mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 20:19:22 +08:00
Compare commits
2 Commits
phonopy
...
test-nebul
| Author | SHA1 | Date | |
|---|---|---|---|
| f1d1da63c8 | |||
| 40d4d56d47 |
@@ -5,7 +5,6 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
|
||||
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
|
||||
- &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
|
||||
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
creation_rules:
|
||||
- path_regex: secrets/pc\.yaml$
|
||||
key_groups:
|
||||
@@ -30,7 +29,6 @@ creation_rules:
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- *nas
|
||||
- path_regex: secrets/xmupc1\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
||||
282
flake.lock
generated
282
flake.lock
generated
@@ -8,11 +8,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693886279,
|
||||
"narHash": "sha256-oVCA5yz6zcsFzGCCwRpVDuDml7Z0sWQqW1fEWWcC0xM=",
|
||||
"lastModified": 1691174970,
|
||||
"narHash": "sha256-8QpyT2OXYcXSdj8hM9uSSnApTOpzhndzNF+9a5pYuA0=",
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"rev": "8fc45fabbedef44a481c3bcabd9512732c0ade91",
|
||||
"rev": "79ee3b5d776cb268e481d4d2ad5960b92e3e61a6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -30,11 +30,11 @@
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694158470,
|
||||
"narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=",
|
||||
"lastModified": 1686747123,
|
||||
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab",
|
||||
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -165,11 +165,11 @@
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -226,22 +226,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_6": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
@@ -285,11 +269,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693611461,
|
||||
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
|
||||
"lastModified": 1690933134,
|
||||
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
|
||||
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -323,7 +307,7 @@
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
@@ -362,7 +346,7 @@
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685518550,
|
||||
@@ -379,12 +363,15 @@
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -395,7 +382,7 @@
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
@@ -413,7 +400,7 @@
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
"systems": "systems_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
@@ -430,12 +417,15 @@
|
||||
}
|
||||
},
|
||||
"flake-utils_6": {
|
||||
"inputs": {
|
||||
"systems": "systems_8"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1638122382,
|
||||
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -446,14 +436,14 @@
|
||||
},
|
||||
"flake-utils_7": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
"systems": "systems_9"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692799911,
|
||||
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -464,7 +454,7 @@
|
||||
},
|
||||
"flake-utils_8": {
|
||||
"inputs": {
|
||||
"systems": "systems_7"
|
||||
"systems": "systems_10"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685518550,
|
||||
@@ -500,7 +490,7 @@
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_4",
|
||||
"haskell-flake": "haskell-flake",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688568579,
|
||||
@@ -548,16 +538,16 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693208669,
|
||||
"narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
|
||||
"lastModified": 1691506824,
|
||||
"narHash": "sha256-Z2Ms7036CCEAfCmDBDy+sFauO6/7fx2UN3aoPCpp4tA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
|
||||
"rev": "7b8d43fbaf8450c30caaed5eab876897d0af891b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-23.05",
|
||||
"ref": "master",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -640,11 +630,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693989153,
|
||||
"narHash": "sha256-gx39Y3opGB25+44OjM+h1bdJyzgLD963va8ULGYlbhM=",
|
||||
"lastModified": 1672245824,
|
||||
"narHash": "sha256-i596lbPiA/Rfx3DiJiCluxdgxWY7oGSgYMT7OmM+zik=",
|
||||
"owner": "nix-community",
|
||||
"repo": "napalm",
|
||||
"rev": "a8215ccf1c80070f51a92771f3bc637dd9b9f7ee",
|
||||
"rev": "7c25a05cef52dc405f4688422ce0046ca94aadcf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -688,11 +678,11 @@
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693880502,
|
||||
"narHash": "sha256-krCRVLNdlCI7l7F1Bb2ovkgac8hoz015LyYvm/+aYZw=",
|
||||
"lastModified": 1690903419,
|
||||
"narHash": "sha256-ciRzOsKNtAZDahTn0Y0zW7AgyrVh+b1WaW+sBDiV5PA=",
|
||||
"owner": "thiagokokada",
|
||||
"repo": "nix-alien",
|
||||
"rev": "0fbd284930bcf1a5d1e3d07f2973e6f1738505cc",
|
||||
"rev": "e1c6e6015e3c9a07d20c1e598dfea539b6337150",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -708,11 +698,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693711723,
|
||||
"narHash": "sha256-5QmlVzskLciJ0QzYmZ6ULvKA7bP6pgV9wwrLBB0V3j0=",
|
||||
"lastModified": 1691292840,
|
||||
"narHash": "sha256-NA+o/NoOOQhzAQwB2JpeKoG+iYQ6yn/XXVxaGd5HSQI=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "aca56a79afb82208af2b39d8459dd29c10989135",
|
||||
"rev": "6c626d54d0414d34c771c0f6f9d771bc8aaaa3c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -730,26 +720,23 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693358717,
|
||||
"narHash": "sha256-OYGe2Yay1QoodZZmvPYBFGAoTrRfyKLzFs2vON4gRek=",
|
||||
"lastModified": 1693444987,
|
||||
"narHash": "sha256-XzFFVOCtOTmaKtnE3Y/iOC0i3ZAj2tdO5aWOa6J7IDc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
|
||||
"rev": "f878309889d6d91867f4455d223df0f521e2a6d1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixd": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693052712,
|
||||
@@ -795,11 +782,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694192131,
|
||||
"narHash": "sha256-nt5ypVXKh65lQFqKqWgytEzI841yUhpl6E291Briu+g=",
|
||||
"lastModified": 1692283173,
|
||||
"narHash": "sha256-6bt+X2PpoyUAtEDWJM0XT0Z54JA2YHw62VoZRTRkz7s=",
|
||||
"owner": "nixpak",
|
||||
"repo": "nixpak",
|
||||
"rev": "16bd2860238c53bb7a31f745693d7d3c33a1490c",
|
||||
"rev": "eef08f1a7e871e3017edbc54d0374292a9b6f67a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -892,29 +879,29 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1694398355,
|
||||
"narHash": "sha256-pUthVGI70SDT4M7FDihBuu4PDOmfySaUSjfY/QI6Y3Y=",
|
||||
"owner": "CHN-beta",
|
||||
"lastModified": 1691421349,
|
||||
"narHash": "sha256-RRJyX0CUrs4uW4gMhd/X4rcDG8PTgaaCQM5rXEJOx6g=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4944d71d43387083e6b7c7530caf3b1902c5eb27",
|
||||
"rev": "011567f35433879aae5024fc6ec53f2a0568a6c4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "CHN-beta",
|
||||
"ref": "nixos-unstable",
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1692007866,
|
||||
"narHash": "sha256-X8w0vPZjZxMm68VCwh/BHDoKRGp+BgzQ6w7Nkif6IVM=",
|
||||
"lastModified": 1689352711,
|
||||
"narHash": "sha256-xWYFt8vWnstDIVsZ26y9mf6h3714lVmXd6l+hTQz6tw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "de2b8ddf94d6cc6161b7659649594c79bd66c13b",
|
||||
"rev": "2047c642ce0f75307e8a0f2ec94715218c481184",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -925,6 +912,22 @@
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1686398752,
|
||||
"narHash": "sha256-nGWNQVhSw4VSL+S0D0cbrNR9vs9Bq7rlYR+1K5f5j6w=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a30520bf8eabf8a5c37889d661e67a2dbcaa59e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1688322751,
|
||||
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
|
||||
@@ -940,29 +943,29 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1695216922,
|
||||
"narHash": "sha256-1KCzdiGdH/F7jiVvNIKvH3CBajl4wqUkvE1A5s2X100=",
|
||||
"lastModified": 1693843185,
|
||||
"narHash": "sha256-/huFNnA50JSUyEg68v9uiC4xl8shVsS5LgtNRlzZvHo=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3d95a0a071d50aae39155117e39c19eea62c681c",
|
||||
"rev": "e7e8dca748d5fa1a29b5bb231bf8aa727c29b89c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "CHN-beta",
|
||||
"ref": "nixos-23.05",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1694237951,
|
||||
"narHash": "sha256-6gql7EJIWwn3mUvG/RHf1iGUA3Ptfmalz9WdgX3noSY=",
|
||||
"lastModified": 1691559855,
|
||||
"narHash": "sha256-UkXcNHsasO0sr8W8X8wGeM1bBuLC5tHEueryGSLaE+E=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "19674a713837dcfbef704a16815a4bbc462cd57a",
|
||||
"rev": "c987eac4f579d9e989d5a0cde93d688592bda990",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -977,15 +980,14 @@
|
||||
"flake-utils-plus": "flake-utils-plus",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nvfetcher": "nvfetcher"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694239804,
|
||||
"narHash": "sha256-C5ERSMRp8kQEqyKS2yggXSqaKZUgnNyQD+zjy6iqXm0=",
|
||||
"lastModified": 1691561203,
|
||||
"narHash": "sha256-GmujZtR1vlTkBMahLXLp3BXYYfC0vIczxkcd9XVt6/E=",
|
||||
"owner": "xddxdd",
|
||||
"repo": "nur-packages",
|
||||
"rev": "ce48d1df62cab988a5e8eefdf97bec8bdc46392f",
|
||||
"rev": "52a85ab474601e3661f30796aa0d7fe995fc0122",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1012,32 +1014,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nvfetcher": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_6",
|
||||
"flake-utils": [
|
||||
"nur-xddxdd",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nur-xddxdd",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693539235,
|
||||
"narHash": "sha256-ACmCq1+RnVq+EB7yeN6fThUR3cCJZb6lKEfv937WG84=",
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"rev": "2bcf73dea96497ac9c36ed320b457caa705f9485",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pnpm2nix-nzbr": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_8",
|
||||
@@ -1066,11 +1042,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693829707,
|
||||
"narHash": "sha256-nBFIF+a1aqDIzmi+1Hue3zVXI4V4tK5R4aW2lyNXIXs=",
|
||||
"lastModified": 1691502026,
|
||||
"narHash": "sha256-wGwoeLradgB38MqaUZrKQJIP5iPs4T15SxrVVtgORNo=",
|
||||
"owner": "Nix-QChem",
|
||||
"repo": "NixOS-QChem",
|
||||
"rev": "ac7ffea07370d0df2c2b934ea582f0cc8acd0ae1",
|
||||
"rev": "a03be624e055fc80d3b44619c9c179b4f96ab45a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1094,8 +1070,8 @@
|
||||
"nixd": "nixd",
|
||||
"nixos-cn": "nixos-cn",
|
||||
"nixpak": "nixpak",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-stable": "nixpkgs-stable_2",
|
||||
"nur": "nur",
|
||||
"nur-xddxdd": "nur-xddxdd",
|
||||
"pnpm2nix-nzbr": "pnpm2nix-nzbr",
|
||||
@@ -1110,15 +1086,15 @@
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": [
|
||||
"nixpkgs"
|
||||
"nixpkgs-stable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693898833,
|
||||
"narHash": "sha256-OIrMAGNYNeLs6IvBynxcXub7aSW3GEUvWNsb7zx6zuU=",
|
||||
"lastModified": 1690199016,
|
||||
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "faf21ac162173c2deb54e5fdeed002a9bd6e8623",
|
||||
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1159,6 +1135,21 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_10": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
@@ -1249,6 +1240,36 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_8": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_9": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"touchix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -1270,12 +1291,15 @@
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1286,7 +1310,7 @@
|
||||
},
|
||||
"utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
|
||||
223
flake.nix
223
flake.nix
@@ -3,13 +3,13 @@
|
||||
|
||||
inputs =
|
||||
{
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
|
||||
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
sops-nix =
|
||||
{
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; };
|
||||
};
|
||||
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
@@ -17,15 +17,11 @@
|
||||
nur.url = "github:nix-community/NUR";
|
||||
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-vscode-extensions =
|
||||
{
|
||||
url = "github:nix-community/nix-vscode-extensions?rev=50c4bce16b93e7ca8565d51fafabc05e9f0515da";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixd.url = "github:nix-community/nixd";
|
||||
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
@@ -44,7 +40,7 @@
|
||||
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
|
||||
(builtins.concatStringsSep "\n" (builtins.map
|
||||
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
|
||||
[ "pc" "vps6" "vps7" "nas" "yoga" ]));
|
||||
