kwin" 
This reverts commit a909023f14.
 2025-05-25 13:32:07 +08:00
chn
c027bb456c modules.system: dbus use default implementation 2025-05-25 13:19:15 +08:00
chn
a909023f14 modules.system.nixpkgs: patch kwin 2025-05-25 12:58:18 +08:00
chn
3bc77fcc51 modules.packages.desktop: move virt-viewer to kvm 2025-05-25 12:22:17 +08:00
chn
2866e242b2 flake: update 2025-05-24 22:03:09 +08:00
chn
736494a640 modules.packages.desktop: add nil 2025-05-24 22:01:32 +08:00
chn
77dd73a2e7 flake: remove qchem 2025-05-24 21:40:20 +08:00
chn
39de1b5e9e flake: remove bscpkgs 2025-05-24 21:39:57 +08:00
chn
012060a249 modules.services.nixseparatedebuginfo: fix 2025-05-24 21:38:18 +08:00
chn
626aa6d459 flake: remove gricad 2025-05-24 21:37:49 +08:00
chn
82347260e6 flake: remove envfs 2025-05-24 21:36:22 +08:00
chn
f6c205131e modules.packages.server: cleanup 2025-05-24 21:33:59 +08:00
chn
0d73b8293f flake: remove flatpak 2025-05-24 21:32:00 +08:00
chn
8f1b70c22d modules.packages.firefox: cleanup 2025-05-24 21:31:19 +08:00
chn
90d6b827c7 module.packages.desktop: cleanup 2025-05-24 21:31:07 +08:00
chn
8cb82861e5 modules.packages.zsh: cleanup 2025-05-24 21:17:50 +08:00
chn
78e2016797 modules.packages.winapps: remove 2025-05-24 21:16:22 +08:00
chn
126d47b841 Revert "Reapply "modules.system.plymouth: enable"" 
This reverts commit cf896ff786.
 2025-05-24 21:15:39 +08:00
chn
e6c4fbddab flake: remove nur-linyinfeng 2025-05-24 19:41:58 +08:00
chn
b48c1dfe3f flake: remove chaotic 2025-05-24 19:40:32 +08:00
chn
d3b06ad1b7 modules.services.xmuvpn: remove 2025-05-24 19:36:18 +08:00
chn
5a873bee31 packages.mirism: drop 2025-05-24 19:35:16 +08:00
chn
f5caaaefe4 packages.lumerical: remove 2025-05-24 19:32:37 +08:00
chn
b72575045a modules.services.lumericalLicenseManager: reove 2025-05-24 19:31:31 +08:00
chn
333dd32eee modules.services.gamemode: remove 2025-05-24 19:30:48 +08:00
chn
f9ef305a80 modules.services.waydroid: remove 2025-05-24 19:29:02 +08:00
chn
18cb080b18 modules.services.wechat2tg: remove 2025-05-24 19:27:54 +08:00
chn
ee86e9c244 modules.system.binfmt: disable as default 2025-05-24 18:58:15 +08:00
chn
0d45b6ffca modules.system.envfs: only enable envfs on desktop and server 2025-05-24 18:56:39 +08:00
chn
8aebad64ce module.system.gui: cleanup 2025-05-24 18:53:46 +08:00
chn
d5a24a4323 modules.system.initrd.unl0kr: remove 2025-05-24 18:51:30 +08:00
chn
919eb1247c modules.system.nix-ld: only enable for desktop/server 2025-05-24 18:41:54 +08:00
chn
524285fa67 modules.system.sops: remove unused gnupg keys 2025-05-24 18:34:21 +08:00
chn
091c16e887 modules.system.sysctl: enable all sysrq 2025-05-24 18:33:30 +08:00
chn
285d23c2da modules.user.chn: remove yubico auth 2025-05-24 18:28:01 +08:00
chn
b690132c8e modules.services.nixseparatedebuginfo: disable as default 2025-05-24 18:26:13 +08:00
chn
46eb66201c packages.spectroscopy: remove 2025-05-24 18:24:09 +08:00
chn
13a2c57312 packages.sockpp: remove 2025-05-24 18:21:40 +08:00
chn
c8fa8a0974 packages.winjob: remove 2025-05-24 18:20:14 +08:00
chn
c5193590cb flake: remove aagl 2025-05-24 18:18:43 +08:00
chn
cf896ff786 Reapply "modules.system.plymouth: enable" 
This reverts commit f392e70230.
 2025-05-24 08:53:55 +08:00
chn
663415ad84 devices.srv2: use open source nvidia driver 2025-05-24 08:48:06 +08:00
chn
907a8f6080 devices.pc: switch to production nvidia driver 2025-05-23 21:51:40 +08:00
chn
7c32fa3b8a module.system.gui: fix kde 2025-05-23 21:05:45 +08:00
chn
36b140bb16 modules.packages.zellij: fix 2025-05-23 16:25:08 +08:00
chn
7e40d8af38 modules.packages.firefox: remove switchyomega 2025-05-23 14:44:11 +08:00
chn
f5a3c4af12 modules.system.gui: fix fcitx5 2025-05-22 22:20:22 +08:00
chn
03ddd14623 flake.src.vasp.vtst: revert code 2025-05-22 17:50:58 +08:00
chn
6f50f70cd7 packages.nvhpcPackages.hdf5: fix 2025-05-22 17:45:26 +08:00
chn
a2863615c0 packages.nvhpc.stdenv: fix 2025-05-22 17:19:23 +08:00
chn
8c38364596 flake.src.vtst: fix 2025-05-22 17:13:20 +08:00
chn
2451f16442 packages.nvhpc.stdenv: fix 2025-05-22 17:08:23 +08:00
chn
b36f9e9f69 flake.src.misskey: remove unused source 2025-05-22 09:12:18 +08:00
chn
585bb26dcb packages.fromYaml: fix 2025-05-22 09:12:18 +08:00
chn
f31a38af3c modules.packages.bash: init 2025-05-22 09:12:13 +08:00
chn
61e6393190 modules.packages.zellij: init 2025-05-21 17:53:09 +08:00
chn
c3410d8be0 modules.user.chn.plasma: fix fcitx5 2025-05-21 10:37:05 +08:00
chn
596d1d4e91 packages.misskey: fix 2025-05-21 10:12:57 +08:00
chn
893ed54b79 modules.packages.server: add glib 2025-05-21 10:09:48 +08:00
chn
d50ed59209 devices.pc: remove frp 2025-05-21 09:41:34 +08:00
chn
9da8f28997 modules.system.fileSystems.impermanence: enhance remote mount 2025-05-20 17:27:01 +08:00
chn
cf3a47ca56 add note 2025-05-20 11:58:53 +08:00
chn
d28d4ec79f Merge branch 'next-pc' into next 2025-05-20 10:53:42 +08:00
chn
bb97d11d77 modules.packages.vscode: fix 2025-05-20 10:46:29 +08:00
chn
98de92fd76 flake: lock nix-vscode-extensions 2025-05-20 10:13:42 +08:00
chn
ad40c0457e modules.packages.vscode: add copilot-chat 2025-05-20 10:02:49 +08:00
chn
130e7008d2 devices.nas: remove unused secrets 2025-05-19 09:49:47 +08:00
chn
74b9384a51 modules.services.btrbk: drop 2025-05-19 09:46:56 +08:00
chn
d2b6ac8d2c flake: update 2025-05-18 18:24:28 +08:00
chn
d1e3867481 Merge branch 'production' into next 2025-05-18 18:15:55 +08:00
chn
02758bd2e4 devices.vps6: xray comment user 2025-05-18 15:38:00 +08:00
chn
78b67438a7 modules.system.fileSystems.impermanence: mount .config/systemd 2025-05-18 13:18:25 +08:00
chn
7441e19606 modules.system.gui: remove hyprland 2025-05-18 13:14:21 +08:00
chn
fa1d0e6757 update stateVersion 2025-05-18 12:45:53 +08:00
chn
135eaf2760 doc: add 2025-05-18 12:35:14 +08:00
chn
2a04978872 modules.services.nextcloud: update 2025-05-18 12:32:05 +08:00
chn
22abe5378f doc: add 2025-05-18 12:30:30 +08:00
chn
382f74a127 modules.services.synapse: port from new nixpkgs 2025-05-18 12:29:51 +08:00
chn
300a69c389 modules.services.nixvirt: add doc 2025-05-18 11:11:14 +08:00
chn
e306de5db7 modules.services.nixvirt: fix 2025-05-18 11:10:41 +08:00
chn
50ca811ac3 modules.system.networking: fix nftables flushRuleset 2025-05-18 11:10:31 +08:00
chn
9b92bb1180 modules.system.nixpkgs.buildNixpkgsConfig: libvirt do not add nft deny rule 2025-05-18 11:10:24 +08:00
chn
c3b4de09a5 modules.system.nixpkgs.buildNixpkgsConfig: libvirt use nftables 2025-05-18 11:10:14 +08:00
chn
0cd2c914f8 modules.services.nixvirt: add doc 2025-05-18 11:04:49 +08:00
chn
58836ecef9 modules.services.nixvirt: fix 2025-05-18 10:39:39 +08:00
chn
a314644f32 Revert "devices.test-pc: remove chn2" 
This reverts commit 61bc7ae597.
 2025-05-18 10:08:35 +08:00
chn
61bc7ae597 devices.test-pc: remove chn2 2025-05-18 10:06:01 +08:00
chn
fc18847cb6 modules.system.networking: fix nftables flushRuleset 2025-05-18 10:02:20 +08:00
chn
b59ef94230 devices.test-pc: add chn2 instance 2025-05-18 09:55:47 +08:00
chn
0ea5eb6d03 modules.system.nixpkgs.buildNixpkgsConfig: libvirt do not add nft deny rule 2025-05-18 09:44:05 +08:00
chn
6b32804066 modules.system.nixpkgs.buildNixpkgsConfig: libvirt use nftables 2025-05-18 09:30:09 +08:00
chn
9f4517773e devices.vps4: fix 2025-05-16 16:39:57 +08:00
chn
ae1f782dff modules.services.nixvirt: fix nvram error 2025-05-16 15:21:52 +08:00
chn
f4e400749c modules.services.nixvirt: add subnet option 2025-05-16 15:13:29 +08:00
chn
97fc833c2b devices.test-pc: fix 2025-05-16 15:00:41 +08:00
chn
48ad281bc0 modules.services.nginx.applications.sticker: fix 2025-05-16 14:58:45 +08:00
chn
6735cc33a0 modules.system.security: fix 2025-05-16 14:55:13 +08:00
chn
a5acade462 devices.test-pc-vm: init 2025-05-16 13:37:21 +08:00
chn
5ecf78a85c devices.test-pc: enable nixvirt 2025-05-16 13:29:22 +08:00
chn
f392e70230 Revert "modules.system.plymouth: enable" 
This reverts commit bd7afc99a4.
 2025-05-16 12:17:07 +08:00
chn
bd7afc99a4 modules.system.plymouth: enable 2025-05-16 12:06:48 +08:00
chn
e0104154ea modules.system.fileSystems: fix 2025-05-16 12:03:27 +08:00
chn
191e065863 flake.dns: fix 2025-05-16 11:04:39 +08:00
chn
0a80195146 flake.dns: fix 2025-05-16 11:04:09 +08:00
chn
34fcbc66fc devices.{nas,one,pc}: set xray server 2025-05-16 11:02:42 +08:00
chn
dd3020e7bb devices.{nas,one,pc}: set xray server 2025-05-16 11:01:06 +08:00
chn
499f4e1791 devices.srv3: more xray user 2025-05-16 10:56:31 +08:00
chn
a4994d1dfb devices.srv3: more xray user 2025-05-16 10:55:56 +08:00
chn
32202a3ec1 Revert "devices.vps4: drop" 
This reverts commit 0030a7f35c.
 2025-05-16 10:44:44 +08:00
chn
5352384ff3 devices.vps6: modify comment 2025-05-16 10:29:20 +08:00
chn
46ad5f128c devices.nas: temprarily disable btrbk 2025-05-16 10:18:23 +08:00
chn
cc28a59bb7 modules.user.chn.ssh: set key for root 2025-05-15 21:30:37 +08:00
chn
2db2e83d7c modules.system.gui: disable hyprland 2025-05-15 21:24:55 +08:00
chn
a33bfc120a modules.system.fileSystem.rollingRootfs: fix 2025-05-15 20:25:49 +08:00
chn
8ff34e7d0d fix 2025-05-15 18:07:28 +08:00
chn
4a40fd812f Merge branch 'production' into next 2025-05-15 17:40:47 +08:00
chn
5e6acc9c20 fix 2025-05-15 17:37:30 +08:00
chn
eaf15e7a8d devices.srv3: add reonokiy 2025-05-14 09:18:45 +08:00
chn
ce841d4e48 devices.test-pc: init 2025-05-14 09:05:46 +08:00
chn
6f955e6f43 packages.oneapi: fix 2025-05-13 19:05:25 +08:00
chn
ddd6098881 modules.system.nixpkgs.buildNixpkgsConfig: fix 2025-05-13 18:07:48 +08:00
chn
7083a784eb packages.oneapiPackages.stdenv: init 2025-05-13 18:05:46 +08:00
chn
7e1608194e fix 2025-05-13 18:05:43 +08:00
chn
b700c0ea23 devices.nas: change beesd settings 2025-05-13 10:54:21 +08:00
chn
d82bb20cfc modules.services.btrbk: fix 2025-05-13 10:50:09 +08:00
chn
f5aa96e7c8 Merge branch 'production' into next 2025-05-12 19:32:30 +08:00
chn
c1ebd6166b Revert "modules.services.wireguard: always persistentKeepalive" 
This reverts commit cea0bded1c.
 2025-05-12 19:32:08 +08:00
chn
fff3ae2b7a Merge branch 'production' into next 2025-05-12 19:31:32 +08:00
chn
c46aa581ba fix build 2025-05-12 14:46:11 +08:00
chn
cea0bded1c modules.services.wireguard: always persistentKeepalive 2025-05-12 13:36:55 +08:00
chn
4fb265ea29 Merge branch 'production' into next 2025-05-12 12:31:36 +08:00
chn
ab5ede9fb5 modules.services.nixvirt: fix 2025-05-12 12:29:55 +08:00
chn
3e01d93a19 flake: fix nixvirt 2025-05-12 12:09:27 +08:00
chn
b2b7d1386d fix build 2025-05-12 11:35:38 +08:00
chn
c39bf8ed0a Merge branch 'production' into next 2025-05-12 11:34:15 +08:00
chn
dd95b9b282 modules.services.nixvirt: fix 2025-05-12 11:33:48 +08:00
chn
698991d0b3 modules.system.nixpkgs.buildNixpkgsConfig: patch libvirt 
modules.services.nixvirt: remove unnecessary workaround
 2025-05-12 11:32:04 +08:00
chn
4c67d52a15 devices.srv3: add port forward 2025-05-12 10:40:05 +08:00
chn
8221864e9d Revert "modules.services.nixvirt: try to fix" 
This reverts commit 714aaeb39a.
 2025-05-12 10:25:46 +08:00
chn
714aaeb39a modules.services.nixvirt: try to fix 2025-05-12 09:39:47 +08:00
chn
9b10352368 modules.system.kernel: restore hibernate progress patch 
modules.fileSystems.resume: apply hibernate progress patch when resume is set
 2025-05-12 08:58:26 +08:00
chn
3973b407ae fix a lot 2025-05-12 07:57:52 +08:00
chn
1c69e74fd6 modules: fix catppuccin 2025-05-11 15:45:07 +08:00
chn
845f9c94ec fix nginx 2025-05-11 15:43:10 +08:00
chn
ebacc9a82b modules.services.btrbk: fix 2025-05-11 14:20:32 +08:00
chn
2502d0a975 modules.system.kernel: use rustland 2025-05-11 14:17:04 +08:00
chn
c6e37edf31 modules.services.btrbk: split into separate instances 2025-05-11 13:26:26 +08:00
chn
f00cf457ae update nixpkgs 2025-05-11 10:53:52 +08:00
chn
469e3be1c7 flake.src: fix 2025-05-11 10:53:21 +08:00
chn
6911412e27 packages.octodns-cloudflare: use upstream 2025-05-11 10:40:17 +08:00
chn
6e1b2c7ad8 packages.highfive: remove 2025-05-11 10:36:29 +08:00
chn
7a17df0139 flake: update src 
packages.nglview: use upstream
 2025-05-11 10:29:44 +08:00
chn
96de72a0c8 packages.git-lfs-transfer: move to upstream 2025-05-11 10:01:45 +08:00
chn
0317518f64 flake: nixpkgs port patches 2025-05-11 09:21:50 +08:00
chn
46440b22f8 modules.system.nixpkgs.buildNixpkgsConfig: disable all workaround 2025-05-11 09:02:25 +08:00
chn
ae2f7d9852 flake: update 2025-05-11 08:58:24 +08:00
chn
bb58891baa Merge branch 'production' into next 2025-05-11 07:46:27 +08:00
chn
dad924dcb0 packages.misskey: update doc 2025-05-11 07:43:23 +08:00
chn
d383fbbb2c modules.services.xray.client: set priority to rr 2025-05-11 06:55:58 +08:00
chn
f87e6e4dd4 packages.vm: fix 2025-05-11 04:51:31 +08:00
chn
f6c0840456 devices.srv3: add port forward 2025-05-10 15:16:13 +08:00
chn
f07fc8229d modules.services.nixvirt: 整理 2025-05-10 14:59:54 +08:00
chn
706a50de5e modules.services.nginx: fix 2025-05-10 13:43:30 +08:00
chn
3caf00eaee modules.services.nixvirt: fix 2025-05-10 13:05:47 +08:00
chn
15f9d62cf1 devices.srv3: fix doc 2025-05-10 13:04:42 +08:00
chn
e2241af86b devices.srv3: add forward 2025-05-10 12:57:30 +08:00
chn
3d4b540a92 modules.services.nginx.applications.example: init 2025-05-10 12:39:34 +08:00
chn
4786875dba modules.services.nixvirt: try to fix vm reboot 2025-05-10 12:11:01 +08:00
chn
fe89f4a8ac devices.srv3: add test vm 2025-05-10 12:09:55 +08:00
chn
5fd6dbf792 devices.test: init 2025-05-10 11:54:51 +08:00
chn
63e26a664a modules.services.kvm: fix 2025-05-09 11:15:25 +08:00
chn
67ab1a0da1 modules.system.plymouth: fix 2025-05-09 10:52:57 +08:00
chn
91675797ec devices.pc: mount jykang.xmuhpc 2025-05-08 19:28:44 +08:00
chn
bc7fa692a0 devices.jykang.xmuhpc: add vaspkit 2025-05-08 19:06:11 +08:00
chn
db180c731b set branch 2025-05-08 19:03:33 +08:00
chn
d8c0913979 add doc 2025-05-08 19:02:26 +08:00
chn
a26a462120 modules.services.beesd: fix 2025-05-08 12:52:18 +08:00
chn
ceef07b39b devices.srv3: more aggressive beesd settings 2025-05-08 11:49:53 +08:00
chn
78150703be modules.services.snapper: lower snap 2025-05-08 11:48:48 +08:00
chn
e61225cf06 devices.nas: add more backup 2025-05-08 11:41:32 +08:00
chn
0f2d9817a6 modules.services.postgresql: fix 2025-05-07 22:23:57 +08:00
chn
4c5eb870b8 modules.services.btrbk: fix 2025-05-07 19:47:17 +08:00
chn
5600583769 modules.services.btrbk: fix 2025-05-07 19:26:45 +08:00
chn
81ab3d6c3a devices.nas: enable btrbk 2025-05-07 19:18:40 +08:00
chn
cc04e27a66 modules.services.btrbk: init 2025-05-07 19:18:37 +08:00
chn
bea7dd3677 modules.services.nixvirt: memory use unit MB 2025-05-07 17:23:45 +08:00
chn
489c37d7e8 modules.services.nixvirt: never restart domain 2025-05-07 17:21:33 +08:00
chn
47826f3113 flake.dns: fix 2025-05-07 17:02:47 +08:00
chn
3a423fe337 modules.services.nixvirt: add web forward 2025-05-07 16:33:26 +08:00
chn
17dc62ce98 modules.services.nginx: add http proxy, transparentProxy support other address 
devices.srv3: add proxy
 2025-05-07 16:03:48 +08:00
chn
7e3816d1e3 devices.srv3: add port forwarding 2025-05-07 13:44:46 +08:00
chn
edfb2da897 Merge branch 'add-pen' into production 2025-05-06 21:35:35 +08:00
chn
7175664f77 devices.srv3: add pen 2025-05-06 21:20:41 +08:00
chn
98eb5bab0e devices.vps7: merge into srv3 2025-05-06 19:20:55 +08:00
chn
95c4d529e1 modules.services.postgresql: disable nodatacow 2025-05-06 15:26:57 +08:00
chn
c30f1d0352 modules.services.nixvirt: use raw image 2025-05-06 12:18:55 +08:00
chn
3c4950a061 services.kvm: add nodatacow option 2025-05-06 12:03:17 +08:00
143 changed files with 2532 additions and 2840 deletions
Expand all files Collapse all files

19
.sops.yaml
View File

@@ -1,8 +1,8 @@
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
@@ -11,13 +11,16 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &srv3 age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
creation_rules:
- path_regex: devices/pc/.*$
key_groups: [{ age: [ *chn, *pc ] }]
- path_regex: devices/vps4/.*$
key_groups: [{ age: [ *chn, *vps4 ] }]
- path_regex: devices/vps6/.*$
key_groups: [{ age: [ *chn, *vps6 ] }]
- path_regex: devices/vps7/.*$
key_groups: [{ age: [ *chn, *vps7 ] }]
- path_regex: devices/nas/.*$
key_groups: [{ age: [ *chn, *nas ] }]
- path_regex: devices/one/.*$
@@ -38,10 +41,16 @@ creation_rules:
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
- path_regex: devices/srv3/.*$
key_groups: [{ age: [ *chn, *srv3 ] }]
- path_regex: devices/test/.*$
key_groups: [{ age: [ *chn, *test ] }]
- path_regex: devices/test-pc/.*$
key_groups: [{ age: [ *chn, *test-pc ] }]
- path_regex: devices/test-pc-vm/.*$
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
- path_regex: devices/cross/secrets/default.yaml$
key_groups:
- age: [ *chn, *pc, *vps6, *vps7, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*srv3 ]
- age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*srv3, *test, *test-pc, *test-pc-vm]
- path_regex: devices/cross/secrets/chn.yaml$
key_groups:
- age: [ *chn, *pc, *one, *nas ]

2
devices/cross/luks-manual/default.nix
View File

@@ -7,8 +7,8 @@ let devices =
"/dev/disk/by-partlabel/nas-root4".mapper = "root4";
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
};
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
vps7."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
srv3 =
{
"/dev/disk/by-partlabel/srv3-root1" = { mapper = "root1"; ssd = true; };

BIN
devices/cross/luks-manual/vps4.key Normal file
View File

Binary file not shown.

BIN
devices/cross/luks-manual/vps7.key
View File

Binary file not shown.

