services.xrdp: add optimise

Merge branch 'production' into xrdp
暂存
2026-01-12 04:19:22 +08:00 · 2024-03-08 13:49:12 +08:00 · 2024-03-08 12:50:46 +08:00 · 2024-03-07 20:36:41 +08:00 · 2024-03-07 20:34:58 +08:00 · 2024-03-07 20:34:58 +08:00
62 changed files with 434 additions and 1093 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -7,32 +7,32 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
  - &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
 creation_rules:
-  - path_regex: secrets/pc/.*$
+  - path_regex: devices/pc/secrets/.*$
    key_groups:
    - age:
      - *chn
      - *pc
-  - path_regex: secrets/vps6/.*$
+  - path_regex: devices/vps6/secrets/.*$
    key_groups:
    - age:
      - *chn
      - *vps6
-  - path_regex: secrets/vps7/.*$
+  - path_regex: devices/vps7/secrets/.*$
    key_groups:
    - age:
      - *chn
      - *vps7
-  - path_regex: secrets/nas/.*$
+  - path_regex: devices/nas/secrets/.*$
    key_groups:
    - age:
      - *chn
      - *nas
-  - path_regex: secrets/surface/.*$
+  - path_regex: devices/surface/secrets/.*$
    key_groups:
    - age:
      - *chn
      - *surface
-  - path_regex: secrets/xmupc1/.*$
+  - path_regex: devices/xmupc1/secrets/.*$
    key_groups:
    - age:
      - *chn
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@@ -43,7 +43,7 @@ inputs:
        grub.installDevice = "efi";
        nixpkgs.march = "silvermont";
        nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
-        kernel.patches = [ "cjktty" ];
+        kernel.patches = [ "cjktty" "lantian" ];
        networking.hostname = "nas";
        gui.preferred = false;
      };
--- a/devices/nas/secrets/default.yaml
+++ b/devices/nas/secrets/default.yaml
@@ -1,7 +1,5 @@
 xray-client:
    uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
-nebula:
-    key: ENC[AES256_GCM,data:zWLXEH628ZVDZk7U/9zEXocJatCJr7hZrCmh/pifPlxVvVud5RQxLvgRvhQ=,iv:YFn7spiIcaW/l8dQZvGhsERi81L2RKLUE/55Bht0TMQ=,tag:fVdIRCMeT6o0lrGVDjCVlA==,type:str]
 acme:
    cloudflare.ini: ENC[AES256_GCM,data:/LpP1qoVS+CG+5ska6vtmagHNrhcgr5e1QRzDdbdCYGnDB8Nca/GmIogzHCXsogQY/rwGTCZoXLKKEGToYiThwk=,iv:R++I0ued2wrVsmM/vYvBVMOp9M7HyZIfDOVOlg7GALE=,tag:gYchPuh8MHk3EEnGb9g4WA==,type:str]
 users:
@@ -43,8 +41,8 @@ sops:
            by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
            kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-26T05:27:05Z"
-    mac: ENC[AES256_GCM,data:chLCDrIU5gJR/A7T6otkgVt1QDlG4fdXOwQJI+Unxtt8Iu6lkTVmfEA75Oi2eSCw1w+Xxfiq3nBs5pP1I3kq3xe68pwb2dCOrAXZU7i/nHHVw+HxfvV56oXkyIt5KOEf5Dv1hT0A8Bho2Ah6JLCojhYaRL3Lm/MJQl00H0iolY0=,iv:rIVVHmOwXqyA8/q0Gudgl1QNecOTVSLPBj7gItwEf04=,tag:vjVYTRhcFjkcPIFMQsWgBg==,type:str]
+    lastmodified: "2024-03-07T12:35:21Z"
+    mac: ENC[AES256_GCM,data:bR4PPHaGX6VCRP+Ze96sccnwYxnZkfpmJp6iMBzr+W3JRd0VjTEwTH8aNn1WIsNFXco+BCmwroJR07oKYnbusBYgiEeHnkhXvyAELETs7BitH8JrUtSsGs2wJDfkU9fWf6BNT7oHGpP69Tyrl+8v+Q8jyLV8kW8+c7uJPyT2ACQ=,iv:Hl2eX7TV6lgWjUim0m4r44Ji0c9QDH+qzpDyBOTeVp4=,tag:6xkFMQMwEP7IhpXEB4o+hQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/pc/default.nix
+++ b/devices/pc/default.nix
@@ -60,7 +60,7 @@ inputs:
      hardware =
      {
        cpus = [ "amd" ];
-        gpu.type = "nvidia";
+        gpu = { type = "amd+nvidia"; prime.busId = { amd = "8:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; };
        bluetooth.enable = true;
        joystick.enable = true;
        printer.enable = true;
@@ -133,28 +133,55 @@ inputs:
          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
          wireguardIp = "192.168.83.3";
        };
-        gamemode = { enable = true; drmDevice = 0; };
-        slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 94208; gpus."geforce" = 1; };
+        gamemode = { enable = true; drmDevice = 1; };
+        slurm = { enable = true; cpu = { cores = 16; threads = 2; }; memoryMB = 94208; gpus."4060" = 1; };
+        xrdp = { enable = true; hostname = [ "pc.chn.moe" ]; optimise = { type = "nvidia"; nvidiaBusId = "1:0:0"; }; };
      };
      bugs = [ "xmunet" "backlight" "amdpstate" ];
    };
+    services.colord.enable = true;
    virtualisation.virtualbox.host = { enable = true; enableExtensionPack = true; };
-    home-manager.users.chn.config.programs.plasma.startup.autoStartScript.xcalib.text =
-      "${inputs.pkgs.xcalib}/bin/xcalib -d :0 ${./color/TPLCD_161B_Default.icm}";
-    powerManagement.resumeCommands =
-    ''
-      ${inputs.pkgs.kmod}/bin/modprobe -r mt7921e
-      ${inputs.pkgs.kmod}/bin/modprobe mt7921e
-    '';
-    specialisation.hybrid.configuration =
+    specialisation =
    {
-      nixos =
+      nvidia.configuration =
      {
-        hardware.gpu =
-          { type = inputs.lib.mkForce "amd+nvidia"; prime.busId = { amd = "8:0:0"; nvidia = "1:0:0"; }; };
-        services.gamemode.drmDevice = inputs.lib.mkForce 1;
+        nixos =
+        {
+          hardware.gpu.type = inputs.lib.mkForce "nvidia";
+          services.gamemode.drmDevice = inputs.lib.mkForce 0;
+        };
+        system.nixos.tags = [ "nvidia" ];
+      };
+      hybrid-sync.configuration =
+      {
+        nixos.hardware.gpu.prime.mode = "sync";
+        system.nixos.tags = [ "hybrid-sync" ];
+      };
+      amd.configuration =
+      {
+        nixos.hardware.gpu = { type = inputs.lib.mkForce "amd"; dynamicBoost = inputs.lib.mkForce false; };
+        boot =
+        {
+          extraModprobeConfig =
+          ''
+            blacklist nouveau
+            options nouveau modeset=0
+          '';
+          blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_modeset" ];
+        };
+        services.udev.extraRules =
+        ''
+          # Remove NVIDIA USB xHCI Host Controller devices, if present
+          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
+          # Remove NVIDIA USB Type-C UCSI devices, if present
+          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
+          # Remove NVIDIA Audio devices, if present
+          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
+          # Remove NVIDIA VGA/3D controller devices
+          ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
+        '';
+        system.nixos.tags = [ "amd" ];
      };
-      system.nixos.tags = [ "hybrid-graphic" ];
    };
  };
 }
--- a/devices/pc/secrets/default.yaml
+++ b/devices/pc/secrets/default.yaml
@@ -16,8 +16,6 @@ redis:
    misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
 meilisearch:
    misskey-misskey: ENC[AES256_GCM,data:/wYR3Bz4LRk/Ks0vizlZS3Ebf5qVfnlBBqZEm/ZIBFdDuhddgu71cqCjTHIKQ6CYh3CoUyguKIIFWku/kOCHKA==,iv:dllKvZwxvZC4pVyEMOB9WNiVBsVxzo5kwbdYKCzzyrY=,tag:MvzqalVvBkyJoLbirN0V8Q==,type:str]
-nebula:
-    key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
 wireguard:
    privateKey: ENC[AES256_GCM,data:oIpiXJvEoyryS4eEutoe85Af0L5a5iNuOsCWCat9KEhr2ecY/vRimk/1fbA=,iv:dm2hTSNX7Q38yASon5o1jxEJZbWPXUWYydXYMBHF/sE=,tag:yrANhwIF/wHQGHGA1bfPgw==,type:str]
 mariadb:
@@ -46,8 +44,8 @@ sops:
            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-25T05:36:06Z"