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ]));
|
||||
}
|
||||
// (
|
||||
builtins.listToAttrs (builtins.map
|
||||
@@ -53,7 +49,7 @@
|
||||
name = system;
|
||||
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
|
||||
})
|
||||
[ "pc" "vps6" "vps7" "nas" "yoga" ])
|
||||
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ])
|
||||
);
|
||||
nixosConfigurations = builtins.listToAttrs (builtins.map
|
||||
(system:
|
||||
@@ -66,8 +62,8 @@
|
||||
modules = localLib.mkModules
|
||||
(
|
||||
[
|
||||
(inputs: { config.nixpkgs.overlays = [(final: prev:
|
||||
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
|
||||
(inputs: { config.nixpkgs.overlays = [(final: prev: { localPackages =
|
||||
(import ./local/pkgs { inherit (inputs) lib; pkgs = final; });})]; })
|
||||
./modules
|
||||
]
|
||||
++ system.value
|
||||
@@ -126,15 +122,14 @@
|
||||
keepOutputs = true;
|
||||
};
|
||||
nixpkgs = { march = "alderlake"; cudaSupport = true; };
|
||||
gui = { enable = true; preferred = true; };
|
||||
gui.enable = true;
|
||||
kernel =
|
||||
{
|
||||
patches = [ "cjktty" "preempt" ];
|
||||
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
||||
};
|
||||
impermanence.enable = true;
|
||||
networking =
|
||||
{ hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
|
||||
networking = { hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
@@ -212,7 +207,7 @@
|
||||
};
|
||||
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
|
||||
smartd.enable = true;
|
||||
nginx = { enable = true; transparentProxy.externalIp = [ "192.168.82.3" ]; };
|
||||
nginx = { enable = true; transparentProxy.enable = false; };
|
||||
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
|
||||
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
|
||||
};
|
||||
@@ -273,21 +268,13 @@
|
||||
enable = true;
|
||||
transparentProxy =
|
||||
{
|
||||
externalIp = [ "74.211.99.69" "192.168.82.1" ];
|
||||
externalIp = "74.211.99.69";
|
||||
map =
|
||||
{
|
||||
"ng01.mirism.one" = 7411;
|
||||
"beta.mirism.one" = 9114;
|
||||
};
|
||||
};
|
||||
streamProxy =
|
||||
{
|
||||
enable = true;
|
||||
map =
|
||||
{
|
||||
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe:443"; rewriteHttps = true; };
|
||||
"anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
|
||||
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
|
||||
"nix-store.chn.moe" = 7676;
|
||||
"direct.xn--qbtm095lrg0bfka60z.chn.moe" = 7676;
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -298,7 +285,52 @@
|
||||
};
|
||||
coturn.enable = true;
|
||||
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
vaultwarden-proxy = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
|
||||
};
|
||||
};})
|
||||
];
|
||||
"vps4" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver3";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "vps4";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
packages.packageSet = "server";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
@@ -348,18 +380,15 @@
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
sshd.enable = true;
|
||||
rsshub.enable = true;
|
||||
nginx = { enable = true; transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ]; };
|
||||
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
|
||||
wallabag.enable = true;
|
||||
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
|
||||
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
|
||||
synapse.enable = true;
|
||||
synapse-proxy."synapse.chn.moe" = {};
|
||||
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
|
||||
vaultwarden.enable = true;
|
||||
vaultwarden-proxy.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
@@ -373,71 +402,40 @@
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
|
||||
"/dev/mapper/nix"."/nix" = "/nix";
|
||||
"/dev/mapper/root1" =
|
||||
{
|
||||
"/nix/rootfs" = "/nix/rootfs";
|
||||
"/nix/persistent" = "/nix/persistent";
|
||||
"/nix/nodatacow" = "/nix/nodatacow";
|
||||
"/nix/rootfs/current" = "/";
|
||||
};
|
||||
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto =
|
||||
decrypt.manual =
|
||||
{
|
||||
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
|
||||
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
|
||||
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
};
|
||||
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "efi";
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "silvermont";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking =
|
||||
{ hostname = "nas"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
|
||||
networking.hostname = "nas";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
gui.enable = true;
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" ];
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
packages.packageSet = "server";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
hostsAllowed = "192.168. 127.";
|
||||
shares =
|
||||
{
|
||||
home.path = "/home";
|
||||
root.path = "/";
|
||||
};
|
||||
};
|
||||
sshd = { enable = true; passwordAuthentication = true; };
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
|
||||
groupshare.enable = true;
|
||||
smartd.enable = true;
|
||||
sshd.enable = true;
|
||||
};
|
||||
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
|
||||
};})
|
||||
];
|
||||
"xmupc1" =
|
||||
@@ -622,6 +620,63 @@
|
||||
};
|
||||
};})
|
||||
];
|
||||
"pe" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/A0F1-74E5" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a7546428-1982-4931-a61f-b7eabd185097"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto."/dev/disk/by-uuid/0b800efa-6381-4908-bd63-7fa46322a2a9" =
|
||||
{ mapper = "root"; ssd = true; };
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "efiRemovable";
|
||||
gui.enable = true;
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "pe";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" "nvidia" ];
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
virtualization.docker.enable = true;
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
sshd.enable = true;
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" ];
|
||||
smartd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
}));
|
||||
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
|
||||
# nix-serve -p 5000
|
||||
@@ -658,7 +713,7 @@
|
||||
inputs.self.nixosConfigurations.${node};
|
||||
};
|
||||
})
|
||||
[ "vps6" "vps7" "nas" ]);
|
||||
[ "vps6" "vps4" "vps7" ]);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "concurrencpp";
|
||||
version = "0.1.7";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "David-Haim";
|
||||
repo = "concurrencpp";
|
||||
rev = "v.${version}";
|
||||
sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
|
||||
};
|
||||
nativeBuildInputs = [ cmake ];
|
||||
postInstall =
|
||||
''
|
||||
mv $out/include/concurrencpp-${version}/concurrencpp $out/include
|
||||
rm -rf $out/include/concurrencpp-${version}
|
||||
'';
|
||||
}
|
||||
@@ -16,15 +16,7 @@
|
||||
# intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
|
||||
# ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
|
||||
# };
|
||||
vasp = callPackage ./vasp
|
||||
{
|
||||
openmp = llvmPackages.openmp;
|
||||
openmpi = pkgs.openmpi.override { cudaSupport = false; };
|
||||
};
|
||||
vasp = callPackage ./vasp { openmp = llvmPackages.openmp; };
|
||||
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
|
||||
# "12to11" = callPackage ./12to11 {};
|
||||
huginn = callPackage ./huginn {};
|
||||
v_sim = callPackage ./v_sim {};
|
||||
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
|
||||
eigengdb = python3Packages.callPackage ./eigengdb {};
|
||||
}
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
|
||||
{
|
||||
name = "eigengdb";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "dmillard";
|
||||
repo = "eigengdb";
|
||||
rev = "c741edef3f07f33429056eff48d79a62733ed494";
|
||||
sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
|
||||
};
|
||||
doCheck = false;
|
||||
buildInputs = [ gdb ];
|
||||
nativeBuildInputs = [ gdb ];
|
||||
propagatedBuildInputs = [ numpy ];
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
{ lib, stdenv, bundlerEnv, fetchFromGitHub }:
|
||||
let
|
||||
pname = "huginn";
|
||||
version = "20230723";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "huginn";
|
||||
rev = "a02977ad420a01b6460634af19f714db4a8f8f36";
|
||||
hash = "sha256-Ty2EDCIjbvcf3PzPupcV4s7ZfAFTuYEjSfy0m+Yt3j4=";
|
||||
};
|
||||
gems = bundlerEnv
|
||||
{
|
||||
name = "${pname}-${version}-gems";
|
||||
gemdir = "${src}";
|
||||
gemfile = "${src}/Gemfile";
|
||||
lockfile = "${src}/Gemfile.lock";
|
||||
gemset = "${src}/gemset.nix";
|
||||
copyGemFiles = true;
|
||||
};
|
||||
in stdenv.mkDerivation
|
||||
{
|
||||
inherit pname version src;
|
||||
buildInputs = [ gems gems.wrappedRuby ];
|
||||
installPhase =
|
||||
''
|
||||
false
|
||||
'';
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
{
|
||||
stdenv, lib, fetchFromGitLab,
|
||||
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
|
||||
glib, gtk3, epoxy, libyaml
|
||||
}:
|
||||
stdenv.mkDerivation
|
||||
{
|
||||
pname = "v_sim";
|
||||
version = "3.8.0_p20230824";
|
||||
src = fetchFromGitLab
|
||||
{
|
||||
owner = "l_sim";
|
||||
repo = "v_sim";
|
||||
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
|
||||
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
|
||||
};
|
||||
buildInputs = [ glib gtk3 epoxy libyaml ];
|
||||
nativeBuildInputs =
|
||||
[
|
||||
autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
|
||||
gtk-doc gfortran libxslt.bin
|
||||
];
|
||||
enableParallelBuilding = true;
|
||||
postPatch =
|
||||
''
|
||||
./autogen.sh
|
||||
'';
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook, makeWrapper,
|
||||
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook,
|
||||
glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
|
||||
}:
|
||||
|
||||
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec
|
||||
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook makeWrapper ];
|
||||
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook ];
|
||||
buildInputs = [ glib gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst ];
|
||||
|
||||
unpackPhase = "tar -xf ${src}";
|
||||
@@ -35,7 +35,13 @@ stdenv.mkDerivation rec
|
||||
cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
|
||||
|
||||
mkdir -p $out/bin
|
||||
makeWrapper $out/opt/VESTA-gtk3/VESTA $out/bin/vesta
|
||||
tee $out/bin/vesta << EOF
|
||||
#!${stdenv.shell}
|
||||
export XDG_DATA_DIRS=$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
|
||||
export PATH="\$PATH\''${PATH:+:}${xdg-utils}/bin"
|
||||
$out/opt/VESTA-gtk3/VESTA "\$@"
|
||||
EOF
|
||||
chmod +x $out/bin/vesta
|
||||
|
||||
patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
|
||||
'';
|
||||
|
||||
@@ -101,7 +101,7 @@ inputs:
|
||||
let
|
||||
packages =
|
||||
{
|
||||
intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
|
||||
intel = [ intel-compute-runtime intel-media-driver intel-vaapi-driver libvdpau-va-gl ];
|
||||
nvidia = [ vaapiVdpau ];
|
||||
};
|
||||
in
|
||||
|
||||
@@ -29,165 +29,44 @@ inputs:
|
||||
[
|
||||
# >= server
|
||||
{
|
||||
nixos =
|
||||
nixos.packages = with inputs.pkgs;
|
||||
{
|
||||
packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# shell
|
||||
ksh
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
nano bat
|
||||
# downloader
|
||||
wget aria2 curl
|
||||
# file manager
|
||||
tree exa trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz rar upx unzip zip lzip p7zip
|
||||
# file system management
|
||||
sshfs e2fsprogs adb-sync duperemove compsize
|
||||
# disk management
|
||||
smartmontools hdparm
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
|
||||
# nix tools
|
||||
nix-output-monitor nix-tree
|
||||
# office
|
||||
todo-txt-cli
|
||||
# development
|
||||
gdb
|
||||
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2 localPackages.eigengdb
|
||||
])];
|
||||
};
|
||||
users.sharedModules =
|
||||
[{
|
||||
config.programs =
|
||||
{
|
||||
zsh =
|
||||
{
|
||||
enable = true;
|
||||
initExtraBeforeCompInit =
|
||||
''
|
||||
# p10k instant prompt
|
||||
typeset -g POWERLEVEL9K_INSTANT_PROMPT=on
|
||||
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||||
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||||
HYPHEN_INSENSITIVE="true"
|
||||
export PATH=~/bin:$PATH
|
||||
function br
|
||||
{
|
||||
local cmd cmd_file code
|
||||
cmd_file=$(mktemp)
|
||||
if broot --outcmd "$cmd_file" "$@"; then
|
||||
cmd=$(<"$cmd_file")
|
||||
command rm -f "$cmd_file"
|
||||
eval "$cmd"
|
||||
else
|
||||
code=$?
