mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 12:19:22 +08:00
Compare commits
201 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1638b38dc8 | |||
| 8745e1bf40 | |||
| 26c09a35bd | |||
| 8c53be9106 | |||
| 65a746dafd | |||
| 28d1f8fa41 | |||
| d6a82c3c4c | |||
| 49452fd879 | |||
| 0fb18bfc68 | |||
| 9a9bae7bb3 | |||
| 840eb7c09c | |||
| 7bfff9fded | |||
| 5702d9afdf | |||
| bc4a29043d | |||
| 2ea749639d | |||
| aaadfa1191 | |||
| d2836a9955 | |||
| 0b5b8b0595 | |||
| 8c290e4e92 | |||
| da8ac52a45 | |||
| 8e115029cd | |||
| c1d3cb6a0c | |||
| 3358df4962 | |||
| 2dc53c0c38 | |||
| ec8c1199df | |||
| 1503527d61 | |||
| ac1d4919c0 | |||
| 98d17650c1 | |||
| 588e82a18e | |||
| c3d50aa76b | |||
| 2aa9a9f6ef | |||
| 0b2cad3390 | |||
| dcb111cca9 | |||
| 842390334a | |||
| 316aaa270c | |||
| 002ca9e400 | |||
| a8f1902d81 | |||
| 0369bc6bfe | |||
| fc5619650b | |||
| fb9b077097 | |||
| b91659d4f5 | |||
| 181c6f4456 | |||
| 7cc8736413 | |||
| c659472091 | |||
| f07ee22bcb | |||
| 21a0786288 | |||
| c4bf247370 | |||
| 7b7c72090c | |||
| b9541c9ae0 | |||
| db157e35d9 | |||
| bef15a718b | |||
| b4fbd5586b | |||
| 4e125b77be | |||
| 20c667bbfb | |||
| cae25cbac1 | |||
| 10da86a550 | |||
| 67e0fbd26e | |||
| f9a7c0b3fa | |||
| e4d8620d81 | |||
| beec7388ad | |||
| b4f97ecb42 | |||
| 524215ce56 | |||
| 89c9b5ac88 | |||
| 251e4d8b5e | |||
| 4416645e80 | |||
| e4477f16b1 | |||
| 0c1cbf6441 | |||
| 6e41f28db5 | |||
| 9c2d4d7b8f | |||
| a55bdd6704 | |||
| 2084c101d3 | |||
| 13d9d75a6f | |||
| 0c38cafd25 | |||
| 36af9e1df8 | |||
| 781d3d6e43 | |||
| e9694dd177 | |||
| c9697260b1 | |||
| 1b15f3bc8e | |||
| c801142cab | |||
| 13a36b5686 | |||
| 1bf09e1810 | |||
| 082122bf41 | |||
| 8017137973 | |||
| 51e9786246 | |||
| b43f8a16e7 | |||
| 9f9b30dadb | |||
| 199b58a05e | |||
| 151a3ce88c | |||
| a89f1f2c21 | |||
| 43ffea5e3b | |||
| 146db5320f | |||
| 944e840f88 | |||
| 4ddb4a226f | |||
| ee0beeab98 | |||
| 3dfdb36728 | |||
| 6ab49d58c6 | |||
| c741ade943 | |||
| a02b6432d2 | |||
| bbe99ff13c | |||
| 6a8aef57d1 | |||
| 385142b432 | |||
| b9d727ebee | |||
| a2fd753ff1 | |||
| 15199c8dc0 | |||
| ce5a3dcc80 | |||
| 411544042a | |||
| 4b2b16144d | |||
| 5084523da3 | |||
| 8c99e6c741 | |||
| 9c19d8991d | |||
| b896e43d90 | |||
| ca41ee7bd6 | |||
| 2cfc7bd407 | |||
| 0f94795841 | |||
| b8b748e529 | |||
| 0ee751c620 | |||
| 0682820199 | |||
| db5bf3f931 | |||
| 6e71486642 | |||
| f1d2ff29aa | |||
| 3f0dc6b782 | |||
| 470df06872 | |||
| 3d6f6f4c8a | |||
| 7fc8544dc8 | |||
| c43b73bdcf | |||
| 74d828bd7c | |||
| a91d9bdff3 | |||
| 750b7a53f9 | |||
| d925e0b1bf | |||
| 18e12e51ea | |||
| 0be8c584ba | |||
| 7409ab35f0 | |||
| 96a58f3202 | |||
| 6d19009da3 | |||
| 925daed517 | |||
| e900590e51 | |||
| 713c5c78ec | |||
| 7929b82643 | |||
| 58e380eb73 | |||
| ce99d848b5 | |||
| 9c12fbe97a | |||
| 2526a51c53 | |||
| 6ed27fb306 | |||
| 2a824b9036 | |||
| 9eea7df8cc | |||
| 235f1cb1be | |||
| dcef76d006 | |||
| 90f54468cb | |||
| c425c11c54 | |||
| 6014855717 | |||
| e261627407 | |||
| bb2a7f4dbc | |||
| 272b115b76 | |||
| d6118dce89 | |||
| 5c82c869d2 | |||
| c13a0054a0 | |||
| f25094bc91 | |||
| b27e18eaa6 | |||
| e9cdde3d4e | |||
| 0806e7e3f7 | |||
| 6bb5f9f0bc | |||
| fb37f09813 | |||
| 1bc658886f | |||
| 795a98240a | |||
| 9f9386fb75 | |||
| 84c11d9223 | |||
| e962cd1e69 | |||
| c033885e53 | |||
| 707c06decb | |||
| 797beb7454 | |||
| 82eb0c2fc1 | |||
| 444a2c8dd3 | |||
| bb8ed7a9cf | |||
| 59d6751d53 | |||
| 2629d549d5 | |||
| 4ec977b20e | |||
| afdb90bb6d | |||
| cf42a5f473 | |||
| e1af42b2bf | |||
| e391f48845 | |||
| f7651d639f | |||
| b4eb553987 | |||
| 64a099e6b1 | |||
| 1af0f4f14c | |||
| daa85afb61 | |||
| 10373d2d8f | |||
| fe19a5bef8 | |||
| 6df8681fe1 | |||
| 0be4b8f782 | |||
| cfbdfbb856 | |||
| b81b756649 | |||
| 0ebf91187b | |||
| 537068fab8 | |||
| 2c7d9ee8d6 | |||
| 0b99627ea7 | |||
| 15cfc8046f | |||
| cdd7efbb24 | |||
| d288376eed | |||
| 45c523bdaa | |||
| 9992813b73 | |||
| a553a7fa3b |
19
.sops.yaml
19
.sops.yaml
@@ -3,12 +3,14 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
- &vps9 age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
|
||||
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- &srv2-node0 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- &srv2-node1 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- &srv2-node2 age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
|
||||
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
@@ -19,6 +21,8 @@ creation_rules:
|
||||
key_groups: [{ age: [ *chn, *vps4 ] }]
|
||||
- path_regex: devices/vps6/.*$
|
||||
key_groups: [{ age: [ *chn, *vps6 ] }]
|
||||
- path_regex: devices/vps9/.*$
|
||||
key_groups: [{ age: [ *chn, *vps9 ] }]
|
||||
- path_regex: devices/nas/.*$
|
||||
key_groups: [{ age: [ *chn, *nas ] }]
|
||||
- path_regex: devices/srv1/secrets/.*$
|
||||
@@ -30,11 +34,13 @@ creation_rules:
|
||||
- path_regex: devices/srv1/node2/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node2 ] }]
|
||||
- path_regex: devices/srv2/secrets/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1 ] }]
|
||||
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1, *srv2-node2 ] }]
|
||||
- path_regex: devices/srv2/node0/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
|
||||
- path_regex: devices/srv2/node1/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
|
||||
- path_regex: devices/srv2/node2/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node2 ] }]
|
||||
- path_regex: devices/test/.*$
|
||||
key_groups: [{ age: [ *chn, *test ] }]
|
||||
- path_regex: devices/test-pc/.*$
|
||||
@@ -43,8 +49,11 @@ creation_rules:
|
||||
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
|
||||
- path_regex: devices/cross/secrets/default.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
|
||||
*test, *test-pc, *test-pc-vm]
|
||||
- age: [ *chn, *pc, *vps4, *vps6, *vps9, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
|
||||
*srv2-node2, *test, *test-pc, *test-pc-vm ]
|
||||
- path_regex: devices/cross/secrets/chn.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *nas ]
|
||||
- path_regex: devices/cross/secrets/xray-server.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *vps4, *vps6, *vps9, *nas ]
|
||||
|
||||
@@ -13,6 +13,7 @@ let devices =
|
||||
};
|
||||
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
|
||||
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
|
||||
vps9."/dev/disk/by-partlabel/vps9-root" = { mapper = "root"; ssd = true; };
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
BIN
devices/cross/luks-manual/vps9.key
Normal file
BIN
devices/cross/luks-manual/vps9.key
Normal file
Binary file not shown.
@@ -6,12 +6,8 @@ chn:
|
||||
rsa.ppk: ENC[AES256_GCM,data:9njXWqYEZ7jd0u0lvtmIarEka6n6oHmMeLFvBGejAt2cXZdrZzn5hdotT1+yGrPQYH5n5+f5R8E9wSAZK9Xwn5qfLxXkjmOOVd+L+UFr8fNwlac2GK8Z2OpYKSKg8JbNRw7kgl3ktu8xE6IWqTdL75idvW5JI9iXSSLT9o86oV25HN5Ku/JzRRc9ZlrSugxza/w2yUv7ICT4wGw600aXWhF4R9c2vf6+vZyxaBt7BzaT2+IPPrxDxoW6jx+1fATlwTSiqcKD/0ymy0Hk4ryhI6Vk7BaK5ePC405pdghXA3zwHvRKoFtZGPLy7+iQe4GLE1GEOLN+3MSSAlJEnGMKnwP93IqcAghIXAFXHaJzY1a/492waYqXCc3H/SOlI52oKjZY/SUKoSkDxRoY0wr3OdseFgV/BEWgrunN0MakTiqY6Q8okMX3LXeaUHwnIK9t01eLpvIUA2Y1wI7Olx2Ez1Tp1yPjACTZlQrOPOiCeumlRey15bGNywV3p+DY5wM3zqBn+529MauJv7W2NYIJ6do26hAVpe5FMYb0l/G8AYg0E+AJ2nfVRb8Gu5MxprSNQQEMca+PxKSsmCvicBeNuDreZwt7vpMAb8ndv8O96k8cz2G126Rpe6dgsf3XND3VLWJpYIJYG+KA2AaVCvayAcHRUfIZdZ+wMDJFP+nQHk8wH8/Zu6mWL0nkgFMIj7C/xymdIO1Ugc2CjUlZZtSkgZ6JnAQ+rs94B7QBSCcEnkd4kOU4CvrH1eIyxXS1YH6KhYVhOIXeZFvtI38ergae/ruHfruU4tYk9sj+MmiK7tQDVfiu+XY56mrYt46sDOe36nUDAw1xMLV18Wu7P3wh2zwLrHzRcpTljlcilEh6NQTbIZBm5oQUCJhtYkfPtfsOUs6EKR6Zte1xQE6jdMES6Nnki4OAyv6ZC847jZGkGVg2nFkg8K0d3HoLqsIb3AJMgSNoZtImsGdo4I/jgiBdt9GEjXj5o6zYAvt+F/fea8Lvz/JveU4eL+HA5++pSuuFH33eYntPsPeoi3aXMt3HgHpan9hUAYNSTn0IBrEbsFPkxdaPVhyVygZo7nVzMc1z8xRhMuDv/0DlRpSzd0CM/5nFsaexX03W2ByKUatEP+DXxWswXXV0pod1Q65Jp8X6jr3KrGdzgQ+xqT7yCLDInMP08ug8d3MV8cPvdTLKRy3H789WyBKKH9LE6L36ron3571L2C1YRqnSaCtLF4PZWcYhR8QW8DWhU/tQVPc39ny0PazwEKJK4vAuFc9voYTHMgYJ9fvM+TCRQVRi92yECtHO0XsS08UVz4aJpiBnpCf6k26e9Fv5nZkpjeG8l6j1/FLSbUUzM8Ig8JVJZXOV2mkZxB+UVGAaIAaIFuxHJ0u8EVqNGW/yRneZiFop/j+4/rUmR5QaXsqlp6dIjqGiGQxkAsNVc5TiRG4ChQJn50UyqUFWNT/YIFZyJnE051ztZzl0DXoqLdfjn63HJZ0E7OLVwpe6xYQ3DGvwmH+siq5mdjbhF8477C1oes7q+Pc8L8vlYRTIKeLGm5asN2ZyPDigpAnDcPsZUh4Z1EY9/uu1CTG4A2yUdx1Wk9+1ZZf+X8SGK5YyQofuA1WJR3Nxvxr0K2ThUJc2X4jy1x5FCWqINotiHWEj1VLKUEU/eqWcchp99/r6Ai9DBrsuwd7zLq1/EzWyGRFL04aoaHWkzq/2uxs5mBwJYAoRBhXS544JbWgl3k9gnhiTdwzmHxuJqGLQGGLT4kc7va/ym81dPQE5QlMlEsmf0ecHyT9X67GYIsxQtxi8tepM9ycWVRkH2skYVSodOdNvwRZkmtJIzw2lECdx3Sx3u1RAudXMUdGzviUas1+4V7L5w95QF8mQCS5gkHwu11mH6T6aRGLFRUfKNkbOGoiCzOeGsnoQr0IzkwWZ6Kpk/1z8txKIxNfdM3woxAGKbQ==,iv:rU+t8OnwA5yGRQZYSI9GQcfaZY2EjCPxrsoSzlCy1Ok=,tag:5H2oYeXpEkwIhtnAz6uywQ==,type:str]
|
||||
xmuhk: ENC[AES256_GCM,data:I87DH/L3FE/qmYNJ4GPbvuEZ0BU3ljoxjVO+C4UUSGiFq+d0SwqteH8X36SZHsPVOJLtbw+HDxvHuu8avCdPgyg+utYQ902PnU6ldvxpPak2eK/mZQo9KOKNQa6U2QPL7Yq3odemlAHTTp8BD5yOc4gnxGP5/TZZt3jcSAza17tqXwO1dDE0o0ilQ4v5SW4AtBF9Tph5sTyYy9+RlGagvUc35hgl00gDzoTd8ydvFGWSVKO5nTRMQQUfJ1/t5L9ruH4+5+W7Ic6bRXGCSSJ+iKUUcR/N2Bjizcae7TOXZ4VmqkCBHUYDcRnI7kLI3An2dliuPsgyIGVBOzmayNFn8MXjJritptbbm1zC60xzJFaamkQdSTTwUBXNVY5Y/0m/W20/AxyMOvpyxWCDx9XKYK9J6BxqI/uSkJ+IIxHZuiDmY8pF4l6THOd37anRxP2u3S2+yv1sVxqu1cVKR4fmtKqry27KcGkRFwU78qm5QQlSOcxXNSp6gsX5BOb7y0f6rWekRmHLN3gcXJPpEF3AYRXhQZs81J9Tij7F/jemXSG8282PHkvZOnnJQZjb02uVu5NxF+8couaYF18oFjncPlPDrJXEtT2tSabma0fneiLDXnlZ05oPXyWbn81b/KvNxgsDnUAOf3p1sdmIcMG2FLSc2jmaeAF2dCnn7EMjWHwpoR9OeTt5Iq2XIvBzqLsq0dfX22OFCxdO+MX3yWEwZQsU/78n45jiIMOFHZq7GuUsMEd6/p1A9yyuEpkhgqxKRPCIzbmJEaLDAiFSeKw5Q8y5u3sE6NWCJouRsyYaBVtjBYuPCxRA/C5MwiJNL8GCxC++GYWn0OTiAmLMbFyFWVMtwcfVD+SRaOdjzL6v2VvtQpAmNnz4FXdQUb2PpImN/s6Rdg1ca9hPMVkqqgfdc5OC1KvwJP6M3s6g7xzarzTz0whJ0mhNthAHWa0rrnnIEdXa1bdxMEHafkv0VTsUayqfU8kA6pILUFz7d7pot1xrs7ucgw+eqT193kc4XyqxJQK26eWuUVyP1Qd5MnBTQnFXplqIY2sTjisICpvhEAdDeWNN0ouXLFEuQfvfINTydGgITMfQgZbdUuqC4PtdnatZGnwEsuXjRpQ2SA6y1mP3gG3AEvfYnhgg+S1F0pcpN4sa9B1DHvs6ILRaNSnHTHWklD1sMD2YXTgpuFHKtxZMa7dc+pCh4vyGViSgauNaACK/91+OlLPoeIPeQoREvzkOhz+VYXRtG6N5lTMLuubhgOdicBKz8Qt9S9BZTOiJ1hEb4uXXTXwkgulUa77Rd5HEnr31l3BvsNrCt3fDNT8Ec46ICeoRnDjPEIZpXTTUZc7C/J1UUuDCQ1dzVmGrZaM6vyRCFzVa6rgj138CkAp2zF5QzJPyHtyrciPCQfgLweAoT6+tUBOngZNcZ+gSZYrA4uRmwlob9Af6uZEL/GA4zRcSCj73h/7VDhjI4IgaxtiTGsMEmHtGBdryVIPuT8eRcdx6tDkulgQvFi0ku9iqKuBCYpveK+y6OO+5V7GIow7gMfU5AGDNYTNkrVIkhV+Bm5Y3s43eHhda6xxVFR948QvrbYIf3PFMcla2tc0LTOk7r/Fyt/3ij77aVjblq+gfoPtFrbEhvg9Yp8NDnlnuqYel+D24eV+Gd6vY79Gu+JGMgZvFlvEhqJSrKVQ8r4lXl8FMP+S8P5XxXkzf6SNbj1Qm0cwTEtg8p00vt4vH8MaYbSFSSwUeJkOEolDMFSW8FPvqenz1tFq8ShFXB7fuNaU1iqyldnSU3xpswjP8RyrSkZPMClSr2esuLx21+YYSJ90zHtB9kLGdTmp9D5hkGa4IpsbvGVlEvB+yfU9AoFwOi+PoajlxabMHFqIwlyGbl5pXd8Da7PFI1PGfkUa9rPBiusk2IDhXGJn7M00HcWzSjfepkE5EbxzXH0NlsXsqCpGlP1KvDIx4NCYMWJgf7iWebytUqO+AR8nAZlIV95b22EzcsGjAzo0SfqBQnyE9D3y4x/JdKKVy8rW8w/++DeAqQw00VE1JfFubi9NLCzqUQV3zgrEb3SC0yswCMowydXV8Ahl+79Km3Hdnm9H2s94iOlIWMCOV/RKWI/qZujq4ccQdvl77GC+5vXEY6bccNfkIMNPCby9O2383EmS2PzLzMdV0rEBoKkotib+i9IRVKIWJ+pwJwWF/ZPdO/ZcX5ds6oT/U9+RLk+Bq2eLAUwHEVd5mhw2V8Ngj9mp0O9P5vcWQhovnYQRh0WJwJUM1mWfiVLS1IZktndP1efTWR+SPw47tuVcuMcX3vxfReERMAIiO1EcR8+9WYzoSasB16sm9sN1nJUx/LgThjzRTszfy+GFJJZ4dIY/noYyH9LvIz5rHKAAbja5c0PjB22DXOdEjARoXIWHTTH1Ab7/eVk/ixbHOx9sOET9C/koI/URX1XtTRIuM1UXt4OJbIn3fvuPOywHTkWeF5WV/19ZrMHSIM/JHGYc4au/sD06C+wJZseXLPXSIJF2LgabEXJjvHsb++gccqD0GofcJVJzgYuOaJ0ZydbJn670xa/qludJ1nMuSEc3Py4jTOs0vyfrMkDQHWUScT1C/HsQH1YcCKeyAZMSh4hphM7MtAY9v60cnhsyOAwmBhVaZGZSaFIWyf1+ea2eTLnF6HEF0HSYl7L0hd1i8bPBxoyjB2DIbxbzR7TiaMuPQ/HPNhZhXuFfZK6iBjrGDlhGCn/vlFgsSCGCdcLwKBdC8dpfgpyf65ccvtIXMQGFZMQynIDNCBnALF5dtTQprXf/O1WRuZSLAF/H7q+2gXl9hMKeCLWfGbGE/cWvrRw81efgjUQ8AuFUttR2wUL2u26JgrDuoCG9+vhs4S4x2tXDooucqIRQDAUEIE6gF6NsWDi33K5baQ3RA5Z6btNPNQkqXtz4yQE0Zlh9mFT/jkXGRfZ6RtJbT5jWdHQONXaTHTFK43eZlViM1VydoEwiCrclyWYHWswKyLNjQWATICe7X9NYyU/S/Rj9dIRUUzm2KjLfMEfjyiLS5MLDu9lmKUdXAcz4nFcCWIc4VRR5fMsMh6Zvk8eh/vn176Ic58byvfjsAAflZ2QQyZLaA+Utr8YbpxwbRp8WYg0Ktt7q3rlh2WegEa6wKdESqcb53dlK8qw3ICPW4XhFAA37Ru4zlZ5O+ayDoCvrsWE924VXe+1ctjGQ5via4ctDTXXl+GALQPbLmEfwSyvaC332fbZ6YRM1fY6GmnliWCfgHh0cPwuGNmXbhn/Bftsy+jL6ljma//pnkHfQrynho8XeW0edyrXY91CJtkHKhF4h4SVq4tLQ4cRFEjFfkwy4UXZ7m6AnY1cr83iGqbuU1TnKn91mxiBoPWx0arRHeTSCK/xRcBOF7NqBdmEMMefeq2lLuv+8VVKFBFUKCL5e0rKcQ1N2G2ALtrgWVjsaI0eJSyD9aGSADnlMWu14g/msECa5Clvzw2Q==,iv:cv9sYcivQZc/hz+Sri9iLkRHV3uStIvwT2/083DsUtQ=,tag:re/iwRtY/mlnxibqXBnkPg==,type:str]
|
||||
github:
|
||||
token: ENC[AES256_GCM,data:t95+VgTEkcpsYGty95nKg+4QU86rVnJjw/LZEAk6PHc3ZR3GjPLBtg==,iv:1d/tXqknfEh+GFYj22TRtr7Sq9GpE8NujfAKDwJttD8=,tag:LNyI9Tul7g5mm1gM9ijWMw==,type:str]
|
||||
token: ENC[AES256_GCM,data:hTmaIFtLYkrcqz9uVcP/g0mdEIV7ujN6z3m/Hr6U3lk4sJS2m7Lxig==,iv:WpTW4mM6XqPnpAC47fBXw3cKbfEawZKeNBi2fFoKbg8=,tag:rgDmc2WRKhLQrHyUI2O/Bw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -49,8 +45,7 @@ sops:
|
||||
UjFLR3hxSVZVajY0WURiUklveHpzVVkKUwCaBC10Iq931J1umHA3xCWfi1mrmTAx
|
||||
vaJiadYqmMSwYk8g5thQ4jjweh133nL1AdxjmAZOVPgYUr6rmcRfXA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-10T22:08:33Z"
|
||||
mac: ENC[AES256_GCM,data:s0GsJysfnqxdLi99gBsTlE7kZ3prTrhCuCtgp3HD3d41r1mMxQ7F8NqBm1jBc5vhYHcHQgS/YfSQ1kM6+RDXN2dZ5NMzchyXtcq9h7smEKxizRbIx0PSoBZfnxR4LTZfBDi4LUBPVVSjb6A+7FDcfXAp+pM/ciuxmvNH9965Xws=,iv:zHiROdgHavc/sCH7oV1cm0JpSBRjxj8QR6yUZzK/fAo=,tag:2TeMi2a71YOawddL/EeJSQ==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-05T17:54:13Z"
|
||||
mac: ENC[AES256_GCM,data:cCa6Jz53okeMQ2BI+lcJojbo5NDfcyBmROwcC4O3olGC2v3QU4Qkchx2ju6+8LhPR0uTuPA4ENhotoeAK5A+8kwdsJDvGT8si/GNq6u4UWqZuXZ06Op0R5OU10vJT1qEKwYWhJMX8BRsFK7Ab+J3hz5UnOyYlpcmNQtJBEkzwqo=,iv:mct+fwOwKEb1eSqpBNA71SXjS0AWQDF+rzQBv/zABYs=,tag:42K6sYGwPxVHTdDgzOSZmw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -24,152 +24,156 @@ users:
|
||||
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
|
||||
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
|
||||
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
|
||||
#ENC[AES256_GCM,data:B8NX79g1IqmiNdO9pmq11g==,iv:Uf4dOMGCa73+YgFwNHUGmrVQW7zDavyUn8pVlZIlU0Y=,tag:Dp1g1k3x6LYgyHoyOnXdnQ==,type:comment]
|
||||
lilydjwg: ENC[AES256_GCM,data:/2Af4TldHmIbMzv8aDrlhElrsW+P//5cF7vQy/EzcKVa20WhLYIM1KICweZRdxE45FTWsxv+Fp21rBoQS89QePyVAw7POhtceA==,iv:Yv0J0GAWuBLSziHEBFPFSVg0kHjVf//f5ZKYLpyyjDA=,tag:+fJKhLhUWGqfjiSumH3dgQ==,type:str]
|
||||
telegram:
|
||||
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
|
||||
user:
|
||||
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
|
||||
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
|
||||
root: ENC[AES256_GCM,data:KFyR8e+rt0E9,iv:i13OWPwPGpHP8CEGGVm24KgqEOxrqeL+Y3mHBYuntms=,tag:CjKuwE+USmQq6gncXQDrJQ==,type:str]
|
||||
maxmind: ENC[AES256_GCM,data:KfTXvxX4zzXBfNMPmZY1z5jTHTByGfH9qEo6EUAQqZ1JOtNUomOWNQ==,iv:KcexOWAXFhWfli6bAMZ+61x960trZ3iE9UYMuOtJNms=,tag:reuuIe6MkONpeT44U6yUjQ==,type:str]
|
||||
acme:
|
||||
token: ENC[AES256_GCM,data:DrNdcyf2tiZ5nmjYmsG13V63ZuZhNG1c/kkGM7eXQWvRvDbu37nKWA==,iv:xc4gtNvZ/BYG+KmT1XgFfG3Z17bBLURazG8tz4/laxE=,tag:khnYVQWjiiaQC9VsJyLV6A==,type:str]
|
||||
tailscale: ENC[AES256_GCM,data:ajw332lHmxY8mdaxeG6zLui3Coc7z/3+ojBIcZHBY8KhpRbEiAj6n8yIIj/7BffR,iv:oqCBZsrYz6bMax96QQVWhcXnppx676TbUh3Vl4qJh00=,tag:557nZp1SE7NsUii7QUtSeQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR09MUytUL2h3cWlIanNF
|
||||
VWd6SVNWOGVlVVpGbGtyQWxnZlk0cEx2TFJzCmhtbGRFcDdlWDAxU3NneXloSS9U
|
||||
WXBtQmg4dFhOb3J3bThCUDliUmJ4NVUKLS0tIG1uQjdiODdHWVVrVGIwb2lPN1V1
|
||||
QjVyWFAzQTRDWXMyMXdUNytKcy9abmsKZ6maa6DoKPkDAYXGLVoLWIi3fzzs1SVF
|
||||
C/9y2PG/j7F8Pd4hUHl7ILWN/VNbYKQwGYp59+kKeAzeSHkJeTTKyg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBma1JoNldVdG1yNVYxVm5y
|
||||
SWVEemtFUUZHOVVRa2ZPNzkvRWxkTEN1MENBCnQ4elhUYmRuL0xPUVlBbFRNSUFp
|
||||
YTFIRVlHaEdJMlI4TENIS09HcVVrSHMKLS0tIGErY3pJaG1YdmthU3BzZWtCeWkw
|
||||
Qk5TekphSjFqVmg4dEkwWExjek9GK1EK+gzFgvWe2otn946O0roo2K4ADR/U96Co
|
||||
tw0wIOTxw6dtkntbvZHVz3Mh38K5mBpAjPLzyd4IjuUy2AkNSkwGew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaitpVkkvNEFOMEZXK2s0
|
||||
Z1o0UTZ4NFRrd2NqNzhNVWhncmdWWDlzZ2swCkthMU50WldYajN1eEZCRVRUZ2d6
|
||||
TU8za1R0aUdCV3hZaVlIRE01UHdYc2MKLS0tIFNWcFdVWGc5dUVtWnVVbGh1WFVU
|
||||
UzFsYS9tL0xNeDBmQWIrTVB2MkVtdVUKjMADWap5h4NGj3ESamUHz3+8AtO2sOL6
|
||||
wFm/sTfEuhFqO8bodtBXB/veQOrr97Dw8PhO/6CO5JdGTEyFIZ3DoQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMW4raDc4V0RWRkljb2E3
|
||||
a1Q3ZzBFVnVpWit0andqNmNrZkZqS1VSbjFnClM1WmVDbUV1TnAwRHJOU3ZsQVhF
|
||||
a0NQZng4VURGSStCT216OGJuNU9jaWcKLS0tIGY5YW9MUjJZd1Q3SVNEdGVTS25x
|
||||
bytMcjJTeVh6a25ZR0JjV2dIa3BZM0kKi/b439/DJPLu1ccqYmVDQMAOaT8Rae0U
|
||||
cJlTLPHiN+YINT1/NMT62UuPRbGq5puK4v2IXxWo4Xc1KVEwE4j78Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOFprRWZQaVpMQkxJN2Vw
|
||||
RVB6QXN6bDJPcEt3YURaby9PZm1FZHhDRmtZClBiV0JobHZRejhWVzhOZThRTTJ1
|
||||
UE91bzdWMjJvYllIWXBmQkNReThIc00KLS0tIGRLa0V1b3ZWSVQzc01sUlBMVzBz
|
||||
blZyM0FpelBoTE5Ia2J3S2c0WE5FcVEKKTJ5jzNLkLixv+8DlcTrR9sWs6GihPG6
|
||||
x9w/Zu5H4DK9EVFyksTujRZZMI6o4lHzl2VIrgkTNQUwIPtsqo5KMQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUWo3ck9qN2VybUJrNmdk
|
||||
Q1ZlMEJkRFh5OS90cHVheWhoUmNveGQ3Y2l3ClorWmlCUEhpWDAraUR6M1dlTTdR
|
||||
QTRCeTFRUUd6SFBaYXBDb1VFc0ZMbW8KLS0tIDVXMEhVQml5bW5MbXJqYWllZnJL
|
||||
TysxNXhwcllsZGJOejZXUEZkcU55M0UKvIwSQ49VO9cJfRPKzEzly4R6GAPOyi43
|
||||
5aWMh9Yu5EpZTUmyg5MByBdd1ENZZfqy0u9U1BiGxq7fj0DM/pYWjw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQWwvbXZoNHFxM1Y3L0pO
|
||||
cDlML1ZWWXppeWxaZjZwOFVvbHNubmxEYUI4ClB6Wm00dTRFUE8xTFNlUmdacjFU
|
||||
VGNiMFk1SHpOVnJ6RWdyVXk3WGkxZm8KLS0tIDFnamZqa1VqdUVXWFN5YW5CNGhh
|
||||
UHc5bCsvVFV2eDlLR2Q3STFCQXpZRzgKSVvG8HcDtBJAh8iNrQd+UKbgs/k5Yf2t
|
||||
KqMdODturfudk8QJn3pR97essszrsK/HS4yptp71bBSj3qK50Lp/rg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWHRSNFBqVHlSSHUwOXRS
|
||||
MTFPdFZQVzZ5VEpwVE5EN3hqYUZWbEtoNkNNCjRwRUlKVmFxTDNiOHh4TWYwcStP
|
||||
UGRLMmN5Rmx2K2VGRCtCOWNmaENEZmcKLS0tIE1oZUdxRFNXTEljd3ppWXpUUUhE
|
||||
OXMydGE5T0tCS3BUQ0k4bUlEdDdPVE0KFiFCbmzRDXz33uh/klHEDdTP13tGWV4V
|
||||
v7GLkjcoDyYf/4N7i8meu77E2zTMiTdDbUOF0oehFPTDrM1TwJ8LtQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSzJGeDJYUHRtV0hGb3I5
|
||||
ZUlBRnRKem1ucXk0VFZvb0xlSlBkeU1ZeFJvCmFJeXM3eGJBcC9IWHdSV05obVZq
|
||||
b0VOT1NzdzhKOWVYZytQOW5UTXlDS3MKLS0tIHc2U0crejgzTUtVbm9VN3pVNzda
|
||||
NVNQU1RNdldXR2ZoWCs5VlZYV1JyTWsKayt8OOhvopxjAyNMgRTwZVHaRGApUURE
|
||||
V0jeyb/l03hefxUkEsR1yxsQemwJAbbzhhjnsWjjxJ7Zt+bh4FdHiw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Rkc2MVhUc0tTUkNsenQ2
|
||||
aVM1dG9MSVpwaFloU1ZRWmVsaEtYVGY3NlFnCm5PM0VpWVFKdExJbExIMnZ0Tmw1
|
||||
eCtVdkRpVW9lcFA5bWwwbWNaYTMzejQKLS0tIHA4MTd1anM4NWtmQUx1cVlsWFVQ
|
||||
bk5iV2xRazdoZnY1dGhKSGFFdUFWY3MKGoxBih7fDQoZFxj8JjiRAl8D3/8xWBeq
|
||||
RS/8C6v+/V+Afnv9QN6uYt0l4YeGn8tv1TRNWXHZl0A6DFjzouwhZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2hsZGExRnFaclpUNEdr
|
||||
bkJJM2gySmtzUlVmZWoxZ3pST2l2dGtCdnhnClNWeVZqWTJ1Mk1pMGZCaXppU0lY
|
||||
RUtlT3YrQmZuVTZ3TjJYMlhGMTVMMncKLS0tIDJsaVQ3aHZIWHhXOFJ1WmpQUDNk
|
||||
SjBSRm4wWjhpUzFmVUtwdGUvbmVIV0EKzgfa9i+VJLPvBRrFbNavZtG1hK6jazoD
|
||||
WHkWedx4AUUJQQlp12Wetj/0yY9jF3BLv/wvEAusq6Z4dO2aHr3sRA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbE1uZlFXRUdkaGNWNGpn
|
||||
b2JiT1RoSWVLVSt5VHQ2bVRRU0tnVWRudDF3CnVsYXk1R3RGTXN4MkRORERRYXhq
|
||||
UFJkOTZ1ZzgxVXhxOVZ5akpqdDBKNUUKLS0tIGpDS1lGMTRKS0wyOGxyejZvT1F3
|
||||
WjVLek96VW5iNHhxSytvZDVDSWcyRW8KrGqY/w8wOaw+PEAVNMtTpsdSjk+gD+gz
|
||||
fzs9+4uo9Y2KzjCJ6oHIVC4Yz7VkG9Ipo9p6Jd82SJIGcuRtsVljKw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcWFOcXAyYjNoSEhLdEtC
|
||||
ang3bHJ2RmtaL2RManE0K3B0elg4aHJmODB3ClZLSXA5MmhVT2ZZSm9KSUlod3BB
|
||||
V05lT3h0a3NQZnMrNERwNk1LTHRiVlkKLS0tIElESTNEVUpZbk93WFpXNnRTYzY5
|
||||
K2tkMlVCRnBKdVRzWk9aQy9kUUx3L1kKNO9LsaJDfF0v/XCMYV0lmHLFakbVjj+H
|
||||
wGJZQYgu/sETDZQVMeu42fQ++IKElmpfq2/o6+gM7aI0RxLqnBryfw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUnJCdXloNk1FdnlMY3BZ
|
||||
QlFrdkJEYktwYlRLblhQeVZER2pEYWd2UUE0CnVaZDk0b3VoRjlVRVFXVmZQNUpR
|
||||
bngzcHFyaEREaVVIRnRhc3YwVzVwT1kKLS0tIEprbDl6NVZTSzZPZlF3NjVUODFD
|
||||
R2EvTERKTnpoWkdiRVd4c1Ywdm5OV2cK5DR+WLAYmTRVyIP3kx9ImL7oFou/xyJJ
|
||||
P2GNebydAIBPdRmnnPSk5qsGKxZBpiXesSpPCvf71NSp0ayQWtuaZg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYnBzd1k5UEhXZ0wxSU02
|
||||
elZkYlhDWC9CbWFkRlM2bCs2dzNTSlk4TUJnCm1WVnVxaUYwZ1QvNHJRb29ER21P
|
||||
UWhOb2tETWRJR09Sb0l6VXRMaU5KZlkKLS0tIFA3TldTUmJ0Y0xJemJPS0wwK05D
|
||||
SHVXTGUraDE4anJOZFFuaHBKV1lMSWMKemZfKWbI0YR4QuR5zqvGKSnU3HzwZHvo
|
||||
DJ9u2eq7R7OwtDscn9qCwPThORxLMWdI3n+3+XVwAysqW2efrvnGgA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbUtDNk9WUXBYREJpNnNy
|
||||
MDN0WVFRYzlGR0FxTmphMnIxcW5LcGZOWUZjCmRnd0ZNbWhwb3h4ZEVPSm00MGlN
|
||||
SjRYZllXOGVXNjdUazR6bHlSemVscTgKLS0tIFh6aVB0QzFsankzUWpGVG4rTnNp
|
||||
Y3ZGaDlwR0lmQkVnRWxVNGJqS3I5NHMKF7nBtR4gQQ3SMPgsRLczQXlUBFa/+2ND
|
||||
sAcakFO2SiXnfMJTaEdZmoH6gVDjtGhxb72jNbx4c92yFUYNJrAn+w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOFZQZmRHVUdjTXpDbFFm
|
||||
SGt1d2lmYXVZa21iSFhMOTUzMmRIU3BIOUI4CmFvT1BMZmE1eC9tV3dJbVJ4ME8z
|
||||
N25hc0NyZmtMbGFxYmtPSkFkSGZ4bFEKLS0tIE5sUFBTanJONjhtR3BnYjVYdlYr
|
||||
NVZNeDFJOGJIdFlacE9LMmFuakZYUkUKmuK+ogCs3WH9TiGiUfRZ9L98aqRli91A
|
||||
1xHYMJOc5FwI+jaHp1m7nkn+egIOmKvyyejI2ZHQ84tItS+aoiI0bw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRHdHMFAvRFRCNmNES2R0
|
||||
Q3ptRDVrQ3JHaXBxSUlldVd5WUNFc1ZQeDBFCnNiMFErODJhbk5LQ1VGd01oU1N2
|
||||
eXk4Q3VRcUNNWURDUitUMWNOQlJaeWsKLS0tIDRKQ2M1Rnpla3o1NTlCeC9wbGJo
|
||||
cGZxcDUyYzZBMXRpbi94RkcvQXc5aDAKrHpvCDpECN5HS1qeNoiOwKWpT46bLQBd
|
||||
404XgHar20AswgDIjAMp5KJ1pkluQ9j5pVKNFjqJ+9sb3RLYM7Z06Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMysyb2NzMXRlMUk3YnQx
|
||||
eFF4MEU2S0pvS1F4Q1JvUnVYcStDZURuMjJFCnRadVVNbm9IV01ScHlEK0kwK3ds
|
||||
Z1YxY1pMT2RZL0pUZ0pPOUZvQ2xYYmMKLS0tIDE5K2xjU2dFSGZkeHZUNDNUMFhj
|
||||
d0Y0ZS9ub1dVc0lSdXZlOXhMWEc4VkUK7S2XKWP/nHs/7wY6Qs2SaqY7HoAC3h3P
|
||||
S+xf/tGriY7pKXIA8OSn4v2NQGE44LA8sk18c6cpH0KxdgMh+sumXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3RhUHBORW1BNFh5M1c0
|
||||
QlhmUDY1T0ZmN2dGaUhLOVkxN2NiUklBU1hVCjY0MXBoNmw0ekpQYlMzdFZhNFA5
|
||||
NE9XdnlaaGdiSU1BYkRvcThaYmpVcTAKLS0tIGk4UHMwK20yQ2w0N0hoQnZYK2Fk
|
||||
czU0M2dQbU8rMkZJbEJaZ1NhcE1yZFEKUWe5IaDuPjfQ/m76m6DdvF8HWmDiVH1k
|
||||
IQk6sIJfbcINGOVP+JYGJPWgq6LGg1EdW4ONctosVk6kxRO30N0rVQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY05iS0V0aWdVWm5iYyts
|
||||
YlBNSEFQZ0Nxck5jaWZublZOeFhvbmxTOEV3ClIzYnZ4bGZrT1VpZVZlVTl2YXdD
|
||||
VmFEeUFPbTY3eHNXZk1jVXAzZ1paK2MKLS0tIHBsV0wwNllza3JZTzlqbE1DQ1Yy
|
||||
Rk1rdzk3Q0czUW5oSEh2NEtFNitHOTAKe2uoBtAswRNNSV//PI7djMWRy7mYyJpy
|
||||
j6a+cyUQ6ZTGsMTWIFTeymq83Kn/gZNxlgmFWc/NWN0t/i84yQM+iw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YXF5aGRobkFVdFQzRFBp
|
||||
NnhvdWtxU2dxa2s4d2FiYnBrdmMvakU1cFhvCnJ4NWVCc0t2ajFpdWVMM25XUnE4
|
||||
a3E3N0laOEYwNDBNdTc4WjdZR2R3M1EKLS0tIC9WRGpJSUhhM0JGZVJWaHlvSkRH
|
||||
bXErdTlYQWh3cmZITWxIeDYzaklWbmcKKG08GymtessnDUfg/AgmQh9eyJx25Y+c
|
||||
RyhAdNl6Lu2Hv7e/oqr23SmwFuhzgPl6eL8t1Nz3s1KraShZazjpQA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQ0IwMHJZc0dFWmNVNkQ5
|
||||
WUJDeE44SEpyLzdVUDdQTHVEdGc2OFpiQjJnCkMxRlIrcGU5WVRtdFZqc2oxdjBh
|
||||
NkRzN0Q2MGNqZUZUMWNKRlF4czhubWsKLS0tIEdKVGU2RE01QzZ3WlJxU0RrUWtk
|
||||
SFhBMzYwMDN6bUZyOEo5R094QjgxSWMK61kBpZIHQyB7fPEHw69c2pKoR0+vP6U7
|
||||
1gHTVBIUvMc2UbuAvI3tSoNmSDYHpm8AE+1m0E3eZZFHbZYua9+hKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdlJ4QWRPUlpwSlJYaG5K
|
||||
UW05aURRSHlXSmJZekhoZGtlL2dLcUQ3VWhzCmRsM3NnQU1ITGNkNnJETlRpUVJI
|
||||
VUo0cHMxS3FyV2FsNk1iK2U1cnhaL00KLS0tIGx3enAzeHBOOG4zdkVXM21Ldm56
|
||||
ZFA3YVNEM1JTOW50NGxWaXllZFFnSWcKi2LFPb9Bo+XtViBFz7x8jn8Xpn6K5dbQ
|
||||
PJIepVai+5XuuhyUJXKf48b5jUT/FWIKHWFZicrLBuadWx7iHCX4Rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK2tkZXZkYWZWcEFhS1h2
|
||||
YTk2N3F4L3AzNzdmZXhLRXpOLzlRa1NNSXlnCjRNL3paejlRUTZrVEFwdWdzRzVp
|
||||
NVFReGwrZk9IdVhQSnFzK3lVMWRPOTgKLS0tIGs2azNoQm51ZDZrOEJDbEhRVTFu
|
||||
aVdEZ0s4SjljZFc5ZTJwK3ZON3VlRVkKB1apktkRqW0R/Epn3bZf/Aym5evUmxm+
|
||||
TLkJxTT6TVcgjobcpFvMmI+pqRWfh5Opj9a9lSe5QvsXxdgOs0mvzg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRDlUcStHUFc4Vm54YTVV
|
||||
M1V0Ujc2RENybTFVbHgxbVFZV0F2dlI1UTBnCnd2OWhTc1g5Yk0vR0Q5VmpHUitX
|
||||
Y29malU1VEN0WW5XVVFWTFg0S3RFSmMKLS0tIEJKZ0g1U1hWSUZvdjQ1YW14bnFR
|
||||
Wk83NU9XN1pxWHZ3MWo0VHpKek1HOXcKXdzEIlwE4riww33KCRcWEAv3vUQhSqG7
|
||||
4ndZSMOzl9LMGJM3tvX+49TpdoLn+pkrE8g2BcBZPA2UsO1a/ASj2w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlhIdTdtNkpZU3Y5T1Vl
|
||||
WjZXLzJYVDdweFpITEh6cmszOVYrZWI5eTM0CmNSTnd4T3g0dFNiTDNCM2hEOTVo
|
||||
OS85R0VqdEZkTlhGWFNRZFpXZGlWTFEKLS0tIHQ1YWJrZERJUlZwZnU3RThucVRL
|
||||
NHdwcGl2Wk11TFdCd25OTE1nVDNYd2MKOxa2f7bFgFE2zCR1kKtC6giQhr1P79W0
|
||||
MKxil/x2T8rBNkK6sN0PjkphKdg9LVit86ilHPwTgnkl9oz8Cs6X5A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMWw5OXk2bjdHWmg0VGJI
|
||||
MmtRNk5jUFBWc3gwZkVTbUIvNGN2ZlpZcFR3CkJ4Q01CU2tCZDF4djBOSEtzUjZS
|
||||
TFN0dWNlZDdmSnZYdlo5aUpRNDVXaG8KLS0tIDVFdllPdVFUbTFYeUlHUEdRMjNx
|
||||
dEUxemY4Nmp4djBFR2ZDMWZFS3VmOFEKCIeWZZslOeXVY3hqzyIEUeHPzN4Pk+xw
|
||||
hCtNDvShZqcjdR4qwHHQwPjiiZvVk6k0M+GPH2KXVarbIlkqiwHPzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL1ZjRzJNQVFNekFUVlQv