-    mac: ENC[AES256_GCM,data:HtW5wD80jJBcgh/0EZADaUbojoiGGmXrVEVluWrwev/guNJxw08h7neReszRJlGp4WIIKvDV5/JcMB+H8zLCk47CzeSyxN6Y5aw+MtIkmc+wA3DR/CGVmyjeIUoX4ww/I1QPSPyZFENUv5FA2K3voL3CHzfJOGe/jE/g6a9Xsi0=,iv:wuzRvtoagZdCBEiPuW57mTnlBXx27hnzZIA7aPEkoZs=,tag:JkF5ohO1bzPt9I84ARp1dw==,type:str]
+    lastmodified: "2024-03-07T12:35:41Z"
+    mac: ENC[AES256_GCM,data:Krgtb791wR+S0PQyV2h0Uyh7MKx9fOTHbetmgLoiGOHL8FMSvmWt3LCMQy+RyjnOIj9XRwb8l+kyTqkgeN4zEfKd1uuOh95Z/hLWhCkWs4dPaBu6Uw4aekH9ZUmQJZIr1lt2AIayRsVjaU0dIl4FOcLW+93ls95aluhvPPloJX0=,iv:MmJFdVpF4ZfxMRwbxPV/TC1Qt957vl0QvU0MZzUWdm8=,tag:6+VVFDdPSTycxnKO7Td6VA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/pc/secrets/munge.key
+++ b/devices/pc/secrets/munge.key
--- a/devices/surface/secrets/default.yaml
+++ b/devices/surface/secrets/default.yaml
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -71,7 +71,7 @@ inputs:
        wireguard =
        {
          enable = true;
-          peers = [ "pc" "nas" "vps7" "surface" ];
+          peers = [ "pc" "nas" "vps7" "surface" "xmupc1" ];
          publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
          wireguardIp = "192.168.83.1";
          listenIp = "74.211.99.69";
--- a/devices/vps6/secrets/default.yaml
+++ b/devices/vps6/secrets/default.yaml
@@ -47,6 +47,7 @@ xray-server:
        user20: ENC[AES256_GCM,data:uRSG6jOks7utk2bRdd5sndvqVnSGRhjkts2f3+V7JdEwQf4k,iv:xZdVv/H5RuliwSEWmgLViLquWZ5znGOpP9YwwLJfsyo=,tag:JR3BsCKkHpkE7woTaMHXwQ==,type:str]
        #ENC[AES256_GCM,data:37f8REUu8PU0lfg=,iv:WOhsotX/O7Gg+YgkK5Fuw/njKz+1OgKSx0vXl1A32XY=,tag:IyjPLut59RuK/PpCyK4ZAQ==,type:comment]
        user21: ENC[AES256_GCM,data:9cd7IY3zzoziXznclguxbmmZ5hfc2H1DPa+KW1geuybRlpB9,iv:NKwdt7ppRuNpn44f1ypNOoPS27Yqk3Z31ABQbflS9Gg=,tag:S2B1vR0PVd3FYu24XwTfpQ==,type:str]
+        #ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
        user22: ENC[AES256_GCM,data:sCOmhXaJjzDIiuwP3Nh+yXQRYCppATzVWIdjOoMOlu+OFT+U,iv:HKRsCLJ/2jr7rGkM04uv4V1GKQheo2oxeFu4zqxcIAc=,tag:1swUo08hSzJ1PmQr/dBcgQ==,type:str]
        user23: ENC[AES256_GCM,data:rgS6IdC4DBLvWWBkf5Db54yaNvagfISm5tHUD1KgeqrCR5x/,iv:ANQYEXssMfbU0bvk25dVYq+yQlMiVEyQCwrGPw1AGxc=,tag:d9sOvvxheWwsE/SeOgcWUQ==,type:str]
        user24: ENC[AES256_GCM,data:3bn/ZG0En/OgY4PA4Ir8MaVWpJbX+ywpkoXQn7HChT+xhKFZ,iv:Jw8AG7vTc6j4VznekF6x2LXkoSFz960yqsSjPm1ORvw=,tag:EszCODBuLULKHJHh4Itq7A==,type:str]
@@ -72,8 +73,6 @@ send:
    redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
 coturn:
    auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
-nebula:
-    key: ENC[AES256_GCM,data:1zvyGKsyJESAbf6tUCy6hX93rDXEYNA5QBsqV4Ag4+cksToQ5IubchciQt4=,iv:ZG+pCofTTGx6LcJ05qohotRcX6MK4JsUzL2DfmKE4eI=,tag:o/Vm72d4QbfLXoSVwXZYhw==,type:str]
 wireguard:
    privateKey: ENC[AES256_GCM,data:4DKPPqQkjb33rQzFIz863A2arDRQA9AivWFBaWTf0xXDX4hWvJFiIlJQfvE=,iv:0R2TH3CMxHgwVjojzjE2Gnp8SXonmBDLWF7hB33NiX0=,tag:vgtV8JkuCdspleN/SvgIqQ==,type:str]
 sops:
@@ -100,8 +99,8 @@ sops:
            ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
            ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-15T11:39:07Z"
-    mac: ENC[AES256_GCM,data:cjP8ZDujb+RhdK5fa51if+mlx2EpfA4TTmlRbExfIDnahM8deF7qmXhOXeRIF7TrdK7HrxxOsNm2F300sbtEV0CJBsu0Wf9V3JuCuf2deEhABVSEh5f44ZCg4fLCFKCidn6GZPGjk+nEbFd+U5elcDHaqbdhdMeu3iMIf/xncac=,iv:uTv//gOvqdOKWWFvDsvdix66UiHmKzf2Dz2FuJYCfcY=,tag:qzXfKyyltjZVN8sux5mElA==,type:str]
+    lastmodified: "2024-03-07T12:36:12Z"
+    mac: ENC[AES256_GCM,data:VECN4xQhoulbsTzIZpXKYY5/8ZuC+fkSluMPJbfqcvCCvvcyclIKJJQZin5SYAxGxewQZdeyZ4sfZ+lo+0/gXiiHQPz+jqrURGIWailfnUhM/6ziHVxXAdAq2j0XNDGt1Xf+rprG+R7xhqBHK6jt/EMJBuT4ar9heo/aJBtU2hk=,iv:pYzKQAVdY0qJKRzq4eESQNd94PpK8q6xwpOowtmreVQ=,tag:LlzVVl5U/uU3eJNck9LnrQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/vps7/secrets/default.yaml
+++ b/devices/vps7/secrets/default.yaml
@@ -54,8 +54,6 @@ synapse:
        form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
        signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
        sliding-sync: ENC[AES256_GCM,data:BeA6g98IWDP6hnLFI77QqG6esDwB6j3OPzAv3eJxWoTajAsByHSgSYP1vHN5Iok6IgvSSmkf0/HiOJy1Ca8IIA==,iv:ca+t/rYwc/fAVUcz0JTmrRQCOcbDNscbnE8BpHkx/OE=,tag:eEfhUChUt4kRnO82XqRY4g==,type:str]
-nebula:
-    key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
 vaultwarden:
    admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
 mariadb:
@@ -132,8 +130,8 @@ sops:
            SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
            HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-17T14:13:10Z"
-    mac: ENC[AES256_GCM,data:zHSDJx6v1POGNcqH6/kBnFCSVmtQqK/+IarTdRJyKO7humRWNxfzORmFbu7cHpkwHLc1fTXFTWjOgzERL2To6w89U3elSGMadIbk5wSu/45Zjd+sqNiO+74teZxYskD371MXsz69OzXhnjOAgQBtK8+JC+H6gM5S5xErBg+Oqr4=,iv:ViETycX10iIkFXb5HCoBwsfM7+vhmI3zkdhvSbrEIaM=,tag:a6TdA/hR1cyDivXpBFJu3A==,type:str]
+    lastmodified: "2024-03-07T12:36:38Z"
+    mac: ENC[AES256_GCM,data:Pe1wXpemyIGckkldnOy7sWYTp/SlHT7ffNzJbeNwK9hSRGbpU9as7BQ8IenrHbO9U5QT7oij3PdzLk88ImVCbu0rZ8P6k6JbbrSEUSeN+9IRPnMDbIcpd+HQ+Ite4UjLwX7UxPuy0yRCYHiu2Fu2JpdWf+uL5bc/ZFnJ887+3lA=,iv:JmII0faZo+upukOJeCS7AbpCr2wKR5YjPX/W+kJnFUE=,tag:w5woNqrhJbZM38/RPWYmnw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/devices/xmupc1/README.md
+++ b/devices/xmupc1/README.md
@@ -28,6 +28,9 @@ sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia-6.4.0 m
 * `--gpus=1` 指定使用一个 GPU（排到这个任务时哪个空闲就使用哪个）。
  可以指定具体使用哪个GPU，例如 `--gpus=4090:1`。
  可以简写为 `-G`。
+  这个选项实际上是 `--gres` 选项的一种简便写法，当需求更复杂时（例如，指定使用一个 3090 和一个 4090）时，就需要用 `--gres`。
+  例如：`--gres=gpu:3090:1,gpu:4090:1`。
+  “gre” 是 “generic resource” 的缩写。
 * `--ntasks-per-gpu=1` 是一定要写的。
 * `--job-name=` 指定任务的名字。可以简写为 `-J`。也可以不指定。
 * 默认情况下，一个 task 会搭配分配一个 CPU 核（两个线程），一般不用修改。如果一定要修改，用 `--cpus-per-task`。
--- a/devices/xmupc1/default.nix
+++ b/devices/xmupc1/default.nix
@@ -62,7 +62,7 @@ inputs:
      virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
      services =
      {
-        snapper.enable = false;
+        snapper.enable = true;
        fontconfig.enable = true;
        sshd = { enable = true; passwordAuthentication = true; };
        xray.client =
@@ -76,7 +76,7 @@ inputs:
        smartd.enable = true;
        beesd =
        {
-          enable = false;
+          enable = true;
          instances =
          {
            root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
--- a/devices/xmupc1/secrets/default.yaml
+++ b/devices/xmupc1/secrets/default.yaml
--- a/devices/xmupc1/secrets/munge.key
+++ b/devices/xmupc1/secrets/munge.key
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@@ -4,8 +4,10 @@
  inputs =
  {
    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.11";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
+    nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
+    "nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
+    "nixpkgs-22.11".url = "github:NixOS/nixpkgs/nixos-22.11";
+    "nixpkgs-22.05".url = "github:NixOS/nixpkgs/nixos-22.05";
    home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
    sops-nix =
    {
@@ -18,11 +20,6 @@
    nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
    nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
    nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-alien =
