mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 15:19:23 +08:00
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0a51443b79 |
1
.gitattributes
vendored
1
.gitattributes
vendored
@@ -1 +0,0 @@
|
||||
flake/branch.nix merge=ours
|
||||
8
.gitignore
vendored
8
.gitignore
vendored
@@ -1,9 +1,3 @@
|
||||
result
|
||||
result-*
|
||||
result-man
|
||||
outputs
|
||||
.direnv
|
||||
build
|
||||
.vscode
|
||||
.cache
|
||||
.ccls-cache
|
||||
archive
|
||||
|
||||
81
.sops.yaml
81
.sops.yaml
@@ -1,50 +1,45 @@
|
||||
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
||||
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
|
||||
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
|
||||
- &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
|
||||
creation_rules:
|
||||
- path_regex: devices/pc/.*$
|
||||
key_groups: [{ age: [ *chn, *pc ] }]
|
||||
- path_regex: devices/vps4/.*$
|
||||
key_groups: [{ age: [ *chn, *vps4 ] }]
|
||||
- path_regex: devices/vps6/.*$
|
||||
key_groups: [{ age: [ *chn, *vps6 ] }]
|
||||
- path_regex: devices/nas/.*$
|
||||
key_groups: [{ age: [ *chn, *nas ] }]
|
||||
- path_regex: devices/srv1/secrets/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ] }]
|
||||
- path_regex: devices/srv1/node0/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node0 ] }]
|
||||
- path_regex: devices/srv1/node1/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node1 ] }]
|
||||
- path_regex: devices/srv1/node2/.*$
|
||||
key_groups: [{ age: [ *chn, *srv1-node2 ] }]
|
||||
- path_regex: devices/srv2/secrets/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1 ] }]
|
||||
- path_regex: devices/srv2/node0/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
|
||||
- path_regex: devices/srv2/node1/.*$
|
||||
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
|
||||
- path_regex: devices/test/.*$
|
||||
key_groups: [{ age: [ *chn, *test ] }]
|
||||
- path_regex: devices/test-pc/.*$
|
||||
key_groups: [{ age: [ *chn, *test-pc ] }]
|
||||
- path_regex: devices/test-pc-vm/.*$
|
||||
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
|
||||
- path_regex: devices/cross/secrets/default.yaml$
|
||||
- path_regex: secrets/pc\.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
|
||||
*test, *test-pc, *test-pc-vm]
|
||||
- path_regex: devices/cross/secrets/chn.yaml$
|
||||
- age:
|
||||
- *chn
|
||||
- *pc
|
||||
- path_regex: secrets/vps6\.yaml$
|
||||
key_groups:
|
||||
- age: [ *chn, *pc, *nas ]
|
||||
- age:
|
||||
- *chn
|
||||
- *vps6
|
||||
- path_regex: secrets/vps4\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- path_regex: secrets/vps7\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- *vps7
|
||||
- path_regex: secrets/nas\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- path_regex: secrets/xmupc1\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- path_regex: secrets/yoga\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- *yoga
|
||||
- path_regex: secrets/pe\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *chn
|
||||
- *pe
|
||||
|
||||
26
README.md
26
README.md
@@ -1,26 +0,0 @@
|
||||
This is my NixOS configuration. I use it to manage:
|
||||
* some vps serving some websites and services (misskey, synapse), etc.
|
||||
* my laptop (Lenovo R9000P 2023), and my tablet (One Netbook One Mix 4).
|
||||
* some cluster for scientific computing (vasp, lammps, etc).
|
||||
With the following highlights:
|
||||
* All binary is compiled for specific CPU (`-march=xxx`, like that on Gentoo).
|
||||
* All packages and configurations are managed by Nix, as much reproducible as possible.
|
||||
|
||||
## Using overlay
|
||||
|
||||
An overlay is provided through `outputs.overlays.default`, you could use it in your `configuration.nix` like this:
|
||||
|
||||
```nix
|
||||
{
|
||||
inputs.chn-nixos.url = "github:CHN-beta/nixos";
|
||||
outputs.nixosConfigurations.my-host = inputs.nixpkgs.lib.nixosSystem
|
||||
{
|
||||
modules = [({pkgs, ...}: { config =
|
||||
{
|
||||
nixpkgs.overlays = [ inputs.chn-nixos.overlays.default ];
|
||||
environment.systemPackages = [ pkgs.localPackages.vasp.intel ];
|
||||
};})];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
inputs: { imports = inputs.localLib.findModules ./.; }
|
||||
@@ -1,26 +0,0 @@
|
||||
inputs:
|
||||
let devices =
|
||||
{
|
||||
nas =
|
||||
{
|
||||
"/dev/disk/by-partlabel/nas-root1".mapper = "root1";
|
||||
"/dev/disk/by-partlabel/nas-root2".mapper = "root2";
|
||||
"/dev/disk/by-partlabel/nas-root3" = { mapper = "root3"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-root4" = { mapper = "root4"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-ssd1" = { mapper = "ssd1"; ssd = true; };
|
||||
"/dev/disk/by-partlabel/nas-ssd2" = { mapper = "ssd2"; ssd = true; };
|
||||
};
|
||||
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
|
||||
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
|
||||
};
|
||||
in
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos.system.fileSystems.luks.manual =
|
||||
let inherit (inputs.config.nixos.model) hostname;
|
||||
in if devices ? ${hostname} then devices.${hostname} else inputs.lib.mkOptionDefault null;
|
||||
home-manager.users.chn.config.nixos.decrypt = devices;
|
||||
};
|
||||
}
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,56 +0,0 @@
|
||||
chn:
|
||||
age: ENC[AES256_GCM,data:MSJe0mI4PUkl4B/R6no/Zsb7STRZcZBKz7+CckMnEuSrjNx/5Jxv6IugUEAREXEUxmpNi7Sx6aR8SYDqJO5UaaGYbCp+PN8DrBg=,iv:185PoGeQ3+D6rYI1xdfrciKu9nj/8d2yya//U39vS6s=,tag:mhP0Ix2iX3uaAqPAnin3Jg==,type:str]
|
||||
rsa: ENC[AES256_GCM,data:yHnveqSfwd2sLYLOm4tkXoHj08zFRQsaSEL0NJz76dFCO/ZnyIbFh8WnW1y6bUUKzWl4AZxcLIBL0GCf+5R+gDRcXLLGCY6TziRb5fo/6ryJ9EbqntVI5V7oXUPSmGMPuhWcVFB2YurgdvFgXMAki7HMmXLD3xMzFp2/my1mBTOqksJiHL1Bq56bBOQihQ8FEpESc6E/lS7hA6oq8u2RIKKLDCDScdLTmbl1XmzO2xqoPoWJNGkW1PBVUzMMSfmfpswfUK4Tt09o7AwnCUsb5u4PC9aGLUdhjS/Q+zdDpXLZpU1VuX4Nypqmyx0v1KgMIDVu2FNl2OUbTvHCDW3OwMkCA2ww4OlD4p9BFTszAzs8eFxSyCZkiWNp+SfI9WgjsZV4S1nJJfIIlkZYqja7DYOQEyeS0IZ7jyuGsTBhy5iTjekiCUa9iEBXmHHw5I80H/mhDeLyYKnnSttPi4xNt8flO9k3TDURFNW4L/2sEexoL0BLCkt/nGolEcyHCvWKm+UOnfYEJ5G1/NwufFrQybzP+TuiqSauGk5oIEi/vvcX2/luwdPyOONeY2SrHoLehh6lhbM9WExdpSfawWAWB43NabKZf7Wp6JLsadZCUvlfQSvM7YE+Z9ZZPffsiPIiKkkABR5FnKVmO52AfX73r17VJgK2fMeabW4o1ktVzMX12tW2+GpzlOTDXcdKnzjdDQMv+u1Hyn9H/K1S1HmB9RZkyTXzUMR3iC5A4VSy+iFqIgA/kTvwKxjYfTBOvaME9kqqF40E+s7Vx2lM9gvfwYXm/OHSIKJkpo8m+DdGShyMD/iopZPW+QayavXdw1ilVWlJxwwCn+KDq/nsQhWMXH5A+7f0d/P+I2kKQWNNhAFm7Bq6+FrIa7FOT+u85Bl6r9rdnmfkz3rKYlvXFkvlr2fYA7UIzc3vFJadxLL1gvIeedmiuTgyY2JzljvWxAxOKbD9H/EAkl1dKMx2xc6IalXj1ERUcZSl90ijaUfkmxqFjZWXDkFLOipPFoNF4RXF0Bf7H8uWBajvrZOifwXoiYFygnl4vHbLQmdzgjs+lBEsEjTflCxaeRfGNUrqYdIN1MOOMXaaTBk4AkHHVxi6EplJS6Z31qnaecNGSlT2SdoGmKPy5IiS0E9gtOq9w81OBh85zoTh0I2XGWyJmhvOpJIReQEUiFb5vlXc1ryPp6etlitECxBTDGqu1BIqYroivwpWSLFYihOsZtmSUuRRRKlWMq19CFZ2KkmrT+APWMVBv4F/6uaapEQaLFrmDys2G4kCR7Arc04OvVizPUhwGPfcceG9VjsR/CJY/VUq1wFTyjrjCffyIOIXtYr+kYNFtYj5SekpopDxUCTAcuTdtAZlegfrqSss6nsBCFvMQUO30ng0rzRpTXnTt9iHkPnfXU1KLcv6lXU4+5nvHatICyaY0pYLNYWBzpFgp6sOiWWJCZi28jgE91HcaaGnleSoNw/ouTasgF23anqvcABKWuUMSRCsIsSBLQWDTPUo+jfm9NuzduDhIdYKhN0HMCCrHVJdWbYBmG23qqqHoHmEu926ClaP5VDo3PNci2yFKg9gcbjeWD4gCXoVE9tm1OwYucQyMyX/SVb0w+M+k2+yVX+Vx/LBqUkXtbWGfDmwHW3b7j3AZr1pHMx+Trv26p4V4cyOaf6nBezbawYF0M7pRHQQLXpjTru9c/dEEZCOefmDyzTLyShDhfCBiBky8hF0bf5NfF6NfL12fcMlAvtk8OaQC+gd4VL3umQpwmLO8pupnv/5tQAR3R37rfgkLv/N/D4Bbz84TvviEa9aPsY+1XlXsunYIkF1xJVunv+YAR4aexDfd6aapfdV1YXxhrvCMZNDF+kxQJ93i5o2+nyUvXBNrrqlWTTX3HSmTYfOZ5npSUMQRYUG2UduU56NHk8QmUi/mwZJX0mCrpHg2lH9+EIwdgMO8V21rZnE9Yj/ujn29lTvqEWOV1uHgbAS9fGbH9LsS4VhC7V1B4uWyzGEvj8g4hl+rC2c85v6rblgn409JTDCioffFlSS35+6AsKKO6u8Xh7neo8c5SxvYsEOW4EAfnemVns8TOdJViy07bB8XtZU4v2/MHhgA24TKr7wlPfrTvF9UFNx2OK8c3aYP78Xp8cb3j60z3HjqCFFEZyHDD4Ync5BFB36sBbqHHcah+kFl3ZtQnUI5LGZvG6mvSGFMmAhiEzTnsVN/TJglll2uXMIcZpJSwxKIw==,iv:Ks1ESu5QeD5a6dmk+0MHD8mrM0QejBSZwQ1fKjTQiuY=,tag:uLDGeiQHHUUUY00n4jlf8A==,type:str]
|
||||
ed25519: ENC[AES256_GCM,data:/2Iqm2LOPkjQk0tEJpdICkiUOZ4fT/+tiEgpkCb02/YT+6l4W6cAY4mv3nQZOROaYg2gafzLT+e2UDSyX/fIbh3jA+OKnbUlWQVnzRUoz1QxdoqLjYTVCB5DkECYQveeWdt8Er1sGMzkdlvIkPdfj99RLmKKwwtHI1AXkR741V6t8X3LVRVFJrCBpudczA78Rr6CaTR5BXsEKxbXmD5kGJlYD70yHkrLA9MgWQa+/oIO/2CzjkQx5ULQ9fr/VwlIWXfLiCvHmKyVEtweqSSH3bSn1qC3usVAZaJSnOObAJGeQuS+FcxizbKDXjgc69Jg67mDf5k6VBxTF/xP0YegQpZlVxnwggSN6yyPHJ9zjk27NmsqHfE3fq/TQf2Pk91wIgfV0zN020vmidRKiP5z54aaEO6lnPHPELl7BZQ51NUyYKmh5SL6IX05x64GqRrbPtxhzWSj+WVeWmbVJcoxbohzugjTG1Uj+cxcEfqe7Th50pFjHbyCEIWxhk8toQ7r8VxkuYREkXwSYTm/mx43FZnwDhLkFuIYOh/v+7ln/Cxg+xATUbwZS6RwuN+pIRz75eq7VjwD9sb+pj2K,iv:FTrh8tnL8OlD6PkdXWnqFTkZ5VdxMJL5CncfjK1J/C0=,tag:+cWIwl0CZFERXZoegTpSDg==,type:str]
|
||||
ed25519_sk: ENC[AES256_GCM,data:NFTheH+JMIu0bdyKOVgFjGIfgKE9o404S6EvK9yelSiYY5/WFRbzRwhSLZC9senT4rMUl9sErjix1nJMesV1DByTvdZqljPGChxac5/JglgZr9NgvhDYLjSnrT0GYlGAgxmDrnSHj2CyPm+5Ael27325QDMLjKnmluvSZaNB7qB+4BNQBEytx5NfLiA26EAxKPqMSDoFFZp/y6FdWFH4sEWz5WAp03shXs+EPmcnSu/9wykjwg7gKvbQJqoB3MJ5N4MsLr7EBPcpOdWvx0E5xZ8GgmuWYxRJNZDILfS5pgaD74uPEj1nODfGd3N0kBBCeKq/clq9hPDfjyrAmTd9EEDJu+q3nf7P6zTIZ0WJ1ZN/hnC7WcpL/p5Y4nDr99u1rd5x+hhk9TI07SPTJBqjpg6oAgM+Dq02jJvCn4VuoxlCTx/dkXyofReU0bjovUXOMEwCfxHwMDa5/QxQ2qYQhNC8x4O+DwxjnhNg1BNVFAVT4mBVxCshKyhQ1C/w8tBTJzD8YkigAKlokI5VoxCINex3SQs2+6NQpCOyiw6TMtH+M54zVlUQeKypOSNmS91crC52/6b9XMA=,iv:xDaelebavplMYLG9c2JUv1ceXJxejTuhjZ/AGHfklrw=,tag:x4zjZasKadbVDf8Zsg+wiA==,type:str]
|
||||
rsa.ppk: ENC[AES256_GCM,data:9njXWqYEZ7jd0u0lvtmIarEka6n6oHmMeLFvBGejAt2cXZdrZzn5hdotT1+yGrPQYH5n5+f5R8E9wSAZK9Xwn5qfLxXkjmOOVd+L+UFr8fNwlac2GK8Z2OpYKSKg8JbNRw7kgl3ktu8xE6IWqTdL75idvW5JI9iXSSLT9o86oV25HN5Ku/JzRRc9ZlrSugxza/w2yUv7ICT4wGw600aXWhF4R9c2vf6+vZyxaBt7BzaT2+IPPrxDxoW6jx+1fATlwTSiqcKD/0ymy0Hk4ryhI6Vk7BaK5ePC405pdghXA3zwHvRKoFtZGPLy7+iQe4GLE1GEOLN+3MSSAlJEnGMKnwP93IqcAghIXAFXHaJzY1a/492waYqXCc3H/SOlI52oKjZY/SUKoSkDxRoY0wr3OdseFgV/BEWgrunN0MakTiqY6Q8okMX3LXeaUHwnIK9t01eLpvIUA2Y1wI7Olx2Ez1Tp1yPjACTZlQrOPOiCeumlRey15bGNywV3p+DY5wM3zqBn+529MauJv7W2NYIJ6do26hAVpe5FMYb0l/G8AYg0E+AJ2nfVRb8Gu5MxprSNQQEMca+PxKSsmCvicBeNuDreZwt7vpMAb8ndv8O96k8cz2G126Rpe6dgsf3XND3VLWJpYIJYG+KA2AaVCvayAcHRUfIZdZ+wMDJFP+nQHk8wH8/Zu6mWL0nkgFMIj7C/xymdIO1Ugc2CjUlZZtSkgZ6JnAQ+rs94B7QBSCcEnkd4kOU4CvrH1eIyxXS1YH6KhYVhOIXeZFvtI38ergae/ruHfruU4tYk9sj+MmiK7tQDVfiu+XY56mrYt46sDOe36nUDAw1xMLV18Wu7P3wh2zwLrHzRcpTljlcilEh6NQTbIZBm5oQUCJhtYkfPtfsOUs6EKR6Zte1xQE6jdMES6Nnki4OAyv6ZC847jZGkGVg2nFkg8K0d3HoLqsIb3AJMgSNoZtImsGdo4I/jgiBdt9GEjXj5o6zYAvt+F/fea8Lvz/JveU4eL+HA5++pSuuFH33eYntPsPeoi3aXMt3HgHpan9hUAYNSTn0IBrEbsFPkxdaPVhyVygZo7nVzMc1z8xRhMuDv/0DlRpSzd0CM/5nFsaexX03W2ByKUatEP+DXxWswXXV0pod1Q65Jp8X6jr3KrGdzgQ+xqT7yCLDInMP08ug8d3MV8cPvdTLKRy3H789WyBKKH9LE6L36ron3571L2C1YRqnSaCtLF4PZWcYhR8QW8DWhU/tQVPc39ny0PazwEKJK4vAuFc9voYTHMgYJ9fvM+TCRQVRi92yECtHO0XsS08UVz4aJpiBnpCf6k26e9Fv5nZkpjeG8l6j1/FLSbUUzM8Ig8JVJZXOV2mkZxB+UVGAaIAaIFuxHJ0u8EVqNGW/yRneZiFop/j+4/rUmR5QaXsqlp6dIjqGiGQxkAsNVc5TiRG4ChQJn50UyqUFWNT/YIFZyJnE051ztZzl0DXoqLdfjn63HJZ0E7OLVwpe6xYQ3DGvwmH+siq5mdjbhF8477C1oes7q+Pc8L8vlYRTIKeLGm5asN2ZyPDigpAnDcPsZUh4Z1EY9/uu1CTG4A2yUdx1Wk9+1ZZf+X8SGK5YyQofuA1WJR3Nxvxr0K2ThUJc2X4jy1x5FCWqINotiHWEj1VLKUEU/eqWcchp99/r6Ai9DBrsuwd7zLq1/EzWyGRFL04aoaHWkzq/2uxs5mBwJYAoRBhXS544JbWgl3k9gnhiTdwzmHxuJqGLQGGLT4kc7va/ym81dPQE5QlMlEsmf0ecHyT9X67GYIsxQtxi8tepM9ycWVRkH2skYVSodOdNvwRZkmtJIzw2lECdx3Sx3u1RAudXMUdGzviUas1+4V7L5w95QF8mQCS5gkHwu11mH6T6aRGLFRUfKNkbOGoiCzOeGsnoQr0IzkwWZ6Kpk/1z8txKIxNfdM3woxAGKbQ==,iv:rU+t8OnwA5yGRQZYSI9GQcfaZY2EjCPxrsoSzlCy1Ok=,tag:5H2oYeXpEkwIhtnAz6uywQ==,type:str]
|
||||