|
||||
command rm -f "$cmd_file"
|
||||
return "$code"
|
||||
fi
|
||||
}
|
||||
alias todo="todo.sh"
|
||||
'';
|
||||
plugins =
|
||||
[
|
||||
{
|
||||
file = "powerlevel10k.zsh-theme";
|
||||
name = "powerlevel10k";
|
||||
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||||
}
|
||||
{
|
||||
file = "p10k.zsh";
|
||||
name = "powerlevel10k-config";
|
||||
src = ./p10k-config;
|
||||
}
|
||||
{
|
||||
name = "zsh-lsd";
|
||||
src = inputs.pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "z-shell";
|
||||
repo = "zsh-lsd";
|
||||
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
|
||||
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
|
||||
};
|
||||
}
|
||||
];
|
||||
history =
|
||||
{
|
||||
extended = true;
|
||||
save = 100000000;
|
||||
size = 100000000;
|
||||
share = true;
|
||||
};
|
||||
};
|
||||
direnv = { enable = true; nix-direnv.enable = true; };
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
extraConfig =
|
||||
{
|
||||
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
|
||||
advice.detachedHead = false;
|
||||
merge.conflictstyle = "diff3";
|
||||
diff.colorMoved = "default";
|
||||
};
|
||||
package = inputs.pkgs.gitFull;
|
||||
delta =
|
||||
{
|
||||
enable = true;
|
||||
options =
|
||||
{
|
||||
side-by-side = true;
|
||||
navigate = true;
|
||||
syntax-theme = "GitHub";
|
||||
light = true;
|
||||
zero-style = "syntax white";
|
||||
line-numbers-zero-style = "#ffffff";
|
||||
};
|
||||
};
|
||||
};
|
||||
ssh =
|
||||
{
|
||||
enable = true;
|
||||
controlMaster = "auto";
|
||||
controlPersist = "1m";
|
||||
compression = true;
|
||||
};
|
||||
vim =
|
||||
{
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
packageConfigurable = inputs.config.programs.vim.package;
|
||||
settings =
|
||||
{
|
||||
number = true;
|
||||
expandtab = false;
|
||||
shiftwidth = 2;
|
||||
tabstop = 2;
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
set clipboard=unnamedplus
|
||||
colorscheme evening
|
||||
'';
|
||||
};
|
||||
};
|
||||
}];
|
||||
_packages =
|
||||
[
|
||||
# shell
|
||||
ksh
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof
|
||||
# top
|
||||
iotop iftop htop btop powertop s-tui
|
||||
# editor
|
||||
nano bat
|
||||
# downloader
|
||||
wget aria2 curl
|
||||
# file manager
|
||||
tree exa trash-cli lsd broot file xdg-ninja mlocate
|
||||
# compress
|
||||
pigz rar upx unzip inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.zip lzip p7zip
|
||||
# file system management
|
||||
sshfs e2fsprogs adb-sync duperemove compsize
|
||||
# disk management
|
||||
smartmontools hdparm
|
||||
# encryption and authentication
|
||||
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
|
||||
# networking
|
||||
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
|
||||
# nix tools
|
||||
nix-output-monitor nix-tree
|
||||
# office
|
||||
todo-txt-cli
|
||||
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
|
||||
certifi charset-normalizer idna orjson psycopg2
|
||||
])];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
@@ -237,135 +116,80 @@ inputs:
|
||||
];
|
||||
allowUnfree = true;
|
||||
};
|
||||
home-manager =
|
||||
{
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
};
|
||||
}
|
||||
# >= desktop
|
||||
(
|
||||
mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
|
||||
{
|
||||
nixos =
|
||||
nixos.packages = with inputs.pkgs;
|
||||
{
|
||||
packages = with inputs.pkgs;
|
||||
{
|
||||
_packages =
|
||||
[
|
||||
# system management
|
||||
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
|
||||
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
|
||||
# nix tools
|
||||
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
|
||||
cinny-desktop # nur-xddxdd.wine-wechat thunder
|
||||
# browser
|
||||
google-chrome
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# password and key management
|
||||
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
|
||||
# download
|
||||
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
|
||||
# office
|
||||
unstablePackages.crow-translate zotero pandoc
|
||||
# development
|
||||
scrcpy
|
||||
# media
|
||||
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
|
||||
# text editor
|
||||
localPackages.typora
|
||||
# themes
|
||||
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
|
||||
arc-kde-theme materia-theme
|
||||
# news
|
||||
fluent-reader rssguard
|
||||
# davinci-resolve playonlinux
|
||||
weston cage openbox krita
|
||||
genymotion hdfview
|
||||
(
|
||||
vscode-with-extensions.override
|
||||
{
|
||||
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
|
||||
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
|
||||
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate deepl-translate ])
|
||||
++ (with ms-python; [ isort python vscode-pylance ])
|
||||
++ (with ms-toolsai;
|
||||
[
|
||||
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
|
||||
])
|
||||
++ (with ms-vscode;
|
||||
[
|
||||
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
|
||||
test-adapter-converter
|
||||
])
|
||||
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
|
||||
++ [
|
||||
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
|
||||
oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
|
||||
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
|
||||
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
|
||||
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug
|
||||
hbenl.vscode-test-explorer
|
||||
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
|
||||
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
|
||||
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
|
||||
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode webfreak.debug
|
||||
];
|
||||
}
|
||||
)
|
||||
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
|
||||
};
|
||||
users.sharedModules =
|
||||
[{
|
||||
config =
|
||||
{
|
||||
programs =
|
||||
_packages =
|
||||
[
|
||||
# system management
|
||||
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
|
||||
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
|
||||
# nix tools
|
||||
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
|
||||
# instant messager
|
||||
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
|
||||
cinny-desktop # nur-xddxdd.wine-wechat thunder
|
||||
# browser
|
||||
google-chrome
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# password and key management
|
||||
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
|
||||
# download
|
||||
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
|
||||
# office
|
||||
crow-translate zotero pandoc
|
||||
# development
|
||||
scrcpy
|
||||
# media
|
||||
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk
|
||||
# text editor
|
||||
localPackages.typora
|
||||
# themes
|
||||
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
|
||||
arc-kde-theme materia-theme
|
||||
# news
|
||||
fluent-reader rssguard
|
||||
# davinci-resolve playonlinux
|
||||
weston cage
|
||||
genymotion
|
||||
(
|
||||
vscode-with-extensions.override
|
||||
{
|
||||
chromium =
|
||||
{
|
||||
enable = true;
|
||||
extensions =
|
||||
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
|
||||
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
|
||||
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
|
||||
++ (with intellsmi; [ comment-translate deepl-translate ])
|
||||
++ (with ms-python; [ isort python vscode-pylance ])
|
||||
++ (with ms-toolsai;
|
||||
[
|
||||
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
|
||||
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
|
||||
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
|
||||
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
|
||||
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
|
||||
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
|
||||
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
|
||||
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
|
||||
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
|
||||
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
|
||||
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
|
||||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
|
||||
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
|
||||
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
|
||||
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
|
||||
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
|
||||
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
|
||||
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
|
||||
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
|
||||
])
|
||||
++ (with ms-vscode;
|
||||
[
|
||||
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
|
||||
test-adapter-converter
|
||||
])
|
||||
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
|
||||
++ [
|
||||
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
|
||||
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
|
||||
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
|
||||
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
|
||||
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
|
||||
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
|
||||
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
|
||||
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
|
||||
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
|
||||
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
|
||||
];
|
||||
};
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with inputs.pkgs.obs-studio-plugins;
|
||||
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
};
|
||||
home.file.".config/baloofilerc".text =
|
||||
''
|
||||
[Basic Settings]
|
||||
Indexing-Enabled=false
|
||||
'';
|
||||
};
|
||||
}];
|
||||
}
|
||||
)
|
||||
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
|
||||
};
|
||||
programs =
|
||||
{
|
||||
@@ -378,7 +202,7 @@ inputs:
|
||||
languagePacks = [ "zh-CN" "en-US" ];
|
||||
nativeMessagingHosts.firefoxpwa = true;
|
||||
};
|
||||
vim.package = inputs.pkgs.genericPackages.vim-full;
|
||||
vim.package = inputs.pkgs.vim-full;
|
||||
};
|
||||
nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
@@ -400,7 +224,7 @@ inputs:
|
||||
[
|
||||
# nix tools
|
||||
nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
|
||||
nix-prefetch-docker pnpm-lock-export bundix
|
||||
nix-prefetch-docker pnpm-lock-export
|
||||
# instant messager
|
||||
zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack # jail
|
||||
# office
|
||||
@@ -410,12 +234,12 @@ inputs:
|
||||
# media
|
||||
nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
|
||||
# virtualization
|
||||
wineWowPackages.stagingFull virt-viewer bottles # wine64
|
||||
wine virt-viewer bottles # wine64
|
||||
# text editor
|
||||
appflowy notion-app-enhanced joplin-desktop standardnotes
|
||||
# math, physics and chemistry
|
||||
mathematica octave root ovito paraview localPackages.vesta qchem.quantum-espresso
|
||||
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit jmol localPackages.v_sim
|
||||
mathematica octave root ovito paraview localPackages.vesta qchem.quantum-espresso # vsim
|
||||
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit
|
||||
# news
|
||||
newsflash newsboat
|
||||
];
|
||||
@@ -423,10 +247,7 @@ inputs:
|
||||
[
|
||||
phonopy tensorflow keras openai scipy scikit-learn
|
||||
])];
|
||||
_prebuildPackages =
|
||||
[
|
||||
httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2 gcc13Stdenv
|
||||
];
|
||||
_prebuildPackages = [ httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2 ];
|
||||
};
|
||||
programs =
|
||||
{
|
||||
@@ -590,4 +411,4 @@ inputs:
|
||||
# x11-misc/optimus-manager
|
||||
# x11-misc/unclutter-xfixes
|
||||
|
||||
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
|
||||
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
|
||||