-    {
-      url = "github:thiagokokada/nix-alien";
-      inputs = { nixpkgs.follows = "nixpkgs"; nix-index-database.follows = "nix-index-database"; };
-    };
    impermanence.url = "github:nix-community/impermanence";
    qchem = { url = "github:Nix-QChem/NixOS-QChem/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; };
    nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -30,10 +27,6 @@
    nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
    deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
    pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
-    # oneapi
-    lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
-    # nvhpc
-    dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
    plasma-manager =
    {
      url = "github:pjones/plasma-manager";
@@ -61,7 +54,6 @@
    win11os-kde = { url = "github:yeyushengfan258/Win11OS-kde"; flake = false; };
    fluent-kde = { url = "github:vinceliuice/Fluent-kde"; flake = false; };
    rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
-    cascade = { url = "github:CHN-beta/cascade"; flake = false; };
    blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
    slate = { url = "github:TheBigWazz/Slate"; flake = false; };
    linux-surface = { url = "github:linux-surface/linux-surface"; flake = false; };
--- a/local/pkgs/chromiumos-touch-keyboard/default.nix
+++ b/local/pkgs/chromiumos-touch-keyboard/default.nix
@@ -1,18 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, fetchurl, cmake }: stdenv.mkDerivation rec
-{
-  pname = "chromiumos-touch-keyboard";
-  version = "1.4.1";
-  src = fetchFromGitHub
-  {
-    owner = "CHN-beta";
-    repo = "chromiumos_touch_keyboard";
-    rev = "32b72240ccac751a1b983152f65aa5b19503ffcf";
-    sha256 = "eFesDSBS2VzTOVfepgXYGynWvkrCSdCV9C/gcG/Ocbg=";
-  };
-  cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-Wno-error=stringop-truncation" ];
-  nativeBuildInputs = [ cmake ];
-  postInstall =
-  ''
-    cp $out/etc/touch_keyboard/layouts/YB1-X9x-pc105.csv $out/etc/touch_keyboard/layout.csv
-  '';
-}
--- a/local/pkgs/default.nix
+++ b/local/pkgs/default.nix
@@ -24,7 +24,7 @@
  mirism = callPackage ./mirism
  {
    inherit cppcoro nameof tgbot-cpp date;
-    nghttp2 = nghttp2-2305.override { enableAsioLib = true; };
+    nghttp2 = pkgs."nghttp2-23.05".override { enableAsioLib = true; };
  };
  cppcoro = callPackage ./cppcoro { src = topInputs.cppcoro; };
  date = callPackage ./date { src = topInputs.date; };
--- a/local/pkgs/misskey/default.nix
+++ b/local/pkgs/misskey/default.nix
@@ -1,6 +1,6 @@
 {
  lib, stdenv, mkPnpmPackage, fetchurl, nodejs, writeShellScript, buildFHSEnv,
-  bash, cypress, vips, pkg-config, src
+  bash, cypress, vips, pkg-config, src, libtensorflow
 }:
 let
  name = "misskey";
--- a/local/pkgs/typora/default.nix
+++ b/local/pkgs/typora/default.nix
@@ -1,42 +0,0 @@
-{ lib, stdenv, steam-run, fetchurl, writeShellScript }:
-let
-  typora-dist = stdenv.mkDerivation rec
-  {
-    pname = "typora-dist";
-    version = "1.8.2-dev";
-    src = fetchurl
-    {
-      url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
-      sha256 = "0abi9m8h8k0228ajag26lxk756a7aqqixg608k85gnkdmibnq6mv";
-    };
-
-    dontFixup = true;
-
-    unpackPhase =
-    ''
-      ar x ${src}
-      tar xf data.tar.xz
-    '';
-    installPhase =
-    ''
-      mkdir -p $out
-      mv usr/share $out
-    '';
-  };
-in stdenv.mkDerivation rec
-{
-  pname = "typora";
-  inherit (typora-dist) version;
-  BuildInputs = [ typora-dist steam-run ];
-  startScript = writeShellScript "typora" "${steam-run}/bin/steam-run ${typora-dist}/share/typora/Typora $@";
-  phases = [ "installPhase" ];
-  installPhase =
-  ''
-    mkdir -p $out/bin $out/share/applications
-    ln -s ${startScript} $out/bin/typora
-    cp ${typora-dist}/share/applications/typora.desktop $out/share/applications
-    sed -i "s|Exec=.*|Exec=${startScript} %U|g" $out/share/applications/typora.desktop
-    sed -i "s|Icon=.*|Icon=${typora-dist}/share/icons/hicolor/256x256/apps/typora.png|g" \
-      $out/share/applications/typora.desktop
-  '';
-}
--- a/local/pkgs/vaspkit/default.nix
+++ b/local/pkgs/vaspkit/default.nix
@@ -7,15 +7,15 @@ let
    hashMode = "recursive";
    message = "POTCAR not found.";
  };
-  unwrapped = stdenv.mkDerivation
+  unwrapped = stdenv.mkDerivation rec
  {
    pname = "vaspkit-unwrapped";
-    version = "1.4.1";
+    version = "1.5.1";
    buildInputs = [ autoPatchelfHook stdenv.cc.cc ];
    src = fetchurl
    {
-      url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.1.4.1.linux.x64.tar.gz";
-      sha256 = "0i5m7nbvqk7hzxisyydjvs2l8lnvj9vsxa170783kv9zmp51lnvs";
+      url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.${version}.linux.x64.tar.gz";
+      sha256 = "1cbj1mv7vx18icwlk9d2vfavsfd653943xg2ywzd8b7pb43xrfs1";
    };
    installPhase =
    ''
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -21,12 +21,9 @@ inputs:
          [
            topInputs.qchem.overlays.default
            topInputs.nixd.overlays.default
-            topInputs.nix-alien.overlays.default
            topInputs.napalm.overlays.default
            topInputs.pnpm2nix-nzbr.overlays.default
-            topInputs.lmix.overlays.default
            topInputs.aagl.overlays.default
-            (import "${topInputs.dguibert-nur-packages}/overlays/nvhpc-overlay")
            (final: prev:
            {
              nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
@@ -35,8 +32,8 @@ inputs:
              deploy-rs =
                { inherit (prev) deploy-rs; inherit ((topInputs.deploy-rs.overlay final prev).deploy-rs) lib; };
              # needed by mirism
-              nghttp2-2305 =
-                inputs.pkgs.callPackage "${inputs.topInputs.nixpkgs-2305}/pkgs/development/libraries/nghttp2" {};
+              "nghttp2-23.05" =
+                inputs.pkgs.callPackage "${inputs.topInputs."nixpkgs-23.05"}/pkgs/development/libraries/nghttp2" {};
              firefox-addons = (import "${topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
            })
          ];
--- a/modules/hardware/default.nix
+++ b/modules/hardware/default.nix
@@ -8,7 +8,6 @@ inputs:
    printer.enable = mkOption { type = types.bool; default = false; };
    sound.enable = mkOption { type = types.bool; default = false; };
    cpus = mkOption { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
-    halo-keyboard.enable = mkOption { type = types.bool; default = false; };
  };
  config =
    let
@@ -74,73 +73,5 @@ inputs:
              concatLists (map (cpu: modules.${cpu}) hardware.cpus);
        }
      )
-      # halo-keyboard
-      (mkIf hardware.halo-keyboard.enable
-      (
-        let
-          keyboard = inputs.pkgs.localPackages.chromiumos-touch-keyboard;
-          support = inputs.pkgs.localPackages.yoga-support;
-        in
-        {
-          services.udev.packages = [ keyboard support ];
-          systemd.services =
-          {
-            touch-keyboard-handler.serviceConfig =
-            {
-              Type = "simple";
-              WorkingDirectory = "/etc/touch_keyboard";