168
devices/cross/secrets/default.yaml
View File

@@ -24,6 +24,10 @@ users:
aleksana: ENC[AES256_GCM,data:xRqQLPpcv0Ymz7wV0jDDz1i6eKIZKEXvqofO58VSHEC9aVSTLV7aXLw2kQ8PrAPo4FAkne2F6MYQGRwZFIHOjxfhw+ncXVDHxg==,iv:OSbT/f2LRUFY3DEyCCbWkPzwsrsNdVz6ah5ITRt+Kjc=,tag:00z36RTe76p1uxFCchGcpg==,type:str]
#ENC[AES256_GCM,data:xAGWajpTpg2keMthwQ==,iv:sQreB2mExZlWgVsig7885zf4LI6RFSitYUnD4ngvhfQ=,tag:viEY1wUVlDCqKm5ucQWzsA==,type:comment]
alikia: ENC[AES256_GCM,data:N4lyS8XZSxP3su+Frz00BPU+II+N6nosu4yOLPSG7zxefcJoG7i5bG3bzb1OQLc/x4fTuD2Wd6mEy6q66cizBkGn3xQHZIaW2w==,iv:FO64ACjOS6+UzWKP5WdcFOGZTzslfetX/VAxyUPZ3ds=,tag:6Kf0MCRUj9cbxyk4TsH8iA==,type:str]
#ENC[AES256_GCM,data:1br5bc3q0jBn4WrJzQ==,iv:YmIFhDd9Wl4dcKJLBC6A3v7oUXhBin6ZOuJknSiaYfw=,tag:8gtEBug4vHQkxN/9tLjqSw==,type:comment]
pen: ENC[AES256_GCM,data:XOKXV0YSFbHC3I3xO8fpWvYerNfVFg2afs+CUp2MZB+yt9KR5bTJdVOfUGldLbWH5CR4v5FxTrTujv24wJ710Rfyugxh9aFJ/w==,iv:tHLoO+XpdUk8S56QUiJQOpVO9C5epam9PMubMN+8fHw=,tag:H0srWRigNUedQMIAfJlfjg==,type:str]
#ENC[AES256_GCM,data:K6O0TIYYGZmM8iOwsQ==,iv:xtT8Psnoy51V9gsRo335+VT56FXTcMQ3d4/tnuWouew=,tag:k8irtZ33G3UFK++rzcmyiw==,type:comment]
reonokiy: ENC[AES256_GCM,data:fPKdOPAKbXUvK5Jj08T0iSD23mhhkTXCexgB5q3v5JS4c6V4S+W14WOkS4UHrMQls/rHslw0NyMzS5G27A+5vN+EN+xJZfuRGg==,iv:tSdNOgs61tyt7/hUKt8bfKvpq9qOQU14ligdxBs/ATs=,tag:6IoS/p2StKtFREIpxsWkdg==,type:str]
telegram:
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
user:
@@ -34,121 +38,143 @@ acme:
nginx:
maxmind-license: ENC[AES256_GCM,data:MtmNo6hHlU75N6PvzF7P5i6Q+myV4Keb1JRXVeHxTennNpKfAndsKg==,iv:DqM91JX+1WX8Zqzha2Tm3ztFaSzKYQg+b9NvUm+6jxY=,tag:XnDTBL9MA/B8XfPZqdk7Eg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RzdocjRWTTFGWVdqb2JE
RDBiWjVNOHBSMlFNMHZOOFYxRzlVZmhKQ2w0CkpGbHRnNTY2NGdzVGx5QmprblNZ
YmxCd2Q2VW1SOVZIeDk3Q09LdHdheG8KLS0tIFl5WThUOGozc0xBYVBVVEVFdU4v
N2NKcnAwUE8zMDJhaWhqWTljNHppSjgKp4cb4FLsULkDS1VPZT9TLe8z8IH5Jt4d
nCqerHvO5j8yo3tPs0BXS675i2HAnup0KQZay7NV7bztbRhWtTiF/A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR09MUytUL2h3cWlIanNF
VWd6SVNWOGVlVVpGbGtyQWxnZlk0cEx2TFJzCmhtbGRFcDdlWDAxU3NneXloSS9U
WXBtQmg4dFhOb3J3bThCUDliUmJ4NVUKLS0tIG1uQjdiODdHWVVrVGIwb2lPN1V1
QjVyWFAzQTRDWXMyMXdUNytKcy9abmsKZ6maa6DoKPkDAYXGLVoLWIi3fzzs1SVF
C/9y2PG/j7F8Pd4hUHl7ILWN/VNbYKQwGYp59+kKeAzeSHkJeTTKyg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMnJuVVJjTWRIdzdiYlVS
RHo1OEx3Y29yL3NuVmduN1loaTgxR01kVXowCjl0ZVhVd1liUnJSWEVRNlR5MzdY
R29Pc0dJSXJvb2FjTDAwRW9xUCtQT2MKLS0tIFRUdHovemMvQkhUbkYzSVZyWmkv
ZGlKUHAySWVlKytIUThXQlNPSERadEkK8L3GpqrTiuRaFtICkQmc8RSxBz2XykMZ
irVZmqwE3787Ku3obqdBNPyB6w6tBGuf2g13PBpbctlYEioz9k5gKQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaitpVkkvNEFOMEZXK2s0
Z1o0UTZ4NFRrd2NqNzhNVWhncmdWWDlzZ2swCkthMU50WldYajN1eEZCRVRUZ2d6
TU8za1R0aUdCV3hZaVlIRE01UHdYc2MKLS0tIFNWcFdVWGc5dUVtWnVVbGh1WFVU
UzFsYS9tL0xNeDBmQWIrTVB2MkVtdVUKjMADWap5h4NGj3ESamUHz3+8AtO2sOL6
wFm/sTfEuhFqO8bodtBXB/veQOrr97Dw8PhO/6CO5JdGTEyFIZ3DoQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOFprRWZQaVpMQkxJN2Vw
RVB6QXN6bDJPcEt3YURaby9PZm1FZHhDRmtZClBiV0JobHZRejhWVzhOZThRTTJ1
UE91bzdWMjJvYllIWXBmQkNReThIc00KLS0tIGRLa0V1b3ZWSVQzc01sUlBMVzBz
blZyM0FpelBoTE5Ia2J3S2c0WE5FcVEKKTJ5jzNLkLixv+8DlcTrR9sWs6GihPG6
x9w/Zu5H4DK9EVFyksTujRZZMI6o4lHzl2VIrgkTNQUwIPtsqo5KMQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWDViT3JyRktZYldxN3Z0
V3RWSXlOT0JEd0xJWlk3TzUyRFpFRytSRmtzCk4vNUk0UFN3bkRaaGdzenFwK3Ez
WjdDVi80RGdENmp3TzBuRElFQmVwMmMKLS0tIHpsZU1XQ3p5N3FwNjJmRHMrSFVI
TE9odnJrWGx6UFltTjN3WHNobTlqa3cKifobNMMKnEckbPp+mfeQVDldbLzvGM4/
y6oSeXQzRKQwFOIH6z4nQjMiMKvpHDEcIbTzCrQ0QCxGKywH6PzmuQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHS1lrQmkyRVNkWFFhWEpm
MXhOOEVWTTZQdkp6ajlFVGEvdmd1QlVQQXlBCjc5a1RobjhOb0ZXL2ZlSFVxV2hP
OXVVMXpqN2hGQnZOcmVVbzBQT3QvYTQKLS0tIE1KSm5RRDBabTBTaDl4d29Fb1o3
Wk5MNy9hQ1E1eTdzdG1Yb3Z2NlNTZlkKivBHX1XApj7EGG4k2N/5quJ2bINNt5lF
DTFZfjfZY5TKMxq+/LoxMB9i/eRXxcUNUA9Bkex0HhE+VZS2AcTgAw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQWwvbXZoNHFxM1Y3L0pO
cDlML1ZWWXppeWxaZjZwOFVvbHNubmxEYUI4ClB6Wm00dTRFUE8xTFNlUmdacjFU
VGNiMFk1SHpOVnJ6RWdyVXk3WGkxZm8KLS0tIDFnamZqa1VqdUVXWFN5YW5CNGhh
UHc5bCsvVFV2eDlLR2Q3STFCQXpZRzgKSVvG8HcDtBJAh8iNrQd+UKbgs/k5Yf2t
KqMdODturfudk8QJn3pR97essszrsK/HS4yptp71bBSj3qK50Lp/rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpKy8yRHphTTcwc0dhYWFV
SnNEZWQ4d1d6Qmx1VGJ3aVdJRms3SDZ1NkdzCjVpYUx0bW0vb1NMKzlQOWU5YWdT
VlhXdEk0bGMvR0hjOFNBMWJuS2NUNlEKLS0tIENQWDZROFRuODh0N3h2RzVSVDZE
c25adTFUVUh4NThIb0F4aStlUVJGaFkKirqc9ny+BYJgNuGlwLxdpTSPVe3V69oO
qGN+m/nWfoPGO1hWZ55qR08P94VcP7KW0eK9r+TdrwQp9T1rOtHWZA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Rkc2MVhUc0tTUkNsenQ2
aVM1dG9MSVpwaFloU1ZRWmVsaEtYVGY3NlFnCm5PM0VpWVFKdExJbExIMnZ0Tmw1
eCtVdkRpVW9lcFA5bWwwbWNaYTMzejQKLS0tIHA4MTd1anM4NWtmQUx1cVlsWFVQ
bk5iV2xRazdoZnY1dGhKSGFFdUFWY3MKGoxBih7fDQoZFxj8JjiRAl8D3/8xWBeq
RS/8C6v+/V+Afnv9QN6uYt0l4YeGn8tv1TRNWXHZl0A6DFjzouwhZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaWpFOUV1S2lGREdZak45
OVhCSk40OTMwMVhKZWJibmFsY0o1aE1PQWk4Cit6emhXU1QzV0ZueWs5R3VTRUg4
TjZrK2RIOUN1ZU12THZqR09YeWtyMjQKLS0tIFR4SUlCYk1rd2U4SlkvRi9SODR6
Nk5KamEzUTJkNi9lOFN3VXlEME5LN0kKwjcReB2V8kpavQTXift2KmHm603zTzw9
Cx+UO+hkOQGsOLg+Q9A8t850vuqwuq28XHFQFJ7Ac5owhxCpriH9uA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2hsZGExRnFaclpUNEdr
bkJJM2gySmtzUlVmZWoxZ3pST2l2dGtCdnhnClNWeVZqWTJ1Mk1pMGZCaXppU0lY
RUtlT3YrQmZuVTZ3TjJYMlhGMTVMMncKLS0tIDJsaVQ3aHZIWHhXOFJ1WmpQUDNk
SjBSRm4wWjhpUzFmVUtwdGUvbmVIV0EKzgfa9i+VJLPvBRrFbNavZtG1hK6jazoD
WHkWedx4AUUJQQlp12Wetj/0yY9jF3BLv/wvEAusq6Z4dO2aHr3sRA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUm5INDhONE9hZjU5MGRn
ZzZLdUNPeHNSSHUrZzRxbTdjRGxhd2wyRWgwCjMzc2UrUEVOUTJqckR6WXpRR1p5
TlA5MUtFRXBjazBhc3Rzc3MraFl1dzQKLS0tIFpYajU3Q2hPajhFbURSaXZ3MURT
UXduR3Vvam54RmhoQkdrN1N2ejdEVmsKeC/robT8ijuPAQt75xnLFi+cz9i0idfU
xCgD6JpqaIMwalpIAuVh6KD/tE9mwWIZSeNk2InGX7/bWmMEB8Dcgw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcWFOcXAyYjNoSEhLdEtC
ang3bHJ2RmtaL2RManE0K3B0elg4aHJmODB3ClZLSXA5MmhVT2ZZSm9KSUlod3BB
V05lT3h0a3NQZnMrNERwNk1LTHRiVlkKLS0tIElESTNEVUpZbk93WFpXNnRTYzY5
K2tkMlVCRnBKdVRzWk9aQy9kUUx3L1kKNO9LsaJDfF0v/XCMYV0lmHLFakbVjj+H
wGJZQYgu/sETDZQVMeu42fQ++IKElmpfq2/o6+gM7aI0RxLqnBryfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUENVYm1DQ2h1aUxQaE5u
VlBIcU8rdzNaZk5wWHpPNnhPUlVIWGtucjFFCmY4dWdSMy9WSWhBWmZUZGVnWlNP
K0lFK1NLcGpzSDRXSG5SaUdxamgxekkKLS0tIGJWR0dTZ3kyd0dZSVRQVE93Rytl
R1pKVklVbUlZZk1IaUpYVzlQUkplV1kKKN8vFbUrnsxgw5ViYoMBoyxqUOxnpmaQ
YqMYedsrnvWvCx9xyu3Kj/MJ88zQchJzdVfg0dUcbY6KRz51m9HE2Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYnBzd1k5UEhXZ0wxSU02
elZkYlhDWC9CbWFkRlM2bCs2dzNTSlk4TUJnCm1WVnVxaUYwZ1QvNHJRb29ER21P
UWhOb2tETWRJR09Sb0l6VXRMaU5KZlkKLS0tIFA3TldTUmJ0Y0xJemJPS0wwK05D
SHVXTGUraDE4anJOZFFuaHBKV1lMSWMKemZfKWbI0YR4QuR5zqvGKSnU3HzwZHvo
DJ9u2eq7R7OwtDscn9qCwPThORxLMWdI3n+3+XVwAysqW2efrvnGgA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmhtaXFZL1dTV1FZVktv
VUFMc2o3U2pubTgvbmNZMVIvcGVOZ0UrNGlrCnRwMENSUi80aWxjZ0xpQTVaU2Qr
OVUzYVdVTFpxWVB0WXZKTkV0akwxK0EKLS0tIEovQkZzMUFlM210MFZuMHdqVi8r
ZTR1VVB5akRxeWVtaUxoYUxKOEpSUzQK5sh8HyaZY1ww5vcoIktuVs/XUF88HYAO
tmJiqZniKeOJT4xpBCQoelJ++oVzSqEAg4h5jgCXWN6dstrc71oVrA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOFZQZmRHVUdjTXpDbFFm
SGt1d2lmYXVZa21iSFhMOTUzMmRIU3BIOUI4CmFvT1BMZmE1eC9tV3dJbVJ4ME8z
N25hc0NyZmtMbGFxYmtPSkFkSGZ4bFEKLS0tIE5sUFBTanJONjhtR3BnYjVYdlYr
NVZNeDFJOGJIdFlacE9LMmFuakZYUkUKmuK+ogCs3WH9TiGiUfRZ9L98aqRli91A
1xHYMJOc5FwI+jaHp1m7nkn+egIOmKvyyejI2ZHQ84tItS+aoiI0bw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSWdybjBIZ2dieFZUbXY0
RjNZc200SXBrMkM2b2NQY01vQ2dUQ3RYWURZCnY1bUJ5TjZkdllxRkhRc1VkbVpR
cU5YU2V0RUhuaVFHNXhTd0JGNzVZVk0KLS0tIEc1L1dqYkZsN2xNMnlhKzgyeXRC
Z0YybnhlK0tNQWw0UXNsY0hzcFVTVncKXXjQiIi4TAdDbeoL7uN0IQmjd1koP0OX
2CVpK81DSNGPhS9wvrwE8QHkY10q07CHPWl7qr45ksD1XNG4PoTTFA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRHdHMFAvRFRCNmNES2R0
Q3ptRDVrQ3JHaXBxSUlldVd5WUNFc1ZQeDBFCnNiMFErODJhbk5LQ1VGd01oU1N2
eXk4Q3VRcUNNWURDUitUMWNOQlJaeWsKLS0tIDRKQ2M1Rnpla3o1NTlCeC9wbGJo
cGZxcDUyYzZBMXRpbi94RkcvQXc5aDAKrHpvCDpECN5HS1qeNoiOwKWpT46bLQBd
404XgHar20AswgDIjAMp5KJ1pkluQ9j5pVKNFjqJ+9sb3RLYM7Z06Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbi9wUEpGdjBYOE94NG1B
SXB5clBwdDl1OTZPcjdMMmU4ODlUQndBejI4CldtWDFlNjl6bG5IcUErZVE0OENx
QlBQYThrdzA5eDBMbk5acXYzb3BxVlUKLS0tIEJEc2MrejlSS0RVUkh2R2x0cjU5
QUVaU2I4eHc3MGxaTzd2VW5hN3RscW8KzzdxiJ2BLDUEKAq+a1dVzJp3uAD39hUV
gMsCnltQoWjGOFHWIXVWSOCB5HQ8MxeZpt8N/ZYKM1UnfhBFDfXRWw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3RhUHBORW1BNFh5M1c0
QlhmUDY1T0ZmN2dGaUhLOVkxN2NiUklBU1hVCjY0MXBoNmw0ekpQYlMzdFZhNFA5
NE9XdnlaaGdiSU1BYkRvcThaYmpVcTAKLS0tIGk4UHMwK20yQ2w0N0hoQnZYK2Fk
czU0M2dQbU8rMkZJbEJaZ1NhcE1yZFEKUWe5IaDuPjfQ/m76m6DdvF8HWmDiVH1k
IQk6sIJfbcINGOVP+JYGJPWgq6LGg1EdW4ONctosVk6kxRO30N0rVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdVFHbnpZWjZDRWh5Z24y
WmFWUGJ3bi9tbW9OYWJaOFQxdWtQYms0dUU4CmpRUnlLbTliY0FqS2JwMGpLNTgw
cGN4MUVJeEI4WEhYcjRDSDIxS2NKWGcKLS0tIExQc0xvd0pFK25IWml0RDgxVlpU
ZGsrNGpmYXFUUEEvVktjbnF5RHJ0eVkKJ6n4gnl0zcq9mHTWL+5bxJeLE1qKqAKV
3ycuAffiQ0Oxv1tSOXjt6ODSds7jDS3Kq2I7q4nG5eqZLiwFXCh25Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YXF5aGRobkFVdFQzRFBp
NnhvdWtxU2dxa2s4d2FiYnBrdmMvakU1cFhvCnJ4NWVCc0t2ajFpdWVMM25XUnE4
a3E3N0laOEYwNDBNdTc4WjdZR2R3M1EKLS0tIC9WRGpJSUhhM0JGZVJWaHlvSkRH
bXErdTlYQWh3cmZITWxIeDYzaklWbmcKKG08GymtessnDUfg/AgmQh9eyJx25Y+c
RyhAdNl6Lu2Hv7e/oqr23SmwFuhzgPl6eL8t1Nz3s1KraShZazjpQA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-03T10:05:18Z"
mac: ENC[AES256_GCM,data:E2Z+aQnvSmUcB26NCE1muh7dUdiSdLqwvZ7QQOV16VsazMNAFPv7WcXfxmRihfA3KZN6aI3xUl2IbIGbe3n1ulGeg6KivjsBA6od7fSenKj/JhdZCE2T0L/nJTQcqX9cnlKfcMovBqDcTWuSe3jEu+G9d9OoetIXJm44cpVeYvo=,iv:WHIogHg4gUImd2ELOCqZL3U8/4u64GUWVdLtY3o0Cts=,tag:fyFUzQJZRyUxeGfeSgtbkg==,type:str]
pgp: []
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK2tkZXZkYWZWcEFhS1h2
YTk2N3F4L3AzNzdmZXhLRXpOLzlRa1NNSXlnCjRNL3paejlRUTZrVEFwdWdzRzVp
NVFReGwrZk9IdVhQSnFzK3lVMWRPOTgKLS0tIGs2azNoQm51ZDZrOEJDbEhRVTFu
aVdEZ0s4SjljZFc5ZTJwK3ZON3VlRVkKB1apktkRqW0R/Epn3bZf/Aym5evUmxm+
TLkJxTT6TVcgjobcpFvMmI+pqRWfh5Opj9a9lSe5QvsXxdgOs0mvzg==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlhIdTdtNkpZU3Y5T1Vl
WjZXLzJYVDdweFpITEh6cmszOVYrZWI5eTM0CmNSTnd4T3g0dFNiTDNCM2hEOTVo
OS85R0VqdEZkTlhGWFNRZFpXZGlWTFEKLS0tIHQ1YWJrZERJUlZwZnU3RThucVRL
NHdwcGl2Wk11TFdCd25OTE1nVDNYd2MKOxa2f7bFgFE2zCR1kKtC6giQhr1P79W0
MKxil/x2T8rBNkK6sN0PjkphKdg9LVit86ilHPwTgnkl9oz8Cs6X5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL1ZjRzJNQVFNekFUVlQv
SmJWMDRZMXNDaTNNd093b25kSk5nTDg0K244CmVLK08xKzlleXpWblRkbGZVMENi
U0NGVVhycUN6OEZDNjFBUndSdnRLdE0KLS0tIHJEeTVIY2xwZWdqdG9JRVhsRENq
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-14T01:17:28Z"
mac: ENC[AES256_GCM,data:r1FWYKz9aJtmhH7MLPqwZjG0W7LULScGd63CnIqsm2AbFIs6DgW33zDsgwrl1oblx/zYGda3irB5s1+otR38DU0VE7jqLYzHpb3eLsE986ZTwe9Tujy6BJm2Pyng60BJTTBwKU8awS2WpbTUivK1aVivNfBffQIL5Scv/qkyH3U=,iv:1USu0hh8IM2T/w1Fm/udGswPJcxKmvcG6XwlS2ku6iY=,tag:F/rZiGc3KTaNA0YtrWF3+w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.2

14
devices/cross/ssh.nix
View File

@@ -2,19 +2,17 @@ inputs:
let
devices =
{
vps4 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
};
vps6 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
# 通过 initrd.xxx.chn.moe 访问
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
};
vps7 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
# 默认仅包括wireguard访问的域名和直接访问的域名这里写额外的域名
extraAccess = [ "ssh.git" ];
};
nas =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
@@ -46,6 +44,8 @@ let
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIg2wuwWqIOWNx1kVmreF6xTrGaW7rIaXsEPfCMe+5P9";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIPW7XPhNsIV0ZllaueVMHIRND97cHb6hE9O21oLaEdCX";
# 默认仅包括wireguard访问的域名和直接访问的域名这里写额外的域名
extraAccess = [ "ssh.git" ];
};
};
in

3
devices/cross/wireguard.nix
View File

@@ -3,7 +3,6 @@ let
publicKey =
{
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
vps7 = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
one = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
@@ -62,7 +61,7 @@ let
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
(builtins.listToAttrs
(
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps6" "vps7" "srv3" ])
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps6" "srv3" ])
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ])
))
# 校内网络

2
devices/jykang.xmuhpc/default.nix
View File

@@ -10,6 +10,6 @@ let pkgs = import inputs.nixpkgs (import ../../modules/system/nixpkgs/buildNixpk
in pkgs.symlinkJoin
{
name = "jykang";
paths = with pkgs; [ hello iotop gnuplot ];
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
}

14
devices/nas/default.nix
View File

@@ -25,8 +25,18 @@ inputs:
services =
{
sshd = {};
xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
beesd = { "/" = { hashTableSizeMB = 10 * 128; threads = 4; }; "/nix" = {}; };
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
};
beesd."/".hashTableSizeMB = 10 * 128;
nfs."/" = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc";
};
};

16
devices/nas/secrets.yaml
View File

@@ -1,16 +1,7 @@
xray-client:
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
wireless:
#ENC[AES256_GCM,data:wjStmDz44D13rg==,iv:7Qdqk/3VfS6kZNMSD6P4zyuRkzgIb1PcH56rWBhuD80=,tag:RVfRu9zMAenZBk3+RFC9wg==,type:comment]
"457": ENC[AES256_GCM,data:at6sfLdZUj7JTkumDLzoBoM6rNH3SGXvzso2ryYEXiFzy24e8cMKql2Sw3CHqWH9+cS6+rzuRLLeLJQMDN3dHw==,iv:nHEdqAIF7WK6kPkm01LoDmypvkHOhIR+tf9cAlv+1hs=,tag:3lMuOZ4qatv1LOSMwMiEoQ==,type:str]
store:
signingKey: ENC[AES256_GCM,data:Y1nbOt2boQQ94oBjQDoH7J7tkCIVx4f7Nrq0AC5Bqq/uGZnd7UCPv8hLnbjVcPTPHLMwnwzD9yvdYrLv+Q2HZJJQfQjO+sXkVZI4TpFJkqTofvrmDk4PL5tkh/4=,iv:eOM6wCO/qQaf5MMXWLROKFkfo6avm6IWWpgK1mNx6VY=,tag:ZC5xsTDdyCe1VxaBIC0ozQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -30,8 +21,7 @@ sops:
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-23T07:15:56Z"
mac: ENC[AES256_GCM,data:Ex0JCgpvxHoEOVB+O+cXLIU5S3IWMgznUMDM6G3JhE+KuVyGyze+Cf0BRHLAtko2aszyIIMOx3NH2DoCl6m7gR9UbPRwzIwwnuaGGZ0Va8hTjosB/76LtDT6w3xkLdV4AjmYCu/Q1I01CvjL3OVQO1JLYn3V8JaU8WImy2wfhoQ=,iv:81aBMh8ls1MH/VybwEvr3aQtETnIHLv45i57Q5j8yt8=,tag:BBeuyAbajgsNQSq/7Un79Q==,type:str]
pgp: []
lastmodified: "2025-05-19T01:47:25Z"
mac: ENC[AES256_GCM,data:J79zVjfGgptSjh+ShPBOd+lJ9i+NuS2Uw7P4ZvF7xeahn7fbT8bercsBv1F1USwW2ituTBMZFmxaspGjAD+azEM2X7zSJnVtbKr+T9FY6i2N+kPIxdseyw93JLZ1pPTy9bQeXRAJYlJHyEw4zHEpMBbWSI88I+i43s2xkScwEuU=,iv:4Ge0dHPxa4zF++0eeHy8fH7t5ndFznhFAKnrV7WOOXs=,tag:+UG3b93zFo/EfOfCQrPoBg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.10.2

11
devices/one/default.nix
View File

@@ -24,7 +24,16 @@ inputs:
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
xray.client.enable = true;
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
};
beesd."/".hashTableSizeMB = 64;
sshd = {};
kvm = {};

31
devices/pc/default.nix
View File

@@ -12,9 +12,14 @@ inputs:
mount =
{
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
btrfs."/dev/mapper/root1" =
{
"/nix" = "/nix";
"/nix/rootfs/current" = "/";
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
};
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.nas"}:/" =
{ mountPoint = "/nix/nas"; hard = false; };
{ mountPoint = "/nix/remote/nas"; hard = false; };
};
luks.auto =
{
@@ -53,7 +58,7 @@ inputs:
hardware =
{
cpus = [ "amd" ];
gpu = { type = "nvidia"; nvidia = { dynamicBoost = true; driver = "beta"; }; };
gpu = { type = "nvidia"; nvidia.dynamicBoost = true; };
legion = {};
};
services =
@@ -73,6 +78,12 @@ inputs:
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
dnsmasq.hosts = builtins.listToAttrs
(
(builtins.map
@@ -88,21 +99,9 @@ inputs:
};
};
acme.cert."debug.mirism.one" = {};
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "pc";
stcpVisitor =
{
"yy.vnc".localPort = 6187;
"temp.ssh".localPort = 6188;
};
};
nix-serve = {};
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd."/" = { hashTableSizeMB = 4 * 128; threads = 4; };
gamemode = { enable = true; drmDevice = 0; };
slurm =
{
enable = true;
@@ -125,7 +124,6 @@ inputs:
docker = {};
ananicy = {};
keyd = {};
lumericalLicenseManager = {};
searx = {};
kvm = {};
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
@@ -133,6 +131,7 @@ inputs:
};
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
packages = { android-studio = {}; mathematica = {}; };
user.users = [ "chn" "test" ];
};
boot.loader.grub =
{

13
devices/pc/secrets/default.yaml
View File

@@ -1,10 +1,5 @@
xray-client:
uuid: ENC[AES256_GCM,data:XU7/GZ8cJmDwNsrQfoFHrquZT5QkjvTPZfnghX3BLyvPLlrX,iv:e/BQkZ5ydWD4P/qT9OUloB8/cXImfkG3YZnuIeNLoTc=,tag:EW3ZBzGnyIrUfcMeJqm4aA==,type:str]
frp:
token: ENC[AES256_GCM,data:0mE8/cWqHKNquCIiqgbjcNhipKk7KEfbZ+qRYbu+iZr7AH9QjfYZQiMJNp4Aa3JWwBLYAnpf,iv:ID4cc8Tn0H9b1CimXlPamMlhlAkafhRApDHo/CCQ4BE=,tag:BUuU/BCj16R7FlKlpubawA==,type:str]
stcp:
yy.vnc: ENC[AES256_GCM,data:IsZWkNGYHrbQcgvOSURDnA==,iv:4XO8RFBdNopLKYxCACmkXLMPu0wIVx64y0C7m2bsTVA=,tag:fMHzU9aQm0bRr8pTKwpuHQ==,type:str]
temp.ssh: ENC[AES256_GCM,data:XG9WpTR8Bw==,iv:XiMTPN8Gx1nNssf4r+VXTvUATiUNsOYJ2jeHjhDSyTs=,tag:JS3NlA4cs/6IA19PJYrStg==,type:str]
store:
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
postgresql:
@@ -16,8 +11,6 @@ mariadb:
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
wechat2tg:
token: ENC[AES256_GCM,data:PrZWR8WiZ7grkpTLqMxwbnkwZttl7n0e1lc1mdHJiFUWq/PqG2wNBC27C58jMg==,iv:02XHhfpN8YPix0REbJDnsBbvCwifbdwBwfuJ2glbvjo=,tag:6aWNqBfwulsjMbl+D6L9vw==,type:str]
searx:
secret-key: ENC[AES256_GCM,data:KhIP+Rz3rMfNgPEGTlKGvm6gl1/ZuPI=,iv:GcaLEJHKJO3n6IaeiFr9PaJ6eNx04/VjX3UgmBF429g=,tag:HkplyH9hTHUaEZ709TyitA==,type:str]
sops:
@@ -44,8 +37,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-13T05:59:15Z"
mac: ENC[AES256_GCM,data:/m/cioV71s7HJ7ObIDCr69wDLn2xk/lTRqmUCx46u7tzOwMsYqU6DghBsZuaUN1r22CbMi1wtmSziDisKStOGY27pswNe7IuEo4IhVz5sJNxcWCxpYo8ttrCUeaJ7Y0vFbseIn1l1UObfubhhvVdxDsE0RoxLK7Ka8hJW5aEksM=,iv:GKmlbRXFexMegBWBVx4vusA0ceZZnwGIN2FkSpGXMdY=,tag:yoCnH94Ph0AUjkN3CTg6wA==,type:str]
lastmodified: "2025-05-24T11:27:02Z"
mac: ENC[AES256_GCM,data:uNkThOX3NEUeiaJVavZ0rCpQRT+GbRXADiMuAwb/tg38fBrKQeUO9ohicl/UfiDFRTfCaiuH3T757jX2b51go2s0B6n7DOvPYYZ5EWGnM69RFxrdDfWfge8n8/SHmuKR9dPJb/eSa8HAs8uDnqBPoR5SqG5lnyZs3a7P/kjK2T4=,iv:snmnuYmcuyhGs4YrIGFLmDffFE9yecB/vsM0MvxBR4k=,tag:vbqA7jvVCFHvLoLmKbfO4g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.10.2

2
devices/srv1/node2/default.nix
View File

@@ -19,7 +19,7 @@ inputs:
{
xray.client.enable = true;
beesd."/".threads = 4;
kvm = {};
kvm.nodatacow = true;
};
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";

4
devices/srv2/default.nix
View File

@@ -15,7 +15,7 @@ inputs:
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc"}:/" =
{ mountPoint = "/nix/pc"; hard = false; };
{ mountPoint = "/nix/remote/pc"; hard = false; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
@@ -32,7 +32,7 @@ inputs:
"8.9"
];
};
hardware.gpu = { type = "nvidia"; nvidia.open = false; };
hardware.gpu.type = "nvidia";
services =
{
sshd = { passwordAuthentication = true; groupBanner = true; };

8
devices/srv3/README.md
View File

@@ -12,7 +12,7 @@
* 希望内存中的数据一直驻留在内存中(而不是被交换到 swap 中)。
* **可能会超售**,但我凭良心保证,当你需要时,仍然可以占满内存和硬盘;长期占满硬盘和内存不算滥用。
* 前期肯定不会超售(笑死,根本没有那么多用户)。
* 永远不会滥售;但后期可能会视情况调整价格。
* 永远不会滥售;但后期可能会视情况调整价格。如果涨价,会延迟三个月生效。如果降价则立即生效。
* 万一出现卖超太多了、不够用的情况,我会自掏腰包增加母鸡配置。
* 实现细节:
* 硬盘会使用 raw 格式,放置在启用 CoW 的 btrfs 子卷中;不预先分配,用到时再分配。
@@ -86,9 +86,9 @@
**如何调整虚拟机启动顺序(重启到 iso 而不是硬盘)?**
先重启虚拟机,然后马上连接 VNC可以看到“按 ESC 选择启动菜单”或者“Tina Core”的提示。这个界面按 F2 或者 ESC 就可以临时调整启动顺序
这个界面只会停留 15 秒,所以重启虚拟机后要迅速连接 VNC
先重启虚拟机,然后马上连接 VNC可以看到“Tiano Core”的提示。这个提示只会停留 15 秒,所以重启虚拟机后要迅速连接 VNC
在这个界面按 ESC 就可以进入虚拟机的 BIOS在这里可以修改虚拟机的一些设置就像实体机的 BIOS 那样)。
如果只是想临时从 ISO 启动可以在这里选择“Boot Manager”然后选择带 “CDROM” 那一项就可以了
**如何调整硬盘大小?**

73
devices/srv3/default.nix
View File

@@ -30,15 +30,78 @@ inputs:
hardware.cpus = [ "intel" ];
services =
{
# 大部分空间用于存储虚拟机nodatacow其它内容不多
beesd."/".hashTableSizeMB = 32;
beesd."/" = { hashTableSizeMB = 128; threads = 4;};
sshd = {};
nixvirt =
nixvirt.instance =
{
alikia = { memoryGB = 1; cpus = 1; address = 2; portForward.tcp = [{ host = 5689; guest = 22; }]; };
alikia =
{
hardware = { memoryMB = 1024; cpus = 1; };
network = { address = 2; portForward.tcp = [{ host = 5689; guest = 22; }]; };
};
pen =
{
hardware = { memoryMB = 512; cpus = 1; };
network =
{
address = 3;
portForward =
{
tcp =
[
{ host = 5690; guest = 22; }
{ host = 5691; guest = 80; }
{ host = 5692; guest = 443; }
{ host = 22000; guest = 22000; }
];
udp = [{ host = 22000; guest = 22000; }];
web = [ "natsume.nohost.me" ];
};
};
};
test =
{
owner = "chn";
hardware = { memoryMB = 512; cpus = 1; };
network =
{
address = 4;
vnc.openFirewall = false;
portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
};
};
reonokiy =
{
hardware = { memoryMB = 4 * 1024; cpus = 4; };
network = { address = 5; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
};
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden.enable = true;
photoprism.enable = true;
nextcloud = {};
freshrss.enable = true;
send = {};
huginn = {};
fz-new-order = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana = {};
fail2ban = {};
xray.server.serverName = "xserver.srv3.chn.moe";
docker = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
open-webui.ollamaHost = "192.168.83.3";
};
user.users = [ "chn" "aleksana" "alikia" ];
user.users = [ "chn" "aleksana" "alikia" "pen" "reonokiy" ];
};
# TODO: use a generic way
boot.initrd.systemd.network.networks."10-eno1" = inputs.config.systemd.network.networks."10-eno1";