|
||||
SmJWMDRZMXNDaTNNd093b25kSk5nTDg0K244CmVLK08xKzlleXpWblRkbGZVMENi
|
||||
U0NGVVhycUN6OEZDNjFBUndSdnRLdE0KLS0tIHJEeTVIY2xwZWdqdG9JRVhsRENq
|
||||
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
|
||||
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbVpDMkEzSFRhMTE4MktT
|
||||
TWN4ZTRKUk1POWxsa0pPMzZZS2VtN1M3T244CjRJaFpaK0VpenNvWGZNZzdUVGdr
|
||||
RGVycHBJM2VnU29TQ3JmMEJyUTg1QVkKLS0tIGJlQ3NwMjFhSkkzRmwyaXlYZ3pN
|
||||
TXZuTFNpdElIUkNrcHA5T3NKQ0NvY1EKG2FGYxVFp/oa7kxpYD038uUHfZDuoQK+
|
||||
7hsk7Tn+KTjTYs0E7soMcGVr8GRcqcJFXRjt8hFtw9HLDlzaYK6uMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-06T01:03:09Z"
|
||||
mac: ENC[AES256_GCM,data:9pJpUNzMogdijzFpjkCw4wEuOGn8B6Q/sKqzA6Pq73fp42t59BbdtK6ClTWqDRUG5MMmLVXYqdlrjPeHeRtXuQ0USNNFY6jC/p35/gB/+Gh+qqLY48YtBPjsV7aYkF8bVhC8EeDZPXvw6Hz5r+e1crVxcbOjk1uFXFVdoDGgsuQ=,iv:0QKuxk9WvCgLMJCNkX0/S/YonY/bmTvvN27DKcZGzv4=,tag:S9S/J57/GHjmVLJhtLDqDw==,type:str]
|
||||
lastmodified: "2025-11-06T12:38:15Z"
|
||||
mac: ENC[AES256_GCM,data:aIN1vCZVyKnZYmsWwTuClQT+Xsqx46HpFQo/4ZYu4V8WcDtR8UaIH2K/vq6LiJ3bSD06xxR3U9Ljc67hhehiFLMJr00l4KoczLvYYiQZKWC95A/OTyK1UeMMyioBYguDrmIKQiR+sUF/juPn7BjXdygYuVzkH7iLiTz4DczjIhE=,iv:zOZY/pBxieuNhWXonF/mq/0NoM2pgfWMyekx1C+LV78=,tag:EYZndCzRzV+v3icoESW+CQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
98
devices/cross/secrets/xray-server.yaml
Normal file
98
devices/cross/secrets/xray-server.yaml
Normal file
@@ -0,0 +1,98 @@
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:apFo,iv:GVyUtpmMFo2KR06S6hgm0Zy/iUJk4cbi9Yl/TiNkxfs=,tag:KdaMi6k9bLqlnVeCZ5Ohlg==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:qbXM3ZlNPd2A8Jt12qO1huCpXEGN1MsL5oPPYIuIJWtJd/k4,iv:3/be8p4HZnRbplLo6XrVa8TCvnLGRB0pYSsHrqZnZuM=,tag:SiViFW7BHISfR4CTqZHHCw==,type:str]
|
||||
#ENC[AES256_GCM,data:qK++2XZ8JQ==,iv:cTBGDX7ZvPuGBbueoxTaTRhAk94J+MVhLmCwPNYy2WM=,tag:cgcxD8niAhRzBHlW0Hb4YA==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:qrsdJEEH0K3FQUBy2z6uXgg7iIhSLjNdhytb4nlXWDS4s784,iv:2/QfNMq/mvXVr/Kkt1/8QT0SLQRMrIMQi7lV9JwtJUY=,tag:XraahXAHu6agGAzTIs8zNA==,type:str]
|
||||
#ENC[AES256_GCM,data:HBbmq8qGjZXo3w==,iv:wUeTTL2ceksqBvjxtUiOAlZmmuvXktWB/DoEFUBGsMM=,tag:QTEp6rrFXyLf2UHtE4wcUQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:QjONa3SjB7B/uzu9g8Um9YB8JsIoGdWmvk7A+hSe+TniPHql,iv:7OH4gspFB4eIAxGBHTFBEq6y5N1MTErbgQ6jzbyXUIo=,tag:X8h0gidTnD55KKSFcbuiLA==,type:str]
|
||||
#ENC[AES256_GCM,data:dxMJLsx7IPiEN9g=,iv:JtDsa8j4alMMm6v+Fv5CUDiliLh7iz16dSgEQQcjvi8=,tag:5PgogsAqbeVMEtpFCHOWmg==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:exjMqGscWD1EzA8PTGw4rrd75K6SVFPuiaixE5iCRIkGLyYZ,iv:dfP7ZOaMtNCFhWvfkaFeFPFUZD4h3vQhoHj/SI3+bG0=,tag:ohkuRMP7qVFtNP8QOFb8ng==,type:str]
|
||||
#ENC[AES256_GCM,data:uSJneMPH2A==,iv:BIyirNs1W1SJ/f26D4V1MwQR+AllT4Se1KmEeHzqP7c=,tag:99GkRHlVdfhxdN3zaPN/uQ==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:2efLv9agodkVcZSBBsVzPPrCze5cpb0C9A3WkZIrfoBF1YxH,iv:YBciseSbBo7Wxm96X34uHOwTHoxMJL5bDWhQm66s0lM=,tag:T6/kBJPZLTj1l40mnp97xA==,type:str]
|
||||
#ENC[AES256_GCM,data:x2izZg==,iv:MWq/PyJtSeRkvjtLOcuy1JZ2RA1JN+qfrkWNdH3D3W0=,tag:Y6MSxOQsxPIpeB3U5L5LuQ==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:t8agOEuxDtEHx4fmw4okIskHP5DBuY2NaMKL6OBBv/F+Imxd,iv:PKeQgxq/E4vE4FKaG8uyFKhuMAzhPlUpE25UiL+9oGM=,tag:DVPzdtcG3Hck5HQ1c2FoKQ==,type:str]
|
||||
#ENC[AES256_GCM,data:LeZZ1g==,iv:1c9z1Id4SOy5M8zXbEBzK3ePaKm5iDlyGjPuxvd/P6c=,tag:D7s1oWI5ONur/zbJLFhfEg==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:Yk6XSTV8fvLEDOKO67WA0DkPPHWYMPHbY/agEo9N5UZKWd34,iv:VnfMVQeVGqEsrI4+F5FsJz+btO2JjIJ7+Xtb1y/a5mg=,tag:VFuy2HFuR/xL6TpfI2pXZQ==,type:str]
|
||||
#ENC[AES256_GCM,data:LJrX+KL9IPx+Qg==,iv:CeDhlFJXwxNQf25V/z+1nK+l2ymkVhkKPjeqY8Txfn8=,tag:KMnvIEbhqKCpQK+7XkoR/A==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:qZlOJmLVhboazv+RN6TCOuxPheeM3+pmur8ZggaPlOJAyOYo,iv:Mrq1LLte/+8HzOZI3yKapH/vhEfNW9lP9py4JYkdW8A=,tag:HA/XFbLK2cu5Qx+F78M8tQ==,type:str]
|
||||
#ENC[AES256_GCM,data:oJmtrGgpDsGGFw==,iv:OKt2T7A8X+ASW1AB1TisTqTMKaE5xQsrW/gSwTfjHBw=,tag:/OCwEYiQIK2MxfgpGJdQpA==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:R/R2+4kR6EE8CpVONcmkHDSBfvG1Vo82fXCUYA/XGfQL8Hu3,iv:iqkivoGnvNKWOXw+CQ+/xfQeRXfG/OSUMNmv1ZfcyUU=,tag:xeEWhHBR9dRyx542G6ywzw==,type:str]
|
||||
#ENC[AES256_GCM,data:StwPOQo=,iv:VkuAD9NevMl0hdnb31vWN5CTOKpt/2agjjx0QUpkVf4=,tag:jPW4n28Yx7L2FOV9qC50hw==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:QrYqOyxFkNTNk1gzxZR5tyQCInAapf7ZQs5ZSDpBwysgolKg,iv:BJuTVRvpEKc6OpTtiwCmVwySoLSroxr7PrcHStezgAc=,tag:5j4TsHjyiLJPqZNtzvkhtg==,type:str]
|
||||
#ENC[AES256_GCM,data:qYr1yinZQw==,iv:hhPlIlvqTQhx2aaykfvYHfp4WOPkUvt7V9RYyF4M+9Q=,tag:Zo7nVeDN6mEvLLQVQ00vbg==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:UP6+WhGaySTAu/CHhPKviinNG4idINYQrS9JS/rRARcC6D83,iv:KeqVGDWmukQmQP6jALXgiVu9tdYTdbUoLjuhio04UJw=,tag:0Lg89PSA1mtJbJxELu1+GA==,type:str]
|
||||
#ENC[AES256_GCM,data:vwcHgHRYjkNISQ==,iv:dyjjpPBApwwMKdzBezl3CoplmqSkd86Xg/Cqt6LEI4U=,tag:iqSnfbIUE4eBcNBRn/4E2w==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:BC47uCs4ww6GvmVDyyxsfU1neXejZ7G2A2zgjdsABVCZBKRu,iv:n4+JPd35lhDaWkcf7c826b2eOg/UDmuarLYIjtDh1co=,tag:lD5gwDyiZ85O4790O+u4Ng==,type:str]
|
||||
#ENC[AES256_GCM,data:uhxnoQ7KcZ6MFQ==,iv:aM3zaFvL2Zem9I1sC+Guqw33Zl3hk2RxBn+oP9xaHUw=,tag:2bDvig8aIN9mpvMeX5FU1g==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:zWOkpPwFoXUirk21I+VwAhX0uZ2j+W8dDCaYAnVQdpqCrTo7,iv:IAl6jhop6l6IqetMCd23PEqE3WvErlXa6kBbKrIni2c=,tag:Kk7alU4T0PeYSgfq3LbP8A==,type:str]
|
||||
#ENC[AES256_GCM,data:+GWm3samEUggJw==,iv:LcLIjh1eXMT4JIxNPyCbgiqUCZyS6mUv5E6kYnupasg=,tag:C/P5lscrlu56o532A+qjlQ==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:pyaEKKNJrwJ7cVxHg64dVT3i08Wbboo1wmGC+U6qW1l73oHY,iv:AkJ32rtr+a50xw30Jr5/Sb/flIK7cJG30Iw44Hb5FUU=,tag:d0c+ezonaZ5mSFsPCRr+lg==,type:str]
|
||||
#ENC[AES256_GCM,data:v8kPeimXbQc9fA==,iv:f4kPRsNSUpqy8Vhe1I7CoN5X2kq/h74H8GAbkKmcslU=,tag:6RiCtYXezZ1+7e3DI0Jlww==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:oza5WDfR+sGXdW5sTrHfjl1haxq8B6r3bddChsmV6FQIz/AF,iv:hH3Zr9gsd+fdIdbZTMD8L5c71WtODm/yLvj0TcvSa4Q=,tag:mQxIYxnyvsNPhlXC6SwcHQ==,type:str]
|
||||
#ENC[AES256_GCM,data:t088qCSsFlUCHw==,iv:hmLtwQVU4sfaPRDs+hk4LuMGlLFh4X+jq/Lm1BndyyY=,tag:JkqjOFPqYZ6PkjDV2DC1LA==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:xALQ/0gw5FeInNhWACt4aL0PJhnXBBMrDIcmC8DuwKy8X8YS,iv:4AT8vFMFSnQ3f5W9dXyYlYGHegnN7+3Jvb+6AiIotgY=,tag:WLRWve/V37GK52xX61dphQ==,type:str]
|
||||
#ENC[AES256_GCM,data:q9md9z3G56TxRxo=,iv:7iqkqUZkdTYZgDFG7W4LgUxu1Ej7BW2bbf/UKO6XHm0=,tag:rtTIzd11/w+ZaWylDO8qcQ==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:FoJvPPZZxUjPF/41kZnFeJl0tA6sMo3QZ861gJyOj/Z4H5b3,iv:oGjaZ6S4Cx18qOuxPhiJXsKsHgv78y6u5oe3yWegob4=,tag:Yaln5CwBcQxmOmPxK3QFWg==,type:str]
|
||||
#ENC[AES256_GCM,data:NCSde360stul/Bg=,iv:s7sBwjT4gWqkRp2qRs6LVWmo6G9iul/YYGwFriLIOgU=,tag:b4n6y2Z9bGfdnMEd0Om1Ow==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:1ORcDJ3eb+ohwWYVQa2wqoEqJD+1SiSFP3ZGoSEzmn9v41xW,iv:QkZwkI4wxO6ELWozCSZCxR4/FUSeGSbPx655d8RzsD8=,tag:i9KcmcoV57zKNvRIMexV3g==,type:str]
|
||||
#ENC[AES256_GCM,data:0nKWzfJN63aG,iv:TsVdd7xhf0m0v4hWYSrbLyU5yrfviBqWKW5iQ9fwmN4=,tag:h6k5YwGO3rWAdumWEWjOjQ==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:AOLJcash08/caBGQwAomJqn6twokZT3hR7v06LsA2SFzPO+d,iv:wR10fgBQJFdKMHiwnGrcpAPodojqF04MqICz3hS/NOg=,tag:i7QScjq+Q3bGCW31kmZ8cA==,type:str]
|
||||
#ENC[AES256_GCM,data:MPxp5ByvaGlzT6E=,iv:jQgU1CkGL/7HWrPBfcuolcbH4JywEYishMgMs2U+Hf8=,tag:nUYRxYhuu84a4fB60c3/qA==,type:comment]
|
||||
user23: ENC[AES256_GCM,data:Tu6wla+a1YJrwl4kPTBvOc7FfslJvU4dqvM0x8WWIgqMvtKx,iv:zHAK7zeW4oXnBDFhfhjYXG03utVV4e3Ytq4B3n2U1+A=,tag:LuGmEksvoxip5/2SUPptIQ==,type:str]
|
||||
#ENC[AES256_GCM,data:N90c2ThJckmw+AE=,iv:Lrw0p/HLzWdz6WyO8CjHfnuIHsZut4eUcg786AYhGLI=,tag:J3s1QHEqmxA7Twaqy28X2w==,type:comment]
|
||||
user24: ENC[AES256_GCM,data:oCBJAUCZMDMXcwQy5WTx4mgf+2R1P6GW3H47DQCQlqD3w/E6,iv:eBIbcALdsBo4DEgrqvF/Ikz96tDznZfGnyswPpnHF0s=,tag:VH9UpMdSCv6mUJhbNbB5NA==,type:str]
|
||||
#ENC[AES256_GCM,data:L8sLOCZPDuDs/0I=,iv:fTGz1ic5oeVhPDKoioTBqaVgfPMx41Drsph757OJNZI=,tag:akxseSJLwJhQBbFUAQdbyw==,type:comment]
|
||||
user25: ENC[AES256_GCM,data:mjGyAwUjgdnyIXwsHEF/QbZiyqF9qpq+iIFkG2YH28hs336f,iv:dqLR2uy+VguRnmn9HRuS8cTPf2n3Q7Z64t1n/iQInhE=,tag:CZHGF3z0pi6YD+jzXv2ZsQ==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:j3juaKDM2ybruxp0T+7BkGBRwLWWwZARnHg42r/lDYNn+HPSAAc3dKQKFg==,iv:lzyHejiEri4S4mzDPm7xtbvbva3Nssmx0MCzyt4SngI=,tag:0FpbyU7OlgpaLIoj93oNFg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTXhTN0RXRWRLK3A3RFRJ
|
||||
ZzRkQVg0N043N1VObjFpdE05bnM4OWJQOTBJClhpVVFNN0ZmVVpzaThyREhLeFpI
|
||||
SnErNXZVSWd3RW1DUlJ0eVpibTg2SFkKLS0tIFNVU1VCL0t5dWhRandrUmpITmlS
|
||||
SW1mRzMyeVNpME53ZXhwQllWV1JxbkEKWze5y1HRR/79k7AIvofuc8RdkQVIEsJ2
|
||||
H2djW/x3KmKTtDVB9DTBQZHpNOOHIJ/nX//JP3s93xvPUizD0olQHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK1V2eks1QXUzODJiWXRD
|
||||
Vi9pT1hBNXNDODE0NUNKRXZPbEJobVpEaWhBCjl2WFhiZ1Y2dUx5L3BaVjdVdS94
|
||||
bUlKeGVNeEZJanUyazhsVG1ta2d6aEEKLS0tIFJYaVZCWXhyTDJNTW1EVnczS2ti
|
||||
K1NNbk1uYUdpVnVYZEpiN3ZtbEpOK2MKI9G4JCU47BiW1zpWCgqtHuUaryIF3+Xn
|
||||
hqE4/OIgF8od70eNZ5UWvMneQLsnDEcIOa9i9D/L9A3Hkn5AlRoPQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MTZIWEQ1MVI0ZlNobHht
|
||||
YjJjYndFaTVrOVNaaTNuVU9nNHJRdWlObkhjCnIwSTJBM3p2bXZOaWRZZ3MxSGV3
|
||||
emJTL3JFQUJPN1d0QVEvVVU3RC9kaWcKLS0tIFNYZmVrWmVQRXd2MXF5NHdmbFhG
|
||||
Q3lSOFNsdDRkWHJlazNCL0VDK1czdEkK+kp9jQrSV1IPTG+r8q0MRD9jbPSj0z0I
|
||||
dVxhPAUNUqf4MPM/YbqA5YOhwZ89Z7gXsbtFezZbPNxIqyTISgcmJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2TGVpNmJ6bU9veTA5a2g5
|
||||
VmFEemxkTUtuMllJcnZsWG5lOExkalFHNGtzCm4xSnZnVHhrWVZFS05MQ0xtNElw
|
||||
dlpOU2JuSHFuYm5KUncxaFAwaUxhUlkKLS0tIGV6a3A2SnJWbEVvTFFNc3dHOU81
|
||||
N1htdGwwNWtHR2R3cGdtNlF6ajF6MkkKSjbyxsPZYeXd/4A60g8E1aSIIwR3ca9g
|
||||
/9p8PV1duXhKkJcGKgDiwL3FxrFZ54rpySZeqMC16nQtnk3Fzt1k9w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaTZIY0dmUkFHWHNKZHN6
|
||||
aEZyRkY3b0tnRGdJREQySHJBSkMxcFFxeUdzCjluYW0yRmM0V0RTQUhhcTFYU3VH
|
||||
V2ZjK0grR0NEYW5kbzlVMHN4STFMdU0KLS0tIGRoNWNZTHdOWUpuaWhRQVZQZlkr
|
||||
b3ovaWVTdHJ6SzBrS0JlVk5Fd2xBcHcK+RI+BsGiVQpd0hdAPZJwbzbTsb4xql6b
|
||||
ozSUmoy7yLD/ubeKzkajXlF46ya5LonALUFkw6e0nbHKF85Rj9OBRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-16T03:47:07Z"
|
||||
mac: ENC[AES256_GCM,data:ekU7qBI4r3IEoKKx0DWooK8chmKt52ciKMBAbY3KxsWIN384mP1TLsmjSVB2emVgiJTB7fVHq5Zu0RZOPbrRdqS+FnRnlSwf7GdTxo7VjJV3/eCoMwsV1UEwsqTqr8DUhaYDlT8Wm08THrarlBYaaOKtEJ8Qas2ykOxVyJbyzAI=,iv:y294b1hMUX7GM/AjjEEbbpv4woIrj6OjRmNoZcRB26c=,tag:THsUv0NdNZWtrecpq6xtzA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -13,6 +13,11 @@ let
|
||||
# 通过 initrd.xxx.chn.moe 访问
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
|
||||
};
|
||||
vps9 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIG+D3saEp9zThXY466WroVtqIbBSYK9M/QcsiuGgxsTV";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINBXlJjt2XoJvKQ8Mb91dSF1ibJAwOYzx+TPeTW6nIlT";
|
||||
};
|
||||
nas =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
|
||||
@@ -34,10 +39,15 @@ let
|
||||
proxyJump = "srv1";
|
||||
};
|
||||
srv2-node0 =
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6"; extraAccess = [ "srv2" ]; };
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp"; extraAccess = [ "srv2" ]; };
|
||||
srv2-node1 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
|
||||
proxyJump = "srv2";
|
||||
};
|
||||
srv2-node2 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIK9FZUOZ51pWdm2grTXDdSGMZ3g9DkvHUBvY8bFoTZjy";
|
||||
proxyJump = "srv2";
|
||||
};
|
||||
};
|
||||
@@ -52,13 +62,7 @@ in
|
||||
value =
|
||||
{
|
||||
publicKey = "ssh-ed25519 ${device.value.publicKey}";
|
||||
hostNames =
|
||||
# 直接访问
|
||||
[ "${device.name}.chn.moe" ]
|
||||
# 通过 wirewireguard 访问
|
||||
++ (builtins.map (net: "${net}.${device.name}.chn.moe")
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net))
|
||||
# 额外的域名
|
||||
hostNames = [ "${device.name}.chn.moe" "tinc0.${device.name}.chn.moe" "${device.name}.ts.chn.moe" ]
|
||||
++ (builtins.map (domain: "${domain}.chn.moe") device.value.extraAccess or []);
|
||||
};
|
||||
}]
|
||||
@@ -88,18 +92,26 @@ in
|
||||
})
|
||||
((device.value.extraAccess or []) ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
# 通过 wireguard 访问
|
||||
(builtins.concatLists (builtins.map
|
||||
(net: builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
name = "${net}.${name}";
|
||||
value = genericConfig // { host = "${net}.${name}"; hostname = "${net}.${name}.chn.moe"; };
|
||||
})
|
||||
((device.value.extraAccess or []) ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net)))
|
||||
# 通过 tinc 访问
|
||||
(builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
name = "tinc0.${name}";
|
||||
value = genericConfig // { host = "tinc0.${name}"; hostname = "tinc0.${name}.chn.moe"; };
|
||||
})
|
||||
(device.value.extraAccess or [] ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
# 通过 tailscale 访问
|
||||
(builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
name = "ts.${name}";
|
||||
value = genericConfig // { host = "ts.${name}"; hostname = "${name}.ts.chn.moe"; };
|
||||
})
|
||||
(device.value.extraAccess or [] ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
]));
|
||||
}];
|
||||
};
|
||||
|
||||
209
devices/cross/tinc.nix
Normal file
209
devices/cross/tinc.nix
Normal file
@@ -0,0 +1,209 @@
|
||||
inputs:
|
||||
let
|
||||
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
|
||||
inherit (inputs.config.nixos.model) hostname;
|
||||
publicKey =
|
||||
{
|
||||
nas = "sSN3eeBgrMXF6/XYfEBe54TXmfHETOESX+SyrpGlmDK";
|
||||
pc = "soafMZ/0EViMhKYNc8g8pp4sbhR/2HnnXwGQln0BgCK";
|
||||
srv1-node0 = "ZKUwi386ZssXLQGORUzlRxof7NhXigUw3QZHAP0Pb8N";
|
||||
srv1-node1 = "5eti59LrOMejEWYDxOYrh7SD93nLMSH+iX7vaBN4BrE";
|
||||
srv1-node2 = "e6jW9g4QY357ocMRoW4P0s6UHAspvKJzmAGb/WT1a+H";
|
||||
srv2-node0 = "zTv+o7K2SpcPp9YLrPe8iJqCunrCiJyqz13fXcDouEH";
|
||||
srv2-node1 = "sk/w+GBrt0lzkTZ3y3vZ/eHKNrG8X95eqR9IuhCFYwB";
|
||||
srv2-node2 = "csZoiTwZItonm6h+uqkJ5z9J6o1iFlBESQ2u97Wz2JL";
|
||||
vps4 = "N03OoCyj4ADkeN3cimJI/bJrBw8g1kz3TJ+1BTe+oyA";
|
||||
vps6 = "rYOCGG+B4isTifKJQqsEdfhQuQRnUiIsvz7uI7vZiDN";
|
||||
vps9 = "fCAqgs9VcYpTLccwFtSkx3dwMDG6787MQX4ycekxRSJ";
|
||||
};
|
||||
# 描述可以直接的设备之间的连接(图上的路径)。若一个设备可以主动接受连接,则设置它接受连接的 ip;否则设置为 null
|
||||
# 因为一条条路径描述起来比较麻烦,所以这里一次描述多条
|
||||
subnets =
|
||||
[
|
||||
# vps
|
||||
{ device = inputs.lib.genAttrs [ "vps4" "vps6" "vps9" ] getAddress; distance = 1; }
|
||||
# 使用 vps9 代理的机器
|
||||
{
|
||||
device = (inputs.lib.genAttrs [ "nas" "srv1-node0" "srv2-node0" ] (_: null)) // { vps9 = getAddress "vps9"; };
|
||||
distance = 10;
|
||||
}
|
||||
# 使用 vps6 代理的机器
|
||||
{ device = { vps6 = getAddress "vps6"; pc = null; }; distance = 10; }
|
||||
# 校内网络
|
||||
{ device = (inputs.lib.genAttrs [ "srv1-node0" "srv2-node0" ] getAddress) // { nas = null; }; distance = 1; }
|
||||
# srv1 内部网络
|
||||
{
|
||||
device = inputs.lib.genAttrs' (builtins.genList (n: n) 3)
|
||||
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}");
|
||||
distance = 1;
|
||||
}
|
||||
# srv2 内部网络
|
||||
{
|
||||
device = inputs.lib.genAttrs' (builtins.genList (n: n) 3)
|
||||
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}");
|
||||
distance = 1;
|
||||
}
|
||||
];
|
||||
# 给定起止点,返回最短路径的第一跳的目的地,以及总路程长度
|
||||
# 结构是:from.to = null or { address = xxx or null; length = xx; jump = xx; }
|
||||
# 如果两个设备不能连接,返回 null;
|
||||
# 如果可以主动连接,返回 { address = xxx; length = xx; jump = xx; };
|
||||
# 如果只可以被动连接,返回 { address = null; length = xx; jump = xx; };
|
||||
connection =
|
||||
let
|
||||
# 将给定子网翻译成一列边,返回 [{ device = { dev1 = null or ip; dev2 = null or ip; }; distance = xxx; }]
|
||||
# 边中至少有一个端点是可以接受连接的
|
||||
netToEdges = subnet: builtins.filter (v: v != null) (builtins.concatLists
|
||||
(inputs.lib.imap
|
||||
(i1: v1: inputs.lib.imap
|
||||
(i2: v2:
|
||||
if i2 <= i1 || (subnet.device.${v1} == null && subnet.device.${v2} == null) then null
|
||||
else { device = inputs.lib.genAttrs [ v1 v2 ] (v: subnet.device.${v}); inherit (subnet) distance; })
|
||||
(builtins.attrNames subnet.device))
|
||||
(builtins.attrNames subnet.device)));
|
||||
# 在一个图中加入一个边
|
||||
# current 的结构是:from.to = null or { address = xxx or null; length = xx; jump = xx; }
|
||||
addEdge = current: newEdge: builtins.mapAttrs
|
||||
(nameFrom: valueFrom: builtins.mapAttrs
|
||||
(nameTo: valueTo:
|
||||
# 不处理自己到自己的路
|
||||
if nameFrom == nameTo then null
|
||||
# 如果要加入的边包含起点
|
||||
else if newEdge.device ? "${nameFrom}" then
|
||||
# 如果要加入的边包含终点,那么这两个点可以直连
|
||||
if newEdge.device ? "${nameTo}"
|
||||
then { address = newEdge.device.${nameTo}; length = newEdge.distance; jump = nameTo; }
|
||||
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge.device)); in
|
||||
# 如果边的另外一个点到终点可以连接
|
||||
if current.${edgePoint2}.${nameTo} != null then
|
||||
# 如果之前不能连接,或者之前的连接比新的要长,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null || (current.${nameFrom}.${nameTo}.length or 0
|
||||
> newEdge.distance + current.${edgePoint2}.${nameTo}.length or 0) then
|
||||
{
|
||||
address = newEdge.device.${edgePoint2};
|
||||
length = newEdge.distance + current.${edgePoint2}.${nameTo}.length;
|
||||
jump = edgePoint2;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边包不包含起点但包含终点
|
||||
else if newEdge.device ? "${nameTo}" then
|
||||
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge.device)); in
|
||||
# 如果起点与另外一个点可以相连
|
||||
if current.${nameFrom}.${edgePoint2} != null then
|
||||
# 如果之前不能连接,或者新连接更短,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null || (current.${nameFrom}.${nameTo}.length or 0
|
||||
> current.${nameFrom}.${edgePoint2}.length or 0 + newEdge.distance) then
|
||||
{
|
||||
inherit (current.${nameFrom}.${edgePoint2}) address jump;
|
||||
length = newEdge.distance + current.${nameFrom}.${edgePoint2}.length;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果起点与另外一个点不可以相连,则不改变连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边不包含起点和终点
|
||||
else
|
||||
let
|
||||
edgePoints = builtins.attrNames newEdge.device;
|
||||
p1 = builtins.elemAt edgePoints 0;
|
||||
p2 = builtins.elemAt edgePoints 1;
|
||||
in
|
||||
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
|
||||
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
inherit (current.${nameFrom}.${p1}) address jump;
|
||||
length = current.${nameFrom}.${p1}.length + newEdge.distance + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
|
||||
else builtins.head (inputs.lib.sort (a: b: a.length < b.length)
|
||||
[
|
||||
# 原先的连接
|
||||
current.${nameFrom}.${nameTo}
|
||||
# 正着连接
|
||||
{
|
||||
inherit (current.${nameFrom}.${p1}) address jump;
|
||||
length = current.${nameFrom}.${p1}.length + newEdge.distance + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 反着连接
|
||||
{
|
||||
inherit (current.${nameFrom}.${p2}) address jump;
|
||||
length = current.${nameFrom}.${p2}.length + newEdge.distance + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
])
|
||||
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
|
||||
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
|
||||
{
|
||||
inherit (current.${nameFrom}.${p2}) address jump;
|
||||
length = current.${nameFrom}.${p2}.length + newEdge.distance + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
# 如果正着连接、反向连接都不行,那么就不更新连接
|
||||
else current.${nameFrom}.${nameTo})
|
||||
valueFrom)
|
||||
current;
|
||||
# 初始时,所有点之间都不连接
|
||||
init = builtins.mapAttrs (_: _: builtins.mapAttrs (_: _: null) publicKey) publicKey;
|
||||
in builtins.foldl' addEdge init (inputs.lib.flatten (builtins.map netToEdges subnets));
|
||||
tincHostname = builtins.replaceStrings [ "-" ] [ "_" ];
|
||||
in
|
||||
{
|
||||
config = inputs.lib.mkIf (builtins.hasAttr hostname publicKey)
|
||||
{
|
||||
services.tinc.networks.tinc0 =
|
||||
{
|
||||
settings =
|
||||
{
|
||||
Interface = "tinc0";
|
||||
Name = tincHostname hostname;
|
||||
PingInterval = 10;
|
||||
TCPOnly = true;
|
||||
Proxy = inputs.lib.mkIf (inputs.config.nixos.services.xray.client != null) "socks5 127.0.0.1 10885";
|
||||
ConnectTo = builtins.map tincHostname (builtins.attrNames
|
||||
(inputs.lib.filterAttrs (n: v: (v.address or null != null) && (v.jump or null == n)) connection.${hostname}));
|
||||
};
|
||||
ed25519PrivateKeyFile = inputs.config.nixos.system.sops.secrets."tinc".path;
|
||||
hostSettings = inputs.lib.mkMerge
|
||||
[
|
||||
# 本机
|
||||
{
|
||||
"${tincHostname hostname}" =
|
||||
{
|
||||
settings.Ed25519PublicKey = publicKey.${hostname};
|
||||
subnets = [{ address = getAddress "tinc0.${hostname}"; weight = 0; }];
|
||||
};
|
||||
}
|
||||
(inputs.lib.mkMerge (inputs.lib.mapAttrsToList
|
||||
(n: v: { "${tincHostname v.jump}" =
|
||||
{
|
||||
addresses = inputs.lib.optionals (v.address != null) [{ inherit (v) address; }];
|
||||
settings = { Ed25519PublicKey = publicKey.${v.jump}; IndirectData = true; };
|
||||
subnets = [{ address = getAddress "tinc0.${n}"; weight = v.length; }];
|
||||
};})
|
||||
(inputs.lib.filterAttrs (_: v: v != null) connection.${hostname})))
|
||||
];
|
||||
};
|
||||
nixos.system =
|
||||
{
|
||||
sops.secrets."tinc".owner = "tinc-tinc0";
|
||||
network.settings = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "systemd-networkd")
|
||||
{ static."tinc0" = { ip = getAddress "tinc0.${hostname}"; mask = 24; }; };
|
||||
};
|
||||
environment =
|
||||
{
|
||||
etc = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "networkmanager")
|
||||
{
|
||||
"tinc/tinc0/tinc-up".source = inputs.pkgs.writeShellScript "tinc-up"
|
||||
''
|
||||
${inputs.pkgs.iproute2}/bin/ip link set $INTERFACE up
|
||||
${inputs.pkgs.iproute2}/bin/ip addr add ${getAddress "tinc0.${hostname}"}/24 dev $INTERFACE
|
||||
'';
|
||||
};
|
||||
systemPackages = [ inputs.config.services.tinc.networks.tinc0.package ];
|
||||
};
|
||||
networking.firewall = { allowedTCPPorts = [ 655 ]; allowedUDPPorts = [ 655 ]; trustedInterfaces = [ "tinc0" ]; };
|
||||
};
|
||||
}
|
||||
@@ -1,213 +0,0 @@
|
||||
inputs:
|
||||
let
|
||||
publicKey =
|
||||
{
|
||||
vps4 = "sUB97q3lPyGkFqPmjETzDP71J69ZVfaUTWs85+HA12g=";
|
||||
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
|
||||
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
|
||||
srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
|
||||
srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww=";
|
||||
srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo=";
|
||||
srv2-node0 = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
|
||||
srv2-node1 = "wc+DkY/WlGkLeI8cMcoRHcCcITNqX26P1v5JlkQwWSc=";
|
||||
};
|
||||
dns = inputs.topInputs.self.config.dns.wireguard;
|
||||
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
|
||||
listenPort =
|
||||
{
|
||||
wg0 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name 51820)
|
||||
(builtins.attrNames publicKey));
|
||||
wg1 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name (51820 + dns.peer.${name}))
|
||||
(builtins.attrNames publicKey));
|
||||
};
|
||||
subnet = # 设备之间可以直接连接的子网。若一个设备可以主动接受连接,则设置它接受连接的 ip;否则设置为 null
|
||||
{
|
||||
wg0 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map
|
||||
(n: { name = n; value = null; })
|
||||
(inputs.lib.subtractLists [ "vps4" "vps6" ] (builtins.attrNames publicKey)))
|
||||
))
|
||||
];
|
||||
wg1 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" "srv1-node0" "srv2-node0" ])
|
||||
))
|
||||
# 校内网络
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "srv1-node0" "srv2-node0" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" ])
|
||||
))
|
||||
# 办公室或者宿舍局域网
|
||||
(builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "pc" "nas" ]))
|
||||
# 集群内部网络
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 3)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 2)))
|
||||
];
|
||||
};
|
||||
# 给定起止点,返回最短路径的第一跳的目的地
|
||||
# 如果两个设备不能连接,返回 null;
|
||||
# 如果可以直接、主动连接,返回 { address = xx; port = xx; };如果可以直接连接但是被动连接,返回 { address = null; };
|
||||
# 如果需要中转,返回 { jump = 下一跳; }
|
||||
connection =
|
||||
let
|
||||
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
|
||||
# 边中至少有一个端点是可以接受连接的
|
||||
netToEdges = subnet:
|
||||
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
|
||||
in inputs.lib.unique (builtins.concatLists (builtins.map
|
||||
(dev1: builtins.map
|
||||
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
|
||||
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
|
||||
devWithAddress));
|
||||
# 在一个图中加入一个边
|
||||
# current 的结构是:from.to = null or { address = xxx or null; length = l; jump = ""; }
|
||||
addEdge = current: newEdge: builtins.mapAttrs
|
||||
(nameFrom: valueFrom: builtins.mapAttrs
|
||||
(nameTo: valueTo:
|
||||
# 不处理自己到自己的路
|
||||
if nameFrom == nameTo then null
|
||||
# 如果要加入的边包含起点
|
||||
else if newEdge ? "${nameFrom}" then
|
||||
# 如果要加入的边包含终点,那么这两个点可以直连
|
||||
if newEdge ? "${nameTo}"
|
||||
then { address = newEdge.${nameTo}; length = 1; }
|
||||
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
|
||||
# 如果边的另外一个点到终点可以连接
|
||||