xmuhk: ENC[AES256_GCM,data:I87DH/L3FE/qmYNJ4GPbvuEZ0BU3ljoxjVO+C4UUSGiFq+d0SwqteH8X36SZHsPVOJLtbw+HDxvHuu8avCdPgyg+utYQ902PnU6ldvxpPak2eK/mZQo9KOKNQa6U2QPL7Yq3odemlAHTTp8BD5yOc4gnxGP5/TZZt3jcSAza17tqXwO1dDE0o0ilQ4v5SW4AtBF9Tph5sTyYy9+RlGagvUc35hgl00gDzoTd8ydvFGWSVKO5nTRMQQUfJ1/t5L9ruH4+5+W7Ic6bRXGCSSJ+iKUUcR/N2Bjizcae7TOXZ4VmqkCBHUYDcRnI7kLI3An2dliuPsgyIGVBOzmayNFn8MXjJritptbbm1zC60xzJFaamkQdSTTwUBXNVY5Y/0m/W20/AxyMOvpyxWCDx9XKYK9J6BxqI/uSkJ+IIxHZuiDmY8pF4l6THOd37anRxP2u3S2+yv1sVxqu1cVKR4fmtKqry27KcGkRFwU78qm5QQlSOcxXNSp6gsX5BOb7y0f6rWekRmHLN3gcXJPpEF3AYRXhQZs81J9Tij7F/jemXSG8282PHkvZOnnJQZjb02uVu5NxF+8couaYF18oFjncPlPDrJXEtT2tSabma0fneiLDXnlZ05oPXyWbn81b/KvNxgsDnUAOf3p1sdmIcMG2FLSc2jmaeAF2dCnn7EMjWHwpoR9OeTt5Iq2XIvBzqLsq0dfX22OFCxdO+MX3yWEwZQsU/78n45jiIMOFHZq7GuUsMEd6/p1A9yyuEpkhgqxKRPCIzbmJEaLDAiFSeKw5Q8y5u3sE6NWCJouRsyYaBVtjBYuPCxRA/C5MwiJNL8GCxC++GYWn0OTiAmLMbFyFWVMtwcfVD+SRaOdjzL6v2VvtQpAmNnz4FXdQUb2PpImN/s6Rdg1ca9hPMVkqqgfdc5OC1KvwJP6M3s6g7xzarzTz0whJ0mhNthAHWa0rrnnIEdXa1bdxMEHafkv0VTsUayqfU8kA6pILUFz7d7pot1xrs7ucgw+eqT193kc4XyqxJQK26eWuUVyP1Qd5MnBTQnFXplqIY2sTjisICpvhEAdDeWNN0ouXLFEuQfvfINTydGgITMfQgZbdUuqC4PtdnatZGnwEsuXjRpQ2SA6y1mP3gG3AEvfYnhgg+S1F0pcpN4sa9B1DHvs6ILRaNSnHTHWklD1sMD2YXTgpuFHKtxZMa7dc+pCh4vyGViSgauNaACK/91+OlLPoeIPeQoREvzkOhz+VYXRtG6N5lTMLuubhgOdicBKz8Qt9S9BZTOiJ1hEb4uXXTXwkgulUa77Rd5HEnr31l3BvsNrCt3fDNT8Ec46ICeoRnDjPEIZpXTTUZc7C/J1UUuDCQ1dzVmGrZaM6vyRCFzVa6rgj138CkAp2zF5QzJPyHtyrciPCQfgLweAoT6+tUBOngZNcZ+gSZYrA4uRmwlob9Af6uZEL/GA4zRcSCj73h/7VDhjI4IgaxtiTGsMEmHtGBdryVIPuT8eRcdx6tDkulgQvFi0ku9iqKuBCYpveK+y6OO+5V7GIow7gMfU5AGDNYTNkrVIkhV+Bm5Y3s43eHhda6xxVFR948QvrbYIf3PFMcla2tc0LTOk7r/Fyt/3ij77aVjblq+gfoPtFrbEhvg9Yp8NDnlnuqYel+D24eV+Gd6vY79Gu+JGMgZvFlvEhqJSrKVQ8r4lXl8FMP+S8P5XxXkzf6SNbj1Qm0cwTEtg8p00vt4vH8MaYbSFSSwUeJkOEolDMFSW8FPvqenz1tFq8ShFXB7fuNaU1iqyldnSU3xpswjP8RyrSkZPMClSr2esuLx21+YYSJ90zHtB9kLGdTmp9D5hkGa4IpsbvGVlEvB+yfU9AoFwOi+PoajlxabMHFqIwlyGbl5pXd8Da7PFI1PGfkUa9rPBiusk2IDhXGJn7M00HcWzSjfepkE5EbxzXH0NlsXsqCpGlP1KvDIx4NCYMWJgf7iWebytUqO+AR8nAZlIV95b22EzcsGjAzo0SfqBQnyE9D3y4x/JdKKVy8rW8w/++DeAqQw00VE1JfFubi9NLCzqUQV3zgrEb3SC0yswCMowydXV8Ahl+79Km3Hdnm9H2s94iOlIWMCOV/RKWI/qZujq4ccQdvl77GC+5vXEY6bccNfkIMNPCby9O2383EmS2PzLzMdV0rEBoKkotib+i9IRVKIWJ+pwJwWF/ZPdO/ZcX5ds6oT/U9+RLk+Bq2eLAUwHEVd5mhw2V8Ngj9mp0O9P5vcWQhovnYQRh0WJwJUM1mWfiVLS1IZktndP1efTWR+SPw47tuVcuMcX3vxfReERMAIiO1EcR8+9WYzoSasB16sm9sN1nJUx/LgThjzRTszfy+GFJJZ4dIY/noYyH9LvIz5rHKAAbja5c0PjB22DXOdEjARoXIWHTTH1Ab7/eVk/ixbHOx9sOET9C/koI/URX1XtTRIuM1UXt4OJbIn3fvuPOywHTkWeF5WV/19ZrMHSIM/JHGYc4au/sD06C+wJZseXLPXSIJF2LgabEXJjvHsb++gccqD0GofcJVJzgYuOaJ0ZydbJn670xa/qludJ1nMuSEc3Py4jTOs0vyfrMkDQHWUScT1C/HsQH1YcCKeyAZMSh4hphM7MtAY9v60cnhsyOAwmBhVaZGZSaFIWyf1+ea2eTLnF6HEF0HSYl7L0hd1i8bPBxoyjB2DIbxbzR7TiaMuPQ/HPNhZhXuFfZK6iBjrGDlhGCn/vlFgsSCGCdcLwKBdC8dpfgpyf65ccvtIXMQGFZMQynIDNCBnALF5dtTQprXf/O1WRuZSLAF/H7q+2gXl9hMKeCLWfGbGE/cWvrRw81efgjUQ8AuFUttR2wUL2u26JgrDuoCG9+vhs4S4x2tXDooucqIRQDAUEIE6gF6NsWDi33K5baQ3RA5Z6btNPNQkqXtz4yQE0Zlh9mFT/jkXGRfZ6RtJbT5jWdHQONXaTHTFK43eZlViM1VydoEwiCrclyWYHWswKyLNjQWATICe7X9NYyU/S/Rj9dIRUUzm2KjLfMEfjyiLS5MLDu9lmKUdXAcz4nFcCWIc4VRR5fMsMh6Zvk8eh/vn176Ic58byvfjsAAflZ2QQyZLaA+Utr8YbpxwbRp8WYg0Ktt7q3rlh2WegEa6wKdESqcb53dlK8qw3ICPW4XhFAA37Ru4zlZ5O+ayDoCvrsWE924VXe+1ctjGQ5via4ctDTXXl+GALQPbLmEfwSyvaC332fbZ6YRM1fY6GmnliWCfgHh0cPwuGNmXbhn/Bftsy+jL6ljma//pnkHfQrynho8XeW0edyrXY91CJtkHKhF4h4SVq4tLQ4cRFEjFfkwy4UXZ7m6AnY1cr83iGqbuU1TnKn91mxiBoPWx0arRHeTSCK/xRcBOF7NqBdmEMMefeq2lLuv+8VVKFBFUKCL5e0rKcQ1N2G2ALtrgWVjsaI0eJSyD9aGSADnlMWu14g/msECa5Clvzw2Q==,iv:cv9sYcivQZc/hz+Sri9iLkRHV3uStIvwT2/083DsUtQ=,tag:re/iwRtY/mlnxibqXBnkPg==,type:str]
|
||||
github:
|
||||
token: ENC[AES256_GCM,data:t95+VgTEkcpsYGty95nKg+4QU86rVnJjw/LZEAk6PHc3ZR3GjPLBtg==,iv:1d/tXqknfEh+GFYj22TRtr7Sq9GpE8NujfAKDwJttD8=,tag:LNyI9Tul7g5mm1gM9ijWMw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S0QycmIralcxUVc2TFZU
|
||||
SjVWZHpJT2tZQzByRUtvbzk5OGFHVzY2UlFFClRMSlIxTmk1ZGZsazdkRDRzOEJ5
|
||||
NVZYZGhTdFJIaHBxT1BlN0NDdkEzNEkKLS0tIFBzYWtVMnN2YzRLdW80WTUxS2xZ
|
||||
QnRDZEpyanBZRmVuS1ZjUHNTbWdpb28KWO91rInbh3dvKgVAICB/GAePL9XfsKK8
|
||||
VDbUUst0RgI/z4xKftw+49HJWvzFpo+pzEzvsU5jZiQwIH19ufGcZg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2a2V0Q09VYW5NbGpkZVBa
|
||||
Wi81c2lTVHZLeEpaeTB3UFh5ajNWZno5akRrCmdHS0pDdnVqMExkR1V0aEg0OHRn
|
||||
UzA0YkwyMHZESHNtbm45MEdsdjF5NTAKLS0tIHBIbFdndk1kRU5nQ0pBVFZhZ3JE
|
||||
TStEQzdYL3VCbU1yUmdmd1RKQVYvbzQKx7fkginIVesbwrM9/9JPKpJMcHhxqJS7
|
||||
lOa4aN7TlcTo2QswOABJCKXyZwb3LpWoZioQ/jvBPkSFxKarTBC2LQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcWN4b1NnQ3VoUC94elFm
|
||||
VUUwWGlveWUreTk2VG4yMmhzdVd6VEJaUmo4CnNhcVdRRVRoTUFpUjJlVDNaWlZ1
|
||||
QXVSVWZDNTlUdWZpVXpqQWl2RXFzUkEKLS0tIGdMbUVLTkJzUmpxUWZieEVWb2Zr
|
||||
Zk1hSFZFaXQ1ZVcyYnFhUHVaWFM2eEEKMAhn8H7rIt82esqOEwL+19zKxyB/0KjI
|
||||
x5S/tAzJIqRY5qilkEXBDekgWKFXj7fLKRfifuWAYT7tMC8E2bODVQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbjVoUHA4RnBVdUZVV0Ft
|
||||
bUQ4YmJJNVB1Ni9RWW5SSWpzaG1ZVGYzUWpFCmJvZnFZYW9sWEo5amhjYkNZVWpm
|
||||
SE1xb1c3cjFaUnBITDIyOFhVRFdPS0UKLS0tIFQ5M29rRDRIYmxPeTNHYWVubkMv
|
||||
UjFLR3hxSVZVajY0WURiUklveHpzVVkKUwCaBC10Iq931J1umHA3xCWfi1mrmTAx
|
||||
vaJiadYqmMSwYk8g5thQ4jjweh133nL1AdxjmAZOVPgYUr6rmcRfXA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-10T22:08:33Z"
|
||||
mac: ENC[AES256_GCM,data:s0GsJysfnqxdLi99gBsTlE7kZ3prTrhCuCtgp3HD3d41r1mMxQ7F8NqBm1jBc5vhYHcHQgS/YfSQ1kM6+RDXN2dZ5NMzchyXtcq9h7smEKxizRbIx0PSoBZfnxR4LTZfBDi4LUBPVVSjb6A+7FDcfXAp+pM/ciuxmvNH9965Xws=,iv:zHiROdgHavc/sCH7oV1cm0JpSBRjxj8QR6yUZzK/fAo=,tag:2TeMi2a71YOawddL/EeJSQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
@@ -1,175 +0,0 @@
|
||||
users:
|
||||
#ENC[AES256_GCM,data:2KeaiyOl51RB,iv:BGqlx1jzOWgG1zaxGfDtWfpbrgFCgAiTbPPMHoRP6KM=,tag:VhbvcwxV561iB03zIhvPQg==,type:comment]
|
||||
xll: ENC[AES256_GCM,data:Y9jk/9yKwYiUeC9h7NkNNRYllyakXco108J8ZPLYQT+u7NsIMZ4kw27IjV4ytwH3k5Xid4jLKEsmKayNAW7kPNdbFfACcugL7w==,iv:cDtPmsHefigsqJZMPqOReVj9YOOgDXQhmulUHYUqYfo=,tag:8SS8dstzuon6f3y4pVA+wQ==,type:str]
|
||||
#ENC[AES256_GCM,data:fptM8gt/IHBZ,iv:gX09x6/ZRXIXG0wOFBUCj6ZtMaTXebcSzvFMsS8vxcY=,tag:M5KFPF8Gmsd87lQ/hqhXnA==,type:comment]
|
||||
zem: ENC[AES256_GCM,data:w0797tV3yFqXbZmhB48kvxK1SJCAFpIjgja2sai2YQB2Z3ELJaQMTIsmgI6p85m/Q15nzFVPdEAsxz6ts3eskRttOSw9mXeNyA==,iv:D3yesKHqbhab1Zk5ZKAm9sKi5KXVt+0JD0pOO5VgptY=,tag:ySURHTqQc0Rxd2u1igZ8Kg==,type:str]
|
||||
#ENC[AES256_GCM,data:XwSZ0w8UgIgR,iv:i4tBBEC/lagRmk7AbzFFjDEnKOzxObkTul/wc+tyyXA=,tag:EKrU4YZ4iOaXpbn/lrZJlw==,type:comment]
|
||||
yjq: ENC[AES256_GCM,data:Oy6b2sl59z2WA5/ifzJoq1KHzvbo+Izwac7yInRPGURxymUU/KvwW8p/XXIJsKkd2BjNaYkdELjNVrhTFd/tRhK+mCy8GSK4Lg==,iv:AGVSFIyqI5HNA+5e+ME3FKKoYMS4MCi4gjaxknord1A=,tag:ayLj6n98F2r62WdDqIaE3w==,type:str]
|
||||
#ENC[AES256_GCM,data:H1WyypgcuhcF,iv:mw2bcXzisgxeUIw6zC4nwHPhsrz5XNIsL72aGyEwyX0=,tag:A2Cb+DuX0BM61TK6/nWEgw==,type:comment]
|
||||
gb: ENC[AES256_GCM,data:ZfcJtiEmdZux90Vqn/L8oq16C10rfRPhxX+FnskJ/+OfdAVheEt9IeIdXpkVfIXU68rIBhDFI60Andm9gmddqoQqHhBj/W9gAA==,iv:fyCkc92YxeIumHODfOU2PWpVfeDJ8RKxKHRfFUYGF0g=,tag:cIn5rZSN8fONNz2GNSUOow==,type:str]
|
||||
#ENC[AES256_GCM,data:5q0u/KpWah5X,iv:FiMDektaHAFHenCT89skQ7gQgoMHdY8BtoyEv0L3npA=,tag:tNtRbpY2bYIUVjLx+IwGvg==,type:comment]
|
||||
wp: ENC[AES256_GCM,data:EcAOCjsqNFzRQtgjgtLn4X7G05cTN/SCmEGCtV/DRISj20Y3kMzbOSmtJoeII7mVA1WITxjhyBXX7abFjD80sZMGF4Th87kXiA==,iv:er9mbrz3F81vHLGPNYiyVO80hOXI3ZjFUuJbMaYWNeE=,tag:le7Fw45V0pdkHoXywdjFsA==,type:str]
|
||||
#ENC[AES256_GCM,data:bh0mHOovPAba,iv:doFuGvLagS17tgNm28J+T1qTvXAzPsenVN3heTDkNts=,tag:e0lsqlvXVk6lDqe1xGkemQ==,type:comment]
|
||||
hjp: ENC[AES256_GCM,data:agAmi5i8cdAC5B75E92PbDGG399AJyI87zbgErtYxM5CHLTBxPjAfqLLEAHTdRbfo53wHQEbG4/fFkunwrHrCdspKtsuFrK4xg==,iv:m+MregSzL5EsuNW/oiJXJIFeq4n1CAaQQV9AKId7rxg=,tag:nOI//Z/4gBfB7F2jwX7cWA==,type:str]
|
||||
#ENC[AES256_GCM,data:jHalo04u3gd+,iv:RjIwI0Kqmy0uVTxRRu1gNG/2eZXnl7iiuC9KOSV1RfU=,tag:Jvza//JVEtLwdtYk5+sY+Q==,type:comment]
|
||||
lly: ENC[AES256_GCM,data:5ZHy3nXe4SoGi+hu+woQwB/h7HyLdDlE6fkO6FXttEW4ZaBjIqiXOz2M9XMTmcMih9S7fGJPXDBD76oHGVY5W5ytyi3i1wyaFg==,iv:RWhQFYAIs5AELumViQRTsVPNfsV59zQYDFVX+DZpPrc=,tag:R3E1IBUAN7XOjrwNEwjZ5A==,type:str]
|
||||
#ENC[AES256_GCM,data:fz4CpQWCXmHX,iv:8UexUxCvtcmk7S8qPdKd3jxro7PspCYX6G7ujAEQ7HM=,tag:LgyieyMQ0zZLD0EW+POeoQ==,type:comment]
|
||||
GROUPIII-1: ENC[AES256_GCM,data:WfdbkyWIDl+lD3xPC5TMBQ+U2hIjHYyhNhnZ1PH9uowSdRCqoPAJ2GS7X35WrlrgTl67ByaTwhXP8r9LR7eL0YwdivTL/wxOXw==,iv:OBaEPQVBeShs+UH2BBIBLGT44tPiVyQ8G1ReZ4jALH0=,tag:SnwGrb3eI57rJUoqE6HR0g==,type:str]
|
||||
#ENC[AES256_GCM,data:OWTTbVhXIxSp,iv:GP6a2S9XdQ0xzTBQ91zkEgrNMtY1WVodTH/F/wh/mqU=,tag:6nzpvk9RFsAJxaL0Qiau0A==,type:comment]
|
||||
GROUPIII-2: ENC[AES256_GCM,data:NMnWdKTGyK9AhrmzdDaxgzeFbbc0TGPlfYzOr7g0zexxBTjyJiwox9thEglkkyA23e5GgNs6zObqUknZT3M7/epzbQDoSQYCmQ==,iv:+nSj1P2LlME48VjSF1t2ziPkhgKiDlLkAaL+PBCV/hU=,tag:41YqBFHAbfrmbf3kVC45CQ==,type:str]
|
||||
#ENC[AES256_GCM,data:0QMjEtxrhSj8,iv:YyMHdZTx/OViWBZ+1CGGAwaOLlqR6WdrKG1g44sZGYE=,tag:N5uMwbWJJF+DGiopdYm2Mw==,type:comment]
|
||||
GROUPIII-3: ENC[AES256_GCM,data:c+HRdDZPugIVI2vmuOlorhjZzxS11c6CJiZ3ZEwFFHfIoIUmGsXoRPGraJ0BjI3W+XZbI6qk211yufTgXLVj7nOVi0PW/9mteg==,iv:H8DlkTjkL/f6Oa2LG3dHRsJuWkEqokUJ/mjMyDnEAc4=,tag:0QmUyfAbYnn7vs4AdwQtYw==,type:str]
|
||||
#ENC[AES256_GCM,data:F347rPlEQZyz,iv:VlbVlc/tFmmoe8lVDza7ZJgHavZ/1NM9mK3KZNVrpbk=,tag:iRdvv0ajtgrJgMe87vBFfA==,type:comment]
|
||||
zzn: ENC[AES256_GCM,data:P76cGOGJK3B7Z3nxZ9BlvvyegJ+4JX25kax7/Bj/0VKsH1cGEfyvNbPH8qYUZqm+zUvqEoFNZKWM4+IQKO7Zo9IXCJhGItL1Nw==,iv:e9lnHecgzSrHJkxumRpKGHzGlYbM5Yov4F4Dd4fIqrc=,tag:G7Cr7d1KZfldzYNRL1eSpA==,type:str]
|
||||
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
|
||||
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
|
||||
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
|
||||
telegram:
|
||||
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
|
||||
user:
|
||||
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
|
||||
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
|
||||
maxmind: ENC[AES256_GCM,data:KfTXvxX4zzXBfNMPmZY1z5jTHTByGfH9qEo6EUAQqZ1JOtNUomOWNQ==,iv:KcexOWAXFhWfli6bAMZ+61x960trZ3iE9UYMuOtJNms=,tag:reuuIe6MkONpeT44U6yUjQ==,type:str]
|
||||
acme:
|
||||
token: ENC[AES256_GCM,data:DrNdcyf2tiZ5nmjYmsG13V63ZuZhNG1c/kkGM7eXQWvRvDbu37nKWA==,iv:xc4gtNvZ/BYG+KmT1XgFfG3Z17bBLURazG8tz4/laxE=,tag:khnYVQWjiiaQC9VsJyLV6A==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR09MUytUL2h3cWlIanNF
|
||||
VWd6SVNWOGVlVVpGbGtyQWxnZlk0cEx2TFJzCmhtbGRFcDdlWDAxU3NneXloSS9U
|
||||
WXBtQmg4dFhOb3J3bThCUDliUmJ4NVUKLS0tIG1uQjdiODdHWVVrVGIwb2lPN1V1
|
||||
QjVyWFAzQTRDWXMyMXdUNytKcy9abmsKZ6maa6DoKPkDAYXGLVoLWIi3fzzs1SVF
|
||||
C/9y2PG/j7F8Pd4hUHl7ILWN/VNbYKQwGYp59+kKeAzeSHkJeTTKyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaitpVkkvNEFOMEZXK2s0
|
||||
Z1o0UTZ4NFRrd2NqNzhNVWhncmdWWDlzZ2swCkthMU50WldYajN1eEZCRVRUZ2d6
|
||||
TU8za1R0aUdCV3hZaVlIRE01UHdYc2MKLS0tIFNWcFdVWGc5dUVtWnVVbGh1WFVU
|
||||
UzFsYS9tL0xNeDBmQWIrTVB2MkVtdVUKjMADWap5h4NGj3ESamUHz3+8AtO2sOL6
|
||||
wFm/sTfEuhFqO8bodtBXB/veQOrr97Dw8PhO/6CO5JdGTEyFIZ3DoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOFprRWZQaVpMQkxJN2Vw
|
||||
RVB6QXN6bDJPcEt3YURaby9PZm1FZHhDRmtZClBiV0JobHZRejhWVzhOZThRTTJ1
|
||||
UE91bzdWMjJvYllIWXBmQkNReThIc00KLS0tIGRLa0V1b3ZWSVQzc01sUlBMVzBz
|
||||
blZyM0FpelBoTE5Ia2J3S2c0WE5FcVEKKTJ5jzNLkLixv+8DlcTrR9sWs6GihPG6
|
||||
x9w/Zu5H4DK9EVFyksTujRZZMI6o4lHzl2VIrgkTNQUwIPtsqo5KMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQWwvbXZoNHFxM1Y3L0pO
|
||||
cDlML1ZWWXppeWxaZjZwOFVvbHNubmxEYUI4ClB6Wm00dTRFUE8xTFNlUmdacjFU
|
||||
VGNiMFk1SHpOVnJ6RWdyVXk3WGkxZm8KLS0tIDFnamZqa1VqdUVXWFN5YW5CNGhh
|
||||
UHc5bCsvVFV2eDlLR2Q3STFCQXpZRzgKSVvG8HcDtBJAh8iNrQd+UKbgs/k5Yf2t
|
||||
KqMdODturfudk8QJn3pR97essszrsK/HS4yptp71bBSj3qK50Lp/rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Rkc2MVhUc0tTUkNsenQ2
|
||||
aVM1dG9MSVpwaFloU1ZRWmVsaEtYVGY3NlFnCm5PM0VpWVFKdExJbExIMnZ0Tmw1
|
||||
eCtVdkRpVW9lcFA5bWwwbWNaYTMzejQKLS0tIHA4MTd1anM4NWtmQUx1cVlsWFVQ
|
||||
bk5iV2xRazdoZnY1dGhKSGFFdUFWY3MKGoxBih7fDQoZFxj8JjiRAl8D3/8xWBeq
|
||||
RS/8C6v+/V+Afnv9QN6uYt0l4YeGn8tv1TRNWXHZl0A6DFjzouwhZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2hsZGExRnFaclpUNEdr
|
||||
bkJJM2gySmtzUlVmZWoxZ3pST2l2dGtCdnhnClNWeVZqWTJ1Mk1pMGZCaXppU0lY
|
||||
RUtlT3YrQmZuVTZ3TjJYMlhGMTVMMncKLS0tIDJsaVQ3aHZIWHhXOFJ1WmpQUDNk
|
||||
SjBSRm4wWjhpUzFmVUtwdGUvbmVIV0EKzgfa9i+VJLPvBRrFbNavZtG1hK6jazoD
|
||||
WHkWedx4AUUJQQlp12Wetj/0yY9jF3BLv/wvEAusq6Z4dO2aHr3sRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcWFOcXAyYjNoSEhLdEtC
|
||||
ang3bHJ2RmtaL2RManE0K3B0elg4aHJmODB3ClZLSXA5MmhVT2ZZSm9KSUlod3BB
|
||||
V05lT3h0a3NQZnMrNERwNk1LTHRiVlkKLS0tIElESTNEVUpZbk93WFpXNnRTYzY5
|
||||
K2tkMlVCRnBKdVRzWk9aQy9kUUx3L1kKNO9LsaJDfF0v/XCMYV0lmHLFakbVjj+H
|
||||
wGJZQYgu/sETDZQVMeu42fQ++IKElmpfq2/o6+gM7aI0RxLqnBryfw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYnBzd1k5UEhXZ0wxSU02
|
||||
elZkYlhDWC9CbWFkRlM2bCs2dzNTSlk4TUJnCm1WVnVxaUYwZ1QvNHJRb29ER21P
|
||||