@@ -1,39 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
certs = mkOption
|
||||
{
|
||||
type = types.listOf (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) acme;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkIf acme.enable
|
||||
{
|
||||
security.acme =
|
||||
{
|
||||
acceptTerms = true;
|
||||
defaults.email = "chn@chn.moe";
|
||||
certs = listToAttrs (map
|
||||
(cert:
|
||||
{
|
||||
name = if builtins.typeOf cert == "string" then cert else builtins.elemAt cert 0;
|
||||
value =
|
||||
{
|
||||
dnsResolver = "8.8.8.8";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
|
||||
extraDomainNames = if builtins.typeOf cert == "string" then [] else builtins.tail cert;
|
||||
};
|
||||
})
|
||||
acme.certs);
|
||||
};
|
||||
sops.secrets."acme/cloudflare.ini" = {};
|
||||
};
|
||||
}
|
||||
1
modules/services/ca.pub
Normal file
1
modules/services/ca.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature
|
||||
@@ -13,12 +13,7 @@ inputs:
|
||||
./synapse.nix
|
||||
./phpfpm.nix
|
||||
./xrdp.nix
|
||||
./groupshare.nix
|
||||
./acme.nix
|
||||
./samba.nix
|
||||
./sshd.nix
|
||||
./vaultwarden.nix
|
||||
./frp.nix
|
||||
# ./docker.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
@@ -29,7 +24,54 @@ inputs:
|
||||
};
|
||||
kmscon.enable = mkOption { type = types.bool; default = false; };
|
||||
fontconfig.enable = mkOption { type = types.bool; default = false; };
|
||||
samba =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
wsdd = mkOption { type = types.bool; default = false; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
hostsAllowed = mkOption { type = types.str; default = "127."; };
|
||||
shares = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
path = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
sshd.enable = mkOption { type = types.bool; default = false; };
|
||||
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
acme =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
certs = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
frpClient =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
user = mkOption { type = types.nonEmptyStr; };
|
||||
tcp = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
frpServer =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
};
|
||||
nix-serve =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
@@ -95,7 +137,7 @@ inputs:
|
||||
fonts =
|
||||
{
|
||||
fontDir.enable = true;
|
||||
fonts = with inputs.pkgs;
|
||||
packages = with inputs.pkgs;
|
||||
[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
|
||||
fontconfig.defaultFonts =
|
||||
{
|
||||
@@ -107,7 +149,204 @@ inputs:
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.samba.enable
|
||||
{
|
||||
# make shares visible for windows 10 clients
|
||||
services =
|
||||
{
|
||||
samba-wsdd.enable = services.samba.wsdd;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
openFirewall = !services.samba.private;
|
||||
securityType = "user";
|
||||
extraConfig =
|
||||
''
|
||||
workgroup = WORKGROUP
|
||||
server string = Samba Server
|
||||
server role = standalone server
|
||||
hosts allow = ${services.samba.hostsAllowed}
|
||||
dns proxy = no
|
||||
'';
|
||||
# obey pam restrictions = yes
|
||||
# encrypt passwords = no
|
||||
shares = listToAttrs (map
|
||||
(share:
|
||||
{
|
||||
name = share.name;
|
||||
value =
|
||||
{
|
||||
comment = if share.value.comment != null then share.value.comment else share.name;
|
||||
path = share.value.path;
|
||||
browseable = true;
|
||||
writeable = true;
|
||||
"create mask" = "664";
|
||||
"force create mode" = "644";
|
||||
"directory mask" = "2755";
|
||||
"force directory mode" = "2755";
|
||||
};
|
||||
})
|
||||
(attrsToList services.samba.shares));
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.sshd.enable
|
||||
{
|
||||
services.openssh =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
X11Forwarding = true;
|
||||
TrustedUserCAKeys = builtins.toString ./ca.pub;
|
||||
ChallengeResponseAuthentication = false;
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
UsePAM = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
|
||||
(
|
||||
mkIf services.acme.enable
|
||||
{
|
||||
security.acme =
|
||||
{
|
||||
acceptTerms = true;
|
||||
defaults.email = "chn@chn.moe";
|
||||
certs = listToAttrs (map
|
||||
(name:
|
||||
{
|
||||
name = name; value =
|
||||
{
|
||||
dnsResolver = "8.8.8.8";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
|
||||
};
|
||||
})
|
||||
services.acme.certs);
|
||||
};
|
||||
sops.secrets."acme/cloudflare.ini" = {};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf (services.frpClient.enable)
|
||||
{
|
||||
systemd.services.frpc =
|
||||
let
|
||||
frpc = "${inputs.pkgs.frp}/bin/frpc";
|
||||
config = inputs.config.sops.templates."frpc.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Client Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frpc} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frpc.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
(
|
||||
{
|
||||
common =
|
||||
{
|
||||
server_addr = services.frpClient.serverName;
|
||||
server_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
user = services.frpClient.user;
|
||||
tls_enable = true;
|
||||
};
|
||||
}
|
||||
// (listToAttrs (map
|
||||
(tcp:
|
||||
{
|
||||
name = tcp.name;
|
||||
value =
|
||||
{
|
||||
type = "tcp";
|
||||
local_ip = tcp.value.localIp;
|
||||
local_port = tcp.value.localPort;
|
||||
remote_port = tcp.value.remotePort;
|
||||
use_compression = true;
|
||||
};
|
||||
})
|
||||
(attrsToList services.frpClient.tcp))
|
||||
)
|
||||
);
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf (services.frpServer.enable)
|
||||
{
|
||||
systemd.services.frps =
|
||||
let
|
||||
frps = "${inputs.pkgs.frp}/bin/frps";
|
||||
config = inputs.config.sops.templates."frps.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Server Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frps} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frps.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
{
|
||||
common = let cert = inputs.config.security.acme.certs.${services.frpServer.serverName}.directory; in
|
||||
{
|
||||
bind_port = 7000;
|
||||
bind_udp_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
tls_cert_file = "${cert}/full.pem";
|
||||
tls_key_file = "${cert}/key.pem";
|
||||
tls_only = true;
|
||||
user_conn_timeout = 30;
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
nixos.services.acme = { enable = true; certs = [ services.frpServer.serverName ]; };
|
||||
security.acme.certs.${services.frpServer.serverName}.group = "frp";
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
networking.firewall.allowedTCPPorts = [ 7000 ];
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.nix-serve.enable
|
||||
{
|
||||
@@ -118,8 +357,7 @@ inputs:
|
||||
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
|
||||
};
|
||||
sops.secrets."store/signingKey" = {};
|
||||
nixos.services.nginx.httpProxy.${services.nix-serve.hostname} =
|
||||
{ rewriteHttps = true; locations."/".upstream = "http://127.0.0.1:5000"; };
|
||||
nixos.services.nginx.httpProxy.${services.nix-serve.hostname}.upstream = "http://127.0.0.1:5000";
|
||||
}
|
||||
)
|
||||
(mkIf services.smartd.enable { services.smartd.enable = true; })
|
||||
@@ -206,8 +444,8 @@ inputs:
|
||||
enable = true;
|
||||
httpProxy."wallabag.chn.moe" =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/" = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
|
||||
upstream = "http://127.0.0.1:4398";
|
||||
setHeaders.Host = "wallabag.chn.moe";
|
||||
};
|
||||
};
|
||||
postgresql.enable = true;
|
||||
|
||||
103
modules/services/docker.nix
Normal file
103
modules/services/docker.nix
Normal file
@@ -0,0 +1,103 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs: { options =
|
||||
{
|
||||
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
|
||||
image = mkOption { type = types.package; };
|
||||
imageName =
|
||||
mkOption { type = types.nonEmptyStr; default = with inputs.image; (imageName + ":" + imageTag); };
|
||||
ports = mkOption
|
||||
{
|
||||
type = types.listOf (types.oneOf
|
||||
[
|
||||
types.ints.unsigned
|
||||
types.submodule (inputs: { options =
|
||||
{
|
||||
hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
hostPort = mkOption { type = types.ints.unsigned; };
|
||||
containerPort = mkOption { type = types.ints.unsigned; };
|
||||
protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
|
||||
};})
|
||||
]);
|
||||
default = [];
|
||||
};
|
||||
environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) docker;
|
||||
in mkMerge
|
||||
[
|
||||
{
|
||||
virtualisation.oci-containers.containers = listToAttrs (map
|
||||
(container:
|
||||
{
|
||||
name = "${container.name}";
|
||||
value =
|
||||
{
|
||||
image = container.value.imageName;
|
||||
imageFile = container.value.image;
|
||||
ports = map
|
||||
(port:
|
||||
(
|
||||
if builtins.typeOf port == "int" then "127.0.0.1::${toString port}"
|
||||
else ("${port.value.hostIp}:${toString port.value.hostPort}"
|
||||
+ ":${toString port.value.containerPort}/${port.value.protocol}")
|
||||
))
|
||||
container.value.ports;
|
||||
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
|
||||
environmentFiles =
|
||||
if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
|
||||
then [ inputs.config.sops.templates."${container.name}/env".path ]
|
||||
else if builtins.typeOf container.value.environmentFile == "bool" then []
|
||||
else [ container.value.environmentFile ];
|
||||
};
|
||||
})
|
||||
(attrsToList docker));
|
||||
systemd.services = listToAttrs (concatLists (map
|
||||
(container:
|
||||
[
|
||||
{
|
||||
name = "docker-${container.value.user}-daemon";
|
||||
value =
|
||||
{
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
inherit (inputs.systemd.user.services.docker) description path;
|
||||
serviceConfig = inputs.systemd.user.services.docker.serviceConfig //
|
||||
{
|
||||
User = container.value.user;
|
||||
Group = container.value.user;
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
ExecStart = inputs.systemd.user.services.docker.serviceConfig.ExecStart
|
||||
+ " -H unix:///var/run/docker-rootless/${container.value.user}.sock";
|
||||
};
|
||||
unitConfig = { inherit (inputs.systemd.user.services.docker.unitConfig) StartLimitInterval; };
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "docker-${container.name}";
|
||||
value =
|
||||
{
|
||||
requires = [ "docker-${container.value.user}-daemon.service" ];
|
||||
after = [ "docker-${container.value.user}-daemon.service" ];
|
||||
environment.DOCKER_HOST = "unix:///var/run/docker-rootless/${container.value.user}.sock";
|
||||
serviceConfig = { User = container.value.user; Group = container.value.user; };
|
||||
};
|
||||
}
|
||||
])
|
||||
(attrsToList docker)));
|
||||
}
|
||||
(mkIf (docker != {})
|
||||
{
|
||||
systemd.tmpfiles.rules = [ "d /var/run/docker-rootless 0777" ];
|
||||
nixos.virtualization.docker.enable = true;
|
||||
})
|
||||
];
|
||||
}
|
||||
@@ -1,154 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
frpClient =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
user = mkOption { type = types.nonEmptyStr; };
|
||||
tcp = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
frpServer =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) frpClient frpServer;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkMerge
|
||||
[
|
||||
(
|
||||
mkIf frpClient.enable
|
||||
{
|
||||
systemd.services.frpc =
|
||||
let
|
||||
frpc = "${inputs.pkgs.frp}/bin/frpc";
|
||||
config = inputs.config.sops.templates."frpc.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Client Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frpc} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frpc.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
(
|
||||
{
|
||||
common =
|
||||
{
|
||||