if current.${edgePoint2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边包不包含起点但包含终点
|
||||
else if newEdge ? "${nameTo}" then
|
||||
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
|
||||
# 如果起点与另外一个点可以相连
|
||||
if current.${nameFrom}.${edgePoint2} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果起点与另外一个点不可以相连,则不改变连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边不包含起点和终点
|
||||
else
|
||||
let
|
||||
edgePoints = builtins.attrNames newEdge;
|
||||
p1 = builtins.elemAt edgePoints 0;
|
||||
p2 = builtins.elemAt edgePoints 1;
|
||||
in
|
||||
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
|
||||
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
|
||||
else builtins.head (inputs.lib.sort
|
||||
(a: b: if a == null then false else if b == null then true else a.length < b.length)
|
||||
[
|
||||
# 原先的连接
|
||||
current.${nameFrom}.${nameTo}
|
||||
# 正着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 反着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
])
|
||||
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
|
||||
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
# 如果正着连接、反向连接都不行,那么就不更新连接
|
||||
else current.${nameFrom}.${nameTo})
|
||||
valueFrom)
|
||||
current;
|
||||
# 初始时,所有点之间都不连接
|
||||
init = builtins.listToAttrs (builtins.map
|
||||
(dev1:
|
||||
{
|
||||
name = dev1;
|
||||
value = builtins.listToAttrs (builtins.map
|
||||
(dev2: { name = dev2; value = null; })
|
||||
(builtins.attrNames publicKey));
|
||||
})
|
||||
(builtins.attrNames publicKey));
|
||||
in builtins.mapAttrs (_: v: builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges v))) subnet;
|
||||
networks = builtins.mapAttrs
|
||||
(n: v: builtins.listToAttrs (builtins.map
|
||||
(deviceName: inputs.lib.nameValuePair deviceName
|
||||
{
|
||||
ip = "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${deviceName}}";
|
||||
listenPort = listenPort.${n}.${deviceName};
|
||||
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(peerName:
|
||||
# 如果不能直连,就不用加 peer
|
||||
inputs.lib.optionals (v.${deviceName}.${peerName} ? address)
|
||||
[{
|
||||
name = peerName;
|
||||
value =
|
||||
{
|
||||
publicKey = publicKey.${peerName};
|
||||
allowedIPs =
|
||||
[ "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${peerName}}" ]
|
||||
++ builtins.map
|
||||
(destination:
|
||||
"192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${destination}}")
|
||||
(builtins.filter
|
||||
(destination: v.${deviceName}.${destination}.jump or null == peerName)
|
||||
(builtins.attrNames publicKey));
|
||||
}
|
||||
// inputs.lib.optionalAttrs (v.${deviceName}.${peerName}.address != null)
|
||||
{
|
||||
endpoint = "${v.${deviceName}.${peerName}.address}:"
|
||||
+ builtins.toString (listenPort.${n}.${peerName});
|
||||
};
|
||||
}])
|
||||
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
|
||||
})
|
||||
(builtins.attrNames publicKey))
|
||||
)
|
||||
connection;
|
||||
in { config.nixos.services.wireguard = builtins.mapAttrs (_: v: v.${inputs.config.nixos.model.hostname}) networks; }
|
||||
@@ -18,7 +18,7 @@ let
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "jykang";
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj ];
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj sqlite ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
@@ -11,6 +11,7 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlBxisj3sU9QC8UC5gX6sakf7G03ybbkmHtD2cybuZA qmx
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWU/OlrP8bJ5k7IqpIwUC1COuVsmrYVreW/ieEdPYdj ccy
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
|
||||
@@ -18,5 +19,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFL+fpLRUHy6Bop91ACIUjyekWn+ZGCEOzfrqnaEsn+ yj
|
||||
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat
|
||||
@@ -4,7 +4,7 @@ inputs:
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model = { type = "server"; private = true; };
|
||||
model.private = true;
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
@@ -25,11 +25,9 @@ inputs:
|
||||
};
|
||||
initrd.sshd = {};
|
||||
nixpkgs.march = "alderlake";
|
||||
network =
|
||||
{
|
||||
bridge.nixvirt.interfaces = [ "enp3s0" ];
|
||||
static.nixvirt = { ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
};
|
||||
nix.marches = inputs.topInputs.self.nixosConfigurations.pc.config.nixos.system.nix.marches;
|
||||
network.settings.static.enp3s0 =
|
||||
{ ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
kernel.patches = [ "btrfs" ];
|
||||
};
|
||||
hardware.gpu.type = "intel";
|
||||
@@ -40,13 +38,13 @@ inputs:
|
||||
{
|
||||
client =
|
||||
{
|
||||
xray.serverName = "xserver2.vps4.chn.moe";
|
||||
xray.serverName = "xserver2.vps9.chn.moe";
|
||||
dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
|
||||
};
|
||||
xmuServer = {};
|
||||
server.serverName = "xservernas.chn.moe";
|
||||
};
|
||||
beesd."/" = { hashTableSizeMB = 10 * 128; threads = 4; };
|
||||
beesd."/".hashTableSizeMB = 10 * 128;
|
||||
nix-serve.hostname = "nix-store.nas.chn.moe";
|
||||
postgresql.mountFrom = "ssd";
|
||||
mariadb.mountFrom = "ssd";
|
||||
@@ -70,11 +68,11 @@ inputs:
|
||||
podman = {};
|
||||
peertube = {};
|
||||
nginx.applications.webdav.instances."webdav.chn.moe" = {};
|
||||
# open-webui.ollamaHost = "192.168.83.3";
|
||||
nixvirt = {};
|
||||
nfs."/" = [ "100.97.101.0/24" ];
|
||||
};
|
||||
};
|
||||
systemd.tmpfiles.rules =
|
||||
[ "w /sys/class/powercap/intel-rapl/intel-rapl:0/constraint_0_power_limit_uw - - - - 10000000" ];
|
||||
boot.nixStoreMountOpts = [ "nodev" "nosuid" ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
|
||||
xray-xmu-server: ENC[AES256_GCM,data:3O5rFi5szla70M/c62JV4nGWKPSOREImrOucjeVYf9bde6K8,iv:PGCqlmHtaNuWOtAAeJ6O+CWFpMszijozU1OpUFrftjs=,tag:iGTOoNvQhhZy2FL9jy1KIQ==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
@@ -77,11 +76,9 @@ grafana:
|
||||
peertube:
|
||||
secrets: ENC[AES256_GCM,data:9pm5hD8FdbmFIRZZX5+C0NyXn8qdt0OIlecu79xjVrWd8C6H7C01Uriw5M1qifTIJLDMvJC36Trci0/eniDsEA==,iv:iZ/KiwgFm5TyZBZxo8n9k3Lr3o3Vk+c4zFn9efPtJYw=,tag:HGgoRL1C3Nm/KTHGfq2Ejg==,type:str]
|
||||
password: ENC[AES256_GCM,data:PNrcz2PnGF6WGa7vL5PBWiM03xsA2B2imPiwHpU0IMPN/CMh77eMVtwmoxtl6QkGl1UKb12975NJsfJwJPg9gg==,iv:vjFl6SFNqZhTHmmxRckYAj8nZ1IbFtTfTAxYkdSf/lI=,tag:K2PpVnu+919MddGl5qJn+w==,type:str]
|
||||
open-webui:
|
||||
openai: ENC[AES256_GCM,data:E8/Szd4ZFat/R4UW6F4qVEvKmq55sT7mpY6hK274JDCYJgjfQdtJ3gY=,iv:Ryxy19pQsY9pFfz/E4SbBfxYx0N5BXqZtR/Kv9E+0uM=,tag:GEd5+N/ziOncF1UhrwgngQ==,type:str]
|
||||
webui: ENC[AES256_GCM,data:6rpvA80i+HXkDQgYCDIHbXwDfxHq/5tXQRK4piI=,iv:vVIBHf/9LnY1z4zVZGB0ZRBRwLpdXKvNhsYWySxhsiY=,tag:JmbDJKlZ2dH13+drXyXXPg==,type:str]
|
||||
nixvirt:
|
||||
yumieko: ENC[AES256_GCM,data:tO+67mdCFH8=,iv:vl+PLSBfMDk7rGmpjuZ8TnEC1B8tni2pphC7cTmxQU0=,tag:RVW5UaUD0g0HDpoGp2/mAA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:IziBdx/fkWltRubpBYcCuZ/jwM7U6OUA8WAglvMRoCN3eFjQEm3GN+J30tfTt8P2ngwHmaKJ7ry7rB7nhLmIUzhNrLEHprwZwqhAIgpMHo4pcCfJBE5Y7ba+kTk3eOI4waxwmfRqFdccmmkDTtw0En0WtSj0/ysOM4n8mmgeYxc5KIUNfasc0IHfHVtNahljvFUpExeT6Tpu9Caa1cznnFQYlMXsEGkveUHNOcEq4DWCUEVCTOE4/jcSg2j3+dJre3/Qz1ELi78=,iv:PmkrR2nccHrKrXr5V+YBVP4eQHBxPIw16ePfgjP7wgY=,tag:jsAh/QfimQ4swHnEtQsiIQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -102,7 +99,7 @@ sops:
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-07T00:23:06Z"
|
||||
mac: ENC[AES256_GCM,data:Vmcv7Hof4ZR8uXOwbk8zeKSfVldCxJQ696m3mCe6ar5FKpGja0f2XbW8a7tpuYqfwNa5Z7OCovku40PZ/TSmq91hQlZ+zbXe66nPx3/ybbQUSu1rvujprv36kvp1BQwK5A2clLEX7Vo7fGsTq1jX1AFrNM7zTJABrET/7yqVdTE=,iv:IkODPE4AMMLpBNbgwbOpYLWpG7IkRPKVBiLfxKASmPs=,tag:9xfwdCvaWvVey24dLmkFSQ==,type:str]
|
||||
lastmodified: "2025-10-12T08:53:54Z"
|
||||
mac: ENC[AES256_GCM,data:BmUcsv1AFkmIYdrYsYcjZExdyIfbAK+RHeIgaHvvgaGNxl3LxaS04CIwTB7HKA2vl87V+1Z2I/pGdEgE+KcUxl1RaRhGDTjkJeoxubSnwnhPb7B1WAb18MXXD5LiMUZzoGoMcqRTbkBIX9JJHcrdiKuSiXuyn6HbP/9g50unr2w=,iv:XMWqHOtodBX8UvPfGhoSt08gbacabzEJ59r4qrPOx2s=,tag:/dEIE5lMG1J54cIVB2Impg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -34,7 +34,7 @@ inputs:
|
||||
];
|
||||
nixpkgs = { march = "znver5"; rocm = true; };
|
||||
sysctl.laptop-mode = 5;
|
||||
kernel = { variant = "cachyos"; patches = [ "btusb" ]; };
|
||||
kernel.variant = "cachyos";
|
||||
};
|
||||
hardware = { gpu.type = "amd"; asus = {};};
|
||||
services =
|
||||
@@ -81,24 +81,31 @@ inputs:
|
||||
podman = {};
|
||||
ananicy = {};
|
||||
keyd = {};
|
||||
kvm.aarch64 = true;
|
||||
peerBanHelper = {};
|
||||
kvm = {};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
lumericalLicenseManager.macAddress = "10:5f:ad:10:3e:ca";
|
||||
waydroid = {};
|
||||
open-webui.ollamaHost = "127.0.0.1";
|
||||
};
|
||||
bugs = [ "xmunet" "amdpstate" "iwlwifi" ];
|
||||
packages = { mathematica = {}; vasp = {}; lumerical = {}; };
|
||||
user.users = [ "chn" "xly" ];
|
||||
user.users = [ "chn" "xly" "lilydjwg" ];
|
||||
};
|
||||
# 允许kvm读取物理硬盘
|
||||
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
|
||||
services.colord.enable = true;
|
||||
# 禁止鼠标等在睡眠时唤醒
|
||||
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
|
||||
services.udev.extraRules =
|
||||
''
|
||||
# 禁止鼠标等在睡眠时唤醒
|
||||
ACTION=="add", ATTR{power/wakeup}="disabled"
|
||||
# CPU降压
|
||||
SUBSYSTEM=="power_supply", KERNEL=="BAT0", ACTION=="*", RUN+="${inputs.pkgs.ryzenadj}/bin/ryzenadj --set-coall=0x0fff00"
|
||||
'';
|
||||
# 解决有时蓝牙不能使用的问题
|
||||
boot.kernelParams = [ "mt7925e.disable_aspm=1" ];
|
||||
specialisation.niri.configuration.nixos.system.gui.implementation = "niri";
|
||||
nixos.services.xray.client.xray.serverName = "xserver2.vps4.chn.moe";
|
||||
specialisation =
|
||||
{
|
||||
niri.configuration.nixos.system.gui.implementation = "niri";
|
||||
xanmod.configuration.nixos.system.kernel.variant = inputs.lib.mkForce "xanmod-lts";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
|
||||
redis:
|
||||
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:9QoVM69efr3+UGEo/GPY6IBBxfcqE+3erRTrqSdeTf4XziVMlzWTMdhV9jU=,iv:3abQtZ8cpejqXsJPx6SvSS2cXAKMDkEKEhl9LE319RQ=,tag:1uBPK/0VLPPMzj4rl+iQMQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
|
||||
nix:
|
||||
@@ -16,6 +15,10 @@ searx:
|
||||
xray-xmu-client:
|
||||
uuid: ENC[AES256_GCM,data:XiUkReTJLAxZNWFVeD6EiOtUX5tsyPLFi6QyDBdHyB4v5/mD,iv:QppdtP2CFDEVhlrmDJKYBGc1zYGJvpGYxLfsBAMxDSI=,tag:jzMSFRit+aBzWMkaa3+5hA==,type:str]
|
||||
cookie: ENC[AES256_GCM,data:0jqSEZloX2/c8Zg4WTKkLw==,iv:BKLm1KMoRrH0uO6hPMsv2a7sG0AwNRrdbpmABP4BszA=,tag:pBs+rQIhhNO4Qr6q1V3MUA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:qI2KAyJiC9m+IOzTQ7SFjWnjzzkxvNe6R2yxyK+C/YnEK4JdYqEETIMuqAUQxaSyHjKk9x6kDs3YPC2AyNKf+lc22YoB35Eo5ym+3+GDDPTL4wL4aI4xnGHVLH3JrSFHDyIbvu8R2NLnSy2j4O5Uj+jJmOz/b1xV8zeLbdoFwLgZCbcxvqkIwMlJdDGjAtjEb8eDkjtVzSRSPXohgYgmhxKZyA5/7c41e+/X6RIsHHeOD+Ppz5jlYAkRrsvAxGTfrMN2xTZopxc=,iv:E/8ys6ucmmaKawqrgumJdjTsC17F7Y0RgnHYfu3RIPQ=,tag:OZM/HG88gyF9TZXwHcd3nA==,type:str]
|
||||
open-webui:
|
||||
openai: ENC[AES256_GCM,data:8CQLvoDuGtQ7PN+1SOmXF48dV/G6fDOiu6olkhSbWEjYcNO4VVmxtHw=,iv:rKBxOTB7/LXfXWVrBFBJeyn43R82oBYCxup8OzWvzKk=,tag:ByoyMizWc9Lpnt+ciYcszg==,type:str]
|
||||
webui: ENC[AES256_GCM,data:G0fniAii8asP+NNTinHwrScrFVkFacoci6BvA24=,iv:ADQVIuf60eTDMwW7BAsfDhoTtsFKF5QDLsDkPAQxFBU=,tag:5siIJGNEa11EeHlurk1h5w==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -36,7 +39,7 @@ sops:
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T07:22:50Z"
|
||||
mac: ENC[AES256_GCM,data:f4fultak/52Gq6nn1hJJYw3AMeuR3J6gcxtPDG/WKkNV+B+gtabWp5R8J8wLWFJ4C1ZsGHDYMTvTfSUlDVdm1dGpxJtFzdfoBBdajj8s2mju6nMQUFoNFRmHDZEQBdIzfXpob1+7Rsr+bBmg7HnFvjR0ozuaQP9QHsHEZxJVbnU=,iv:xh4OIom1TFgKralXw6rrOR/1xpD5SpY2tHfJUq6v41o=,tag:0QOtWN6DcGf3/gorusbXtQ==,type:str]
|
||||
lastmodified: "2025-11-06T12:37:57Z"
|
||||
mac: ENC[AES256_GCM,data:7iy/orIRUCtFhTaHdskIYu7b9a3uqM4xz+2hRSAvJ7HeKEWFcgCOhE8t5jPkXTi8gMciw/I60015k+GF/mY7cK2Sa/HiWptGwhKAr1jNF4LgJN13eG+7HLQ7Y2SopAzVV2+j0Sit7gsg8x+a1hR/Xi6OBu8ecjyW//Rcelj/Lwc=,iv:F82F+w7BRO3ubZjzV2TU4d0pqbf9d6gUAEZ5YOzEQ1M=,tag:TKMi/mHSqtVv+kvhRbRxmQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -12,7 +12,6 @@ inputs:
|
||||
mount.btrfs."/dev/disk/by-partlabel/r2s-root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
network = {};
|
||||
# uboot 起始位置 0x8000 字节,这个地方还在分区表内部;除此以外还需要预留一些空间,预留32M足够。
|
||||
uboot.buildArgs =
|
||||
{
|
||||
|
||||
@@ -60,6 +60,7 @@ inputs:
|
||||
];
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
xray.client.xray.serverName = "xserver2.vps9.chn.moe";
|
||||
};
|
||||
packages.vasp = {};
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
|
||||
|
||||
@@ -8,7 +8,7 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "cascadelake";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
static =
|
||||
{
|
||||
@@ -22,7 +22,6 @@ inputs:
|
||||
services =
|
||||
{
|
||||
sshd.motd = true;
|
||||
xray.client.dnsmasq.extraInterfaces = [ "eno146" ];
|
||||
beesd."/" = { hashTableSizeMB = 128; threads = 4; };
|
||||
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
|
||||
@@ -1,13 +1,9 @@
|
||||
wireguard: ENC[AES256_GCM,data:B5YdOhpXruQY1Hqb7hpIyPZinSNG+Ub/jE2/hiwZT2WCHjT6Ujz/W8eKbuk=,iv:XcfZb34SjYEsxvo6HEGCd7wy0dsrNIEJ0bORznZZceA=,tag:uFlbepSwch2wJCRITlVNTA==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:tQLfvn0hrvdMx1WjWreSU7PwWhLFE6cyesc8EATRG/HiXOdmOo1Yx3n9VNywmzSdj+zKXcagnsRLX7/MsFJqnifNZ+2+L1+eMkSmP+J/ia3gwsJuLmh3Knn74d1njya59lJvSlGLJGtxbRdzd/Jx3cSbOVRAvOjLiYI+OjXgmoio8EmvL9XizVcFyOeNTG9IETSjygmCg1r99Mss0aBfWl7aTQmk1WHeEZFauS1PF9lrtEjoB2GeRGIEshW2ruecM3irDhxFNS4=,iv:SjUiLHoh3dvoT/fOuwKUSKvIm71ptZH6h0HQeNw5Lgc=,tag:/wW+LdccRODyZ0QTnxvW8g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -27,8 +23,7 @@ sops:
|
||||
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
|
||||
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-10T10:44:35Z"
|
||||
mac: ENC[AES256_GCM,data:lfckL0SJXq+eY3d9SUHihE4Alp6VAI7ugoQygMsphi91yvmAZ1YBbrTVxjzQpL1dT+7zhOhzE2dTqCLXUl1gjbYYo1S6zco73EdU4k/AX3LEAhCJCxG1LVvN/Kf+XoMSauFM7z+E8zZJCvT9/Jijxy/Ty/XBoP9z7gmpQSuRntI=,iv:5hVa0bsv3B9/I+BSxNYOYHFRnM3BfP8GvhlM65lWLFo=,tag:gs2NOe7h6AqYbmCBUMd9FA==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-12T08:54:25Z"
|
||||
mac: ENC[AES256_GCM,data:FqqrUai8MNxO6gPQnRNqoROdQPiPnh42ixQgkWJxeBK3dnvNGCNAWtfUopnup6Qo0TcmAEQ38rmYFZbGlFLKMon0atov3tFmyvIAbOhHDnWxp+bTGDJJjw9Xs3vd4Yukd2ag2cgyS5hV9xO0N825oT3mzJFo6g8CukBLF3BH+kQ=,iv:3sfhIcSNVZsPw3tbyOjNi04NWpV+Nunx4i8d/RIsXtE=,tag:03Kx+HQ4uSR5QxBlBqc9Dw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -7,10 +7,9 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
static.eno2 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
static.eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; };
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,9 +1,7 @@
|
||||
wireguard: ENC[AES256_GCM,data:D4ukKVu4yn3hS3AZJqt3XTgZNbt44Vyiu6I5lCNw9c/VEqXBx3GDlKdcVPY=,iv:S1S0sU0vQcTahFI+GyBz1n/0LVsK3ImFDuLtuQxmgik=,tag:oZ1NWOCcsRb+kjfq/LcL2w==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:s/mcjWKxEp8f6OgAUqkHg8IHA/coBtht20pqSdwGp9OBRta64xyzszeS6o8uW1cV65vm1qQR9XkC7nmBx7F9RAZpMwEYh3anAfzWvL1dd6nNl9NLaz9eqrRGJJH4lyMAmErQRF6epEe2Z0kfs3icsZJ3p8rmWSHjIETFR+pQvepTzLXfz7mi3EftqFxK6o5LXe6t2df7PD5q7x8loB7eu4Qyh14NrklgMifmGoNBsGdIBAiqbZ+3xMt2VgEk4wc7X2ZmBJFx19U=,iv:343e5eRAGxwhb4ITadyKJOcvCnLp5emgz737kBmYlig=,tag:O/cwMZJofSKxMhzFMBV+Mg==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:UxZlTqBDV5K3ywwERYYmW3ymTnioFQ7XS22I8ab5mdeI1TnD,iv:YR+07MWd5E97lz5iwMWjBLhd1tP0okhnodnmbWCVWxo=,tag:97EOKuBMdEm3ffdQuphMww==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -23,8 +21,7 @@ sops:
|
||||
cWpEMWU1TjZKbnFTWm4xY2QwdWx3aFkK0O6p2piq8RKOcSTT49i0pnlt+gOk+QMF
|
||||
r+EJU0zobWwe3PrDg8jjw5HpMxrpDzHcD0XMnVQW0Fd9pn6n4VfpUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:03:27Z"
|
||||
mac: ENC[AES256_GCM,data:13eXFmTRo9lZvQ3+iApHuei5r/OCSCs2gxqEe3nmavQgq1kQXKcD+4ciS/Shd9CJFZrjAu9oRByu5ZeZOnj11u6z3EmnXIwHptMEZe+N6r+Z2uKcBUa/TSJBnYcCrMQ1NM16GXRTi1bwpx4iT4v377lgd1orCa5C10iD6W3/9b0=,iv:FBGi1hSAu0Bz5NKz4mixfbUXbjI725RHccmEO4/jumo=,tag:vCHzTsTV7kJKNapFTxS55A==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-11-16T03:16:01Z"
|
||||
mac: ENC[AES256_GCM,data:IRQxlKzSfCkAYESUDAgmkMAzhOiaqBBQC8ZniMKPM/11VlHGQpV89qB1NDSisdrCqFi9Iu4/iG6g6W/mc39x/V5MLdrQO9G3cGm568KWzh3rBZmD0wlkuCzQP1phFJpeLpg1BLWLn4i0nIWE/ER77pVtV/iA/vOWj0lmDb+GWvg=,iv:AmH3GJjPw9QMa+1utaXkqIfNuXI2qPXUrEVwPF3u1Io=,tag:fe2RiW1r2TAyftPcsuvowQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -7,11 +7,11 @@ inputs:
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
network =
|
||||
network.settings =
|
||||
{
|
||||
static =
|
||||
{
|
||||
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; };
|
||||
eno2 = { ip = "192.168.178.3"; mask = 24; };
|
||||
};
|
||||
trust = [ "eno2" ];
|
||||
@@ -22,7 +22,6 @@ inputs:
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client = {};
|
||||
beesd."/".threads = 4;
|
||||
kvm.nodatacow = true;
|
||||
};
|
||||
|
||||
@@ -1,11 +1,7 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:xoIm26btEBuHjgcIrB8gRHAaEdBq3/E5XtoF0YPxnSHB7k3GWJfAxeL4vrw=,iv:HuOFNUgGROF97beF6C4amspd+NV/2uO6OihNMz23hSY=,tag:YJjFM8mqYOuJEulpVHt8FA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:vDPVgWBFmzDvF98/oJvJ6Yj0rDkkTJGYYRJrLY454fzg4EOyGe4FwR1GgHqFeHo6e1Tk76K3odGiUGyOcWOtTCbEKKIli76/P9KCAY6sItTwc1xsPw540vIZXqFv0/lNladhgGznXKMQ4U9bzKuM+KcxmLlTE2QGJAhPeFox7OQmSYba3ww24+XXJaGWL1fZZaLFABZ56bTggNmY2z+orThg2i5yMrO5TjaGXMcFsFJg7A6HzDCv1TuBNRPTMeiWTYqSDFQGUcU=,iv:T25lfAmdpPz+mWJEPu/NK/2PFFP6jfphYTijjEg5o7Q=,tag:oTNOi81SZnsDEjZVTngoQw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -25,8 +21,7 @@ sops:
|
||||
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
|
||||
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:04:26Z"
|
||||
mac: ENC[AES256_GCM,data:JlAgVoTpT6NRT1gvYQre6N8PzHLxbC9z1E42OM40Qs/nhcjYnsRNPiUEvSUClgx+B2G99S/b9R/wQqovBQFtdRDdlCMhz0ZVgLe48ak74EOYn6fwXy37amXP6doW86wS/N2fQeKhyMiJPHurRGamm+jsUUALohx6p1zm47NWL0c=,iv:oQV5be92oyOj0h6IrEY70VfoJYqEFVMtI0PYEALIXfo=,tag:WlH+fTUlPynhupXpBvdl+g==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-10-12T08:54:06Z"
|
||||
mac: ENC[AES256_GCM,data:XUduuj65erI3cgddmtVLy5PnVPzqMk5y6ikpE38G+QwN+/ZdS5ZQ/FD/BWnXFohH6gk/ClBhS6EJO3G4e1J0yI1HngHjy6SN8Hpe9EmfxrQEyyEGb4/NS0vk0iMDr76nqlb7+dBreYdte/VQakOxvPHlMWYPZZ6oQvfx9k+Vsz8=,iv:uUiaNgfvKz1+5d0GHVFWEeAMM4kBKGON3xmTq8XDVeU=,tag:/3T1+DQHUWuONNBPFavIPQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
@@ -12,6 +12,7 @@ inputs:
|
||||
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
|
||||
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
nfs."nas.ts.chn.moe:/" = { mountPoint = "/nix/remote/nas"; neededForBoot = false; };
|
||||
};
|
||||
nixpkgs.cuda.capabilities =
|
||||
[
|
||||
@@ -19,6 +20,8 @@ inputs:
|
||||
"6.1"
|
||||
# 2080 Ti
|
||||
"7.5"
|
||||
# A30
|
||||
"8.0"
|
||||
# 3090
|
||||
"8.6"
|
||||
# 4090
|
||||
@@ -38,41 +41,51 @@ inputs:
|
||||
srv2-node0 =
|
||||
{
|
||||
name = "n0"; address = "192.168.178.1";
|
||||
cpu = { sockets = 2; cores = 22; threads = 2; };
|
||||
memoryGB = 240;
|
||||
gpus."4090" = 1;
|
||||
};
|
||||
srv2-node1 =
|
||||
{
|
||||
name = "n1"; address = "192.168.178.2";
|
||||
cpu = { sockets = 2; cores = 8; threads = 2; };
|
||||
memoryGB = 80;
|
||||
gpus = { "3090" = 1; "4090" = 1; };
|
||||
};
|
||||
srv2-node1 =
|
||||
{
|
||||
name = "n1"; address = "192.168.178.2";
|
||||
cpu = { sockets = 2; cores = 22; threads = 2; };
|
||||
memoryGB = 240;
|
||||
gpus."4090" = 1;
|
||||
};
|
||||
srv2-node2 =
|
||||
{
|
||||
name = "n2"; address = "192.168.178.3";
|
||||
cpu = { sockets = 2; cores = 28; threads = 2; };
|
||||
memoryGB = 496;
|
||||
gpus.a30 = 2;
|
||||
};
|
||||
};
|
||||
partitions =
|
||||
{
|
||||
all = [ "srv2-node0" "srv2-node1" ];
|
||||
all = [ "srv2-node0" "srv2-node1" "srv2-node2" ];
|
||||
n0 = [ "srv2-node0" ];
|
||||
n1 = [ "srv2-node1" ];
|
||||
n2 = [ "srv2-node2" ];
|
||||
};
|
||||
defaultPartition = "all";
|
||||
tui =
|
||||
{
|
||||
cpuQueues =
|
||||
[
|
||||
{ name = "n0"; mpiThreads = 8; openmpThreads = 5; memoryGB = 216; allocateCpus = 43; }
|
||||
{ name = "n1"; mpiThreads = 4; openmpThreads = 3; memoryGB = 32; allocateCpus = 12; }
|
||||
{ name = "n1"; mpiThreads = 8; openmpThreads = 5; memoryGB = 208; allocateCpus = 43; }
|
||||
{ name = "n2"; mpiThreads = 8; openmpThreads = 6; memoryGB = 432; allocateCpus = 54; }
|
||||
];
|
||||
gpuQueues =
|
||||
[
|
||||
{ name = "all"; gpuIds = [ "4090" "3090" ]; }
|
||||
{ name = "n0"; gpuIds = [ "4090" ]; }
|
||||
{ name = "n1"; gpuIds = [ "3090" "4090" ]; }
|
||||
{ name = "all"; gpuIds = [ "3090" "4090" "a30" ]; }
|
||||
{ name = "n0"; gpuIds = [ "3090" "4090" ]; }
|
||||
{ name = "n1"; gpuIds = [ "4090" ]; }
|
||||
{ name = "n2"; gpuIds = [ "a30" ]; }
|
||||
];
|
||||
};
|
||||
timeLimit = "48:00:00";
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
xray.client.xray.serverName = "xserver2.vps9.chn.moe";
|
||||
};
|
||||
packages = { vasp = {}; desktop = {}; lumerical = {}; };
|
||||
user.users =
|
||||
@@ -86,6 +99,9 @@ inputs:
|
||||
"zqq" # 庄芹芹
|
||||
"zgq" # 希望能接好班
|
||||
"lly" # 这谁?
|
||||
"ccy" # 陈超业
|
||||
"twr" # 唐文睿,吴猛的学生
|
||||
"lsp" # 李书平的不知道哪个学生要用
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
@@ -7,37 +7,29 @@ inputs:
|
||||
model.cluster.nodeType = "master";
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "skylake";
|
||||
network =
|
||||
nixpkgs.march = "znver3";
|
||||
network.settings =
|
||||
{
|
||||
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
|
||||
masquerade = [ "eno2" ];
|
||||
trust = [ "eno2" ];
|
||||
static.enp58s0 = { ip = "192.168.178.1"; mask = 24; };
|
||||
trust = [ "enp58s0" ];
|
||||
masquerade = [ "enp58s0" ];
|
||||
};
|
||||
nix.remote.slave = {};
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node0-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
};
|
||||
rollingRootfs.waitDevices = builtins.map (n: "/dev/disk/by-partlabel/srv2-node0-root${builtins.toString n}")
|
||||
(builtins.genList (n: n + 2) 3);
|
||||
};
|
||||
kernel.patches = [ "btrfs" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
|
||||
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
|
||||
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
beesd."/".hashTableSizeMB = 10 * 128;
|
||||
hpcstat = {};
|
||||
ollama = {};
|
||||
sshd = { groupBanner = true; motd = true; };
|
||||
speedtest = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
|
||||
};
|
||||
};
|
||||
services.hardware.bolt.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,34 +1,31 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:TEi3LAZA0BaPxeXA1yFMD6fQPRKSndVyAzNycCD/5CYXmNVyO7zv4o23ahg=,iv:tEKFPyuqmpsWf0vDoSaw4Ai6S5DzacZFA4otNgnknxY=,tag:qZJzr/Yyoex2hDfVtT6nYA==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
|
||||
hpcstat:
|
||||
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
|
||||
wireless:
|
||||
#ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment]
|
||||
409的5G: ENC[AES256_GCM,data:K9wm3zedoil7jHgTcb+VmbdbkG2dgrMdr3BmDRUHDVADqLANMvnUMSecggYTO4HaiI9q6uv2/BSkluanD5K4Dw==,iv:7dGET3ULKlnaDMVmkuXDek+hQPLZ2VUbPqvEOX+5jlQ=,tag:MBGmQ0NNNqX+T9EsBiWCaw==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:9S3QK3lLT59GNhppHc1IoC7bN0mntbcQIZmVjtxOpQxzJDJQ63jBCfoupyfjmW3JCpWSWtelZ58VPeTOHZ6NXr2xJMitvqGAiJzsd9ZGYvlv6+OR2swXVyDMBhcQpU+1ui/5zEPFDWIxRMIoIJL3VO9la6gxHQY1st5p2REh3VpSu0R/b1ormlmSPyRtjCS4LlGpXF8FnHilE9wOLm6AhtGhq5nAHAwPCj/gVpDNI0Y+88shBbNTRG4ucXsEX3S/+IgDLElB7nE=,iv:nEa5NMxfi9rc194TMEldAw1E7Bw24qM5htVUerd1nNU=,tag:A8GB/LFeBNyAq7MfpSFaQw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
|
||||
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
|
||||
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
|
||||
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
|
||||
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMmhpYzZ4eDJuWHlJMkZW
|
||||
S2RZcXorSm1PeVdGdjBlekxuTTh2c0Z3OFI4CkU3K3FjdlhnMWpYRUI2Q0w4bFV1
|
||||
bkQyOXVKdHlMRUJrMEdlTG1KMUREK2MKLS0tIEhhd1Zib3I5cW9ZODh1bmcrcTR2
|
||||
SHdEbGcwaFhrMG83R213cjVzb25XUHcKcxYocTTMZw1V3o9pA1wAzmoHsMCmyMUh
|
||||
Kk5PaZ9vF5IDL2H7f+OI1G6C1tJmgMWWbBh9xcSNv+qF/ydDuo4UIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
|
||||
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
|
||||
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
|
||||
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
|
||||
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ0EyWGMxdEo1RUE3L3VU
|
||||
ZVluRXlKcHRoOWI3bmRSbmNqcFlpUlZ5YjFnCmJQclRtdm5CYWxvY3VUSUxIaGRy
|
||||
aElNUXAyYklnS2Z5SkVNR1JXRzg4RU0KLS0tIGVPQ2J0WjkwUWpoa2Z1WWNCTUJG
|
||||
b3JKVnp1ZnRLcE9ocU9McVM3M3d4UjAKdu8xipFbNbIoYEcatUAUFe36CzP2E2HI
|
||||
VSfPQWmRmb3/jF22b6Oy2B1DmDDvJ8T6+zUcp8J6C4Mln9oZj6dAZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-12T04:13:47Z"
|
||||
mac: ENC[AES256_GCM,data:W+e5d1scvV24AdVdl7Pisp9HxsXQ/tPjN2NV/Bd0RXZNBRB7LNQrSfk1GadboBnihW0ctAQOFk66PZsxwE2czfFL2/yzFxm9Cf11Mc822ZL3BwjnQBK4uR9LJrbjL7x1lFUk9v0AIPhjrir8F6dcX8mq6++hHNN0wjGaH3J9E0Y=,iv:RK7e4Dxog+Qsgk6gxK0f8PN8oF9bjWIrTyYK67Cdras=,tag:QSKsETYXbhnvhhjavP4UiA==,type:str]