156
devices/srv3/secrets.yaml
View File

@@ -1,12 +1,151 @@
wireguard: ENC[AES256_GCM,data:Coe4iIEnJVDb4a9KUVTRkXl4kng5Zo6x1Iyr0ErgR2b9bN287mvO6jPUPSc=,iv:fiNUUKobJjitcoxBemIah5Cl5+dSz2Q7sbiOT8bDrRM=,tag:rHfNeRGTxnyVYAu8P/2ewA==,type:str]
nixvirt:
test: ENC[AES256_GCM,data:n2YTRQhm,iv:Ix2QI65W+ErkmatchCbLwczA885v799zS56cEdHkYAc=,tag:B7U/vm2PtNjIyVv4Ujrccg==,type:str]
alikia: ENC[AES256_GCM,data:sP3sWN0RrBU=,iv:TetUcaxsRXl0QsGAyXbVUAW12AXjChVN1/X+ku+3nO4=,tag:kBupoPqVlwHuCnwVdBJBKQ==,type:str]
pen: ENC[AES256_GCM,data:okvzUul3UXk=,iv:hcBhsUMP8jdhhKuKdHD1lZi8ixNAC729HfMQ79UzyNk=,tag:SRRav39ScHn0O/sf86CIOw==,type:str]
test: ENC[AES256_GCM,data:MYlMmzgbW9c=,iv:q1qPAwFTh0fj2IHBIlnrOMbTU2BnwIYzOFUHVqWCY/Q=,tag:Mb2bJJemg/LxpKI5whNvQw==,type:str]
reonokiy: ENC[AES256_GCM,data:J/ZM0Vavmnk=,iv:ZT1cMF/JWLWmXyBx331XkBQerOhLJeOd0a53jcSC4S4=,tag:/WCwzOg5LlAS5ZaiI5DSIw==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:cek6iIlJXgU191uzq44rTw==,iv:r7aMj5UzH1sbKkxvS8oyw6kpIcpRygD4ype8qkmnNa0=,tag:x2jWZnnFCO0sHj/OS2BQbA==,type:str]
led: ENC[AES256_GCM,data:JiCmbknE,iv:Z2RFOWIPUk2jaR6qd4PgRb7LwwHSKNapPQq996Mx+yI=,tag:mq6Vtwjw31DKig3Dl4xU+w==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:+wEclSJGMLBMt7Ss2fMlUgq5kRyNiOheQnRvVtbW47eG2mFODBaw04Qftb80aaSE6YpCTNslBGdIjcpIC7FTUA==,iv:6Caod/1AnUxEEC7ZwVrtDZ1kP6Qu50R+9I3eda/p0pk=,tag:/EYXZ6yl3QupVrzIHQMdbA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:nCrH0B3A5B6yMAgTd5TA56PKqJUxwtHeS6BvuUseyKAVbqH581TGsO80mNQ0AJRjviw5o3ftTay79nJnmGld6Q==,iv:fhGcgbpNBo9yUpFDWtuzMos2iPhMdWyc88S0fZDxGao=,tag:QIZ72z5VBqd5pFgaEvMTZg==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:WS+SVmxYs3cNc/+sJQLNYDO0ZkZvmqzW9hCGdDae/N06KGicgiGOKV8LDe1UviGGGzXzB5VG0YvAprEGhUURcQ==,iv:6Ur9FL2+RzU4tfK2V4TaaCpempS1JSSMHz6ebg3mp7c=,tag:qCNqJ3SauPdpxo3f4NVg2g==,type:str]
nextcloud: ENC[AES256_GCM,data:pwxtefU7CjTxyogcpPpvQxvdnYIpggaBHZ+/PaT9lhVfvFcNtBBZ1eeOGbUXMZc7BnkFAUDVTVjr5KV75CeX6Q==,iv:65K3PsNfesaAJ7rSRI66o5UEM3SW5KdUnGc4h9WMkUE=,tag:e2nx9vTlkGekvhm8lYsMkg==,type:str]
send: ENC[AES256_GCM,data:QCfqbGYuBrlwfuHiSsZIZ1OBVnSO9QjhlPWGVRysKbQK+As/RGbJ5QYtPOyKfRg2L1d5Irfu1aGRoVrzpA8O1Q==,iv:MWzJP+JBwf131X030MnzNKMJ3d4Fq/GtbHpuan4N53Y=,tag:z29HS/FQXTvgN1e1HZFJkg==,type:str]
synapse-synapse: ENC[AES256_GCM,data:C6eXXK6SvMmvIa8dVjttorYBScC1SfILqXPMYDCpewVyJCUFzQK3NB8KUz9TMov4P5n+Lm5YItjrUgnhNJA5jQ==,iv:ziJ5JK/+M9d+R6/O/4hQy5DPBw/4XSZVQvIcy55aHRY=,tag:nv0rre2/kyhKu4C5JSE5dg==,type:str]
synapse-matrix: ENC[AES256_GCM,data:E72t568kxMjz+x+nC0kIJJFfgt6njlW8Wx6RuqnI736vW7IaA7scNVQ03lXpqZlKS1M7wUhb1QRPowJxNjSK7A==,iv:5qGHIWb7XXrnbjPQVWt+EcX/yDEV4Ny+TIo5OaRHwOk=,tag:O+SQBmZ7xpToSJYmcSCRWA==,type:str]
peertube: ENC[AES256_GCM,data:lxf5JtlGfDsYY2kzqaas8zPmS3u7Xch6onLVe2yoQZL6Eeb94V8yncqezGFcsGv1k3Xfr4ncoEraupO3RtKYSw==,iv:VM3SAORs2Ol/WKYCffLlHNPAzA37Kp2fgToM1faS7Ew=,tag:gwI80Kn00QOU+9vRsUKchQ==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:BUHwrGGcniD/7+hSHkXegopgG1bRGSt+OXJxKdMOEyeawAkG96af+njJ+WgcZ6KAzQdWtqJATdiTOxpznkvKfA==,iv:9hF/jcGyWFNPzzqVyaVXEabeaGDE92bpVYq1oxvQGOY=,tag:nZObCyAfuMr+B+rlUhCMMA==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:saLuu3wFcqRW2yNF9aZZ4zc6njm6pqqcUUqRTbijXELvZwMy+G+OMKuvgsh71NLDJiNDZdOBAOdUUXlC+okBFQ==,iv:kcHjlpndXENhASkenLN8fNLJjHmcuLN+i7+a+fLjxyU=,tag:Sbr74hl4GsCts2Diw8veRw==,type:str]
synapse_synapse: ENC[AES256_GCM,data:NfXD6BHV9za79NW1kLvJjdOLeHjtcrzx9O9W65jgHYneEmUNKO1nuBgs3PrI8tkBPkmn55UdC+4v2WFjHWXrkQ==,iv:YdF0liKfIBT3CHCr1ufguu9qqYpfXfjOhJY5BO79orE=,tag:OWyN3Zh6uvm10LmCBipJ4w==,type:str]
vaultwarden: ENC[AES256_GCM,data:4thZ0nGnbprVntYH2wG2PAgAJcAYuexQPOJBSpC1ivQgNbmn89L5pSANx5fvYewa834mlqSWHWeSqIw/81tDqg==,iv:d6gARu6yGzALNZrgpvaxWqM1cdkalA17GZ4EVWHqYUc=,tag:guYaW+Ds1TylCLw/naD2mA==,type:str]
nextcloud: ENC[AES256_GCM,data:jeJSAF+oeEXL2BqKbzngnSVvpxE5yuzRq2LLu6EyKT76xHP/whP7QuRxns23dsJnUr55qaRUzDunvoFco8MCZw==,iv:0lxolTDXskNvrVEAC4dV/mIgCMi3B0xH+xVT40Brii0=,tag:YvUtW172rmKK6pY/+4WhXQ==,type:str]
gitea: ENC[AES256_GCM,data:D+WDCVPTAcOg/gpxlcaNHFVHBC8uKOs5VZKQYuF0qNZQn0H0dWQS89K3DsgjBKck7ugiZOyXKUHISBVrfBn+VQ==,iv:qkahWBx8q1g6wlzXKM5Bl1PqxwkprCZzzCq1vGWaj7E=,tag:hWX9jF2qx60QrOForU7LLw==,type:str]
grafana: ENC[AES256_GCM,data:Hm92Qnz5QVWwk6P61vrnnxDFLtdVx2vOMKwy3sRSv+KDnNSYvRNyLQUkyuf7Nh0S167XgAxDPTZQb9k6AjO36g==,iv:oXmfVDr63NGv4rRBb12V9l9dNXxQK7Se/2fbK40d2a0=,tag:DNeeRwEShxUhowkIfr1feg==,type:str]
synapse_matrix: ENC[AES256_GCM,data:HdhB5WAxBa+BaFBVoIo6RwhOxhN5WrTLR11kah9H1sBS5GDPldDw0H274faWFwE/UwXO2ggBEAYvACXr/rXkvQ==,iv:NxOsZqxsP9BSgdlW43AuQGw0VjSGx77wygjdDcINf8s=,tag:CtbG4zcXG2QFFP4dGgOxzg==,type:str]
peertube: ENC[AES256_GCM,data:6P8muSWzJ+A71nZZKlCXRCRwr1HWu7yrSw5bkeHg5As917frrbOMmDCpf21H0q+eagx/ZrRIWod2JXc2YGKCfg==,iv:G/zZeYbDCHffACCvhJlKlJ1cUCkw0+raq5G1ubqIRAg=,tag:HeQA3ueNo/t+8JR9jVUUPQ==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:3nQdmn5RAaeqeI7S/0gPUGOzt7rkizpk3Ouz+pXwbqKBpikXKm4amvwg1Q==,iv:sze0u8un0xyumqHj0YeKcBD9xKZRW77rQdQn7auIf8I=,tag:bWqg+/pBaQJ2J3hjx05hlw==,type:str]
youtube-key: ENC[AES256_GCM,data:NZPG5iYrkOof+L3SKp9SqXmXOt37hvqCxTTibkzXv5TBPcCjPhCe,iv:Re6966w0oRtvHDCt9eYvswDMLNKcM+stIAA+P1qpWbg=,tag:0jNqPlGoXr0bHGMgHUZXCA==,type:str]
youtube-client-id: ENC[AES256_GCM,data:7BOIrxA5FIUo/31p3yqrLJKJhV9IUB25//w343eBoAnr3uD6J9zeLO3nIQv99vItioqFA1RmygCeer9pG7j/FI/MmmT8nGzPcw==,iv:mzKY2XghoXhKTTkO6EiG+ZJFsM39TX6UXJbzh0UA7vc=,tag:w7oiCvURV8yFxxoFR2P/jw==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:JCyNb9biROLSx0RHkr0FqZ26nhU/LRBEnzfx91mmq+Ux0/A=,iv:fEMmanWtWaKBVUJVIeMSu+XV3v8xeccDY3DTJr4LOsk=,tag:bT+XedAZu94h053/1zr7Ow==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:TXNvLTfF4K5RT4D0anzXds/fcdPy3FXddGt5xxLIaxbKIqCAtsQyLEhA+SfQXaBk6T/yKIhtd/H/BLu1jOkiZsFL/8i5GSRSIXyagFrCfh/7tEqhCB0u52Hz5Xy4pkZiqd/AXx84Og==,iv:s+q2ffpJP/rcKu/Pw4KosM5/7boFPArJxgbqL0f1ZkI=,tag:chUtPpJbYuhjv09lRdXHMw==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:scLoap0kDJW8Q9+h9S/JKYafyCUgx75RV7akHY/BYEmFhRNRq5Z2Lg==,iv:GhP3nyaK18PDcoHc18zhuuPAPnfEWgUagBrZNDY3toQ=,tag:qsE2rIgrmlxBW8D3i10KUw==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:fdAX5CpbJZv3fxRdA5SpFwNUZ0jYgYuv8SyKfbJzm5toQ8S5TrQ9WnQk6Jwweqmg3VDRD5l6l/irGsRlLdjt3p7fyAJy0wtzY0jD1xGw8XhdKWevMTysg1YQcMijkJSI0oHpofis975M6EDjcURPWwlR6GqW6POOpMep97siOxiNyBi32TbZHqvIWa1YfyuMcngYMEsShpzWAZCCvLYXoBINXebG1JPHU2xua7EHMO+VH7UFNVCyBYmOw4iXBJ4YFaXqxjQTBza4GDDZ/RVBvO5Egdjovjpj1DR/hOEG4xJHpg6xTsFw,iv:WQTVuovkZjzuu5w743GkMcWqu2p7dmPr9sKHemkbxG4=,tag:eszbpreVfC4LtxnRte241Q==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:ssemzXs7ub4z7pw4hWGSfzBfKH/xzv8bhtqC1dDbZJCnwZ4D4/U9ES9QDrPeKT5AjbdLV/WBvJqWKcwTQjGnRhMrgK2MU2/8Et61mur5WE5GPQjwhWV5JaTMhSxKS3pZtpyvIgy+0iwOj8QQS6mbujHnpb/y0fhszlmUQPBL4eIxm269/FyjBLeRivrJvSmMpLQxxwh2/GTojMPH2F3bclsdMHgZhvYGdJ65hSWn2Q==,iv:PffeWFhC+dYkLSDQKuIHRRDjqE7By/ZIuZIhkjCGDig=,tag:p4iJwqLfqkiKOi/KnoyfQA==,type:str]
mail:
bot: ENC[AES256_GCM,data:XngvO9b98ccRoW9WgfX/Pg==,iv:SE8SK49zhYhDxl6f2UonCzTPcKg23CzbI5V/fOh5zOA=,tag:IXGwnSU+Vx0BQxjgvyBnCQ==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:TQqNzjJV8iM46JZQOKqkydkSrDFH2El4EE1ZCjUPpZ6EM7UHfjjxP536sm7c7adxIZzrj2TlzKufhlGFYfZ8xQ==,iv:OVguyW8sQzfczVHMaMTg6+J0wzTzeTb2zZkXnMEZ4Jk=,tag:dYLMU2bHyg/IR1oyujsoRQ==,type:str]
registration: ENC[AES256_GCM,data:MXlRld2ugF3qDVPbrd3TGiwdFhJEcxKDsvmEV4P9Qap/zp1WcMzfo+wAeXtq18MV7Fw=,iv:ztN6q+1ql9b4NMiyuDEmWbnpWeOPmbEftymMDQ3C53M=,tag:+BI9t1jSNNcfrIU6AaDOXw==,type:str]
macaroon: ENC[AES256_GCM,data:hVkFqtfaOL64qNGjIfmSORm0D8lOvA/H3Mrm11Glrgy11ACjh+zI1CSglQC0SmaKSP0=,iv:ydNz3kXOelPxSFKshjH9+iYw4OItm6QoNGuks8kSDow=,tag:TCHyMXc+gT+fxVyd7HexMQ==,type:str]
form: ENC[AES256_GCM,data:lykxrVPMWz1sBk5GoMRHfHhsVxcT7txvLJ9GM48Jyff5HXh1z4IWuZzOu8HkrELkJrA=,iv:QGV8vqor+wByS9z37sF/iPfrNaL/0jU/yUGiphEl4Fw=,tag:Mg/Oz5hI+oDnp58aQF6Rew==,type:str]
signing-key: ENC[AES256_GCM,data:Ov+ly2t3abRunse65ccPpQgqKzDrF8B2wMaCJt3Bxa+QDu6WwD8DD4E+pcQK5/HaTdsQte8Z/3f2Kw==,iv:SSMjSTrhgHt6iz+oyHe0sHm3Eb82ks5z8DR1Puc1raE=,tag:9X+T4n/6Vl4tUbVM0LJySA==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:BmnF4oyUdbESzOwlqQ5SXYgeUnWgyFE0pdBox33JmaMcOvRPtckD9p38UeMTxp8Pccarmx6f83rdHsifeoiWaw==,iv:1bb3Tn67HTHVNR9ohH1HtqS8wh6t7qtTEl5MNbwn7h8=,tag:xlxMZtqew4pTc9ztY74cHg==,type:str]
registration: ENC[AES256_GCM,data:LB5tWjoAsftqszYZGOXtqLFXa0HyU1b6lVUrBup5SJJdB2ZOnPsNtcgEkZLtMUlQ//M=,iv:jvLEwPv4iKuKfOPV08sPb9Z2XMnN+074DCQX+ARDPf4=,tag:4QxCLcOSQ30dU2Z+0OzGYg==,type:str]
macaroon: ENC[AES256_GCM,data:JSlovYowIe0C2jEFsIJci6+M1GYgbINdp0XkY58oOk1/ztyMnABSXcgZ73pEpLeUCvY=,iv:r2d5COTXL3gz9pb4GxuFQjM5DHsmwAfDy/eqlZyZJoM=,tag:yRn/OBcy1IqMvJQYD9sA6Q==,type:str]
form: ENC[AES256_GCM,data:sN24Yj5miXmUsvEmeSDOxFJxAetQdEJw+kEPNq+iMXyEexqEgoYBseH6kbFZwZAVrBo=,iv:ZtRkme3U1ofUBzT2J9SeRov1+rN5CrSi/ExKX7S5DNY=,tag:gGj8l5JXlzX+2sdHsLfQAg==,type:str]
signing-key: ENC[AES256_GCM,data:nmP8lwTAYGHc0LYcEj2AJE1XwSJBfA/NK+K6/0KGsufxwS1VhCXUWX9s3oEUPwuteTGZesaDVep1Qg==,iv:NcJEhlz6WgorViN2oiUG7kLy8N5kUzr5cD7Z4PRGdTg=,tag:WiWhIKaE5UQwEXunUokaNQ==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:rD0YOnSNf23ZjJhRWWia3+Zbpl6/cynCKlQQFhzaWIclHBk7YU3Z4E9J+YuWzlO8BM0bbp+zMxFGEFvbMrSHEHQ=,iv:PzQOCpSrjFb/aYn70oKrpb3jDy8rtZKPkLQ8qv0GMyE=,tag:wRfa4oHzAKD3BNYghIjZKA==,type:comment]
admin_token: ENC[AES256_GCM,data:oEIaHRqRIVQh+lSv+4p6G26bIKCtAQiw3t/C24C465THrwVa05D2Sax1IZ1JaHKgOmLzo8vxteBmJarARyC4kAnw2vb5bDPT1KCO/6u99mXhQyF3NY3FjmDwWHqTHHZT29dwAmtdFRz7rJQowLVqhBVQzNePdQ==,iv:QVAZ9JwwebqD7zxS8+Ai3K5V60bQbe+ewDc+JBXDMuM=,tag:vUYNlVf7ccooiBIXQWQC0g==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:JWeUPE1mb79IzyIsJime2yaBH+/yno2vbXAXO5E6Tx+al7bUlEH5JzYqz8+g8Jkiz3HhRNI4tcGUcVE7kkLgfA==,iv:ZJlIUGbEL/mGLWzjNEwgvzuzZZZrTy5D7e0eZ5+Ouvg=,tag:WY7/sUd2p2viKKDKsj1TLg==,type:str]
freshrss: ENC[AES256_GCM,data:/qt890Ly7zvuZB4Zn5xHLflc3L6Ex9JDa1BAinbG7OOkPGpnC83g8ivaQA3xL/CU1FRsm9V1OW4Bv2eN7VDhrQ==,iv:xQG5j3e4C7HWGct6gAET9uVUhGFv0BYVMLdL/1sj664=,tag:YaqjUNk7ybjfitrRpreQwQ==,type:str]
huginn: ENC[AES256_GCM,data:vbXI6k3IvTDgQNtKNX9VVJmanO6l+mLoOTq6djEuKfSQAO5UKMq9Xec2rsAibq4reKh503C4too3n2GU1Wo+FA==,iv:rSHmytVa2QWiZ1HH+8AOTOgimYcmPwo4fXgSSq7o+fQ=,tag:5DkdG0TarAs3cSsgPfFNJw==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:X9af31Z4xGu8XJjMfsf3+whEdx96KHMyfJKO+5Q4q1nlnZD+cLjO8Lza2soO1fFndXcowRYsReUAzmXjH8Ffvg==,iv:LmH+JDA3YwydSNr8KbePPDga5ukGFol/BGrHNOZUxPg=,tag:T2HbUNcHnYD5c3GR5rnRmA==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:mhTb6UPo3fIGlKPpER+Lcr2Jyv1nMk5jbQtxoN4txGJAFaJIhK+iAiZDZXBtOiysYqatcC2orJdgt9je8BAVWQ==,iv:G/uDlOGUt/F1GgxpIMGvVuFjcagVnHBudSGXZi3rrXY=,tag:hdE3Pf3G/xrnKaUkYO1WsA==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:Z4UmsXv1KiVfZMIQOEHH,iv:pF5lQLggkxm9y7taDVcp366JKp8U+8akNEdPA+Nf9Uo=,tag:0TajgUI/VgM3FxG1j6c/jA==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:JDN913i+zf6+obWxrNAbgx1NJGPyewRm,iv:lqnjbSk46J0ZJN6ccbbiCiOK92W8fj2mWRwQHKqy2dc=,tag:UYZesryRlfAMo7xhKQ7zgw==,type:str]
fz-new-order:
token: ENC[AES256_GCM,data:JdMiu4du4S4fLg7b8LATG4g8NlahIFPvilGd1MsXNeMtnQs=,iv:fWBFYAVlfzi1dD/TpiA5N0JMY/LHTYPZGSh4sbK1BZc=,tag:LQTZe3DNk8xoy2+G4zld9A==,type:str]
uids:
#ENC[AES256_GCM,data:btt80rJcGg==,iv:DCBo36NMFiQO+dXom+AYTrSMYEAGCNXdMTJDIQVRlFA=,tag:LzoynD0J9surdmcFvVf/NQ==,type:comment]
user0: ENC[AES256_GCM,data:53ag/e8f4aVEkUVszd7MzxNpDBBIkqGMneASW9/m5xU=,iv:LEZoitbzvTFAiXKZAPPOok/WaKsuTWgvd41Rq4/FMP4=,tag:opV15bhvDF1FR0UURsm+Iw==,type:str]
#ENC[AES256_GCM,data:jXeZGm4rrw==,iv:hxZ6AU6FLzoUSJIeUh4zjuR6kvDfDhJCpvG47M+jRdc=,tag:AqMF7SJ96OEh0G8cgqvvuA==,type:comment]
user1: ENC[AES256_GCM,data:emM3ffDBmymM9367YJG0lvYpw7iRl24fHSd5G4C4g6U=,iv:sJ9zLlgU2zZGFpeuIZXtL0Dqvd8RwbKU/a6HFdZTnvU=,tag:L6M7H24DXMvV55pYRiX8WA==,type:str]
#ENC[AES256_GCM,data:gMDlZq2HXQ==,iv:hyJ2gkzrt0BZ3rO5rmz1tiS3jbrrA3VjpqjgPXQymjQ=,tag:aOWFyhuTjV9umsWJ0VjJDg==,type:comment]
user2: ENC[AES256_GCM,data:b4jqm4Xm9dU2tYqqddKcHYcOh0Ol9W309fpQPcG2cQo=,iv:EKUDKnbYX8MTqd/G4NaQUVZ4mZAw3GvAlDe7XIVvVZQ=,tag:+oO6MaA6PFVbnP2ahfAArw==,type:str]
#ENC[AES256_GCM,data:L0wkMIIuSA==,iv:j0LGq9Xe+Dru8bCwt93T51ZaK0ex/7CZJdBDn6jhq7w=,tag:EU4/62fe3p7QjpfSMAYHCQ==,type:comment]
user3: ENC[AES256_GCM,data:dWJzu6S6T598TiKqX48LUcT1BAc0/gVy1tAknkvmg8k=,iv:KWl/av7a3hj27p+S2hhe2QpcNMFGJPsnnCjcaqzjOqc=,tag:HQbtRPxO8OnfKIBqTDjKlA==,type:str]
#ENC[AES256_GCM,data:8/kYjPRSEA==,iv:etABb0TqNHhEs3/HGuRixEJUGhyXSTXI3cvhTTAUlXA=,tag:IfPzvdSamLcY1dRJls74GQ==,type:comment]
user4: ENC[AES256_GCM,data:F6tbn2WBo9HrM+fmtf70GrNJyZ6qJ2HrNdJG788zMKM=,iv:Dx/7MUJVZO61u/DqwrrqmWIVpx4Qpi88SMflCRvj7Wc=,tag:WH6tsk/69+EEz2DS1srrNw==,type:str]
config0:
username: ENC[AES256_GCM,data:DDGErXyt,iv:7Z3U++o930QhngC+NzNna32F2AKSWjEFnJYXY00rCM4=,tag:L83e1KTQkVwSWSwhTwTzYQ==,type:str]
password: ENC[AES256_GCM,data:Jy9Gbo0i,iv:ZthlQ0x5At9TUbh6MUiLkZUoVdCG0gp0SEyMtxKhnjM=,tag:fKmnopQ/sVFQsmb2ISOk0A==,type:str]
comment: ENC[AES256_GCM,data:lb51oO8l,iv:4Iac4P+zfa7/T+aq5429VbdHoK7+WZkj1nC+yPOoIy0=,tag:NRl5GjjKn4OHfIGDNh+3MA==,type:str]
config1:
username: ENC[AES256_GCM,data:/QlSea1D,iv:0gMEI2JJudtKHE9J7IlI8Hsfo0jQwCy2Ap8EXxVqUVo=,tag:2DnWRv1b2VhtV5wSnnOzqg==,type:str]
password: ENC[AES256_GCM,data:FHd4UPV2,iv:jI5BwcfxTBj2igdFUQtKS4LGnt5O96Kp3RPvnpXxFR8=,tag:Lfe8paHNQ44nRb/gk0oUbg==,type:str]
comment: ENC[AES256_GCM,data:QILd5mRa,iv:mmM6h721UIXTuRL7k9TDOPdRrqMuq5M8krz5yWR20Mw=,tag:ALpQZjR6W0X44rST8U74NQ==,type:str]
grafana:
secret: ENC[AES256_GCM,data:1Wfq8QmhzKBObdktheFPySzXYlOJzHWbYYQXgn3beLOwSlW9f7bUn+wIrRoj1e8WlFJkAU2xywzjzzy/UwpSYA==,iv:/0YoHTs54O+cT6VVt1U5CYXr2qEdY2kijOlnMZMW4d0=,tag:SD/IELlcgfS7p9NBEa6D/g==,type:str]
chn: ENC[AES256_GCM,data:8R92k7RH1491u6lfQdM0U3SG8TPi3vWhZyj810XSjnA=,iv:8v6ijLHgoTPT6MGoP/lWB+UEZCCgOpvfskWCJJ63Udo=,tag:k9SHzJ9d54Rny3n8EbksOw==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:RIih,iv:1KQsPDpbG1A0NFT72tO6sSuQ84vfW07DST+/XzpNZvY=,tag:D3AHUPlCJGyVBbDalTHobQ==,type:comment]
user0: ENC[AES256_GCM,data:n6gIZGYdT6wEfKgizFvIE802AkpR8BpSPSZrQ5WP/aZWzLUL,iv:AxnwFOzmIRm3nTLpi8/4lkv+TjO4y4RZQtHO0GriD8o=,tag:nllDCaLZd6JNS2JqwvgVyg==,type:str]
#ENC[AES256_GCM,data:uhAauqQ1oQ==,iv:0Sr6YjarjkLmBq5H1ELb3SYBzrTVhqIE6qPxc9HYeKY=,tag:NvGGSY99Y7d3OTnpOr2p2g==,type:comment]
user1: ENC[AES256_GCM,data:EcEySx/n52rN5REPEWNjCuWywokvOetadbljqPpDPADTeeSk,iv:7r3CdvHJT1iZvx1Xn53It1ZxIkdLVIeQ+Q03zISm94k=,tag:8cIGZUlIhVgRc2FeU931kQ==,type:str]
#ENC[AES256_GCM,data:qbXmxTn+Mwk3zw==,iv:8F/0ELOwXMrKaigfRmwvGREujqNwM6XjIeaPyr6JS5U=,tag:PF/PAQCwzH7uOj+xgM0rKw==,type:comment]
user2: ENC[AES256_GCM,data:cA2oKqGsKuZyydMQspbSrWqsQIAde/VtGIPybC2gr3Bg355H,iv:YOj+6f6YR3Ze3x5IrqdqzXp9e3v1jdAu8re1Is6Q4eQ=,tag:n/CV6+PX/y+okpJwRraSDA==,type:str]
#ENC[AES256_GCM,data:VcLtO+6YWg==,iv:TWM3IY00V+LaJzk+E8ji/v7Ol4TCvSP/FHzFsV5MGIE=,tag:CijsW2O/AKpWgQUm6ipPeg==,type:comment]
user3: ENC[AES256_GCM,data:F3HK6znDEsN8UO7B9vBs03jyjqoQ+MGCcNJuOeglSBzLD2Hy,iv:TKBRe8Qmn9DL4AEilX20YcKbz6bydKsQUuUd5lyM2jE=,tag:nAyrTD4zkJ6CjLuj29zuJQ==,type:str]
#ENC[AES256_GCM,data:UFE3pg02VA==,iv:thT5OYPIHLIjKB7uiAk5vff8rtsgwncdo+U0KmW3uTE=,tag:qGWmSsI1mzg8ZbpunxBuyw==,type:comment]
user4: ENC[AES256_GCM,data:FYMQFFTCue+umBl5OwJvlZ+NyocsRbkycr+y1L6d6LPdR9px,iv:ZX9Z0dqmBvvXlz+oEYd7vQ5rW5lvmlc+bneDguQld30=,tag:y3d7aDWOtO0T3Yf5pGnffQ==,type:str]
#ENC[AES256_GCM,data:KuuPQQ==,iv:LGGqLFV4CnUMLWaNbHj6bRseetvdMdSOefV1FeYlJSA=,tag:wXlqKM2BuoMRZAwYbv5eOg==,type:comment]
user5: ENC[AES256_GCM,data:T5p0POx9Cnqdlp0blEYvAnRNIDOCNVdpOBR4rVQ1/07/rOCX,iv:EZx6ToeORzHoG+aEPi9oiTcwp4bOIAJpPUvemhYM96Q=,tag:aSS+RY5rEzr62mbE+JDanw==,type:str]
#ENC[AES256_GCM,data:tmlMaaDT4Q==,iv:zDBCjdBioiXGbJve03VcwCt81hiFxyKqql9rp6zW25g=,tag:cxedo8U2FICH5yMoPXwQMg==,type:comment]
user6: ENC[AES256_GCM,data:LzYfIXgZP0q9FpxDM6skSTiwOxEO+N5wuFq86KAazqe8zS/h,iv:Jh7bWMVr5U69L1uARLMUciWvv/aRjJJeEXvU5bo8e3A=,tag:PxesHErVSlkbuNeeRpQfEA==,type:str]
#ENC[AES256_GCM,data:boB2Ug==,iv:echGnXhoj2wX7GDj302nbirmzQFCqql2jtY0JaNyla4=,tag:7YnhNwCFZ9rOstanr0wGcw==,type:comment]
user7: ENC[AES256_GCM,data:s1O6GRn/9T9DWKlcXJTnOoAPZnPgHGBpZZcEDAKRtiYAI/5p,iv:JyaGsolN5WgQekPYxJiJbniuxLPf3+elHHbd3+ZrLtc=,tag:32wNUTqyyaKoPRQdB4U0SA==,type:str]
#ENC[AES256_GCM,data:cvG7WQcnwj+u9A==,iv:ui40+u9yE/Prksmiqed1NjuHyNP2RGtgSMazfI8ultc=,tag:he2F4i71Z8gFdW3fmRdhUA==,type:comment]
user8: ENC[AES256_GCM,data:roCYRvszJo7weozfIRoGgUhIs1f2a5/a2d1b/Iy6WEbbehOS,iv:tcOsL0SE4qMRPZIGOlzRIaMJvcapx2H9HK4D8qmSbIs=,tag:Z0skFdgtpjSR7jli3dwd5A==,type:str]
#ENC[AES256_GCM,data:IFXAXr0RVg/DCA==,iv:pKdnsUFX4XXJIZleA71fAfua1ibSa/2tgjdqnhbt/Rg=,tag:2Fv397j/uJDFZ/uvBxtrQw==,type:comment]
user9: ENC[AES256_GCM,data:5HP+OVmf+dsS8sDHakC7Yx1HVutMoTbITONHQiSvHw+17M9J,iv:TYDf7lx04pHohbGBbPJvOAoIGUKqil59k4Pt405/9kA=,tag:HUxT/uSR8sYCXQ8uX69Fqg==,type:str]
#ENC[AES256_GCM,data:7TJeKZM=,iv:FKcgDOtV417n1xmufqB3WENrbZ0V93sI5/XhiDYouMw=,tag:TchW2jgxZAXHvvMYY089dA==,type:comment]
user10: ENC[AES256_GCM,data:+u1KwJo3Y4enFM2RVr379GF7O6r9bWofUEZ2994IIC+Ce2NV,iv:ssKA5y3JM4tm+JdVznQFUAYmlrHaWd8hQXs6R/aEXN8=,tag:Q5uuM1sBZJRYBe4XXTL3ZQ==,type:str]
#ENC[AES256_GCM,data:O3qEWI+vFA==,iv:R7HLFRNszV6yXwciNfk/rTbDQYLmKsTCQFCfWIpJdfY=,tag:DjuM2a48/lDF11aLIf3Fgw==,type:comment]
user11: ENC[AES256_GCM,data:4HDGJq9nl8oGeQEo0XBEUiJweAaZ9yWc9Ib1TM91Djj2jH8d,iv:1i9/bZhHkhc8dP9Pg4gIRnCms61AP9VYxAG4acV3gpQ=,tag:vID9DEXZu3wGbXDqsLVEAg==,type:str]
#ENC[AES256_GCM,data:CdJubErTSg==,iv:UKn0lvbCzJnE241Tg3yjSx4xZNbp5sa/NfgIlRNU5z8=,tag:6FMGY6hbMQQFoN31z4e4uw==,type:comment]
user12: ENC[AES256_GCM,data:U+ynUYI+l6McI9oWF4PNiLUwvNowdseZ5gO8o73cX8MsXS2+,iv:r0KIBXczRkubZqyM/LUBPp/x9Zb/rvDJIKGGKkR3EfY=,tag:yn7806HD7ei57UtpuPjlkg==,type:str]
#ENC[AES256_GCM,data:3trgclrgDXhKUg==,iv:qyLmCBaB5ql950diUj7YlPi6P3a0hYH8adADEI0AGrU=,tag:Oleq79giA9/gYBO8Carznw==,type:comment]
user13: ENC[AES256_GCM,data:M6JXRrqnKrdihAA1aUg9zzJfhCK5TLLRf4wZkemnlHyaXnLL,iv:OA6i+BGYTr9gILE3jzFILLZvPRZeAvmSbXEStihN3aw=,tag:WcpTKRC8crDhzKHcxjtICQ==,type:str]
#ENC[AES256_GCM,data:VryB1AM=,iv:6FdWfpQ53bdpkXZ22gpy8GxKb1X7bak0K/Oa56mP7Uw=,tag:VBg7u7MSMl4Pr72W6ugYEg==,type:comment]
user14: ENC[AES256_GCM,data:g8y07VaxsuTs74L5xF/XDlmYetOfXFwHEr+FCHRtFLKwTAVq,iv:TjT49pTk97l3u1wGG7BmqZr/LAMC2765er3HGarOANw=,tag:zt1ojulNjWcuKIdix6NFJw==,type:str]
#ENC[AES256_GCM,data:Bawjfo3ubW1eXA==,iv:m2/ViC9AIZUV3Wl9EBYV5L0QQDw7QgXPpQ7WX22XpQ8=,tag:1wqpie9BuDi7BiDCvRIWog==,type:comment]
user15: ENC[AES256_GCM,data:2Ylnb7ZJgr3ha0rXrjkscPX9zJI2L9aydfL5Ndl2b9cJmVUC,iv:mu0GlGGXH4njmi4KzsvFSJN2zC5IcXVQ6oqVv2ClWpM=,tag:AIhnDqQehLyJY+wh7RWTYg==,type:str]
#ENC[AES256_GCM,data:uORLUE+excPAuw==,iv:K1Qch9qkg5T59+lcMC7vHWu1mnOv2dH5cOAZHX8HhgQ=,tag:chVMn/kb3Rr3f2igjbsAUA==,type:comment]
user16: ENC[AES256_GCM,data:D4lPjTb2kaYfUSCCRaMpGNtzLIfvPvfiJK+kkTQtSMOBglpN,iv:FCpHHBSKDYA+H6fgabNggXJlenzg5am5excBknpD1uU=,tag:FPQaBfLiZ5PBJa8gCpBfTA==,type:str]
#ENC[AES256_GCM,data:Cfs0Ul9BHWW/oQ==,iv:OOcRWmc7fy2RnE7+TtSBauKa1k1/unC1nFJ2SJ3yWqk=,tag:q6MjcXEYuep1eRw5BJspqw==,type:comment]
user17: ENC[AES256_GCM,data:2mzbUcGRye0cdgQxoTzSeKaM+m1dUPvKq61uBnGvZDFXrqQ7,iv:hxkruf0Xo1ZNJ/ym5YdLGJF5aK5nXZMJ46XC18Aksmc=,tag:KrUCTgDgYndxhi8QSYpGwA==,type:str]
#ENC[AES256_GCM,data:vHvpcqJaH2hPTg==,iv:S1WbgLU+15FMJr699YGY4f9r8wIg880tjJo6W6APhx0=,tag:F7fbA83eco8/Qd6u4vUMbA==,type:comment]
user18: ENC[AES256_GCM,data:LwZKy71ecB/E2EMIaUuFV0a7j+16EWo8LA9/0Gc8lpXAQpaT,iv:+cjrRDSvW7KFGDlpI6W+eDi3bux+eQl6NXNjnUoj7L0=,tag:PurtN+Vede0DNTQqbea1Ig==,type:str]
#ENC[AES256_GCM,data:rhbv9bL/0d7pGA==,iv:XvKiQWO72BfHhVRyti5ST9+f9tPUne2IcMNC08kD9r8=,tag:qhA6q4MrX3lAELrrGM8LCQ==,type:comment]
user19: ENC[AES256_GCM,data:jOyA913cS21eGwjUPY/XrQUBofoHwsCHghpmjzGx7cBzk/K0,iv:wXAnuSUhJ+gwGvMF7/YsfgeTHOvQC+S6rM5DzypvOuo=,tag:b/FsoypjkVYLSfyowNL2Nw==,type:str]
#ENC[AES256_GCM,data:Q48F7+SNdz7duKY=,iv:KIb6lIJWAVXKekBhwPztkySYDA7IP4jMjDsWy+waeFQ=,tag:s8hEz2zrh1ZXNKi/IuVV4Q==,type:comment]
user20: ENC[AES256_GCM,data:D6+eQdWO/W4P1ul9zQLpUQxqNA+kytz5ZHH6HmU/jwSuq3hU,iv:U4H7Ez0P3gWBLVeQ6O4PN4AmVP7Ij3oArhMmfT1BWic=,tag:l6TNsJFXXH/+yMcszkVRrQ==,type:str]
#ENC[AES256_GCM,data:F8qJksiC3Z8GbJc=,iv:yDBYQLUFFSXMn5Vo69rXzGBWzA+GkYw1qHS/ShisH7w=,tag:mnxj03thlYN5KhKDUO7hug==,type:comment]
user21: ENC[AES256_GCM,data:QeSxzBR6fLAyoUsA4aGKilYHcF42SNdkwjdwWZbxNvqZU6bf,iv:ocZGB4i8M7qM9Ypp3BUlGIdGL0AQx8NdO5yBZFLB6fk=,tag:WMFmljoJSnCU8BL/GfiZMg==,type:str]
#ENC[AES256_GCM,data:LxUne7UMT32f,iv:AyVaLB7Ni6HB5BE+InEG99TQsEzdQG7EXoHXC8PLGlQ=,tag:j5GoVfDsqoHypkxYFNPjyg==,type:comment]
user22: ENC[AES256_GCM,data:lzFvCb/zbTZs2jmYUfl3onGeWjBCdjxcIzAIff/fm6Qre+HZ,iv:eSiosE3eOrl7iLnOV41w+pwdtcske/4R1Bf1D1qxsOo=,tag:r69jFKp/FlxN3MEL5E6EXA==,type:str]
private-key: ENC[AES256_GCM,data:xz7xFt/g++E79bIl6AeBWATHDB+gHBIoXo5vdWTeyrAT1RtllgYie9k3Fg==,iv:x7fdmSINQA+F7a08jpuvCAg7vIZpsYaoX+EnitJMUCk=,tag:GAb/RRdAOlteIQPxeIMAXQ==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:OR3OA8qJsq1gAYiv1rShNa8eODzIxPOpVbqbnseSCMUNx4+FeOgReTLl7cXHPxbBkrJbsfEq5XYm1QtRtxotdw==,iv:6vz0ezsFuCNsBduNhm4VQ+it6oEJF/eMxktVFhdXgug=,tag:hmW7BwF9C53SAHhu2HBLYg==,type:str]
password: ENC[AES256_GCM,data:OaoqvUzWZz4LvVwZMbOSeq0mZyTqWT/E1Dt/N0XwEGwn9LLtarG/LrzV24BMS503N7NIxePVBK0jJCdbO7sI3Q==,iv:aaInNy3UmdF+aOu+Lzo7F0FvEVRbsn2XDwmYLNtYaFE=,tag:l/ONyeZJtZjS6IqwQgMs7A==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:5B1wPAOx3GsLDoYBKHWFzoyXFmn93fdcq6UC2rCt/P5zYLA4VNzfsp0=,iv:Y2gTLCmwB5wY4dhN73HRvTqSMVXbAEd+RjRbgUEuTeE=,tag:vcfNhXpG0C3twFBsm7PHwA==,type:str]
webui: ENC[AES256_GCM,data:Lg32DZ5GC+AYzWc4WloNMQlnpsqW67s5/kXzYwE=,iv:ECncgdYoLkX9GUOX26MXFSO8JOZahUDjTdKV87IRNJ8=,tag:J/5tTR3MI0iGIVDrlacYEg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -26,8 +165,7 @@ sops:
d0h3aDh5QXFZYWJFdmNVYnJxQ3pBeVUKTl0XVvtwJcz+RpSylgDPl/R8msInxvWX
eQGmrDHibeE1V+KSDiuNzC4MVRIrOnh1beHrhnVQ86HwPVgJqs2FoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-03T10:21:54Z"
mac: ENC[AES256_GCM,data:PVRdAhUKoNsFjPrSFZTFUKrb4qJK9nh1m+7IlJqiIbV55pSUHfjVjHkUjF03tGX4IhtmUlgjzKiF8m8uIEEc2VB3OyCRN/0Ao7OqUkPdoxMjCM10R/1LUqS4rGJ7kM5r5pAJPEnOzu/vhROqUO8sg7W52XxYd7C6pChmMKAo1/Y=,iv:BjldNYQ0MsLWGt9NEEg9r1wYhW2W/Tn4FqZP1DcgZLI=,tag:c07hlN/ZY3gvyF6EOPnSPA==,type:str]
pgp: []
lastmodified: "2025-05-16T02:55:19Z"
mac: ENC[AES256_GCM,data:fsqb3NvXwyoGWfcJEV04XcWiifB/zEW+LU8twQ2sY3cZWR5KHAWgVXCXrCunYiSy/Q5nf+ldTgoXKdmNu1pVOJQQXRCY1q1y9MV36msAfIUc1hdkDlo2ka5+d4aBcpqr5nPo5ZU6GJ5by1p8WIPSOWCGfsqMMlKhIWJ+8YaqokU=,iv:cfveyxa/0/qKRHc6wsjAC9stZSkgF85khnp3LTtF+K0=,tag:5vVFg0isyJcg3Twhq5Ouaw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.10.2