server_addr = frpClient.serverName;
|
||||
server_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
user = frpClient.user;
|
||||
tls_enable = true;
|
||||
};
|
||||
}
|
||||
// (listToAttrs (map
|
||||
(tcp:
|
||||
{
|
||||
name = tcp.name;
|
||||
value =
|
||||
{
|
||||
type = "tcp";
|
||||
local_ip = tcp.value.localIp;
|
||||
local_port = tcp.value.localPort;
|
||||
remote_port = tcp.value.remotePort;
|
||||
use_compression = true;
|
||||
};
|
||||
})
|
||||
(attrsToList frpClient.tcp))
|
||||
)
|
||||
);
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf frpServer.enable
|
||||
{
|
||||
systemd.services.frps =
|
||||
let
|
||||
frps = "${inputs.pkgs.frp}/bin/frps";
|
||||
config = inputs.config.sops.templates."frps.ini";
|
||||
in
|
||||
{
|
||||
description = "Frp Server Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frps} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frps.ini" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = inputs.lib.generators.toINI {}
|
||||
{
|
||||
common = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
|
||||
{
|
||||
bind_port = 7000;
|
||||
bind_udp_port = 7000;
|
||||
token = inputs.config.sops.placeholder."frp/token";
|
||||
tls_cert_file = "${cert}/full.pem";
|
||||
tls_key_file = "${cert}/key.pem";
|
||||
tls_only = true;
|
||||
user_conn_timeout = 30;
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
nixos.services.acme = { enable = true; certs = [ frpServer.serverName ]; };
|
||||
security.acme.certs.${frpServer.serverName}.group = "frp";
|
||||
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
|
||||
networking.firewall.allowedTCPPorts = [ 7000 ];
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
@@ -1,37 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
# hard to read value from inputs.config.users.users.xxx.home, causing infinite recursion
|
||||
mountPoints = mkOption { type = types.listOf types.str; default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.config.nixos.services) groupshare;
|
||||
users = inputs.config.users.groups.groupshare.members;
|
||||
in mkIf groupshare.enable
|
||||
{
|
||||
users.groups.groupshare = {};
|
||||
systemd.tmpfiles.rules = [ "d /var/lib/groupshare" ]
|
||||
++ (concatLists (map
|
||||
(user:
|
||||
[
|
||||
"d /var/lib/groupshare/${user} 2750 ${user} groupshare"
|
||||
# systemd 253 does not support 'X' bit, it should be manually set
|
||||
# sudo setfacl -m 'xxx' dir
|
||||
# ("a /var/lib/groupshare/${user} - - - - "
|
||||
# + "d:u:${user}:rwX,u:${user}:rwX,d:g:groupshare:r-X,g:groupshare:r-X,d:o::---,o::---,d:m::r-x,m::r-x")
|
||||
])
|
||||
users));
|
||||
fileSystems = listToAttrs (map
|
||||
(mountPoint:
|
||||
{
|
||||
name = mountPoint;
|
||||
value = { device = "/var/lib/groupshare"; options = [ "bind" ]; depends = [ "/home" "/var/lib" ]; };
|
||||
})
|
||||
groupshare.mountPoints);
|
||||
};
|
||||
}
|
||||
23
modules/services/huginn.nix
Normal file
23
modules/services/huginn.nix
Normal file
@@ -0,0 +1,23 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.huginn.enable = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
|
||||
config = inputs.lib.mkIf inputs.config.nixos.services.huginn.enable
|
||||
{
|
||||
nixos.services =
|
||||
{
|
||||
docker.huginn =
|
||||
{
|
||||
image = inputs.pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "huginn/huginn";
|
||||
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
|
||||
sha256 = "0ls97k8ic7w5j54jlpwh8rrvj1y4pl4106j9pyap105r6p7dziiz";
|
||||
finalImageName = "huginn/huginn";
|
||||
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
|
||||
};
|
||||
ports = [ 3000 ];
|
||||
environmentFile = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -37,7 +37,7 @@ inputs:
|
||||
Group = inputs.config.users.users.${instance.value.user}.group;
|
||||
ExecStart =
|
||||
let
|
||||
meilisearch = inputs.pkgs.unstablePackages.meilisearch.overrideAttrs (prev:
|
||||
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
|
||||
{
|
||||
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
|
||||
++ (
|
||||
@@ -58,6 +58,8 @@ inputs:
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
IOReadBandwidthMax = "/dev/mapper/root 20M";
|
||||
IOWriteBandwidthMax = "/dev/mapper/root 20M";
|
||||
Nice = 19;
|
||||
Slice = "-.slice";
|
||||
};
|
||||
@@ -89,7 +91,7 @@ inputs:
|
||||
env = "production"
|
||||
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
|
||||
log_level = "INFO"
|
||||
max_indexing_memory = "16Gb"
|
||||
max_indexing_memory = "8Gb"
|
||||
max_indexing_threads = 1
|
||||
'';
|
||||
owner = inputs.config.users.users.misskey.name;
|
||||
|
||||
@@ -54,8 +54,6 @@ inputs:
|
||||
ExecStart = "${WorkingDirectory}/bin/misskey";
|
||||
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||
Restart = "always";
|
||||
RuntimeMaxSec = "1d";
|
||||
};
|
||||
};
|
||||
tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
|
||||
@@ -65,12 +63,12 @@ inputs:
|
||||
"/var/lib/misskey/work" =
|
||||
{
|
||||
device = "${inputs.pkgs.localPackages.misskey}";
|
||||
options = [ "bind" "private" "x-gvfs-hide" ];
|
||||
options = [ "bind" ];
|
||||
};
|
||||
"/var/lib/misskey/work/files" =
|
||||
{
|
||||
device = "/var/lib/misskey/files";
|
||||
options = [ "bind" "private" "x-gvfs-hide" ];
|
||||
options = [ "bind" ];
|
||||
};
|
||||
};
|
||||
sops.templates."misskey/default.yml" =
|
||||
@@ -140,14 +138,10 @@ inputs:
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/" =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
})
|
||||
(attrsToList misskey-proxy));
|
||||
|
||||
@@ -6,47 +6,23 @@ inputs:
|
||||
transparentProxy =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = true; };
|
||||
externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
|
||||
externalIp = mkOption { type = types.nonEmptyStr; };
|
||||
map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
|
||||
};
|
||||
httpProxy = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
rewriteHttps = mkOption { type = types.bool; default = false; };
|
||||
websocket = mkOption { type = types.bool; default = false; };
|
||||
http2 = mkOption { type = types.bool; default = true; };
|
||||
setHeaders = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
addAuth = mkOption { type = types.bool; default = false; };
|
||||
detectAuth = mkOption { type = types.bool; default = false; };
|
||||
locations = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
websocket = mkOption { type = types.bool; default = false; };
|
||||
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
|
||||
};});
|
||||
};
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
streamProxy =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 5575; };
|
||||
map = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
rewriteHttps = mkOption { type = types.bool; default = false; };
|
||||
};})
|
||||
]);
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -89,38 +65,37 @@ inputs:
|
||||
value =
|
||||
{
|
||||
serverName = site.name;
|
||||
listen = [ { addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; } ]
|
||||
++ (if site.value.rewriteHttps then [ { addr = "0.0.0.0"; port = 80; } ] else []);
|
||||
listen =
|
||||
[
|
||||
{ addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; }
|
||||
{ addr = "0.0.0.0"; port = 80; }
|
||||
];
|
||||
useACMEHost = site.name;
|
||||
locations = listToAttrs (map
|
||||
(location:
|
||||
{
|
||||
inherit (location) name;
|
||||
value =
|
||||
{
|
||||
proxyPass = location.value.upstream;
|
||||
proxyWebsockets = location.value.websocket;
|
||||
recommendedProxySettings = false;
|
||||
recommendedProxySettingsNoHost = true;
|
||||
extraConfig = concatStringsSep "\n"
|
||||
(
|
||||
(map
|
||||
(header: ''proxy_set_header ${header.name} "${header.value}";'')
|
||||
(attrsToList location.value.setHeaders))
|
||||
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
|
||||
++ (
|
||||
if site.value.addAuth then
|
||||
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
|
||||
else [])
|
||||
);
|
||||
};
|
||||
})
|
||||
(attrsToList site.value.locations));
|
||||
locations."/" =
|
||||
{
|
||||
proxyPass = site.value.upstream;
|
||||
proxyWebsockets = site.value.websocket;
|
||||
recommendedProxySettings = false;
|
||||
recommendedProxySettingsNoHost = true;
|
||||
basicAuthFile =
|
||||
if site.value.detectAuth then
|
||||
inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
|
||||
else null;
|
||||
extraConfig = concatStringsSep "\n"
|
||||
(
|
||||
(map
|
||||
(header: "proxy_set_header ${header.name} ${header.value};")
|
||||
(attrsToList site.value.setHeaders))
|
||||
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
|
||||
++ (
|
||||
if site.value.addAuth then
|
||||
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
|
||||
else [])
|
||||
);
|
||||
};
|
||||
addSSL = true;
|
||||
forceSSL = site.value.rewriteHttps;
|
||||
http2 = site.value.http2;
|
||||
basicAuthFile =
|
||||
if site.value.detectAuth then inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
|
||||
else null;
|
||||
};
|
||||
})
|
||||
(attrsToList nginx.httpProxy));
|
||||
@@ -148,16 +123,6 @@ inputs:
|
||||
in
|
||||
(inputs.pkgs.nginxMainline.override (prev: { modules = prev.modules ++ [ nginx-geoip2 ]; }))
|
||||
.overrideAttrs (prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
|
||||
streamConfig =
|
||||
''
|
||||
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
|
||||
{
|
||||
$geoip2_data_country_code country iso_code;
|
||||
}
|
||||
resolver 8.8.8.8;
|
||||
'';
|
||||
# todo: use host dns
|
||||
resolver.addresses = [ "8.8.8.8" ];
|
||||
};
|
||||
geoipupdate =
|
||||
{
|
||||
@@ -213,9 +178,13 @@ inputs:
|
||||
{
|
||||
services.nginx.streamConfig =
|
||||
''
|
||||
log_format transparent_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
|
||||
'"$ssl_preread_server_name"->$transparent_proxy_backend $bytes_sent $bytes_received';
|
||||
map $ssl_preread_server_name $transparent_proxy_backend
|
||||
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
|
||||
{
|
||||
$geoip2_data_country_code country iso_code;
|
||||
}
|
||||
log_format stream '[$time_local] $remote_addr-$geoip2_data_country_code "$ssl_preread_server_name"->$backend $bytes_sent $bytes_received';
|
||||
access_log syslog:server=unix:/dev/log stream;
|
||||
map $ssl_preread_server_name $backend
|
||||
{
|
||||
${concatStringsSep "\n" (map
|
||||
(x: '' "${x.name}" 127.0.0.1:${toString x.value};'')
|
||||
@@ -230,14 +199,13 @@ inputs:
|
||||
}
|
||||
server
|
||||
{
|
||||
${concatStringsSep "\n " (map (ip: "listen ${ip}:443;") nginx.transparentProxy.externalIp)}
|
||||
listen ${nginx.transparentProxy.externalIp}:443;
|
||||
ssl_preread on;
|
||||
proxy_bind $remote_addr transparent;
|
||||
proxy_pass $transparent_proxy_backend;
|
||||
proxy_pass $backend;
|
||||
proxy_connect_timeout 1s;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_buffer_size 128k;
|
||||
access_log syslog:server=unix:/dev/log transparent_proxy;
|
||||
}
|
||||
'';
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
@@ -292,47 +260,5 @@ inputs:
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
};
|
||||
})
|
||||
(mkIf nginx.streamProxy.enable
|
||||
{
|
||||
services.nginx =
|
||||
{
|
||||
streamConfig =
|
||||
''
|
||||
log_format stream_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
|
||||
'"$ssl_preread_server_name"->$stream_proxy_backend $bytes_sent $bytes_received';
|
||||
map $ssl_preread_server_name $stream_proxy_backend
|
||||
{
|
||||
${concatStringsSep "\n" (map
|
||||
(x: '' "${x.name}" "${x.value.upstream or x.value}";'')
|
||||
(attrsToList nginx.streamProxy.map))}
|
||||
}
|
||||
server
|
||||
{
|
||||
listen 127.0.0.1:${toString nginx.streamProxy.port};
|
||||
ssl_preread on;
|
||||
proxy_pass $stream_proxy_backend;
|
||||
proxy_connect_timeout 10s;
|
||||
proxy_socket_keepalive on;
|
||||
proxy_buffer_size 128k;
|
||||
access_log syslog:server=unix:/dev/log stream_proxy;