|
||||
lastmodified: "2025-10-27T06:32:42Z"
|
||||
mac: ENC[AES256_GCM,data:x3Eod0i1X8/xee1DpHMzAqqEi4RruA+s1yrqOcH5xdWBZf3aosXGHvR/4+ev6enZ+HsuUOfN9dtfP5vMFSJXott+5tgXDL1hnk9x35dvMjRs1Q7VnOj20nWT/JUziz/2QgZQ5Y4Tfi3wq127GvITFn574LBKS76TqpLkSH+GUsQ=,iv:cxLYUKjJSJD6IigpmWZwcQNNolIYU9K0Go6WbewmJMU=,tag:lqC882yz/E4BvO4y9yz/yw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -6,21 +6,16 @@ inputs:
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "znver3";
|
||||
network =
|
||||
{
|
||||
static.enp58s0 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "enp58s0" ];
|
||||
};
|
||||
nixpkgs.march = "skylake";
|
||||
network.settings =
|
||||
{ static.eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; }; trust = [ "eno2" ]; };
|
||||
fileSystems.swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
beesd."/".hashTableSizeMB = 64;
|
||||
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
|
||||
beesd."/" = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
};
|
||||
};
|
||||
services.hardware.bolt.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,30 +1,27 @@
|
||||
wireguard: ENC[AES256_GCM,data:zfyNpCZ2EhQdsz+/vknjtbT1vMLebil1tarIcxLoUQ3J5XOKTCQBay4jBL8=,iv:tF6I5HHhDMfoGAfrtkmvrlqsSpX9YZL8dtzxAgBCp5c=,tag:DeOFwrIGbwVtf42iO1dm6g==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:0fOvjy/b+87HS+bcNENY3jfxcxMLcjeQh/hT5HIUG2aCiTLbsmlqXTR9j18ZwcKAAEbzzDSonpPmQv/kGeMyvk9B4Q0En8FSdBaW5y5HQVLf32KlSoq8+MBRPTQREcHHMDZ/tQw02aAdq0jvYpHnFIKiqOZFfGhKo2oS12wxlR33n+zwqwyBu5quN0ynbwG+BMZua9uJrlsfFe8ttu5BHzl5xdCTVzmJ7vV7H1K7lJBwlDF62Rn6zsQV2uGaUew1ScephX/KC40=,iv:eA6YLGY+d4BldBAsqFsrrUiTY3Xa7eJ687C3gS7ofG0=,tag:40QXjFYc0ht7/OuIPDo1Wg==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:i87JKtJD5CEcGioPILKgJKyDpBX/o56XFBwD8WCBfpoevt6F,iv:KMtg7KqO5q+SYossPyE7tF74vZ3yg8v3u+Q8F63hvxw=,tag:10VBfnyAfB5NkdL9GAX66g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndWFBbXpxRlI3bmc2VFJD
|
||||
Y2hLK1RobnBYVEd1SXpiYXc5Wk1Ia09UUWgwCjE2WVZySnhXNzBtNGdJak9lbjE4
|
||||
dEp6NnNQc0dNNDZsb3Z4ek9zVk4xeDAKLS0tIGVLdDBxOVZ2ek1MN0MwTTlwZTh4
|
||||
T2VSaWx3UkxpZ2d6NC84djNpbGZUYUUKJHx6GZcnJpSoPE0HFvU+B4CsNtrcg8lx
|
||||
LGaLYmciM87kXY1enOEzDk6px9GX9hFy6/73XBJVrIU0OC/w671vHw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTzUvZG5PRzNzZGxTZkhm
|
||||
N0hDdlp5S1p4aXFFUEc1d2RoUnVEOER0R0Q4CmpSTjFVa1FDQTYramRuS1k1WUFl
|
||||
VlBCVFBleU4wZXA2ZFo1aEplMDl0Y2sKLS0tIEdmcnlNWnZtL2NhVU91S1ZaK3NY
|
||||
b2R0MHI3aDNvUEc0TVRqM3BjOGRrSHMKD2SxfcKoxeuzF0spG3qt/q4D07JKK54o
|
||||
+lgLCs+0A2cCHebxbeFPSRpd0kK1fY9O8yUmMPB8Y690mQPaNXOSQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUHUrcnoySm9CcVJCdXRk
|
||||
YmRzQ25mOFJBQjFtS01VWkxUTUU5WUI5WUdJCktLSFM3ZWl6N3ZUaTVpdWdNU09y
|
||||
RTFCczNTeHNhYzNmbWtjNTdOMW9ITnMKLS0tIHFNT3JCbFB6K0FodTJrS3FtRGVq
|
||||
c0I4VUdiZytoQWRsUUhBVStDR2VPT3MKDkDQ3sKJjotYUfoBWF85t3LYtz1OVFws
|
||||
2IdtJBHISb5j3xnAs/UUHDPzjUUsgb+sTHm9krQy3LDuELNY6KGMPw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMzZXdjhISm1ITGdKeFNn
|
||||
eHBrVDJXVzk5a2gxT1NDYVFEKzZHSGFONEZ3CkFtekZUQ3BPQkpTUVZNVUJnSGZZ
|
||||
dFhKaENwd2xIdTF2aExNcHloTnVlK2sKLS0tIGZOcXpEL0ZVZ3BWeVhNVnRKb1U3
|
||||
ZU40ZzNDU29HeGtMMVhELzBGMXZZVFkK16e15tjwN12BYnGutnGBWIs2KBCkOJww
|
||||
wdgC+3aRnGjfb0Z8Htf8qUCW5omixcbaCmMoGmGsnkx1Agfr56qQ3w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:05:21Z"
|
||||
mac: ENC[AES256_GCM,data:aPNsWBi4sm4UhX1qpk412eYNCZltKkRMWWgopZw6mjMLSOSb6E1yi8NjRJMj04RpE2XoVCkKP6R5Qo0I95wxY5qZHJuUp/5srqjAf/fHWz1QmXThogaMzM2jue7+NHUSQXrPnh0ZspXD47HyxMUOhlnewZ3EfOw7B5qKAYR1f6I=,iv:mnwtf0B7x5AbMzivg27zqIkhBdkDb5qq8eDBCGMdK0c=,tag:PCtirta++gCSsQsQo+bSmA==,type:str]
|
||||
pgp: []
|
||||
lastmodified: "2025-11-16T03:16:19Z"
|
||||
mac: ENC[AES256_GCM,data:SvvHb6EPAkt96DprqDSTKIFwshSm2rxGtFmpB+q4l9ZUu1uCCVJM1Gnxaogxiwf1CAk3+I0908/vRp9rwALcyZdM47VJq4MST2FFmEYXn1109jrQCW1EgkXnMBJwP8ywe2JLlyRpPXcGJfC/HPuKMpyxts9EEk6TnEsdrEQFbwE=,iv:mb7ZqFuaq8xee2k9nw7zdW05puOuIdsTq7alkn5V6Ts=,tag:6ZsbryE20u4OEtUMVD5dDA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.10.2
|
||||
|
||||
30
devices/srv2/node2/default.nix
Normal file
30
devices/srv2/node2/default.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "icelake-server";
|
||||
network.settings =
|
||||
{ static.eno8303 = { ip = "192.168.178.3"; mask = 24; gateway = "192.168.178.1"; }; trust = [ "eno8303" ]; };
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node2-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
"/nix/remote/wlin" = "/data/gpfs01/wlin/.nix";
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
beesd."/" = {};
|
||||
lumericalLicenseManager.macAddress = "b4:e9:b8:fc:9a:f9";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
27
devices/srv2/node2/secrets.yaml
Normal file
27
devices/srv2/node2/secrets.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
tinc: ENC[AES256_GCM,data:zz2sNzrCiqUvyccyhG7hzpF3E8RMdWWdIW98j4Kw8rSGZEKtSkCX/YDibTRSOIuSn/hX7P9FqKgoOgKhqQcuh2gsRjaZSbccMhc3NqOXujL5y586PD9xCk2bUXDXzmRiHx8oiB1rOO86KQovfevl0yGtfpDmkuqt14OXNXvrVoCA4ChfUVwy0Yw53JlQrXl9ZndRvP6pHN4esv9UmUxrA8b//hFyJHPzSKiIfX6NGx+htH0P5UUSxKomYNqCrrtJG9RoXSgo2Go=,iv:jy4qmcl5QDaA6ub7/vHQpgiWIFj4tw0IKxGeg40W/E0=,tag:g6+jb5fInKukYWvIekyDxw==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:jPo7ixnm8KnAfdC3b02qGrts7/0nc0Ahizj0EkFa15b5zr0F,iv:S41TMqOH5mqhF36B/ouMfCjim364LeeGbDnwQYiP4Po=,tag:aoC9JOZjtbduEMFijvDprA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcEVHTVJPT3NtZGdPZDl0
|
||||
Ui95UlU3djhwYnNuRVI2OTA1WDI4aHFGTUFjCmxGWFZWUnltbCtWbzlVUVJxVjFh
|
||||
RFRGaHlzUkVHT3VoRWlUOFhNNW96ZUEKLS0tIDgrYkRDMEw5WnF3TEF1bWRYaWQ3
|
||||
bWN4ZFRTcEJ4dWFObzk3ME1vRlBpOGMKnZZJT6NiUEIHemSxd1ppqTxnHRRCiO7J
|
||||
r4smy21Et/E63WE6fvfzEltXb6Wlj+/ZUEMHUhyB6nmUa4udtTwQmg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SmdEYkJneTlNY05hSVVP
|
||||
VDlhSGpWVzBMUVVNMWMvSDhqdWNjcE92clNnCmlJd3pMTFVZQ1pwazFWK1EwUlJU
|
||||
NWs0bE5raEpiNjRCVkRzZTRTb1M5YmcKLS0tIHd1Y0JuTVBlWlF3OER1d2F4YmVS
|
||||
bkk0ZWpobXh5dnFteTVVamxGT1RUblkKLU7cgLazHAzsstKjMW2GvwXkfNOtPzx8
|
||||
QKIIM0rOXYUsDUQozrxRu2SChCJ/zkAxeLm6rvD1JYVMcUfuswCRlQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-16T03:16:36Z"
|
||||
mac: ENC[AES256_GCM,data:0T9DXFvsCdDibpxBVX/GIkziEf9vR6Aic1+vIZFVPUkWCBa4/X7u7NF6Aeul/oIGy8WEH6EwyvijkFiHi4gzCoqetdHGDLeYXkBxarpSgUlcvcVbgd3EHsLJ2nclK7VAgrAu9NJpuXbiLGDl3IJyuW9qK2tzc1/ZfJHglpgyEh8=,iv:90D1aDIy8pI2MzeaZ+OwmKB4r7O2O1sibg4z7gAz6rE=,tag:mjaIC40oW5JWdlUvq0Ea7w==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,28 +1,27 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeDlnOGlTYlY5a2wyaUxo\nSk5uaFVQWTY1Q25ad0NkSTQ2bTZEYU5ibWg4ClpnM1NLbFArUEtndjFGamgwdDBF\nWnNMalNRWWhLL2V3S1RWRHh3MGErUUUKLS0tIGt0MGJ4SzNDTWZNUHM0djFDSjdo\nbDMvbWRDVURzQmVWdGFQeDVWQmN5Q2MKBpbH7QXL1sf0c7ix9yd2r7vEBScixvBM\nom1tHgJmwxhep7DSyvjg/xslag7U2vF69gPrcAlnAndZsLCtsYdvyw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWam9aNkYxcEpURHI4N1lr\nOWFrUFA1a0hTUWNJM0FOMGNqT1h3d1dzRmlJCm9lOHBWRlRqY09DTW5oSmZtREtv\nUVI3aSsyWXczYmdRTG5VRWdCVFd4WEUKLS0tIGNjYmJDOVZKTjlENzFGVDJVMCtT\nWUsrRUpsM3dvQ3NkZnordnJ6djF6N1EKF53Up6zSFot6i2B+UO3H9NeFeyVA/R+X\naH9SuT+9Wox1lxDLhG/+S28tE4IyXZgbo+12sreQ3TkGslfxTwXTUA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa2Z5V0VPRWhYaXZ3STBa\nMWVsS01CYVBzeHM0T29pUWtQYlVyWCtheFRzCk5JYUpqN1cwWDFwUkZ2Q2xkL3U5\nRlNpMTQ2QTBQZFdYMmJIZjdnOWNjalEKLS0tIEZZREZPVmQxZ25MaHlMZ0VuWExT\nR2dJZ1lWdGt5dWNIM1FyQ2dZV0dlTTQKhUnA3pnoXb18/b/Jzyk0fC6GnmIMmYfl\nVgzCoCDSHNSvW/qUoT22hJfZCMFvIzOHEpmufMHCecZdisUozfWFuQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUW1uTUpHT0dOOHIwVTQw\nU0pzUng1RGhPNXcvMU5xMlZpMTFUaTMvNEdrCjA2MEt0aGVYcEhwRm9LMFU1eFc1\nT3RVOVBvSEcrM2hCMVFQTlFCeE4zRzQKLS0tIFhKT0VOVVgwQ3VCUld4dUc0ZXB6\ncUJDQXZWbXpoQWNQTFM5TGM4VEhUajAKMab/tG8ol/s/LjT/g6q9tmL6GOkMdh5C\n9rbkUo4YhLx8ZnDGfD+kfvyr4E23E0Y5uOs4G/VFesiJwDziWchX2A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYnBaYmprYTIySWFnOVhk\nTThHNEptc2luWTFxSTBBMnY1Q1FkQjNBaWlBClFRbWlIdmRRVnZ0TGJVTlhNRHN0\nS1JZZnJLU2xCS3Q4ZTBDWU9ScnBtOEEKLS0tIFNCMmtDd0VJR0JucUJSZHo3dHZl\nWm9ZQ0dOamZvSTNQNW1uWW85TGxRTWMKKm7NdN69Q7F+KcR7u3kTxhQuzikGUdEZ\n8AkowBgHRndxNgdC6wYV1VeqEkDxXqR/430+EQS0jQQrIXpuXkCDkQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDblAwYkhXd2xJaEJQYzVx\nWmZjRXhxN1F1cDAvcTFGSW54UWs4a09yaWdrCm9iZ1NPTmN0ejJvQyt2UWhaY1BV\nUDhZWHNuWUNvVGZ4eGVNS1lnOHlnNE0KLS0tIE9OWGVRMUNObUt2alFnTmh1eEVH\nNzg3ODkzNmRYYndIK2xXR0pUWTB6Z2MKj3b0sJI7y/QhvBjQbAg6gpBFszuGUuvq\neBsTeiuXJdyZru54qOJ3k6DGAnsS8lIYptwpi2jC24ebwG3QSpGjzg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTzgwUXpjM3Z1c1VvdlNL\ndTdGdDlIcCtMVHJZeGs5ZUo4L2VNMUxFakNzCloyYUFLSDFHSjVhUzRoZWlPVFdS\nMWI5eXdMdGw1d3ZwcFNiNUZkSmxuZ2sKLS0tIHdsK1oxOUVMbUNxZ0toZlRsN1N6\nMUxNeTF0L0lRc3BnUExob0ZlaExVb0kKW7zPqfYAw8/RsGNpVBFhnObjfgqgxdkC\nEVQQYduAz+FkIdsN5/rrleyacbpCrEQcSTVTXpwLopoL/ukY1i0p/A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-03-09T07:59:38Z",
|
||||
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,19 +21,12 @@ inputs:
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
fail2ban = {};
|
||||
xray.server.serverName = "xserver2.vps4.chn.moe";
|
||||
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.nas.chn.moe"; })
|
||||
[
|
||||
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
|
||||
"photoprism" "nextcloud" "freshrss" "huginn" "api" "webdav" "chat"
|
||||
]);
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,45 +1,4 @@
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
|
||||
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
|
||||
#ENC[AES256_GCM,data:4Y00hDJ+8Hjq3Q==,iv:XWZYNC1T5B55B43tcuzzvOOFtHqZJ9XDuEaYQOO5cR4=,tag:5oNFsqUtSiv8CY6aHyGjNQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:MRMdc7LRYqgRsfKKW6LnP14g3JoFT6g7jzkXW8gIAeqypyoc,iv:tfPBD2FkIljz3xasYNJsj3vh2lEObrvSZ95FyCgWcTs=,tag:B1PQpyX24DqrPscL/pjZmQ==,type:str]
|
||||
#ENC[AES256_GCM,data:gGd3kkNcyIwOXg4=,iv:vILDvtdvopPM8lZDDpedvtXYHpoPvPn1A8AJca41r9A=,tag:2LMImcmdyPKsQDloq7041Q==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:+KUVcqy18t6Fd+QNgB5DeZkNSA6lsjebO+xnzxzIjWuZ9UmS,iv:qugbmBv9jk1yfH2s0A0jla0DR3jkdXLVUeWGcj6v68U=,tag:4FUf/guDzPqgDcb1086WTA==,type:str]
|
||||
#ENC[AES256_GCM,data:jCgKe0t2xQ==,iv:UE48L/JpobN6LUd6Z9RlsUGSJ1sHHgiL6xj8lPztwJc=,tag:xnwWLQm+GIUzsfBO/TXhrg==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:3yrdvbcH/ToAQpTLppSVp2FNGjatyBInKP85bAY9OrEtzhhQ,iv:4zvb1nzKjrCNWWKelOnDhsNBAC7Ak6ZpJlvQKqGJrgc=,tag:dBOTBJDJhJsKHKg/vGmpxQ==,type:str]
|
||||
#ENC[AES256_GCM,data:2ptsDQ==,iv:dEzyk6NQcFZQPx8h/ViCqtRaQ/8dfMTVKBq+iguk6nU=,tag:11SLIAhtcHja4G9HUXr9Ng==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:NO9rpzFkySistf9++oXpo1tBaa4XtPtcCGR+2IWmhQYEH/l1,iv:OG+U0avgo9mjmU3soxRNL71ZC7Ee4ijpsJMRn3jYvhw=,tag:QuBFX2KHgNJ+f3RwqEH4+Q==,type:str]
|
||||
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:Ie8M385wtRx8bWIdCupnda799kL0OLBsWdk9pHTY7IxxaZbn,iv:OrRYOkaC9uI9E1Eb8GYqmYr9VAUM895oO8NSdvxUPCQ=,tag:NZTUE4KnUjhg/auoALavTA==,type:str]
|
||||
#ENC[AES256_GCM,data:Wwq+ypJgx6OcXA==,iv:dSvFz4I5tFx+ZVClxNGKwcbIQe7OY43OzAhqRiDK2TQ=,tag:CYUs1cJ/zqc+Y0yFec7Upw==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:2GyFDXIiAN3mTobwnY4czV2Egoin3B5Ih+aet3yT+krPTkPq,iv:NwrzO//HXwKMudgD+yK1hsj9o71RG6BfBle3logvuLE=,tag:WWpioPsnhHvVSrzAmN16Sg==,type:str]
|
||||
#ENC[AES256_GCM,data:vVz6E2juGqXS1Q==,iv:9itEkwMsW8cqSzwV2EZtgJVgaW7aJJ5fw1rLuKFwiKM=,tag:9hRADkot8kELoYAgd6Dz7Q==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:HgSVrry+nKGW9X9N6h8hsI9VETKtSEi+/ZC9QvNZW4zETQxt,iv:ERgmCDPBpboA/+Sxeq6BvWoMxsv3Kkczqb/mbXz9pOk=,tag:bklzRg9toKy//6T8xdtbRw==,type:str]
|
||||
#ENC[AES256_GCM,data:2sHxXec=,iv:aA61+cmDw4rHab7RuRRK3eUDx5d6gpmfw4RpQ6Nd0mc=,tag:H9kovJyn3Te3ir9X234VGA==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:CqrwaZp1fHd/WEGQH3xWI8DZ2/AavCqwTtwZeHmnrct5yoD3,iv:IBOHGQlw+uQt8Ryp/mCDcglfSPNXvvHOjNnrT+7nOHQ=,tag:tEkGEtPaOBK+P3LrQzOLsQ==,type:str]
|
||||
#ENC[AES256_GCM,data:Rw4BWXZutQ==,iv:rXe2i1G/xQkpBl0wh6VIzaNoidCc3JL4sy6v5hcOF/M=,tag:2tZyH8B0ZL7XptKHk6TcAQ==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:CsbquwEn+iOKCzda8z26FYk2i5aPk2xzqGIYORiD4lotvnFE,iv:zHPmlT4LAc6NDjXrExze23dZZFIj0c1eR4WW74cu+qs=,tag:5MDFrZNgv54mK05ImSvpkw==,type:str]
|
||||
#ENC[AES256_GCM,data:vqYkwGVcQ8yZbA==,iv:1ckVSiAgjuT/K0MuVHe8D2hHE7X2qxCHpb+y6nrFCsI=,tag:so9oFl6bXlJT2O+prplazw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:KUraqncs8iPr7z+COfJ1z0TLNLlgctxy8FCav95+kkVXtStx,iv:Uv90bnVmmQh6f9pKOWmEKCul5VPxF7rrQ9GYrsCGPp8=,tag:I0r5o8xIYuq5/MIXSOHT3Q==,type:str]
|
||||
#ENC[AES256_GCM,data:F2x+2zrePYDkCA==,iv:aTMeqvGVI43xLsN9submgciiJEjY4hYypJ9RJLIBYTE=,tag:quKW+MATVzRw1bda2jGjdg==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:BjnUUnNyqUvvPbfa1CeYvcVbMOwz6/Em4YhxRgmlicOSwro+,iv:LULwzjV5PRihTHNZFJ21IrDG3rW3qX4CYwF4Xu1KdZg=,tag:pZAI4OEx24d6h/h9JyQ/hA==,type:str]
|
||||
#ENC[AES256_GCM,data:aka1O9hn/dZX3Q==,iv:rWik4cYtHY/Z3xQ0p/i49zTXVmKEQDV4OMn12UaQr3Q=,tag:hPm4bugH9RAtsykj0BJ0Pw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:URZqRUDtG5FDrZDsmI7CFn4ilp97GJtgaVVB+j0dRUdtVGoq,iv:iUkcr6Oo29y5PIGF/GJRltn5DD19yEcBIsJAaYs43AI=,tag:gzSsjeQxvjvfFVkDHPkfvQ==,type:str]
|
||||
#ENC[AES256_GCM,data:JkMniTrakuonAA==,iv:V5KmQL+C5O2mb3ktlm1ITjLaa1NxToQlyToqYbGme9U=,tag:UTZm05uyb5j0Pf9vuxyIxg==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:fFtnkBnaOktHaIfk7dN2U73UkloToiLvP3Pg2VAqPzvTE49h,iv:DZrba7RWmaeOQsqh3Kq/IuFS9so5u5ItK5WwV/65FYE=,tag:v+pOozYvrJJIsj7A/a3S/g==,type:str]
|
||||
#ENC[AES256_GCM,data:gR0WsUYdBZBWjA==,iv:rnXZQaDNu+cEzneEa6/2pO+qUXl/fut8FJ3n90A6ATs=,tag:azNGPfWv+ZgOU/B5PMCVZg==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:S8VSoBIR/RqwctgYPtyIPEK2hXLr4LZ/jJvvFHA6CGgp9/Ff,iv:8eLCZEaiquwZyswwLkLoJcl7UPWTVYmQqZ2egAGFWWM=,tag:VgJiSt8eRcRhppMXkAkmKg==,type:str]
|
||||
#ENC[AES256_GCM,data:vWW1bNyENgcspxI=,iv:xXCrjHyxVtodkVu/wgy1OrHGGm20nEd1iyparWcycYE=,tag:FRu132btquzXkiLXlnq1Iw==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:Wux6pzwor0B1A9d1y0QEpcNnYn1pObloHxghSONHcsQ266/7,iv:jWSuswV6vTQdL764I/zxFC5gkFOa5Qwj54rggmmZX7I=,tag:4hmqBTn0T3a6Sjt9lofwbg==,type:str]
|
||||
#ENC[AES256_GCM,data:IJWHWxbhy+gxhxk=,iv:HzMi211JiVfHUhEJm+q/K0tCjUEXDhollUf8Bm+HVA0=,tag:P22Q/h+DUhhJayZftcvVfg==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:0X5x3SATZm25kVf8cu7TGm2t95DneLAqhP16fRQCtROzyZyg,iv:dmlwRmubnRq2fNdNz3lVlAVYpPjVHkFm60IvPcajjds=,tag:eDJYYf3eRw+FxfaHiRDk5Q==,type:str]
|
||||
#ENC[AES256_GCM,data:O3ovvRYzFrQY,iv:/Zs8e6u7wdp18AacZ3WWBvn5PDtXDnQ6ZyqLiyYmvAY=,tag:HmhKBI3aRCIR34vOEnv1iA==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:ee0naewdOjIxA0QEpmUyOSu++sUJQneEufhJBHiyOR7jAPTU,iv:09fZ0dLUZHp9wM2lCiIcTzFey2AkWBmnUCfq8W3FM6Y=,tag:dHBVo/Ok3Q9vy1pIbWC1Kw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:3h+cpSHULgwlI/zOI0IL4t4diDzm7qWW1sOWZqkFRWCB0CAfGyydGNlZkqA=,iv:pVpmw0aEDssQSr724h9NvJqFMHu0NupDfCSt1RWVnUk=,tag:fonuszujTzeo2HqO1OokEw==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:MO+GKj5Ma1weblDjViBXUR5JS8fKoc5XQp6jVimhgip1MiulkUTgJ0Z+ecazAdBh9WnaI65SnLMXLMzk5wiJfblE5KJ+UlSvn7TXKvFPoWw9WXsU96to7D+IZNAYRXj6eMJ6g9j/u01Q348s5F9RE30C9jtk2mwM1n8yyAP/BuwcyyVZK6jOwtE5zsZyinGzLTCyD8pZqhVQ63qdrNMAdvNowl38cVm5pKYsiZiU9r8fzQJXS+5R65rJPxNKJ9CYBI3ca8OGJbY=,iv:bJgHF4CFagARNXFvkNFznzyUit6LsO75RiDTxZGsmr0=,tag:zDX6N6tDoooRUmovhgKsZw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -60,7 +19,7 @@ sops:
|
||||
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
|
||||
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T07:42:38Z"
|
||||
mac: ENC[AES256_GCM,data:fQm8aI6KdoJVxcl4MQP7Q6EZVqmmLFo9A3Hjo/tKZA+VOYvQWFBxIKwy5Cj0SBi4pWsSjwG6pJZ7m6Wh/dDK4KlgkoaXgAYj+efHtScOH5Gkb0sTpAkHNL+/CJ/cO1doXiXRGj47fn1QB9o9WBaomtOWQbzDts4eFs9pdm8TAq4=,iv:91Ilig4j0ELHEatTY7ALKwwr8AzYnRwhKbdWDcufZF4=,tag:UfwaudQTNKu+uryCZjo3mw==,type:str]
|
||||
lastmodified: "2025-11-16T03:46:11Z"
|
||||
mac: ENC[AES256_GCM,data:yRB5Y6raz1eCV/gOoJapJfmtXOEafgu4NyIbUVuyOvwV8XJtMQ3mihvlbi1ETdmNLqo8okiU4I1C/Pbgd2rOuW2E8Ymmcf9WSak+z46+YcXXTjKvYn1XRetae9l9hbB9ib6uBI0FlkhXflpf83yTibSF9codVhRsfRzTHfWPx+A=,iv:U0S5bV5ntwj38TOXc4C1yp6eFnHLxogjQw7hrFqjGLM=,tag:48vY9CStBQLnSHxK/eV+2A==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -21,7 +21,6 @@ inputs:
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
@@ -34,10 +33,13 @@ inputs:
|
||||
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
|
||||
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
|
||||
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
|
||||
"xservernas.chn.moe" = { upstream = "wg0.nas.chn.moe:443"; proxyProtocol = false; };
|
||||
"xservernas.chn.moe" = { upstream = "tinc0.nas.chn.moe:443"; proxyProtocol = false; };
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; })
|
||||
[ "xn--s8w913fdga" "matrix" ]))
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.pc.chn.moe"; })
|
||||
[ "xn--qbtm095lrg0bfka60z" ]));
|
||||
applications =
|
||||
{
|
||||
@@ -49,6 +51,7 @@ inputs:
|
||||
blog = {};
|
||||
sticker = {};
|
||||
tgapi = {};
|
||||
short = {};
|
||||
};
|
||||
};
|
||||
coturn = {};
|
||||
@@ -56,7 +59,8 @@ inputs:
|
||||
mirism = {};
|
||||
fail2ban = {};
|
||||
beesd."/" = {};
|
||||
# bind = {};
|
||||
coredns.interface = "ens18";
|
||||
headscale = {};
|
||||
};
|
||||
};
|
||||
networking.nftables.tables.forward =
|
||||
@@ -64,25 +68,30 @@ inputs:
|
||||
family = "inet";
|
||||
content =
|
||||
let
|
||||
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0";
|
||||
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.srv2-node0";
|
||||
pc = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.pc";
|
||||
in
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname wg0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
tcp dport 7012 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${pc}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7012 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${pc}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname tinc0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,51 +1,12 @@
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str]
|
||||
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
|
||||
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:+MKTpaA8hO8q0kyY0V1csedLOtIf760Vr0+WllGe9lgMJ5da,iv:5txOM3sFOhKVX4EVozb8XHWLU0fUNxCF9YAwTYaTL6c=,tag:jkgOVgiEc5phY1XNETsdpA==,type:str]
|
||||
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
|
||||
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str]
|
||||
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
|
||||
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
|
||||
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:AnZb12dioiCamubOb6fsGWoM55zfPMeRbu+j8bRRcMfSQFJf,iv:rB+4B11JFC0oS2ExUW18f5WvhnE4EuHh3IiEyxWeY3A=,tag:jt+3yxDvhusvB8ppbdAwzw==,type:str]
|
||||
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:+SA+VcZcy5ckuS/46Dn093VvuqxrIACuqMAMx6Ko5yw0DVdW,iv:TeLXb1WI7uhcPDkXYSlKIxdE6Kz+nCnlB+ZYpWcaF4I=,tag:YB0sPD9yHMARhiMJs7JKcA==,type:str]
|
||||
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:Pec0CVGia/ZIaq7WerZlr0/waJ/Ev1OKwt7V3PBxBSFMLi7p,iv:wYTdhv4Xoe58KBIwV1vk/V4IcdVzQrBgmzGaRD7qHQs=,tag:IZVt5LmjTUge8XntujJlTA==,type:str]
|
||||
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:iTZViWyKkCU1y6mvB0NzkXf3I98U/+nCs21ZD6M285YKaU6q,iv:vFgA3sv/7ENcw3gyJLiiHLwroXtVJjAxZXViqjXF3mQ=,tag:u3b9Uu6TIPPYX0TW5X5Sjg==,type:str]
|
||||
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:ID/A7yCWQIWRoU7Emhel2ASZfTweqXYmpC5q6Fm6ptD0XfCu,iv:YrFjIilO4pH+QxVVDTqwkufj2VSC38y9lAJfD8w522I=,tag:1v/T7vWeh0LMi0OL0FVs9g==,type:str]
|
||||
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:esInSvj+a90TAl+b/n9m2iJsH7e6tlQRwSsoLBCy8KA9a0Z3,iv:U4c0pZzqS1s5H6XW3YRSCvDhtxnwCnyKR/tObefX2Rw=,tag:YtY/t4xsmZaj4lC39XQ5SA==,type:str]
|
||||
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:6h343SreoMqz5ZHkdyDI/je4v10r5zBV7cWc6Pj4x5sI2cvE,iv:7WSikMxAZJUnv3+GPq40d8r9JkKRRH/SPW5F5fy5HHY=,tag:6h5Z7+WXT/dLNeEIrC0UGw==,type:str]
|
||||
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:HJj0e6EHXEYmDXlZcS8UlfEQo/4y47w3sYKgb2Ojq6E4vMdE,iv:xThlGl/DDLLgoY5VkBSCx9HIvxy2ZlO5Q987vIMu0lA=,tag:gB07jP6Do4/6RmVaLB3Ecg==,type:str]
|
||||
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:unW8dOhNbPNLWd7X2prpD82tcqUua7msq8nX3ykFs8STsuto,iv:OLaZ9XQDFGaA1VENgsSn/3HQXp957Zf9MD9GPZ4KLE8=,tag:UK27LK+De3AzbI2mEIsQpw==,type:str]
|
||||
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
|
||||
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
|
||||
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:LClSrxtBzuJUD4J4QaYXHUr8XSi+N7Zh193j/YeBZRm9sjgf,iv:djiq3+iVnuKK2HveoCm/j8FezzrHRGnjbyoO6iGm6eA=,tag:N5hqYyvJGxnwT8wbxdnjiA==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
|
||||
send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
coturn:
|
||||
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:5M7EAy/6+2UASWkjxE0Jrxwl0aNdAVZaUjQnD1wU3YvOAQ/c2DSL8hVtKf8=,iv:a2tXFf1+aP0JhdNtzP8e82KJ71m2o8nx+G0wIx4VMig=,tag:l4TS4QBz2fIkC9/GnZgHnQ==,type:str]
|
||||
xray-xmu-client:
|
||||
cookie: ENC[AES256_GCM,data:RZ2WFnsX7s/PVqA7ZKhGqw==,iv:CknFoAcHIiIwJI1IEXkFdWXcOCAZr50pfwmQN72OI8o=,tag:w2pNU1APxlSQsGMIEdE2OA==,type:str]
|
||||
tinc: ENC[AES256_GCM,data:E3OrPA67R48x5FJUW0ZbERlclz8Z/XokAaGTeBQLPEHSeqEArHYSZkdJRZejFrBruJPlGZMPNBQzlIBXOfXKwMnlBDaGJIIJHIzPDGG9W7QF4IIRK/BjVZHFwfKvZtbUDGsqLcCSe5+ttmyucBaFGquXhnD/Tu09uyWtRvS10KAJLY0Z2/16CFB1+8egJIcYw2TFXObo+KR92Va0qwiDSepKaJtYLimDGRKk04QGj+BYa5y8PjIG6bz8UG82mmCiV7XM3EPlSMA=,iv:kawsklNGFbRhxKuUwvNL2WyBxuYu2T/uks1cJ4i8NhA=,tag:V+jAaxQX7JCiR5+wIVW4Nw==,type:str]
|
||||
postgresql:
|
||||
headscale: ENC[AES256_GCM,data:z2cyyT1TcIhNJCBeGn072aFI2nAioWZQvpyzoky4tWtMymKlw4ilOtSYAsp+kaNOoqvWSmoAQNJLNzeDk1iTCQ==,iv:hZdS/CAVBO0k/AmX3qw3YwTYgK49Aeu5QI3YCAduiZ0=,tag:2l4GPV/T2GHjAAUDX3LaEA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -66,7 +27,7 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T05:54:47Z"
|
||||
mac: ENC[AES256_GCM,data:OtHwr58A1UOfYxQR88ay76fWmAyWPl5YtNbAiv0LXPLZPRtLGBJKuTjMaHr17AMepFZ+u5IPV2r8z1AUDj0opLXlv3Ik/DJ2PCcQTOBH+/lnSgzJKWfdCip9/wFR6N3dT0PKKLuBiURB9ZCYmtnq6E5+Guadc6ATYDSEpwbENZQ=,iv:kXsYMGjAtUlv1UqFU8Xv0zagohnpHkzSI72mq5HKY7k=,tag:KR+1A8l2VvbzDZV/00hbJg==,type:str]
|
||||
lastmodified: "2025-11-16T03:45:41Z"
|
||||
mac: ENC[AES256_GCM,data:AnvNGraWYOKZHtmI73wWerrFRNjAlZdcVSPXDsv+x/0Dohq+9KB/PoWoczXQTUy240BDErXp7UrNmNgwyGtUofdQvJqmdJ2vFkTW0VIWJ1Alq489nafdanGwn97P/aluHqF+zhgBCANAGwIVLaEAggR/xCdidcyn01taHpKoVfE=,iv:frCptbX5gtEmjL7XfCIRaB5jwqOLGJkpVuaOoo/Tg6k=,tag:G0C0ZZ0V24YN+vNv4z4xHQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
39
devices/vps9/default.nix
Normal file
39
devices/vps9/default.nix
Normal file
@@ -0,0 +1,39 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-partlabel/vps9-boot"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:06:0a.0";
|
||||
nixpkgs.march = "znver3";
|
||||
initrd.sshd = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
fail2ban = {};
|
||||
xray.server.serverName = "xserver2.vps9.chn.moe";
|
||||
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; })
|
||||
[
|
||||
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
|
||||
"photoprism" "nextcloud" "freshrss" "huginn" "api" "webdav"
|
||||
]);
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
25
devices/vps9/secrets.yaml
Normal file
25
devices/vps9/secrets.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
tinc: ENC[AES256_GCM,data:8XXuOm+sb8Pda3Aiwhv9jdX6Alxy+UUbG1+ZnvM5nIJa8K4RXjSAWv9DEVh2SDpqee1uzhf2IMOBCYzicubb/BPA0vQ90SCC607B/pYb4dFuBiir/4ma5JdIliJmt9yP8qfFZKXYPsocArYoC+IUiwnxNCVjz+Pv+OwYSKJBeSlkwnRr2MAWY/KGeKEcoDrPcRohHvG9f+bcqFuTW40UdMOJNhKM2jKJh0aKcWYJOXGjAdy+41vCvWXH2FIanx0/Zt9qsPb2A8s=,iv:AmNHeAIN8DyzpXdpyM65bzpc4/6egGE7ggjBt04MpkY=,tag:Wl9/b/msR1M/EtnIhws1AQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSDRKMEc0WkR6OHQ1YU5D
|
||||
cFlOeHd3RHVvYVp1NUsyR2dmaEdXUmRLdWdFCjBBcnRDZUdMNTd2WDdOeWdWZDVV
|
||||
cGljYlcveEFUWHFlRHNQY3liVlRKcmMKLS0tIEVIalhmamtlSEZNQVNjWUM2R1dH
|
||||
YWVEN1F3MWVLR1NQeFdHZTZGeTZLWjAKSIgVt9oXe9xuJjPGcemmg/Dj6YCJyTvf
|
||||
5IxdvzGExdX4J93evZC8Zae0WqtCcmveCftyzt+hfCL1A2NHLfxARA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19yt2tszdtnwylqh5qdmg25mlfd8cft0z24x4mp20fnyywfs88cxqgwt9m2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRUJQWDM1Wk9uZ0lITnU1
|
||||
Tm1iUkY1VGlsc2lsV2pFQ0ZqVTQ2aUY1eVFzClpYSytyK2dGSHJUdmtiWGovbWkz
|
||||
UEFFZlhMMzIrTDc1dHExYmRuYndmTmsKLS0tIERUSjJXN1IwVUFjWTFnOUhQZ2Fu
|
||||
VUFBcEpmTDRaWGg2eVZGS0tDdVp0K3cK25bDJaKLhjBUjkJWBNskR0XVOML+3dTl
|
||||
04hKjDrs2TMBB5G9k6pBqqLZhoofxb1UOhlYNXlLE20HSuVntWjCNw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-16T03:45:25Z"
|
||||
mac: ENC[AES256_GCM,data:5X0wV19ir/HvL3bcKv1b+Uw3lt33WpOWZxw3Lcbb1pY4FS2wfKimoFgKtPGM3Xj6cTtfNqw/b/ts5D4scgXH8f2lnYX6Dfk9mtGDQXYZWOJmpLZW5l6EVXZB4Dkc7LJzU0sQ9OwWUFpB746sDZFiwLUWvlgeKeHknJ70p+Psv7I=,iv:cEDWeQPkCuscvthUPJjFu8TD5LqRaJ5MrGG7VdSLfH8=,tag:6gdgy5hkogRBZi/n+slRYw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
14
devices/wlin/default.nix
Normal file
14
devices/wlin/default.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = "haswell"; nixRoot = "/data/gpfs01/wlin/.nix"; nixos = false; };