25
devices/test-pc-vm/default.nix Normal file
View File

@@ -0,0 +1,25 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
networking = {};
};
hardware.cpus = [ "amd" ];
services.sshd = {};
};
};
}

26
devices/test-pc-vm/secrets.yaml Normal file
View File

@@ -0,0 +1,26 @@
nixvirt:
chn: ENC[AES256_GCM,data:0llBtdnPLl8=,iv:0w0huoNCvIiaL77Thj1iAwRY5edDlN7I4mMwiNKCzOc=,tag:Eh1b7dymn7jQtL5/rsxC1Q==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcldLRERrOHdadVA4RXdQ
dmsxL1o5aDdJTitqdXBzRWxqVmZKUzFtTlUwCnc2a1N4WUNEVUhsSlFuSExjR0Rl
TlFnNjVpUkpmbWdxYW5oblk5dGQ0THMKLS0tIDFBa0FKQXBPYThFTUwvd2tIaU9p
TERYVkp3dkUxU2ZaTnFRamRKclRRa1EKosUuvJXekUIxIHL8s/QuZf+hCXQS5dMC
HqZ74f/jvIW8i/Etu29VtK3n8MD8W1EenhJjfxOvhpRpLpzQP2GImg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK2F0R1JRR2t6NDhXVnVD
Unh5QmxDaGJtWmhsb1ZDRkMzUlpSeU9GL3lNCkU0ZVYxaWs3MHZDQlNHS25WMTl3
VVVtQUlxeXNQNVQrSTdSbWYzSmlPVGMKLS0tIDlyRm1tYlR3WU9ISjc2T3BSY2FP
Z3h2QWh6eDB6L1krbU9SS050dUhEamMKHnvdCmLuhuIfeBRs3LJ6IEatqrlMJNnc
vhPTVgfn+M8dGo+odTTwlvr5XGzE5cMSxGtdSE33JsbBFfVyaPCFjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-16T05:29:11Z"
mac: ENC[AES256_GCM,data:s1HBVQUDbYP63EntEXe/+9mqFj2zGEtx3ibFauBYmjJvtvw2hs44ODNebMxjasT8zTYICJWWZJxwMvpUs/CbcmSjPAXTV8379lzlOmG2wZLezF+9jWdJi3ZDvM9Y1D0/4GnaIRHof/+kPn/ykFE/gQhP5PQ4OtoV+VTR2fuwDaA=,iv:TUTM8tyZxiAjU3afazfmse+LL53hrSFSCIX4KIDyQq8=,tag:Vx4GsOPAXaZz0rEjsJS8sw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

50
devices/test-pc/default.nix Normal file
View File

@@ -0,0 +1,50 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
networking = {};
};
hardware.cpus = [ "amd" ];
services =
{
sshd = {};
nixvirt =
{
subnet = 123;
instance =
{
chn =
{
hardware = { memoryMB = 2048; cpus = 4; };
network =
{
address = 2;
portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
};
};
chn2 =
{
owner = "chn";
hardware = { memoryMB = 2048; cpus = 4; };
network = { address = 3; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
};
};
};
};
};
}

27
devices/test-pc/secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
nixvirt:
chn: ENC[AES256_GCM,data:0llBtdnPLl8=,iv:0w0huoNCvIiaL77Thj1iAwRY5edDlN7I4mMwiNKCzOc=,tag:Eh1b7dymn7jQtL5/rsxC1Q==,type:str]
chn2: ENC[AES256_GCM,data:vlvFNwMfTMg=,iv:DKgX3DCvkfADF/Pj31bRTx/dfTiMxv/JaeN76Kppob8=,tag:SOioaCz/CvvLn2jB+08THQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SGQ0R20zci9aU1l4d2Fs
YkRZQ1FGUW1vSEd3S3FBdGlSTXB4dW54UVJJCk5MMEFZSzdYTFRQL1FRZUFWTXFh
cC90bUx2dkdHUFVoMkhyNjR6U0w1QTAKLS0tIDZHZE4yNlV4cFBTVGN4c3VYZXZ5
enZoU21MQ2VJbHlhSnhwUkNXZjV6OXcKzvdz1TNs/PDISx+QSi6cJ8vWNtZo4jfD
qsrwpxvHou/wptLzYg5gXQuXB0izpOW/AtqA1XqLcTUbLzcRhqFvMg==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWUJVZmdVbWxXck5EY0tR
cFRwZTlWVVpObjFneE95bXNPSUxjNE1DTlg0ClNQRy8yVmF6QWxuY3RGLzdJVEE4
WXEwb1NGVUlJWFRqeWlyN1J0eE15QnMKLS0tIENRQWJ0VXlzNHV6MXh0QUVRZlJu
RFFteDMzeGltVER3QjlpdUllZVNJS3MKyOMAu5xYr1z0YlNDFvaE4l4bposMTPUJ
K13yerfRBxDlOrMhG/lSovusBPkmS3HejDedGgYi1WMvgLuOkNWZ2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-18T01:55:44Z"
mac: ENC[AES256_GCM,data:wGHagytOT30EgjPezkaLXrqml/tn8oMzplYgThb9JbnXJzpCMnZnXeAlnRW/zdXY+Vt+kRfGCm2W/3sif5wB+gu5DCIeGC6OZy9brMVIQLceQ6Wp7IwPTDjMIGYtqe+T3QX6LFAMPUVZOHNBL9eRdO27G2TGP1ojH69MwNt4aQo=,iv:Rn26bQ8crsVFbLAxPcvLeQWwRP484rS/UFnmg8xeTwc=,tag:zs4S6VPNKFUZU6xxC2rIuQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

29
devices/test/default.nix Normal file
View File

@@ -0,0 +1,29 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "haswell";
networking = {};
};
hardware.cpus = [ "intel" ];
services =
{
sshd = {};
nginx = { enable = true; applications.example = {}; };
};
};
};
}

30
devices/test/secrets.yaml Normal file
View File

@@ -0,0 +1,30 @@
hello: ENC[AES256_GCM,data:y6Kl7kHqgft7T1eiFEeIppvosCACIcVWIQm6TzjS6RgUkJEg17GEZFRy2zTvVg==,iv:wChah8rTtEkkR8pRHO9NdhaGBwsTrrP+tPp7k2SOdn0=,tag:jRdYgJoKz+Q+/m8l/03JoQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcldLRERrOHdadVA4RXdQ
dmsxL1o5aDdJTitqdXBzRWxqVmZKUzFtTlUwCnc2a1N4WUNEVUhsSlFuSExjR0Rl
TlFnNjVpUkpmbWdxYW5oblk5dGQ0THMKLS0tIDFBa0FKQXBPYThFTUwvd2tIaU9p
TERYVkp3dkUxU2ZaTnFRamRKclRRa1EKosUuvJXekUIxIHL8s/QuZf+hCXQS5dMC
HqZ74f/jvIW8i/Etu29VtK3n8MD8W1EenhJjfxOvhpRpLpzQP2GImg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK2F0R1JRR2t6NDhXVnVD
Unh5QmxDaGJtWmhsb1ZDRkMzUlpSeU9GL3lNCkU0ZVYxaWs3MHZDQlNHS25WMTl3
VVVtQUlxeXNQNVQrSTdSbWYzSmlPVGMKLS0tIDlyRm1tYlR3WU9ISjc2T3BSY2FP
Z3h2QWh6eDB6L1krbU9SS050dUhEamMKHnvdCmLuhuIfeBRs3LJ6IEatqrlMJNnc
vhPTVgfn+M8dGo+odTTwlvr5XGzE5cMSxGtdSE33JsbBFfVyaPCFjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-10T03:54:30Z"
mac: ENC[AES256_GCM,data:JMr6ybbOk7tDZKUo11bd0xwUfLUuE4DIB5sYOCEVuaXLpDirgMgNSQgayqnnYDLOC7kGA7wDbbcxWhdaT8TcyYwdeha3SgA9mjkruPtOZ4R+ozfLDeqa59h2P+xronaOCDdl9G2JbhLA+k/S2ImBP43iPbcycJViSQs0RrntMxY=,iv:3ZILO4L01r4I2SJWOxe4pp9XLWo6KPPl3t/IbIf07+8=,tag:jhf73Y42fOYmeQS2oA0qSA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

36
devices/vps4/default.nix Normal file
View File

@@ -0,0 +1,36 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
initrd.sshd = {};
networking = {};
};
services =
{
sshd = {};
fail2ban = {};
beesd."/".hashTableSizeMB = 64;
xray.server.serverName = "xserver.vps4.chn.moe";
};
};
};
}

51
devices/vps4/secrets.yaml Normal file
View File

@@ -0,0 +1,51 @@
xray-server:
clients:
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
#ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
acme:
token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T03:19:55Z"
mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
devices/vps6/default.nix
View File

@@ -42,7 +42,7 @@ inputs:
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
[ "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.vps7.chn.moe"; })
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.srv3.chn.moe"; })
[ "xn--s8w913fdga" "misskey" "synapse" "matrix" "send" "api" "git" "grafana" "peertube" ]));
applications =
{