UWhOb2tETWRJR09Sb0l6VXRMaU5KZlkKLS0tIFA3TldTUmJ0Y0xJemJPS0wwK05D
|
||||
SHVXTGUraDE4anJOZFFuaHBKV1lMSWMKemZfKWbI0YR4QuR5zqvGKSnU3HzwZHvo
|
||||
DJ9u2eq7R7OwtDscn9qCwPThORxLMWdI3n+3+XVwAysqW2efrvnGgA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOFZQZmRHVUdjTXpDbFFm
|
||||
SGt1d2lmYXVZa21iSFhMOTUzMmRIU3BIOUI4CmFvT1BMZmE1eC9tV3dJbVJ4ME8z
|
||||
N25hc0NyZmtMbGFxYmtPSkFkSGZ4bFEKLS0tIE5sUFBTanJONjhtR3BnYjVYdlYr
|
||||
NVZNeDFJOGJIdFlacE9LMmFuakZYUkUKmuK+ogCs3WH9TiGiUfRZ9L98aqRli91A
|
||||
1xHYMJOc5FwI+jaHp1m7nkn+egIOmKvyyejI2ZHQ84tItS+aoiI0bw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRHdHMFAvRFRCNmNES2R0
|
||||
Q3ptRDVrQ3JHaXBxSUlldVd5WUNFc1ZQeDBFCnNiMFErODJhbk5LQ1VGd01oU1N2
|
||||
eXk4Q3VRcUNNWURDUitUMWNOQlJaeWsKLS0tIDRKQ2M1Rnpla3o1NTlCeC9wbGJo
|
||||
cGZxcDUyYzZBMXRpbi94RkcvQXc5aDAKrHpvCDpECN5HS1qeNoiOwKWpT46bLQBd
|
||||
404XgHar20AswgDIjAMp5KJ1pkluQ9j5pVKNFjqJ+9sb3RLYM7Z06Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3RhUHBORW1BNFh5M1c0
|
||||
QlhmUDY1T0ZmN2dGaUhLOVkxN2NiUklBU1hVCjY0MXBoNmw0ekpQYlMzdFZhNFA5
|
||||
NE9XdnlaaGdiSU1BYkRvcThaYmpVcTAKLS0tIGk4UHMwK20yQ2w0N0hoQnZYK2Fk
|
||||
czU0M2dQbU8rMkZJbEJaZ1NhcE1yZFEKUWe5IaDuPjfQ/m76m6DdvF8HWmDiVH1k
|
||||
IQk6sIJfbcINGOVP+JYGJPWgq6LGg1EdW4ONctosVk6kxRO30N0rVQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YXF5aGRobkFVdFQzRFBp
|
||||
NnhvdWtxU2dxa2s4d2FiYnBrdmMvakU1cFhvCnJ4NWVCc0t2ajFpdWVMM25XUnE4
|
||||
a3E3N0laOEYwNDBNdTc4WjdZR2R3M1EKLS0tIC9WRGpJSUhhM0JGZVJWaHlvSkRH
|
||||
bXErdTlYQWh3cmZITWxIeDYzaklWbmcKKG08GymtessnDUfg/AgmQh9eyJx25Y+c
|
||||
RyhAdNl6Lu2Hv7e/oqr23SmwFuhzgPl6eL8t1Nz3s1KraShZazjpQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK2tkZXZkYWZWcEFhS1h2
|
||||
YTk2N3F4L3AzNzdmZXhLRXpOLzlRa1NNSXlnCjRNL3paejlRUTZrVEFwdWdzRzVp
|
||||
NVFReGwrZk9IdVhQSnFzK3lVMWRPOTgKLS0tIGs2azNoQm51ZDZrOEJDbEhRVTFu
|
||||
aVdEZ0s4SjljZFc5ZTJwK3ZON3VlRVkKB1apktkRqW0R/Epn3bZf/Aym5evUmxm+
|
||||
TLkJxTT6TVcgjobcpFvMmI+pqRWfh5Opj9a9lSe5QvsXxdgOs0mvzg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlhIdTdtNkpZU3Y5T1Vl
|
||||
WjZXLzJYVDdweFpITEh6cmszOVYrZWI5eTM0CmNSTnd4T3g0dFNiTDNCM2hEOTVo
|
||||
OS85R0VqdEZkTlhGWFNRZFpXZGlWTFEKLS0tIHQ1YWJrZERJUlZwZnU3RThucVRL
|
||||
NHdwcGl2Wk11TFdCd25OTE1nVDNYd2MKOxa2f7bFgFE2zCR1kKtC6giQhr1P79W0
|
||||
MKxil/x2T8rBNkK6sN0PjkphKdg9LVit86ilHPwTgnkl9oz8Cs6X5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL1ZjRzJNQVFNekFUVlQv
|
||||
SmJWMDRZMXNDaTNNd093b25kSk5nTDg0K244CmVLK08xKzlleXpWblRkbGZVMENi
|
||||
U0NGVVhycUN6OEZDNjFBUndSdnRLdE0KLS0tIHJEeTVIY2xwZWdqdG9JRVhsRENq
|
||||
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
|
||||
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-06T01:03:09Z"
|
||||
mac: ENC[AES256_GCM,data:9pJpUNzMogdijzFpjkCw4wEuOGn8B6Q/sKqzA6Pq73fp42t59BbdtK6ClTWqDRUG5MMmLVXYqdlrjPeHeRtXuQ0USNNFY6jC/p35/gB/+Gh+qqLY48YtBPjsV7aYkF8bVhC8EeDZPXvw6Hz5r+e1crVxcbOjk1uFXFVdoDGgsuQ=,iv:0QKuxk9WvCgLMJCNkX0/S/YonY/bmTvvN27DKcZGzv4=,tag:S9S/J57/GHjmVLJhtLDqDw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,106 +0,0 @@
|
||||
inputs:
|
||||
let
|
||||
devices =
|
||||
{
|
||||
vps4 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
|
||||
};
|
||||
vps6 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
|
||||
# 通过 initrd.xxx.chn.moe 访问
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
|
||||
};
|
||||
nas =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
|
||||
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
|
||||
extraAccess = [ "ssh.git" ];
|
||||
};
|
||||
pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
|
||||
srv1-node0 =
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; };
|
||||
srv1-node1 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIFmG/ZzLDm23NeYa3SSI0a0uEyQWRFkaNRE9nB8egl7";
|
||||
# 不能直接访问,需要通过哪个机器跳转
|
||||
proxyJump = "srv1";
|
||||
};
|
||||
srv1-node2 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDhgEApzHhVPDvdVFPRuJ/zCDiR1K+rD4sZzH77imKPE";
|
||||
proxyJump = "srv1";
|
||||
};
|
||||
srv2-node0 =
|
||||
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6"; extraAccess = [ "srv2" ]; };
|
||||
srv2-node1 =
|
||||
{
|
||||
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
|
||||
proxyJump = "srv2";
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
config =
|
||||
{
|
||||
programs.ssh.knownHosts = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(device:
|
||||
[{
|
||||
inherit (device) name;
|
||||
value =
|
||||
{
|
||||
publicKey = "ssh-ed25519 ${device.value.publicKey}";
|
||||
hostNames =
|
||||
# 直接访问
|
||||
[ "${device.name}.chn.moe" ]
|
||||
# 通过 wirewireguard 访问
|
||||
++ (builtins.map (net: "${net}.${device.name}.chn.moe")
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net))
|
||||
# 额外的域名
|
||||
++ (builtins.map (domain: "${domain}.chn.moe") device.value.extraAccess or []);
|
||||
};
|
||||
}]
|
||||
++ inputs.lib.optionals (device.value ? initrdPublicKey)
|
||||
[{
|
||||
name = "initrd.${device.name}";
|
||||
value =
|
||||
{
|
||||
publicKey = "ssh-ed25519 ${device.value.initrdPublicKey}";
|
||||
hostNames = [ "initrd.${device.name}.chn.moe" ];
|
||||
};
|
||||
}])
|
||||
(inputs.localLib.attrsToList devices)));
|
||||
nixos.user.sharedModules = [{ config.programs.ssh.matchBlocks =
|
||||
let genericConfig =
|
||||
{ forwardX11 = true; forwardX11Trusted = true; forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; };
|
||||
in builtins.listToAttrs (builtins.concatLists (builtins.concatLists
|
||||
[
|
||||
# 直接访问
|
||||
(builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
inherit name;
|
||||
value = genericConfig //
|
||||
{ host = name; hostname = "${name}.chn.moe"; proxyJump = device.value.proxyJump or null; };
|
||||
})
|
||||
((device.value.extraAccess or []) ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
# 通过 wireguard 访问
|
||||
(builtins.concatLists (builtins.map
|
||||
(net: builtins.map
|
||||
(device: builtins.map
|
||||
(name:
|
||||
{
|
||||
name = "${net}.${name}";
|
||||
value = genericConfig // { host = "${net}.${name}"; hostname = "${net}.${name}.chn.moe"; };
|
||||
})
|
||||
((device.value.extraAccess or []) ++ [ device.name ]))
|
||||
(inputs.localLib.attrsToList devices))
|
||||
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net)))
|
||||
]));
|
||||
}];
|
||||
};
|
||||
}
|
||||
@@ -1,213 +0,0 @@
|
||||
inputs:
|
||||
let
|
||||
publicKey =
|
||||
{
|
||||
vps4 = "sUB97q3lPyGkFqPmjETzDP71J69ZVfaUTWs85+HA12g=";
|
||||
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
|
||||
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
|
||||
srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
|
||||
srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww=";
|
||||
srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo=";
|
||||
srv2-node0 = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
|
||||
srv2-node1 = "wc+DkY/WlGkLeI8cMcoRHcCcITNqX26P1v5JlkQwWSc=";
|
||||
};
|
||||
dns = inputs.topInputs.self.config.dns.wireguard;
|
||||
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
|
||||
listenPort =
|
||||
{
|
||||
wg0 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name 51820)
|
||||
(builtins.attrNames publicKey));
|
||||
wg1 = builtins.listToAttrs (builtins.map
|
||||
(name: inputs.lib.nameValuePair name (51820 + dns.peer.${name}))
|
||||
(builtins.attrNames publicKey));
|
||||
};
|
||||
subnet = # 设备之间可以直接连接的子网。若一个设备可以主动接受连接,则设置它接受连接的 ip;否则设置为 null
|
||||
{
|
||||
wg0 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map
|
||||
(n: { name = n; value = null; })
|
||||
(inputs.lib.subtractLists [ "vps4" "vps6" ] (builtins.attrNames publicKey)))
|
||||
))
|
||||
];
|
||||
wg1 =
|
||||
[
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" "srv1-node0" "srv2-node0" ])
|
||||
))
|
||||
# 校内网络
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "srv1-node0" "srv2-node0" ])
|
||||
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" ])
|
||||
))
|
||||
# 办公室或者宿舍局域网
|
||||
(builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "pc" "nas" ]))
|
||||
# 集群内部网络
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 3)))
|
||||
(builtins.listToAttrs (builtins.map
|
||||
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
|
||||
(builtins.genList (n: n) 2)))
|
||||
];
|
||||
};
|
||||
# 给定起止点,返回最短路径的第一跳的目的地
|
||||
# 如果两个设备不能连接,返回 null;
|
||||
# 如果可以直接、主动连接,返回 { address = xx; port = xx; };如果可以直接连接但是被动连接,返回 { address = null; };
|
||||
# 如果需要中转,返回 { jump = 下一跳; }
|
||||
connection =
|
||||
let
|
||||
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
|
||||
# 边中至少有一个端点是可以接受连接的
|
||||
netToEdges = subnet:
|
||||
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
|
||||
in inputs.lib.unique (builtins.concatLists (builtins.map
|
||||
(dev1: builtins.map
|
||||
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
|
||||
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
|
||||
devWithAddress));
|
||||
# 在一个图中加入一个边
|
||||
# current 的结构是:from.to = null or { address = xxx or null; length = l; jump = ""; }
|
||||
addEdge = current: newEdge: builtins.mapAttrs
|
||||
(nameFrom: valueFrom: builtins.mapAttrs
|
||||
(nameTo: valueTo:
|
||||
# 不处理自己到自己的路
|
||||
if nameFrom == nameTo then null
|
||||
# 如果要加入的边包含起点
|
||||
else if newEdge ? "${nameFrom}" then
|
||||
# 如果要加入的边包含终点,那么这两个点可以直连
|
||||
if newEdge ? "${nameTo}"
|
||||
then { address = newEdge.${nameTo}; length = 1; }
|
||||
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
|
||||
# 如果边的另外一个点到终点可以连接
|
||||
if current.${edgePoint2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
|
||||
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边包不包含起点但包含终点
|
||||
else if newEdge ? "${nameTo}" then
|
||||
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
|
||||
# 如果起点与另外一个点可以相连
|
||||
if current.${nameFrom}.${edgePoint2} != null then
|
||||
# 如果之前不能连接,则使用新的连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 如果之前可以连接,且新连接更短,同样更新连接
|
||||
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
|
||||
{
|
||||
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
|
||||
length = current.${nameFrom}.${edgePoint2}.length + 1;
|
||||
}
|
||||
# 否则,不更新连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果起点与另外一个点不可以相连,则不改变连接
|
||||
else current.${nameFrom}.${nameTo}
|
||||
# 如果要加入的边不包含起点和终点
|
||||
else
|
||||
let
|
||||
edgePoints = builtins.attrNames newEdge;
|
||||
p1 = builtins.elemAt edgePoints 0;
|
||||
p2 = builtins.elemAt edgePoints 1;
|
||||
in
|
||||
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
|
||||
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
|
||||
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
|
||||
if current.${nameFrom}.${nameTo} == null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
|
||||
else builtins.head (inputs.lib.sort
|
||||
(a: b: if a == null then false else if b == null then true else a.length < b.length)
|
||||
[
|
||||
# 原先的连接
|
||||
current.${nameFrom}.${nameTo}
|
||||
# 正着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p1}.jump or p1;
|
||||
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
|
||||
}
|
||||
# 反着连接
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
])
|
||||
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
|
||||
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
|
||||
{
|
||||
jump = current.${nameFrom}.${p2}.jump or p2;
|
||||
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
|
||||
}
|
||||
# 如果正着连接、反向连接都不行,那么就不更新连接
|
||||
else current.${nameFrom}.${nameTo})
|
||||
valueFrom)
|
||||
current;
|
||||
# 初始时,所有点之间都不连接
|
||||
init = builtins.listToAttrs (builtins.map
|
||||
(dev1:
|
||||
{
|
||||
name = dev1;
|
||||
value = builtins.listToAttrs (builtins.map
|
||||
(dev2: { name = dev2; value = null; })
|
||||
(builtins.attrNames publicKey));
|
||||
})
|
||||
(builtins.attrNames publicKey));
|
||||
in builtins.mapAttrs (_: v: builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges v))) subnet;
|
||||
networks = builtins.mapAttrs
|
||||
(n: v: builtins.listToAttrs (builtins.map
|
||||
(deviceName: inputs.lib.nameValuePair deviceName
|
||||
{
|
||||
ip = "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${deviceName}}";
|
||||
listenPort = listenPort.${n}.${deviceName};
|
||||