|
||||
});
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "jykang";
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
482
flake.lock
generated
482
flake.lock
generated
@@ -9,11 +9,11 @@
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758557465,
|
||||
"narHash": "sha256-SeDqOZQoARl/xxEMdej09IScCf77SEQfRAjED7lBgMY=",
|
||||
"lastModified": 1762958586,
|
||||
"narHash": "sha256-1MryKS54NVQld+xDvCN0OBmAC8Jk+HmplqWbuerrhlk=",
|
||||
"owner": "ezKEa",
|
||||
"repo": "aagl-gtk-on-nix",
|
||||
"rev": "944f9903859ad16db762fbe573fb6f05f7367e16",
|
||||
"rev": "0d212e20bebe63b49b588323d37c0cc46bd7000f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -25,12 +25,12 @@
|
||||
"blog": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1757155808,
|
||||
"lastModified": 1759333393,
|
||||
"lfs": true,
|
||||
"narHash": "sha256-dngkmShADPQOziASLZmwXNop0R6O4PlbHYOUAXfaoxs=",
|
||||
"narHash": "sha256-0ruJ4kw82hQZDLp5oIBG2Kq+SBeOUoTSMJzFofOz4Sg=",
|
||||
"ref": "refs/heads/public",
|
||||
"rev": "0b2cb19d9f9da2a8cab440c0053029ec93d263b7",
|
||||
"revCount": 36,
|
||||
"rev": "e6d2bc75a815a8ea73eea24091af10b4eb595b95",
|
||||
"revCount": 37,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/blog-public.git"
|
||||
},
|
||||
@@ -40,6 +40,22 @@
|
||||
"url": "https://git.chn.moe/chn/blog-public.git"
|
||||
}
|
||||
},
|
||||
"brokenaxes": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1756396241,
|
||||
"narHash": "sha256-QqMpfuH+nuDIQrA3DAgdQKk9rUFSrMAudWjb24KTBs4=",
|
||||
"owner": "bendichter",
|
||||
"repo": "brokenaxes",
|
||||
"rev": "b87550715f3c2fa84bf8854de7eb3ef5a1cf3b67",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "bendichter",
|
||||
"repo": "brokenaxes",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bscpkgs": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@@ -47,11 +63,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758416785,
|
||||
"narHash": "sha256-lW13btV9uMhK4l3F1WmcU2XR6iCqXE3Wy9VXSmTKhpw=",
|
||||
"lastModified": 1763052488,
|
||||
"narHash": "sha256-hg4muacBL9oX6S+mSXoi8NSN/qVYtHdvK/ptQFIifCQ=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "bscpkgs",
|
||||
"rev": "8c7e06735023e7eaf0f48d40ab21a1272a3e8406",
|
||||
"rev": "07223e8ca11b7f628e07551454ba8bdb011f1455",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -87,11 +103,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758270360,
|
||||
"narHash": "sha256-yqh6EEhlpVWRoKl85o1s+QZ72UHWTvornnc3C0Ls484=",
|
||||
"lastModified": 1762510976,
|
||||
"narHash": "sha256-KGoSj8qMOOPaNE48RTtuNBbqOvKLTeklnRHWWvE/TXo=",
|
||||
"owner": "catppuccin",
|
||||
"repo": "nix",
|
||||
"rev": "2e0aacdd6abbecd1b1c0511a2fcd1460a6bc6645",
|
||||
"rev": "728cb0a667ce37bb0c68557dba819c7fb54ff1c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -113,11 +129,11 @@
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758066113,
|
||||
"narHash": "sha256-dfoSTG24e8rT18QEFa4IoPd1JaHSaWmBDobja4pT4Mo=",
|
||||
"lastModified": 1763246168,
|
||||
"narHash": "sha256-gUDJZGSOg5syHtQvLImOKL6Eaw4e1ybz4o5pid66kQg=",
|
||||
"owner": "chaotic-cx",
|
||||
"repo": "nyx",
|
||||
"rev": "3dca6a170fc07d0fb265bc7268397cb55a05bc9b",
|
||||
"rev": "6476fbdd52621b4a532309d982d468dc08204151",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -161,18 +177,16 @@
|
||||
"dankmaterialshell": {
|
||||
"inputs": {
|
||||
"dgop": "dgop",
|
||||
"dms-cli": "dms-cli",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"quickshell": "quickshell"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758600599,
|
||||
"narHash": "sha256-3onswXeioU41VylRhhc7dbkxsxrOoI7EQhFA4OgXruQ=",
|
||||
"lastModified": 1763047394,
|
||||
"narHash": "sha256-t3N2dKjI8ineNEPoSk/SsGp0R+7iwMq1rrYCYX4PAmc=",
|
||||
"owner": "AvengeMedia",
|
||||
"repo": "DankMaterialShell",
|
||||
"rev": "b9b173763982461782e6e708bcfcbd0b0adc0499",
|
||||
"rev": "cf75c1aad0c2e5e4c1f5be404d52f7fab6079ad3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -226,11 +240,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1741473158,
|
||||
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
|
||||
"lastModified": 1762521437,
|
||||
"narHash": "sha256-RXN+lcx4DEn3ZS+LqEJSUu/HH+dwGvy0syN7hTo/Chg=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
|
||||
"rev": "07bacc9531f5f4df6657c0a02a806443685f384a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -247,11 +261,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757252286,
|
||||
"narHash": "sha256-QwWQzlxAGvIi6VAc8DQ6ONCKKwtPyaHQW1cQyGbP7Og=",
|
||||
"lastModified": 1762435535,
|
||||
"narHash": "sha256-QhzRn7pYN35IFpKjjxJAj3GPJECuC+VLhoGem3ezycc=",
|
||||
"owner": "AvengeMedia",
|
||||
"repo": "dgop",
|
||||
"rev": "a65a02ddf8bade9c109d055e644e4bd851183bd5",
|
||||
"rev": "6cf638dde818f9f8a2e26d0243179c43cb3458d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -260,27 +274,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"dms-cli": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"dankmaterialshell",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757296630,
|
||||
"narHash": "sha256-3H236F5oIKkqpfnwrvZQs4Y5imKb6JCMFGDkHs8VDjQ=",
|
||||
"owner": "AvengeMedia",
|
||||
"repo": "danklinux",
|
||||
"rev": "dac591711ab30d6b071a5cec674a3d2e04665ee1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "AvengeMedia",
|
||||
"repo": "danklinux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fancy-motd": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
@@ -300,11 +293,11 @@
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1747046372,
|
||||
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
|
||||
"lastModified": 1761588595,
|
||||
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
|
||||
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -316,11 +309,11 @@
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1747046372,
|
||||
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
|
||||
"lastModified": 1761588595,
|
||||
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
|
||||
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -330,22 +323,6 @@
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1747046372,
|
||||
@@ -361,7 +338,7 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_5": {
|
||||
"flake-compat_4": {
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
@@ -383,11 +360,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1756770412,
|
||||
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
|
||||
"lastModified": 1762040540,
|
||||
"narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "4524271976b625a4a605beefd893f270620fd751",
|
||||
"rev": "0010412d62a25d959151790968765a70c436598b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -401,11 +378,11 @@
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1756770412,
|
||||
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
|
||||
"lastModified": 1762980239,
|
||||
"narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "4524271976b625a4a605beefd893f270620fd751",
|
||||
"rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -450,24 +427,6 @@
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
@@ -507,11 +466,11 @@
|
||||
"hextra": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1757969945,
|
||||
"narHash": "sha256-ux2WsM5gRD7v57D+etg4eBFIn7ruQEia3/TXCfwM2bg=",
|
||||
"lastModified": 1760392219,
|
||||
"narHash": "sha256-POueCCNMJApMDEnoLtkUsJgzfXTcXvFSgZ2yMAq6yEY=",
|
||||
"owner": "imfing",
|
||||
"repo": "hextra",
|
||||
"rev": "708358de80535af94fa07d85ff4a6409cf4daa32",
|
||||
"rev": "3551a56b8cdebd38170ecb5990e17ec9130aa457",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -527,11 +486,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758748290,
|
||||
"narHash": "sha256-/U2axzLmPgJb/0J+vQ4XmS++72VZWxJnDblwqTyGmEk=",
|
||||
"lastModified": 1762964643,
|
||||
"narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "2e260431fca7a782e0d0591985f2040944b43541",
|
||||
"rev": "827f2a23373a774a8805f84ca5344654c31f354b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -565,11 +524,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757230583,
|
||||
"narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
|
||||
"lastModified": 1762951919,
|
||||
"narHash": "sha256-ma/xMEGf4J6n/RdZFdxXBJUQhP53HVEPQOC6Dp2TrkQ=",
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
|
||||
"rev": "3d248f6e8f877218dd2573fef8925ac997889922",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -613,11 +572,11 @@
|
||||
"matplotplusplus": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1750413692,
|
||||
"narHash": "sha256-ORqKo5vjpkhXmRI+Lszm1hU3RGFlYY0VaGQ9TvUyZrA=",
|
||||
"lastModified": 1759854995,
|
||||
"narHash": "sha256-+YTwr16yCLrQZNygImgcJ3Tsg3WGDKokjxFBfaRDS8s=",
|
||||
"owner": "alandefreitas",
|
||||
"repo": "matplotplusplus",
|
||||
"rev": "a672f65216db529db0d5619d8b98c53524b63b93",
|
||||
"rev": "24eab5f285af7613f34f08e99c459808f015030f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -626,14 +585,30 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"mirism-old": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1759545870,
|
||||
"narHash": "sha256-gNV2P02jMyP+6FFpr8FvJpjhYiTdd2J5Yjlb2qt5Xlg=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "mirism-old-public",
|
||||
"rev": "3cb635b0933930867c18b84563e97346c7ef4833",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "CHN-beta",
|
||||
"repo": "mirism-old-public",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"misskey": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1759240641,
|
||||
"narHash": "sha256-9gsZ9BpG2vtRf0+PhaoqfZIVfiyvW7zos27M35NE/vc=",
|
||||
"lastModified": 1763024921,
|
||||
"narHash": "sha256-u0eDAO3XAfVICtv+VN58FuMYxOvmBX826gARvzBhR5w=",
|
||||
"ref": "refs/heads/chn-mod",
|
||||
"rev": "f066982b356c17f11aacf996b4dbf224f8115924",
|
||||
"revCount": 27846,
|
||||
"rev": "4c0425d6a229d3a75f2ff01cc30cf90434381cec",
|
||||
"revCount": 28021,
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/CHN-beta/misskey"
|
||||
@@ -647,11 +622,11 @@
|
||||
"mumax": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1754383812,
|
||||
"narHash": "sha256-Gu1Dfgjb2W3ljfvBdrAmlENdHjx6+sYfaxO4m/t1gRo=",
|
||||
"lastModified": 1759225134,
|
||||
"narHash": "sha256-QTOew5Mhcgf+Tgf/V0wyNM+2VJLAttYCHxUfYNSpklg=",
|
||||
"owner": "mumax",
|
||||
"repo": "3",
|
||||
"rev": "c4ff426e871495105606b3bc8e15606dae65212f",
|
||||
"rev": "797c22bd73d6bc86a243d5c770719905f11f3274",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -679,11 +654,11 @@
|
||||
"nc4nix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1758387834,
|
||||
"narHash": "sha256-or5aeO4lu/BI3WjN/mF7ur3xtKaQtEbgqJNimQSKAbA=",
|
||||
"lastModified": 1762970668,
|
||||
"narHash": "sha256-3UMMfjIBsgQFsIYmaLFOyAglmxARMuIFVeDbMtn3nn8=",
|
||||
"owner": "helsinki-systems",
|
||||
"repo": "nc4nix",
|
||||
"rev": "b7fc4e2464f4077a2f24277abb114074715bdfba",
|
||||
"rev": "514c75656197f995c84d6ab5cc37c09d68ad4713",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -704,11 +679,11 @@
|
||||
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758375815,
|
||||
"narHash": "sha256-IAr+n58c+nfxGXmX4NRjfVfV8i5baHnB8LCWlB7XYHo=",
|
||||
"lastModified": 1763030490,
|
||||
"narHash": "sha256-U1xBvM3vbh7GZyc2ahziMVhi4qQyQ8pRwb9l8jD4ShI=",
|
||||
"owner": "sodiboo",
|
||||
"repo": "niri-flake",
|
||||
"rev": "a6b5a4263b1d6b5d1e07babd59bc66e91f492190",
|
||||
"rev": "7920a7b0553e0bebce825b0d9deb575e26f6f6ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -737,11 +712,11 @@
|
||||
"niri-unstable": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1758370089,
|
||||
"narHash": "sha256-0C7695SLx4hU9m3VW4fCrZdvyIY+3kFQTWELHA4hxRQ=",
|
||||
"lastModified": 1763014447,
|
||||
"narHash": "sha256-nmu7S8J9IJKLQyIkSU8QWYHygrfw76NHGTkcr+bXMX0=",
|
||||
"owner": "YaLTeR",
|
||||
"repo": "niri",
|
||||
"rev": "a1dccedbb72da372d2a8a84022f37ccaa4d4a6e6",
|
||||
"rev": "a52df533c4694b5ed0a04140af60fd26146df911",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -795,11 +770,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757822619,
|
||||
"narHash": "sha256-3HIpe3P2h1AUPYcAH9cjuX0tZOqJpX01c0iDwoUYNZ8=",
|
||||
"lastModified": 1762660502,
|
||||
"narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "050a5feb5d1bb5b6e5fc04a7d3d816923a87c9ea",
|
||||
"rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -816,11 +791,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757822619,
|
||||
"narHash": "sha256-3HIpe3P2h1AUPYcAH9cjuX0tZOqJpX01c0iDwoUYNZ8=",
|
||||
"lastModified": 1762660502,
|
||||
"narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "050a5feb5d1bb5b6e5fc04a7d3d816923a87c9ea",
|
||||
"rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -837,11 +812,11 @@
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758332902,
|
||||
"narHash": "sha256-BNfeIARqtUb28MkqmOeoKZ6yDMVrcVGKENK42j1P+nc=",
|
||||
"lastModified": 1762999519,
|
||||
"narHash": "sha256-IGsKTDwfH5InDWXrlaOi8LWm16sCj07yHZZMqLKODZI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix4vscode",
|
||||
"rev": "9d7a3c416c7ad8cce7aa511f5ec25afc847cb955",
|
||||
"rev": "1d5e89eb04ef970c645338f92472782fcd96f1a4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -869,12 +844,12 @@
|
||||
"nixos-wallpaper": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1757571059,
|
||||
"lastModified": 1763054325,
|
||||
"lfs": true,
|
||||
"narHash": "sha256-1Uc16Z/ji8j1xzCzLn497coFxSc53JopVW0TFHPL6+o=",
|
||||
"narHash": "sha256-n9Kn7g7u8pi3U1xoNqNHcxzq4K6I5P1TpuZVnme4yLY=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "d14321b09e94a4e071575246c296bffdf89978b5",
|
||||
"revCount": 11,
|
||||
"rev": "8d07487c8979691f2c145f88580a0ce615d49fd7",
|
||||
"revCount": 13,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
|
||||
},
|
||||
@@ -918,11 +893,11 @@
|
||||
},
|
||||
"nixpkgs-2311": {
|
||||
"locked": {
|
||||
"lastModified": 1735377590,
|
||||
"narHash": "sha256-U9W9H/HYoaKa5wzSL2IBmnFDhxlesuKAcKi/hl5xPvE=",
|
||||
"lastModified": 1760234929,
|
||||
"narHash": "sha256-4W0o4O8ANykPCOQD2Jb6pdGerDSLNzIVNF7AoVNMZvM=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0c3e74a65634ae3f43be7d0f6c3b5156ac54747b",
|
||||
"rev": "66170f3c82eecdee7dcd29a7e72ed87965bde4fc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -948,22 +923,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-24_05": {
|
||||
"locked": {
|
||||
"lastModified": 1735563628,
|
||||
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-2505": {
|
||||
"locked": {
|
||||
"lastModified": 1758415798,
|
||||
@@ -982,11 +941,11 @@
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1754788789,
|
||||
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
|
||||
"lastModified": 1761765539,
|
||||
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
|
||||
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -997,11 +956,11 @@
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1758216857,
|
||||
"narHash": "sha256-h1BW2y7CY4LI9w61R02wPaOYfmYo82FyRqHIwukQ6SY=",
|
||||
"lastModified": 1762756533,
|
||||
"narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d2ed99647a4b195f0bcc440f76edfa10aeb3b743",
|
||||
"rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1013,11 +972,11 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1758416163,
|
||||
"narHash": "sha256-IycvqFyIqyG9mhqwm/4I0mi8u0vY847sBJ/Tt0yY9CY=",
|
||||
"lastModified": 1763104824,
|
||||
"narHash": "sha256-nkckSU31gPVbML/csW8B/CA4Z9hkOTxg0w0eFPr7W+U=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ad10336d56fcc811dc4bc5af2f8f2d0b71a407d0",
|
||||
"rev": "f944372b577d3bb5a4cec7a6848a412bb7ca1beb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1034,11 +993,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758416819,
|
||||
"narHash": "sha256-ouVcRdXQsf7YcJeLnwlqUJPiaQ7lBSu0/UZF+9KQmCo=",
|
||||
"lastModified": 1763052523,
|
||||
"narHash": "sha256-G3iF52AuBi12uuHgVvO+IzarzOO1plNVZOTd99q5lXA=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "NixVirt",
|
||||
"rev": "df403740a490a9699bcbe3feb9a09b355ba1ab40",
|
||||
"rev": "c4a501ab81d2cc6b2497291688c28beaf96688b1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1050,11 +1009,11 @@
|
||||
"nu-scripts": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1758340610,
|
||||
"narHash": "sha256-Bof9bsQZnjtc9MLcuTIjdtsX/lbWGKc1u9HgGZp8uD8=",
|
||||
"lastModified": 1762863367,
|
||||
"narHash": "sha256-oxnXzxQkNccCs36j+aMzg4QGHDcX7niJruqxCkeg0LM=",
|
||||
"owner": "nushell",
|
||||
"repo": "nu_scripts",
|
||||
"rev": "7ea6780a4137bef1d683fb16989c19a945891b54",
|
||||
"rev": "ff8092707054ad091d67bd408374a39977e33c1b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1077,11 +1036,11 @@
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758385983,
|
||||
"narHash": "sha256-5jD5KKnOwySdzMrNFxJhcQx2qvTtAnxF88+Q8DMW3vA=",
|
||||
"lastModified": 1763046252,
|
||||
"narHash": "sha256-huWS9G1Y1+KdFqsYVHYe4kUhCA6eyIzsy2WoFQzYsbc=",
|
||||
"owner": "linyinfeng",
|
||||
"repo": "nur-packages",
|
||||
"rev": "11a5e4e59f6226329d9108bbe588fe55d7e3c35e",
|
||||
"rev": "a33dfd5a6da019ca7824d7704276e94cf1af00bf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1098,17 +1057,15 @@
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-24_05": "nixpkgs-24_05",
|
||||
"nvfetcher": "nvfetcher_2",
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758266791,
|
||||
"narHash": "sha256-pkcLfIFyTGxEEzkySsKFj61n4+8I9K3Q385rakjnfrE=",
|
||||
"lastModified": 1763033672,
|
||||
"narHash": "sha256-T/8lDOk3+jTKxIG33Uhveh3W7Adwz6kapJe7jfQXRa0=",
|
||||
"owner": "xddxdd",
|
||||
"repo": "nur-packages",
|
||||
"rev": "56da5271155907d90367506783e2e97d3106cec2",
|
||||
"rev": "f6796590b8351f1231b3ca79aaee8403196c785d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1133,34 +1090,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758352462,
|
||||
"narHash": "sha256-WsQb7grsm5IlPPGftzlaM41QtGRo/8NU53n9OwJMxdo=",
|
||||
"lastModified": 1760948256,
|
||||
"narHash": "sha256-nIsrxp6n1nQ63n1JTDaO/18RjvYbW9GVkanTP4G6Y18=",
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"rev": "c0b235b4476c968c3683485610e1ea7f024cef9e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nvfetcher_2": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nur-xddxdd",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732501185,
|
||||
"narHash": "sha256-Z0BpHelaGQsE5VD9hBsBHsvMU9h+Xt0kfkDJyFivZOU=",
|
||||
"owner": "berberman",
|
||||
"repo": "nvfetcher",
|
||||
"rev": "bdb14eab6fe9cefc29efe01e60c3a3f616d6b62a",
|
||||
"rev": "cb958b35b647c8a79fbd9d79764accc5e5a9a430",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1189,16 +1123,16 @@
|
||||
"phono3py": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1746016609,
|
||||
"narHash": "sha256-Rcy611E8oLJQ/YtK7t1qaAeLllfJMgF6GwF58mZioNg=",
|
||||
"lastModified": 1761222649,
|
||||
"narHash": "sha256-UokZVrvXs39itenMXpHis7AaTzEM78D1Pm2/EnYrCn0=",
|
||||
"owner": "phonopy",
|
||||
"repo": "phono3py",
|
||||
"rev": "f0c26cec8a98f08d2e7d48dda6467008744c48c9",
|
||||
"rev": "2cce73cd2405f63a7d70f3bc25de94ee9561e134",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "phonopy",
|
||||
"ref": "v3.15.1",
|
||||
"ref": "v3.19.4",
|
||||
"repo": "phono3py",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -1213,11 +1147,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758185783,
|
||||
"narHash": "sha256-6fX2CG8PzdBNwJGBISnf/nVHUVMZdCsekT1mP672Uh8=",
|
||||
"lastModified": 1762784320,
|
||||
"narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=",
|
||||
"owner": "pjones",
|
||||
"repo": "plasma-manager",
|
||||
"rev": "6a7d78cebd9a0f84a508bec9bc47ac504c5f51f4",
|
||||
"rev": "7911a0f8a44c7e8b29d031be3149ee8943144321",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1229,11 +1163,11 @@
|
||||
"pocketfft": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1732968445,
|
||||
"narHash": "sha256-Fu786IHiU6Bl66gZ/UJmqOROjlya3viLyzOxwdZVi9c=",
|
||||
"lastModified": 1761469012,
|
||||
"narHash": "sha256-d4QeaJXdv3UA+j+VmJntX48RRsufED1Zt2KO0YBwMgA=",
|
||||
"owner": "mreineck",
|
||||
"repo": "pocketfft",
|
||||
"rev": "0fa0ef591e38c2758e3184c6c23e497b9f732ffa",
|
||||
"rev": "956c0e10062914c5c8d498a5c99edf2b227b3881",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1244,7 +1178,7 @@
|
||||
},
|
||||
"pre-commit-hooks-nix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"nur-xddxdd",
|
||||
@@ -1252,11 +1186,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757974173,
|
||||
"narHash": "sha256-4DpXmct/2rcLgScT1CXOLr0TUeIlrBB1rnFqCOf5MUw=",
|
||||
"lastModified": 1762868777,
|
||||
"narHash": "sha256-QqS72GvguP56oKDNUckWUPNJHjsdeuXh5RyoKz0wJ+E=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "302af509428169db34f268324162712d10559f74",
|
||||
"rev": "c5c3147730384576196fb5da048a6e45dee10d56",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1300,31 +1234,11 @@
|
||||
"url": "https://github.com/dean0x7d/pybinding"
|
||||
}
|
||||
},
|
||||
"quickshell": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"dankmaterialshell",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1756981260,
|
||||
"narHash": "sha256-GhuD9QVimjynHI0OOyZsqJsnlXr2orowh9H+HYz4YMs=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "6eb12551baf924f8fdecdd04113863a754259c34",
|
||||
"revCount": 672,
|
||||
"type": "git",
|
||||
"url": "https://git.outfoxxed.me/quickshell/quickshell"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.outfoxxed.me/quickshell/quickshell"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"aagl": "aagl",
|
||||
"blog": "blog",
|
||||
"brokenaxes": "brokenaxes",
|
||||
"bscpkgs": "bscpkgs",
|
||||
"buildproxy": "buildproxy",
|
||||
"catppuccin": "catppuccin",
|
||||
@@ -1340,6 +1254,7 @@
|
||||
"lepton": "lepton",
|
||||
"mac-style": "mac-style",
|
||||
"matplotplusplus": "matplotplusplus",
|
||||
"mirism-old": "mirism-old",
|
||||
"misskey": "misskey",
|
||||
"mumax": "mumax",
|
||||
"nameof": "nameof",
|
||||
@@ -1382,11 +1297,11 @@
|
||||
"rsshub": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1758329173,
|
||||
"narHash": "sha256-/xvlpCOL55MjBYsw5wOEdNAelRVLuVBksrd5sw7CXCI=",
|
||||
"lastModified": 1763052581,
|
||||
"narHash": "sha256-UvzRklv7KgvpkrBH5RjZ6PhHnO806w+7vsN3ZIaxYFk=",
|
||||
"owner": "DIYgod",
|
||||
"repo": "RSSHub",
|
||||
"rev": "eedb725e46ed2df8071f53fa36544b96230b39a4",
|
||||
"rev": "2ae10a7a0277280df9ca75d3dc8a7744322e0624",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1400,11 +1315,11 @@
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1754575663,
|
||||
"narHash": "sha256-afOx8AG0KYtw7mlt6s6ahBBy7eEHZwws3iCRoiuRQS4=",
|
||||
"lastModified": 1761791894,
|
||||
"narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "6db0fb0e9cec2e9729dc52bf4898e6c135bb8a0f",
|
||||
"rev": "59c45eb69d9222a4362673141e00ff77842cd219",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1421,11 +1336,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757930296,
|
||||
"narHash": "sha256-Z9u5VszKs8rfEvg2AsFucWEjl7wMtAln9l1b78cfBh4=",
|
||||
"lastModified": 1763087910,
|
||||
"narHash": "sha256-eB9Z1mWd1U6N61+F8qwDggX0ihM55s4E0CluwNukJRU=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "09442765a05c2ca617c20ed68d9613da92a2d96b",
|
||||
"rev": "cf4a68749733d45c0420726596367acd708eb2e8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1437,11 +1352,11 @@
|
||||
"rycee": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1758295658,
|
||||
"narHash": "sha256-PsQSN226ZZ4KnweNspxKTzF8ztdPOAT6+gpGkxnygpg=",
|
||||
"lastModified": 1763006617,
|
||||
"narHash": "sha256-NWZA7oqOfzIpFiM2r5J0UIzOIwC0Gz51VTG2cfR3aH4=",
|
||||
"owner": "rycee",
|
||||
"repo": "nur-expressions",
|
||||
"rev": "7c0e1d343108cbaaf448353fadb62190246251a8",
|
||||
"rev": "cf9737d7dd92ccf355f1b910817275b76363fdb9",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
@@ -1457,11 +1372,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758007585,
|
||||
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
|
||||
"lastModified": 1763023272,
|
||||
"narHash": "sha256-TCVNCn/GcKhwm+WlSJEZEPW4ISQdU9ICIU3lTiOLBYc=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
|
||||
"rev": "b80c966e70fa0615352c9596315678df1de75801",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1473,11 +1388,11 @@
|
||||
"speedtest": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1739473165,
|
||||
"narHash": "sha256-QimemnDZXlL5Ip+RFD0uxO21Aaol3kCw6Mf/0E3jHQc=",
|
||||
"lastModified": 1760780239,
|
||||
"narHash": "sha256-xiSGW1Agc3OXYB/xwwHiND5P0+9W3aQcJlekthQxPK4=",
|
||||
"owner": "librespeed",
|
||||
"repo": "speedtest",
|
||||
"rev": "a1c43977ad9bf73f09f81e8df3c22ea914ab9131",
|
||||
"rev": "4458c6994023f2ea35a4c10c8138e5f3d4b39516",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1582,29 +1497,14 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_4": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tgbot-cpp": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1757186324,
|
||||