|
||||
}
|
||||
'';
|
||||
virtualHosts = listToAttrs (map
|
||||
(site:
|
||||
{
|
||||
inherit (site) name;
|
||||
value =
|
||||
{
|
||||
serverName = site.name;
|
||||
listen = [ { addr = "0.0.0.0"; port = 80; } ];
|
||||
locations."/".return = "301 https://${site.name}$request_uri";
|
||||
};
|
||||
})
|
||||
(filter (site: site.value.rewriteHttps or false) (attrsToList nginx.streamProxy.map)));
|
||||
};
|
||||
nixos.services.nginx.transparentProxy.map = listToAttrs (map
|
||||
(site: { name = site.name; value = nginx.streamProxy.port; })
|
||||
(attrsToList nginx.streamProxy.map));
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
@@ -62,9 +62,8 @@ inputs:
|
||||
enable = true;
|
||||
httpProxy.${rsshub.hostname} =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/" =
|
||||
{ upstream = "http://127.0.0.1:${toString rsshub.port}"; setHeaders.Host = rsshub.hostname; };
|
||||
upstream = "http://127.0.0.1:${toString rsshub.port}";
|
||||
setHeaders.Host = rsshub.hostname;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.samba = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
wsdd = mkOption { type = types.bool; default = false; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
hostsAllowed = mkOption { type = types.str; default = "127."; };
|
||||
shares = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
path = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) samba;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkIf samba.enable
|
||||
{
|
||||
services =
|
||||
{
|
||||
# make shares visible for windows 10 clients
|
||||
samba-wsdd.enable = samba.wsdd;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
# TCP 139 445 UDP 137 138
|
||||
openFirewall = !samba.private;
|
||||
securityType = "user";
|
||||
extraConfig =
|
||||
''
|
||||
workgroup = WORKGROUP
|
||||
server string = Samba Server
|
||||
server role = standalone server
|
||||
hosts allow = ${samba.hostsAllowed}
|
||||
dns proxy = no
|
||||
'';
|
||||
# obey pam restrictions = yes
|
||||
# encrypt passwords = no
|
||||
shares = listToAttrs (map
|
||||
(share:
|
||||
{
|
||||
name = share.name;
|
||||
value =
|
||||
{
|
||||
comment = if share.value.comment != null then share.value.comment else share.name;
|
||||
path = share.value.path;
|
||||
browseable = true;
|
||||
writeable = true;
|
||||
"create mask" = "644";
|
||||
"force create mode" = "644";
|
||||
"directory mask" = "2755";
|
||||
"force directory mode" = "2755";
|
||||
};
|
||||
})
|
||||
(attrsToList samba.shares));
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
passwordAuthentication = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) sshd;
|
||||
in mkIf sshd.enable
|
||||
{
|
||||
services.openssh =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
X11Forwarding = true;
|
||||
ChallengeResponseAuthentication = false;
|
||||
PasswordAuthentication = sshd.passwordAuthentication;
|
||||
KbdInteractiveAuthentication = false;
|
||||
UsePAM = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -133,14 +133,10 @@ inputs:
|
||||
name = hostname;
|
||||
value =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/" =
|
||||
{
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
||||
else "http://${upstream.address}:${toString upstream.port}";
|
||||
websocket = true;
|
||||
setHeaders.Host = hostname;
|
||||
};
|
||||
})
|
||||
(attrsToList synapse-proxy));
|
||||
|
||||
@@ -1,117 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
vaultwarden =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
autoStart = mkOption { type = types.bool; default = true; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8000; };
|
||||
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
|
||||
hostname = mkOption { type = types.str; default = "vaultwarden.chn.moe"; };
|
||||
};
|
||||
vaultwarden-proxy =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
|
||||
upstream = mkOption
|
||||
{
|
||||
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
||||
{
|
||||
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 8000; };
|
||||
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
|
||||
};})];
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) vaultwarden vaultwarden-proxy;
|
||||
inherit (builtins) listToAttrs;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
in mkMerge
|
||||
[
|
||||
(
|
||||
mkIf vaultwarden.enable
|
||||
{
|
||||
services.vaultwarden =
|
||||
{
|
||||
enable = true;
|
||||
dbBackend = "postgresql";
|
||||
config =
|
||||
{
|
||||
DATA_FOLDER = "/var/lib/vaultwarden";
|
||||
WEB_VAULT_ENABLED = true;
|
||||
WEBSOCKET_ENABLED = true;
|
||||
ROCKET_PORT = vaultwarden.port;
|
||||
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
|
||||
SIGNUPS_VERIFY = true;
|
||||
DOMAIN = "https://${vaultwarden.hostname}";
|
||||
SMTP_HOST = "mail.chn.moe";
|
||||
SMTP_FROM = "bot@chn.moe";
|
||||
SMTP_FROM_NAME = "vaultwarden";
|
||||
SMTP_SECURITY = "force_tls";
|
||||
SMTP_USERNAME = "bot@chn.moe";
|
||||
};
|
||||
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."vaultwarden.env" =
|
||||
let
|
||||
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
|
||||
placeholder = inputs.config.sops.placeholder;
|
||||
in
|
||||
{
|
||||
owner = serviceConfig.User;
|
||||
group = serviceConfig.Group;
|
||||
content =
|
||||
''
|
||||
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
|
||||
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
|
||||
SMTP_PASSWORD=${placeholder."mail/bot"}
|
||||
'';
|
||||
};
|
||||
secrets = listToAttrs (map
|
||||
(secret: { name = secret; value = {}; })
|
||||
[ "vaultwarden/admin_token" "mail/bot" ]);
|
||||
};
|
||||
systemd.services.vaultwarden =
|
||||
{
|
||||
enable = vaultwarden.autoStart;
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf vaultwarden-proxy.enable
|
||||
{
|
||||
nixos.services.nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy."${vaultwarden-proxy.hostname}" =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations = let upstream = vaultwarden-proxy.upstream; in (listToAttrs (map
|
||||
(location: { name = location; value =
|
||||
{
|
||||
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
|
||||
setHeaders = { Host = vaultwarden-proxy.hostname; Connection = ""; };
|
||||
};})
|
||||
[ "/" "/notifications/hub/negotiate" ]))
|
||||
// { "/notifications/hub" =
|
||||
{
|
||||
upstream =
|
||||
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
|
||||
websocket = true;
|
||||
setHeaders.Host = vaultwarden-proxy.hostname;
|
||||
};};
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
@@ -269,12 +269,6 @@ inputs:
|
||||
${iptables} -t mangle -N v2ray_mark -w
|
||||
${iptables} -t mangle -A OUTPUT -j v2ray_mark -w
|
||||
${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u v2ray) -j RETURN -w
|
||||
${
|
||||
if inputs.config.nixos.system.networking.nebula.enable then
|
||||
let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User; in
|
||||
"${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u ${user}) -j RETURN -w"
|
||||
else ""
|
||||
}
|
||||
${iptables} -t mangle -A v2ray_mark -m set --match-set noproxy_src_net src -j RETURN -w
|
||||
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1 -w
|
||||
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1 -w
|
||||
|
||||
@@ -4,16 +4,14 @@ inputs:
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 3389; };
|
||||
hostname = mkOption
|
||||
{
|
||||
type = types.nullOr (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
|
||||
default = null;
|
||||
};
|
||||
hostname = mkOption { type = types.nullOr types.str; default = null; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.config.nixos.services) xrdp;
|
||||
inherit (builtins) map listToAttrs concatStringsSep toString filter attrValues;
|
||||
in mkIf xrdp.enable (mkMerge
|
||||
[
|
||||
{
|
||||
@@ -27,18 +25,12 @@ inputs:
|
||||
}
|
||||
(
|
||||
mkIf (xrdp.hostname != null)
|
||||
(
|
||||
let
|
||||
mainDomain = if builtins.typeOf xrdp.hostname == "string" then xrdp.hostname
|
||||
else builtins.elemAt xrdp.hostname 0;
|
||||
in
|
||||
{
|
||||
services.xrdp = let keydir = inputs.config.security.acme.certs.${mainDomain}.directory; in
|
||||
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
|
||||
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
|
||||
security.acme.certs.${mainDomain}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
|
||||
}
|
||||
)
|
||||
{
|
||||
services.xrdp = let keydir = inputs.config.security.acme.certs.${xrdp.hostname}.directory; in
|
||||
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
|
||||
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
|
||||
security.acme.certs.${xrdp.hostname}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
|
||||
}
|
||||
)
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -61,11 +61,9 @@ inputs:
|
||||
defaultLocale = "C.UTF-8";
|
||||
supportedLocales = [ "zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8" ];
|
||||
};
|
||||
users.mutableUsers = false;
|
||||
# environment.pathsToLink = [ "/include" ];
|
||||
# environment.variables.CPATH = "/run/current-system/sw/include";
|
||||
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
home-manager.sharedModules = [{ home.stateVersion = "22.11"; }];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -79,11 +79,7 @@ inputs:
|
||||
# mount.vfat
|
||||
{
|
||||
fileSystems = listToAttrs (map
|
||||
(device:
|
||||
{
|
||||
name = device.value;
|
||||
value = { device = device.name; fsType = "vfat"; neededForBoot = true; };
|
||||
})
|
||||
(device: { name = device.value; value = { device = device.name; fsType = "vfat"; }; })
|
||||
(attrsToList fileSystems.mount.vfat));
|
||||
}
|
||||
# mount.btrfs
|
||||
@@ -110,8 +106,7 @@ inputs:
|
||||
# zstd:15 5m33s 7.16G
|
||||
# zstd:8 54s 7.32G
|
||||
# zstd:3 17s 7.52G
|
||||
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" ];
|
||||
neededForBoot = true;
|
||||
options = [ "compress-force=zstd" "subvol=${subvol.name}" ];
|
||||
};
|
||||
}
|
||||
)
|
||||
@@ -203,7 +198,7 @@ inputs:
|
||||
# mdadm
|
||||
(
|
||||
mkIf (fileSystems.mdadm != null)
|
||||
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
|
||||
{ boot.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
|
||||
)
|
||||
# swap
|
||||
{ swapDevices = map (device: { device = device; }) fileSystems.swap; }
|
||||
|
||||
@@ -3,7 +3,6 @@ inputs:
|
||||
options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
preferred = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
|
||||
@@ -41,7 +41,7 @@ inputs:
|
||||
"${impermanence.root}" =
|
||||
{
|
||||
hideMounts = true;
|
||||
directories = [ "/var/lib/systemd/linger" ]
|
||||
directories = []
|
||||
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
|
||||
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
|
||||
};
|
||||
|
||||
@@ -36,10 +36,10 @@ inputs:
|
||||
owner = "xanmod";
|
||||
repo = "linux";
|
||||
rev = modDirVersion;
|
||||
hash = "sha256-EugTfBbeH9VTpIg1aDNfaY57NDCA70QIdsOfzxWMSeA=";
|
||||
sha256 = "sha256-rvSQJb9MIOXkGEjHOPt3x+dqp1AysvQg7n5yYsg95fk=";
|
||||
};
|
||||
version = "6.4.14";
|
||||
modDirVersion = "6.4.14-xanmod1";
|
||||
version = "6.4.12";
|
||||
modDirVersion = "6.4.12-xanmod1";
|
||||
});
|
||||
kernelPatches =
|
||||
let
|
||||
@@ -49,8 +49,8 @@ inputs:
|
||||
{
|
||||
patch = inputs.pkgs.fetchurl
|
||||
{
|
||||
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.4.patch";
|
||||
sha256 = "1kvmddg18pw22valbgx2vlxiasgxvszzm5lzkz096xm51sz72rm0";
|
||||
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.3.patch";
|
||||
sha256 = "sha256-QnsWruzhtiZnqzTUXkPk9Hb19Iddr4VTWXyV4r+iLvE=";
|
||||
};
|
||||
extraStructuredConfig =
|
||||
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
|
||||
|
||||
@@ -3,9 +3,8 @@ inputs:
|
||||
options.nixos.system.networking.nebula = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