-              ExecStart = "${keyboard}/bin/touch_keyboard_handler";
-            };
-            yogabook-modes-handler.serviceConfig =
-            {
-              Type = "simple";
-              ExecStart = "${support}/bin/yogabook-modes-handler";
-              StandardOutput = "journal";
-            };
-            monitor-sensor =
-            {
-              wantedBy = [ "default.target" ];
-              serviceConfig =
-              {
-                Type = "simple";
-                ExecStart = "${inputs.pkgs.iio-sensor-proxy}/bin/monitor-sensor --hinge";
-              };
-            };
-          };
-          environment.etc."touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
-          boot.initrd =
-          {
-            services.udev.packages = [ keyboard support ];
-            systemd =
-            {
-              extraBin =
-              {
-                touch_keyboard_handler = "${keyboard}/bin/touch_keyboard_handler";
-                yogabook-modes-handler = "${support}/bin/yogabook-modes-handler";
-              };
-              services =
-              {
-                touch-keyboard-handler =
-                {
-                  serviceConfig =
-                  {
-                    Type = "simple";
-                    WorkingDirectory = "/etc/touch_keyboard";
-                    ExecStart = "${keyboard}/bin/touch_keyboard_handler";
-                  };
-                };
-                yogabook-modes-handler.serviceConfig =
-                {
-                  Type = "simple";
-                  ExecStart = "${support}/bin/yogabook-modes-handler";
-                  StandardOutput = "journal";
-                };
-              };
-
-            };
-            extraFiles."/etc/touch_keyboard".source = "${keyboard}/etc/touch_keyboard";
-          };
-        }
-      ))
    ];
 }
--- a/modules/hardware/gpu.nix
+++ b/modules/hardware/gpu.nix
@@ -14,7 +14,11 @@ inputs:
      default = null;
    };
    dynamicBoost = mkOption { type = types.bool; default = false; };
-    prime.busId = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+    prime =
+    {
+      mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
+      busId = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+    };
  };
  config = let inherit (inputs.config.nixos.hardware) gpu; in inputs.lib.mkIf (gpu.type != null) (inputs.lib.mkMerge
  [
@@ -76,11 +80,15 @@ inputs:
    (
      inputs.lib.mkIf (inputs.lib.strings.hasSuffix "+nvidia" gpu.type) { hardware.nvidia =
      {
-        prime = { offload = { enable = true; enableOffloadCmd = true; }; }
-          // builtins.listToAttrs (builtins.map
-            (gpu: { name = "${if gpu.name == "amd" then "amdgpu" else gpu.name}BusId"; value = "PCI:${gpu.value}"; })
-            (inputs.localLib.attrsToList gpu.prime.busId));
-        powerManagement.finegrained = true;
+        prime =
+        {
+          offload = inputs.lib.mkIf (gpu.prime.mode == "offload") { enable = true; enableOffloadCmd = true; };
+          sync = inputs.lib.mkIf (gpu.prime.mode == "sync") { enable = true; };
+        }
+        // builtins.listToAttrs (builtins.map
+          (gpu: { name = "${if gpu.name == "amd" then "amdgpu" else gpu.name}BusId"; value = "PCI:${gpu.value}"; })
+          (inputs.localLib.attrsToList gpu.prime.busId));
+        powerManagement.finegrained = inputs.lib.mkIf (gpu.prime.mode == "offload") true;
      };}
    )
  ]);
--- a/modules/packages/desktop-fat/default.nix
+++ b/modules/packages/desktop-fat/default.nix
@@ -39,6 +39,7 @@ inputs:
            # office
            crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
            (texlive.combine { inherit (texlive) scheme-full; inherit (localPackages) citation-style-language; })
+            nextcloud-client
            # math, physics and chemistry
            octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
          ] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
--- a/modules/packages/desktop/firefox.nix
+++ b/modules/packages/desktop/firefox.nix
@@ -19,13 +19,13 @@ inputs:
            metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
            wappalyzer grammarly plasma-integration
            (
-              buildFirefoxXpiAddon
+              buildFirefoxXpiAddon rec
              {
                pname = "zotero-connector";
-                version = "5.0.114";
+                version = "5.0.119";
                addonId = "zotero@chnm.gmu.edu";
-                url = "https://download.zotero.org/connector/firefox/release/Zotero_Connector-5.0.114.xpi";
-                sha256 = "1g9d991m4vfj5x6r86sw754bx7r4qi8g5ddlqp7rcw6wrgydhrhw";
+                url = "https://download.zotero.org/connector/firefox/release/Zotero_Connector-${version}.xpi";
+                sha256 = "17yhkp5nrx325q3amlasb4nsw0bldm8i2i9fh8ql2hwj8fmy25mr";
                meta = {};
              }
            )
--- a/modules/packages/desktop/vscode.nix
+++ b/modules/packages/desktop/vscode.nix
@@ -22,7 +22,7 @@ inputs:
              ])
              ++ (with ms-vscode;
              [
-                cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
+                (cmake-tools.overrideAttrs { sourceRoot = "extension"; }) cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
                test-adapter-converter
              ])
              ++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
@@ -46,6 +46,7 @@ inputs:
                shd101wyy.markdown-preview-enhanced
                # vasp
                mystery.vasp-support
+                yutengjing.open-in-external-app
              ];
          }
        )];
--- a/modules/packages/server/ssh/default.nix
+++ b/modules/packages/server/ssh/default.nix
@@ -61,6 +61,11 @@ inputs:
              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
              hostnames = [ "github.com" ];
            };
+            xmupc1 =
+            {
+              ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
+              hostnames = [ "[office.chn.moe]:6007" "[xmupc1.chn.moe]:6007" "wireguard.xmupc1.chn.moe" "192.168.83.6" ];
+            };
          };
        in listToAttrs (concatLists (map
          (server:
@@ -121,7 +126,10 @@ inputs:
          (
            (builtins.map
              (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
-              [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" "wireguard.surface" ])
+              [
+                "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" "wireguard.surface"
+                "wireguard.xmupc1"
+              ])
            ++ (builtins.map
              (host:
              {
--- a/modules/packages/server/ssh/xmupc1_rsa.pub
+++ b/modules/packages/server/ssh/xmupc1_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVbOvoFVaGkqYzIWsmMFlpkE+TDAONOWWaJBQ0K4fiOLy7uh02b/jYNZrbllPDP+Gq+ikYEJnJX2ceDsh9mLtJTznBQXgJOMUZDYy0enu7hYLKMmRTgJntzHjMbZENMhP+I3N9JnQ1PQz7lICg1xkEBQm2CESYCCjo0rJKYplPH1bo02myEazKlKTn6tu40ysrYOoJO8+jwbUDqtWATjSZtgYojuh6dbIoK3O+Ntgwl4W0NqXEqXYXTWpU0qKOqAsP/9F9WJ5d1wVNNbvmcAJ26dkYaiPCNgW4MGTucAgoxM6IPVVj9U+OEZLoCPsqAGCT02vH5MoDNTmGaSv0DjuYOzz5C+jAhMCznXFXCI4bfawvuda/WwGIniB5iKNSBZt3XxYyUw4YBcVCNiWUt9bIgEvnR4E8HYHdjNrbQ0Z58L6DcPSySLQer7C658Vo/nRUlBq6lIWYhcdjxHHkP9iFtuFW1HmoUKkuaLl+uiflrSppX9wt8eaPwGgGIHkLwgc=