"narHash": "sha256-gMTxU0FgtwAzeHHkkOLnA/TujfRi+Q1eaCcz7K507NU=",
|
||||
"lastModified": 1762461065,
|
||||
"narHash": "sha256-Ys22LgOnZ4bs8YUr78QkzwFYxKIfY+X7nb7MTtc+Un8=",
|
||||
"owner": "reo7sp",
|
||||
"repo": "tgbot-cpp",
|
||||
"rev": "f52c0b841550a74045e37c9d17a2011c355a08df",
|
||||
"rev": "a649622aab28291bce351734f37afeeb88c27c04",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1621,11 +1521,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758206697,
|
||||
"narHash": "sha256-/DbPkh6PZOgfueCbs3uzlk4ASU2nPPsiVWhpMCNkAd0=",
|
||||
"lastModified": 1761311587,
|
||||
"narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "128222dc911b8e2e18939537bed1762b7f3a04aa",
|
||||
"rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1642,11 +1542,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1756662192,
|
||||
"narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
|
||||
"lastModified": 1762938485,
|
||||
"narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
|
||||
"rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1658,12 +1558,12 @@
|
||||
"ufo": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1743502543,
|
||||
"lastModified": 1762315512,
|
||||
"lfs": true,
|
||||
"narHash": "sha256-8ltPlFW1IRECUE2iaS5S5lLqKSDcF/k4RNH6NuAAPig=",
|
||||
"narHash": "sha256-tTVQrXhnfFdrRwYJ60mpGdlbvUOE6egAxtqD0d80Crw=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "745353d0896b31bb239abf6dd909dec29bfc866a",
|
||||
"revCount": 79,
|
||||
"rev": "dc6b431bf92db5ba22aac745a90e058528d9b5e3",
|
||||
"revCount": 85,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/ufo.git"
|
||||
},
|
||||
@@ -1708,8 +1608,8 @@
|
||||
},
|
||||
"winapps": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_5",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
@@ -1749,11 +1649,11 @@
|
||||
"xwayland-satellite-unstable": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1757179758,
|
||||
"narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=",
|
||||
"lastModified": 1762747449,
|
||||
"narHash": "sha256-Z1TKiux8K09a93w4PFDFsj8HFugXNy3iCC3Z8MpR5Rk=",
|
||||
"owner": "Supreeeme",
|
||||
"repo": "xwayland-satellite",
|
||||
"rev": "970728d0d9d1eada342bb8860af214b601139e58",
|
||||
"rev": "6338574bc5c036487486acde264f38f39ea15fad",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -62,10 +62,12 @@
|
||||
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
|
||||
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
|
||||
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
|
||||
phono3py = { url = "github:phonopy/phono3py/v3.15.1"; flake = false; };
|
||||
phono3py = { url = "github:phonopy/phono3py/v3.19.4"; flake = false; };
|
||||
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
|
||||
speedtest = { url = "github:librespeed/speedtest"; flake = false; };
|
||||
pybinding = { url = "git+https://github.com/dean0x7d/pybinding?submodules=1"; flake = false; };
|
||||
brokenaxes = { url = "github:bendichter/brokenaxes"; flake = false; };
|
||||
mirism-old = { url = "github:CHN-beta/mirism-old-public"; flake = false; };
|
||||
};
|
||||
|
||||
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
|
||||
|
||||
@@ -1,31 +1,32 @@
|
||||
localLib:
|
||||
{ lib, localLib }:
|
||||
let
|
||||
cname =
|
||||
{
|
||||
nas = [ "initrd.nas" ];
|
||||
office = [ "srv2-node0" "xserverxmu" ];
|
||||
vps4 =
|
||||
[
|
||||
"initrd.vps4" "xserver2.vps4"
|
||||
# to nas
|
||||
"git" "grafana" "matrix" "peertube" "send" "vikunja" "铜锣湾" "xservernas" "chat" "freshrss" "huginn" "nextcloud"
|
||||
"photoprism" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
|
||||
];
|
||||
office = [ "xserverxmu" "srv2-node0" ];
|
||||
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
|
||||
vps6 =
|
||||
[
|
||||
"blog" "catalog" "coturn" "element" "initrd.vps6" "sticker" "synapse-admin" "tgapi" "ua" "xserver2"
|
||||
"xserver2.vps6"
|
||||
"xserver2.vps6" "s" "headscale"
|
||||
# to pc
|
||||
"铜锣湾实验室"
|
||||
];
|
||||
"xlog.autoroute" = [ "xlog" ];
|
||||
"wg0.srv1-node0" = [ "wg0.srv1" ];
|
||||
"wg0.srv2-node0" = [ "wg0.srv2" ];
|
||||
"tinc0.srv1-node0" = [ "tinc0.srv1" ];
|
||||
"tinc0.srv2-node0" = [ "tinc0.srv2" ];
|
||||
srv1-node0 = [ "srv1" ];
|
||||
srv2-node0 = [ "srv2" ];
|
||||
"wg1.pc" = [ "nix-store" ];
|
||||
"wg1.nas" = [ "nix-store.nas" ];
|
||||
"wg0.nas" = [ "ssh.git" ];
|
||||
"pc.ts" = [ "nix-store" "chat" ];
|
||||
"nas.ts" = [ "nix-store.nas" "ssh.git" ];
|
||||
autoroute = [ "铜锣湾" "matrix" ];
|
||||
vps9 =
|
||||
[
|
||||
"initrd.vps9" "xserver2.vps9"
|
||||
# to nas
|
||||
"git" "grafana" "peertube" "send" "vikunja" "xservernas" "freshrss" "huginn" "nextcloud"
|
||||
"photoprism" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
|
||||
];
|
||||
};
|
||||
a =
|
||||
{
|
||||
@@ -35,13 +36,15 @@ let
|
||||
srv1-node0 = "59.77.36.250";
|
||||
vps4 = "104.234.37.61";
|
||||
vps6 = "144.34.225.59";
|
||||
vps9 = "154.3.39.17";
|
||||
search = "127.0.0.1";
|
||||
srv1-node1 = "192.168.178.2";
|
||||
srv1-node2 = "192.168.178.3";
|
||||
srv2-node1 = "192.168.178.2";
|
||||
srv2-node2 = "192.168.178.3";
|
||||
"409test" = "192.168.1.5";
|
||||
};
|
||||
wireguard = import ./wireguard.nix;
|
||||
tinc = import ./tinc.nix;
|
||||
in
|
||||
{
|
||||
"" =
|
||||
@@ -59,6 +62,7 @@ in
|
||||
];
|
||||
"_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
|
||||
autoroute = { type = "NS"; values = "vps6.chn.moe."; };
|
||||
ts = { type = "NS"; values = "vps6.chn.moe."; };
|
||||
"mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
|
||||
"webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
|
||||
"x._domainkey" =
|
||||
@@ -75,12 +79,6 @@ in
|
||||
// builtins.listToAttrs (builtins.map
|
||||
(a: {inherit (a) name; value = { inherit (a) value; type = "A"; }; })
|
||||
(localLib.attrsToList a))
|
||||
// builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(net: builtins.map
|
||||
(peer:
|
||||
{
|
||||
name = "${net.name}.${peer.name}";
|
||||
value = { type = "A"; value = "192.168.${builtins.toString net.value}.${builtins.toString peer.value}"; };
|
||||
})
|
||||
(localLib.attrsToList wireguard.peer))
|
||||
(localLib.attrsToList wireguard.net)))
|
||||
// lib.mapAttrs'
|
||||
(n: v: lib.nameValuePair "tinc0.${n}" { type = "A"; value = "192.168.85.${builtins.toString v}"; })
|
||||
tinc
|
||||
|
||||
13
flake/dns/config/tinc.nix
Normal file
13
flake/dns/config/tinc.nix
Normal file
@@ -0,0 +1,13 @@
|
||||
{
|
||||
vps4 = 2;
|
||||
vps6 = 1;
|
||||
vps9 = 5;
|
||||
pc = 3;
|
||||
nas = 4;
|
||||
srv1-node0 = 9;
|
||||
srv1-node1 = 6;
|
||||
srv1-node2 = 8;
|
||||
srv2-node0 = 7;
|
||||
srv2-node1 = 10;
|
||||
srv2-node2 = 11;
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
{
|
||||
net = { wg0 = 83; wg1 = 84; };
|
||||
peer =
|
||||
{
|
||||
vps4 = 2;
|
||||
vps6 = 1;
|
||||
pc = 3;
|
||||
nas = 4;
|
||||
srv1-node0 = 9;
|
||||
srv1-node1 = 6;
|
||||
srv1-node2 = 8;
|
||||
srv2-node0 = 7;
|
||||
srv2-node1 = 10;
|
||||
};
|
||||
}
|
||||
@@ -4,7 +4,7 @@ let
|
||||
let addTtl' = attrs: attrs // { octodns.cloudflare.auto-ttl = true; };
|
||||
in builtins.mapAttrs (n: v: if builtins.isList v then builtins.map addTtl' v else addTtl' v) config;
|
||||
config = builtins.listToAttrs (builtins.map
|
||||
(domain: { name = domain; value = import ./config/${domain}.nix localLib; })
|
||||
(domain: { name = domain; value = import ./config/${domain}.nix { inherit lib localLib; }; })
|
||||
[ "chn.moe" "nekomia.moe" "mirism.one" ]);
|
||||
configDir = symlinkJoin
|
||||
{
|
||||
@@ -15,7 +15,7 @@ let
|
||||
};
|
||||
meta.config = config //
|
||||
{
|
||||
wireguard = import ./config/wireguard.nix;
|
||||
tinc = import ./config/tinc.nix;
|
||||
"chn.moe" = config."chn.moe"
|
||||
// {
|
||||
# 查询域名对应的 ip
|
||||
|
||||
@@ -29,7 +29,6 @@ let
|
||||
{
|
||||
oneapiArch = let match.znver5 = "znver4"; in match.${nixpkgs.march} or nixpkgs.march;
|
||||
nvhpcArch = nixpkgs.march;
|
||||
# contentAddressedByDefault = true;
|
||||
})
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.nixRoot or null != null)
|
||||
{ nix = { storeDir = "${nixpkgs.nixRoot}/store"; stateDir = "${nixpkgs.nixRoot}/state"; }; });
|
||||
@@ -64,12 +63,14 @@ in platformConfig //
|
||||
};
|
||||
libvirt = (prev.libvirt.override { iptables = final.nftables; }).overrideAttrs
|
||||
(prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
|
||||
tailscale = prev.tailscale.override { iptables = final.nftables; };
|
||||
root = prev.root.overrideAttrs (prev: { cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ]; });
|
||||
boost188 = prev.boost188.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./boost188.patch ]; });
|
||||
chromium = prev.chromium.override (prev:
|
||||
{ commandLineArgs = prev.commandLineArgs or "" + " --disable-features=GlobalShortcutsPortal"; });
|
||||
google-chrome = prev.google-chrome.override (prev:
|
||||
{ commandLineArgs = prev.commandLineArgs or "" + " --disable-features=GlobalShortcutsPortal"; });
|
||||
xray = prev.xray.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./xray.patch ]; });
|
||||
}
|
||||
// (
|
||||
let
|
||||
@@ -126,52 +127,35 @@ in platformConfig //
|
||||
)
|
||||
// (inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx512Support)
|
||||
{ gsl = prev.gsl.overrideAttrs { doCheck = false; }; })
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx512Support)
|
||||
# { libhwy = prev.libhwy.override { stdenv = final.genericPackages.stdenv; }; })
|
||||
// (inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.sse4_1Support)
|
||||
{
|
||||
frei0r = final.genericPackages.frei0r;
|
||||
valkey = final.genericPackages.valkey;
|
||||
})
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
assimp = prev.assimp.override { stdenv = final.genericPackages.stdenv; };
|
||||
redis = prev.redis.overrideAttrs (prev: { doCheck = false; });
|
||||
wannier90 = prev.wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; };
|
||||
xen = prev.xen.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./xen.patch ]; });
|
||||
# libinsane = prev.libinsane.overrideAttrs (prev:
|
||||
# { nativeCheckInputs = builtins.filter (p: p.pname != "valgrind") prev.nativeCheckInputs; });
|
||||
lib2geom = prev.lib2geom.overrideAttrs (prev: { doCheck = false; });
|
||||
libreoffice-qt6-fresh = prev.libreoffice-qt6-fresh.override (prev:
|
||||
libreoffice-qt6-still = prev.libreoffice-qt6-still.override (prev:
|
||||
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
|
||||
''
|
||||
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
|
||||
'';});});
|
||||
opencolorio = prev.opencolorio.overrideAttrs (prev: { doCheck = false; });
|
||||
# openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
|
||||
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
|
||||
# valkey = prev.valkey.overrideAttrs { doCheck = false; };
|
||||
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
|
||||
simde = prev.simde.override { stdenv = final.genericPackages.stdenv; };
|
||||
# ctranslate2 = prev.ctranslate2.overrideAttrs (prev:
|
||||
# { cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
(
|
||||
{ picosvg = prev.picosvg.overridePythonAttrs { doCheck = false; }; }
|
||||
# {
|
||||
# scipy = prev.scipy.overridePythonAttrs (prev:
|
||||
# { disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
|
||||
# rich = prev.rich.overridePythonAttrs (prev:
|
||||
# { disabledTests = prev.disabledTests or [] ++ [ "test_brokenpipeerror" ]; });
|
||||
# }
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx2Support)
|
||||
# {
|
||||
# numcodecs = prev.numcodecs.overridePythonAttrs (prev:
|
||||
# {
|
||||
# disabledTests = prev.disabledTests or []
|
||||
# ++ [ "test_encode_decode" "test_partial_decode" "test_blosc" ];
|
||||
# });
|
||||
# })
|
||||
))];
|
||||
# inherit (final.pkgs-2411) intelPackages_2023;
|
||||
{
|
||||
picosvg = prev.picosvg.overridePythonAttrs { doCheck = false; };
|
||||
aiocache = prev.aiocache.overridePythonAttrs { doCheck = false; };
|
||||
})];
|
||||
ctranslate2 = prev.ctranslate2.overrideAttrs (prev:
|
||||
{ cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
|
||||
# valkey = final.redis;
|
||||
})
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
|
||||
# { c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.arch or null == "aarch64") { nix = final.nixVersions.nix_2_29; })
|
||||
)];
|
||||
}
|
||||
|
||||
30
flake/lib/buildNixpkgsConfig/xray.patch
Normal file
30
flake/lib/buildNixpkgsConfig/xray.patch
Normal file
@@ -0,0 +1,30 @@
|
||||
diff --git a/app/dns/nameserver_doh.go b/app/dns/nameserver_doh.go
|
||||
index cba59423..19c6d34f 100644
|
||||
--- a/app/dns/nameserver_doh.go
|
||||
+++ b/app/dns/nameserver_doh.go
|
||||
@@ -1,7 +1,7 @@
|
||||
package dns
|
||||
|
||||
import (
|
||||
- "bytes"
|
||||
+ "encoding/base64"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
go_errors "errors"
|
||||
@@ -188,14 +188,13 @@ func (s *DoHNameServer) sendQuery(ctx context.Context, noResponseErrCh chan<- er
|
||||
}
|
||||
|
||||
func (s *DoHNameServer) dohHTTPSContext(ctx context.Context, b []byte) ([]byte, error) {
|
||||
- body := bytes.NewBuffer(b)
|
||||
- req, err := http.NewRequest("POST", s.dohURL, body)
|
||||
+ query := fmt.Sprintf("%s?dns=%s", s.dohURL, base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(b))
|
||||
+ req, err := http.NewRequest("GET", query, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
req.Header.Add("Accept", "application/dns-message")
|
||||
- req.Header.Add("Content-Type", "application/dns-message")
|
||||
|
||||
req.Header.Set("X-Padding", strings.Repeat("X", int(crypto.RandBetween(100, 1000))))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
singles = [ "nas" "pc" "vps4" "vps6" "r2s" ];
|
||||
cluster = { srv1 = 3; srv2 = 2; };
|
||||
singles = [ "nas" "pc" "vps4" "vps6" "vps9" "r2s" ];
|
||||
cluster = { srv1 = 3; srv2 = 3; };
|
||||
deviceModules = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
|
||||
@@ -28,7 +28,8 @@
|
||||
gfortran = pkgs.pkgsStatic.gfortran;
|
||||
lapack = pkgs.pkgsStatic.openblas;
|
||||
};
|
||||
jykang = import ../devices/jykang.xmuhpc { inherit inputs localLib; };
|
||||
jykang = import ../devices/jykang { inherit inputs localLib; };
|
||||
wlin = import ../devices/wlin { inherit inputs localLib; };
|
||||
xmuhk = import ../devices/xmuhk { inherit inputs localLib; };
|
||||
src =
|
||||
let getDrv = x:
|
||||
|
||||
@@ -124,14 +124,6 @@
|
||||
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
|
||||
};
|
||||
};
|
||||
# nix-store --query --hash $(nix store add-path . --name 'mirism')
|
||||
mirism-old = pkgs.requireFile
|
||||
{
|
||||
name = "mirism";
|
||||
sha256 = "1zhhzwi325g21kqdip7zzw1i9b354h1wpzd4zhzb1ql9kjdh87q3";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
pslist =
|
||||
{
|
||||
version = "1.4.0";
|
||||
|
||||
@@ -14,17 +14,12 @@ inputs: let inherit (inputs) topInputs; in
|
||||
topInputs.nixvirt.nixosModules.default
|
||||
topInputs.niri.nixosModules.niri
|
||||
{ config.niri-flake.cache.enable = false; }
|
||||
(inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
home-manager.sharedModules =
|
||||
[
|
||||
topInputs.plasma-manager.homeModules.plasma-manager
|
||||
topInputs.catppuccin.homeModules.catppuccin
|
||||
topInputs.dankmaterialshell.homeModules.dankMaterialShell
|
||||
];
|
||||
};
|
||||
})
|
||||
{ config.home-manager.sharedModules =
|
||||
[
|
||||
topInputs.plasma-manager.homeModules.plasma-manager
|
||||
topInputs.catppuccin.homeModules.catppuccin
|
||||
topInputs.dankmaterialshell.homeModules.dankMaterialShell.default
|
||||
topInputs.dankmaterialshell.homeModules.dankMaterialShell.niri
|
||||
];}
|
||||
] ++ (inputs.localLib.findModules ./.);
|
||||
}
|
||||
|
||||
28
modules/hardware/asus/asusd.ron
Normal file
28
modules/hardware/asus/asusd.ron
Normal file
@@ -0,0 +1,28 @@
|
||||
(
|
||||
charge_control_end_threshold: 100,
|
||||
disable_nvidia_powerd_on_battery: true,
|
||||
ac_command: "",
|
||||
bat_command: "",
|
||||
platform_profile_linked_epp: true,
|
||||
platform_profile_on_battery: Quiet,
|
||||
change_platform_profile_on_battery: false,
|
||||
platform_profile_on_ac: Performance,
|
||||
change_platform_profile_on_ac: false,
|
||||
profile_quiet_epp: Power,
|
||||
profile_balanced_epp: Performance,
|
||||
profile_custom_epp: Performance,
|
||||
profile_performance_epp: Performance,
|
||||
ac_profile_tunings: {
|
||||
Performance: (
|
||||
enabled: false,
|
||||
group: {},
|
||||
),
|
||||
},
|
||||
dc_profile_tunings: {
|
||||
Balanced: (
|
||||
enabled: false,
|
||||
group: {},
|
||||
),
|
||||
},
|
||||
armoury_settings: {},
|
||||
)
|
||||
@@ -4,7 +4,11 @@ inputs:
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.hardware) asus; in inputs.lib.mkIf (asus != null)
|
||||
{
|
||||
services.asusd = { enable = true; enableUserService = true; };
|
||||
programs.rog-control-center.enable = true;
|
||||
services =
|
||||
{
|
||||
asusd = { enable = true; enableUserService = true; asusdConfig.source = ./asusd.ron; };
|
||||
supergfxd.enable = false;
|
||||
};
|
||||
programs.rog-control-center = { enable = true; autoStart = true; };
|
||||
};
|
||||
}
|
||||
@@ -5,8 +5,8 @@ inputs:
|
||||
type = types.nullOr (types.enum [ "intel" "amd" ]);
|
||||
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
|
||||
if march == null then null
|
||||
else if inputs.lib.hasPrefix "znver" march then "amd"
|
||||
else if (inputs.lib.hasSuffix "lake" march)
|
||||
else if inputs.lib.hasInfix "znver" march then "amd"
|
||||
else if (inputs.lib.hasInfix "lake" march)
|
||||
|| (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ])
|
||||
then "intel"
|
||||
else null;
|
||||
@@ -22,7 +22,7 @@ inputs:
|
||||
(inputs.lib.mkIf (cpu == "amd")
|
||||
{
|
||||
hardware.cpu.amd = { updateMicrocode = true; ryzen-smu.enable = true; };
|
||||
environment.systemPackages = with inputs.pkgs; [ zenmonitor ];
|
||||
environment.systemPackages = with inputs.pkgs; [ zenmonitor ryzenadj ];
|
||||
programs.ryzen-monitor-ng.enable = true;
|
||||
})
|
||||
]);
|
||||
|
||||
@@ -4,18 +4,16 @@ inputs:
|
||||
options.nixos.hardware =
|
||||
let
|
||||
inherit (inputs.lib) mkOption types;
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
genericOption = mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
};
|
||||
in
|
||||
{
|
||||
joystick = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
|
||||
printer = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
|
||||
sound = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
|
||||
};
|
||||
{ joystick = genericOption; printer = genericOption; sound = genericOption; bolt = genericOption; };
|
||||
config = let inherit (inputs.config.nixos) hardware; in inputs.lib.mkMerge
|
||||
[
|
||||
# joystick
|
||||
(inputs.lib.mkIf (hardware.joystick != null) { hardware = { xone.enable = true; xpadneo.enable = true; }; })
|
||||
# printer
|
||||
(
|
||||
inputs.lib.mkIf (hardware.printer != null)
|
||||
{
|
||||
@@ -26,7 +24,6 @@ inputs:
|
||||
};
|
||||
}
|
||||
)
|
||||
# sound
|
||||
(
|
||||
inputs.lib.mkIf (hardware.sound != null)
|
||||
{
|
||||
@@ -35,5 +32,6 @@ inputs:
|
||||
security.rtkit.enable = true;
|
||||
}
|
||||
)
|
||||
(inputs.lib.mkIf (hardware.bolt != null) { services.hardware.bolt.enable = true; })
|
||||
];
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ inputs:
|
||||
{
|
||||
intel = [ intel-gpu-tools ];
|
||||
nvidia = [ nvtopPackages.full ];
|
||||
amd = [];
|
||||
amd = [ radeontop ];
|
||||
};
|
||||
in packages.${gpu.type};
|
||||
environment.etc."nvidia/nvidia-application-profiles-rc.d/vram" = inputs.lib.mkIf (gpu.type == "nvidia")
|
||||
@@ -76,13 +76,8 @@ inputs:
|
||||
)
|
||||
# amdgpu
|
||||
(
|
||||
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =
|
||||
{
|
||||
opencl.enable = true;
|
||||
initrd.enable = true;
|
||||
legacySupport.enable = true;
|
||||
amdvlk = { enable = true; support32Bit.enable = true; supportExperimental.enable = true; };
|
||||
};}
|
||||
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type)
|
||||
{ hardware.amdgpu = { opencl.enable = true; initrd.enable = true; legacySupport.enable = true; };}
|
||||
)
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ inputs:
|
||||
[
|
||||
# system management
|
||||
# TODO: module should add yubikey-touch-detector into path
|
||||
gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
|
||||
gparted wayland-utils clinfo mesa-demos vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
|
||||
kdePackages.qtstyleplugin-kvantum cpu-x wl-mirror geekbench xpra
|
||||
(
|
||||
writeShellScriptBin "xclip"
|
||||
@@ -29,14 +29,14 @@ inputs:
|
||||
# networking
|
||||
remmina putty mtr-gui
|
||||
# media
|
||||
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins netease-cloud-music-gtk qcm
|
||||
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio subtitleeditor
|
||||
(inkscape-with-extensions.override { inkscapeExtensions = null; })
|
||||
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins netease-cloud-music-gtk # qcm
|
||||
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio subtitlecomposer
|
||||
(inkscape-with-extensions.override { inkscapeExtensions = [ inkscape-extensions.textext ]; })
|
||||
# development
|
||||
adb-sync scrcpy dbeaver-bin cling aircrack-ng
|
||||
adb-sync scrcpy dbeaver-bin cling aircrack-ng kitty
|
||||
weston cage openbox krita fprettify # jetbrains.clion
|
||||
# password and key management
|
||||
yubikey-manager bitwarden hashcat yubikey-personalization
|
||||
yubikey-manager bitwarden-desktop hashcat yubikey-personalization
|
||||
# download
|
||||
qbittorrent
|
||||
# editor
|
||||
@@ -51,8 +51,8 @@ inputs:
|
||||
# browser
|
||||
google-chrome tor-browser
|
||||
# office
|
||||
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain
|
||||
ydict texstudio panoply pspp libreoffice-qt6-fresh ocrmypdf typst # paperwork
|
||||
crow-translate zotero pandoc texliveFull poppler-utils pdftk pdfchain
|
||||
ydict texstudio panoply pspp libreoffice-qt6-still ocrmypdf typst # paperwork
|
||||
# required by ltex-plus.vscode-ltex-plus
|
||||
ltex-ls ltex-ls-plus
|
||||
# matplot++ needs old gnuplot
|
||||
@@ -68,10 +68,14 @@ inputs:
|
||||
# for kdenlive auto subtitle
|
||||
openai-whisper
|
||||
# daily management
|
||||
activitywatch
|
||||
activitywatch super-productivity
|
||||
]
|
||||
++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" "kalzium" ])))
|
||||
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
|
||||
++ (builtins.filter
|
||||
(p: (inputs.lib.isDerivation p) && !(p.meta.broken or false)
|
||||
&& !(builtins.elem p.pname or null [ "falkon" "kalzium" "calligra" "kamoso" ]))
|
||||
(builtins.attrValues kdePackages.kdeGear))
|
||||
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
[ inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[ phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py numpy ])];
|
||||
};
|
||||
@@ -126,15 +130,12 @@ inputs:
|
||||
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
|
||||
yubikey-touch-detector.enable = true;
|
||||
kdeconnect.enable = true;
|
||||
kde-pim = { enable = true; kmail = true; };
|
||||
coolercontrol =
|
||||
{
|
||||
enable = true;
|
||||
nvidiaSupport = if inputs.config.nixos.hardware.gpu.type == null then false
|
||||
else inputs.lib.hasSuffix "nvidia" inputs.config.nixos.hardware.gpu.type;
|
||||
};
|
||||
kde-pim.enable = false;
|
||||
coolercontrol.enable = true;
|
||||
alvr = { enable = true; openFirewall = true; };
|
||||
localsend.enable = true;
|
||||
thunderbird.enable = true;
|
||||
nh.enable = true;
|
||||
};
|
||||
services = { pcscd.enable = true; lact.enable = true; };
|
||||
};
|
||||
|
||||
@@ -3,7 +3,7 @@ inputs:
|
||||
options.nixos.packages.firefox = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) firefox; in inputs.lib.mkIf (firefox != null)
|
||||
{
|
||||
|
||||
@@ -10,7 +10,7 @@ inputs:
|
||||
[
|
||||
# basic tools
|
||||
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq ipfetch localPackages.pslist
|
||||
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils kitty glib
|
||||
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch dateutils glib
|
||||
# lsxx
|
||||
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc acpica-tools ethtool
|
||||
# top
|
||||
@@ -43,32 +43,8 @@ inputs:
|
||||
(octodns.withProviders (_: with octodns-providers; [ cloudflare ]))
|
||||
# stupid things
|
||||
toilet lolcat localPackages.stickerpicker graph-easy
|
||||
# office
|
||||
pdfgrep ffmpeg-full hdf5
|
||||
# scientific computing
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.mumax else emptyDirectory)
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null
|
||||
then (lammps.override { stdenv = cudaPackages.backendStdenv; }).overrideAttrs (prev:
|
||||
{
|
||||
cmakeFlags = prev.cmakeFlags ++
|
||||
[ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ cudaPackages.cudatoolkit ];
|
||||
buildInputs = prev.buildInputs ++ [ mpi ];
|
||||