46
devices/vps6/secrets.yaml
View File

@@ -7,47 +7,44 @@ xray-server:
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
#ENC[AES256_GCM,data:93BxR0AEdQ==,iv:rf69GWpuxYt7fu1Fyv55pynuQDhi+TA5CwZK3cc3yBo=,tag:/hLy6atNMxLw6G3/qgMM4g==,type:comment]
#ENC[AES256_GCM,data:s6BwbmIwmC1J+vA27pPGh0Q+Rmowkd8ES3hYOny3vX+tjWtW+qiWBz2A9M4=,iv:XXPPaVyP7fEUhNJay2mjjC2f3Vg3wYtBUDoSYQt1Iew=,tag:B2WAfg2Oqwp0t0gE7Jdq6w==,type:comment]
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
#ENC[AES256_GCM,data:RVChRrOl3R8DiKPS7yduAu5RG7d4VkOZ5akRTp18mK7Hz/xQ7FpxlNqGJcQ=,iv:j7naYq9tD+G5dDB8+hyUVosA3p2O4wlkcxIBlO7hRdo=,tag:TvlSmZwTDGLCX7qOR5Clhg==,type:comment]
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
#ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str]
#ENC[AES256_GCM,data:nTsDaAIVIP28YBCw0XONqWoYziAYhszJhLBlJfbFM6w2NB0nQcYWAanhkkA=,iv:rezGcsfxcAUjTtBFd099TDrV+K59cb0gbJCCVqH+nCA=,tag:5g2Zl82MNuHTf12Tb0GWcg==,type:comment]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
user8: ENC[AES256_GCM,data:H1gPtqF8vryD0rVH7HYzpMuZ3lufOBYczKwaTr4PidQtTyQK,iv:wh7NwFc/1ogNrnTTpm5L9dBqDVkvWiIsJZelR2mtR4Q=,tag:oEFdMFZJ9UYhsSVdefJ4rg==,type:str]
#ENC[AES256_GCM,data:hG7EUK7V9QObh7rHKtgTESwNLOf16WXoQrCAAEiK8Nzsr7atwh9DqNIJAww=,iv:3zAY7CImCzvNmsVK/OG3VgYSUL1wdt+keYtuskGO7Gg=,tag:7JeGHrlVkAUOX7bhd8UJaA==,type:comment]
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
user9: ENC[AES256_GCM,data:HVK9KvGfOcwn1joc3VrkjBjE6hrxQPOBD5RTtQUgBPepToh6,iv:VK9aQ64L/GajpledBxC8PNB1BdNYEqwcdL3GKttgxvs=,tag:O/piztCYBARtAFxTMNXGaA==,type:str]
#ENC[AES256_GCM,data:C6ri4a3iCXf7I3PWSoPk1y4143TTFugot1MMxdawWxGyfg/P7SYUBMs+T0U=,iv:v2lCOw+p0hJhXNsUpTSCvqNSBtPaPJGMrk6ukJYtB+w=,tag:WXq9rUYDQKN/cZzZ7CFQvA==,type:comment]
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
user10: ENC[AES256_GCM,data:xjVkr/wy7OxRuNZKfQagfNxdVxTEyQP1ZhnR6jHy2gjBQ0RD,iv:G6iOBCHOqlvfEENY/ega/TUm81wgT2OOdZKZ6bPfg9o=,tag:p8AMa3bGsIl0hWQ09lSzgA==,type:str]
#ENC[AES256_GCM,data:Gs2pJl4YMPRBDZCmd/1ycXJcArdIb8cUAQ+09OuRm7z/x1ATc9xVr7dE+C4b,iv:JYf4sTzJh7PoQe5yFAC60mJ5zKUIof7QKm5jMfiF5xE=,tag:/CJPT/OmblQvzqkQ1VCP/Q==,type:comment]
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
user11: ENC[AES256_GCM,data:BIZ2zRgGv5/9AexiZZvu+m4A62YUWtAkjWWMu89GteqpWMBq,iv:13IJcDf18LjoxJk7uoKnuFZT6Ihxrxsy7DBaAaiFqus=,tag:RN7wj+uPneCkqNlMRyYrXw==,type:str]
#ENC[AES256_GCM,data:JOabknMamJFImHErEcsrAMuYBXzJkw/Gm0+6rWrer2ePsoOakN/A3ByCPzwQ,iv:wnUFMeGfkUMkkpJBrFswy1SwJzVBDehEoilnzb43MgY=,tag:sXCKkiwtDp9v7ptpuAfOhQ==,type:comment]
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str]
#ENC[AES256_GCM,data:LRRsL6u+FH3jHa8UAhEXrb3UTQss9piBle2aH2xuuFw0cupmRd5PlSOBIbvQ,iv:0cccpn4bWkrla6COI5g6pDDW1JoVK4UULYteXoJp38s=,tag:+EFlWxGIw7k85Q2RIL/YHg==,type:comment]
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
user13: ENC[AES256_GCM,data:ExbnvWDIBqga5+k2mpoT8AKBOXAvUNMjBTPXUKrmtWzz4l+L,iv:UI7CvSx2FHYGf6BEHS4e3iwHZZWkl2Zt5xg2WdKbLvY=,tag:ad0c7YW2Bxo+Dn+BoSZ0Ng==,type:str]
#ENC[AES256_GCM,data:JFKeeVBSBO8pWttZy/fTX1YaVV69Et1GmHVDLZ1E5vUY3BvajjjS04t7V5TG,iv:rZJQTe5+YgJ6X6uPoQcpTw4AF+gQCVSMe7maFetLEPg=,tag:H4ravqgOgQYgVXMayv7tXw==,type:comment]
#ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
user14: ENC[AES256_GCM,data:dgNPPlJD5JOFPbKhlvlRHBLmUNKeDm/JAiawUVpBE7H07Box,iv:w+t9BkqYvlxVKr+x0MwtBz0/YSR/7z1OnZLIoPdW4gc=,tag:CR3GLbaO0jSQgA2HuwzRqg==,type:str]
#ENC[AES256_GCM,data:X80nhW5a/JQ1IQ==,iv:2UTsNLLDr4uBAEcPyvmep1fqH43JLUiHc/zqQWChfDk=,tag:DJEArs1nVnlcJgqM2uy17A==,type:comment]
user15: ENC[AES256_GCM,data:6AskiMLLl0HV6tm2rYpV46XW0jePQy+wme2oi3M7He7WsgVM,iv:lGfnFn69Vnjv5J3rp5sRazD5/B+8Nk8MNG7HIyf4HKA=,tag:Vbg82tdn3noOfhKVVx0Phg==,type:str]
#ENC[AES256_GCM,data:dpOaSMuXhIiwb+yD3TgOIKkeWBusQvqHbj4PuvH/anF5/P8JagplDpBSIimJ,iv:PkVIthbA21sFC4J4VmwZ/1HZqA6qbjVPnJoRszmeVbs=,tag:PcXPRYLzuC9F0YfNT4mi3A==,type:comment]
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
user16: ENC[AES256_GCM,data:fo6KJXlPDn7+FmxjEJQo9d79rDYemLFx6LanYZcJpKJR7Gxq,iv:yEUKPNZ9idrSqyVO9fhksP/7bjPMT/LzNK2VSq503/c=,tag:M87D44SIo9JzDB3ZyKu7fA==,type:str]
#ENC[AES256_GCM,data:DeWybZ68gAH4cukohO+OQqeNrnRlUdclGHFeH8aBcn0aq1iWh1UCgtiT5xXd,iv:HYq+CiPWCswr+7+uwUblN8N6T38WU/qu9F5VzaLp4Gg=,tag:YKunlBxH4H71FRSuPxR8Uw==,type:comment]
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
user17: ENC[AES256_GCM,data:gQInIcNFxJuCSsMDGq4yTp5JdMMmJRy1tY3PGLoLuuIXWV0a,iv:ya4n9Z7T9/bxeHqi5QqwJprEzDMsT6X0BuEXRS67wWk=,tag:RcjQfAHv8uc3PgN5c4bySA==,type:str]
#ENC[AES256_GCM,data:tkJTZZjJfQdU0EDQw9mmc1GRlSpqdwOdsE/QCw4BedDbixjElKqUC5MPRR/b,iv:/3obljBcGiXJfzlTQivkVcaWWcsiqokuU/DmUTchpwg=,tag:E80OLtqoM5XuGk2/xYBYKw==,type:comment]
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
user18: ENC[AES256_GCM,data:dssxPEv8srXydunolaaDAYYo+BOXhp2PoqidOWH3z6NYBpyB,iv:WCLcMMwQJiHZBwreQpaOZp2saXvjBwgYUqSf7HQhMgA=,tag:5jsAVcgAgO+7JhBINz6tzQ==,type:str]
#ENC[AES256_GCM,data:LXBBph+nPScs6CSHPKwMSvcgFtWrmcOHEhhDZUNClb/7ixJFno82QnRwrnTp,iv:00I8csKFj65qeK8RPbbQ18oQZBrYKeFV3eGwfFXyGDc=,tag:uWUPNfu5Tmqr2LDkijc5cA==,type:comment]
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
user19: ENC[AES256_GCM,data:+Mh15DR9xvFAwks86iuHEA9FpObKWTSuVOEzUDpBUS/h0hOz,iv:zYIkic2bibvwCBpomnJ9465mda1rbm3RERBZY9twXuc=,tag:bwdL6DAGgkGYhYFI2C4A+A==,type:str]
#ENC[AES256_GCM,data:ttTvPgRtQ4tYmYBSNaO+Bbs/Kz85vuNX+2Od4cOG6yD9yqrSdfLRwVvedVol,iv:ZWZX5rytwefvte/NgNlmmp9FN9vuZ62KVhVgVwX+g7s=,tag:uXx87i/ly6GkLgXA4+QULw==,type:comment]
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
user22: ENC[AES256_GCM,data:G+Ls2+bbcP4RmeYhPF44STdbqNiw0UZVxac6GQXJUyCehgjm,iv:vXbwtGWgBINUauS4rsDj+4yoropzZ4IHOZxF9/jLPTY=,tag:SN1BZbQTOfcAF6krXEXtjA==,type:str]
#ENC[AES256_GCM,data:FnindYeqk6g6aZgajHVejfHPqeF+uSX3QzbrDS6XLZz52aQF5ZQSiJQCaDha,iv:c/mrS0jfy5EzQe4Tkm0QqBH9/okJnCsRZFGhzSjeit0=,tag:e5otDw+I2d7moybCx4jeqw==,type:comment]
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
send:
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
@@ -55,10 +52,6 @@ coturn:
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
wireguard: ENC[AES256_GCM,data:5M7EAy/6+2UASWkjxE0Jrxwl0aNdAVZaUjQnD1wU3YvOAQ/c2DSL8hVtKf8=,iv:a2tXFf1+aP0JhdNtzP8e82KJ71m2o8nx+G0wIx4VMig=,tag:l4TS4QBz2fIkC9/GnZgHnQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
@@ -78,8 +71,7 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-16T14:15:31Z"
mac: ENC[AES256_GCM,data:XOG+e115arZG1uvFoLxCfAqr2pLI2ndS6bZKRyQlWaJK0Gti8RpQt1jVZ+Q3y5Ga8tpAvd7k5MYgRL0/H400ENCleM3vsh5s3VXjlSSxq4mfdkwhUH2E0t8OQyf8VXvs0SXZKhTOljETPu1pggB6iFUfEZ5e0kKRLRYWI4Tt94Y=,iv:mt60iMiKTcQP4b/f684j2IyFSWYzmq3XGK19CfZB53c=,tag:NyhQ0Lptv2E4jHuYAxcelA==,type:str]
pgp: []
lastmodified: "2025-05-18T07:37:52Z"
mac: ENC[AES256_GCM,data:nfUU2BsDuErJGm8sVB9shRv4N+cIFZmAF1vWF4iZmcJwjP2PekVWcp4COPAlapy5oVhMutr39oW6VsltTR27jVxhI4+dueurMU7KRLD5Bwpk5hQmMAfZxvl4GaP50zehJbCwfApiX9CcjwCUxUjraTs4rG6LK2+8d5Z0PYosm2A=,iv:TR63cpbe3z0K4bWpbEnv/DE9jnAJV1Zv+Aj0HXoA16Y=,tag:fS78JUapMvBtZCFtM1z07A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.10.2

58
devices/vps7/default.nix
View File

@@ -1,58 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
initrd.sshd = {};
networking = {};
};
services =
{
sshd = {};
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden.enable = true;
beesd."/".hashTableSizeMB = 128;
photoprism.enable = true;
nextcloud = {};
freshrss.enable = true;
send = {};
huginn = {};
fz-new-order = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana = {};
fail2ban = {};
xray.server.serverName = "xserver.vps7.chn.moe";
docker = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
open-webui.ollamaHost = "192.168.83.3";
};
};
};
}

133
devices/vps7/secrets.yaml
View File

@@ -1,133 +0,0 @@
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
led: ENC[AES256_GCM,data:Vb2p9v7U,iv:xJcKgvbc0KAP31uTpFiYlpvPoEHMWH3VkEqqyINKcyk=,tag:X2R+CHFj4N4i7cAK88IoSA==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str]
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str]
synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
youtube-client-id: ENC[AES256_GCM,data:dPo4+HsfXHdxrgF9F0qJmOGcSHDCn2KIkHx3ZYZU94iv8ImiPI9dTRfoz0zq8UIN7rwIKidQu9GxCRrg9aXk34pc35SXzEh8JQ==,iv:ROVHb0QjVsNae9eJevG6qc5dc4gkrGt+Y7S2QYrzmQ4=,tag:Advoh75OKPC7CnIeL4GFbA==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:c/ALpo/4qJdccMgYiSLg9ZgG7ddaMYxHwJYZ/ogJN2ED21k=,iv:CkrIq+Vpuq28CsRNwdKRLnBq6L8NF37y4xhhnmHQHqQ=,tag:SKtHpm/QZWnGViDtSKlUUQ==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:DgpvRB7IuRe1KuPFqhCbtyFrC02AUlaA9UWS+d8ix0nweItXwZrkqC03lXQY7nJr54H3SfKXNhtUp4nJmV2hqNQOqekrXVsKrG++UmcAr5Ciw1lTmilqM220igJ9YwiHxtsZrWgp4sTPlTTQIFu5xrGnvlSntBjXAjzStTk1R4XRmLV427QuKbNNQ5MjPXS1PYrtN0d4/qXLx74pNd9ZsNd9F4V0E75Zt6vKE8F7aA==,iv:5Lu/HD8Iw655pg84eFs2eEQS68QqA99uMBHlgelZvrI=,tag:Pnd7VWIAgNt+1vo+vyWDpQ==,type:str]
mail:
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:9MDq0eXLHjJ8Cd2d1iogS1lnjI0A2+0ZK8OtLKRLqT16BVzQQJyhbkAYwkn1+9ppfrazsHFGrk7DVsA7PWjdmA==,iv:SOjwZIyzkMK9Q1fGkmBSr6nSIarNe/WeD91GPJRuZjg=,tag:1GljmXdK80NKTPSg6xJz0A==,type:str]
registration: ENC[AES256_GCM,data:MmRJ3el59XaTwFImuCsiAm2zXeGhgvyUyw9AIv7FvxR4N3YWnHKALcQJtG52N4bmLXU=,iv:vm2R7XGzGET0eTcD2trl3xD2I09NzYmx5NPIY4KK4xM=,tag:exm8/ehPufeqtp6j61ap0Q==,type:str]
macaroon: ENC[AES256_GCM,data:2/8GuF/a+ocVtLN0PU17JDvXw/RoXX/CXFHPlI9THl5bY8lBm6tEawijnOKVoFLovfU=,iv:GPAr3ZjqLf9ixevsZoQgs4cPkv0VL4WJoFfQZOdThlw=,tag:HRt/igDEfUJ3K39mG7b9Fg==,type:str]
form: ENC[AES256_GCM,data:Z9cYL9ibRWmOhAYtB269n0cWZSvL4zGgc03ZRag0m8cz2j0god/Fn/w6kx3cyGK1C70=,iv:Yst6WSV63IvbMF5nnicIoBj77eSwVMnAHtHrKo2UcDk=,tag:4qf6F2rdctcCf4J9vECvYg==,type:str]
signing-key: ENC[AES256_GCM,data:BbPJiNcVTqMAL2XG3K3CIbsb8EM4r8ct/WxPK10FHRwAnqChKy3CAviYU9gewO/tNZXHvUYUAUbPww==,iv:IZB/40EE3DIxAqagdH/a4kcSmiec5l24XLCQKCQNaRo=,tag:/1t0WAPBYmYrPTx4V4wgkw==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:MwZKkYMefshuk46Cne4wn9ooFH8RCDbrxp+MbLJWli9iPHuzJJzUuQNU9EDL0aNbzyYEMt/7DErw42z6KrpGww==,iv:u/SVVTgfJO2FakiYU+uLHXjA4tHU/W6ASsR3S31+pWs=,tag:VTeKNOKwm2bsiZAOVXeBOQ==,type:str]
registration: ENC[AES256_GCM,data:+pA61vTg12lYUyXjLrHSY7y/ExfTQffLlGUI4HBOSFFPTck7bu68FrCaHOIBTtEMfjU=,iv:Ex/phkBZxglG8HiRz+m7h2HNanpq2Pxwbm08vdM3xFc=,tag:mM3YEa70FnCeYIUthK4TeA==,type:str]
macaroon: ENC[AES256_GCM,data:/+RaayKiPPpVV7OWWdaSkSSRHMjb8d58lZcpvltN9cYkN1btvMViEgdLSlfqzRRlPUE=,iv:pg9GXgNsrVWKlUAiCKZ2pYXugRH6MsBIMpHKoYWYLik=,tag:/mj5Ak7XAX/FH7sNPEVALw==,type:str]
form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:yFDD8GHjZWHN/Yh53DseevKAhDVwrHX60e8sGZnF4BUsUuPA/4S2PRzj7CtlpFzUH3kb0i+HkLKRvbchg93U3as=,iv:JGG7daEKs0oMKTNVi9GS7PrXn/8rFtVkHknACsEQR+g=,tag:RSN6fojLsI4dcuPu2eTiWA==,type:comment]
admin_token: ENC[AES256_GCM,data:OpjREmxJSRj+aGVoP8KKRE7ClNqRtaV8va4WLVmpl1AO6D0q/GapJvhORHQb5s5ZjIAgvWTz1w+fh050Q9sPwRsNUke3FIcyeNy7k0PHgnnVIdxnU1Vn9KMz/SovjQ0/qEQ7tArvW/EXtKfwnP9lsz9m94VBvA==,iv:9AvDqMa2PeQOSrP2th3YBgA2RxPl3oKZTyUzi/yjRTM=,tag:HYFTQDgWvBsHQk8IZxWkfw==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str]
huginn: ENC[AES256_GCM,data:1Tdg1WDwGgFSXdChgif8knWS24BIFYnmaiSjJXxs5uj/v/5fJ1alb4K4XHW/kFRjQbuAOFfJiJ9ogJ1KAyk17A==,iv:qLMaQpVaKrjP7g2lWzhaNLghxwiV4YJmyYY1hrpu5I8=,tag:566JCENvOxgwD7tM3aQBiw==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:1rglLrLtRf3yXQwfHDMZLewk8ueIbMFOC+1mtoAyLKnDmcQAoEQZ1vHw/hpKkFXJQ+QyX3sP8eUjRXuBEIVl3A==,iv:lfEGPEw9ybSdOYLDdaGCLXKgCvgRxn3k9eIy2DJHDYU=,tag:j4qRexbEAgK5HAGhr/wxfA==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:XGcgfuRozJ/xowtmFPSW,iv:yZ9LTuVE8dGyrtE3vxLA2jLErvmt67XC0jefl1njiOM=,tag:J5d+oGFWhfXEFwVOnsJ2iA==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:+m2AabRzUiCFy3MAKTB8d1IE05WHTcmZ,iv:ccdIPHl9N+bvPR/QCwZUwZOfWTeW6gWhhBjOpL85JRg=,tag:Ir2085K04XUGkAuoCG+7VQ==,type:str]
fz-new-order:
token: ENC[AES256_GCM,data:qhwWRflJbW1QMOhiPfbTIrEdQJyVtfZ1QycCgstdKD1Nh40=,iv:GvZ8MJig64l34jkvuJbMMjyNaPT5yz0/pFCc6KEPTvA=,tag:cMXo/6F9thl8k2iAhT507Q==,type:str]
uids:
#ENC[AES256_GCM,data:O3DOE3jFCg==,iv:9shUoHCLXsJPKHELlyWdreouEcyOqhsfVI2KaqwC4CU=,tag:tYKVv+/DuesSijZwWGdrig==,type:comment]
user0: ENC[AES256_GCM,data:2sieulGmi7mCYrJH24djrrmHArrFbOHZ9wUuKvY4f2k=,iv:lb5ODFOeQQ+D9HZnMw48n/DGRB7L51U4frBVcPx1mvk=,tag:MwZua6u+G478uGOwtGu4fQ==,type:str]
#ENC[AES256_GCM,data:yeA9zF8Tug==,iv:VZuWLZnt1RBmkBWudKVvgJkYfqxIj/umEHVCfR6IG3k=,tag:1kj7HyjVT59n05VYJ1uP+w==,type:comment]
user1: ENC[AES256_GCM,data:Aw0ydspmf+PXKU27Pdzn4q/nY4sxXCADL1WGB7vm3eo=,iv:uTmVvGlW1HfdvoNbupSw3GyShsWTGVCoNrvVJ5BPUy0=,tag:k9KIoCWM6bSprwR8dmN+Hg==,type:str]
#ENC[AES256_GCM,data:4G7DyLVVgQ==,iv:Ht/exln1QtL2BxjCaOTIXHRPDiSFYP4zIa7VaeMCuhE=,tag:btVLXf+WS/YgzRFbVFoAfQ==,type:comment]
user2: ENC[AES256_GCM,data:P5gmhaQ+VOWVOjTrsx34zUS8dsqIkzCwOImIE8TIfUc=,iv:IoJIUcNJmaBTyr0Ut6R7BN/UqyK8p4HtiwbXUl171pE=,tag:k99PGSL1cEALTmFVWH1uSg==,type:str]
#ENC[AES256_GCM,data:TGrZBuCRgQ==,iv:9IOJ3Bkw9udS/y93TTtZ9o79aDq3Bb+DMEogJG77iqA=,tag:S/XcPX1f89IyfZnMoR9s/A==,type:comment]
user3: ENC[AES256_GCM,data:cAzf2X20rtQYyz1rLK6b4jo8utuUOdUHVYfCWdfPTDY=,iv:L5cg7aNdfnLTH2dKl4bWCqaujJ9tIvBJrJIoDIaBLwk=,tag:9Al6Wig4lz1my6hgozSsIA==,type:str]
#ENC[AES256_GCM,data:b4iJ73sUoQ==,iv:A2hmi7lCR15E5jVR8E71GQuHgF4TdjDuQadXOtBon6k=,tag:eopTJdjN16u7PtpZdhKymQ==,type:comment]
user4: ENC[AES256_GCM,data:nUJ0lPuFOUVGCtq0IRSh5dAkAna7hoow1YOtFEgSoZc=,iv:D8phoZxdbQ2/Zaeq8498eRb0a7SZD5WnVdKv+u2pBak=,tag:Obu01n34JjyAVnF0f3uKzg==,type:str]
config0:
username: ENC[AES256_GCM,data:p8+q8u1A,iv:9s52kS5yLB4vQuGVXNtA4amZqT3eHTTybsbsQZRiFnk=,tag:7SA4SEzMHpP9H/rwoE+UJQ==,type:str]
password: ENC[AES256_GCM,data:58+gFodT,iv:ohZlT1BwnzCYv84xHgFsLRkiPMpE8lB8QVHwr0QtDWc=,tag:XF047RnXs6IbKsTnsm0D6g==,type:str]
comment: ENC[AES256_GCM,data:T4XcbF1c,iv:hHdsMjU8rzPiduhT05v98pgDqxRW/Km5zmXCEZaT2AI=,tag:LWvwIEfbW2IuDELr4fEXKg==,type:str]
config1:
username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
grafana:
secret: ENC[AES256_GCM,data:QYhopqGcHGr+24qYlfaTdMtnyzmIZYG4PcvS9KYqC24W3M+HmloCkPHh7Y3ZTVg8MnrDGOcbA9YPLdY7eh/u4g==,iv:dh7egVIem2bgDbmWJ1sqH9fLdIYbAIQjnjNvyuEjVq0=,tag:DbIRVHbCcpKGcNc6sDTasA==,type:str]
chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
wireguard: ENC[AES256_GCM,data:rPZxIQ18KILFsCsriD0z649UqWPAl8M+49GI7bsEHr0t10rlYS8RiZFeKHk=,iv:rfS/PsX7y3ZBCs9YYPM4VoK9i7S2ShGHzcpBATx8Ots=,tag:i0spG0ZxB2Jm6XZwe19VDQ==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:aAZS,iv:Z+iJG7yC6HJeNdKCCpsZSc9Ny7kAt6GYfXUtZozMb4A=,tag:iMfwjqqmLvu5a8YpF7a0zQ==,type:comment]
user0: ENC[AES256_GCM,data:Q8MFrN/3SRgzSlwTx2GmpP/gvG1vpYiVgjsESzUoomsJaigP,iv:oLsf7AX3FE0tFOkJAbqrZVrCa6UxKjp450Sl1rs2Vs0=,tag:5w+AX0p4Or1GAQsEU3NxOQ==,type:str]
#ENC[AES256_GCM,data:j3zVwqHmag==,iv:8+ol60wNlbV2RzMBe47VxIrZuec8aXDUNcQvHcxKuiA=,tag:1AgCMfZf9vzWiWDS6hkw2Q==,type:comment]
user1: ENC[AES256_GCM,data:ucCiL7uoSafFUP9IiwKOjJqgwNxNLmuHxYXsLYl0fBgbCT3F,iv:RbNPwvSWibODQqySRc+YW65nUvRwaeXT0eDh02sfrwM=,tag:iE7GGrkBxljBT9HdPzDOfA==,type:str]
#ENC[AES256_GCM,data:x7dwVDe22M8=,iv:+fT7VUxZGd8SgS0PnEBqHLPLDuywu4s01iWB6TA/BKQ=,tag:CxfP7xSd4L9RBulSfViHaQ==,type:comment]
user2: ENC[AES256_GCM,data:e6PbRg30dzOJSXNmU6TML4AaFsSWEvZwN7MHAEX6fEW2p3hW,iv:Y+YYAO6hY9e/T8LSCr34M7riGmSzFIocmWwAwWjnZQs=,tag:LTkdGcRyrx7HqvbSYSsv4A==,type:str]
#ENC[AES256_GCM,data:j83rYg==,iv:3oEdAoVz7aMcezcy2chTO0LQTtKpTrJJoQZx3PC03BU=,tag:ABteEIyr2Y6MbGQhmrQySQ==,type:comment]
user3: ENC[AES256_GCM,data:Uk0Ax9FVzmmYs+ggWy7z6FEkuj2tppGlvnQdoW6PDI1VA9oI,iv:wSxigXleRUalQR1/TzKfdUVrdyEUuq+Wg42gSv1QMAI=,tag:qn6nBWv6MlGhMarCfI13BA==,type:str]
private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:wMSmoEMLcjbMkEOdzCt1CGbmGZ/iMOWk7PR4m452K+/gEQy00wa6B98=,iv:2hKpB1F0a/fz85RY2YNFXrw1Njbzd2pZ68ITp6b7mzA=,tag:0xUjiHszVXv8qfzV8z3Zhg==,type:str]
webui: ENC[AES256_GCM,data:+oEpNIyDEA1gH+Ax5P+ujKgXF8qleepYWwIVCuk=,iv:wmGy4T//UDAR8EC1w/j2vsCqi8dHOBnENLetp9+Ii/8=,tag:8OsFLn6xizQiTVJAEGPwWg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb0FWUkoxeWZ4K1lOb2k5
cUZXQktjSTY3djFZOEJyL1dWd0dmWHV4Y3dzClMvSWNiNk9YSzFoRmhQSG9wb1NG
ejRUeStyKy9qYWFwWHJraXFWREdhZFkKLS0tIExMb3VCWm13ZkJ3UXcrM3IrRGQv
ZjhMWlAyRUpUYkVjb2lidHZPNkg4SUEKctTzocxhVXJ56sHH4BO6QkS5Rn9k/y2U
IrZHT9b3nyyyZxhctOArjBXohwt1asNeAe7qsTypTtAMgKTRwggX9Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Vi8vRTFFTW5tNW9OdnNQ
MEpxeXY5MnRzTE9GUkRLMVl1cTRBcU1FSmhnCkdmY3RCcy9oS2lZOVJ0Ni9RL041
UWo0TkxMblRqSkZoaDVYZm9xRFBCeDgKLS0tIEFVVkl0bUdoN3FVcThVRHpmVEJk
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-12T09:08:37Z"
mac: ENC[AES256_GCM,data:cpstZVTMKxbUmB6UbkbaE8sUGVOuqWZre488eYv/7fR5si8amQ5rZ2S+F2UZNFpl598N8EQLPcHxxZYk12cOKB8rQxQsQeBu1N3AIfd/AmTAirYBqErzRVjGuR981PP1KoKi0O+8nMl0N6hnlFCUYrKD7mBF+l3TS4Fv98XFhZk=,iv:S7Kx5TszFPEWPQ3DY/rcDVkmcgFZr9GtmmiyHc/vWOg=,tag:7LuXtywrVNTvqmy1tWFI0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

12
doc/upgrade.md Normal file
View File

@@ -0,0 +1,12 @@
* merge upstream, update flake
* update src
* fix all build errors
* update modules (synapse)
* update postgresql nextcloud
* update stateVersion
* switch
* fix disabled packages
* upstream patches
* merge upstream again
* switch
* build all

944
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

36
flake.nix
View File

@@ -4,41 +4,30 @@
inputs =
{
self.lfs = true;
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.11";
"nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
"nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:CHN-beta/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager = { url = "github:CHN-beta/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions =
{
url = "github:nix-community/nix-vscode-extensions?rev=7aa26ebccf778efe880fda1290db9c1da56ffa4f";
url = "github:nix-community/nix-vscode-extensions?ref=4a7f92bdabb365936a8e8958948536cc2ceac7ba";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:CHN-beta/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem/master"; inputs.nixpkgs.follows = "nixpkgs"; };
plasma-manager =
{
url = "github:pjones/plasma-manager";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
chaotic =
{
url = "github:chaotic-cx/nyx";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
catppuccin.url = "github:catppuccin/nix";
bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
cachyos-lts.url = "github:drakon64/nixos-cachyos-kernel";
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
shadowrz = { url = "github:ShadowRZ/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -55,10 +44,8 @@
slate = { url = "github:TheBigWazz/Slate"; flake = false; };
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
git-lfs-transfer = { url = "github:charmbracelet/git-lfs-transfer"; flake = false; };
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
hextra = { url = "github:imfing/hextra"; flake = false; };
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
@@ -66,15 +53,12 @@
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog-public.git?lfs=1"; flake = false; };
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git?lfs=1"; flake = false; };
spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
vaspberry = { url = "github:Infant83/VASPBERRY"; flake = false; };
ufo = { url = "git+https://git.chn.moe/chn/ufo.git?lfs=1"; flake = false; };
highfive = { url = "git+https://github.com/CHN-beta/HighFive?submodules=1"; flake = false; };
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
octodns-cloudflare = { url = "github:octodns/octodns-cloudflare"; flake = false; };
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
phono3py = { url = "github:phonopy/phono3py/v3.14.1"; flake = false; };
phono3py = { url = "github:phonopy/phono3py"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in

2
flake/branch.nix
View File

@@ -1 +1 @@
"production"
"next"

14
flake/dev.nix
View File

@@ -34,20 +34,6 @@
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
winjob =
let inherit (pkgs) clang-tools_18; in let inherit (inputs.self.packages.x86_64-w64-mingw32) pkgs winjob;
in pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
{
inputsFrom = [ winjob ];
packages = [ clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
mirism = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.mirism ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
info = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.info ];

18
flake/dns/config/chn.moe.nix
View File

@@ -2,23 +2,23 @@ localLib:
let
cname =
{
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" "" ];
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" ];
nas = [ "initrd.nas" ];
office = [ "srv2-node0" ];
vps4 = [ "initrd.vps4" "xserver.vps4" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"ua" "vps6.xserver"
];
vps7 =
[
"chat" "freshrss" "huginn" "initrd.vps7" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
"xsession.vps7"
"ua" "vps6.xserver" ""
];
"xlog.autoroute" = [ "xlog" ];
"wg0.srv1-node0" = [ "wg0.srv1" ];
"wg0.srv2-node0" = [ "wg0.srv2" ];
srv3 = [ "initrd.srv3" ];
srv3 =
[
"chat" "freshrss" "huginn" "initrd.srv3" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
"xserver.srv3" "example"
];
srv1-node0 = [ "srv1" ];
srv2-node0 = [ "srv2" ];
"wg1.pc" = [ "nix-store" ];
@@ -30,8 +30,8 @@ let
one = "192.168.1.4";
office = "210.34.16.60";
srv1-node0 = "59.77.36.250";
vps4 = "104.234.37.61";
vps6 = "144.34.225.59";
vps7 = "144.126.144.62";
search = "127.0.0.1";
srv3 = "23.135.236.216";
srv1-node1 = "192.168.178.2";

2
flake/dns/config/wireguard.nix
View File

@@ -2,8 +2,8 @@
net = { wg0 = 83; wg1 = 84; };
peer =
{
vps4 = 2;
vps6 = 1;
vps7 = 2;
pc = 3;
nas = 4;
one = 5;

2
flake/nixos.nix
View File

@@ -1,6 +1,6 @@
{ inputs, localLib }:
let
singles = [ "nas" "pc" "vps6" "vps7" "one" "srv3" ];
singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" "test" "test-pc" "test-pc-vm" ];
cluster = { srv1 = 3; srv2 = 2; };
deviceModules = builtins.listToAttrs
(

2
flake/packages.nix
View File

@@ -42,7 +42,7 @@
{
inherit localLib;
tokenPath = inputs.self.nixosConfigurations.pc.config.sops.secrets."acme/token".path;
octodns = pkgs.octodns.withProviders (_: [ pkgs.localPackages.octodns-cloudflare ]);
octodns = pkgs.octodns.withProviders (_: with pkgs.octodns-providers; [ cloudflare ]);
};
}
// (builtins.listToAttrs (builtins.map