--- a/modules/packages/workstation/default.nix
+++ b/modules/packages/workstation/default.nix
@@ -16,7 +16,7 @@ inputs:
            # system management
            wl-mirror nvtop
            # nix tools
-            nix-template nil nix-alien pnpm-lock-export bundix
+            nix-template nil pnpm-lock-export bundix
            # instant messager
            qq nur-xddxdd.wechat-uos cinny-desktop nheko
            # development
@@ -28,16 +28,15 @@ inputs:
            # text editor
            appflowy notion-app-enhanced joplin-desktop standardnotes logseq
            # math, physics and chemistry
-            mathematica paraview jmol mpi # qchem.quantum-espresso
+            mathematica paraview jmol mpi localPackages.mumax quantum-espresso
            # encryption and password management
            john crunch hashcat
            # container and vm
-            genymotion # davinci-resolve playonlinux
+            genymotion davinci-resolve playonlinux
            # browser
            microsoft-edge
            # news
            rssguard newsflash newsboat
-            yuzu-early-access
          ]
          ++ (builtins.concatLists (builtins.map
            (compiler: builtins.map (version: localPackages.vasp.${compiler}.${version}) [ "6.3.1" "6.4.0" ])
@@ -46,11 +45,6 @@ inputs:
          [
            phonopy tensorflow keras scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
          ])];
-          _prebuildPackages =
-          [
-            httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2
-            gcc13Stdenv
-          ];
        };
        users.sharedModules =
        [{
--- a/modules/services/misskey.nix
+++ b/modules/services/misskey.nix
@@ -114,7 +114,7 @@ inputs:
                  apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
                  ssl: false
                  index: misskey
-                  scope: globa
+                  scope: global
              '' else "");
            owner = inputs.config.users.users."misskey-${instance.name}".name;
          };
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -52,20 +52,26 @@ inputs:
            # nix-prefetch-url --unpack
            maps = inputs.pkgs.fetchNextcloudApp
            {
-              url = githubRelease "nextcloud/maps" "v1.1.1/maps-1.1.1.tar.gz";
+              url = githubRelease "nextcloud/maps" "v1.3.1/maps-1.3.1.tar.gz";
              sha256 = "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9";
              license = "agpl3";
            };
            phonetrack = inputs.pkgs.fetchNextcloudApp
            {
-              url = githubRelease "julien-nc/phonetrack" "v0.7.6/phonetrack-0.7.6.tar.gz";
-              sha256 = "1p15vw7c5c1h08czyxi1r6svjd5hjmnc0i6is4vl3xq2kfjmcyyx";
+              url = githubRelease "julien-nc/phonetrack" "v0.7.7/phonetrack-0.7.7.tar.gz";
+              sha256 = "1xvdmb2wlcldv8lk4jb8akhi80w26m2jpazfcz641frjm333kxch";
              license = "agpl3";
            };
            twofactor_webauthn = inputs.pkgs.fetchNextcloudApp
            {
-              url = githubRelease "nextcloud-releases/twofactor_webauthn" "v1.3.0/twofactor_webauthn-v1.3.0.tar.gz";
-              sha256 = "0z6m2chq5kxc8f10g6n1lh51yi10svy2qp5gp0v8xs71apqcc2wx";
+              url = githubRelease "nextcloud-releases/twofactor_webauthn" "v1.3.2/twofactor_webauthn-v1.3.2.tar.gz";
+              sha256 = "1p4ng7nprlcgw7sdfd7wqx5az86a856f1v470lahg2nfbx3fg296";
+              license = "agpl3";
+            };
+            calendar = inputs.pkgs.fetchNextcloudApp
+            {
+              url = githubRelease "nextcloud-releases/calendar" "v4.6.5/calendar-v4.6.5.tar.gz";
+              sha256 = "18mi6ccq640jq21hmir35v2967h07bjv226072d9qz5qkzkmrhss";
              license = "agpl3";
            };
          };
--- a/modules/services/slurm.nix
+++ b/modules/services/slurm.nix
@@ -33,7 +33,7 @@ inputs:
          storagePassFile = inputs.config.sops.secrets."slurm/db".path;
          extraConfig =
          ''
-            StorageHost=localhost
+            StorageHost=*
            StorageLoc=slurm
          '';
        };
@@ -50,7 +50,6 @@ inputs:
            "Sockets=1"
            "CoresPerSocket=${builtins.toString slurm.cpu.cores}"
            "ThreadsPerCore=${builtins.toString slurm.cpu.threads}"
-            # "Gres=${gpuString}"
            "Gres=${gpuString}"
            "State=UNKNOWN"
          ]);
@@ -65,6 +64,7 @@ inputs:
          in
          ''
            SelectType=select/cons_tres
+            SelectTypeParameters=CR_Core
            GresTypes=gpu
            TaskProlog=${inputs.pkgs.writeShellScript "set_env" taskProlog}

--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -52,7 +52,7 @@ inputs:
                  publicKey = peer.publicKey;
                  allowedIPs = [ (if peer.lighthouse then "192.168.83.0/24" else "${peer.wireguardIp}/32") ];
                  endpoint = mkIf (!peer.behindNat) "${peer.listenIp}:${builtins.toString peer.listenPort}";
-                  persistentKeepalive = 3;
+                  persistentKeepalive = mkIf peer.lighthouse 5;
                })
                (map
                  (peer: inputs.topInputs.self.nixosConfigurations.${peer}.config.nixos.services.wireguard)
@@ -72,7 +72,7 @@ inputs:
                wantedBy = [ "multi-user.target" ];
                serviceConfig =
                {
-                  ExecStart = "${inputs.pkgs.iputils}/bin/ping -i 3 ${peer.value.wireguardIp}";
+                  ExecStart = "${inputs.pkgs.iputils}/bin/ping -i 5 ${peer.value.wireguardIp}";
                  Restart = "always";
                };
              };
--- a/modules/services/xray.nix
+++ b/modules/services/xray.nix
@@ -261,24 +261,18 @@ inputs:
                      "${iptables} -t mangle -A OUTPUT -j v2ray_mark -w"
                    ]
                    ++ (map (action: "${iptables} -t mangle -A v2ray_mark ${action} -w")
-                      (
-                        (if inputs.config.nixos.system.networking.nebula.enable then
-                          let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User;
-                          in [ "-m owner --uid-owner $(id -u ${user}) -j RETURN" ]
-                          else [])
-                        ++ [
-                          "-m owner --uid-owner $(id -u v2ray) -j RETURN"
-                          "-m set --match-set noproxy_src_net src -j RETURN"
-                          "-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1"
-                          "-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1"
-                          "-m set --match-set noproxy_net dst -j RETURN"
-                          "-m set --match-set proxy_net dst -p tcp -j MARK --set-mark 1/1"
-                          "-m set --match-set proxy_net dst -p udp -j MARK --set-mark 1/1"
-                          "-m set --match-set lo_net dst -j RETURN"