})
|
||||
else lammps-mpi)
|
||||
]
|
||||
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
|
||||
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
|
||||
[ inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix ]);
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2 certifi
|
||||
charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
|
||||
# allow pandas read odf
|
||||
odfpy
|
||||
# for vasp plot-workfunc.py
|
||||
ase
|
||||
])];
|
||||
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
|
||||
};
|
||||
programs =
|
||||
{
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.root = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) root; in inputs.lib.mkIf (root != null)
|
||||
{
|
||||
nixos.packages.packages =
|
||||
|
||||
39
modules/packages/server.nix
Normal file
39
modules/packages/server.nix
Normal file
@@ -0,0 +1,39 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.packages.server = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "server" "desktop" ] then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) server; in inputs.lib.mkIf (server != null)
|
||||
{
|
||||
nixos.packages.packages =
|
||||
{
|
||||
_packages = with inputs.pkgs;
|
||||
[
|
||||
# office
|
||||
pdfgrep ffmpeg-full hdf5
|
||||
# scientific computing
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.mumax else emptyDirectory)
|
||||
(if inputs.config.nixos.system.nixpkgs.cuda != null
|
||||
then (lammps.override { stdenv = cudaPackages.backendStdenv; }).overrideAttrs (prev:
|
||||
{
|
||||
cmakeFlags = prev.cmakeFlags ++
|
||||
[ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ cudaPackages.cudatoolkit ];
|
||||
buildInputs = prev.buildInputs ++ [ mpi ];
|
||||
})
|
||||
else lammps-mpi)
|
||||
];
|
||||
_pythonPackages = [(pythonPackages: with pythonPackages;
|
||||
[
|
||||
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2 certifi
|
||||
charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus inputs.pkgs.localPackages.brokenaxes
|
||||
# allow pandas read odf
|
||||
odfpy
|
||||
# for vasp plot-workfunc.py
|
||||
ase
|
||||
])];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -61,7 +61,7 @@ inputs:
|
||||
forwardAgent = true;
|
||||
extraOptions.AddKeysToAgent = "yes";
|
||||
};
|
||||
"wg0.jykang" = jykang // { host = "wg0.jykang"; proxyJump = "wg0.srv2"; };
|
||||
"tinc0.jykang" = jykang // { host = "tinc0.jykang"; proxyJump = "tinc0.nas"; };
|
||||
"*" =
|
||||
{
|
||||
controlMaster = "auto";
|
||||
|
||||
@@ -3,7 +3,7 @@ inputs:
|
||||
options.nixos.packages.steam = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.packages) steam; in inputs.lib.mkIf (steam != null)
|
||||
{
|
||||
|
||||
@@ -35,7 +35,7 @@ inputs:
|
||||
}
|
||||
{
|
||||
programs.zsh = inputs.lib.mkIf
|
||||
(builtins.elem home-inputs.config.home.username [ "chn" "root" "aleksana" "alikia" "hjp" ])
|
||||
(builtins.elem home-inputs.config.home.username [ "chn" "root" "aleksana" "alikia" "hjp" "lilydjwg" ])
|
||||
{
|
||||
plugins =
|
||||
[
|
||||
|
||||
@@ -1,82 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.bind = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule (submoduleInputs: {})); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services) bind; in inputs.lib.mkIf (bind != null)
|
||||
{
|
||||
services.bind =
|
||||
let
|
||||
chinaZone = inputs.pkgs.writeText "autoroute.chn.moe.china.zone"
|
||||
''
|
||||
$ORIGIN autoroute.chn.moe.
|
||||
$TTL 3600
|
||||
@ IN SOA vps6.chn.moe. chn.chn.moe. (
|
||||
2024071301 ; serial
|
||||
3600 ; refresh
|
||||
600 ; retry
|
||||
604800 ; expire
|
||||
300 ; minimum
|
||||
)
|
||||
@ IN NS vps6.chn.moe.
|
||||
@ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6"}
|
||||
'';
|
||||
globalZone = inputs.pkgs.writeText "autoroute.chn.moe.zone"
|
||||
''
|
||||
$ORIGIN autoroute.chn.moe.
|
||||
$TTL 3600
|
||||
@ IN SOA vps6.chn.moe. chn.chn.moe. (
|
||||
2024071301 ; serial
|
||||
3600 ; refresh
|
||||
600 ; retry
|
||||
604800 ; expire
|
||||
300 ; minimum
|
||||
)
|
||||
@ IN NS vps6.chn.moe.
|
||||
@ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "srv3"}
|
||||
'';
|
||||
nullZone = inputs.pkgs.writeText "null.zone" "";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
package = inputs.pkgs.bind.overrideAttrs
|
||||
(prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
|
||||
listenOn = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6")];
|
||||
extraOptions =
|
||||
''
|
||||
recursion no;
|
||||
geoip-directory "${inputs.config.services.geoipupdate.settings.DatabaseDirectory}";
|
||||
'';
|
||||
extraConfig =
|
||||
''
|
||||
acl "china" {
|
||||
geoip country CN;
|
||||
};
|
||||
|
||||
view "china" {
|
||||
match-clients { china; };
|
||||
zone "autoroute.chn.moe" {
|
||||
type master;
|
||||
file "${chinaZone}";
|
||||
};
|
||||
zone "." {
|
||||
type hint;
|
||||
file "${nullZone}";
|
||||
};
|
||||
};
|
||||
view "global" {
|
||||
match-clients { any; };
|
||||
zone "autoroute.chn.moe" {
|
||||
type master;
|
||||
file "${globalZone}";
|
||||
};
|
||||
zone "." {
|
||||
type hint;
|
||||
file "${nullZone}";
|
||||
};
|
||||
};
|
||||
'';
|
||||
};
|
||||
nixos.services.geoipupdate = {};
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
}
|
||||
81
modules/services/coredns.nix
Normal file
81
modules/services/coredns.nix
Normal file
@@ -0,0 +1,81 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.coredns = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
interface = mkOption { type = types.str; };
|
||||
};}));
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) coredns; in inputs.lib.mkIf (coredns != null)
|
||||
{
|
||||
services.coredns =
|
||||
{
|
||||
enable = true;
|
||||
config =
|
||||
''
|
||||
autoroute.chn.moe {
|
||||
bind ${coredns.interface}
|
||||
geoip ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
|
||||
log
|
||||
errors
|
||||
metadata
|
||||
|
||||
view china {
|
||||
expr metadata('geoip/country/code') == 'CN'
|
||||
}
|
||||
template IN A autoroute.chn.moe {
|
||||
match ^autoroute\.chn\.moe\.$
|
||||
answer "{{.Name}} 60 IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6"}"
|
||||
}
|
||||
template IN AAAA autoroute.chn.moe {
|
||||
match ^autoroute\.chn\.moe\.$
|
||||
rcode NOERROR
|
||||
}
|
||||
header {
|
||||
response set aa
|
||||
}
|
||||
}
|
||||
|
||||
autoroute.chn.moe {
|
||||
bind ${coredns.interface}
|
||||
log
|
||||
errors
|
||||
metadata
|
||||
|
||||
template IN A autoroute.chn.moe {
|
||||
match ^autoroute\.chn\.moe\.$
|
||||
answer "{{.Name}} 60 IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps9"}"
|
||||
}
|
||||
template IN AAAA autoroute.chn.moe {
|
||||
match ^autoroute\.chn\.moe\.$
|
||||
rcode NOERROR
|
||||
}
|
||||
header {
|
||||
response set aa
|
||||
}
|
||||
}
|
||||
|
||||
ts.chn.moe {
|
||||
bind ${coredns.interface}
|
||||
forward . 100.100.100.100
|
||||
header {
|
||||
response set aa
|
||||
}
|
||||
log
|
||||
errors
|
||||
}
|
||||
|
||||
. {
|
||||
bind ${coredns.interface}
|
||||
acl {}
|
||||
errors
|
||||
log
|
||||
}
|
||||
'';
|
||||
};
|
||||
nixos.services.geoipupdate = {};
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
}
|
||||
37
modules/services/headscale.nix
Normal file
37
modules/services/headscale.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.headscale = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services) headscale; in inputs.lib.mkIf (headscale != null)
|
||||
{
|
||||
services.headscale =
|
||||
{
|
||||
enable = true;
|
||||
port = 6538;
|
||||
settings =
|
||||
{
|
||||
server_url = "https://headscale.chn.moe";
|
||||
prefixes.v4 = "100.97.101.0/24";
|
||||
database.postgres =
|
||||
{
|
||||
user = "headscale";
|
||||
port = 5432;
|
||||
password_file = inputs.config.nixos.system.sops.secrets."headscale/postgresql".path;
|
||||
name = "headscale";
|
||||
host = "127.0.0.1";
|
||||
};
|
||||
dns = { base_domain = "ts.chn.moe"; override_local_dns = false; };
|
||||
};
|
||||
};
|
||||
nixos =
|
||||
{
|
||||
services =
|
||||
{
|
||||
nginx.https."headscale.chn.moe".location."/".proxy =
|
||||
{ upstream = "http://127.0.0.1:6538"; websocket = true; };
|
||||
postgresql.instances.headscale = {};
|
||||
};
|
||||
system.sops.secrets."headscale/postgresql" = { key = "postgresql/headscale"; owner = "headscale"; };
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -22,7 +22,7 @@ inputs:
|
||||
ssh = "${inputs.pkgs.openssh}/bin/ssh -i ${key} -o StrictHostKeyChecking=no"
|
||||
+ " -o ForwardAgent=yes -o AddKeysToAgent=yes";
|
||||
key = inputs.config.nixos.system.sops.secrets."hpcstat/key".path;
|
||||
jykang = "${inputs.topInputs.self}/devices/jykang.xmuhpc/files";
|
||||
jykang = "${inputs.topInputs.self}/devices/jykang/files";
|
||||
ssh-agent = "${inputs.pkgs.openssh}/bin/ssh-agent";
|
||||
in
|
||||
{
|
||||
|
||||
@@ -5,7 +5,6 @@ inputs:
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
nodatacow = mkOption { type = types.bool; default = false; };
|
||||
aarch64 = mkOption { type = types.bool; default = false; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
@@ -27,12 +26,7 @@ inputs:
|
||||
onShutdown = "shutdown";
|
||||
shutdownTimeout = 30;
|
||||
parallelShutdown = 4;
|
||||
qemu =
|
||||
{
|
||||
ovmf.packages = with inputs.pkgs;
|
||||
([ OVMF.fd ] ++ inputs.lib.optionals kvm.aarch64 [ pkgsCross.aarch64-multiplatform.OVMF.fd ]);
|
||||
swtpm.enable = true;
|
||||
};
|
||||
qemu.swtpm.enable = true;
|
||||
};
|
||||
spiceUSBRedirection.enable = true;
|
||||
};
|
||||
|
||||
12
modules/services/nginx/applications/short.nix
Normal file
12
modules/services/nginx/applications/short.nix
Normal file
@@ -0,0 +1,12 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.short = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services.nginx.applications) short; in inputs.lib.mkIf (short != null)
|
||||
{
|
||||
nixos.services.nginx.https."s.chn.moe".location =
|
||||
{
|
||||
"/k".return.return = "302 https://kanggroup.xmu.edu.cn";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,26 +1,11 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.nginx.applications.synapse-admin.instances =
|
||||
let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{ hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; }; };}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services.nginx.applications.synapse-admin) instances;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.https = listToAttrs (map
|
||||
(site: with site.value;
|
||||
{
|
||||
name = hostname;
|
||||
value.location."/".static =
|
||||
{ root = "${inputs.pkgs.synapse-admin}"; index = [ "index.html" ]; };
|
||||
})
|
||||
(attrsToList instances));
|
||||
};
|
||||
options.nixos.services.nginx.applications.synapse-admin.instances = let inherit (inputs.lib) mkOption types; in
|
||||
mkOption { type = types.attrsOf (types.submodule (submoduleInputs: {})); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.services.nginx.applications.synapse-admin) instances; in
|
||||
{
|
||||
nixos.services.nginx.https = builtins.mapAttrs
|
||||
(n: v: { location."/".static = { root = "${inputs.pkgs.synapse-admin-etkecc}"; index = [ "index.html" ]; }; })
|
||||
instances;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -26,6 +26,7 @@ inputs:
|
||||
};
|
||||
rewriteHttps = mkOption { type = types.bool; default = true; };
|
||||
tlsCert = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
extraConfig = mkOption { type = types.nullOr types.str; default = null; };
|
||||
};
|
||||
listen = mkOption
|
||||
{
|
||||
@@ -178,23 +179,19 @@ inputs:
|
||||
let secret = "nginx/templates/detectAuth/${inputs.lib.strings.escapeURL site.name}-global";
|
||||
in inputs.config.nixos.system.sops.templates.${secret}.path
|
||||
);
|
||||
extraConfig = builtins.concatStringsSep "\n"
|
||||
(
|
||||
(
|
||||
let inherit (site.value.global) index; in
|
||||
extraConfig =
|
||||
let inherit (site.value.global) index detectAuth charset extraConfig;
|
||||
in builtins.concatStringsSep "\n" (builtins.concatLists
|
||||
[
|
||||
(
|
||||
if (builtins.typeOf index == "list") then [ "index ${builtins.concatStringsSep " " index};" ]
|
||||
else if (index == "auto") then [ "autoindex on;" ]
|
||||
else []
|
||||
)
|
||||
++ (
|
||||
let inherit (site.value.global) detectAuth;
|
||||
in inputs.lib.optionals (detectAuth != null) [ ''auth_basic "${detectAuth.text}"'' ]
|
||||
)
|
||||
++ (
|
||||
let inherit (site.value.global) charset;
|
||||
in inputs.lib.optionals (charset != null) [ "charset ${charset};" ]
|
||||
)
|
||||
);
|
||||
)
|
||||
(inputs.lib.optionals (detectAuth != null) [ ''auth_basic "${detectAuth.text}"'' ])
|
||||
(inputs.lib.optionals (charset != null) [ "charset ${charset};" ])
|
||||
(inputs.lib.optionals (extraConfig != null) [ extraConfig ])
|
||||
]);
|
||||
listen = builtins.map
|
||||
(listen:
|
||||
{
|
||||
|
||||
@@ -40,19 +40,19 @@ inputs:
|
||||
'';
|
||||
systemd =
|
||||
{
|
||||
services = inputs.lib.mkIf (inputs.config.nixos.system.network == null)
|
||||
services = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "networkmanager")
|
||||
{
|
||||
nginx-proxy =
|
||||
let
|
||||
ip = "${inputs.pkgs.iproute2}/bin/ip";
|
||||
start = inputs.pkgs.writeShellScript "nginx-proxy.start"
|
||||
''
|
||||
${ip} rule add fwmark 2/2 table 200
|
||||
${ip} rule add fwmark 2/2 table 200 priority 5001
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 200
|
||||
'';
|
||||
stop = inputs.pkgs.writeShellScript "nginx-proxy.stop"
|
||||
''
|
||||
${ip} rule del fwmark 2/2 table 200
|
||||
${ip} rule del fwmark 2/2 table 200 priority 5001
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 200
|
||||
'';
|
||||
in
|
||||
@@ -70,13 +70,13 @@ inputs:
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network != null)
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "systemd-networkd")
|
||||
{
|
||||
"10-custom" =
|
||||
{
|
||||
matchConfig.Name = "lo";
|
||||
routes = [{ Table = 200; Destination = "0.0.0.0/0"; Type = "local"; }];
|
||||
routingPolicyRules = [{ FirewallMark = "2/2"; Table = 200; }];
|
||||
routingPolicyRules = [{ FirewallMark = "2/2"; Table = 200; Priority = 5001; }];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -4,7 +4,12 @@ inputs:
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.services) ollama; in inputs.lib.mkIf (ollama != null)
|
||||
{
|
||||
services.ollama = { enable = true; host = "0.0.0.0"; };
|
||||
services.ollama =
|
||||
{
|
||||
enable = true;
|
||||
host = "0.0.0.0";
|
||||
environmentVariables = { OLLAMA_REGISTRY_MAXSTREAMS = "2"; OLLAMA_EXPERIMENT= "client2"; };
|
||||
};
|
||||
nixos.packages.packages._packages = [ inputs.pkgs.oterm ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -44,6 +44,7 @@ inputs:
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
timeLimit = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) slurm; in inputs.lib.mkIf slurm.enable (inputs.lib.mkMerge
|
||||
[
|
||||
@@ -64,7 +65,7 @@ inputs:
|
||||
{
|
||||
buildInputs = prev.buildInputs or [] ++ additionalInputs;
|
||||
LDFLAGS = prev.LDFLAGS or [] ++ additionalFlags;
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.wrapGAppsHook ];
|
||||
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.wrapGAppsHook3 ];
|
||||
postInstall =
|
||||
''
|
||||
pushd contribs/pmi2
|
||||
@@ -97,18 +98,17 @@ inputs:
|
||||
"State=UNKNOWN"
|
||||
])
|
||||
(inputs.localLib.attrsToList slurm.node);
|
||||
partitionName = builtins.map
|
||||
(partition:
|
||||
let nodes = builtins.concatStringsSep "," partition.value;
|
||||
in builtins.concatStringsSep " "
|
||||
[
|
||||
partition.name
|
||||
"Nodes=${builtins.concatStringsSep "," (builtins.map (n: slurm.node.${n}.name) partition.value)}"
|
||||
"Default=${if partition.name == slurm.defaultPartition then "YES" else "NO"}"
|
||||
"MaxTime=INFINITE"
|
||||
"State=UP"
|
||||
])
|
||||
(inputs.localLib.attrsToList slurm.partitions);
|
||||
partitionName = inputs.lib.mapAttrsToList
|
||||
(n: v: builtins.concatStringsSep " "
|
||||
[
|
||||
n
|
||||
"Nodes=${builtins.concatStringsSep "," (builtins.map (n: slurm.node.${n}.name) v)}"
|
||||
"Default=${if n == slurm.defaultPartition then "YES" else "NO"}"
|
||||
"MaxTime=${if slurm.timeLimit != null then slurm.timeLimit else "INFINITE"}"
|
||||
"State=UP"
|
||||
''TRESBillingWeights="CPU=1.0,Mem=0.1G,GRES/gpu=10"''
|
||||
])
|
||||
slurm.partitions;
|
||||
procTrackType = "proctrack/cgroup";
|
||||
controlMachine = slurm.master;
|
||||
controlAddr = slurm.node.${slurm.master}.address;
|
||||
@@ -131,7 +131,7 @@ inputs:
|
||||
|
||||
SlurmdDebug=debug2
|
||||
SlurmdParameters=l3cache_as_socket
|
||||
DebugFlags=NO_CONF_HASH
|
||||
DebugFlags=NO_CONF_HASH,CPU_Bind,Gres
|
||||
|
||||
# automatically resume node after drain
|
||||
ReturnToService=2
|
||||
@@ -153,6 +153,8 @@ inputs:
|
||||
# correctly set priority
|
||||
PriorityType=priority/multifactor
|
||||
PriorityWeightAge=10000
|
||||
PriorityWeightFairshare=10000
|
||||
AccountingStorageEnforce=associations
|
||||
|
||||
# use low resource as default
|
||||
DefCpuPerGPU=1
|
||||
@@ -225,7 +227,21 @@ inputs:
|
||||
};
|
||||
systemd =
|
||||
{
|
||||
services.slurmctld = { after = [ "suid-sgid-wrappers.service" ]; serviceConfig.MemorySwapMax = "0"; };
|
||||
services =
|
||||
{
|
||||
slurmctld =
|
||||
{
|
||||
after = [ "suid-sgid-wrappers.service" "slurmdbd.service" ];
|
||||
serviceConfig.MemorySwapMax = "0";
|
||||
};
|
||||
slurmdbd.postStart = builtins.concatStringsSep "\n" (builtins.concatLists
|
||||
[
|
||||
[ "until sacctmgr ping; do sleep 1; done" ]
|
||||
(builtins.map
|
||||
(user: ''sacctmgr -i add user name="${user}" Account=root DefaultAccount=root || true'')
|
||||
inputs.config.nixos.user.users)
|
||||
]);
|
||||
};
|
||||
tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
|
||||
};
|
||||
nixos.system.sops =
|
||||
@@ -233,7 +249,7 @@ inputs:
|
||||
secrets = { "slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; }; }
|
||||
// builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "telegram/${n}" {})
|
||||
[ "token" "user/chn" "user/hjp" ]);
|
||||
[ "token" "user/chn" "user/hjp" "user/root" ]);
|
||||
templates."info.yaml" =
|
||||
{
|
||||
owner = "slurm";
|
||||
@@ -241,7 +257,7 @@ inputs:
|
||||
{
|
||||
token = placeholder."telegram/token";
|
||||
user = builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair n placeholder."telegram/user/${n}") [ "chn" "hjp" ]);
|
||||
(n: inputs.lib.nameValuePair n placeholder."telegram/user/${n}") [ "chn" "hjp" "root" ]);
|
||||
slurmConf = "${inputs.config.services.slurm.etcSlurm}/slurm.conf";
|
||||
};
|
||||
};
|
||||
|
||||
31
modules/services/tailscale.nix
Normal file
31
modules/services/tailscale.nix
Normal file
@@ -0,0 +1,31 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.tailscale = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = {}; };
|
||||
config = let inherit (inputs.config.nixos.services) tailscale; in inputs.lib.mkIf (tailscale != null)
|
||||
{
|
||||
services.tailscale =
|
||||
{
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
disableTaildrop = true;
|
||||
# authKeyParameters should not be set
|
||||
authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
|
||||
extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" "--netfilter-mode=off" ];
|
||||
extraSetFlags = [ "--accept-dns=false" "--netfilter-mode=off" ];
|
||||
};
|
||||
nixos.system.sops.secrets."tailscale" = {};
|
||||
networking.firewall.trustedInterfaces = [ inputs.config.services.tailscale.interfaceName ];
|
||||
users =
|
||||
{
|
||||
users.tailscale = { uid = inputs.config.nixos.user.uid.tailscale; group = "tailscale"; isSystemUser = true; };
|
||||
groups.tailscale.gid = inputs.config.nixos.user.gid.tailscale;
|
||||
};
|
||||
systemd.services.tailscaled.serviceConfig =
|
||||
{
|
||||
User = "tailscale";
|
||||
Group = "tailscale";
|
||||
AmbientCapabilities = [ "CAP_NET_RAW" "CAP_NET_ADMIN" "CAP_SYS_MODULE" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,50 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.wireguard = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
# wireguard 接口的 ip,不是 wireguard 监听的 ip(它实际上监听所有 ip)
|
||||
ip = mkOption { type = types.str; };
|
||||
# wireguard 接口的网段
|
||||
netmask = mkOption { type = types.int; default = 24; };
|
||||
# 设置 wireguard 监听的端口,如果不设置则随机,同时不开放防火墙
|
||||
listenPort = mkOption { type = types.nullOr types.int; default = null; };
|
||||
peer = mkOption { type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
publicKey = mkOption { type = types.nonEmptyStr; };
|
||||
endpoint = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
allowedIPs = mkOption { type = types.nonEmptyListOf types.nonEmptyStr; };
|
||||
};});};
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.services) wireguard; in inputs.lib.mkIf (wireguard != {})
|
||||
{
|
||||
networking = inputs.lib.mkMerge (builtins.map
|
||||
(wg:
|
||||
{
|
||||
firewall =
|
||||
{
|
||||
allowedUDPPorts = inputs.lib.mkIf (wg.value.listenPort != null) [ wg.value.listenPort ];
|
||||
trustedInterfaces = [ wg.name ];
|
||||
};
|
||||
wireguard.interfaces.${wg.name} =
|
||||
{
|
||||
inherit (wg.value) listenPort;
|
||||
ips = [ "${wg.value.ip}/${builtins.toString wg.value.netmask}" ];
|
||||
privateKeyFile = inputs.config.nixos.system.sops.secrets.wireguard.path;
|
||||
peers = builtins.map
|
||||
(peer:
|
||||
{
|
||||
inherit (peer) name;
|
||||
inherit (peer.value) publicKey allowedIPs endpoint;
|
||||
persistentKeepalive = if peer.value.endpoint != null then 10 else null;
|
||||
})
|
||||
(inputs.localLib.attrsToList wg.value.peer);
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList wireguard));
|
||||
nixos.system.sops.secrets.wireguard = {};
|
||||
};
|
||||
}
|
||||
@@ -19,7 +19,7 @@ inputs:
|
||||
extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
};
|
||||
v2ray-forwarder.noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
|
||||
v2ray-forwarder.asRouter = mkOption { type = types.bool; default = false; };
|
||||
};}));
|
||||
default = null;
|
||||
};
|
||||
@@ -59,7 +59,7 @@ inputs:
|
||||
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
|
||||
[
|
||||
{
|
||||
address = "https://1.12.12.12/dns-query";
|
||||
address = "https://223.5.5.5/dns-query";
|
||||
domains = [ "geosite:geolocation-cn" ];
|
||||
expectIPs = [ "geoip:cn" ];
|
||||
skipFallback = true;
|
||||
@@ -70,7 +70,7 @@ inputs:
|
||||
expectIPs = [ "geoip:!cn" ];
|
||||
skipFallback = true;
|
||||
}
|
||||
{ address = "https://1.12.12.12/dns-query"; expectIPs = [ "geoip:cn" ]; }
|
||||
{ address = "https://223.5.5.5/dns-query"; expectIPs = [ "geoip:cn" ]; }
|
||||
{ address = "8.8.8.8"; }
|
||||
];
|
||||
disableCache = true;
|
||||
@@ -109,6 +109,13 @@ inputs:
|
||||
}
|
||||
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "proxy-socks-in"; }
|
||||
{ port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
|
||||
{
|
||||
port = 10885;
|
||||
protocol = "socks";
|
||||
settings.udp = true;
|
||||
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
|
||||
tag = "common-socks-in";
|
||||
}
|
||||
];
|
||||
outbounds =
|
||||
[
|
||||
@@ -153,20 +160,28 @@ inputs:
|
||||
rules = builtins.map (rule: rule // { type = "field"; })
|
||||
[
|
||||
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ "1.12.12.12" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ "223.5.5.5" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ "8.8.8.8" ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
|
||||
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
|
||||
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
|
||||
{
|
||||
inboundTag = [ "common-in" ];
|
||||
inboundTag = [ "common-in" "common-socks-in" ];
|
||||
domain = [ "geosite:geolocation-cn" ];
|
||||
outboundTag = "direct";
|
||||
}
|
||||
{
|
||||
inboundTag = [ "common-in" "common-socks-in" ];
|
||||
domain = [ "geosite:geolocation-!cn" ];
|
||||
outboundTag = "proxy-vless";
|
||||
}
|
||||
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
|
||||
{
|
||||
inboundTag = [ "common-in" "common-socks-in" ];
|
||||
ip = [ "geoip:cn" "geoip:private" ];
|
||||
outboundTag = "direct";
|
||||
}
|
||||
{ inboundTag = [ "common-in" "common-socks-in" ]; outboundTag = "proxy-vless"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
@@ -198,7 +213,7 @@ inputs:
|
||||
restartTriggers = [ inputs.config.nixos.system.sops.templates."xray-client.json".file ];
|
||||
};
|
||||
}
|
||||
(inputs.lib.mkIf (inputs.config.nixos.system.network == null)
|
||||
(inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "networkmanager")
|
||||
{
|
||||
v2ray-forwarder =
|
||||
{
|
||||
@@ -211,25 +226,25 @@ inputs:
|
||||
RemainAfterExit = true;
|
||||
ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start"
|
||||
''
|
||||
${ip} rule add fwmark 1/1 table 100
|
||||
${ip} rule add fwmark 1/1 table 100 priority 5000
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
|
||||
''
|
||||