67
flake/src.nix
View File

@@ -1,23 +1,22 @@
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
{
git-lfs-transfer = "sha256-qHQeBI2b8EmUinowixqEuR6iGwNYQy3pSc8iPVfJemE=";
nvhpc =
{
src = pkgs.fetchurl
{
url = "https://developer.download.nvidia.com/hpc-sdk/24.11/nvhpc_2024_2411_Linux_x86_64_cuda_12.6.tar.gz";
sha256 = "080rb89p2z98b75wqssvp3s8x6b5n0556d0zskh3cfapcb08lh1r";
url = "https://developer.download.nvidia.com/hpc-sdk/25.3/nvhpc_2025_253_Linux_x86_64_cuda_12.8.tar.gz";
sha256 = "11gxb099yxrsxg9i6vydi7znxqiwqqkhgmg90s74qwpjyriqpbsp";
};
mpi = pkgs.requireFile
{
name = "openmpi-gitclone.tar.gz";
# download from https://developer.nvidia.com/networking/hpc-x/eula?mrequest=downloads&mtype=hpc&mver=hpc-x&mname=v2.22/hpcx-v2.22-gcc-doca_ofed-ubuntu24.04-cuda12-x86_64.tbz
# download from https://content.mellanox.com/hpc/hpc-x/v2.23/hpcx-v2.23-gcc-doca_ofed-ubuntu24.04-cuda12-x86_64.tbz
# nix-prefetch-url file://$(pwd)/openmpi-gitclone.tar.gz
sha256 = "05r5x6mgw2f2kcq9vhdkfj42panchzlbpns8qy57y4jsbmabwabi";
sha256 = "1lx5gld4ay9p327hdlqsi72911cfm6s5v3yabjlmwr7sb27y8151";
message = "Source file not found.";
};
version = "24.11";
cudaVersion = "12.6";
version = "25.3";
cudaVersion = "12.8";
};
iso =
{
@@ -33,12 +32,6 @@
sha256 = "01hlslbi2i3jkzjwn24drhd2lriaqiwr9hb83r0nib9y1jvr3k5p";
};
};
nglview = pkgs.fetchPypi
{
pname = "nglview";
version = "3.1.2";
hash = "sha256-f2cu+itsoNs03paOW1dmsUsbPa3iEtL4oIPGAKETRc4=";
};
vasp =
{
vasp = pkgs.requireFile
@@ -58,7 +51,7 @@
script = pkgs.fetchzip
{
url = "http://theory.cm.utexas.edu/code/vtstscripts.tgz";
sha256 = "18gsw2850ig1mg4spp39i0ygfcwx0lqnamysn5whiax22m8d5z67";
sha256 = "0wz9sw72w5gydvavm6sbcfssvvdiw8gh8hs0d0p0b23839dw4w6j";
};
};
};
@@ -70,42 +63,14 @@
finalImageName = "ghcr.io/huginn/huginn";
finalImageTag = "latest";
};
misskey =
{
"https://github.com/aiscript-dev/aiscript-languageserver/releases/download/0.1.6/aiscript-dev-aiscript-languageserver-0.1.6.tgz" = "0092d5r67bhf4xkvrdn4a2rm1drjzy7b5sw8mi7hp4pqvpc20ylr";
"https://github.com/misskey-dev/tabler-icons/archive/refs/tags/3.30.0-mi.1932+ab127beee.tar.gz" = "09aa34a02rdpcvrhl6xddzy173pg7pi9i551s692ggc3pq7fmdhw";
};
xmuvpn = pkgs.dockerTools.pullImage
{
imageName = "hagb/docker-easyconnect";
imageDigest = "sha256:1c3a86e41c1d2425a4fd555d279deaec6ff1e3c2287853eb16d23c9cb6dc3409";
sha256 = "1jpk2y46lnk0mi6ir7hdx0p6378p0v6qjbh6jm9a4cv5abw0mb2k";
finalImageName = "hagb/docker-easyconnec";
finalImageTag = "7.6.7";
};
lumerical =
{
lumerical = pkgs.requireFile
{
name = "lumerical.zip";
sha256 = "03nfacykfzal29jdmygrgkl0fqsc3yqp4ig86h1h9sirci87k94c";
hashMode = "recursive";
message = "Source not found.";
};
licenseManagerImage = pkgs.requireFile
{
name = "lumericalLicenseManager.tar";
sha256 = "VOtYMnDRUP74O2lAqMqBDLnXtNS8AhbBhyZBj/2aVoE=";
message = "Source not found.";
};
};
misskey = {};
vesta =
{
version = "3.90.0a";
version = "3.90.5a";
src = pkgs.fetchurl
{
url = "https://jp-minerals.org/vesta/archives/testing/VESTA-gtk3-x86_64.tar.bz2";
sha256 = "0bsvfr3409g2v1wgnfixpkjz1yzl2j1nlrk5a5rkdfs94rrvxzaa";
sha256 = "0y277m2xvjyzx8hncc3ka73lir8x6x2xckjac9fdzg03z0jnpqzf";
};
desktopFile = pkgs.fetchurl
{
@@ -126,7 +91,7 @@
version = "1.4.0";
src = pkgs.fetchzip
{
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-4/pslist_1.4.0.orig.tar.xz";
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-6/pslist_1.4.0.orig.tar.xz";
sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
};
};
@@ -147,4 +112,14 @@
};
};
mathematica = pkgs.mathematica.src;
oneapi =
{
src = pkgs.fetchurl
{
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/2cf9c083-82b5-4a8f-a515-c599b09dcefc/"
+ "intel-oneapi-hpc-toolkit-2025.1.1.40_offline.sh";
sha256 = "1qjy9dsnskwqsk66fm99b3cch1wp3rl9dx7y884p3x5kwiqdma2x";
};
version = "2025.1";
};
}

6
modules/default.nix
View File

@@ -6,11 +6,7 @@ inputs: let inherit (inputs) topInputs; in
topInputs.sops-nix.nixosModules.sops
topInputs.nix-index-database.nixosModules.nix-index
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
topInputs.chaotic.nixosModules.default
{ config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
topInputs.catppuccin.nixosModules.catppuccin
topInputs.aagl.nixosModules.default
topInputs.nixvirt.nixosModules.default
(inputs:
{
@@ -19,7 +15,7 @@ inputs: let inherit (inputs) topInputs; in
home-manager.sharedModules =
[
topInputs.plasma-manager.homeManagerModules.plasma-manager
topInputs.catppuccin.homeManagerModules.catppuccin
topInputs.catppuccin.homeModules.catppuccin
];
};
})

10
modules/hardware/default.nix
View File

@@ -21,13 +21,7 @@ inputs:
{
services =
{
printing =
{
enable = true;
drivers = [ inputs.pkgs.cnijfilter2 ];
# TODO: remove in next update
browsed.enable = false;
};
printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
avahi = { enable = true; nssmdns4 = true; openFirewall = true; };
};
}
@@ -36,7 +30,7 @@ inputs:
(
inputs.lib.mkIf (hardware.sound != null)
{
hardware.pulseaudio.enable = false;
services.pulseaudio.enable = false;
services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
security.rtkit.enable = true;
}

2
modules/hardware/gpu.nix
View File

@@ -100,7 +100,7 @@ inputs:
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =
{
opencl.enable = true;
initrd.enable = true; # needed for waydroid
initrd.enable = true;
legacySupport.enable = true;
amdvlk = { enable = true; support32Bit.enable = true; supportExperimental.enable = true; };
};}

17
modules/packages/bash.nix Normal file
View File

@@ -0,0 +1,17 @@
inputs:
{
options.nixos.packages.bash = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.packages) bash; in inputs.lib.mkIf (bash != null)
{
nixos.user.sharedModules = [(homeInputs:
{
config =
{
# set bash history file path, avoid overwriting zsh history
programs.bash = { enable = true; historyFile = "${homeInputs.config.xdg.dataHome}/bash/bash_history"; };
home.shell.enableBashIntegration = true;
};
})];
};
}

71
modules/packages/desktop.nix
View File

@@ -15,8 +15,8 @@ inputs:
[
# system management
# TODO: module should add yubikey-touch-detector into path
gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror geekbench xpra
gparted yubikey-touch-detector btrfs-assistant
kdePackages.qtstyleplugin-kvantum cpu-x wl-mirror xpra
(
writeShellScriptBin "xclip"
''
@@ -24,73 +24,53 @@ inputs:
else exec ${wl-clipboard-x11}/bin/xclip "$@"; fi
''
)
# color management
argyllcms xcalib
# networking
pkgs-unstable.remmina putty mtr-gui
remmina putty
# media
mpv nomacs yesplaymusic simplescreenrecorder imagemagick gimp-with-plugins netease-cloud-music-gtk qcm
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio
(inkscape-with-extensions.override { inkscapeExtensions = null; })
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins qcm waifu2x-converter-cpp blender paraview vlc
obs-studio (inkscape-with-extensions.override { inkscapeExtensions = null; })
# themes
klassy localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
(catppuccin-kde.override { flavour = [ "latte" ]; }) (catppuccin-kvantum.override { variant = "latte"; })
# terminal
warp-terminal
klassy-qt6 localPackages.slate localPackages.blurred-wallpaper
# development
adb-sync scrcpy dbeaver-bin cling aircrack-ng
weston cage openbox krita jetbrains.clion fprettify
# desktop sharing
rustdesk-flutter
adb-sync scrcpy dbeaver-bin aircrack-ng fprettify
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden hashcat
electrum jabref john crunch
# download
qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
qbittorrent wgetpaste rclone
# editor
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq obsidian pkgs-unstable.code-cursor
typora
# news
fluent-reader rssguard newsflash newsboat follow
fluent-reader newsflash follow
# nix tools
nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
nix-template nil pnpm-lock-export bundix
nixpkgs-fmt nixd nix-serve nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
# required by vscode nix tools
nil
# instant messager
element-desktop telegram-desktop discord zoom-us slack nur-linyinfeng.wemeet nheko
fluffychat signal-desktop qq nur-xddxdd.wechat-uos-sandboxed cinny-desktop
element-desktop telegram-desktop discord zoom-us slack nheko
# browser
google-chrome tor-browser microsoft-edge
google-chrome tor-browser
# office
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain davinci-resolve
ydict texstudio panoply pspp paperwork libreoffice-qt6-fresh ocrmypdf typst
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain
ydict pspp libreoffice-qt6-fresh ocrmypdf typst
# required by ltex-plus.vscode-ltex-plus
pkgs-unstable.ltex-ls pkgs-unstable.ltex-ls-plus
ltex-ls ltex-ls-plus
# matplot++ needs old gnuplot
inputs.pkgs."pkgs-23.11".gnuplot
inputs.pkgs.pkgs-2311.gnuplot
# math, physics and chemistry
octaveFull ovito localPackages.vesta localPackages.v-sim jmol mpi geogebra6 localPackages.ufo
(quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14;
wannier90 = inputs.pkgs.wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; }; })
inputs.pkgs."pkgs-23.11".hdfview numbat qalculate-qt
octaveFull ovito localPackages.vesta localPackages.v-sim mpi geogebra6 localPackages.ufo
inputs.pkgs.pkgs-2311.hdfview qalculate-qt
# virtualization
virt-viewer bottles wineWowPackages.stagingFull genymotion playonlinux
bottles wineWowPackages.stagingFull
# media
nur-xddxdd.svp
# for kdenlive auto subtitle
openai-whisper
# TODO: remove on next release
# phonopy have some bug, we use the version from nixpkgs-unstable
(inputs.lib.hiPrio pkgs-unstable.python3Packages.phonopy)
(inputs.lib.hiPrio pkgs-unstable.localPackages.phono3py)
]
++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" "kalzium" ])))
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy scipy scikit-learn jupyterlab autograd
# TODO: broken on python 3.12 tensorflow keras
# for phonopy
inputs.pkgs.localPackages.spectroscopy numpy
phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py numpy
])];
};
user.sharedModules =
@@ -127,7 +107,7 @@ inputs:
obs-studio =
{
enable = true;
plugins = with inputs.pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
plugins = with inputs.pkgs.obs-studio-plugins; [ wlrobs obs-vaapi droidcam-obs obs-vkcapture ];
};
};
}];
@@ -138,9 +118,6 @@ inputs:
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
yubikey-touch-detector.enable = true;
kdeconnect.enable = true;
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
};
services.pcscd.enable = true;
};

8
modules/packages/firefox.nix
View File

@@ -30,13 +30,13 @@ inputs:
policies.DefaultDownloadDirectory = "\${home}/Downloads";
profiles.default =
{
extensions = with inputs.pkgs.firefox-addons;
extensions.packages = with inputs.pkgs.firefox-addons;
[
tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
wappalyzer grammarly plasma-integration zotero-connector pwas-for-firefox smartproxy kiss-translator
metamask pakkujs rsshub-radar rsspreview tabliss tree-style-tab ublock-origin
wappalyzer grammarly plasma-integration zotero-connector smartproxy kiss-translator
];
search = { default = "Google"; force = true; };
search = { default = "google"; force = true; };
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";
extraConfig = builtins.readFile "${inputs.topInputs.lepton}/user.js";

12
modules/packages/flatpak.nix
View File

@@ -1,12 +0,0 @@
inputs:
{
options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
{
services.flatpak = { enable = true; uninstallUnmanaged = true; };
};
}

3
modules/packages/git.nix
View File

@@ -8,7 +8,7 @@ inputs:
{
enable = true;
package = inputs.pkgs.gitFull;
lfs.enable = true;
lfs = { enable = true; enablePureSSHTransfer = true; };
config =
{
init.defaultBranch = "main";
@@ -18,6 +18,5 @@ inputs:
merge.ours.driver = true; # 允许 .gitattributes 中设置的 merge=ours 生效
};
};
nixos.packages.packages._packages = [ inputs.pkgs.localPackages.git-lfs-transfer ]; # make pure ssh lfs work
};
}

6
modules/packages/root/default.nix → modules/packages/root.nix
View File

@@ -6,11 +6,7 @@ inputs:
{
nixos.packages.packages =
let
root = inputs.pkgs.root.overrideAttrs (prev:
{
patches = prev.patches or [] ++ [ ./17253.patch ./17273.patch ];
cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ];
});
inherit (inputs.pkgs) root;
jupyterPath = inputs.pkgs.jupyter-kernel.create { definitions.root = rec
{
displayName = "ROOT";

151
modules/packages/root/17253.patch
View File

@@ -1,151 +0,0 @@
From 1d2acc921853825af02059183b683c35f5075302 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Wed, 11 Dec 2024 22:33:40 +0800
Subject: [PATCH] add C++23 support
---
graf3d/eve7/inc/ROOT/REveCaloData.hxx | 4 ++--
graf3d/eve7/src/REveCaloData.cxx | 3 +++
interpreter/cling/lib/Interpreter/CIFactory.cpp | 15 +++++++++++----
.../Interpreter/IncrementalCUDADeviceCompiler.cpp | 2 ++
.../cling/tools/Jupyter/kernel/clingkernel.py | 4 ++--
.../inc/RooStats/HistFactory/HistRef.h | 3 +--
.../inc/RooFit/Detail/NormalizationHelpers.h | 3 +--
7 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/graf3d/eve7/inc/ROOT/REveCaloData.hxx b/graf3d/eve7/inc/ROOT/REveCaloData.hxx
index 79d2e7069504c..33152334730f4 100644
--- a/graf3d/eve7/inc/ROOT/REveCaloData.hxx
+++ b/graf3d/eve7/inc/ROOT/REveCaloData.hxx
@@ -174,7 +174,7 @@ protected:
public:
REveCaloData(const char* n="REveCaloData", const char* t="");
- ~REveCaloData() override {}
+ ~REveCaloData() override;
void FillImpliedSelectedSet(Set_t& impSelSet, const std::set<int>& sec_idcs) override;
@@ -220,7 +220,7 @@ public:
Bool_t GetWrapTwoPi() const { return fWrapTwoPi; }
void SetWrapTwoPi(Bool_t w) { fWrapTwoPi=w; }
- void SetSelector(REveCaloDataSelector* iSelector) { fSelector.reset(iSelector); }
+ void SetSelector(REveCaloDataSelector* iSelector);
REveCaloDataSelector* GetSelector() { return fSelector.get(); }
Int_t WriteCoreJson(nlohmann::json &j, Int_t rnr_offset) override;
diff --git a/graf3d/eve7/src/REveCaloData.cxx b/graf3d/eve7/src/REveCaloData.cxx
index a5248f3c51d39..dc19d7d1be4a4 100644
--- a/graf3d/eve7/src/REveCaloData.cxx
+++ b/graf3d/eve7/src/REveCaloData.cxx
@@ -129,6 +129,9 @@ REveCaloData::REveCaloData(const char* n, const char* t):
// Constructor.
}
+REveCaloData::~REveCaloData() {}
+void REveCaloData::SetSelector(REveCaloDataSelector* iSelector) { fSelector.reset(iSelector); }
+
////////////////////////////////////////////////////////////////////////////////
/// Process newly selected cells with given select-record.
diff --git a/interpreter/cling/lib/Interpreter/CIFactory.cpp b/interpreter/cling/lib/Interpreter/CIFactory.cpp
index 385c03682575d..d33ce3a0039c5 100644
--- a/interpreter/cling/lib/Interpreter/CIFactory.cpp
+++ b/interpreter/cling/lib/Interpreter/CIFactory.cpp
@@ -61,14 +61,18 @@ using namespace cling;
namespace {
static constexpr unsigned CxxStdCompiledWith() {
+ // The value of __cplusplus in GCC < 14 is 202100L when -std=c++2b or
+ // -std=c++23 is specified, thus we relax the check to 202100L.
+#if __cplusplus >= 202100L
+ return 23;
+#elif __cplusplus > 201703L
+ return 20;
+#elif __cplusplus > 201402L
+ return 17;
// The value of __cplusplus in GCC < 5.0 (e.g. 4.9.3) when
// either -std=c++1y or -std=c++14 is specified is 201300L, which fails
// the test for C++14 or more (201402L) as previously specified.
// I would claim that the check should be relaxed to:
-#if __cplusplus > 201703L
- return 20;
-#elif __cplusplus > 201402L
- return 17;
#elif __cplusplus > 201103L || (defined(_WIN32) && _MSC_VER >= 1900)
return 14;
#elif __cplusplus >= 201103L
@@ -941,6 +945,8 @@ namespace {
// Sanity check that clang delivered the language standard requested
if (CompilerOpts.DefaultLanguage(&LangOpts)) {
switch (CxxStdCompiledWith()) {
+ case 23: assert(LangOpts.CPlusPlus23 && "Language version mismatch");
+ LLVM_FALLTHROUGH;
case 20: assert(LangOpts.CPlusPlus20 && "Language version mismatch");
LLVM_FALLTHROUGH;
case 17: assert(LangOpts.CPlusPlus17 && "Language version mismatch");
@@ -1343,6 +1349,7 @@ namespace {
// and by enforcing the std version now cling is telling clang what to
// do, rather than after clang has dedcuded a default.
switch (CxxStdCompiledWith()) {
+ case 23: argvCompile.emplace_back("-std=c++23"); break;
case 20: argvCompile.emplace_back("-std=c++20"); break;
case 17: argvCompile.emplace_back("-std=c++17"); break;
case 14: argvCompile.emplace_back("-std=c++14"); break;
diff --git a/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp b/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp
index ac6bd0e89444e..a492add8a01fc 100644
--- a/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp
+++ b/interpreter/cling/lib/Interpreter/IncrementalCUDADeviceCompiler.cpp
@@ -117,6 +117,8 @@ namespace cling {
cppStdVersion = "-std=c++1z";
if (langOpts.CPlusPlus20)
cppStdVersion = "-std=c++20";
+ if (langOpts.CPlusPlus23)
+ cppStdVersion = "-std=c++23";
if (cppStdVersion.empty())
llvm::errs()
diff --git a/interpreter/cling/tools/Jupyter/kernel/clingkernel.py b/interpreter/cling/tools/Jupyter/kernel/clingkernel.py
index 17fcbd116ecc6..17b4d24f23d86 100644
--- a/interpreter/cling/tools/Jupyter/kernel/clingkernel.py
+++ b/interpreter/cling/tools/Jupyter/kernel/clingkernel.py
@@ -90,8 +90,8 @@ def _banner_default(self):
flush_interval = Float(0.25, config=True)
std = CaselessStrEnum(default_value='c++11',
- values = ['c++11', 'c++14', 'c++1z', 'c++17', 'c++20', 'c++2b'],
- help="C++ standard to use, either c++2b, c++20, c++17, c++1z, c++14 or c++11").tag(config=True);
+ values = ['c++11', 'c++14', 'c++1z', 'c++17', 'c++20', 'c++2b', 'c++23' ],
+ help="C++ standard to use, either c++23, c++2b, c++20, c++17, c++1z, c++14 or c++11").tag(config=True);
def __init__(self, **kwargs):
super(ClingKernel, self).__init__(**kwargs)
diff --git a/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h b/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h
index 7db9765004e0d..5b37542e6bdea 100644
--- a/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h
+++ b/roofit/histfactory/inc/RooStats/HistFactory/HistRef.h
@@ -12,8 +12,7 @@
#define HISTFACTORY_HISTREF_H
#include <memory>
-
-class TH1;
+#include <TH1.h>
namespace RooStats{
namespace HistFactory {
diff --git a/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h b/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h
index c66954d0f0549..a849d7c2c8b4b 100644
--- a/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h
+++ b/roofit/roofitcore/inc/RooFit/Detail/NormalizationHelpers.h
@@ -70,8 +70,7 @@ template <class T>
std::unique_ptr<T> compileForNormSet(T const &arg, RooArgSet const &normSet)
{
RooFit::Detail::CompileContext ctx{normSet};
- std::unique_ptr<RooAbsArg> head = arg.compileForNormSet(normSet, ctx);
- return std::unique_ptr<T>{static_cast<T *>(head.release())};
+ return std::unique_ptr<T>{static_cast<T *>(arg.compileForNormSet(normSet, ctx).release())};
}
} // namespace Detail

12
modules/packages/server.nix
View File

@@ -9,8 +9,8 @@ inputs:
_packages = with inputs.pkgs;
[
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq zellij ipfetch localPackages.pslist
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils kitty
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq ipfetch localPackages.pslist
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils kitty glib
# lsxx
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc acpica-tools
# top
@@ -24,7 +24,7 @@ inputs:
# compress
pigz upx unzip zip lzip p7zip rar
# file system management
sshfs e2fsprogs duperemove compsize exfatprogs
sshfs e2fsprogs compsize exfatprogs
# disk management
smartmontools hdparm gptfdisk megacli
# encryption and authentication
@@ -32,14 +32,14 @@ inputs:
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
# nix tools
pkgs-unstable.nix-output-monitor nix-tree ssh-to-age nix-inspect
nix-output-monitor nix-tree ssh-to-age nix-inspect
# development
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
(octodns.withProviders (_: [ localPackages.octodns-cloudflare ]))
(octodns.withProviders (_: with octodns-providers; [ cloudflare ]))
# stupid things
toilet lolcat localPackages.stickerpicker graph-easy
# office
pdfgrep ffmpeg-full hdf5 # todo-txt-cli
pdfgrep ffmpeg-full hdf5
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;

4
modules/packages/vasp.nix
View File

@@ -3,7 +3,9 @@ inputs:
options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
# default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
# TODO: fix vasp
default = null;
};
# TODO: add more options to correctly configure VASP
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)

16
modules/packages/vscode.nix
View File

@@ -18,9 +18,15 @@ inputs:
(set:
{
name = set;
value = vscode-extensions.${set} or {}
// nix-vscode-extensions.vscode-marketplace.${set}
// nix-vscode-extensions.vscode-marketplace-release.${set} or {};
value =
# provided by nixpkgs
vscode-extensions.${set} or {}
# provided by nix-vscode-extensions, including pre-release versions, but prefer stable version
// nix-vscode-extensions.vscode-marketplace.${set} or {}
// nix-vscode-extensions.vscode-marketplace-release.${set} or {}
# some versions are too high for the current vscode, use old version from here to override it
// (nix-vscode-extensions.forVSCodeVersion inputs.pkgs.vscode.version)
.vscode-marketplace-release.${set} or {};
})
(inputs.lib.unique
(
@@ -29,7 +35,7 @@ inputs:
++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace-release)
)));
in with extensions;
(with github; [ copilot github-vscode-theme ])
(with github; [ copilot copilot-chat github-vscode-theme ])
++ (with intellsmi; [ comment-translate ])
++ (with ms-vscode; [ cmake-tools cpptools-extension-pack hexeditor remote-explorer ])
++ (with ms-vscode-remote; [ remote-ssh ])
@@ -63,7 +69,7 @@ inputs:
# typst
myriad-dreamin.tinymist
# grammaly alternative
pkgs-unstable.vscode-extensions.ltex-plus.vscode-ltex-plus
ltex-plus.vscode-ltex-plus
]
# jupyter
# TODO: use last release

47
modules/packages/winapps/default.nix
View File

@@ -1,47 +0,0 @@
inputs:
{
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
{
nixos.packages.packages._packages =
[
(inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {})
(inputs.pkgs.runCommand "winapps-windows" {}
''
mkdir -p $out/share/applications
cp ${inputs.pkgs.substituteAll { src = ./windows.desktop; path = inputs.topInputs.winapps; }} \
$out/share/applications/windows.desktop
'')
]
++ builtins.map
(p: inputs.pkgs.runCommand "winapps-${p}" {}
''
mkdir -p $out/share/applications
source ${inputs.topInputs.winapps}/apps/${p}/info
# replace \ with \\
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/\\/\\\\/g')
# replace space with \s
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/ /\\s/g')
cat > $out/share/applications/${p}.desktop << EOF
[Desktop Entry]
Name=$NAME
Exec=winapps manual "$WIN_EXECUTABLE" %F
Terminal=false
Type=Application
Icon=${inputs.topInputs.winapps}/apps/${p}/icon.svg
StartupWMClass=$FULL_NAME
Comment=$FULL_NAME
Categories=$CATEGORIES
MimeType=$MIME_TYPES
EOF
'')
[
"access-o365" "acrobat-x-pro" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365"
"visual-studio-comm" "word-o365"
];
};
}

9
modules/packages/winapps/windows.desktop
View File

@@ -1,9 +0,0 @@
[Desktop Entry]
Name=Windows
Exec=winapps windows %F
Terminal=false
Type=Application
Icon=@path@/icons/windows.svg
StartupWMClass=Micorosoft Windows
Comment=Micorosoft Windows
Categories=Windows

17
modules/packages/zellij.nix Normal file
View File

@@ -0,0 +1,17 @@
inputs:
{
options.nixos.packages.zellij = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.packages) zellij; in inputs.lib.mkIf (zellij != null)
{
nixos =
{
packages.packages._packages = [ inputs.pkgs.zellij ];
user.sharedModules =
[{
config.programs.zellij =
{ enable = true; settings = { show_startup_tips = false; show_release_notes = false; }; };
}];
};
};
}

132
modules/packages/zsh/default.nix
View File

@@ -4,85 +4,71 @@ inputs:
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.packages) zsh; in inputs.lib.mkIf (zsh != null)
{
nixos.user.sharedModules = [(home-inputs: { config.programs = inputs.lib.mkMerge
[
# general config
{
zsh =
nixos.user.sharedModules = [(home-inputs:
{
config = inputs.lib.mkMerge
[
{
enable = true;
history =
{
path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
extended = true;
save = 100000000;
size = 100000000;
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableCompletion = true;
oh-my-zsh =
programs.zsh =
{
enable = true;
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
theme = inputs.lib.mkDefault "clean";
history =
{
path = "${home-inputs.config.xdg.dataHome}/zsh/zsh_history";
extended = true;
save = 100000000;
size = 100000000;
};
syntaxHighlighting.enable = true;
autosuggestion.enable = true;
enableCompletion = true;
oh-my-zsh =
{
enable = true;
plugins = [ "git" "colored-man-pages" "extract" "history-substring-search" "autojump" ];
theme = inputs.lib.mkDefault "clean";
};
# ensure ~/.zlogin exists
loginExtra = " ";
};
# ensure ~/.zlogin exists
loginExtra = " ";
};
# set bash history file path, avoid overwriting zsh history
bash = { enable = true; historyFile = "${home-inputs.config.xdg.dataHome}/bash/bash_history"; };
}
# config for root and chn
{
zsh = inputs.lib.mkIf (builtins.elem home-inputs.config.home.username [ "chn" "root" "aleksana" "alikia" ])
home.shell.enableZshIntegration = true;
}
{
plugins =
[
programs.zsh = inputs.lib.mkIf
(builtins.elem home-inputs.config.home.username [ "chn" "root" "aleksana" "alikia" ])
{
file = "powerlevel10k.zsh-theme";
name = "powerlevel10k";
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
}
{ file = "p10k.zsh"; name = "powerlevel10k-config"; src = ./p10k-config; }
{
name = "zsh-lsd";
src = inputs.pkgs.fetchFromGitHub
{
owner = "z-shell";
repo = "zsh-lsd";
rev = "65bb5ac49190beda263aae552a9369127961632d";
hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
};
}
];
initExtraBeforeCompInit =
''
# p10k instant prompt
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
function br
{
local cmd cmd_file code
cmd_file=$(mktemp)
if broot --outcmd "$cmd_file" "$@"; then
cmd=$(<"$cmd_file")
command rm -f "$cmd_file"
eval "$cmd"
else
code=$?
command rm -f "$cmd_file"
return "$code"
fi
}
alias todo="todo.sh"
'';
oh-my-zsh.theme = "";
};
}
];})];
plugins =
[
{
file = "powerlevel10k.zsh-theme";
name = "powerlevel10k";
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
}
{ file = "p10k.zsh"; name = "powerlevel10k-config"; src = ./p10k-config; }
{
name = "zsh-lsd";
src = inputs.pkgs.fetchFromGitHub
{
owner = "z-shell";
repo = "zsh-lsd";
rev = "65bb5ac49190beda263aae552a9369127961632d";
hash = "sha256-JSNsfpgiqWhtmGQkC3B0R1Y1QnDKp9n0Zaqzjhwt7Xk=";
};
}
];
initContent = inputs.lib.mkOrder 550
''
# p10k instant prompt
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
'';
oh-my-zsh.theme = "";
};
}
];
})];
environment.pathsToLink = [ "/share/zsh" ];
programs.zsh.enable = true;
};