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(peerName:
|
||||
# 如果不能直连,就不用加 peer
|
||||
inputs.lib.optionals (v.${deviceName}.${peerName} ? address)
|
||||
[{
|
||||
name = peerName;
|
||||
value =
|
||||
{
|
||||
publicKey = publicKey.${peerName};
|
||||
allowedIPs =
|
||||
[ "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${peerName}}" ]
|
||||
++ builtins.map
|
||||
(destination:
|
||||
"192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${destination}}")
|
||||
(builtins.filter
|
||||
(destination: v.${deviceName}.${destination}.jump or null == peerName)
|
||||
(builtins.attrNames publicKey));
|
||||
}
|
||||
// inputs.lib.optionalAttrs (v.${deviceName}.${peerName}.address != null)
|
||||
{
|
||||
endpoint = "${v.${deviceName}.${peerName}.address}:"
|
||||
+ builtins.toString (listenPort.${n}.${peerName});
|
||||
};
|
||||
}])
|
||||
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
|
||||
})
|
||||
(builtins.attrNames publicKey))
|
||||
)
|
||||
connection;
|
||||
in { config.nixos.services.wireguard = builtins.mapAttrs (_: v: v.${inputs.config.nixos.model.hostname}) networks; }
|
||||
@@ -1,24 +0,0 @@
|
||||
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' .#jykang
|
||||
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | grep -Fxv -f <(ssh jykang find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export | xz -T0 | pv > jykang.nar.xz
|
||||
# cat data.nar | nix-store --import
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = "haswell"; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
|
||||
});
|
||||
python-lyj =
|
||||
let python = pkgs.pkgs-2411.python310.withPackages (_: [ pkgs.localPackages.pybinding ]);
|
||||
in pkgs.runCommand "python-lyj" { }
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${python}/bin/python3 $out/bin/python-lyj
|
||||
'';
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "jykang";
|
||||
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
if [ -z "${CHN_DEBUG-}" ]; then
|
||||
hpcstat logout
|
||||
fi
|
||||
@@ -1,3 +0,0 @@
|
||||
if [ -f ~/.bashrc ]; then
|
||||
. ~/.bashrc
|
||||
fi
|
||||
@@ -1,45 +0,0 @@
|
||||
# This is really FOLLISH but it works
|
||||
if [ -z "${BASHRC_SOURCED-}" ]; then
|
||||
if [[ $TERM == chn_unset_ls_colors* ]]; then
|
||||
export TERM=${TERM#*:}
|
||||
export CHN_LS_USE_COLOR=1
|
||||
fi
|
||||
if [[ $TERM == chn_cd* ]]; then
|
||||
export TERM=${TERM#*:}
|
||||
cd ~/${TERM%%:*}
|
||||
export TERM=${TERM#*:}
|
||||
fi
|
||||
if [[ $TERM == hpcstat_subaccount* ]]; then
|
||||
export TERM=${TERM#*:}
|
||||
export HPCSTAT_SUBACCOUNT=${TERM%%:*}
|
||||
export TERM=${TERM#*:}
|
||||
fi
|
||||
if [[ $TERM == chn_debug* ]]; then
|
||||
export TERM=${TERM#*:}
|
||||
export CHN_DEBUG=1
|
||||
fi
|
||||
|
||||
export HPCSTAT_DATADIR=$HOME/linwei/chn/software/hpcstat/var/lib/hpcstat
|
||||
export HPCSTAT_SHAREDIR=$HOME/linwei/chn/software/hpcstat/share/hpcstat
|
||||
export HPCSTAT_SSH_BINDIR=$HOME/linwei/chn/software/hpcstat/bin
|
||||
export HPCSTAT_DUC_BINDIR=$HOME/linwei/chn/software/hpcstat/bin
|
||||
export HPCSTAT_BSUB=/opt/ibm/lsfsuite/lsf/10.1/linux2.6-glibc2.3-x86_64/bin/bsub
|
||||
${HPCSTAT_SSH_BINDIR}/hpcstat login
|
||||
if [ "$?" -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f /etc/bashrc ]; then
|
||||
. /etc/bashrc
|
||||
fi
|
||||
|
||||
if [ -z "${BASHRC_SOURCED-}" ]; then
|
||||
export PATH=$HOME/.nix/state/gcroots/current/bin:$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts
|
||||
export BASHRC_SOURCED=1
|
||||
if [ "${HPCSTAT_SUBACCOUNT}" == "lyj" ]; then
|
||||
export PATH=$HOME/wuyaping/lyj/bin:$PATH
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
|
||||
@@ -1,2 +0,0 @@
|
||||
store = local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log
|
||||
experimental-features = flakes nix-command
|
||||
@@ -1,22 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXlhoouWG+arWJz02vBP/lxpG2tUjx8jhGBnDeNyMu0OtGcnHMAWcb3YDP0A2XJIVFBCCZMM2REwnSNbHRSCl1mTdRbelfjA+7Jqn1wnrDXkAOG3S8WYXryPGpvavu6lgW7p+dIhGiTLWwRbFH+epFTn1hZ3A1UofVIWTOPdoOnx6k7DpQtIVMWiIXLg0jIkOZiTMr3jKfzLMBAqQ1xbCV2tVwbEY02yxxyxIznbpSPReyn1RDLWyqqLRd/oqGPzzhEXNGNAZWnSoItkYq9Bxh2AvMBihiTir3FEVPDgDLtS5LUpM93PV1yTr6JyCPAod9UAxpfBYzHKse0KCQFoZH chn@chn-PC
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWAfyfDFctbzJTiuK9IPw3yFLqt7vqd/T0/HoZfH/bzLZ8GVeod2oz6kjm3ns0IG94HO5vGMEmQfbK1ZKT2TqA7ve+3wG9seiwfh8xh7Xhl2AnaF0pjHEXnw+w8mTzxCv9qRhsgfHuuBVhH6PguHvk66GKjvNaxTJhlKAyNogOI3jLnw7ODFScldHbJlMYl1pBHV/G/Zeuq0qnA/pkeiFdvlsZUVGD0cCfuoHm8FCfEzv6pfkhVJUH0v5rof8GiT9eg7ntG49Gei1lkH5NosbY8f6fEKNSoOc0dm5g2FaI3D7LJixwQ6rMiJwmPb6A4oHmcJQKokU8uhROQorYLgV7RtrnHu2cHMRW6SiAUvpmvaPPcxn8CbfuSOGDhYRKxNJNtWRK08Urtq9tYD+Fpze4QoZXxN35uvsi3lMA55PK0AsTm/aVGslzHUUzgWtDxcI2pLAm9rFpCRPCY+UC1Xp5vjZoqZXwhJ81qZ7VXWTM2voxCrKAlu+Zg2FaQD5szOU= gb@xmupc1
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@xmupc1
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@xmupc1
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@xmupc1
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW2fx1Sim7X2i/e/RBPEl1q/XbV7wa9pmZfnRINHIv24MCUgtNZ5GHEEW7dvzrQBeRj3I7CAyK8fbuhv/l8HuDtjxJJ1fmcBp9UG5vfpb/UTxayJxHBRrwokp2JL7HKVviI6d8FcNa/T0CMoUNYXnel6dE3B78k9Q0dDxlOGS1MzgsP3Pn66lm0ww9FRAVHe+KkhFmwyQ1VHUxHgK4QjCIt7+9+PJE7fK0aVWBsR309pui7Pbm6mgd4d6mwiBeVvxsNGnI4DsO1hz4N2GapuQy19PDiG7A4H41Z5RYQnv/3XTy4TBXOFQm77v6pyGkCmG6BGnRdvMB6C0hWPJvudbsA/BNp4ApL7/CrwTdLp1z6ToAOLvKrUQAM+hcbJimnFVMXqz7iSYg99XTnzue7ncecp19XiaDJbM47bGXcT4nTO5XaiMYi2xGAHIrij5GIuFF5ymKYSp5ejb1VucMdKlaaAmS10+wdUcuT7tzX/IuVr5aqg2dsxT5aJCRhZ1k2V0= xly@xmuhpc
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRpyIU8ZuYTa0LvsVHmJZ1FA7Lbp4PObjkwo+UcpCP8 wp@xmupc1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRZp8xp9hVO7e/6eflQsnFZj853IRVywc97cTevnWbg hjp@xmupc1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh wm
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlBxisj3sU9QC8UC5gX6sakf7G03ybbkmHtD2cybuZA qmx
|
||||
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj23vbu7ju6x/yuXqnHFOLi/IOZgNl5oBhRlJekRL+FWMIwpPBA6MnbVNkHXvwu5kLXVTt0O9dhJfDiPPbYcNjOhw4o8aZMc0oEyz8xZgkPoIehHQda+K5vRhFnYCRgn2X92VY/dW1QqPJKEfN47Tsp00w8wyKixEvuJe8OBEoKDpiZYzbXJKuoKhCdMp0uMHMCojYuYP9rGZO6bHl7Q6cYotGx1jH2pe30Ujtm3Xbm44H1mhXr1K/lhcHfojSge8POqii+eaXSCzqRlXaWyvrL9JLaaRD7GfWDaRWSKDfN8Ha4mnUvRtObRMSLOnr2QOTLJw9QPnlDDxCd1q7yluKraccYnTQQP5JuBwkRqjuJTatd9b18Z14HffmXZNR7asT1sJXK1rWKeLTrZwqxpkuwLAnbr60PVwfMHZeZ6FVPXGZ4wQb22lFHvaZZCEJf+9QDXpDn5L59FlaBYO2Xwojj3s= 02@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc
|
||||
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat
|
||||
@@ -1,165 +0,0 @@
|
||||
# cp how_to_set_environment_variables ~/.vaspkit and modify the ~/.vaspkit file based on the settings in your supercomputer!
|
||||
# All environment variables are case sensitive.
|
||||
VASP5 = .TRUE. # .TRUE. or .FALSE.; Set .FALSE. if you are using vasp.4.x
|
||||
LDA_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/POTCAR/PAW_LDA
|
||||
PBE_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/POTCAR/PAW_PBE
|
||||
GGA_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/POTCAR/PAW_PW91
|
||||
VASPKIT_UTILITIES_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/utilities
|
||||
PYTHON_BIN = /data/gpfs01/jykang/linwei/chn/software/scripts/chn_python3.sh
|
||||
POTCAR_TYPE = PBE # PBE, PW91 or LDA; Set PBE if you want to make PBE-POTCAR file
|
||||
GW_POTCAR = .FALSE. # .TRUE. or .FALSE.; For example, H_GW, O_GW will be chose when POTCAR_GW set to .TRUE.
|
||||
RECOMMENDED_POTCAR = .TRUE. # .TRUE. or .FALSE.; The recommended PAW potential will be chose when RECOMMENDED_POTCAR set to .TRUE.
|
||||
SET_FERMI_ENERGY_ZERO = .TRUE. # .TRUE. or .FALSE.; The Fermi Energy will be set to zero eV when SET_FERMI_ENERGY_ZERO set to .TRUE.
|
||||
SET_MINI_INCAR = .FALSE. # .TRUE. or .FALSE.; A simplified INCAR will be written when MINI_INCAR set to .TRUE.
|
||||
USER_DEFINED_INCAR = .FALSE. # .TRUE. or .FALSE.; whether to use embedded INCAR templates or user defined INCAR templates
|
||||
WRITE_SELECTIVE_DYNAMICS = .FALSE. # .TRUE. or .FALSE.; the selective dymanics set will be forced to write when SET_SELECTIVE_DYNAMICS_MODE set to .TRUE.
|
||||
GET_DOS_FROM_HYBRID_BAND = .FASLE. # .TRUE. or .FALSE.; whether to calculate DOS using optimized tetrahedron method in the hybrid band strucutre calculations
|
||||
ADVANCED_USER = .TRUE. # .TRUE. or .FALSE.; Please fill in your settings in the block 'USER_DEFINED' if you want vaspkit to integrate your own scripts in the 'UTILITIES' file.
|
||||
SET_INCAR_WRITE_MODE = OVERRIDE # OVERRIDE, APPEND, BACK-UP-OLD,BACK-UP-NEW; "Customize INCAR File" whether to override existing or appending existing INCAR/backup existing INCAR to INCAR.old && write into INCAR/write into INCAR.new
|
||||
APPLY_SCISSOR_CORRECTION = .FALSE. # .TRUE. or .FALSE.; whether to rigidly shift of the conduction band with respect to the valence band of nonmagnetic semiconductors to matches with that of the experimental, HSE or GW value (default: .FALSE)
|
||||
APPLY_PHS_CORRECTION = .FALSE. # .TRUE. or .FALSE.; whether to make PHS correction during linear optical calculations. More details are given in Comput. Mater. Sci. 172 (2020) 109315
|
||||
NORMALIZE_ORBITAL_WEIGHTS = .FALSE. # .TRUE. or .FALSE.; whether to normalize orbital-projected weights in each state (default: .FALSE.)
|
||||
REORIENTATE_LATTICE_VECTORS = .FALSE. # .TRUE. or .FALSE.; reorientate lattice vectors when build supercell or heterojunction or not (default: .FALSE.)
|
||||
GET_IRREDUCIBLE_KPOINTS = .TRUE. # .TRUE. or .FALSE.; Control whether to generate k-points in the symmetry-irreducible wedge of the Brillouin Zone (default: .TRUE.)
|
||||
FACTOR_ENCUT2NPWS = 0.262465831d0 # Adjust the final decimal place (or one beyond that) of this parameter if you encounter an error message saying that “Error: the calculated NPWS is not equal to the read NPWS”.
|
||||
SYMMETRY_TOLERANCE = 1E-5 # Tolerance in Cartesian coordinates to find crystal symmetry, compatibility with SYMPREC (default: 1E-5)
|
||||
LATTICE_TOLERANCE = 0.2 # Float lattice tolerance for the lattice vectors (default: 0.2 angstrom)
|
||||
ANGLE_TOLERANCE = 0.2 # Float angle tolerance for the lattice vectors in degrees (default: 0.2 degree)
|
||||
EMIN = -20.0 # Minimum energy for evaluation of DOS (default: -20.0 eV)
|
||||
EMAX = 20.0 # Maximum energy for evaluation of DOS (default: 20.0 eV)
|
||||
SIGMA = 0.2 # The width of the smearing to calculate DOS from eigenvalue (default: 0.2 eV)
|
||||
NEDOS = 2001 # Number of grid points in DOS (default: 2001)
|
||||
GAMMA_CENTERED = .TRUE. # .TRUE. or .FALSE. (default: .TRUE.).
|
||||
VACUUM_THICKNESS = 15.0 # The thickness of vacuum to build slab or 2D materials (default: 10 angstrom)
|
||||
CENTER_SLAB = .TRUE. # Center the slab in the z direction; (default: .TRUE.)
|
||||
|
||||
# New added in Version 1.3.0
|
||||
MAX_ATOM_NUMBER = 10000 # The maximum number of atoms to screen heterostructures (default: 10000)
|
||||
MIN_ATOM_NUMBER = 1 # The minimum number of atoms to screen heterostructures (default: 1)
|
||||
MIN_LATTICE_ANGLE = 0.0 # The minimum lattice angle to screen heterostructures (default: 0.0)
|
||||
MAX_LATTICE_ANGLE = 180.0 # The maximum lattice angle to screen heterostructures (default: 180.0)
|
||||
GET_INTERPOLATED_DATA = .FALSE. # .TRUE. or .FALSE.; Whether to interpolate the grid data of charge/spin density, potential, band structure, etc. (default: .FALSE.)
|
||||
INTERPOLATION_SPACING = 0.04 # Determines the number of interpolation grids, in unit of A in real-space or 1/A in reciprocal space (default: 0.04)
|
||||
INTERPOLATION_METHOD = 'cubic' # 'linear', 'cubic' (3rd order-spline interpolation), quartic (4th order-spline interpolation), or FFT available only for 2D and 3D grids (default method: 'cubic')
|
||||
AUTO_SUBMIT_JOB = .FALSE. # .TRUE. or .FALSE. (default: .FASLE.). Whether to auto-submit vaspkit or vasp job or not.
|
||||
SUBMIT_JOB_COMMAND = 'qsub job.sh' # The command line to submit job
|
||||
AUTO_PLOT = .TRUE. # TRUE. or .FALSE. (default: .FASLE.). Whether to auto-plot data graphs in the post-processing.