-                          "-p tcp -j MARK --set-mark 1/1"
-                          "-p udp -j MARK --set-mark 1/1"
-                        ]
-                      ))
+                      [
+                        "-m owner --uid-owner $(id -u v2ray) -j RETURN"
+                        "-m set --match-set noproxy_src_net src -j RETURN"
+                        "-m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1"
+                        "-m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1"
+                        "-m set --match-set noproxy_net dst -j RETURN"
+                        "-m set --match-set proxy_net dst -p tcp -j MARK --set-mark 1/1"
+                        "-m set --match-set proxy_net dst -p udp -j MARK --set-mark 1/1"
+                        "-m set --match-set lo_net dst -j RETURN"
+                        "-p tcp -j MARK --set-mark 1/1"
+                        "-p udp -j MARK --set-mark 1/1"
+                      ])
                    ++ [
                      "${ip} rule add fwmark 1/1 table 100"
                      "${ip} route add local 0.0.0.0/0 dev lo table 100"
--- a/modules/services/xrdp.nix
+++ b/modules/services/xrdp.nix
@@ -5,6 +5,16 @@ inputs:
    enable = mkOption { type = types.bool; default = false; };
    port = mkOption { type = types.ints.unsigned; default = 3389; };
    hostname = mkOption { type = types.nullOr (types.nonEmptyListOf types.nonEmptyStr); default = null; };
+    optimise =
+    {
+      type = mkOption
+      {
+        type = types.nullOr (types.enum [ "nvidia" "glamor" ]);
+        default =
+          { intel = "glamor"; nvidia = "nvidia"; amd = "glamor"; }.${inputs.config.nixos.hardware.gpu.type} or null;
+      };
+      nvidiaBusId = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
+    };
  };
  config =
    let
@@ -12,9 +22,29 @@ inputs:
      inherit (inputs.config.nixos.services) xrdp;
    in mkIf xrdp.enable (mkMerge
    [
+      {
+        assertions =
+        [
+          {
+            assertion = !inputs.config.nixos.system.envfs.enable;
+            message = "Somehow xrdp could not start if envfs is enabled";
+          }
+          {
+            assertion = (xrdp.optimise.type == "nvidia") -> (xrdp.optimise.nvidiaBusId != null);
+            message = "nvidiaBusId must be set if optimise type is nvidia";
+          }
+        ];
+      }
      {
        services.xrdp =
-          { enable = true; port = xrdp.port; openFirewall = true; defaultWindowManager = "startplasma-x11"; };
+        {
+          enable = true;
+          package = mkIf (xrdp.optimise.type != null)
+            (inputs.pkgs.xrdp.override { variant = xrdp.optimise.type; inherit (xrdp.optimise) nvidiaBusId; });
+          port = xrdp.port;
+          openFirewall = true;
+          defaultWindowManager = "${inputs.pkgs.plasma-workspace}/bin/startplasma-x11";
+        };
      }
      (
        mkIf (xrdp.hostname != null)
--- a/modules/system/binfmt.nix
+++ b/modules/system/binfmt.nix
@@ -0,0 +1,12 @@
+inputs:
+{
+  options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = true; };
+  };
+  config = inputs.lib.mkIf inputs.config.nixos.system.binfmt.enable
+  {
+    programs.java = { enable = true; binfmt = true; };
+    boot.binfmt.emulatedSystems = [ "aarch64-linux" "x86_64-windows" ];
+  };
+}
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -10,17 +10,18 @@ inputs:
    ./impermanence.nix
    ./gui.nix
    ./nixpkgs.nix
-    ./networking
+    ./networking.nix
    ./systemd.nix
    ./security.nix
    ./sops.nix
    ./user.nix
    ./sysctl.nix
    ./envfs.nix
+    ./binfmt.nix
  ];
  config =
  {
-    services = { dbus.implementation = "broker"; fstrim.enable = true; };
+    services = { dbus.implementation = "broker"; fstrim.enable = true; acpid.enable = true; };
    time.timeZone = "Asia/Shanghai";
    boot =
    {
--- a/modules/system/envfs.nix
+++ b/modules/system/envfs.nix
@@ -2,11 +2,11 @@ inputs:
 {
  options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in
  {
-    enable = mkOption { type = types.bool; default = true; };
+    enable = mkOption { type = types.bool; default = false; };
  };
-  config = inputs.lib.mkMerge
+  config = inputs.lib.mkIf inputs.config.nixos.system.envfs.enable (inputs.lib.mkMerge
  [
    (builtins.elemAt inputs.topInputs.envfs.nixosModules.envfs.imports 0 inputs)
    { environment.variables.ENVFS_RESOLVE_ALWAYS = "1"; }
-  ];
+  ]);
 }
--- a/modules/system/gui.nix
+++ b/modules/system/gui.nix
@@ -20,7 +20,7 @@ inputs:
        displayManager =
        {
          sddm.enable = true;
-          defaultSession = if inputs.config.nixos.hardware.gpu.type == "nvidia" then "plasma" else "plasmawayland";
+          defaultSession = "plasmawayland";
        };
        desktopManager.plasma5.enable = true;
      };
--- a/modules/system/kernel/default.nix
+++ b/modules/system/kernel/default.nix
@@ -2,6 +2,7 @@ inputs:
 {
  options.nixos.system.kernel = let inherit (inputs.lib) mkOption types; in
  {
+    varient = mkOption { type = types.enum [ "lts" "latest" ]; default = "lts"; };
    patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
    modules =
    {
@@ -33,7 +34,11 @@ inputs:
      extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
      extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
      kernelParams = [ "delayacct" "acpi_osi=Linux" "acpi.ec_no_wakeup=1" ];
-      kernelPackages = inputs.pkgs.linuxPackages_xanmod_latest;
+      kernelPackages =
+      {
+        lts = inputs.pkgs.linuxPackages_xanmod;
+        latest = inputs.pkgs.linuxPackages_xanmod_latest;
+      }.${kernel.varient};
      kernelPatches =
        let
          patches =
@@ -55,6 +60,7 @@ inputs:
                      hashes =
                      {
                        "6.1" = "11ddiammvjxx2m9v32p25l1ai759a1d6xhdpszgnihv7g2fzigf5";
+                        "6.6" = "19ib0syj3207ifr315gdrnpv6nhh435fmgl05c7k715nng40i827";
                        "6.7" = "1yfsmc0873xiwlirir0xfp9zyrpd09q1srgr3z4rl7i7lxzaqls8";
                      };
                    in hashes."${major}.${minor}";
--- a/modules/system/networking/default.nix
+++ b/modules/system/networking/default.nix
@@ -1,9 +1,5 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules
-  [
-    ./nebula
-  ];
  options.nixos.system.networking = let inherit (inputs.lib) mkOption types; in
  {
    hostname = mkOption { type = types.nonEmptyStr; };
--- a/modules/system/networking/nebula/ca.crt
+++ b/modules/system/networking/nebula/ca.crt
@@ -1,5 +0,0 @@
-----BEGIN NEBULA CERTIFICATE-----
-CkAKDm5lYnVsYS5jaG4ubW9lKLCXwacGMLD+xbYGOiDwt/rshddhDhyoSVl52cJA
-LEgU1ea4Q4L28v/MVXOkUUABEkANATGg8DOPwHmwq6xN2DATxYDCibb5x3qSctHx
-RIr8UAr2TlvOQfzoBw3v4DWsqaEC1U5Hw6iQsQp5sQ8DGU4O
-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/default.nix
+++ b/modules/system/networking/nebula/default.nix
@@ -1,54 +0,0 @@
-inputs:
-{
-  options.nixos.system.networking.nebula = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    # null: is lighthouse; non-empty string: is not lighthouse, and use this string as lighthouse address.