30
modules/services/beesd.nix
View File

@@ -15,21 +15,25 @@ inputs:
};
config = let inherit (inputs.config.nixos.services) beesd; in inputs.lib.mkIf (beesd != null)
{
services.beesd.filesystems = builtins.mapAttrs
(n: v:
services.beesd.filesystems = builtins.listToAttrs (builtins.map
(fs:
{
spec = n;
inherit (v) hashTableSizeMB;
extraOptions =
[
"--workaround-btrfs-send"
"--thread-count" "${builtins.toString v.threads}"
"--loadavg-target" "${builtins.toString v.loadAverage}"
"--scan-mode" "3"
"--verbose" "4"
];
name = inputs.utils.escapeSystemdPath fs.name;
value =
{
spec = fs.name;
inherit (fs.value) hashTableSizeMB;
extraOptions =
[
"--workaround-btrfs-send"
"--thread-count" "${builtins.toString fs.value.threads}"
"--loadavg-target" "${builtins.toString fs.value.loadAverage}"
"--scan-mode" "3"
"--verbose" "4"
];
};
})
beesd;
(inputs.localLib.attrsToList beesd));
nixos.packages.packages._packages = [ inputs.pkgs.bees ];
};
}

1
modules/services/docker.nix
View File

@@ -21,6 +21,7 @@ inputs:
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
live-restore = true;
};
};
};

7
modules/services/fz-new-order/default.nix
View File

@@ -35,11 +35,8 @@ inputs:
WorkingDirectory = "/var/lib/fz-new-order";
ExecStart =
let
src = inputs.pkgs.substituteAll
{
src = ./main.cpp;
config_file = inputs.config.sops.templates."fz-new-order/config.json".path;
};
src = inputs.pkgs.replaceVars ./main.cpp
{ config_file = inputs.config.sops.templates."fz-new-order/config.json".path; };
binary = inputs.pkgs.stdenv.mkDerivation
{
name = "fz-new-order";

30
modules/services/gamemode.nix
View File

@@ -1,30 +0,0 @@
inputs:
{
options.nixos.services.gamemode = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
drmDevice = mkOption { type = types.int; };
};
config = let inherit (inputs.config.nixos.services) gamemode; in inputs.lib.mkIf gamemode.enable
{
programs.gamemode =
{
enable = true;
settings =
{
general.renice = 10;
gpu =
{
apply_gpu_optimisations = "accept-responsibility";
nv_powermizer_mode = 1;
gpu_device = builtins.toString gamemode.drmDevice;
};
custom = let notify-send = "${inputs.pkgs.libnotify}/bin/notify-send"; in
{
start = "${notify-send} 'GameMode started'";
end = "${notify-send} 'GameMode ended'";
};
};
};
};
}

8
modules/services/kvm.nix
View File

@@ -4,6 +4,7 @@ inputs:
{
type = types.nullOr (types.submodule { options =
{
nodatacow = mkOption { type = types.bool; default = false; };
autoSuspend = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};});
default = null;
@@ -38,7 +39,12 @@ inputs:
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with inputs.pkgs; [ qemu_full win-spice guestfs-tools virt-manager ];
environment =
{
persistence."/nix/nodatacow".directories = inputs.lib.mkIf kvm.nodatacow
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }];
systemPackages = with inputs.pkgs; [ qemu_full win-spice guestfs-tools virt-manager virt-viewer ];
};
systemd =
{
services =

24
modules/services/lumericalLicenseManager/Dockerfile
View File

@@ -1,24 +0,0 @@
# 大概这样做:
# cp ~/repo/stuff/44/xxxx/{LicenseManager,Crack,License} .
# sed -i s/xxxx/000123456789/ License/license.txt
# docker build . -t lumericallicensemanager:2023r1
# docker image save > image.tar
# nix store add-file ./image.tar --name lumericalLicenseManager.tar
# nix hash file /nix/store/g9f9xjfkvp1kbarz19i6qw7i9fg9pagx-lumericalLicenseManager.tar
FROM centos:7
USER root
COPY ./LicenseManager /tmp/LicenseManager
RUN chmod +x /tmp/LicenseManager/INSTALL && \
/tmp/LicenseManager/INSTALL -silent -install_dir /home/ansys_inc -lm && \
rm -rf /tmp/LicenseManager
COPY ./Crack/ansys_inc/ /home/ansys_inc
RUN sed -i "s|127.0.0.1|0.0.0.0|g" /home/ansys_inc/shared_files/licensing/tools/tomcat/conf/server.xml
RUN chmod -R 777 /home/ansys_inc
RUN ln -s ld-linux-x86-64.so.2 /lib64/ld-lsb-x86-64.so.3
COPY ./License/license.txt /home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
WORKDIR /home/ansys_inc/shared_files/licensing
CMD ["/bin/sh", "-c", "(./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"]

17
modules/services/lumericalLicenseManager/default.nix
View File

@@ -1,17 +0,0 @@
inputs:
{
options.nixos.services.lumericalLicenseManager = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) lumericalLicenseManager;
in inputs.lib.mkIf (lumericalLicenseManager != null)
{
virtualisation.oci-containers.containers.lumericalLicenseManager =
{
image = "lumericallicensemanager:2023r1";
imageFile = inputs.topInputs.self.src.lumerical.licenseManagerImage;
ports = [ "127.0.0.1:1084:1084/tcp" "127.0.0.1:1055:1055/tcp" "127.0.0.1:2325:2325/tcp" ];
extraOptions = [ "--mac-address=00:01:23:45:67:89" ];
};
nixos.services.docker = {};
};
}

1
modules/services/misskey.nix
View File

@@ -1,3 +1,4 @@
# TODO: use upstream packaging tools
inputs:
{
options.nixos.services.misskey.instances = let inherit (inputs.lib) mkOption types; in mkOption

2
modules/services/nextcloud.nix
View File

@@ -16,7 +16,7 @@ inputs:
hostName = nextcloud.hostname;
appstoreEnable = false;
https = true;
package = inputs.pkgs.nextcloud30;
package = inputs.pkgs.nextcloud31;
maxUploadSize = "10G";
config =
{

10
modules/services/nginx/applications/example.nix Normal file
View File

@@ -0,0 +1,10 @@
inputs:
{
options.nixos.services.nginx.applications.example = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services.nginx.applications) example; in inputs.lib.mkIf (example != null)
{
nixos.services.nginx.https."example.chn.moe".location."/".static =
{ root = "${inputs.config.services.nginx.package}/html"; index = [ "index.html" ]; };
};
}

5
modules/services/nginx/applications/sticker/default.nix
View File

@@ -1,10 +1,7 @@
inputs:
{
options.nixos.services.nginx.applications.sticker = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = {};
};
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services.nginx.applications) sticker; in inputs.lib.mkIf (sticker != null)
{
nixos.services.nginx.https."sticker.chn.moe".location."/".static =

59
modules/services/nginx/default.nix
View File

@@ -28,7 +28,17 @@ inputs:
enable = mkOption { type = types.bool; default = true; };
externalIp = mkOption { type = types.listOf types.nonEmptyStr; default = [ "0.0.0.0" ]; };
# proxy to 127.0.0.1:${specified port}
map = mkOption { type = types.attrsOf types.ints.unsigned; default = {}; };
map = mkOption
{
type = types.attrsOf (types.oneOf
[
# proxy to 127.0.0.1:${specified port}
types.ints.unsigned
# proxy to specified ip:port
types.nonEmptyStr
]);
default = {};
};
};
streamProxy =
{
@@ -209,6 +219,20 @@ inputs:
{ root = mkOption { type = types.nonEmptyStr; }; fastcgiPass = mkOption { type = types.nonEmptyStr; };};});
default = null;
};
proxy = mkOption
{
type = types.nullOr (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
websocket = mkOption { type = types.bool; default = false; };
setHeaders = mkOption
{
type = types.attrsOf types.str;
default.Host = submoduleInputs.config._module.args.name;
};
};});
default = null;
};
};}));
default = {};
};
@@ -320,8 +344,10 @@ inputs:
log_format transparent_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
'"$ssl_preread_server_name"->$transparent_proxy_backend $bytes_sent $bytes_received';
map $ssl_preread_server_name $transparent_proxy_backend {
${concatStringsSep "\n " (map
(x: ''"${x.name}" 127.0.0.1:${toString x.value};'')
${concatStringsSep "\n " (builtins.map
(x:
let upstrem = if builtins.isInt x.value then "127.0.0.1:${builtins.toString x.value}" else x.value;
in ''"${x.name}" ${upstrem};'')
(attrsToList nginx.transparentProxy.map))}
default 127.0.0.1:${toString (with nginx.global; (httpsPort + httpsPortShift.http2))};
}
@@ -336,6 +362,7 @@ inputs:
access_log syslog:server=unix:/dev/log transparent_proxy;
}
'';
# TODO: use existing options
systemd.services.nginx-proxy =
let
ip = "${inputs.pkgs.iproute2}/bin/ip";
@@ -345,9 +372,19 @@ inputs:
table inet nginx {
chain output {
type route hook output priority mangle; policy accept;
# gid nginx
#
meta skgid ${builtins.toString inputs.config.users.groups.nginx.gid} fib saddr type != local \
ct state new counter ct mark set ct mark | 2
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2
#
#
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2 accept
return
}
# prerouting
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2 accept
return
}
}
@@ -781,6 +818,20 @@ inputs:
include ${inputs.config.services.nginx.package}/conf/fastcgi.conf;
'';
}
else {})
// (if site.value.proxy != null then
{
locations."/" =
{
proxyPass = site.value.proxy.upstream;
proxyWebsockets = site.value.proxy.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
extraConfig = builtins.concatStringsSep "\n" (builtins.map
(header: ''proxy_set_header ${header.name} "${header.value}";'')
(inputs.localLib.attrsToList site.value.proxy.setHeaders));
};
}
else {});
})
(attrsToList nginx.http));

7
modules/services/nixseperatedebuginfo.nix
View File

@@ -1,12 +1,9 @@
inputs:
{
options.nixos.services.nixseparatedebuginfo = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
{ type = types.nullOr (types.submodule {}); default = null; };
config =
let inherit (inputs.config.nixos.services) nixseparatedebuginfo; in inputs.lib.mkIf (nixseparatedebuginfo != {})
let inherit (inputs.config.nixos.services) nixseparatedebuginfo; in inputs.lib.mkIf (nixseparatedebuginfo != null)
{
services.nixseparatedebuginfod.enable = true;
environment.persistence."/nix/nodatacow".directories =

210
modules/services/nixvirt.nix
View File

@@ -1,42 +1,55 @@
# TODO: fix libvirtd network
inputs:
{
options.nixos.services.nixvirt = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.attrsOf (types.submodule (submoduleInputs: { options =
let
hash = builtins.hashString "sha256" submoduleInputs.config._module.args.name;
createString = separator: parts: builtins.concatStringsSep separator
(builtins.map (p: builtins.substring (builtins.head p) (builtins.elemAt p 1) hash) parts);
in
type = types.nullOr (types.submodule { options =
{
subnet = mkOption { type = types.ints.unsigned; default = 122; };
instance = mkOption
{
uuid = mkOption
{
type = types.nonEmptyStr;
default = createString "-" [ [ 0 8 ] [ 8 4 ] [ 12 4 ] [ 16 4 ] [ 20 12 ] ];
};
storage = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
memoryGB = mkOption { type = types.ints.unsigned; };
cpus = mkOption { type = types.ints.unsigned; };
vnc =
{
port = mkOption { type = types.ints.unsigned; default = 15900 + submoduleInputs.config.address; };
openFirewall = mkOption { type = types.bool; default = true; };
};
mac = mkOption
{ type = types.nonEmptyStr; default = "02:${createString ":" [ [ 0 2 ] [ 2 2 ] [ 4 2 ] [ 6 2 ] [ 8 2 ] ]}"; };
address = mkOption { type = types.ints.unsigned; };
owner = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
portForward = rec
{
tcp = mkOption
type = types.attrsOf (types.submodule (submoduleInputs: { options =
let
hash = builtins.hashString "sha256" submoduleInputs.config._module.args.name;
createString = separator: parts: builtins.concatStringsSep separator
(builtins.map (p: builtins.substring (builtins.head p) (builtins.elemAt p 1) hash) parts);
defaultUuid = createString "-" [ [ 0 8 ] [ 8 4 ] [ 12 4 ] [ 16 4 ] [ 20 12 ] ];
defaultMac = "02:${createString ":" [ [ 0 2 ] [ 2 2 ] [ 4 2 ] [ 6 2 ] [ 8 2 ] ]}";
in
{
type = types.listOf (types.submodule { options = rec
{ host = mkOption { type = types.ints.unsigned; }; guest = host; };});
default = [];
};
udp = tcp;
};
};})));
uuid = mkOption { type = types.nonEmptyStr; default = defaultUuid; };
owner = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
hardware =
{
storage = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
memoryMB = mkOption { type = types.ints.unsigned; };
cpus = mkOption { type = types.ints.unsigned; };
mac = mkOption { type = types.nonEmptyStr; default = defaultMac; };
};
network =
{
address = mkOption { type = types.ints.unsigned; };
vnc =
{
port = mkOption { type = types.ints.unsigned; default = 15900 + submoduleInputs.config.network.address; };
openFirewall = mkOption { type = types.bool; default = true; };
};
portForward = rec
{
tcp = mkOption
{
type = types.listOf (types.submodule { options = rec
{ host = mkOption { type = types.ints.unsigned; }; guest = host; };});
default = [];
};
udp = tcp;
web = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
};}));
default = {};
};
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) nixvirt; in inputs.lib.mkIf (nixvirt != null)
@@ -50,32 +63,34 @@ inputs:
connections."qemu:///system" = let inherit (inputs.topInputs.nixvirt) lib; in
{
domains = builtins.map
(vm: { definition = inputs.config.sops.templates."${vm.name}.xml".path; active = true; })
(inputs.localLib.attrsToList nixvirt);
(vm: { definition = inputs.config.sops.templates."${vm.name}.xml".path; active = true; restart = false; })
(inputs.localLib.attrsToList nixvirt.instance);
networks =
[{
definition =
let
base = lib.network.templates.bridge
{ uuid = "8f403474-f8d6-4fa7-991a-f62f40d51191"; subnet_byte = 122; };
{ uuid = "8f403474-f8d6-4fa7-991a-f62f40d51191"; subnet_byte = nixvirt.subnet; };
host = builtins.map
(vm: { inherit (vm) mac; ip = "192.168.122.${builtins.toString vm.address}"; })
(builtins.attrValues nixvirt);
(vm:
{
inherit (vm.hardware) mac;
ip = "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}";
})
(builtins.attrValues nixvirt.instance);
in lib.network.writeXML (base // { ip = base.ip // { dhcp = base.ip.dhcp // { inherit host; }; }; });
active = true;
# never restart the network
# when adding a new VM, add dhcp resolve manually, by:
# sudo virsh net-update default add ip-dhcp-host "<host mac='' ip='192.168.122.' />" --live
restart = false;
}];
pools =
[{
definition = lib.pool.writeXML
{
name = "default";
uuid = "6fc75fcc-fb95-48b6-8fa4-0e59b6c1b6c7";
type = "dir";
target.path = "/var/lib/libvirt/images";
};
active = true;
# do not define image here, since it still needs to be created manually
}];
# do not use it to define disk, since it is not declartive
# create disk manually, by:
# sudo qemu-img create -f raw /var/lib/libvirt/images/test.img 20G
# sudo chown qemu-libvirt:qemu-libvirt /var/lib/libvirt/images/test.img
# sudo chmod 600 /var/lib/libvirt/images/test.img
pools = [];
};
};
libvirtd.qemu.verbatimConfig =
@@ -84,7 +99,28 @@ inputs:
vnc_listen = "0.0.0.0"
'';
};
nixos.services.kvm = {};
nixos.services =
{
nginx =
let hosts = builtins.concatLists (builtins.map
(vm: builtins.map
(domain:
{
inherit domain;
ip = "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}";
})
vm.network.portForward.web)
(builtins.attrValues nixvirt.instance));
in
{
enable = inputs.lib.mkIf (hosts != []) true;
transparentProxy.map = builtins.listToAttrs (builtins.map
(host: { name = host.domain; value = "${host.ip}" + ":443"; }) hosts);
http = builtins.listToAttrs (builtins.map
(host: { name = host.domain; value.proxy.upstream = "http://${host.ip}" + ":80"; }) hosts);
};
kvm = {};
};
sops =
{
templates = builtins.listToAttrs (builtins.map
@@ -98,8 +134,8 @@ inputs:
{
inherit (vm) name;
inherit (vm.value) uuid;
memory = { count = vm.value.memoryGB; unit = "GiB"; };
storage_vol = { pool = "default"; volume = "${vm.value.storage}.qcow2"; };
memory = { count = vm.value.hardware.memoryMB; unit = "MiB"; };
storage_vol = "/var/lib/libvirt/images/${vm.value.hardware.storage}.img";
install_vol = "${inputs.topInputs.self.src.iso.netboot}";
virtio_video = false;
};
@@ -113,14 +149,15 @@ inputs:
{
type = "vnc";
autoport = false;
port = vm.value.vnc.port;
port = vm.value.network.vnc.port;
listen.type = "address";
passwd = inputs.config.sops.placeholder."nixvirt/${vm.name}";
};
interface = base.devices.interface // { mac.address = vm.value.mac; };
interface = base.devices.interface // { mac.address = vm.value.hardware.mac; };
disk = builtins.map (disk: disk // { driver = disk.driver // { type = "raw"; }; }) base.devices.disk;
};
cpu = base.cpu // { topology = { sockets = 1; dies = 1; cores = vm.value.cpus; threads = 1; };};
vcpu = { placement = "static"; count = vm.value.cpus; };
cpu = base.cpu // { topology = { sockets = 1; dies = 1; cores = vm.value.hardware.cpus; threads = 1; };};
vcpu = { placement = "static"; count = vm.value.hardware.cpus; };
os = (builtins.removeAttrs base.os [ "boot" ]) //
{
loader = { readonly = true; type = "pflash"; path = "/run/libvirt/nix-ovmf/OVMF_CODE.fd"; };
@@ -128,16 +165,18 @@ inputs:
{
template = "/run/libvirt/nix-ovmf/OVMF_VARS.fd";
path = "/var/lib/libvirt/qemu/nvram/${vm.name}_VARS.fd";
templateFormat = "raw";
format = "raw";
};
};
});
})
(inputs.localLib.attrsToList nixvirt));
(inputs.localLib.attrsToList nixvirt.instance));
secrets = builtins.listToAttrs (builtins.map
(vm: { name = "nixvirt/${vm}"; value = {}; }) (builtins.attrNames nixvirt));
(vm: { name = "nixvirt/${vm}"; value = {}; }) (builtins.attrNames nixvirt.instance));
placeholder = builtins.listToAttrs (builtins.map
(vm: { name = "nixvirt/${vm}"; value = builtins.hashString "sha256" "nixvirt/${vm}"; })
(builtins.attrNames nixvirt));
(builtins.attrNames nixvirt.instance));
};
security.wrappers.vm =
{
@@ -148,7 +187,7 @@ inputs:
({
virsh = "${inputs.pkgs.libvirt}/bin/virsh";
vm =
let vms = builtins.groupBy (vm: vm.value.owner) (inputs.localLib.attrsToList nixvirt);
let vms = builtins.groupBy (vm: vm.value.owner) (inputs.localLib.attrsToList nixvirt.instance);
in builtins.listToAttrs (builtins.map (owner:
{
name = builtins.toString inputs.config.nixos.user.uid.${owner.name};
@@ -163,18 +202,20 @@ inputs:
group = "root";
setuid = true;
};
networking.firewall.allowedTCPPorts = builtins.map (vm: vm.vnc.port)
(builtins.filter (vm: vm.vnc.openFirewall) (builtins.attrValues nixvirt));
networking.firewall.allowedTCPPorts = builtins.map (vm: vm.network.vnc.port)
(builtins.filter (vm: vm.network.vnc.openFirewall) (builtins.attrValues nixvirt.instance));
# TODO: use existing options
systemd.services.nixvirt-forward =
let
nftRules = builtins.concatLists (builtins.concatLists (builtins.map
(vm: builtins.map
(protocol: builtins.map
(port: "${protocol} dport ${builtins.toString port.host} "
+ "counter dnat ip to 192.168.122.${builtins.toString vm.address}:${builtins.toString port.guest}")
vm.portForward.${protocol})
(port: "${protocol} dport ${builtins.toString port.host} fib daddr type local counter dnat ip to "
+ "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}"
+ ":${builtins.toString port.guest}")
vm.network.portForward.${protocol})
[ "tcp" "udp" ])
(builtins.attrValues nixvirt)));
(builtins.attrValues nixvirt.instance)));
nft = "${inputs.pkgs.nftables}/bin/nft";
nftConfigFile = inputs.pkgs.writeText "nixvirt.nft"
''
@@ -183,41 +224,18 @@ inputs:
type nat hook prerouting priority dstnat; policy accept;
${builtins.concatStringsSep "\n" nftRules}
}
chain output {
type nat hook output priority dstnat; policy accept;
${builtins.concatStringsSep "\n" nftRules}
}
}
'';
# libvirt use iptables to reject forward-input packages.
# packages accept in nftables but reject in iptables will finally be rejected.
# So we need to add a rule in iptables to accept these packages.
iptables = "${inputs.pkgs.iptables}/bin/iptables";
iptRules = builtins.concatLists (builtins.concatLists (builtins.map
(vm: builtins.map
(protocol: builtins.map
(port: "${iptables} -t filter -I NIXVIRT_FORWARD -d 192.168.122.${builtins.toString vm.address} "
+ "-p ${protocol} --dport ${builtins.toString port.guest} -j ACCEPT")
vm.portForward.${protocol})
[ "tcp" "udp" ])
(builtins.attrValues nixvirt)));
start = inputs.pkgs.writeShellScript "nixvirt.start" (builtins.concatStringsSep "\n"
(
[
"${nft} -f ${nftConfigFile}"
"${iptables} -t filter -N NIXVIRT_FORWARD -w"
"${iptables} -t filter -I LIBVIRT_FWI -j NIXVIRT_FORWARD -w"
] ++ iptRules
));
stop = inputs.pkgs.writeShellScript "nixvirt.stop" (builtins.concatStringsSep "\n"
[
"${nft} delete table inet nixvirt"
"${iptables} -t filter -D LIBVIRT_FWI -j NIXVIRT_FORWARD -w"
"${iptables} -t filter -F NIXVIRT_FORWARD -w"
"${iptables} -t filter -X NIXVIRT_FORWARD -w"
]);
start = inputs.pkgs.writeShellScript "nixvirt.start" "${nft} -f ${nftConfigFile}";
stop = inputs.pkgs.writeShellScript "nixvirt.stop" "${nft} delete table inet nixvirt";
in
{
description = "nixvirt port forward";
after = [ "nftables.service" "nixvirt.service" ];
bindsTo= [ "nftables.service" ];
partOf = [ "nftables.service" "nixvirt.service" ];
serviceConfig =
{
Type = "oneshot";

2
modules/services/ollama.nix
View File

@@ -4,7 +4,7 @@ inputs:
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) ollama; in inputs.lib.mkIf (ollama != null)
{
services.ollama = { enable = true; package = inputs.pkgs.pkgs-unstable.ollama; host = "0.0.0.0"; };
services.ollama = { enable = true; host = "0.0.0.0"; };
nixos.packages.packages._packages = [ inputs.pkgs.oterm ];
};
}

1
modules/services/open-webui.nix
View File

@@ -14,7 +14,6 @@ inputs:
services.open-webui =
{
enable = true;
package = inputs.pkgs.pkgs-unstable.open-webui;
environment =
{
ENABLE_PERSISTENT_CONFIG = "False";

5
modules/services/postgresql.nix
View File

@@ -14,6 +14,7 @@ inputs:
};}));
default = {};
};
nodatacow = mkOption { type = types.bool; default = false; };
};
config = let inherit (inputs.config.nixos.services) postgresql; in inputs.lib.mkIf postgresql.enable
{
@@ -51,7 +52,7 @@ inputs:
};
postgresqlBackup =
{
enable = true;
enable = postgresql.nodatacow;
pgdumpOptions = "-Fc";
compression = "none";
databases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList postgresql.instances);
@@ -87,7 +88,7 @@ inputs:
sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList postgresql.instances)));
environment.persistence."/nix/nodatacow".directories =
environment.persistence."/nix/nodatacow".directories = inputs.lib.mkIf postgresql.nodatacow
[{ directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }];
};
}

6
modules/services/snapper.nix
View File

@@ -18,9 +18,9 @@ inputs:
TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800;
TIMELINE_LIMIT_HOURLY = 10;
TIMELINE_LIMIT_DAILY = 7;
TIMELINE_LIMIT_WEEKLY = 3;
TIMELINE_LIMIT_MONTHLY = 1;
TIMELINE_LIMIT_DAILY = 3;
TIMELINE_LIMIT_WEEKLY = 1;
TIMELINE_LIMIT_MONTHLY = 0;
TIMELINE_LIMIT_YEARLY = 0;
};
})

6
modules/services/synapse.nix
View File

@@ -1,4 +1,4 @@
# port from nixpkgs#70dc536a
# port from nixpkgs#a87068b8
inputs:
{
options.nixos.services.synapse.instances = let inherit (inputs.lib) mkOption types; in mkOption
@@ -41,7 +41,7 @@ inputs:
{
services."synapse-${instance.name}" =
let
package = inputs.pkgs.pkgs-unstable.matrix-synapse.override
package = inputs.pkgs.matrix-synapse.override
{ extras = [ "url-preview" "postgres" "redis" ]; plugins = []; };
config = inputs.config.sops.templates."synapse/${instance.name}/config.yaml".path;
homeserver = "${package}/bin/synapse_homeserver";
@@ -49,9 +49,11 @@ inputs:
{
description = "synapse-${instance.name}";
enable = instance.value.autoStart;
wants = [ "network-online.target" ];
after = [ "network-online.target" "postgresql.service" ];
requires = [ "network-online.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
environment = { LD_PRELOAD = "${inputs.pkgs.jemalloc}/lib/libjemalloc.so"; PYTHONMALLOC = "malloc"; };
serviceConfig =
{
ExecStart = "${homeserver} --config-path ${config} --keys-directory ${workdir}";

16
modules/services/waydroid.nix
View File

@@ -1,16 +0,0 @@
inputs:
{
options.nixos.services.waydroid = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) waydroid; in inputs.lib.mkIf (waydroid != null)
{ virtualisation.waydroid.enable = true; };
}
# sudo waydroid shell wm set-fix-to-user-rotation enabled
# /var/lib/waydroid/waydroid_base.prop
# default:
# ro.hardware.gralloc=gbm
# ro.hardware.egl=mesa
# nvidia:
# ro.hardware.gralloc=default
# ro.hardware.egl=swiftshader

49
modules/services/wechat2tg.nix
View File

@@ -1,49 +0,0 @@
inputs:
{
options.nixos.services.wechat2tg = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) wechat2tg; in inputs.lib.mkIf (wechat2tg != null)
{
virtualisation.oci-containers.containers.wechat2tg =
{
image = "finalpi/wechat2tg:v1.3.3";
imageFile = inputs.pkgs.dockerTools.pullImage
{
imageName = "finalpi/wechat2tg";
imageDigest = "sha256:48e3aff3f501847f063318b41ca34af7d83278847d2eee40d7ffbf439ee4c194";
sha256 = "04hq577d981mdfz0xwklhj9ifgnpbv91d6zkf37awfrbsiqfkrr6";
finalImageName = "finalpi/wechat2tg";
finalImageTag = "v1.3.3";
};
volumes = [ "wechat2tg-config:/app/storage" "wechat2tg-files:/app/save-files" ];
environmentFiles = [ inputs.config.sops.templates."wechat2tg/env".path ];
};
sops =
{
templates."wechat2tg/env".content = let placeholder = inputs.config.sops.placeholder; in
''
BOT_TOKEN=${placeholder."wechat2tg/token"}
# PROXY_HOST: ""
# PROXY_PORT: ""
# Proxy type: socks5, http, https
# PROXY_PROTOCOL: 'socks5'
# Optional username and password
# PROXY_USERNAME: ""
# PROXY_PASSWORD: ""
# API_ID: ""
# API_HASH: ""
ROOM_MESSAGE='<i>🌐#[topic]</i> ---- <b>👤#[(alias)] #[name]: </b>'
OFFICIAL_MESSAGE='<b>📣#[name]: </b>'
CONTACT_MESSAGE='<b>👤#[alias_first]: </b>'
ROOM_MESSAGE_GROUP='<b>👤#[(alias)] #[name]: </b>'
OFFICIAL_MESSAGE_GROUP='<b>📣#[name]: </b>'
CONTACT_MESSAGE_GROUP='<b>👤#[alias_first]: </b>'
CREATE_ROOM_NAME='#[topic]'
CREATE_CONTACT_NAME='#[alias]#[[name]]'
MESSAGE_DISPLAY='#[identity]#[br]#[body]'
'';
secrets."wechat2tg/token" = {};
};
nixos.services.docker = {};
};
}