|
||||
|
||||
# New added in Version 1.4.1
|
||||
REDUCE_FERMISURFACE_FILE = .FALSE. # TRUE. or .FALSE. (default: .FASLE.). Whether to write only the bands which cross the Fermi energy.
|
||||
WEIGHT_THRESHOLD = 0.00 # Threshold value of spectra weight in the band structure unfolding.
|
||||
|
||||
# New added in Version 1.5.0
|
||||
CENTER_DEFECT_POSITION = .TRUE. # Move the position of defect to the center of the supercell; (default value: .TRUE.)
|
||||
VACUUM_THICKNES = 10 # Vacuum thickness (default value: 10 Angstrom).
|
||||
UNWRAP_TRAJECTORIES = .TRUE. # Unwrap MD trajectories or not; (default value: .TRUE.)
|
||||
|
||||
#USER_DEFINED
|
||||
#Synopsis:The first parameter is the command-id,starting with 'u'; the second is the interpreter, like 'python/bash/perl'(Please left it blank if you are using an executive binary); the third is the name of a script or an executive binary; the fourth one is a switch, if any extra argv is needed, please set if .TRUE. ; the last on is the description, MUST use '_' as delimiter.
|
||||
# id interpreter script argv description
|
||||
#Example1 'u1 python get_entropy.py .TRUE. get_entropy'
|
||||
#Example2 'u2 hello.exe .FALSE. ls '
|
||||
|
||||
u1 python get_entropy.py .TRUE. get_entropy_for_adsorbate
|
||||
u2 python bader2pqr.py .FALSE. bader2pqr
|
||||
#END_USER_DEFINED
|
||||
|
||||
#+------------------------------------------------------------------------------------------------------------------+
|
||||
#| Customize VASP job script |
|
||||
#| Must copy the block from #BEGIN_CUSTOMIZE_JOB_SCRIPT to #END_CUSTOMIZE_JOB_SCRIPT |
|
||||
#+------------------------------------------------------------------------------------------------------------------+
|
||||
#BEGIN_CUSTOMIZE_JOB_SCRIPT
|
||||
#PBS -N name
|
||||
#PBS -o out
|
||||
#PBS -e err
|
||||
#PBS -l nodes=2:ppn=4
|
||||
#PBS -r y
|
||||
cd $PBS_O_WORKDIR
|
||||
mpirun -np 8 vasp_std > vasp-out
|
||||
#END_CUSTOMIZE_JOB_SCRIPT
|
||||
#+------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
#BEGIN_CUSTOMIZE_PLOT
|
||||
#+------------------------------------------------------------------------------------------------------------------+
|
||||
#| WARNNING! The character-type values of plot variables are case sensitive and must be enclosed in single quotes. |
|
||||
#+------------------------------------------------------------------------------------------------------------------+
|
||||
# https://matplotlib.org/3.3.3/tutorials/introductory/customizing.html
|
||||
# https://matplotlib.org/tutorials/text/text_props.html
|
||||
# https://github.com/rougier/matplotlib-cheatsheet
|
||||
# Advanced Features of VASPKIT Pro version
|
||||
figure_format = 'pdf' # string type (default: 'jpg'). Options: 'png', 'pdf', 'eps', 'jpg', etc.
|
||||
figure_height = 4.0 # float type (default: 4.0). The height of the figure.
|
||||
figure_width = 5.0 # float type (default: 5.0). The width of the figure.
|
||||
dpi = 400 # integer type (default: 400). The resolution of the figure in dots-per-inch.
|
||||
set_tight_layout = .FALSE. # .TRUE. or .FALSE (default: .FALSE.). Automatically adjust the padding between and around subplots.
|
||||
|
||||
# Global settings =
|
||||
figure_style = 'default' # string type (default: 'default'). Options: 'default', 'classic', 'grayscale', 'seaborn', 'bmh', 'seaborn-notebook', etc.
|
||||
font_family = 'arial' # string type (default: 'arial'). Options: 'fantasy','arial','sans-serif', 'monospace', 'cursive', 'serif', etc.
|
||||
global_fontsize = 12.0 # float type (default: 15.0).
|
||||
label_fontsize = 12.0 # float type (default: 15.0).
|
||||
number_format = '%.3f' # string type (default: 15.0).
|
||||
|
||||
# Legend-related settings =
|
||||
show_legend = .TRUE. # .TRUE. or .FALSE (default: .TRUE.).
|
||||
legend_location = 'best' # string type (default: 'best'). Options: 'best', 'upper right', 'upper left', 'lower left', 'lower right', 'right', 'center left', 'center right', 'lower center', 'upper center', 'center', etc.
|
||||
legend_fontsize = 12.0 # float type (default: 14.0).
|
||||
=
|
||||
# Line-related settings =
|
||||
line_colors = ['b', 'g', 'r', 'm'] # string type (default: 'blue'). Options: 'red', 'green', 'cyan', '#4c005c', etc.
|
||||
line_styles = ['-', '-', '-', '-'] # string type (default: '-'). Options: '-' or solid, '--' or 'dashed', '-.' or 'dashdot', etc.
|
||||
line_widths = [1.5, 1.5, 1.5] # float type (default: 1.5).
|
||||
line_alpha = [1.0, 1.0, 1.0] # float type (default: 1.0). 0.0< alpha <=1.0, adjust the transparency of each line (by default, alpha=1.0)
|
||||
fill_areas = .FALSE. # .TRUE. or .FALSE (default: .FLASE.). Fill the area between two horizontal curves.
|
||||
|
||||
# Marker-related settings =
|
||||
#marker_colors = ['blue', 'cyan', 'red', 'magenta', 'orange', 'lawngreen', 'deeppink', 'brown', 'dodgerblue']
|
||||
marker_symbols = ['o','o','o'] # string type (default: 'o'). Options: 'o': Circle, 'x': Cross, '+': Plus sign, 'D': Filled diamond, 's': Square, '^': Triangle, etc.
|
||||
marker_colors = ['#0db14b', '#4c005c', '#d93b2b','#0075dc', '#740aff', '#993f00', '#4c005c', '#426600']
|
||||
marker_sizes = [60, 60.0, 60.0] # float type (default: 10.0).
|
||||
marker_scale = 1.0 # float type (default: 1.0). marker_sizes = marker_sizes * marker_scale
|
||||
marker_alpha = [0.8, 0.7, 0.6, 0.5, 0.4] # float type (default: 1.0). 0.0< alpha <=1.0), adjust the transparency of markers (by default, alpha=1.0)
|
||||
|
||||
# Tick-related settings =
|
||||
#x_label = 'Wave vector' # string type (No default value).
|
||||
#y_label = 'Energy (eV)' # string type (No default value).
|
||||
#z_label = 'k$_x$ ($\\mathrm{\\AA}$)' # string type (No default value).
|
||||
#x_limits = [-8.0, 8.0] # float type [xmin, xmax] (No default value).
|
||||
#y_limits = [-8.0, 8.0] # float type [ymin, ymax] (No default value).
|
||||
#z_limits = [-8.0, 8.0] # float type [zmin, zmax] (No default value).
|
||||
#x_major_locator = 2.0 # float type (No default value).
|
||||
#y_major_locator = 2.0 # float type (No default value).
|
||||
#z_major_locator = 2.0 # float type (No default value).
|
||||
#x_minor_locator = 1.0 # float type (No default value).
|
||||
#y_minor_locator = 1.0 # float type (No default value).
|
||||
#z_minor_locator = 1.0 # float type (No default value).
|
||||
|
||||
# contour-related settings
|
||||
colormap = 'RdBu' # string typ (default: 'jet'). Options: 'jet', 'hsv', 'viridis', 'gray', etc.
|
||||
contour_levels = 5 # integer type (default: 5).
|
||||
contour_limits = [0.0, 0.5] # float type (No default value).
|
||||
display_colorbar = .FLASE. # .TRUE. or .FALSE (default: .FLASE.).
|
||||
display_level_value = .FLASE. # .TRUE. or .FALSE (default: .FLASE.).
|
||||
display_contour = .FLASE. # .TRUE. or .FALSE (default: .FLASE.).
|
||||
colorbar_shrink = 0.5 # float type (default: 0.4).
|
||||
colorbar_orientation = 'vertical' # 'horizontal' or 'vertical' (default: 'horizontal')
|
||||
|
||||
# 3D-plot related settings
|
||||
elevation = 12.0 # float type (default: 12).
|
||||
azimuth = 24.0 # float type (default: 23).
|
||||
display_coordinate_axes = .TRUE. # .TRUE. or .FALSE (default: .TRUE.).
|
||||
display_brillouin_zone = .TRUE. # .TRUE. or .FALSE (default: .TRUE.).
|
||||
axis_length = [1.0, 1.0, 1.0] # Determine the length of each axis
|
||||
box_linewidth = 1.0 # Specify the transparency level for the lines of the box or Brillouin zone
|
||||
box_linealpha = 1.0 # Evaluate the line width of the box or Brillouin zone
|
||||
|
||||
# XKCD sketch-style related settings
|
||||
xkcd_style = .FALSE. # .TRUE. or .FALSE (default: .FLASE.). Turn on xkcd sketch-style drawing mode or not.
|
||||
xkcd_scale = 1 # float type (default: 1.0). The amplitude of the wiggle perpendicular to the source line (default: 1).
|
||||
xkcd_length = 100 # float type (default: 100.0). The length of the wiggle along the line (default: 100).
|
||||
xkcd_randomness = 2 # float type (default: 2.0). The scale factor by which the length is shrunken or expanded (default: 2).
|
||||
|
||||
# band structure related settings
|
||||
disconnecte_band_paths = .TRUE. # .TRUE. or .FALSE (default: .TRUE.). Turn on disconnected band paths drawing mode or not.
|
||||
|
||||
#END_CUSTOMIZE_PLOT
|
||||
@@ -1,2 +0,0 @@
|
||||
#!/usr/bin/env sh
|
||||
hpcstat submitjob "$@"
|
||||
@@ -1,80 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model = { type = "server"; private = true; };
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/nas-boot" = "/boot";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
"/dev/mapper/ssd1"."/nix/ssd" = "/nix/ssd";
|
||||
};
|
||||
};
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
# TODO: snapshot should take place just before switching root
|
||||
rollingRootfs.waitDevices =
|
||||
[ "/dev/mapper/root2" "/dev/mapper/root3" "/dev/mapper/root4" "/dev/mapper/ssd1" "/dev/mapper/ssd2" ];
|
||||
};
|
||||
initrd.sshd = {};
|
||||
nixpkgs.march = "alderlake";
|
||||
network =
|
||||
{
|
||||
bridge.nixvirt.interfaces = [ "enp3s0" ];
|
||||
static.nixvirt = { ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
};
|
||||
kernel.patches = [ "btrfs" ];
|
||||
};
|
||||
hardware.gpu.type = "intel";
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
xray =
|
||||
{
|
||||
client =
|
||||
{
|
||||
xray.serverName = "xserver2.vps4.chn.moe";
|
||||
dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
|
||||
};
|
||||
xmuServer = {};
|
||||
server.serverName = "xservernas.chn.moe";
|
||||
};
|
||||
beesd."/" = { hashTableSizeMB = 10 * 128; threads = 4; };
|
||||
nix-serve.hostname = "nix-store.nas.chn.moe";
|
||||
postgresql.mountFrom = "ssd";
|
||||
mariadb.mountFrom = "ssd";
|
||||
rsshub = {};
|
||||
misskey.instances =
|
||||
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
|
||||
synapse.instances =
|
||||
{
|
||||
synapse.matrixHostname = "synapse.chn.moe";
|
||||
matrix = { port = 8009; redisPort = 6380; };
|
||||
};
|
||||
vaultwarden = {};
|
||||
photoprism = {};
|
||||
nextcloud = {};
|
||||
freshrss = {};
|
||||
send = {};
|
||||
huginn = {};
|
||||
httpapi = {};
|
||||
gitea = {};
|
||||
grafana = {};
|
||||
podman = {};
|
||||
peertube = {};
|
||||
nginx.applications.webdav.instances."webdav.chn.moe" = {};
|
||||
# open-webui.ollamaHost = "192.168.83.3";
|
||||
nixvirt = {};
|
||||
};
|
||||
};
|
||||
systemd.tmpfiles.rules =
|
||||
[ "w /sys/class/powercap/intel-rapl/intel-rapl:0/constraint_0_power_limit_uw - - - - 10000000" ];
|
||||
};
|
||||
}
|
||||
@@ -1,108 +0,0 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
|
||||
xray-xmu-server: ENC[AES256_GCM,data:3O5rFi5szla70M/c62JV4nGWKPSOREImrOucjeVYf9bde6K8,iv:PGCqlmHtaNuWOtAAeJ6O+CWFpMszijozU1OpUFrftjs=,tag:iGTOoNvQhhZy2FL9jy1KIQ==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:gToh4rgMOQ==,iv:A14sSC7ExbSZNOzzz6mOmWalSz9K6ROoSYgCqdF7j4U=,tag:1Jr2FfVQ9L2w+bWHh/NekQ==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:/ZrgvlpwDlKhcHqkBRsdqqJsNUxtb3ZnC36mc8qlJ+HP4mY3,iv:R5QzXY0mC72TDB0OcF4fJt3bc5L1Z96Q+n9kNbZP7m4=,tag:tjWSEcsG0udvQZZJ/RMTJw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:34FOslwr3AZNDg4YrS95S20agGXwGJRNGnpogMR7utbt1ELUxfQkiAU1qw==,iv:4fiJCi6TJM+NIlfI1qFX/eCNhcVaCWGsLA7iMjQpATw=,tag:eLz8HlQMprQNryk5saqyVQ==,type:str]
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:zr02XBgQ4H5jRnjpLtp9rjcysXP9qI7McOiBwaWhdylu5GevKmxlCd4h3pEUO74k+gJT88BzJ+S59P+6DS76Y5nlKqextGMzGjdq5XPkdDkSkKZBai2kkqBSyko=,iv:hyhroaDazMLFeLMGruiFeokZ2Tz3xKj+xCsiEUJ5faQ=,tag:w3805eqo6Y1pw65mjoRgOg==,type:str]
|
||||
nginx:
|
||||
detectAuth:
|
||||
chn: ENC[AES256_GCM,data:5kGvlFB332xf+PQCDmJ+EA==,iv:/BQI83lMdzmycQCe0k6Y8bwqV4Ma9vqgvgPWWqVAr1g=,tag:61AhVVNUx8+b55DkIjVifQ==,type:str]
|
||||
led: ENC[AES256_GCM,data:XFlK2jjo,iv:rTCHmoFU4S++eBywCa7NXsAmSqcSgCFXxnW0RyFA2a0=,tag:aK5IejgS060FrxQfmdxohw==,type:str]
|
||||
redis:
|
||||
rsshub: ENC[AES256_GCM,data:r2O88tXccKZw68Jg5tvUcpwf6y8Vs1kcZ7XbAReJ7aGyGH4MH3jTO72Hs7vh7185IUygXri0M2C6Ko2CY3gaLg==,iv:ZYbSqlcnga+JnC5Dxt2cTHiGTlkndSAB550ilSO+P1U=,tag:PgrW6H276sSvYe3NA6o/vA==,type:str]
|
||||
misskey-misskey: ENC[AES256_GCM,data:Up0Q/4MjyCdXyL1EVoXbmW0J3QJCx1PlhClXSc2WpBNwpSfgmoJceLoXRbIs009JVjhn5tt7LO6EmwKiNc6yTA==,iv:myWj8+exXtg+t7Fs+ZPOLJXWtKEu0PyhTw68i7rnuTQ=,tag:WMpj06Swj3pMbSXgM0bNuQ==,type:str]
|
||||
misskey-misskey-old: ENC[AES256_GCM,data:yLVCQaElMWBdVnKa9hBNEnSxfOx/582SoCDpQM9QjEgWzYOmPIVoRsTAs10Gsw3PezJW54S+AUrNg1mV0f8Nwg==,iv:xYXQt2CsZyymdKMIoqKLzLeTMNff7RwGzBGDfBOoxlM=,tag:L3V+AZZyOJow/Sf1RzD38A==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:/wv5hG7cmHz8S3d411cGxFY87MNmo/6V/vXJsWqYr4afoVLMlqUgpf6ZkSPcj2PKBmB/X+RR1s/Mus9RIJKpzw==,iv:WMdKp63LsMyOGheurm6bM4qUUNVe3/WmkvCQ8PWxqoo=,tag:PHjeJ052LtCqerED4bgACQ==,type:str]
|
||||
send: ENC[AES256_GCM,data:5y0GGNdmVzl1Ro4bv8rab9dgmIOgNQBPPF02HfpOn/ctbSBzi9c96TJeIbDJVS2tN4P2+hSgP/XOR+hoM9prxw==,iv:4xf0b1/1f9vyVlQtIGmX5Ea/xNPyjXmA5/vazf5sOZA=,tag:b2211wLiDTvPKqRA3IpzOA==,type:str]
|
||||
synapse-synapse: ENC[AES256_GCM,data:3lSmLz+sO9fwomeb/NCTlSRwpbegH6g1vp0qKg4G/hnWsKCu2mK6TDhQbLCSDQEagw4oBDN68yEBQ0C0tvmd3w==,iv:9rrv3XvB4ELcZhdi2KNxnYFw+XH96U4SM0X9ZSGp0KA=,tag:Qn8FdMMOaDeB9Wb11F44xA==,type:str]
|
||||