# null: is lighthouse; non-empty string: is not lighthouse, and use this string as lighthouse address.
|
||||
# null: is lighthouse, non-empty string: is not lighthouse, and use this string as lighthouse address.
|
||||
lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
useRelay = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
@@ -18,19 +17,18 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
ca = ./ca.crt;
|
||||
# nebula-cert sign -name 1p9p -ip 192.168.82.4/24
|
||||
cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
|
||||
key = inputs.config.sops.templates."nebula/key-template".path;
|
||||
firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
|
||||
firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];
|
||||
}
|
||||
// (
|
||||
if nebula.lighthouse == null then { isLighthouse = true; isRelay = true; }
|
||||
if nebula.lighthouse == null then { isLighthouse = true; }
|
||||
else
|
||||
{
|
||||
lighthouses = [ "192.168.82.1" ];
|
||||
relays = if nebula.useRelay then [ "192.168.82.1" ] else [];
|
||||
staticHostMap."192.168.82.1" = [ "${nebula.lighthouse}:4242" ];
|
||||
listen.port = 0;
|
||||
}
|
||||
);
|
||||
sops =
|
||||
@@ -48,7 +46,7 @@ inputs:
|
||||
};
|
||||
secrets."nebula/key" = {};
|
||||
};
|
||||
networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
|
||||
systemd.services."nebula@nebula".serviceConfig.Restart = "always";
|
||||
networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
|
||||
// (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
-----BEGIN NEBULA CERTIFICATE-----
|
||||
CmEKA25hcxIKhKShhQyA/v//DyiRxoCoBjCv/sW2BjoghACiJywxa2n7Aki9/HEU
|
||||
q2KpxFE+1Eshcgiy09UagFxKICju+bVGfbNKKrhV7SCNXhazgyVZYigGrzfpvHza
|
||||
nafWEkDfhP5lh+/rFLPZslxaU+jy1swpr+oipToAnZ9Lw5Wlefpmxo/8mTBb4a8T
|
||||
0jhdUC8x4ETwta6LbtWfo7uPinAJ
|
||||
-----END NEBULA CERTIFICATE-----
|
||||
@@ -22,30 +22,17 @@ inputs:
|
||||
{
|
||||
config.allowUnfree = true;
|
||||
config.cudaSupport = nixpkgs.cudaSupport;
|
||||
overlays = [(final: prev:
|
||||
{
|
||||
genericPackages =
|
||||
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
|
||||
waydroid = final.unstablePackages.waydroid;
|
||||
})];
|
||||
overlays = [(final: prev: { genericPackages =
|
||||
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };})];
|
||||
};
|
||||
}
|
||||
(
|
||||
mkConditional (nixpkgs.march != null)
|
||||
{
|
||||
programs.ccache.enable = true;
|
||||
nixpkgs =
|
||||
{
|
||||
hostPlatform = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
|
||||
config = { qchem-config.optArch = nixpkgs.march; oneapiArch = nixpkgs.oneapiArch; };
|
||||
overlays = [(final: prev:
|
||||
{
|
||||
unstablePackages = import inputs.topInputs.nixpkgs-unstable
|
||||
{
|
||||
localSystem = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
})];
|
||||
};
|
||||
boot.kernelPatches =
|
||||
[{
|
||||
@@ -69,14 +56,7 @@ inputs:
|
||||
};
|
||||
}];
|
||||
}
|
||||
{
|
||||
nixpkgs =
|
||||
{
|
||||
hostPlatform = "x86_64-linux";
|
||||
overlays = [(final: prev: { unstablePackages = import inputs.topInputs.nixpkgs-unstable
|
||||
{ localSystem.system = "x86_64-linux"; config.allowUnfree = true; }; })];
|
||||
};
|
||||
}
|
||||
{ nixpkgs.hostPlatform = "x86_64-linux"; }
|
||||
)
|
||||
];
|
||||
}
|
||||
|
||||
@@ -25,6 +25,13 @@ inputs:
|
||||
"es256"
|
||||
"+presence"
|
||||
])
|
||||
(builtins.concatStringsSep ","
|
||||
[
|
||||
"WgLCnlQcGP4uVHI8OZrJWoLK6ezHtl404NVGsfH2LXsq0TNVZ7l2OidGpbYqIJwTn5yKu6t0MI7KdHYD18T/HA=="
|
||||
"GVPuwp38yb+A1Uur22hywW7mQJPOxuLXXKLlM9FU2bvVhpwdjWDvg+BB5YFAL9NjTW22V7Hy/a9UuSmZejs7dw=="
|
||||
"es256"
|
||||
"+presence"
|
||||
])
|
||||
])
|
||||
]);
|
||||
};
|
||||
|
||||
@@ -14,6 +14,6 @@ inputs: { config =
|
||||
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
|
||||
# do not clean /tmp
|
||||
timers.systemd-tmpfiles-clean.enable = false;
|
||||
coredump = { enable = true; extraConfig = "Storage=none"; };
|
||||
coredump.enable = false;
|
||||
};
|
||||
};}
|
||||
|
||||
@@ -1,226 +1,276 @@
|
||||
inputs:
|
||||
let
|
||||
allUsers =
|
||||
{
|
||||
root =
|
||||
{
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) listToAttrs mkMerge;
|
||||
inherit (builtins) map;
|
||||
inherit (inputs.localLib) stripeTabs;
|
||||
in mkMerge
|
||||
[
|
||||
{
|
||||
users.users.root =
|
||||
users =
|
||||
{
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
||||
openssh.authorizedKeys.keys =
|
||||
[
|
||||
(builtins.concatStringsSep ""
|
||||
[
|
||||
"sk-ssh-ed25519@openssh.com "
|
||||
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
|
||||
"chn@pc"
|
||||
])
|
||||
];
|
||||
};
|
||||
home-manager.users.root =
|
||||
{
|
||||
imports = inputs.config.nixos.users.sharedModules;
|
||||
config.programs.git =
|
||||
users =
|
||||
{
|
||||
extraConfig.core.editor = inputs.lib.mkForce "vim";
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
};
|
||||
};
|
||||
};
|
||||
chn =
|
||||
{
|
||||
users.users.chn =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
|
||||
openssh.authorizedKeys.keys =
|
||||
[
|
||||
# ykman fido credentials list
|
||||
# ykman fido credentials delete f2c1ca2d
|
||||
# ssh-keygen -t ed25519-sk -O resident
|
||||
# ssh-keygen -K
|
||||
(builtins.concatStringsSep ""
|
||||
[
|
||||
"sk-ssh-ed25519@openssh.com "
|
||||
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
|
||||
"chn@pc"
|
||||
])
|
||||
];
|
||||
};
|
||||
home-manager.users.chn =
|
||||
{
|
||||
imports = inputs.config.nixos.users.sharedModules;
|
||||
config.programs =
|
||||
{
|
||||
git =
|
||||
root =
|
||||
{
|
||||
userName = "chn";
|
||||
userEmail = "chn@chn.moe";
|
||||
shell = inputs.pkgs.zsh;
|
||||
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
||||
openssh.authorizedKeys.keys =
|
||||
[
|
||||
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
|
||||
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
|
||||
];
|
||||
};
|
||||
ssh.matchBlocks = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(host:
|
||||
{
|
||||
name = host.name;
|
||||
value = { host = host.name; hostname = host.value; user = "chn"; };
|
||||
})
|
||||
(inputs.localLib.attrsToList
|
||||
{
|
||||
vps3 = "vps3.chn.moe";
|
||||
vps4 = "vps4.chn.moe";
|
||||
vps5 = "vps5.chn.moe";
|
||||
vps6 = "vps6.chn.moe";
|
||||
vps7 = "vps7.chn.moe";
|
||||
}))
|
||||
++ (builtins.map
|
||||
(host:
|
||||
{
|
||||
name = host;
|
||||
value =
|
||||
{
|
||||
host = host;
|
||||
hostname = "hpc.xmu.edu.cn";
|
||||
user = host;
|
||||
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
|
||||
};
|
||||
})
|
||||
[ "wlin" "jykang" "hwang" ])
|
||||
)
|
||||
// {
|
||||
xmupc1 =
|
||||
{
|
||||
host = "xmupc1";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
nas =
|
||||
{
|
||||
host = "nas";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 5440;
|
||||
};
|
||||
xmupc1-ext =
|
||||
{
|
||||
host = "xmupc1-ext";
|
||||
hostname = "vps3.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmuhk =
|
||||
{
|
||||
host = "xmuhk";
|
||||
hostname = "10.26.14.56";
|
||||
user = "xmuhk";
|
||||
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
||||
};
|
||||
xmuhk2 =
|
||||
{
|
||||
host = "xmuhk2";
|
||||
hostname = "183.233.219.132";
|
||||
user = "xmuhk";
|
||||
port = 62022;
|
||||
};
|
||||
chn =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
|
||||
};
|
||||
};
|
||||
mutableUsers = false;
|
||||
};
|
||||
nixos.services.groupshare.mountPoints = [ "/home/chn/groupshare" ];
|
||||
};
|
||||
xll =
|
||||
}
|
||||
# (mkMerge (map (user:
|
||||
# {
|
||||
# sops.secrets."password/${user}".neededForUsers = true;
|
||||
# users.users.${user}.passwordFile = inputs.config.sops.secrets."password/${user}".path;
|
||||
# }) [ "root" "chn" ]))
|
||||
{
|
||||
users.users.xll =
|
||||
home-manager =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/xll".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./xll_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
users =
|
||||
let
|
||||
normal = { gui ? false }: { pkgs, ...}:
|
||||
{
|
||||
home.stateVersion = "22.11";
|
||||
programs =
|
||||
{
|
||||
zsh =
|
||||
{
|
||||
enable = true;
|
||||
initExtraBeforeCompInit =
|
||||
''
|
||||
# p10k instant prompt
|
||||
typeset -g POWERLEVEL9K_INSTANT_PROMPT=off
|
||||
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
|
||||
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
|
||||
|
||||
HYPHEN_INSENSITIVE="true"
|
||||
|
||||
export PATH=~/bin:$PATH
|
||||
|
||||
function br
|
||||
{
|
||||
local cmd cmd_file code
|
||||
cmd_file=$(mktemp)
|
||||
if broot --outcmd "$cmd_file" "$@"; then
|
||||
cmd=$(<"$cmd_file")
|
||||
command rm -f "$cmd_file"
|
||||
eval "$cmd"
|
||||
else
|
||||
code=$?
|
||||
command rm -f "$cmd_file"
|
||||
return "$code"
|
||||
fi
|
||||
}
|
||||
|
||||
alias todo="todo.sh"
|
||||
'';
|
||||
plugins =
|
||||
[
|
||||
{
|
||||
file = "powerlevel10k.zsh-theme";
|
||||
name = "powerlevel10k";
|
||||
src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
|
||||
}
|
||||
{
|
||||
file = "p10k.zsh";
|
||||
name = "powerlevel10k-config";
|
||||
src = ./p10k-config;
|
||||
}
|
||||
{
|
||||
name = "zsh-lsd";
|
||||
src = pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "z-shell";
|
||||
repo = "zsh-lsd";
|
||||
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
|
||||
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
|
||||
};
|
||||
}
|
||||
];
|
||||
history =
|
||||
{
|
||||
extended = true;
|
||||
save = 100000000;
|
||||
size = 100000000;
|
||||
share = true;
|
||||
};
|
||||
};
|
||||
direnv = { enable = true; nix-direnv.enable = true; };
|
||||
git =
|
||||
{
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
userEmail = "chn@chn.moe";
|
||||
userName = "chn";
|
||||
extraConfig =
|
||||
{
|
||||
core.editor = if gui then "code --wait" else "vim";
|
||||
advice.detachedHead = false;
|
||||
merge.conflictstyle = "diff3";
|
||||
diff.colorMoved = "default";
|
||||
};
|
||||
package = pkgs.gitFull;
|
||||
delta =
|
||||
{
|
||||
enable = true;
|
||||
options =
|
||||
{
|
||||
side-by-side = true;
|
||||
navigate = true;
|
||||
syntax-theme = "GitHub";
|
||||
light = true;
|
||||
zero-style = "syntax white";
|
||||
line-numbers-zero-style = "#ffffff";
|
||||
};
|
||||
};
|
||||
};
|
||||
ssh =
|
||||
{
|
||||
enable = true;
|
||||
controlMaster = "auto";
|
||||
controlPersist = "1m";
|
||||
compression = true;
|
||||
matchBlocks = builtins.listToAttrs
|
||||
(
|
||||
(map
|
||||
(host:
|
||||
{
|
||||
name = host.name;
|
||||
value = { host = host.name; hostname = host.value; user = "chn"; };
|
||||
})
|
||||
(inputs.localLib.attrsToList
|
||||
{
|
||||
vps3 = "vps3.chn.moe";
|
||||
vps4 = "vps4.chn.moe";
|
||||
vps5 = "vps5.chn.moe";