46
modules/services/xmuvpn/default.nix
View File

@@ -1,46 +0,0 @@
inputs:
{
options.nixos.services.xmuvpn = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) xmuvpn; in inputs.lib.mkIf (xmuvpn != null)
{
assertions =
[{
assertion = inputs.config.nixos.services.xray.client.enable;
message = "Xray should be enabled.";
}];
virtualisation.oci-containers.containers.xmuvpn =
{
image = "hagb/docker-easyconnect";
imageFile = inputs.topInputs.self.src.xmuvpn;
ports = [ "127.0.0.1:5901:5901/tcp" "127.0.0.1:10069:1080/tcp" ];
extraOptions = [ "--dns=223.5.5.5" "--device=/dev/net/tun" "--cap-add=NET_ADMIN" ];
volumes = [ "xmuvpn:/root" ];
environment = { PASSWORD = "xxxx"; PING_ADDR = "office.chn.moe"; };
};
nixos.services.docker = {};
systemd.services.xmuvpn-forwarder =
{
description = "xmuvpn forwarder daemon";
after = [ "network.target" "v2ray-forwarder.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
let ipset = "${inputs.pkgs.ipset}/bin/ipset";
in
{
Type = "oneshot";
RemainAfterExit = true;
ExecStart = inputs.pkgs.writeShellScript "xmuvpn-forwarder.start"
(builtins.concatStringsSep "\n" (builtins.map
(host: "${ipset} add xmu_net ${host}")
[
# when add new ip, remember to also add it to router
"218.193.58.125" "210.34.0.35" "121.192.191.10" "10.24.84.31" "59.77.0.143" "59.77.36.248"
"172.27.124.24" "59.77.36.156" "59.77.36.223" "210.34.0.84" "218.193.50.157"
"210.34.16.60" "10.26.14.70" "10.26.14.56" "210.34.16.20" "59.77.36.250"
]));
ExecStop = inputs.pkgs.writeShellScript "xmuvpn-forwarder.stop" "${ipset} flush xmu_net";
};
};
};
}

38
modules/services/xmuvpn/xmuvpn
View File

@@ -1,38 +0,0 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2010 Jo-Philipp Wich
START=99
STOP=01
start() {
ipset create xmunet hash:net
ipset add xmunet 218.193.58.125
ipset add xmunet 210.34.0.35
ipset add xmunet 121.192.191.10
ipset add xmunet 10.24.84.31
ipset add xmunet 59.77.0.143
ipset add xmunet 59.77.36.248
ipset add xmunet 172.27.124.24
ipset add xmunet 59.77.36.156
ipset add xmunet 59.77.36.223
ipset add xmunet 210.34.0.84
ipset add xmunet 218.193.50.157
ipset add xmunet 210.34.16.60
ipset add xmunet 10.26.14.70
ipset add xmunet 10.26.14.56
ipset add xmunet 210.34.16.20
ipset add xmunet 59.77.36.250
iptables -t mangle -A PREROUTING ! -s 192.168.1.2 -m set --match-set xmunet dst -j MARK --set-mark 1/1
ip route add unicast 0.0.0.0/0 via 192.168.1.2 dev br-lan table 100
ip rule add fwmark 1/1 table 100
}
stop() {
iptables -t mangle -D PREROUTING ! -s 192.168.1.2 -m set --match-set xmunet dst -j MARK --set-mark 1/1 -w
# somehow -w does not work
sleep 1
ip rule del fwmark 1/1 table 100
ip route del table 100
ipset flush xmunet
ipset destroy xmunet
}

10
modules/services/xray.nix
View File

@@ -46,12 +46,7 @@ inputs:
{
services =
{
xray =
{
enable = true;
settingsFile = inputs.config.sops.templates."xray-client.json".path;
package = inputs.pkgs.pkgs-unstable.xray;
};
xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
dnsmasq =
{
enable = true;
@@ -216,9 +211,11 @@ inputs:
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
LimitNPROC = 65536;
LimitNOFILE = 524288;
CPUSchedulingPolicy = "rr";
};
restartTriggers = [ inputs.config.sops.templates."xray-client.json".file ];
};
# TODO: use existing options
v2ray-forwarder =
{
description = "v2ray-forwarder Daemon";
@@ -334,7 +331,6 @@ inputs:
{
enable = true;
settingsFile = inputs.config.sops.templates."xray-server.json".path;
package = inputs.pkgs.pkgs-unstable.xray;
};
sops =
{

4
modules/system/binfmt.nix
View File

@@ -1,6 +1,8 @@
inputs:
{
config =
options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.system) binfmt; in inputs.lib.mkIf (binfmt != null)
{
programs.java = { enable = true; binfmt = true; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" "x86_64-windows" ];

9
modules/system/catppuccin.nix
View File

@@ -3,16 +3,13 @@ inputs:
config =
{
catppuccin.flavor = "latte";
console.catppuccin.enable = true;
catppuccin.tty.enable = true;
nixos.user.sharedModules =
[{
config =
{
programs =
{
bat = { enable = true; catppuccin.enable = true; };
btop = { enable = true; catppuccin.enable = true; };
};
catppuccin = { btop.enable = true; bat.enable = true; };
programs = { bat.enable = true; btop.enable = true; };
xdg = { enable = true; configFile."btop/btop.conf".force = true; };
};
}];

6
modules/system/default.nix
View File

@@ -5,7 +5,6 @@ inputs:
{
services =
{
dbus.implementation = "broker";
fstrim.enable = true;
acpid.enable = true;
# TODO: set ipfs as separate service
@@ -50,13 +49,12 @@ inputs:
i18n = { defaultLocale = "C.UTF-8"; supportedLocales = [ "all" ]; };
users.mutableUsers = false;
virtualisation.oci-containers.backend = "docker";
home-manager.sharedModules = [{ home.stateVersion = "22.11"; }];
home-manager.sharedModules = [{ home.stateVersion = "25.05"; }];
system =
{
stateVersion = "22.11";
stateVersion = "25.05";
configurationRevision = inputs.topInputs.self.rev or "dirty";
nixos = { versionSuffix = inputs.lib.mkForce ""; tags = [ inputs.topInputs.self.config.branch ]; };
};
chaotic.nyx.cache.enable = false;
};
}

7
modules/system/envfs.nix
View File

@@ -1,6 +1,11 @@
inputs:
{
config =
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null)
{
services.envfs.enable = true;
environment.variables.ENVFS_RESOLVE_ALWAYS = "1";

6
modules/system/fileSystems/cluster.nix
View File

@@ -4,10 +4,10 @@ inputs:
[
# for cluster master, export NFS
(inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null == "master")
{ nixos.services.nfs."/nix/persistent/home" = "192.168.178.0/24"; })
{ nixos.services.nfs."/" = "192.168.178.0/24"; })
# for cluster worker, mount nfs, disable some home manager files
(inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null == "worker")
{ nixos.system.fileSystems.mount.nfs."192.168.178.1:/nix/persistent/home" = "/remote/home"; })
(let inherit (inputs.config.nixos.model) cluster; in inputs.lib.mkIf (cluster.nodeType or null == "worker")
{ nixos.system.fileSystems.mount.nfs."192.168.178.1:/" = "/nix/remote/${cluster.clusterName}"; })
# 将一部分由 home-manager 生成软链接的文件改为直接挂载,以兼容集群的设置
(let files = [ ".zshrc" ".zshenv" ".profile" ".bashrc" ".bash_profile" ".zlogin" ]; in
{

21
modules/system/fileSystems/default.nix
View File

@@ -75,15 +75,16 @@ inputs:
# swap
{ swapDevices = builtins.map (device: { device = device; }) fileSystems.swap; }
# resume
(inputs.lib.mkIf (fileSystems.resume != null) { boot =
(
if builtins.typeOf fileSystems.resume == "string" then { resumeDevice = fileSystems.resume; }
else
{
resumeDevice = fileSystems.resume.device;
kernelParams = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
}
);})
(inputs.lib.mkIf (fileSystems.resume != null)
{
boot = inputs.localLib.mkConditional (builtins.typeOf fileSystems.resume == "string")
{ resumeDevice = fileSystems.resume; }
{
resumeDevice = fileSystems.resume.device;
kernelParams = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
};
nixos.system.kernel.patches = [ "hibernate-progress" ];
})
# rollingRootfs
(inputs.lib.mkIf (fileSystems.rollingRootfs != null)
{
@@ -122,6 +123,8 @@ inputs:
btrfs property set -ts /mnt/nix/rootfs/$timestamp-$subvolid ro true
fi
[ -d /mnt/nix/rootfs/current ] || btrfs subvolume create /mnt/nix/rootfs/current
mkdir -p /mnt/nix/rootfs/current/usr
touch /mnt/nix/rootfs/current/usr/make-systemd-happy
chattr +C /mnt/nix/rootfs/current
echo $(date '+%Y%m%d%H%M%S') > /mnt/nix/rootfs/current/.timestamp
umount /mnt

25
modules/system/fileSystems/impermanence.nix
View File

@@ -1,5 +1,18 @@
inputs:
{
options.nixos.system.fileSystems.impermanence = let inherit (inputs.lib) mkOption types; in
{
clusterPersistentDirectory = mkOption
{
type = types.str;
default =
let
inherit (inputs.config.nixos.model) cluster;
prefix = if cluster.nodeType or null == "worker" then "/nix/remote/${cluster.clusterName}" else "";
in "${prefix}/nix/persistent";
readOnly = true;
};
};
config.environment.persistence = inputs.lib.mkMerge
[
# generic settings
@@ -20,16 +33,14 @@ inputs:
"/nix/rootfs/current" =
{
hideMounts = true;
directories = [ { directory = "/var/lib/docker"; mode = "0710"; } "/var/lib/flatpak" ]
directories = [ { directory = "/var/lib/docker"; mode = "0710"; } ]
++ builtins.map (f: "/var/lib/systemd/${f}") [ "linger" "coredump" "backlight" ];
};
"/nix/nodatacow" =
{
hideMounts = true;
directories =
[{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }]
++ inputs.lib.optional (inputs.config.nixos.services.kvm != null)
{ directory = "/var/lib/libvirt/images"; mode = "0711"; };
[{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }];
};
}
# 挂载 /home/user
@@ -37,7 +48,7 @@ inputs:
# 对于桌面用途的 chn不需要挂载
# 对于其它情况,则挂载 /nix/persistent/home/user 到 /home/user
{
"${if inputs.config.nixos.model.cluster.nodeType or null == "worker" then "/remote" else "/nix/persistent"}" =
${inputs.config.nixos.system.fileSystems.impermanence.clusterPersistentDirectory} =
{
hideMounts = true;
directories = builtins.map
@@ -48,10 +59,10 @@ inputs:
};
}
# 挂载更详细的目录
# 对于任何情况,`.cache` 都应该在重启后丢失
# 对于任何情况,`.cache` `.config/systemd` 都应该在重启后丢失
{
"/nix/rootfs/current".users = builtins.listToAttrs (builtins.map
(user: { name = user; value.directories = [ ".cache" ]; })
(user: { name = user; value.directories = [ ".cache" ".config/systemd" ]; })
inputs.config.nixos.user.users);
}
# 对于桌面用途的 chn有一些需要 persist 的目录

4
modules/system/font.nix
View File

@@ -7,9 +7,9 @@ inputs:
fontDir.enable = true;
packages = with inputs.pkgs;
[
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts hack-font inter
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono hack-font inter
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk-sans
noto-fonts-emoji corefonts vistafonts vistafonts-chs dejavu_fonts
noto-fonts-emoji corefonts vistafonts vistafonts-chs dejavu_fonts nerd-fonts.fira-code
];
fontconfig.defaultFonts =
{

44
modules/system/gui.nix
View File

@@ -8,7 +8,6 @@ inputs:
services =
{
desktopManager.plasma6.enable = true;
xserver.enable = true;
greetd =
{
enable = true;
@@ -28,40 +27,35 @@ inputs:
sessionVariables.GTK_USE_PORTAL = "1";
persistence."/nix/persistent".directories =
[{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; mode = "0700"; }];
systemPackages = with inputs.pkgs; [ waybar ];
};
xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
i18n.inputMethod =
{
enable = true;
type = "fcitx5";
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}") [ "chinese-addons" "mozc" "material-color" "gtk" ];
};
programs =
programs.dconf.enable = true;
nixos.user.sharedModules = [(hmInputs:
{
dconf.enable = true;
hyprland = { enable = true; withUWSM = true; };
# waybar should not be pull in by graphical-session.target
waybar.enable = false;
iio-hyprland.enable = true;
hyprlock.enable = true;
uwsm.enable = true;
};
systemd.services.display-manager.after = [ "plymouth-quit.service" ];
# 在 chromium 中输入汉字有可能会漏字,需要这个配置
nixos.user.sharedModules = [(hmInputs: { gtk =
{
enable = true;
iconTheme.name = "klassy";
gtk2 =
config =
{
extraConfig = ''gtk-im-module="fcitx"'';
configLocation = "${hmInputs.config.xdg.configHome}/gtk-2.0/gtkrc";
gtk =
{
enable = true;
gtk2 =
{
extraConfig = ''gtk-im-module="fcitx"'';
configLocation = "${hmInputs.config.xdg.configHome}/gtk-2.0/gtkrc";
};
gtk3.extraConfig.gtk-im-module = "fcitx";
gtk4.extraConfig.gtk-im-module = "fcitx";
};
# somehow kde needs this
# TODO: debug
home.file.".cache/thumbnails/.keep".text = "";
};
gtk3.extraConfig.gtk-im-module = "fcitx";
gtk4.extraConfig.gtk-im-module = "fcitx";
};})];
})];
})
# prefer gui or not
(inputs.localLib.mkConditional (builtins.elem inputs.config.nixos.model.type [ "desktop" ])

2
modules/system/initrd.nix
View File

@@ -3,7 +3,6 @@ inputs:
options.nixos.system.initrd = let inherit (inputs.lib) mkOption types; in
{
sshd = mkOption { type = types.nullOr (types.submodule {}); default = null; };
unl0kr = mkOption { type = types.nullOr (types.submodule {}); default = null; };
};
config = let inherit (inputs.config.nixos.system) initrd; in inputs.lib.mkMerge
[
@@ -34,6 +33,5 @@ inputs:
};
}
)
(inputs.lib.mkIf (initrd.unl0kr != null) { boot.initrd.unl0kr.enable = true; })
];
}

17
modules/system/kernel.nix → modules/system/kernel/default.nix
View File

@@ -48,15 +48,28 @@ inputs:
xanmod-lts = inputs.pkgs.linuxPackages_xanmod;
xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest;
cachyos = inputs.pkgs.linuxPackages_cachyos;
# TODO: package cachyos-lts
cachyos-lts = inputs.pkgs.linuxPackages_cachyos_lts;
}.${kernel.variant};
kernelPatches = let patches = {}; in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
kernelPatches =
let
patches =
{
hibernate-progress =
[{
name = "hibernate-progress";
patch =
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in ./hibernate-progress-${version}.patch;
}];
};
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
}
# enable scx when using cachyos
(
inputs.lib.mkIf (builtins.elem kernel.variant [ "cachyos" "cachyos-lts" ])
{ services.scx = { enable = true; scheduler = "scx_bpfland"; }; }
{ services.scx = { enable = true; scheduler = "scx_rustland"; }; }
)
];
}

128
modules/system/kernel/hibernate-progress-6.12.patch Normal file
View File

@@ -0,0 +1,128 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index 5bc04bfe2db1..6e7b17b97de7 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -563,7 +563,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -578,7 +578,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -588,7 +588,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -795,8 +795,8 @@ static int save_compressed_image(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -817,7 +817,7 @@ static int save_compressed_image(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -888,9 +888,9 @@ static int save_compressed_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
- pr_info("Image size after compression: %d kbytes\n",
+ pr_err("Image size after compression: %d kbytes\n",
(atomic_read(&compressed_size) / 1024));
out_clean:
@@ -1105,7 +1105,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1123,7 +1123,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1133,7 +1133,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1328,8 +1328,8 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1459,7 +1459,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1485,7 +1485,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1593,7 +1593,7 @@ int swsusp_check(bool exclusive)
}
if (!error && swsusp_header->flags & SF_HW_SIG &&
swsusp_header->hw_sig != swsusp_hardware_signature) {
- pr_info("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
+ pr_err("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
swsusp_header->hw_sig, swsusp_hardware_signature);
error = -EINVAL;
}

116
modules/system/kernel/hibernate-progress-6.6.patch Normal file
View File

@@ -0,0 +1,116 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index d44f5937f1e5..8905c0438b64 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -552,7 +552,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -567,7 +567,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -577,7 +577,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -767,8 +767,8 @@ static int save_image_lzo(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for compression\n", nr_threads);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for compression\n", nr_threads);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -789,7 +789,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -860,7 +860,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
out_clean:
hib_finish_batch(&hb);
@@ -1071,7 +1071,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1089,7 +1089,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1099,7 +1099,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1283,8 +1283,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for decompression\n", nr_threads);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for decompression\n", nr_threads);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1414,7 +1414,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1440,7 +1440,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;

2
modules/system/networking.nix
View File

@@ -49,7 +49,7 @@ inputs:
# lower tcp retransmission tries (5 times, about several seconds)
"net.ipv4.tcp_retries2" = 5;
};
networking.nftables.enable = true;
networking.nftables = { enable = true; flushRuleset = false; };
}
(inputs.localLib.mkConditional (networking == null)
{

7
modules/system/nix-ld.nix
View File

@@ -1,6 +1,11 @@
inputs:
{
config =
options.nixos.system.nix-ld = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.system) nix-ld; in inputs.lib.mkIf (nix-ld != null)
{
programs.nix-ld =
{

2
modules/system/nix.nix
View File

@@ -144,8 +144,6 @@ inputs:
secrets."github/token".sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/chn.yaml";
};
})
# TODO: remove after 2.27 become default
{ nix.package = inputs.pkgs.pkgs-unstable.nixVersions.nix_2_28; }
# c++ include path
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";

126
modules/system/nixpkgs/buildNixpkgsConfig.nix
View File

@@ -19,32 +19,26 @@ in platformConfig //
{
inherit allowInsecurePredicate;
allowUnfree = true;
qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda != null; };
android_sdk.accept_license = true;
}
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
{
# TODO: change znver4 after update oneapi
# TODO: test znver3 do use AVX
oneapiArch = let match = {}; in match.${nixpkgs.march} or nixpkgs.march;
nvhpcArch = nixpkgs.march;
# contentAddressedByDefault = true;
enableCcache = true;
})
// (inputs.lib.optionalAttrs (nixpkgs.nixRoot != null)
{ nix = { storeDir = "${nixpkgs.nixRoot}/store"; stateDir = "${nixpkgs.nixRoot}/var"; }; });
overlays =
[
inputs.topInputs.qchem.overlays.default
inputs.topInputs.bscpkgs.overlays.default
inputs.topInputs.aagl.overlays.default
inputs.topInputs.nur-xddxdd.overlays.inSubTree
inputs.topInputs.shadowrz.overlays.default
inputs.topInputs.nix-vscode-extensions.overlays.default
(final: prev:
{
nix-vscode-extensions = inputs.topInputs.nix-vscode-extensions.extensions.${prev.system};
nur-linyinfeng = (inputs.topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
inherit (inputs.topInputs.nix-vscode-extensions.overlays.default final prev) nix-vscode-extensions;
firefox-addons = (import "${inputs.topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
inherit (import inputs.topInputs.gricad { pkgs = final; }) intel-oneapi intel-oneapi-2022;
linuxPackages_cachyos_lts =
final.linuxPackagesFor (inputs.topInputs.cachyos-lts.overlays.default final prev).linuxPackages_cachyos;
})
@@ -59,53 +53,62 @@ in platformConfig //
inherit genericPackages;
telegram-desktop = prev.telegram-desktop.override
{
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs (prev:
{ patches = prev.patches or [] ++ [ ./telegram.patch ]; });
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./telegram.patch ]; });
};
libvirt = (prev.libvirt.override { iptables = final.nftables; }).overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
root = prev.root.overrideAttrs (prev:
{
patches = prev.patches or [] ++ [ ./root.patch ];
cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ];
});
}
// (
let
source =
{
"pkgs-23.11" = "nixpkgs-23.11";
"pkgs-23.05" = "nixpkgs-23.05";
pkgs-2305 = "nixpkgs-2305";
pkgs-2311 = "nixpkgs-2311";
pkgs-2411 = "nixpkgs-2411";
pkgs-unstable =
{
source = "nixpkgs-unstable";
overlay = final: prev:
{
ollama = prev.ollama.override { cudaPackages = final.cudaPackages_12_8; };
}
// inputs.lib.optionalAttrs (nixpkgs.march != null)
{
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
{
scipy = prev.scipy.overridePythonAttrs (prev:
{ disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
rapidocr-onnxruntime = prev.rapidocr-onnxruntime.overridePythonAttrs { doCheck = false; };
cfn-lint = prev.cfn-lint.overridePythonAttrs { doCheck = false; };
})];
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
ctranslate2 = (prev.ctranslate2.override { withCUDA = false; withCuDNN = false; })
.overrideAttrs (prev:
{ cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
valkey = prev.valkey.overrideAttrs { doCheck = false; };
}
// inputs.lib.optionalAttrs
(builtins.elem nixpkgs.march [ "skylake" "silvermont" "broadwell" "znver3" ])
{ redis = prev.redis.overrideAttrs { doCheck = false; }; }
// inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx2Support)
{
haskellPackages = prev.haskellPackages.override
{
overrides = final: prev:
{
crypton = prev.crypton.overrideAttrs
(prev: { configureFlags = prev.configureFlags or [] ++ [ "--ghc-option=-optc-mno-avx2" ]; });
};
};
}
// (inputs.topInputs.self.overlays.default final prev);
(inputs.topInputs.self.overlays.default final prev);
# {
# ollama = prev.ollama.override { cudaPackages = final.cudaPackages_12_8; };
# }
# // inputs.lib.optionalAttrs (nixpkgs.march != null)
# {
# pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
# {
# scipy = prev.scipy.overridePythonAttrs (prev:
# { disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
# rapidocr-onnxruntime = prev.rapidocr-onnxruntime.overridePythonAttrs { doCheck = false; };
# cfn-lint = prev.cfn-lint.overridePythonAttrs { doCheck = false; };
# })];
# rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
# ctranslate2 = (prev.ctranslate2.override { withCUDA = false; withCuDNN = false; })
# .overrideAttrs (prev:
# { cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
# valkey = prev.valkey.overrideAttrs { doCheck = false; };
# }
# // inputs.lib.optionalAttrs
# (builtins.elem nixpkgs.march [ "skylake" "silvermont" "broadwell" "znver3" ])
# { redis = prev.redis.overrideAttrs { doCheck = false; }; }
# // inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx2Support)
# {
# haskellPackages = prev.haskellPackages.override
# {
# overrides = final: prev:
# {
# crypton = prev.crypton.overrideAttrs
# (prev: { configureFlags = prev.configureFlags or [] ++ [ "--ghc-option=-optc-mno-avx2" ]; });
# };
# };
# }
# // (inputs.topInputs.self.overlays.default final prev);
};
};
packages = name: import inputs.topInputs.${source.${name}.source or source.${name}}
@@ -122,14 +125,41 @@ in platformConfig //
in builtins.listToAttrs (builtins.map
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
)
# TODO: bring patch to upstream
// (inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx512Support)
{ gsl = prev.gsl.overrideAttrs { doCheck = false; }; })
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
{
libinsane = prev.libinsane.overrideAttrs (prev:
{ nativeCheckInputs = builtins.filter (p: p.pname != "valgrind") prev.nativeCheckInputs; });
lib2geom = prev.lib2geom.overrideAttrs (prev: { doCheck = false; });
libreoffice-qt6-fresh = prev.libreoffice-qt6-fresh.override (prev:
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
''
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
'';});});
libreoffice-still = prev.libreoffice-still.override (prev:
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
''
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
'';});});
opencolorio = prev.opencolorio.overrideAttrs (prev: { doCheck = false; });
# TODO: maybe something really broken?
openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
valkey = prev.valkey.overrideAttrs { doCheck = false; };
# -march=xxx cause embree build failed
# https://github.com/embree/embree/issues/115
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
simde = prev.simde.override { stdenv = final.genericPackages.stdenv; };
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
{
scipy = prev.scipy.overridePythonAttrs (prev:
{ disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
# paperwork-backend = prev.paperwork-backend.overrideAttrs (prev: { doCheck = false; });
})];
})
// (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
{ c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
# // (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
# { c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
)];
}

2
modules/system/nixpkgs/default.nix
View File

@@ -16,8 +16,6 @@ inputs:
config = let inherit (inputs.config.nixos.system) nixpkgs; in
{
nixpkgs = import ./buildNixpkgsConfig.nix { inherit inputs; nixpkgs = nixpkgs // { nixRoot = null; }; };
programs.ccache = { enable = true; cacheDir = "/var/lib/ccache"; };
nix.settings.extra-sandbox-paths = [ inputs.config.programs.ccache.cacheDir ];
boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
[{
name = "native kernel";

634
modules/system/nixpkgs/libvirt.patch Normal file
View File

@@ -0,0 +1,634 @@
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
index e8da15426e..7b5080ae5f 100644
--- a/src/network/network_iptables.c
+++ b/src/network/network_iptables.c
@@ -744,13 +744,6 @@ iptablesForwardRejectIn(virFirewall *fw,
const char *iface,
iptablesAction action)
{
- virFirewallAddCmd(fw, layer,
- "--table", "filter",
- iptablesActionTypeToString(action),
- VIR_IPTABLES_FWD_IN_CHAIN,
- "--out-interface", iface,
- "--jump", "REJECT",
- NULL);
}
/**
diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
index f8b5ab665d..54ed0c6f29 100644
--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
@@ -504,13 +504,6 @@ nftablesAddForwardRejectIn(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddCmd(fw, layer, "insert", "rule",
- nftablesLayerTypeToString(layer),
- VIR_NFTABLES_PRIVATE_TABLE,
- VIR_NFTABLES_FWD_IN_CHAIN,
- "oif", iface,
- "counter", "reject",
- NULL);
}
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.iptables b/tests/networkxml2firewalldata/forward-dev-linux.iptables
index bc483c4512..98be4b76ad 100644
--- a/tests/networkxml2firewalldata/forward-dev-linux.iptables
+++ b/tests/networkxml2firewalldata/forward-dev-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.nftables b/tests/networkxml2firewalldata/forward-dev-linux.nftables
index 8badb74beb..78c0110a32 100644
--- a/tests/networkxml2firewalldata/forward-dev-linux.nftables
+++ b/tests/networkxml2firewalldata/forward-dev-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/isolated-linux.iptables b/tests/networkxml2firewalldata/isolated-linux.iptables
index 135189ce41..d2d29933aa 100644
--- a/tests/networkxml2firewalldata/isolated-linux.iptables
+++ b/tests/networkxml2firewalldata/isolated-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/isolated-linux.nftables b/tests/networkxml2firewalldata/isolated-linux.nftables
index d1b4dac178..3d72c1fb09 100644
--- a/tests/networkxml2firewalldata/isolated-linux.nftables
+++ b/tests/networkxml2firewalldata/isolated-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
@@ -45,16 +35,6 @@ nft \
rule \
ip6 \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip6 \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-default-linux.iptables b/tests/networkxml2firewalldata/nat-default-linux.iptables
index 3cfa61333c..5f401194ed 100644
--- a/tests/networkxml2firewalldata/nat-default-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-default-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
index 28508292f9..ef7b2b1bc8 100644
--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
index ce295cbc6d..127ed35826 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
index d8a9ba706d..20e51e203c 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
@@ -45,16 +35,6 @@ nft \
rule \
ip6 \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip6 \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
index d78537dc5c..a87fe47480 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
index a7f09cda59..816a4a8cac 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
@@ -45,16 +35,6 @@ nft \
rule \
ip6 \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip6 \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
index ba7f234b82..9244705322 100644
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
index b826fe6134..904f515f3d 100644
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
index 1e5aa05231..b4f86a256f 100644
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
index d8a9ba706d..20e51e203c 100644
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
@@ -45,16 +35,6 @@ nft \
rule \
ip6 \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip6 \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
index c2e845cc4f..139110d068 100644
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
index ceaed6fa40..6db8eddf6c 100644
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
@@ -45,16 +35,6 @@ nft \
rule \
ip6 \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip6 \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
index 8e5c2c8193..0e7686359d 100644
--- a/tests/networkxml2firewalldata/nat-port-range-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
index 1dc37a26ec..1d65869876 100644
--- a/tests/networkxml2firewalldata/nat-port-range-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
@@ -45,16 +35,6 @@ nft \
rule \
ip6 \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip6 \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.iptables b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
index 565fff737c..3f2d1ccf5a 100644
--- a/tests/networkxml2firewalldata/nat-tftp-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
@@ -87,12 +87,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
index 28508292f9..ef7b2b1bc8 100644
--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \
diff --git a/tests/networkxml2firewalldata/route-default-linux.iptables b/tests/networkxml2firewalldata/route-default-linux.iptables
index a7b969c077..866d65014e 100644
--- a/tests/networkxml2firewalldata/route-default-linux.iptables
+++ b/tests/networkxml2firewalldata/route-default-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
index 282c9542a5..fc742c9fea 100644
--- a/tests/networkxml2firewalldata/route-default-linux.nftables
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
@@ -13,16 +13,6 @@ nft \
rule \
ip \
libvirt_network \
-guest_input \
-oif \
-virbr0 \
-counter \
-reject
-nft \
--ae insert \
-rule \
-ip \
-libvirt_network \
guest_cross \
iif \
virbr0 \

Some files were not shown because too many files have changed in this diff Show More