synapse-matrix: ENC[AES256_GCM,data:NqDKomSPI6UcRDAjqVapBlmXXFHdHYS0w3jvJ4oQCvoeqYvNalkD009A6E6Br3w0/FGEKJQeTBI2MkYLlHAWcg==,iv:o8TDqzRDQCi4+Kv82BSTRyB4Y7mKhxM3c49hEbQuQmw=,tag:6RCKWwxC5Fw5N1QD/5UktQ==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:zzRRyCbXsqVVxDvS8kpBbOyozqi24d6G9K++/ToLQyt3TumefTssNehljNsb0oqsmZBLgLhND0T4WDhMf9//Ng==,iv:yDM/LREKnBW8noRzHPIdqg0TvmWAfxmVOplZkY8MSro=,tag:19uoxbEdGPOIzcQqm31H5Q==,type:str]
|
||||
postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:mcJM5hgd6Y6MjphFuH20QHU1zxPVnrd5CG3rwX3CekxpM4NzElhkD0pcWM0eTxbNQCM4V+lmjAvaQzBS8T9Mzg==,iv:eC2/GyNcZK31jxLYfRRw4l0aNhz1kcsjE/w4Y/P6ydQ=,tag:hNC2Fj327+O8/4/5/riTYw==,type:str]
|
||||
misskey_misskey_old: ENC[AES256_GCM,data:z4C8J2dAu6OhtRzkHGLb1u3pUGeRuTF1EHzjduO45zF9cpMufIs52u8vhzwmrEXm7bJP2lomyFtQRWNPqtPkVw==,iv:QA56d2wcAseFuhI+lgR5Op0TbKrzs+1Cd5v8/0i8/gE=,tag:Df63HfuHZhDn/0SL2/6fdA==,type:str]
|
||||
synapse_synapse: ENC[AES256_GCM,data:4Em7JbATF0Rs8pLjrVT9ZIxPaqecqxCGUtQPie69XWZIVuB/4AsmhPe4WmyJ2jPPmHBdzPHHLwQbd3ryusMzsg==,iv:49JsSMnsZzROuH5mXxMVEbkFOp0uf8gsps02vAH1Ovo=,tag:63LjUCFcnhqUsWqn/hDijQ==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:qP5i100QGGHbYLbmgI29eU1vjx3S9zAAJ6SuahykqehFcowJMG/x9L4VCfw8nMmvoDZDUDvOKsE/8XH6tJ8c8g==,iv:f+yahEvIwdchADrtQsX0EllR6jGzqLA5zwnnAaUjnck=,tag:Iy5JbgktJSoUPszcinb9vQ==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:XBsqWgTwAMMQ+aZVf91w343yqL7a1xEswc8CeC0NWsM/ZwabQfYeToVDKlQEGnItuyBRZfhSzH+EUsF7pXDB9Q==,iv:OEoqECAOuyJ0wjsaof8GFYaftEv8z7vH64RWlGHU9XI=,tag:nFoMasHkPawFxiLvclsP6w==,type:str]
|
||||
gitea: ENC[AES256_GCM,data:7afp3qF0jU+aGOktymlk4iDaK2EuYjLD0QcMQA2Nkxf+ac4PQFb1g4rsaPcxuNLn5ZFueq6QXCVUTPNdEeCJNA==,iv:OjNWbhRoi5fvVY8dtkoHWIPO1frXsmI8cuBxKgDHPmo=,tag:1s3+L08McDetU2BTMXWP+g==,type:str]
|
||||
grafana: ENC[AES256_GCM,data:jsKB0+FFRGDfCG/alFwQF1fvI+TOFAUN6gc3zraMkCsRzn6SBzPsyuOiDthTCyS2dx0+arwmn93TzX1fm/vKuQ==,iv:Vl7IsQRuP8TBTDfwJSU/QrHTSowukXtGPG38fu3QcnA=,tag:L5G8sN6ZcOWyoeQgvTYGrg==,type:str]
|
||||
synapse_matrix: ENC[AES256_GCM,data:uyV13dMgUzPLGmSGN3Hoi6u1tY9rMU186VUSl7HspZXFqhs+OmRGL86cf91o/owvz15WijIw4wuAP++T8MY4LA==,iv:TG7Fi3ETAvmrOxv8ZahnrOR7Z90Vf5YgHcOtPkzueJI=,tag:uH10mk1m0q3a0fGcDbH9HQ==,type:str]
|
||||
peertube: ENC[AES256_GCM,data:J/qNYYuOhENTVFU+6Iz9P8Cy1FcHlD6xpPADDzdYDZuce9DEsnFq28d+tTJ7Z71IvOKvNySly7ru/R+Tu7rqpQ==,iv:sV34o2Zf7yLUovdVND7wh+rcoGglz4llc3xfSEllHNM=,tag:c9wzEAlWMINTN8TEZhDIRw==,type:str]
|
||||
rsshub:
|
||||
pixiv-refreshtoken: ENC[AES256_GCM,data:PVWacd0SAg2n76ExpQy5Hdg2WK2IdokhnZ0PoY7rNz7pLkBjlrMjbtCenQ==,iv:wPCVw0VVL4b/9TLvGd3fU+dDr/gIlSyUOO5pKF3CuzM=,tag:HgUrPEOCZK9DYsyowi55Ag==,type:str]
|
||||
youtube-key: ENC[AES256_GCM,data:XOPAZPIE8Hd3vKWAR8tlaXQp/FGeH2pIBmwym8h7TXUf+MGTGQko,iv:mv1csjmeKi/ZQIiuhzPIr3DPyygjWevhFGSK+URaQiA=,tag:yh4Zr9MpINU8O0eeH9+z3A==,type:str]
|
||||
youtube-client-id: ENC[AES256_GCM,data:HEJQeFtoyXaSQqprbpGY7qvYYsq1u23CMM5kGvgGsoP1xvEMcwRa3Lza8OhL/lk0MtKH0krojDyUMzWPZtohG9U3ad/t18YQPg==,iv:vT4V3VZU4lJx2djtjIOow/xuER2LQ4reQUOgCPeW+9Y=,tag:MFvBv/3hs2H6BQWGU9eeFg==,type:str]
|
||||
youtube-client-secret: ENC[AES256_GCM,data:7++nVoYfFxv304u9fxmk5W+38tP6Z+mMS/nh7adolhyfDXI=,iv:WlYBfwCz7//qM02ljM1prc/YnBwLOb60ATcUlnBK9ik=,tag:erwi1hRaSaUQ2cLp+S9QOw==,type:str]
|
||||
youtube-refresh-token: ENC[AES256_GCM,data:o9KEBZ18h+taPc3WoQ4EsbR/WbFn3wRhgdvLAz7dmM05Cktf9pgZ8iI1idWQZCJ0ehYL5VyizNhHrmkocXsHzCJ6i79J3uBl5vggWZ4v6/5cUBtNZXq5DYYG/EVN2RXjOdrkzYZnQA==,iv:CQzgvwhofMljnhNXYh+t6BkPJ3OO4GRPOSFZOVXe7TY=,tag:/1i73kP+RrkP76Tho27wkA==,type:str]
|
||||
twitter-auth-token: ENC[AES256_GCM,data:2OM7aZZYuE1A3aQMsDia5yy2cGVmaT7L3QljZ3J8IixA9zaJdFwu6w==,iv:vcc80V5PMqZk7lcvoyfl+XtoIhZ7g951OSRnXPywtao=,tag:EVL2NIiDTS5EHU8MxIZjpA==,type:str]
|
||||
bilibili-cookie: ENC[AES256_GCM,data:PoylF8gAs3dpRSdV6ClpaV9J6jRqRIsAYPlv1NiWy43hHmvEQac1tVrQfm0WHsxV3SfEaphyVH18bgwAcWnkWHbMTzKTWtzsJ74WrihRgksPiuttUm0JkTTr16g0jUtF8kSJiajQfDKmL0pEY9k3mnGnLltjIfntnqbH6dM11FRFy0Ixg0USUPiPz+uFMpJ7x6RHp+ypfhvMYsi5uuCiloCYMV4cUcr65gGym7a72S74vPdPQRzuGoz9fsJn/aPGPlhZR9L2k98TzQjp2jz5lbbGLEH6O1AH/aW9QlDuooF1ki9SvanQ,iv:nO6Adc002Twmw4Qov+EkhVu2TBN0NUEgaCoWOaTu7hE=,tag:cHG00fvDaTR7kAYIMPsICw==,type:str]
|
||||
zhihu-cookies: ENC[AES256_GCM,data:88obR6OzMhO07UM4Mqr928ik/LY8wjjuYRVJdFFJNwiq+q05DfKprrX0oh5barTBqWduZ/PZZzOswh8OgzyeVpRZwBLIz63AJSv+Zui6wV/KODITZs/iDC+UiEnGkh0kf93p3g/TUvxWDGwe7beydGiDXUZrvaQ2nKB7NBGAoohdsx3cXb+TPruj0U8G1GaqRscSjqoYJFhj30EJBH7Jqb687/Zms0oetgXi6KZ8Mw==,iv:tYjHMC7FVxQJ4mhst6pttxivCoSxVyv8qUPmXXDoqzs=,tag:c3UHpyGKvD48qi0rBlfyjA==,type:str]
|
||||
mail:
|
||||
bot: ENC[AES256_GCM,data:redeWqYAJlHVivVtywOD+Q==,iv:mDZ+4K4aj+05/KRij0oH+v7/JiBxs7y/x08Nz7U1sSQ=,tag:2FRwDxmN/mIuBjE39jl/Ng==,type:str]
|
||||
synapse:
|
||||
synapse:
|
||||
coturn: ENC[AES256_GCM,data:IAgJ3Lni1s/AGQxz2Tt0EpFoIwRZ7Y9TtDHsm7fyCcfDLNvwhNorTod5MSgiqFtHhWLzXf/iqh3/cWitIeuxAg==,iv:QUGCkeFMO+CA3tAXbM8h4KALFic6XbnW5pCxtPtJyb8=,tag:dq6qECRfcyUvJX5EwCPDvQ==,type:str]
|
||||
registration: ENC[AES256_GCM,data:HV4DXfW6h1Z/OaW73jXJ4oXs/FOJf4EXWrWlXsnqbOJyzhCszBOiGFAw/i+wx9sSB+k=,iv:8VIXG3Xqug8dYaw2Log9IrGpxqAXwXFk4MJ4JuzQsBY=,tag:3Ra69sIFOxtX4Wzehvz+lQ==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:ilCgbQjqIALJd+rz0XmEo6TLqO44NCBBG2vKv8QITLntZ80bgedKACXZogfMVCv7pTI=,iv:LQG1/agu05i7kFL2vWFnSCttivD7yyDijhWFfq50Xq4=,tag:2VfNhZA5OogXI/RaWohDag==,type:str]
|
||||
form: ENC[AES256_GCM,data:0NdGdzjSF1/Xo7jz+Y3sGK/szDlhgg6kWLCoBiqDmBSARZX8SnW9W5zlPKM4Xa0sG+o=,iv:XVxnFBK2f2tvhIshzQLqLeUMcO28MyLrrF5QZMUeUr8=,tag:5frMH5KQt1hL1u2ltDpApw==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:JPjrh78ySJwmfL7l5C2OT6pelzMfqaWRQK7MoMv3lQ3VXcWKrVsJZlfRQaTJbaEgK+qSiHh0T99LGA==,iv:DFefjxW8U9YK3kCQUPyxOHsh+ZhUYEj5DfOlKVZePxA=,tag:u7oyKnuVDqkyvzwvsyfV/A==,type:str]
|
||||
matrix:
|
||||
coturn: ENC[AES256_GCM,data:ecDAOVKq9+tJklCJK3ktiWQ6Ky+O5fjr9zS3b3PjwJUyCpIADvVhWBTmFeaVy2ApfuWbugGw8d5wCscpOOy/aw==,iv:p9l9X0UBK2mDpkR9+OX/j+ETYxMdzZhjowzOvA6Uk/Q=,tag:5IC3IsfXg4JmJ+m9F4ehPA==,type:str]
|
||||
registration: ENC[AES256_GCM,data:YnDk7rqVPi3uyzNSBvWLQPb2ZaayNzgubs4Hf0i/CN0hW4ha49AZtkcNka/hVtwTGMI=,iv:Zs7SpAecN8r2Sg7Ih190SUlbH5SLu19BDCUPX9ywYzw=,tag:RLZ6jIgOeFCDwzAu0008yA==,type:str]
|
||||
macaroon: ENC[AES256_GCM,data:YmEJKAZ6dyjBVyvK3Xi68TZtJHUuljAQMhlR6I8vNUOxuP766XYkU/z/YaH3R2rVv9Y=,iv:1/C8Fm2CIpo6Y+YnE80EtWvHfG6cQu/mYd10XjagJdg=,tag:QmtfqZ/3as+4gdF/b2OuxA==,type:str]
|
||||
form: ENC[AES256_GCM,data:rGLJQUMVpOBTCQEqQtiUk3SWitLL1tijBFqVDbohrUspUhTXgRmCQ/0eodhku3RiwcA=,iv:GSxZtwo4/FDRn/dA+L/NQFWcj45KEUSaV2sUL09vqe0=,tag:4dvt57c3Q73B6O/9/UsbNQ==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:mUY9Fn7TcBPs4HhSpRkj1weFezAzr5ld1xYE8kZcjRNU05MCGLTbPa+av6pYr0HoAaSyzBXmKBBZMQ==,iv:wX092d4eAJ2jLce6Y1EfewxGZsLnwOSce5RJoikCiRg=,tag:Uegzv54CvAI8d0NTz3UesQ==,type:str]
|
||||
vaultwarden:
|
||||
#ENC[AES256_GCM,data:wbKsGwBKrJYagX1AvY0o5FHXxOhrfjZ/+crasAh52uOFYGd0P8A7NnyF6JvNgH749dAT9H47DXRKBAclVVSqWPc=,iv:TZgJ7pwyGBpf7S4g7CL2dync2sGNzQ9369atAvLwFJ8=,tag:sxtkPHOmrjUb13zeWPBdng==,type:comment]
|
||||
admin_token: ENC[AES256_GCM,data:TrgqQwXBoCdsLeWQYkur4zS+Z4nCoDDoePnN5vm+AIcgYXVwjxcf/0AwXQIxVNEypYysPpoHKOigwhkf5kLazAMiBZ0goAflJT/S4nOLo90s+9kDCADXWnCeHNhBUg8fUulNPBbpqdfFKCJgJCD2WTI+V5yFLQ==,iv:maKU6pcxis7Cyrx9x26cUTBzA6ZKcKJWSP23w+MDehw=,tag:GYpPHp2slC6V8aKA1FHFAg==,type:str]
|
||||
mariadb:
|
||||
photoprism: ENC[AES256_GCM,data:h7TQh5ScGM30e42VSEg6AynwRUPHMRHddJcJotQtDbkFVgmfjHmAHTY22U5jWqjq4KXPN5ItRETLOMw9k9yOgg==,iv:jFTPaXortmiU+8m/NBTYjAXRXHCpD+UE5oeveH7/znk=,tag:3OOUUyHLQJROh5rZcX8bAg==,type:str]
|
||||
freshrss: ENC[AES256_GCM,data:Qjg5GIX13ccZi/DuqtWK0qzr2GK0GzzUdEZWXDhUhGxFWzgosADxDCc8wfOchItaJFefnVrpPxdAPvT+4TEH0g==,iv:oGii3o6sJYVc11kdQMh0Pa3GUbWqttFgjvSVEbTycZc=,tag:8GWWwuJjQBwDFl9pJvg90g==,type:str]
|
||||
huginn: ENC[AES256_GCM,data:/hFQdG/RGrX75qd0+WgwhnwR7p/CEVx1vPksRSudxmc1m4VO/AVzgMCWAz4310ctTEnn4GZinvD6QGFta5IOSA==,iv:mrPDZA6Bnw+SPVDDe64tivvvQtHWvCsPJbEnPqm12g4=,tag:ihXbIJwwtQ0RfaNfcaop4Q==,type:str]
|
||||
photoprism:
|
||||
adminPassword: ENC[AES256_GCM,data:QXrDNGSKdRZxc4mfwIhR5cmmmJysGV3cThSFlng3mEviaq0p+BvOa5Thtgw0CxQXdpgjrkui+837NJ/FxPUYvg==,iv:EkutxeDDWfSOVD9p1Ari/rkgf7EwTutDymZQ1uNm6FA=,tag:r3gXuefnIQ+5pPtGZajnZg==,type:str]
|
||||
nextcloud:
|
||||
admin: ENC[AES256_GCM,data:DJK+u19VP9cFvq4/P0+f7erXxZkRWI4NRrX9HdHO96xy9wZMtB+hEDN3zLQnkTTtmd2ZLs9+c9BsUNXZperGDQ==,iv:zX8Nxt5+O/mGVt5l1j8IojBkgxg5oDae6KWTXYz0hRE=,tag:MRyMx0OXYTCmtaySP/umNw==,type:str]
|
||||
freshrss:
|
||||
chn: ENC[AES256_GCM,data:wwHntnMeiGZ5v8CE7CGV,iv:snIdYdFpvv5HvcR5qucD2pZXXef3dhSU+2wK5SPrDjw=,tag:2RnujKKkQSoxvSNZPLS9Pg==,type:str]
|
||||
huginn:
|
||||
invitationCode: ENC[AES256_GCM,data:E8rEdAfUQX9oJEnvxVF5PmYFMd9PN8+K,iv:gZtUf+AkICLHD4h2beHbEfyoL4bcoOv0sivDFDB3vVY=,tag:4tlsPuED6jCXNE0iOayXsg==,type:str]
|
||||
grafana:
|
||||
secret: ENC[AES256_GCM,data:O2L0+R9QvOMJLKa941nxn+FeuZ5nOAm1iDlKW2vvk5Dyod0XLdGL1seWuYzpx+NL16qmC1u8jydDcBfUT+PAeA==,iv:Pqsr+POPAr8djdVMK5U4PiS1zUnZXLH3q588D/jOMys=,tag:QziP0kKT5oyI/RHaYHr2mw==,type:str]
|
||||
chn: ENC[AES256_GCM,data:xMwWBYChRIxw5KDjgCYBJWkbRRo5FUtyhZ0+SVRIgjQ=,iv:EIjECQHx3/2t+oMC16B1Xfwa8guiST2pdIKM1hNcuFA=,tag:BP8ElnMevqF6urDgBP/UAg==,type:str]
|
||||
peertube:
|
||||
secrets: ENC[AES256_GCM,data:9pm5hD8FdbmFIRZZX5+C0NyXn8qdt0OIlecu79xjVrWd8C6H7C01Uriw5M1qifTIJLDMvJC36Trci0/eniDsEA==,iv:iZ/KiwgFm5TyZBZxo8n9k3Lr3o3Vk+c4zFn9efPtJYw=,tag:HGgoRL1C3Nm/KTHGfq2Ejg==,type:str]
|
||||
password: ENC[AES256_GCM,data:PNrcz2PnGF6WGa7vL5PBWiM03xsA2B2imPiwHpU0IMPN/CMh77eMVtwmoxtl6QkGl1UKb12975NJsfJwJPg9gg==,iv:vjFl6SFNqZhTHmmxRckYAj8nZ1IbFtTfTAxYkdSf/lI=,tag:K2PpVnu+919MddGl5qJn+w==,type:str]
|
||||
open-webui:
|
||||
openai: ENC[AES256_GCM,data:E8/Szd4ZFat/R4UW6F4qVEvKmq55sT7mpY6hK274JDCYJgjfQdtJ3gY=,iv:Ryxy19pQsY9pFfz/E4SbBfxYx0N5BXqZtR/Kv9E+0uM=,tag:GEd5+N/ziOncF1UhrwgngQ==,type:str]
|
||||
webui: ENC[AES256_GCM,data:6rpvA80i+HXkDQgYCDIHbXwDfxHq/5tXQRK4piI=,iv:vVIBHf/9LnY1z4zVZGB0ZRBRwLpdXKvNhsYWySxhsiY=,tag:JmbDJKlZ2dH13+drXyXXPg==,type:str]
|
||||
nixvirt:
|
||||
yumieko: ENC[AES256_GCM,data:tO+67mdCFH8=,iv:vl+PLSBfMDk7rGmpjuZ8TnEC1B8tni2pphC7cTmxQU0=,tag:RVW5UaUD0g0HDpoGp2/mAA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
|
||||
cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
|
||||
M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
|
||||
a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
|
||||
1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
|
||||
ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
|
||||
NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-07T00:23:06Z"
|
||||
mac: ENC[AES256_GCM,data:Vmcv7Hof4ZR8uXOwbk8zeKSfVldCxJQ696m3mCe6ar5FKpGja0f2XbW8a7tpuYqfwNa5Z7OCovku40PZ/TSmq91hQlZ+zbXe66nPx3/ybbQUSu1rvujprv36kvp1BQwK5A2clLEX7Vo7fGsTq1jX1AFrNM7zTJABrET/7yqVdTE=,iv:IkODPE4AMMLpBNbgwbOpYLWpG7IkRPKVBiLfxKASmPs=,tag:9xfwdCvaWvVey24dLmkFSQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,104 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model = { type = "desktop"; private = true; };
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/pc-boot" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
luks.auto."/dev/disk/by-partlabel/pc-root1" = { mapper = "root1"; ssd = true; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
resume = { device = "/dev/mapper/root1"; offset = 131605760; };
|
||||
};
|
||||
grub.windowsEntries."08D3-10DE" = "Windows";
|
||||
nix.marches =
|
||||
[
|
||||
"znver2" "znver3" "znver4" "znver5"
|
||||
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
|
||||
"broadwell"
|
||||
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
|
||||
"skylake" "cascadelake"
|
||||
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT PCONFIG PREFETCHW PTWRITE RDRND
|
||||
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
|
||||
"alderlake"
|
||||
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX PCONFIG
|
||||
"icelake-server"
|
||||
];
|
||||
nixpkgs = { march = "znver5"; rocm = true; };
|
||||
sysctl.laptop-mode = 5;
|
||||
kernel = { variant = "cachyos"; patches = [ "btusb" ]; };
|
||||
};
|
||||
hardware = { gpu.type = "amd"; asus = {};};
|
||||
services =
|
||||
{
|
||||
samba =
|
||||
{
|
||||
hostsAllowed = "192.168. 127.";
|
||||
shares =
|
||||
{
|
||||
media.path = "/run/media/chn";
|
||||
home.path = "/home/chn";
|
||||
mnt.path = "/mnt";
|
||||
share.path = "/home/chn/share";
|
||||
};
|
||||
};
|
||||
sshd = {};
|
||||
xray.client.dnsmasq =
|
||||
{
|
||||
hosts = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(name: { inherit name; value = "144.34.225.59"; })
|
||||
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
|
||||
);
|
||||
extraInterfaces = [ "wlo1" ];
|
||||
};
|
||||
nix-serve = {};
|
||||
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
|
||||
beesd."/" = { hashTableSizeMB = 4 * 128; threads = 4; };
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
master = "pc";
|
||||
node.pc =
|
||||
{
|
||||
name = "pc"; address = "127.0.0.1";
|
||||
cpu = { sockets = 2; cores = 8; threads = 2; };
|
||||
memoryGB = 80;
|
||||
};
|
||||
partitions.localhost = [ "pc" ];
|
||||
tui.cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
|
||||
};
|
||||
ollama = {};
|
||||
podman = {};
|
||||
ananicy = {};
|
||||
keyd = {};
|
||||
kvm.aarch64 = true;
|
||||
peerBanHelper = {};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
lumericalLicenseManager.macAddress = "10:5f:ad:10:3e:ca";
|
||||
waydroid = {};
|
||||
};
|
||||
bugs = [ "xmunet" "amdpstate" "iwlwifi" ];
|
||||
packages = { mathematica = {}; vasp = {}; lumerical = {}; };
|
||||
user.users = [ "chn" "xly" ];
|
||||
};
|
||||
# 允许kvm读取物理硬盘
|
||||
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