|
||||
vps6 = "vps6.chn.moe";
|
||||
vps7 = "vps7.chn.moe";
|
||||
nas = "192.168.1.188";
|
||||
}))
|
||||
++ (map
|
||||
(host:
|
||||
{
|
||||
name = host;
|
||||
value =
|
||||
{
|
||||
host = host;
|
||||
hostname = "hpc.xmu.edu.cn";
|
||||
user = host;
|
||||
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
|
||||
};
|
||||
})
|
||||
[ "wlin" "jykang" "hwang" ])
|
||||
)
|
||||
// {
|
||||
xmupc1 =
|
||||
{
|
||||
host = "xmupc1";
|
||||
hostname = "office.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmupc1-ext =
|
||||
{
|
||||
host = "xmupc1-ext";
|
||||
hostname = "vps3.chn.moe";
|
||||
user = "chn";
|
||||
port = 6007;
|
||||
};
|
||||
xmuhk =
|
||||
{
|
||||
host = "xmuhk";
|
||||
hostname = "10.26.14.56";
|
||||
user = "xmuhk";
|
||||
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
||||
};
|
||||
xmuhk2 =
|
||||
{
|
||||
host = "xmuhk2";
|
||||
hostname = "183.233.219.132";
|
||||
user = "xmuhk";
|
||||
port = 62022;
|
||||
};
|
||||
};
|
||||
};
|
||||
vim =
|
||||
{
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
settings =
|
||||
{
|
||||
number = true;
|
||||
expandtab = false;
|
||||
shiftwidth = 2;
|
||||
tabstop = 2;
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
set clipboard=unnamedplus
|
||||
colorscheme evening
|
||||
'';
|
||||
};
|
||||
chromium =
|
||||
{
|
||||
package = inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.chromium;
|
||||
enable = inputs.config.programs.chromium.enable && gui;
|
||||
extensions =
|
||||
[
|
||||
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
|
||||
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
|
||||
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
|
||||
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
|
||||
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
|
||||
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
|
||||
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
|
||||
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
|
||||
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
|
||||
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
|
||||
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
|
||||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
|
||||
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
|
||||
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
|
||||
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
|
||||
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
|
||||
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
|
||||
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
|
||||
];
|
||||
};
|
||||
obs-studio =
|
||||
{
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
root = normal { gui = false; };
|
||||
chn = normal { gui = inputs.config.nixos.system.gui.enable; };
|
||||
};
|
||||
};
|
||||
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/xll".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
|
||||
};
|
||||
zem =
|
||||
{
|
||||
users.users.zem =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/zem".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./zem_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/zem".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
|
||||
};
|
||||
yjq =
|
||||
{
|
||||
users.users.yjq =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/yjq".path;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./yjq_id_rsa.pub) ];
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/yjq".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
|
||||
};
|
||||
yxy =
|
||||
{
|
||||
users.users.yxy =
|
||||
{
|
||||
isNormalUser = true;
|
||||
extraGroups = inputs.lib.intersectLists
|
||||
[ "groupshare" "video" ]
|
||||
(builtins.attrNames inputs.config.users.groups);
|
||||
passwordFile = inputs.config.sops.secrets."users/yxy".path;
|
||||
shell = inputs.pkgs.zsh;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
|
||||
sops.secrets."users/yxy".neededForUsers = true;
|
||||
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.nixos.users = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
|
||||
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (builtins) map attrNames;
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.config.nixos) users;
|
||||
in mkMerge
|
||||
[
|
||||
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
|
||||
];
|
||||
}
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
# environment.persistence."/impermanence".users.chn =
|
||||
# {
|
||||
@@ -263,4 +313,4 @@ inputs:
|
||||
# ".viminfo"
|
||||
# ".zsh_history"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
@@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@chn-PC
|
||||
@@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@chn-PC
|
||||
@@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@chn-PC
|
||||
@@ -1,14 +1,5 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:zWLXEH628ZVDZk7U/9zEXocJatCJr7hZrCmh/pifPlxVvVud5RQxLvgRvhQ=,iv:YFn7spiIcaW/l8dQZvGhsERi81L2RKLUE/55Bht0TMQ=,tag:fVdIRCMeT6o0lrGVDjCVlA==,type:str]
|
||||
acme:
|
||||
cloudflare.ini: ENC[AES256_GCM,data:/LpP1qoVS+CG+5ska6vtmagHNrhcgr5e1QRzDdbdCYGnDB8Nca/GmIogzHCXsogQY/rwGTCZoXLKKEGToYiThwk=,iv:R++I0ued2wrVsmM/vYvBVMOp9M7HyZIfDOVOlg7GALE=,tag:gYchPuh8MHk3EEnGb9g4WA==,type:str]
|
||||
users:
|
||||
xll: ENC[AES256_GCM,data:XLSsz6fZ23PPaJS1Y5C3FAOks3wzb2f+Pv8TgyKrDBfMeoLk1M37A00OGJ2wsYxkuR0JV6Uoh+hhRpTUjOQnmLfQrBxPxxP8DA==,iv:jxEZX/flxxduM1sdrYfGHfMtFMYduMg0Lr6hY1pkAPg=,tag:CYy0y1e2S2Txz1OSh+XDHA==,type:str]
|
||||
zem: ENC[AES256_GCM,data:VCVLfGO9a06XhAOBciFf1u7A5jaQikAt2wZf+dCAi1BglXpM6Hof1yAunadYOwLOBFgGlP19kX53CBBlZtaqZFL2GRDzXP0woQ==,iv:AFYtHCCkzNrllN/fjQ8GKYs2TyV3uj3BsU5n1tBQAmM=,tag:5dP7c5N4yG2NS4T+Vg0Zpg==,type:str]
|
||||
yjq: ENC[AES256_GCM,data:yn6eGrySCxlRsFioaE2p1qlTHkIGC9l64+edjuDvt232xc+iFeD03EYfuulyr0GxYFwnlAwtaJnyMi5eOrSd1W6HeV3Canzdbw==,iv:qTc6vA8uQza8CB+BvffEN9GqHkiwNM4h9RkqQR14ylk=,tag:UZ2GYCJLjcWLuVXlscLviw==,type:str]
|
||||
yxy: ENC[AES256_GCM,data:71vjvwr29lfPCarnblpbW3WVyJK8EMV+cR4prc4AM3r0PG4z88P6i0IrzSy8XwkVPrEasfYXxn+vDbzXyi7kIWaWXrkjcyGTxg==,iv:LfkinvbIhchvgfgixIY8Wg6esrc+TOS4YWqRTJ0qfvw=,tag:mLPw6z8DOPrHsRpUHn3/gw==,type:str]
|
||||
uuid: ENC[AES256_GCM,data:0q37D3FVH95eSmw1KPuQSbt6zgzdt9iyO6Mnsk/CiDtp36BR,iv:V0sZLD4VAPF6LQg+mrWxpvnKfkCwQlmwGuJ86XEe8Ik=,tag:UEQAcpkv1LmuIBF50PL0lQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -18,23 +9,14 @@ sops:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
|
||||
cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
|
||||
M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
|
||||
a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
|
||||
1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbFR2bHMrRmdXWVVHTTlJ
|
||||
VVFoMXNBWUU0MGkrOWl0bEphb3JlSTlsN25nCjE1NTZwTHM1b09ZeS9GQ09pRFB0
|
||||
TFRPcW5MTGI1dTk0YXFsVmI1ZmVnTlUKLS0tIEpZNW1YMi9Gc0laRkxYbEw2TGd2
|
||||
MVRPMDVCeHVlOTBnWVNJZ21kcmlBTFkKKbyR6MGaKRvk23toLEdD9s7deQN2Dp9U
|
||||
fYn/X4SC7Wfm4atiDbLR3Jz6FhjRAN+s//lrojRb4yqoipa2AN5tPA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
|
||||
ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
|
||||
NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-14T11:09:58Z"
|
||||
mac: ENC[AES256_GCM,data:f6D4N+He7Zz0VA2FxUzTARfckidgVlDHE1hZrYW6jDf+v9ZK/c/JAj12zLNiCy9aG6rBz5K0jdWpnTsguMlTYCKUjLcD8MSW4KJErYmeVFLpfuiSBMr0+pcSVA9DpEmekaYl0GbnxrgQKrfEL0dthR6+9m5CsP/1bvEs34XcKGk=,iv:0YVxL5iVOvmFzThk7fua2Cqpty9lTX/tdKNii5gY/UA=,tag:d+NwYbpeDziniYXwQYVCdg==,type:str]
|
||||
lastmodified: "2023-08-23T12:21:23Z"
|
||||
mac: ENC[AES256_GCM,data:sUfKYYu4aQYa2hO09aRXDdlrxY9T8ePb4sMTf8hfHHZLRaxLubWy7JkzVdxlTDpCHEZIW5J5zpbcjpvE8ZC5G/m45iCLwJIqAM5teSoG5FW/hR2uzfSuRsF/5vh1xFREsGtMLYskBobvf9mssBwRXgaKOv4zAHzlBmEhTLTBFLg=,iv:TmjRAHISDSK1+M1WtrMYF20cdCPCqu05VhHl6/ipKB4=,tag:jwMdzZoFu1IOB3sg2/kxlg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
@@ -7,6 +7,8 @@ frp:
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
|
||||
nginx:
|
||||
#ENC[AES256_GCM,data:sHSfWhEO9PHWTY0r,iv:XSyOSkzEVOjMF/9vjEVpcuKH6B2mdE5D7l9VKrSILO0=,tag:2YkAoPW5GqOjFpPF5IvApg==,type:comment]
|
||||
#ENC[AES256_GCM,data:Oaxg1nXYHLNOAF2V8lNF+4OtJz5bXOdEleXi89AW+dQvDgj0HMAAlxLiixlfhFW48Clcu+C+4opFZUk+4Q3GBePTQWeabgEFAZi+MgnVoiXzfizQpmve,iv:/NyV6W0vaXvS5qFKPw+7Iqe9po1VKQDLbHaC9Fa8Mto=,tag:JiCKJxhpAI9k11N9WxfZew==,type:comment]
|
||||
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
|
||||
postgresql:
|
||||
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
|
||||
@@ -40,8 +42,8 @@ sops:
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-18T12:02:13Z"
|
||||
mac: ENC[AES256_GCM,data:cO1AngVyJaj+M91wUCG4mGLRjYDF57CdV1UyYeWBXozNl1VxgTWlUFfQJFC5gIGKohAXhGT0SERLGPRVIkacd0hvuHdeHHyp7kzrwQGZTkfxu6oknlvXEXNUdrIiwoers5aJQbbdlEHI6jKL794VRtkykp3bJs0tSeI+v4EA6kI=,iv:YE+oJN+ZJ+1zmze0+GOYG/G8UI7VrVGO1Iwut6mrBfg=,tag:gF8EQSIbVoAzbb4kmWB/uA==,type:str]
|
||||
lastmodified: "2023-09-03T08:51:32Z"
|
||||
mac: ENC[AES256_GCM,data:PlBRhBHJ067MzX77ZaG7XzQviTixWWEZboFM8h1ezmei+Pf2PY4oDxRfmEgAodXD2EpM0x4cao3NPzMeAYtJK0YUViZRzdSbya/60W6Xzv0nrbJHh3xvvJmLVsMXyD3KKMcafTOrBsxnCg0gRro778Z63XkN/S9tA2tZfdZLLcY=,iv:9N223T+lBjYt0WLvvERbAFE1Z30ejWwZNDjByFjlW98=,tag:iTD7+P5uFlwe/xEX80QgMg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
@@ -13,7 +13,6 @@ postgresql:
|
||||
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
|
||||
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
|
||||
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
|
||||
meilisearch:
|
||||
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
|
||||
rsshub:
|
||||
@@ -33,8 +32,6 @@ synapse:
|
||||
signing-key: ENC[AES256_GCM,data:ZCayvU2lElUnuyVDL05XjO3v2P78ha9i9PEcLvpBLgNeYkh7nH9Z4kIAP6Pmbw39ufaSJuo5tZZPmA==,iv:CfxqL7dJbmG/jEcdDe+Su8uxsA4dkOq/CCOGlb3EDIk=,tag:9728QS3GLnTcerzDgtQEWw==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
|
||||
vaultwarden:
|
||||
admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -59,8 +56,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-16T06:00:05Z"
|
||||
mac: ENC[AES256_GCM,data:1+Uqp+nb1zIkKVQzQWlEVBv3hAiBknHJSiVdEPxj4IzAAWc1okSsh8QYRkTA5WR54BL6I7xerITLvaqAIF1cNnmkZJ/bbbgXuQgwrrRfqDKzxOmtblQDxFO6A815VreLTfWjZN6/h3oEzH4DW+xRtd+js4n5L+nyLMee1O9kOi8=,iv:s6QN07djU9PAA2WRZ4xw2O0iDKqzmaEqVyRmeRoHNXE=,tag:y/KjOdf0cXl2XQbibjrVPQ==,type:str]
|
||||
lastmodified: "2023-09-03T08:51:12Z"
|
||||
mac: ENC[AES256_GCM,data:PKxrr1uONIi4ljjS6FFLApcvjVEda4lnsh005Ukmi4NF4fj5/Tyg/4+j85S3UGjgKlHUJsda9qit/23sZjb1IMGgQyL3HakOhEGc1JgbvlibcGm8ZE5LCznu9sp7BQ6hDnYmV1rAyWBDmO6zjNwdjT6NikZUY5o+KiXptLWaUYo=,iv:Gw07qLy4QijtdJa3e15YsbP9UhCS+hpJuApvkvIDc7c=,tag:zit2ySLqpJ7si+YrGINFmg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
||||
Reference in New Issue
Block a user