-    lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-    useRelay = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.system.networking) nebula;
-      inherit (builtins) concatStringsSep;
-    in mkIf nebula.enable
-    {
-      services.nebula.networks.nebula =
-      {
-        enable = true;
-        ca = ./ca.crt;
-        # nebula-cert sign -name 1p9p -ip 192.168.82.4/24
-        cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
-        key = inputs.config.sops.templates."nebula/key-template".path;
-        firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
-        firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];
-      }
-      // (
-        if nebula.lighthouse == null then { isLighthouse = true; isRelay = true; }
-        else
-        {
-          lighthouses = [ "192.168.82.1" ];
-          relays = if nebula.useRelay then [ "192.168.82.1" ] else [];
-          staticHostMap."192.168.82.1" = [ "${nebula.lighthouse}:4242" ];
-        }
-      );
-      sops =
-      {
-        templates."nebula/key-template" =
-        {
-          content = concatStringsSep "\n"
-          [
-            "-----BEGIN NEBULA X25519 PRIVATE KEY-----"
-            inputs.config.sops.placeholder."nebula/key"
-            "-----END NEBULA X25519 PRIVATE KEY-----"
-          ];
-          owner = inputs.config.systemd.services."nebula@nebula".serviceConfig.User;
-          group = inputs.config.systemd.services."nebula@nebula".serviceConfig.Group;
-        };
-        secrets."nebula/key" = {};
-      };
-      networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
-      systemd.services."nebula@nebula" = { after = [ "network-online.target" ]; serviceConfig.Restart = "always"; };
-    };
-}
--- a/modules/system/networking/nebula/nas.crt
+++ b/modules/system/networking/nebula/nas.crt
@@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE-----
-CmEKA25hcxIKhKShhQyA/v//DyiRxoCoBjCv/sW2BjoghACiJywxa2n7Aki9/HEU
-q2KpxFE+1Eshcgiy09UagFxKICju+bVGfbNKKrhV7SCNXhazgyVZYigGrzfpvHza
-nafWEkDfhP5lh+/rFLPZslxaU+jy1swpr+oipToAnZ9Lw5Wlefpmxo/8mTBb4a8T
-0jhdUC8x4ETwta6LbtWfo7uPinAJ
-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/pc.crt
+++ b/modules/system/networking/nebula/pc.crt
@@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE-----
-CmAKAnBjEgqDpKGFDID+//8PKO2hwacGMK/+xbYGOiB7i4bfFMM0+9q52Dj4/Y8h
-0IaBkutBjmkeaLQ80a8FXEogKO75tUZ9s0oquFXtII1eFrODJVliKAavN+m8fNqd
-p9YSQD7vjiZOcMzKvz98diLoX8PudoxsovuOrU22EEBvNi80Lhoi41axLsFORzDu
-El34B/13QO0hi2tlviZvJbI91Ao=
-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/vps6.crt
+++ b/modules/system/networking/nebula/vps6.crt
@@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE-----
-CmIKBHZwczYSCoGkoYUMgP7//w8ohJnBpwYwr/7FtgY6IPKlZIGl2zkbjoEbmZho
-7mMfTWkx0XppzZup96IROdJYSiAo7vm1Rn2zSiq4Ve0gjV4Ws4MlWWIoBq836bx8
-2p2n1hJAOvcgC7UjiOGvq9oyv86vdrppIkjOxwz7znpDJAeNrxEURSTsmeCCB7BO
-6rEQZ6b4kXqgRXr08OpBnW6FeMvFCA==
-----END NEBULA CERTIFICATE-----
--- a/modules/system/networking/nebula/vps7.crt
+++ b/modules/system/networking/nebula/vps7.crt
@@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE-----
-CmIKBHZwczcSCoKkoYUMgP7//w8o0tLQpwYwr/7FtgY6IAfUVax3Lgpt4p9jI4XE
-kVkigGDyTo4jeMbTexago5oKSiAo7vm1Rn2zSiq4Ve0gjV4Ws4MlWWIoBq836bx8
-2p2n1hJAQ9rquY/z2yiw6fuOCmBF4tT+358MnMd0S6p6fv5fivDsdj7mRLIvmtRl
-NRQWKWoHePoivyLu89ZtvyQwFSNRAw==
-----END NEBULA CERTIFICATE-----
--- a/modules/system/nixpkgs.nix
+++ b/modules/system/nixpkgs.nix
@@ -62,22 +62,32 @@ inputs:
                };
              };
            in
-              {
-                inherit genericPackages;
-                unstablePackages = import inputs.topInputs.nixpkgs-unstable
-                {
-                  localSystem = hostPlatform;
-                  config = cudaConfig //
+              { inherit genericPackages; }
+              // (
+                let
+                  source =
                  {
-                    allowUnfree = true;
-                    permittedInsecurePackages =
-                      let pkgs = inputs.topInputs.nixpkgs-unstable.legacyPackages.x86_64-linux;
-                      in map
-                        (package: pkgs.${package}.name)
-                        (filter (package: pkgs ? ${package}) permittedInsecurePackages);
+                    unstablePackages = "nixpkgs-unstable";
+                    "pkgs-23.05" = "nixpkgs-23.05";
+                    "pkgs-22.11" = "nixpkgs-22.11";
+                    "pkgs-22.05" = "nixpkgs-22.05";
                  };
-                };
-              }
+                  packages = name: import inputs.topInputs.${source.${name}}
+                  {
+                    localSystem = hostPlatform;
+                    config = cudaConfig //
+                    {
+                      allowUnfree = true;
+                      permittedInsecurePackages =
+                        let pkgs = inputs.topInputs.${source.${name}}.legacyPackages.x86_64-linux;
+                        in map
+                          (package: pkgs.${package}.name)
+                          (filter (package: pkgs ? ${package}) permittedInsecurePackages);
+                    };
+                  };
+                in builtins.listToAttrs (map
+                  (name: { inherit name; value = packages name; }) (builtins.attrNames source))
+              )
              // (inputs.lib.optionalAttrs (nixpkgs.march != null)
                  { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })
          )];
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -14,7 +14,7 @@ inputs:
      sops =
      {
        defaultSopsFile =
-          "${inputs.topInputs.self}/secrets/${inputs.config.nixos.system.networking.hostname}/default.yaml";
+          "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}/secrets/default.yaml";
        # sops start before impermanence, so we need to use the absolute path
        age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
        gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
--- a/modules/users/chn/default.nix
+++ b/modules/users/chn/default.nix
@@ -11,7 +11,7 @@ inputs:
      users.users.chn =
      {
        extraGroups = inputs.lib.intersectLists
-          [ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
+          [ "users" "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
          (builtins.attrNames inputs.config.users.groups);
        shell = inputs.pkgs.zsh;
        autoSubUidGidRange = true;
@@ -48,7 +48,7 @@ inputs:
              (system: { name = system; value.forwardAgent = true; })
              [
                "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas"
-                "wireguard.surface"
+                "wireguard.surface" "xmupc1" "wireguard.xmupc1"
              ]));
          };
          home.packages =
--- a/modules/users/chn/plasma/autostart/default.nix
+++ b/modules/users/chn/plasma/autostart/default.nix
@@ -58,7 +58,7 @@ inputs:
        devices =
        {
          pc = [ "nheko" "kclockd" "yakuake" "telegram" "element" "kmail" "discord" "crow-translate" ];
-          surface = [ "kclockd" "yakuake" "telegram" "element" ];
+          surface = [ "kclockd" "yakuake" "telegram" "element" "crow-translate" ];
        };
      in builtins.listToAttrs (builtins.map
        (file:
--- a/modules/users/chn/plasma/autostart/org.telegram.desktop.desktop
+++ b/modules/users/chn/plasma/autostart/org.telegram.desktop.desktop
@@ -1,17 +0,0 @@
-[Desktop Entry]
-Name=Telegram Desktop
-Comment=Official desktop version of Telegram messaging app
-TryExec=telegram-desktop
-Exec=bash -c "sleep 5 && telegram-desktop -autostart"
-Icon=telegram
-Terminal=false
-StartupWMClass=TelegramDesktop
-Type=Application
-Categories=Chat;Network;InstantMessaging;Qt;
-MimeType=x-scheme-handler/tg;