${ip} rule del fwmark 1/1 table 100
|
||||
${ip} rule del fwmark 1/1 table 100 priority 5000
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network != null)
|
||||
network.networks = inputs.lib.mkIf (inputs.config.nixos.system.network.implementation == "systemd-networkd")
|
||||
{
|
||||
"10-custom" =
|
||||
{
|
||||
matchConfig.Name = "lo";
|
||||
routes = [{ Table = 100; Destination = "0.0.0.0/0"; Type = "local"; }];
|
||||
routingPolicyRules = [{ FirewallMark = "1/1"; Table = 100; }];
|
||||
routingPolicyRules = [{ FirewallMark = "1/1"; Table = 100; Priority = 5000; }];
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -258,7 +273,7 @@ inputs:
|
||||
loNetStr = builtins.concatStringsSep ", " loNet;
|
||||
noproxyUserStr = builtins.concatStringsSep ", " (builtins.map
|
||||
(user: builtins.toString inputs.config.nixos.user.uid.${user})
|
||||
(client.v2ray-forwarder.noproxyUsers ++ [ "v2ray" ]));
|
||||
[ "v2ray" "tailscale" ]);
|
||||
in
|
||||
''
|
||||
set lo_net { type ipv4_addr; flags interval; elements = { ${loNetStr} }; }
|
||||
@@ -275,6 +290,9 @@ inputs:
|
||||
fib daddr type local ct state new counter ct mark set ct mark | 1 return
|
||||
ct mark & 1 == 1 counter return
|
||||
|
||||
# 如果不作为路由器使用,则可以返回那些没有被标记的流量
|
||||
${if client.v2ray-forwarder.asRouter then "" else "meta mark & 1 == 0 counter return"}
|
||||
|
||||
ip saddr @noproxy_src_net counter return
|
||||
ip daddr @noproxy_net counter return
|
||||
ip saddr != 172.16.0.0/12 ip daddr @xmu_net meta l4proto { tcp, udp } counter \
|
||||
|
||||
@@ -128,12 +128,14 @@ inputs:
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets = builtins.listToAttrs
|
||||
(builtins.map (n: inputs.lib.nameValuePair "xray-server/clients/${n}" {}) userList)
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair "telegram/${name}" { group = "telegram"; mode = "0440"; })
|
||||
[ "token" "user/chn" ]))
|
||||
// { "xray-server/private-key" = {}; };
|
||||
secrets = inputs.lib.mergeAttrsList
|
||||
[
|
||||
(inputs.lib.genAttrs' userList
|
||||
(n: inputs.lib.nameValuePair "xray-server/clients/${n}" {}))
|
||||
{ "xray-server/private-key" = {}; }
|
||||
(inputs.lib.genAttrs' [ "token" "user/chn" ]
|
||||
(n: inputs.lib.nameValuePair "telegram/${n}" { group = "telegram"; mode = "0440"; }))
|
||||
];
|
||||
};
|
||||
services =
|
||||
{
|
||||
|
||||
@@ -3,7 +3,7 @@ inputs:
|
||||
options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system) binfmt; in inputs.lib.mkIf (binfmt != null)
|
||||
{
|
||||
|
||||
@@ -6,7 +6,6 @@ inputs:
|
||||
services =
|
||||
{
|
||||
dbus.implementation = "broker";
|
||||
fstrim.enable = true;
|
||||
acpid.enable = true;
|
||||
# TODO: set ipfs as separate service
|
||||
# kubo = { enable = true; autoMount = true; };
|
||||
|
||||
@@ -68,7 +68,7 @@ inputs:
|
||||
[
|
||||
"bin" "Desktop" "Documents" "Downloads" "Music" "Pictures" "repo" "share" "Public" "Videos" ".config"
|
||||
".local/share" ".ecdata" { directory = ".mozilla/firefox/default"; mode = "0700"; } ".steam" ".zotero"
|
||||
"Zotero"
|
||||
"Zotero" ".thunderbird"
|
||||
];
|
||||
})
|
||||
# 对于集群的工作节点,挂载一些本来由 home-manager 生成的文件,以及一些用来存放 home-manager 生成文件的目录
|
||||
@@ -76,7 +76,7 @@ inputs:
|
||||
(inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null == "worker")
|
||||
{
|
||||
"/nix/persistent".users = builtins.listToAttrs (builtins.map
|
||||
(user: { name = user; value.directories = [ ".config" ".local" ".ssh" ".mozilla" ]; })
|
||||
(user: { name = user; value.directories = [ ".config" ".local" ".ssh" ".mozilla" ".thunderbird" ]; })
|
||||
inputs.config.nixos.user.users);
|
||||
"/nix/rootfs/current".users = builtins.listToAttrs (builtins.map
|
||||
(user: { name = user; value.directories = [ ".zsh" ".yubico" ]; })
|
||||
|
||||
@@ -5,11 +5,11 @@ inputs:
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
types.nonEmptyStr
|
||||
(types.submodule { options =
|
||||
(types.submodule (submoduleInputs: { options =
|
||||
{
|
||||
mountPoint = mkOption { type = types.nonEmptyStr; };
|
||||
hard = mkOption { type = types.bool; default = true; };
|
||||
};})
|
||||
neededForBoot = mkOption { type = types.bool; default = true; };
|
||||
};}))
|
||||
]);
|
||||
default = {};
|
||||
};
|
||||
@@ -26,7 +26,7 @@ inputs:
|
||||
{
|
||||
device = device.name;
|
||||
fsType = "nfs4";
|
||||
neededForBoot = device.value.hard or true;
|
||||
neededForBoot = device.value.neededForBoot or true;
|
||||
options = builtins.concatLists
|
||||
[
|
||||
[
|
||||
@@ -35,18 +35,17 @@ inputs:
|
||||
"x-gvfs-hide" # hide in file managers (e.g. dolphin)
|
||||
]
|
||||
# when try to mount at startup, wait 15 minutes before giving up
|
||||
(inputs.lib.optionals (device.value.hard or true) [ "retry=15" "x-systemd.device-timeout=15min" ])
|
||||
# do not fail, just try continuously in background
|
||||
# nfs4 use tcp, tcp itself will retransmit several times, which is enough
|
||||
(inputs.lib.optionals (!(device.value.hard or true))
|
||||
[ "bg" "soft" "retrans=1" "timeo=20" "softreval" "x-systemd.requires=network-online.target" ])
|
||||
(inputs.lib.optionals (device.value.neededForBoot or true)
|
||||
[ "retry=15" "x-systemd.device-timeout=15min" ])
|
||||
(inputs.lib.optionals (!(device.value.neededForBoot or true))
|
||||
[ "bg" "x-systemd.requires=network-online.target" "x-systemd.after=network-online.target" ])
|
||||
];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList nfs));
|
||||
services.rpcbind.enable = true;
|
||||
}
|
||||
(inputs.lib.mkIf (builtins.any (mount: mount.hard or true) (builtins.attrValues nfs))
|
||||
(inputs.lib.mkIf (builtins.any (mount: mount.neededForBoot or true) (builtins.attrValues nfs))
|
||||
{
|
||||
boot.initrd.systemd.extraBin =
|
||||
{
|
||||
|
||||
@@ -9,7 +9,7 @@ inputs:
|
||||
[
|
||||
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono hack-font inter
|
||||
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk-sans
|
||||
noto-fonts-emoji corefonts vistafonts vistafonts-chs dejavu_fonts nerd-fonts.fira-code
|
||||
corefonts vista-fonts vista-fonts-chs dejavu_fonts nerd-fonts.fira-code
|
||||
# needed by typst may template
|
||||
lxgw-wenkai libertinus
|
||||
];
|
||||
|
||||
@@ -7,7 +7,7 @@ inputs:
|
||||
config = let inherit (inputs.config.nixos.system) gui; in inputs.lib.mkMerge
|
||||
[
|
||||
# enable gui
|
||||
(inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
|
||||
(inputs.lib.mkIf (inputs.config.nixos.model.type == "desktop")
|
||||
{
|
||||
services =
|
||||
{
|
||||
@@ -38,7 +38,8 @@ inputs:
|
||||
{
|
||||
enable = true;
|
||||
type = "fcitx5";
|
||||
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}") [ "chinese-addons" "mozc" "material-color" "gtk" ];
|
||||
fcitx5.addons = with inputs.pkgs;
|
||||
[ qt6Packages.fcitx5-chinese-addons fcitx5-mozc fcitx5-material-color fcitx5-gtk ];
|
||||
};
|
||||
programs.dconf.enable = true;
|
||||
nixos.user.sharedModules = [(hmInputs:
|
||||
@@ -61,19 +62,13 @@ inputs:
|
||||
};
|
||||
})];
|
||||
})
|
||||
# prefer gui or not
|
||||
(inputs.lib.mkIf (inputs.config.nixos.model.type == "server")
|
||||
{
|
||||
environment.plasma6.excludePackages = inputs.lib.mkIf (gui.implementation == "kde")
|
||||
[ inputs.pkgs.kdePackages.plasma-nm ];
|
||||
})
|
||||
# niri
|
||||
(inputs.lib.mkIf (gui.implementation == "niri")
|
||||
{
|
||||
programs.niri.enable = true;
|
||||
nixos.user.sharedModules = [(hmInputs:
|
||||
{
|
||||
config.programs.dankMaterialShell = { enable = true; enableKeybinds = true; enableSystemd = true; };
|
||||
config.programs.dankMaterialShell = { enable = true; niri.enableKeybinds = true; systemd.enable = true; };
|
||||
})];
|
||||
# niri module will auto enable this, disable it to avoid conflict with system ssh-agent and kwallet
|
||||
services.gnome = { gcr-ssh-agent.enable = false; gnome-keyring.enable = inputs.lib.mkForce false; };
|
||||
|
||||
@@ -35,7 +35,7 @@ inputs:
|
||||
{
|
||||
assertions =
|
||||
[{
|
||||
assertion = inputs.config.nixos.system.network != null;
|
||||
assertion = inputs.config.nixos.system.network.implementation == "systemd-networkd";
|
||||
message = "initrd network requires systemd networkd.";
|
||||
}];
|
||||
boot =
|
||||
@@ -46,7 +46,7 @@ inputs:
|
||||
# resolved does not work in initrd, causing network.target to fail
|
||||
services.resolved.enable = false;
|
||||
systemd.network =
|
||||
let inherit (inputs.config.nixos.system.network) dhcp static bridge; in
|
||||
let inherit (inputs.config.nixos.system.network.settings) dhcp static bridge; in
|
||||
let
|
||||
networks = inputs.lib.unique
|
||||
(
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
Message-Id: <20250606-btusb-mt7925-add-v1-1-9b64bfa86ea4@hexchain.org>
|
||||
Date: Fri, 06 Jun 2025 23:33:03 +0800
|
||||
From: Haochen Tong via B4 Relay <devnull+i.hexchain.org@...nel.org>
|
||||
To: Marcel Holtmann <marcel@...tmann.org>,
|
||||
Luiz Augusto von Dentz <luiz.dentz@...il.com>
|
||||
Cc: linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
|
||||
Subject: [PATCH] Bluetooth: btusb: Add a new VID/PID 2c7c/7009 for MT7925
|
||||
|
||||
From: Haochen Tong <i@...chain.org>
|
||||
|
||||
Adds a new entry with VID 2c7c and PID 7009 for MediaTek MT7925
|
||||
Bluetooth chip.
|
||||
|
||||
The device information from /sys/kernel/debug/usb/devices is provided
|
||||
below.
|
||||
|
||||
T: Bus=03 Lev=01 Prnt=01 Port=04 Cnt=02 Dev#= 3 Spd=480 MxCh= 0
|
||||
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
|
||||
P: Vendor=2c7c ProdID=7009 Rev= 1.00
|
||||
S: Manufacturer=MediaTek Inc.
|
||||
S: Product=Wireless_Device
|
||||
S: SerialNumber=000000000
|
||||
C:* #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=100mA
|
||||
A: FirstIf#= 0 IfCount= 3 Cls=e0(wlcon) Sub=01 Prot=01
|
||||
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=125us
|
||||
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
|
||||
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
|
||||
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
|
||||
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
|
||||
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
|
||||
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
|
||||
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
|
||||
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
|
||||
I: If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
|
||||
E: Ad=83(I) Atr=01(Isoc) MxPS= 63 Ivl=1ms
|
||||
E: Ad=03(O) Atr=01(Isoc) MxPS= 63 Ivl=1ms
|
||||
I:* If#= 2 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
|
||||
E: Ad=8a(I) Atr=03(Int.) MxPS= 64 Ivl=125us
|
||||
E: Ad=0a(O) Atr=03(Int.) MxPS= 64 Ivl=125us
|
||||
I: If#= 2 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
|
||||
E: Ad=8a(I) Atr=03(Int.) MxPS= 512 Ivl=125us
|
||||
E: Ad=0a(O) Atr=03(Int.) MxPS= 512 Ivl=125us
|
||||
|
||||
Signed-off-by: Haochen Tong <i@...chain.org>
|
||||
---
|
||||
drivers/bluetooth/btusb.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
|
||||
index 9ab661d2d1e69028061fa3accd5106f481094100..e4a45596762f8c7d8ba10b4107d6e6f2203188e2 100644
|
||||
--- a/drivers/bluetooth/btusb.c
|
||||
+++ b/drivers/bluetooth/btusb.c
|
||||
@@ -725,6 +725,8 @@ static const struct usb_device_id quirks_table[] = {
|
||||
BTUSB_WIDEBAND_SPEECH },
|
||||
{ USB_DEVICE(0x13d3, 0x3630), .driver_info = BTUSB_MEDIATEK |
|
||||
BTUSB_WIDEBAND_SPEECH },
|
||||
+ { USB_DEVICE(0x2c7c, 0x7009), .driver_info = BTUSB_MEDIATEK |
|
||||
+ BTUSB_WIDEBAND_SPEECH },
|
||||
|
||||
/* Additional Realtek 8723AE Bluetooth devices */
|
||||
{ USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
|
||||
@@ -4,7 +4,8 @@ inputs:
|
||||
{
|
||||
variant = mkOption
|
||||
{
|
||||
type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" "cachyos" ]);
|
||||
type = types.nullOr
|
||||
(types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" "cachyos" "cachyos-rc" ]);
|
||||
default = { x86_64 = "xanmod-lts"; aarch64 = "nixos"; }.${inputs.config.nixos.model.arch};
|
||||
};
|
||||
patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
@@ -30,7 +31,7 @@ inputs:
|
||||
# netowrk for srv1
|
||||
"bnx2x" "tg3"
|
||||
# network for srv2
|
||||
"e1000e" "igb" "atlantic" "igc"
|
||||
"e1000e" "igb" "atlantic" "igc" "tg3"
|
||||
# network for srv3
|
||||
"igb"
|
||||
# touchscreen for one
|
||||
@@ -61,6 +62,7 @@ inputs:
|
||||
xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest;
|
||||
xanmod-unstable = inputs.pkgs.pkgs-unstable.linuxPackages_xanmod_latest;
|
||||
cachyos = inputs.pkgs.linuxPackages_cachyos-gcc;
|
||||
cachyos-rc = inputs.pkgs.linuxPackages_cachyos-rc;
|
||||
}.${kernel.variant};
|
||||
kernelPatches =
|
||||
let patches =
|
||||
@@ -76,7 +78,6 @@ inputs:
|
||||
};
|
||||
structuredExtraConfig.BTRFS_EXPERIMENTAL = inputs.lib.kernel.yes;
|
||||
}];
|
||||
btusb = [{ name = "btusb"; patch = ./btusb.patch; }];
|
||||
};
|
||||
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
|
||||
};
|
||||
|
||||
@@ -1,45 +1,57 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.system.network = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
options.nixos.system.network = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
# null: use network-manager; otherwise use networkd
|
||||
type = types.nullOr (types.submodule { options =
|
||||
settings = mkOption
|
||||
{
|
||||
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
static = mkOption
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
static = mkOption
|
||||
{
|
||||
ip = mkOption { type = types.nonEmptyStr; };
|
||||
mask = mkOption { type = types.ints.unsigned; };
|
||||
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
bridge = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
ip = mkOption { type = types.nonEmptyStr; };
|
||||
mask = mkOption { type = types.ints.unsigned; };
|
||||
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
bridge = mkOption
|
||||
{
|
||||
interfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
wireless =
|
||||
{
|
||||
# wpa_passphrase SSID(wifi name) PSK(password)
|
||||
networks = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
fourAddr = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
trust = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
masquerade = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = null;
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
interfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
wireless =
|
||||
{
|
||||
# wpa_passphrase SSID(wifi name) PSK(password)
|
||||
networks = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
fourAddr = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
trust = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
masquerade = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
implementation = mkOption
|
||||
{
|
||||
type = types.enum [ "systemd-networkd" "networkmanager" ];
|
||||
default = if inputs.config.nixos.model.type == "desktop" then "networkmanager" else "systemd-networkd";
|
||||
};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system) network; in inputs.lib.mkMerge
|
||||
[
|
||||
# general config
|
||||
{
|
||||
assertions =
|
||||
[{
|
||||
assertion = network.implementation == "networkmanager" -> network.settings == null;
|
||||
message = "only systemd-networkd is supported when network settings is set";
|
||||
}];
|
||||
boot.kernel.sysctl =
|
||||
{
|
||||
"net.core.rmem_max" = 67108864;
|
||||
@@ -65,110 +77,115 @@ inputs:
|
||||
};
|
||||
networking.nftables = { enable = true; flushRuleset = false; };
|
||||
}
|
||||
(inputs.localLib.mkConditional (network == null)
|
||||
(inputs.lib.mkIf (network.implementation == "networkmanager")
|
||||
{
|
||||
networking.networkmanager =
|
||||
{
|
||||
networking.networkmanager =
|
||||
{
|
||||
enable = true;
|
||||
settings.device.keep-configuration = "no";
|
||||
};
|
||||
environment.persistence."/nix/persistent".directories =
|
||||
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
|
||||
}
|
||||
enable = true;
|
||||
settings.device.keep-configuration = "no";
|
||||
};
|
||||
environment.persistence."/nix/persistent".directories =
|
||||
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
|
||||
})
|
||||
(inputs.lib.mkIf (network.implementation == "systemd-networkd")
|
||||
{
|
||||
nixos.system.network.settings = {};
|
||||
systemd.network =
|
||||
{
|
||||
systemd.network =
|
||||
{
|
||||
enable = true;
|
||||
networks = inputs.lib.mkMerge
|
||||
[
|
||||
(builtins.listToAttrs (builtins.map
|
||||
enable = true;
|
||||
networks = inputs.lib.mkMerge
|
||||
[
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network;
|
||||
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
})
|
||||
network.settings.dhcp))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
|
||||
routes = inputs.lib.mkIf (network.value.gateway != null)
|
||||
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.settings.static)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
bridgeConfig = {};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.settings.bridge)))
|
||||
(builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(bridge: builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network;
|
||||
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
networkConfig.Bridge = bridge.name;
|
||||
linkConfig.RequiredForOnline = "enslaved";
|
||||
};
|
||||
})
|
||||
network.dhcp))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
|
||||
routes = inputs.lib.mkIf (network.value.gateway != null)
|
||||
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.static)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network.name}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network.name;
|
||||
bridgeConfig = {};
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList network.bridge)))
|
||||
(builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(bridge: builtins.map
|
||||
(network:
|
||||
{
|
||||
name = "10-${network}";
|
||||
value =
|
||||
{
|
||||
matchConfig.Name = network;
|
||||
networkConfig.Bridge = bridge.name;
|
||||
linkConfig.RequiredForOnline = "enslaved";
|
||||
};
|
||||
}) bridge.value.interfaces)
|
||||
(inputs.localLib.attrsToList network.bridge))))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.networkConfig.IPMasquerade = "both"; })
|
||||
network.masquerade))
|
||||
];
|
||||
netdevs = builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.netdevConfig = { Name = network; Kind = "bridge"; }; })
|
||||
(builtins.attrNames network.bridge));
|
||||
};
|
||||
networking =
|
||||
}) bridge.value.interfaces)
|
||||
(inputs.localLib.attrsToList network.settings.bridge))))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.networkConfig.IPMasquerade = "both"; })
|
||||
network.settings.masquerade))
|
||||
];
|
||||
netdevs = builtins.listToAttrs (builtins.map
|
||||
(network: { name = "10-${network}"; value.netdevConfig = { Name = network; Kind = "bridge"; }; })
|
||||
(builtins.attrNames network.settings.bridge));
|
||||
};
|
||||
networking =
|
||||
{
|
||||
useNetworkd = true;
|
||||
wireless = inputs.lib.mkIf (network.settings.wireless.networks != null)
|
||||
{
|
||||
useNetworkd = true;
|
||||
wireless = inputs.lib.mkIf (network.wireless.networks != null)
|
||||
{
|
||||
enable = true;
|
||||
# wpa_passphrase SSID password
|
||||
networks = builtins.listToAttrs (builtins.map
|
||||
(network: { name = network; value.pskRaw = "ext:${network}"; }) network.wireless.networks);
|
||||
secretsFile = inputs.config.nixos.system.sops.templates."wireless.env".path;
|
||||
};
|
||||
firewall.trustedInterfaces = network.trust;
|
||||
enable = true;
|
||||
# wpa_passphrase SSID password
|
||||
networks = builtins.listToAttrs (builtins.map
|
||||
(network: { name = network; value.pskRaw = "ext:${network}"; }) network.settings.wireless.networks);
|
||||
secretsFile = inputs.config.nixos.system.sops.templates."wireless.env".path;
|
||||
};
|
||||
firewall.trustedInterfaces = network.settings.trust;
|
||||
};
|
||||
nixos.system.sops = inputs.lib.mkIf (network.settings.wireless.networks != null)
|
||||
{
|
||||
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
|
||||
(network: "${network}=${inputs.config.nixos.system.sops.placeholder."wireless/${network}"}")
|
||||
network.settings.wireless.networks);
|
||||
secrets = builtins.listToAttrs (builtins.map
|
||||
(network: inputs.lib.nameValuePair "wireless/${network}" {})
|
||||
network.settings.wireless.networks);
|
||||
};
|
||||
services =
|
||||
{
|
||||
# dnsable dns fallback, use provided dns servers or no dns
|
||||
services.resolved.fallbackDns = [];
|
||||
nixos.system.sops = inputs.lib.mkIf (network.wireless.networks != null)
|
||||
{
|
||||
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
|
||||
(network: "${network}=${inputs.config.nixos.system.sops.placeholder."wireless/${network}"}")
|
||||
network.wireless.networks);
|
||||
secrets = builtins.listToAttrs (builtins.map
|
||||
(network: inputs.lib.nameValuePair "wireless/${network}" {})
|
||||
network.wireless.networks);
|
||||
};
|
||||
services.udev.extraRules = inputs.lib.mkIf (network.wireless.fourAddr)
|
||||
resolved.fallbackDns = [];
|
||||
udev.extraRules = inputs.lib.mkIf (network.settings.wireless.fourAddr)
|
||||
''
|
||||
ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="wlp*", RUN+="${inputs.pkgs.iw}/bin/iw dev %k set 4addr on"
|
||||
'';
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
@@ -3,7 +3,10 @@ inputs:
|
||||
options.nixos.system.nix-ld = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule {});
|
||||
default = if inputs.config.nixos.model.arch == "x86_64" then {} else null;
|
||||
default =
|
||||
if (inputs.config.nixos.model.arch == "x86_64")
|
||||
&& (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
|
||||
then {} else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system) nix-ld; in inputs.lib.mkIf (nix-ld != null)
|
||||
{
|
||||
|
||||
@@ -3,8 +3,11 @@ inputs:
|
||||
options.nixos.system.nix = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
# marches allowed to be compiled on this machine
|
||||
marches = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
|
||||
substituters = mkOption { type = types.listOf types.nonEmptyStr; default = [ "https://nix-store.chn.moe" ]; };
|
||||
marches = mkOption
|
||||
{
|
||||
type = types.listOf types.nonEmptyStr;
|
||||
default = with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ];
|
||||
};
|
||||
remote =
|
||||
{
|
||||
slave = mkOption { type = types.nullOr (types.submodule {}); default = null; };
|
||||
@@ -36,6 +39,8 @@ inputs:
|
||||
# do not keep unused outputs, backup it manually on nas
|
||||
keep-outputs = false;
|
||||
connect-timeout = 5;
|
||||
# https://cache.nixos.org 已经自带
|
||||
substituters = [ "https://nix-store.chn.moe" "https://nix-store.nas.chn.moe" ];
|
||||
};
|
||||
systemd.services.nix-daemon = { serviceConfig.CacheDirectory = "nix"; environment.TMPDIR = "/var/cache/nix"; };
|
||||
}
|
||||
@@ -63,21 +68,9 @@ inputs:
|
||||
};
|
||||
}
|
||||
# marches
|
||||
{
|
||||
nix.settings.system-features =
|
||||
(map
|
||||
(march: "gccarch-${march}")
|
||||
(
|
||||
if nix.marches == null then
|
||||
(with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ march ])
|
||||
else nix.marches
|
||||
))
|
||||
++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "gccarch-exact-${march}" ]);
|
||||
}
|
||||
{ nix.settings.system-features = builtins.map (march: "gccarch-${march}") nix.marches; }
|
||||
# includeBuildDependencies
|
||||
{ system.includeBuildDependencies = inputs.topInputs.self.config.branch == "archive"; }
|
||||
# substituters
|
||||
{ nix.settings.substituters = nix.substituters ++ [ "https://cache.nixos.org" ]; }
|
||||
# remote.slave
|
||||
(inputs.lib.mkIf (nix.remote.slave != null)
|
||||
{
|
||||
|
||||
@@ -21,17 +21,5 @@ inputs:
|
||||
inherit inputs;
|
||||
nixpkgs = nixpkgs // { nixos = true; inherit (inputs.config.nixos.model) arch; };
|
||||
};
|
||||
boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
|
||||
[{
|
||||
name = "native kernel";
|
||||
patch = null;
|
||||
structuredExtraConfig =
|
||||
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; znver5 = "MZEN5"; };
|
||||
in
|
||||
{
|
||||
GENERIC_CPU = inputs.lib.kernel.no;
|
||||
${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
|
||||
};
|
||||
}];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -80,8 +80,8 @@ inputs:
|
||||
(defaultSopsFile "${devicePath}/${model.cluster.clusterName}/${model.cluster.nodeName}")
|
||||
++ (defaultSopsFile "${devicePath}/${model.cluster.clusterName}")
|
||||
))
|
||||
++ (inputs.lib.optionals model.private [ "${devicePath}/cross/secrets/chn.yaml" ])
|
||||
++ (defaultSopsFile "${devicePath}/cross");
|
||||
++ (defaultSopsFile "${devicePath}/cross")
|
||||
++ [ "${devicePath}/cross/secrets/chn.yaml" "${devicePath}/cross/secrets/xray-server.yaml" ];
|
||||
};
|
||||
availableKeys = mkOption
|
||||
{
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user