|
||||
services.colord.enable = true;
|
||||
# 禁止鼠标等在睡眠时唤醒
|
||||
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
|
||||
# 解决有时蓝牙不能使用的问题
|
||||
boot.kernelParams = [ "mt7925e.disable_aspm=1" ];
|
||||
specialisation.niri.configuration.nixos.system.gui.implementation = "niri";
|
||||
nixos.services.xray.client.xray.serverName = "xserver2.vps4.chn.moe";
|
||||
};
|
||||
}
|
||||
@@ -1,42 +0,0 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:XU7/GZ8cJmDwNsrQfoFHrquZT5QkjvTPZfnghX3BLyvPLlrX,iv:e/BQkZ5ydWD4P/qT9OUloB8/cXImfkG3YZnuIeNLoTc=,tag:EW3ZBzGnyIrUfcMeJqm4aA==,type:str]
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
|
||||
postgresql:
|
||||
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
|
||||
redis:
|
||||
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:9QoVM69efr3+UGEo/GPY6IBBxfcqE+3erRTrqSdeTf4XziVMlzWTMdhV9jU=,iv:3abQtZ8cpejqXsJPx6SvSS2cXAKMDkEKEhl9LE319RQ=,tag:1uBPK/0VLPPMzj4rl+iQMQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
|
||||
nix:
|
||||
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
|
||||
searx:
|
||||
secret-key: ENC[AES256_GCM,data:KhIP+Rz3rMfNgPEGTlKGvm6gl1/ZuPI=,iv:GcaLEJHKJO3n6IaeiFr9PaJ6eNx04/VjX3UgmBF429g=,tag:HkplyH9hTHUaEZ709TyitA==,type:str]
|
||||
xray-xmu-client:
|
||||
uuid: ENC[AES256_GCM,data:XiUkReTJLAxZNWFVeD6EiOtUX5tsyPLFi6QyDBdHyB4v5/mD,iv:QppdtP2CFDEVhlrmDJKYBGc1zYGJvpGYxLfsBAMxDSI=,tag:jzMSFRit+aBzWMkaa3+5hA==,type:str]
|
||||
cookie: ENC[AES256_GCM,data:0jqSEZloX2/c8Zg4WTKkLw==,iv:BKLm1KMoRrH0uO6hPMsv2a7sG0AwNRrdbpmABP4BszA=,tag:pBs+rQIhhNO4Qr6q1V3MUA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcDBqZldlajB1RURQVW03
|
||||
TWJTaDlvVEYvZDd5dXBJV0c2V3FGY0laMUZ3CkxjQUtLRHBOZkQ4Mk5JTGd5V0M4
|
||||
VUJ5aHJGSDl0MWpDSTNnQ2RSRnpPQ0kKLS0tIFA2em42NXNmZkJZWCs1Tmxia1VV
|
||||
RnRPQ05LTDZTOEY3OWVMdmhHTTRKT1EKyBnGiEpkJ9TUGMSne5RUX5U4Nc49gXOn
|
||||
8q6IeBWnI3mkVA0PElAThSpXLMMzq01uDrcZEeE9BocyU7Y/JRbUMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeEw5YWpQNXM2dWpVY3Uw
|
||||
bjBFQmVKeDlqYUFPNGhwVlVwdTdDaDY2bUNNCmJncHhrbHplU2ZvTHROcU1LNzBE
|
||||
dnRlOFF2eXhHKzZ5VzQvS3RPb3FsWTAKLS0tIHNDcmdGTWl1VTREaVJXR1VzSUs0
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T07:22:50Z"
|
||||
mac: ENC[AES256_GCM,data:f4fultak/52Gq6nn1hJJYw3AMeuR3J6gcxtPDG/WKkNV+B+gtabWp5R8J8wLWFJ4C1ZsGHDYMTvTfSUlDVdm1dGpxJtFzdfoBBdajj8s2mju6nMQUFoNFRmHDZEQBdIzfXpob1+7Rsr+bBmg7HnFvjR0ozuaQP9QHsHEZxJVbnU=,iv:xh4OIom1TFgKralXw6rrOR/1xpD5SpY2tHfJUq6v41o=,tag:0QOtWN6DcGf3/gorusbXtQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,24 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-02-24T05:48:31Z",
|
||||
"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.arch = "aarch64";
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount.btrfs."/dev/disk/by-partlabel/r2s-root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
network = {};
|
||||
# uboot 起始位置 0x8000 字节,这个地方还在分区表内部;除此以外还需要预留一些空间,预留32M足够。
|
||||
uboot.buildArgs =
|
||||
{
|
||||
defconfig = "nanopi-r2s-rk3328_defconfig";
|
||||
filesToInstall = [ "u-boot-rockchip.bin" ];
|
||||
env.BL31 = "${inputs.pkgs.armTrustedFirmwareRK3328}/bl31.elf";
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,68 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.type = "server";
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
|
||||
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root" =
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd.passwordAuthentication = true;
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
master = "srv1-node0";
|
||||
node =
|
||||
{
|
||||
srv1-node0 =
|
||||
{
|
||||
name = "n0"; address = "192.168.178.1";
|
||||
cpu = { sockets = 4; cores = 20; threads = 2; };
|
||||
memoryGB = 112;
|
||||
};
|
||||
srv1-node1 =
|
||||
{
|
||||
name = "n1"; address = "192.168.178.2";
|
||||
cpu = { sockets = 4; cores = 8; threads = 2; };
|
||||
memoryGB = 112;
|
||||
};
|
||||
srv1-node2 =
|
||||
{
|
||||
name = "n2"; address = "192.168.178.3";
|
||||
cpu = { sockets = 4; cores = 8; threads = 2; };
|
||||
memoryGB = 56;
|
||||
};
|
||||
};
|
||||
partitions =
|
||||
{
|
||||
n0 = [ "srv1-node0" ];
|
||||
n1 = [ "srv1-node1" ];
|
||||
n2 = [ "srv1-node2" ];
|
||||
all = [ "srv1-node0" "srv1-node1" "srv1-node2" ];
|
||||
};
|
||||
tui.cpuQueues =
|
||||
[
|
||||
{ name = "n0"; mpiThreads = 8; openmpThreads = 10; }
|
||||
{ name = "n1"; mpiThreads = 8; openmpThreads = 4; }
|
||||
];
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
};
|
||||
packages.vasp = {};
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.cluster.nodeType = "master";
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "cascadelake";
|
||||
network =
|
||||
{
|
||||
static =
|
||||
{
|
||||
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
|
||||
eno146 = { ip = "192.168.178.1"; mask = 24; };
|
||||
};
|
||||
masquerade = [ "eno146" ];
|
||||
trust = [ "eno146" ];
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd.motd = true;
|
||||
xray.client.dnsmasq.extraInterfaces = [ "eno146" ];
|
||||
beesd."/" = { hashTableSizeMB = 128; threads = 4; };
|
||||
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
};
|
||||
packages =
|
||||
{
|
||||
desktop = {};
|
||||
packages._prebuildPackages =
|
||||
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
wireguard: ENC[AES256_GCM,data:B5YdOhpXruQY1Hqb7hpIyPZinSNG+Ub/jE2/hiwZT2WCHjT6Ujz/W8eKbuk=,iv:XcfZb34SjYEsxvo6HEGCd7wy0dsrNIEJ0bORznZZceA=,tag:uFlbepSwch2wJCRITlVNTA==,type:str]
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUpac093NWh3bnZqWkFY
|
||||
WGorTlk3WWJRb0RYVWVQc1JacU9GZDhFN0RnCkJkQnJoTkZtYkFEQ1JDZXA1Qzdp
|
||||
dWxtc3RFbUd4TEZobXBQVWVlL3VETVEKLS0tIExoMUNidEZob2dtTWhmS0VHbDJn
|
||||
RFNiU0xMOG1UNVY5TTYrcW1GTnIwb0kKyCl+eqpGtqN047+t1C/c1prIaP3tm1jk
|
||||
1ObtsmGwCxDyIkayqB3WF9DWhNHipXHZXrWT+JQJTD30BABBex+ufg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WXJ0dmh3RTBMci9pVVh6
|
||||
cWsyNHVub2U1RFhLSnJPSFI1S2lGV21nYm1ZCll2TUQybmtaaTdYd0dGSXVNV1Y3
|
||||
TC9zbWJQOENsQm1Nc1ZwUTMvczJGK0UKLS0tIHJRemNhdWpRa1pkRnhTZjhCODNM
|
||||
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
|
||||
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-10T10:44:35Z"
|
||||
mac: ENC[AES256_GCM,data:lfckL0SJXq+eY3d9SUHihE4Alp6VAI7ugoQygMsphi91yvmAZ1YBbrTVxjzQpL1dT+7zhOhzE2dTqCLXUl1gjbYYo1S6zco73EdU4k/AX3LEAhCJCxG1LVvN/Kf+XoMSauFM7z+E8zZJCvT9/Jijxy/Ty/XBoP9z7gmpQSuRntI=,iv:5hVa0bsv3B9/I+BSxNYOYHFRnM3BfP8GvhlM65lWLFo=,tag:gs2NOe7h6AqYbmCBUMd9FA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
@@ -1,20 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
network =
|
||||
{
|
||||
static.eno2 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
};
|
||||
services.beesd."/".threads = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
wireguard: ENC[AES256_GCM,data:D4ukKVu4yn3hS3AZJqt3XTgZNbt44Vyiu6I5lCNw9c/VEqXBx3GDlKdcVPY=,iv:S1S0sU0vQcTahFI+GyBz1n/0LVsK3ImFDuLtuQxmgik=,tag:oZ1NWOCcsRb+kjfq/LcL2w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRXgwcllHZmZHcHZmZllq
|
||||
c2NrbnFSaVVBTnhSNk9Pb1ZSWGp6UlVaanlVCkNObzcwUlYwZDdyOTByOXA5M0lz
|
||||
QTJQMFcvWGY2VmZFS1kydjJSWmgyazQKLS0tIEs0VHZJckcyZUZaWURqZjdoQkVI
|
||||
Zzl2RUFBRCtuMkpidWU1cmZlZWU0OEEKyMO8I43PiG+1Eu/8aKuNPKeA50P1bSyD
|
||||
Nv5xyKaqcs6737Gw/zk0tY7EkeeruDfemxgsb527g3hYogHNXr9oOw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcEo5a2srUTlhWXFQd2FJ
|
||||
YmtBMzJqZE53R0J6TG80UWxMQ1A1WEpFNzJFCkJBSWQ3S2pTVnpGZ2JlRnpBYU1J
|
||||
UWRKdEduQ1JMQ05GejVaakZYNzh4STgKLS0tIFBMVTN1MDcwVERucmoyWm5MQWcz
|
||||
cWpEMWU1TjZKbnFTWm4xY2QwdWx3aFkK0O6p2piq8RKOcSTT49i0pnlt+gOk+QMF
|
||||
r+EJU0zobWwe3PrDg8jjw5HpMxrpDzHcD0XMnVQW0Fd9pn6n4VfpUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:03:27Z"
|
||||
mac: ENC[AES256_GCM,data:13eXFmTRo9lZvQ3+iApHuei5r/OCSCs2gxqEe3nmavQgq1kQXKcD+4ciS/Shd9CJFZrjAu9oRByu5ZeZOnj11u6z3EmnXIwHptMEZe+N6r+Z2uKcBUa/TSJBnYcCrMQ1NM16GXRTi1bwpx4iT4v377lgd1orCa5C10iD6W3/9b0=,iv:FBGi1hSAu0Bz5NKz4mixfbUXbjI725RHccmEO4/jumo=,tag:vCHzTsTV7kJKNapFTxS55A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
@@ -1,31 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "broadwell";
|
||||
network =
|
||||
{
|
||||
static =
|
||||
{
|
||||
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
|
||||
eno2 = { ip = "192.168.178.3"; mask = 24; };
|
||||
};
|
||||
trust = [ "eno2" ];
|
||||
bridge.br0.interfaces = [ "eno1" ];
|
||||
};
|
||||
fileSystems.mount.btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
|
||||
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client = {};
|
||||
beesd."/".threads = 4;
|
||||
kvm.nodatacow = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,32 +0,0 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:xoIm26btEBuHjgcIrB8gRHAaEdBq3/E5XtoF0YPxnSHB7k3GWJfAxeL4vrw=,iv:HuOFNUgGROF97beF6C4amspd+NV/2uO6OihNMz23hSY=,tag:YJjFM8mqYOuJEulpVHt8FA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WlJNWmp2VUxpcXR3NE92
|
||||
TnNuLzg0SVZKdmt1cEVZU2FodXZPdmt6Rm5rClhrbDh3SzFlMU9LVFpEZDFLUGZZ
|
||||
d2RBTVNCamNBWFVEVW9FMjYxcUE4Rm8KLS0tIHBwYjlMU2tnUTZweDBYcmZXUC9l
|
||||
OWFUeE9xdldpTUQ3cDFENjU4YUVwSkUKp7yZGpvKMSm6rvsoPbcaqVznL3wzGEXB
|
||||
OGzrmgY083Gyjb5P/0wPY0ShGMWfWQW6vGchoqVuwr4oHKT3APcrIg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRjBjdGFEMjR6QnQ0a3Nz
|
||||
c2lmVWE0bFh3amRULytZOVhYS3dkL2JmRVhVClVQalh1WjJqcWcxT3ZXMWduN3Nl
|
||||
UzdFNXNQUmtaaTVIVVFVYXkyZEFPUncKLS0tIExrTDA0OEJzQklQOHNJZzBJdzJP
|
||||
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
|
||||
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:04:26Z"
|
||||
mac: ENC[AES256_GCM,data:JlAgVoTpT6NRT1gvYQre6N8PzHLxbC9z1E42OM40Qs/nhcjYnsRNPiUEvSUClgx+B2G99S/b9R/wQqovBQFtdRDdlCMhz0ZVgLe48ak74EOYn6fwXy37amXP6doW86wS/N2fQeKhyMiJPHurRGamm+jsUUALohx6p1zm47NWL0c=,iv:oQV5be92oyOj0h6IrEY70VfoJYqEFVMtI0PYEALIXfo=,tag:WlH+fTUlPynhupXpBvdl+g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
@@ -1,32 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c0lOZnZXY0ljWCs2aFoz\ncHVQNVJJK3loVEI1amIzYWU3YUJjbWtUa0I0CmJnaUhhT2pEeG1ySGxHOU1LMk5z\nak9RNkxXRkxBelVTYks1TXJuazNjRVEKLS0tIE9JbktPcGFvYWk2NWV1K2J1SXhT\nQVpubWhsUTJ4SWNXTFNvRjQ3aE1kUFEKeuatL0NX6KbvZL3hafjbNPeBFDFBxSOv\no6Jvm9s4/Lp5m6YRVcQyInAoycC+O7GYwfCKVbPNMAamOhDraIoE4w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOEFXV01sRXM5bTc2TGdE\nMWZraktqOUpTSWk0Vk1KNUdqNnVVNWptZkJJCktYMk5jL2ExTTMyY2NOUXdybUNi\nZ2hhTlBtaVZlZ3BDd0xBWTRoKzBJbmcKLS0tIEQyQlByNmtxdUFuQVZ6N3I3Rjdk\ndW1ldlIrZ0lxenZPMVNBcFJDMDM5QncK7p/F1Usnp2OQZ0Mp+cpQBY+ELu5n3UrD\nZN14dzPqnPpoC5nKOzGp7veg8ssH5VCX0xxI8ZJCihKwyJG/FP3pBQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeDhuTkJFclM3dS9wV3Nz\naFdrVS9KSENEMklhdVgxcFpEU2N2ZWVKL0VFCmFVSHhybW9YNU5HVHliL1VVcmNk\nWHpsQTFGMWYvc1loNGVGUm54K0VwYzAKLS0tIEhYOE9nMnk2OFl2dFZRWlNTVTZt\nM2VBaGpTMSs5bzJwMHdJREV5ZzVzbGsKu0al3a6aJ40GbcCH4tF0Va6XgNxXOZmM\n7HXqH6s25dqbKTa8iNpGeaJhjRBzkyLjq1uRtQ9X4vXg9RuRhNYPxQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaHJ6U0hlZGVkWHptby9T\nVk1ONHovUTZKZUFZaW9XZVVoRk9UVWMxUldRCkNacG5FelBQbVZCbWhvSkx2TFJi\nZmd1VXFRODZNWmlGT1hJcUszbTM1Y1kKLS0tIElXRzRsTldKbTV1ZlZLNUJhVWdn\ndnRTMnc0cHpKaC82Z05VYlJ3a3luTm8KNBEKH7yeyzSyCh5D6YYc3Oayie6xDWEl\nyJVZHVmk87fzDtmVSP07KbiWeGur9epHCEjA0et/76+RXObIQQ6XGQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-09-15T11:11:36Z",
|
||||
"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
}
|
||||
}
|
||||
@@ -1,92 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.type = "server";
|
||||
system =
|
||||
{
|
||||
fileSystems.mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
|
||||
{
|
||||
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
|
||||
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
|
||||
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
nixpkgs.cuda.capabilities =
|
||||
[
|
||||
# p5000 p400
|
||||
"6.1"
|
||||
# 2080 Ti
|
||||
"7.5"
|
||||
# 3090
|
||||
"8.6"
|
||||
# 4090
|
||||
"8.9"
|
||||
];
|
||||
};
|
||||
hardware.gpu.type = "nvidia";
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
master = "srv2-node0";
|
||||
node =
|
||||
{
|
||||
srv2-node0 =
|
||||
{
|
||||
name = "n0"; address = "192.168.178.1";
|
||||
cpu = { sockets = 2; cores = 22; threads = 2; };
|
||||
memoryGB = 240;
|
||||
gpus."4090" = 1;
|
||||
};
|
||||
srv2-node1 =
|
||||
{
|
||||
name = "n1"; address = "192.168.178.2";
|
||||
cpu = { sockets = 2; cores = 8; threads = 2; };
|
||||
memoryGB = 80;
|
||||
gpus = { "3090" = 1; "4090" = 1; };
|
||||
};
|
||||
};
|
||||
partitions =
|
||||
{
|
||||
all = [ "srv2-node0" "srv2-node1" ];
|
||||
n0 = [ "srv2-node0" ];
|
||||
n1 = [ "srv2-node1" ];
|
||||
};
|
||||
defaultPartition = "all";
|
||||
tui =
|
||||
{
|
||||
cpuQueues =
|
||||
[
|
||||
{ name = "n0"; mpiThreads = 8; openmpThreads = 5; memoryGB = 216; allocateCpus = 43; }
|
||||
{ name = "n1"; mpiThreads = 4; openmpThreads = 3; memoryGB = 32; allocateCpus = 12; }
|
||||
];
|
||||
gpuQueues =
|
||||
[
|
||||
{ name = "all"; gpuIds = [ "4090" "3090" ]; }
|
||||
{ name = "n0"; gpuIds = [ "4090" ]; }
|
||||
{ name = "n1"; gpuIds = [ "3090" "4090" ]; }
|
||||
];
|
||||
};
|
||||
};
|
||||
mariadb.mountFrom = "nodatacow";
|
||||
};
|
||||
packages = { vasp = {}; desktop = {}; lumerical = {}; };
|
||||
user.users =
|
||||
[
|
||||
# 组内
|
||||
"chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "qmx" "xly"
|
||||
# 组外
|
||||
"yxf" # 小芳同志
|
||||
"hss" # 还没见到本人
|
||||
"zzn" # 张宗南
|
||||
"zqq" # 庄芹芹
|
||||
"zgq" # 希望能接好班
|
||||
"lly" # 这谁?