-Keywords=tg;chat;im;messaging;messenger;sms;tdesktop;
-Actions=quit;
-DBusActivatable=true
-SingleMainWindow=true
-X-GNOME-UsesNotifications=true
-X-GNOME-SingleWindow=true
--- a/modules/users/chn/plasma/default.nix
+++ b/modules/users/chn/plasma/default.nix
@@ -1,4 +1,4 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules [ ./autostart ./wallpaper ./shortcuts.nix ./theme.nix ];
+  imports = inputs.localLib.mkModules [ ./autostart.nix ./wallpaper ./shortcuts.nix ./theme.nix ];
 }
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -1,6 +1,7 @@
 inputs:
 {
-  imports = inputs.localLib.mkModules [ ./chn ./root ./xll ./yjq ./zem ./gb ];
+  imports = inputs.localLib.mkModules (builtins.map (dir: ././${dir.name})
+    (builtins.filter (dir: dir.value == "directory") (inputs.localLib.attrsToList (builtins.readDir ./.))));
  options.nixos.users = let inherit (inputs.lib) mkOption types; in
  {
    users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" ]; };
--- a/modules/users/gb/default.nix
+++ b/modules/users/gb/default.nix
@@ -9,7 +9,7 @@ inputs:
      users.users.gb =
      {
        extraGroups = inputs.lib.intersectLists
-          [ "groupshare" "video" ]
+          [ "users" "groupshare" "video" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/gb".path;
        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
--- a/modules/users/test/default.nix
+++ b/modules/users/test/default.nix
@@ -8,7 +8,7 @@ inputs:
    {
      users.users.test =
      {
-        extraGroups = inputs.lib.intersectLists [ "video" ] (builtins.attrNames inputs.config.users.groups);
+        extraGroups = inputs.lib.intersectLists [ "users" "video" ] (builtins.attrNames inputs.config.users.groups);
        password = "test";
        shell = inputs.pkgs.zsh;
      };
--- a/modules/users/xll/default.nix
+++ b/modules/users/xll/default.nix
@@ -9,7 +9,7 @@ inputs:
      users.users.xll =
      {
        extraGroups = inputs.lib.intersectLists
-          [ "groupshare" "video" ]
+          [ "users" "groupshare" "video" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/xll".path;
        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
--- a/modules/users/yjq/default.nix
+++ b/modules/users/yjq/default.nix
@@ -9,7 +9,7 @@ inputs:
      users.users.yjq =
      {
        extraGroups = inputs.lib.intersectLists
-          [ "groupshare" "video" ]
+          [ "users" "groupshare" "video" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/yjq".path;
        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
--- a/modules/users/zem/default.nix
+++ b/modules/users/zem/default.nix
@@ -9,7 +9,7 @@ inputs:
      users.users.zem =
      {
        extraGroups = inputs.lib.intersectLists
-          [ "groupshare" "video" ]
+          [ "users" "groupshare" "video" ]
          (builtins.attrNames inputs.config.users.groups);
        hashedPasswordFile = inputs.config.sops.secrets."users/zem".path;
        openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
--- a/1
+++ b/1
@@ -0,0 +1 @@
+/nix/store/5w1kr3dm0ax25191nwjj8mdd995mwgcd-libdrm-2.4.118-bin
--- a/1
+++ b/1
@@ -0,0 +1 @@
+/nix/store/a0kngmycyf98ns06c2w7fzbpdhj710ax-libdrm-2.4.118-dev
Author	SHA1	Message	Date
chn	cbaab772d3	services.xrdp: add optimise	2024-03-08 13:49:12 +08:00
chn	41d3ca3dbe	Merge branch 'production' into xrdp	2024-03-08 12:50:46 +08:00
chn	409091a2e3	暂存	2024-03-07 20:36:41 +08:00
chn	2d3c9a93f7	devices.pc: add amd config	2024-03-07 20:34:58 +08:00
chn	a146636de2	devices.pc: use prime offload as default	2024-03-07 20:34:58 +08:00
chn	b45c68a431	devices.pc: switch to amd+nvidia sync	2024-03-07 20:34:58 +08:00
chn	b07e09c94e	move secrets to devices	2024-03-07 18:10:10 +08:00
chn	e9413380d4	system.networking.nebula: remove	2024-03-07 18:03:24 +08:00
chn	a0ae0522d7	devices.pc: enable colord	2024-03-07 00:35:20 +08:00
chn	2f59817b22	devices.pc: use wayland	2024-03-07 00:35:20 +08:00
chn	265b3d89b0	services.wireguard: fix	2024-03-07 00:32:49 +08:00
chn	2e8030fd5d	devices.xmupc1: add note	2024-03-06 18:05:18 +08:00
chn	2c472400c8	devices.pc: fix gpu	2024-03-06 17:49:29 +08:00
chn	3edf4d340c	packages.ssh: update key for hpc	2024-03-06 13:48:40 +08:00
chn	10b922975e	packages: remove yuzu	2024-03-06 11:49:16 +08:00
chn	fff970f2a5	packages: add more packages	2024-03-06 11:49:16 +08:00
chn	19ab6c378e	system: enable binfmt	2024-03-06 11:49:16 +08:00
chn	f75c150bc6	services.wireguard: fix	2024-03-06 11:10:04 +08:00
chn	2597870de1	packages.ssh: fix	2024-03-06 10:49:38 +08:00
chn	34cfe8cdd3	users.chn: surface add autostart	2024-03-06 10:32:18 +08:00
chn	cdd691ba1c	暂存	2024-03-04 20:58:44 +08:00
chn	71f3be8d2d	services.xrdp: fix	2024-03-04 18:29:39 +08:00
chn	f312b3f53f	services.nextcloud: fix	2024-03-04 12:08:53 +08:00
chn	02b1f1100d	services.misskey: fix	2024-03-04 12:00:16 +08:00
chn	30ab9c6ea3	packages.ssh: update hpc key	2024-03-04 11:25:39 +08:00
chn	c4e9321982	localPackages.misskey: remove tensorflow dependency	2024-03-04 10:51:05 +08:00
chn	47946acd54	localPackages.misskey: update	2024-03-04 10:14:57 +08:00
chn	95e92f26cd	hardware: remove halo-keyboard	2024-03-03 21:36:16 +08:00
chn	2240d9655b	force disable xrdp currenty	2024-03-03 21:35:00 +08:00
chn	3e99e33690	localPackages.mirism: fix	2024-03-03 19:53:47 +08:00
chn	df041492cc	system.kernel: use lts as default	2024-03-03 19:18:30 +08:00
chn	cb19a7e674	packages.ssh: fix	2024-03-03 00:06:31 +08:00
chn	9e4a57798f	services.nextcloud: update apps	2024-03-02 22:06:41 +08:00
chn	818fad6a75	packages: add nextcloud	2024-03-02 13:52:38 +08:00
chn	9a9b5c009b	packages: add mumax	2024-03-02 11:40:16 +08:00
chn	d126019fdc	Merge branch 'next' into production	2024-03-02 10:52:19 +08:00
chn	0de2e097bb	fix build	2024-03-02 10:49:51 +08:00
chn	72bfa4bbf9	update nix-vscode-extensions	2024-03-01 21:30:41 +08:00
chn	f5d4e60aa3	Merge branch 'mumax' into production	2024-03-01 21:12:16 +08:00
chn	33ef334fb0	Revert "services.slurm: fix" This reverts commit `7850be2131`.	2024-03-01 19:38:55 +08:00
chn	7850be2131	services.slurm: fix	2024-03-01 19:31:44 +08:00
chn	d622d85546	services.xrdp: fix	2024-03-01 18:49:14 +08:00
chn	d54404d5bc	services.slurm: fix database connection	2024-03-01 11:26:24 +08:00
chn	bc1cff1ae1	devices.pc: fix slurm	2024-03-01 11:08:35 +08:00
chn	9e7803df0d	devices.pc: remove resumeCommands	2024-03-01 11:07:47 +08:00
chn	da89605fa7	remove nix-alien	2024-02-29 21:23:10 +08:00
chn	9e3adab1c7	packages: remove _prebuildPackages	2024-02-29 17:46:14 +08:00
chn	de23962a21	services.xray: add user	2024-02-29 17:10:31 +08:00
chn	f0beeb202c	devices.pc: do not reload mt7921e on resume	2024-02-29 14:12:29 +08:00
chn	755f9f1204	update everything removed: chromiumos-touch-keyboard typora lmix dguibert-nur-packages cascade	2024-02-28 22:10:42 +08:00
chn	6966b5f25b	devices.xmupc1: enable snapper	2024-02-28 17:39:12 +08:00
chn	2030c3048f	xmupc1: enable beesd	2024-02-28 14:37:12 +08:00
chn	26f9a01845	packages.vscode: add plugin	2024-02-28 13:22:52 +08:00
chn	97460cf9ff	users: fix import	2024-02-27 21:27:26 +08:00
chn	2eb933599d	services.slurm: allow overscribe on nodes	2024-02-27 20:21:22 +08:00
				`@@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVbOvoFVaGkqYzIWsmMFlpkE+TDAONOWWaJBQ0K4fiOLy7uh02b/jYNZrbllPDP+Gq+ikYEJnJX2ceDsh9mLtJTznBQXgJOMUZDYy0enu7hYLKMmRTgJntzHjMbZENMhP+I3N9JnQ1PQz7lICg1xkEBQm2CESYCCjo0rJKYplPH1bo02myEazKlKTn6tu40ysrYOoJO8+jwbUDqtWATjSZtgYojuh6dbIoK3O+Ntgwl4W0NqXEqXYXTWpU0qKOqAsP/9F9WJ5d1wVNNbvmcAJ26dkYaiPCNgW4MGTucAgoxM6IPVVj9U+OEZLoCPsqAGCT02vH5MoDNTmGaSv0DjuYOzz5C+jAhMCznXFXCI4bfawvuda/WwGIniB5iKNSBZt3XxYyUw4YBcVCNiWUt9bIgEvnR4E8HYHdjNrbQ0Z58L6DcPSySLQer7C658Vo/nRUlBq6lIWYhcdjxHHkP9iFtuFW1HmoUKkuaLl+uiflrSppX9wt8eaPwGgGIHkLwgc=
				`@@ -0,0 +1 @@`
				`/nix/store/5w1kr3dm0ax25191nwjj8mdd995mwgcd-libdrm-2.4.118-bin`
				`@@ -0,0 +1 @@`
				`/nix/store/a0kngmycyf98ns06c2w7fzbpdhj710ax-libdrm-2.4.118-dev`