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,43 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
model.cluster.nodeType = "master";
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "skylake";
|
||||
network =
|
||||
{
|
||||
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
|
||||
masquerade = [ "eno2" ];
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
nix.remote.slave = {};
|
||||
fileSystems =
|
||||
{
|
||||
swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
|
||||
mount.btrfs."/dev/disk/by-partlabel/srv2-node0-root1" =
|
||||
{
|
||||
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
|
||||
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
|
||||
};
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
|
||||
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
|
||||
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
hpcstat = {};
|
||||
ollama = {};
|
||||
sshd = { groupBanner = true; motd = true; };
|
||||
speedtest = {};
|
||||
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:TEi3LAZA0BaPxeXA1yFMD6fQPRKSndVyAzNycCD/5CYXmNVyO7zv4o23ahg=,iv:tEKFPyuqmpsWf0vDoSaw4Ai6S5DzacZFA4otNgnknxY=,tag:qZJzr/Yyoex2hDfVtT6nYA==,type:str]
|
||||
mariadb:
|
||||
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
|
||||
hpcstat:
|
||||
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
|
||||
wireless:
|
||||
#ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment]
|
||||
409的5G: ENC[AES256_GCM,data:K9wm3zedoil7jHgTcb+VmbdbkG2dgrMdr3BmDRUHDVADqLANMvnUMSecggYTO4HaiI9q6uv2/BSkluanD5K4Dw==,iv:7dGET3ULKlnaDMVmkuXDek+hQPLZ2VUbPqvEOX+5jlQ=,tag:MBGmQ0NNNqX+T9EsBiWCaw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
|
||||
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
|
||||
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
|
||||
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
|
||||
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
|
||||
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
|
||||
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
|
||||
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
|
||||
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-12T04:13:47Z"
|
||||
mac: ENC[AES256_GCM,data:W+e5d1scvV24AdVdl7Pisp9HxsXQ/tPjN2NV/Bd0RXZNBRB7LNQrSfk1GadboBnihW0ctAQOFk66PZsxwE2czfFL2/yzFxm9Cf11Mc822ZL3BwjnQBK4uR9LJrbjL7x1lFUk9v0AIPhjrir8F6dcX8mq6++hHNN0wjGaH3J9E0Y=,iv:RK7e4Dxog+Qsgk6gxK0f8PN8oF9bjWIrTyYK67Cdras=,tag:QSKsETYXbhnvhhjavP4UiA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,26 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
nixpkgs.march = "znver3";
|
||||
network =
|
||||
{
|
||||
static.enp58s0 =
|
||||
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
|
||||
trust = [ "enp58s0" ];
|
||||
};
|
||||
fileSystems.swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
beesd."/".hashTableSizeMB = 64;
|
||||
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
|
||||
};
|
||||
};
|
||||
services.hardware.bolt.enable = true;
|
||||
};
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
wireguard: ENC[AES256_GCM,data:zfyNpCZ2EhQdsz+/vknjtbT1vMLebil1tarIcxLoUQ3J5XOKTCQBay4jBL8=,iv:tF6I5HHhDMfoGAfrtkmvrlqsSpX9YZL8dtzxAgBCp5c=,tag:DeOFwrIGbwVtf42iO1dm6g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndWFBbXpxRlI3bmc2VFJD
|
||||
Y2hLK1RobnBYVEd1SXpiYXc5Wk1Ia09UUWgwCjE2WVZySnhXNzBtNGdJak9lbjE4
|
||||
dEp6NnNQc0dNNDZsb3Z4ek9zVk4xeDAKLS0tIGVLdDBxOVZ2ek1MN0MwTTlwZTh4
|
||||
T2VSaWx3UkxpZ2d6NC84djNpbGZUYUUKJHx6GZcnJpSoPE0HFvU+B4CsNtrcg8lx
|
||||
LGaLYmciM87kXY1enOEzDk6px9GX9hFy6/73XBJVrIU0OC/w671vHw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUHUrcnoySm9CcVJCdXRk
|
||||
YmRzQ25mOFJBQjFtS01VWkxUTUU5WUI5WUdJCktLSFM3ZWl6N3ZUaTVpdWdNU09y
|
||||
RTFCczNTeHNhYzNmbWtjNTdOMW9ITnMKLS0tIHFNT3JCbFB6K0FodTJrS3FtRGVq
|
||||
c0I4VUdiZytoQWRsUUhBVStDR2VPT3MKDkDQ3sKJjotYUfoBWF85t3LYtz1OVFws
|
||||
2IdtJBHISb5j3xnAs/UUHDPzjUUsgb+sTHm9krQy3LDuELNY6KGMPw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-16T05:05:21Z"
|
||||
mac: ENC[AES256_GCM,data:aPNsWBi4sm4UhX1qpk412eYNCZltKkRMWWgopZw6mjMLSOSb6E1yi8NjRJMj04RpE2XoVCkKP6R5Qo0I95wxY5qZHJuUp/5srqjAf/fHWz1QmXThogaMzM2jue7+NHUSQXrPnh0ZspXD47HyxMUOhlnewZ3EfOw7B5qKAYR1f6I=,iv:mnwtf0B7x5AbMzivg27zqIkhBdkDb5qq8eDBCGMdK0c=,tag:PCtirta++gCSsQsQo+bSmA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
@@ -1,28 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeDlnOGlTYlY5a2wyaUxo\nSk5uaFVQWTY1Q25ad0NkSTQ2bTZEYU5ibWg4ClpnM1NLbFArUEtndjFGamgwdDBF\nWnNMalNRWWhLL2V3S1RWRHh3MGErUUUKLS0tIGt0MGJ4SzNDTWZNUHM0djFDSjdo\nbDMvbWRDVURzQmVWdGFQeDVWQmN5Q2MKBpbH7QXL1sf0c7ix9yd2r7vEBScixvBM\nom1tHgJmwxhep7DSyvjg/xslag7U2vF69gPrcAlnAndZsLCtsYdvyw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa2Z5V0VPRWhYaXZ3STBa\nMWVsS01CYVBzeHM0T29pUWtQYlVyWCtheFRzCk5JYUpqN1cwWDFwUkZ2Q2xkL3U5\nRlNpMTQ2QTBQZFdYMmJIZjdnOWNjalEKLS0tIEZZREZPVmQxZ25MaHlMZ0VuWExT\nR2dJZ1lWdGt5dWNIM1FyQ2dZV0dlTTQKhUnA3pnoXb18/b/Jzyk0fC6GnmIMmYfl\nVgzCoCDSHNSvW/qUoT22hJfZCMFvIzOHEpmufMHCecZdisUozfWFuQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYnBaYmprYTIySWFnOVhk\nTThHNEptc2luWTFxSTBBMnY1Q1FkQjNBaWlBClFRbWlIdmRRVnZ0TGJVTlhNRHN0\nS1JZZnJLU2xCS3Q4ZTBDWU9ScnBtOEEKLS0tIFNCMmtDd0VJR0JucUJSZHo3dHZl\nWm9ZQ0dOamZvSTNQNW1uWW85TGxRTWMKKm7NdN69Q7F+KcR7u3kTxhQuzikGUdEZ\n8AkowBgHRndxNgdC6wYV1VeqEkDxXqR/430+EQS0jQQrIXpuXkCDkQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-03-09T07:59:38Z",
|
||||
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
@@ -1,40 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
fail2ban = {};
|
||||
xray.server.serverName = "xserver2.vps4.chn.moe";
|
||||
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.nas.chn.moe"; })
|
||||
[
|
||||
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
|
||||
"photoprism" "nextcloud" "freshrss" "huginn" "api" "webdav" "chat"
|
||||
]);
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,66 +0,0 @@
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
|
||||
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
|
||||
#ENC[AES256_GCM,data:4Y00hDJ+8Hjq3Q==,iv:XWZYNC1T5B55B43tcuzzvOOFtHqZJ9XDuEaYQOO5cR4=,tag:5oNFsqUtSiv8CY6aHyGjNQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:MRMdc7LRYqgRsfKKW6LnP14g3JoFT6g7jzkXW8gIAeqypyoc,iv:tfPBD2FkIljz3xasYNJsj3vh2lEObrvSZ95FyCgWcTs=,tag:B1PQpyX24DqrPscL/pjZmQ==,type:str]
|
||||
#ENC[AES256_GCM,data:gGd3kkNcyIwOXg4=,iv:vILDvtdvopPM8lZDDpedvtXYHpoPvPn1A8AJca41r9A=,tag:2LMImcmdyPKsQDloq7041Q==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:+KUVcqy18t6Fd+QNgB5DeZkNSA6lsjebO+xnzxzIjWuZ9UmS,iv:qugbmBv9jk1yfH2s0A0jla0DR3jkdXLVUeWGcj6v68U=,tag:4FUf/guDzPqgDcb1086WTA==,type:str]
|
||||
#ENC[AES256_GCM,data:jCgKe0t2xQ==,iv:UE48L/JpobN6LUd6Z9RlsUGSJ1sHHgiL6xj8lPztwJc=,tag:xnwWLQm+GIUzsfBO/TXhrg==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:3yrdvbcH/ToAQpTLppSVp2FNGjatyBInKP85bAY9OrEtzhhQ,iv:4zvb1nzKjrCNWWKelOnDhsNBAC7Ak6ZpJlvQKqGJrgc=,tag:dBOTBJDJhJsKHKg/vGmpxQ==,type:str]
|
||||
#ENC[AES256_GCM,data:2ptsDQ==,iv:dEzyk6NQcFZQPx8h/ViCqtRaQ/8dfMTVKBq+iguk6nU=,tag:11SLIAhtcHja4G9HUXr9Ng==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:NO9rpzFkySistf9++oXpo1tBaa4XtPtcCGR+2IWmhQYEH/l1,iv:OG+U0avgo9mjmU3soxRNL71ZC7Ee4ijpsJMRn3jYvhw=,tag:QuBFX2KHgNJ+f3RwqEH4+Q==,type:str]
|
||||
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:Ie8M385wtRx8bWIdCupnda799kL0OLBsWdk9pHTY7IxxaZbn,iv:OrRYOkaC9uI9E1Eb8GYqmYr9VAUM895oO8NSdvxUPCQ=,tag:NZTUE4KnUjhg/auoALavTA==,type:str]
|
||||
#ENC[AES256_GCM,data:Wwq+ypJgx6OcXA==,iv:dSvFz4I5tFx+ZVClxNGKwcbIQe7OY43OzAhqRiDK2TQ=,tag:CYUs1cJ/zqc+Y0yFec7Upw==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:2GyFDXIiAN3mTobwnY4czV2Egoin3B5Ih+aet3yT+krPTkPq,iv:NwrzO//HXwKMudgD+yK1hsj9o71RG6BfBle3logvuLE=,tag:WWpioPsnhHvVSrzAmN16Sg==,type:str]
|
||||
#ENC[AES256_GCM,data:vVz6E2juGqXS1Q==,iv:9itEkwMsW8cqSzwV2EZtgJVgaW7aJJ5fw1rLuKFwiKM=,tag:9hRADkot8kELoYAgd6Dz7Q==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:HgSVrry+nKGW9X9N6h8hsI9VETKtSEi+/ZC9QvNZW4zETQxt,iv:ERgmCDPBpboA/+Sxeq6BvWoMxsv3Kkczqb/mbXz9pOk=,tag:bklzRg9toKy//6T8xdtbRw==,type:str]
|
||||
#ENC[AES256_GCM,data:2sHxXec=,iv:aA61+cmDw4rHab7RuRRK3eUDx5d6gpmfw4RpQ6Nd0mc=,tag:H9kovJyn3Te3ir9X234VGA==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:CqrwaZp1fHd/WEGQH3xWI8DZ2/AavCqwTtwZeHmnrct5yoD3,iv:IBOHGQlw+uQt8Ryp/mCDcglfSPNXvvHOjNnrT+7nOHQ=,tag:tEkGEtPaOBK+P3LrQzOLsQ==,type:str]
|
||||
#ENC[AES256_GCM,data:Rw4BWXZutQ==,iv:rXe2i1G/xQkpBl0wh6VIzaNoidCc3JL4sy6v5hcOF/M=,tag:2tZyH8B0ZL7XptKHk6TcAQ==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:CsbquwEn+iOKCzda8z26FYk2i5aPk2xzqGIYORiD4lotvnFE,iv:zHPmlT4LAc6NDjXrExze23dZZFIj0c1eR4WW74cu+qs=,tag:5MDFrZNgv54mK05ImSvpkw==,type:str]
|
||||
#ENC[AES256_GCM,data:vqYkwGVcQ8yZbA==,iv:1ckVSiAgjuT/K0MuVHe8D2hHE7X2qxCHpb+y6nrFCsI=,tag:so9oFl6bXlJT2O+prplazw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:KUraqncs8iPr7z+COfJ1z0TLNLlgctxy8FCav95+kkVXtStx,iv:Uv90bnVmmQh6f9pKOWmEKCul5VPxF7rrQ9GYrsCGPp8=,tag:I0r5o8xIYuq5/MIXSOHT3Q==,type:str]
|
||||
#ENC[AES256_GCM,data:F2x+2zrePYDkCA==,iv:aTMeqvGVI43xLsN9submgciiJEjY4hYypJ9RJLIBYTE=,tag:quKW+MATVzRw1bda2jGjdg==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:BjnUUnNyqUvvPbfa1CeYvcVbMOwz6/Em4YhxRgmlicOSwro+,iv:LULwzjV5PRihTHNZFJ21IrDG3rW3qX4CYwF4Xu1KdZg=,tag:pZAI4OEx24d6h/h9JyQ/hA==,type:str]
|
||||
#ENC[AES256_GCM,data:aka1O9hn/dZX3Q==,iv:rWik4cYtHY/Z3xQ0p/i49zTXVmKEQDV4OMn12UaQr3Q=,tag:hPm4bugH9RAtsykj0BJ0Pw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:URZqRUDtG5FDrZDsmI7CFn4ilp97GJtgaVVB+j0dRUdtVGoq,iv:iUkcr6Oo29y5PIGF/GJRltn5DD19yEcBIsJAaYs43AI=,tag:gzSsjeQxvjvfFVkDHPkfvQ==,type:str]
|
||||
#ENC[AES256_GCM,data:JkMniTrakuonAA==,iv:V5KmQL+C5O2mb3ktlm1ITjLaa1NxToQlyToqYbGme9U=,tag:UTZm05uyb5j0Pf9vuxyIxg==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:fFtnkBnaOktHaIfk7dN2U73UkloToiLvP3Pg2VAqPzvTE49h,iv:DZrba7RWmaeOQsqh3Kq/IuFS9so5u5ItK5WwV/65FYE=,tag:v+pOozYvrJJIsj7A/a3S/g==,type:str]
|
||||
#ENC[AES256_GCM,data:gR0WsUYdBZBWjA==,iv:rnXZQaDNu+cEzneEa6/2pO+qUXl/fut8FJ3n90A6ATs=,tag:azNGPfWv+ZgOU/B5PMCVZg==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:S8VSoBIR/RqwctgYPtyIPEK2hXLr4LZ/jJvvFHA6CGgp9/Ff,iv:8eLCZEaiquwZyswwLkLoJcl7UPWTVYmQqZ2egAGFWWM=,tag:VgJiSt8eRcRhppMXkAkmKg==,type:str]
|
||||
#ENC[AES256_GCM,data:vWW1bNyENgcspxI=,iv:xXCrjHyxVtodkVu/wgy1OrHGGm20nEd1iyparWcycYE=,tag:FRu132btquzXkiLXlnq1Iw==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:Wux6pzwor0B1A9d1y0QEpcNnYn1pObloHxghSONHcsQ266/7,iv:jWSuswV6vTQdL764I/zxFC5gkFOa5Qwj54rggmmZX7I=,tag:4hmqBTn0T3a6Sjt9lofwbg==,type:str]
|
||||
#ENC[AES256_GCM,data:IJWHWxbhy+gxhxk=,iv:HzMi211JiVfHUhEJm+q/K0tCjUEXDhollUf8Bm+HVA0=,tag:P22Q/h+DUhhJayZftcvVfg==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:0X5x3SATZm25kVf8cu7TGm2t95DneLAqhP16fRQCtROzyZyg,iv:dmlwRmubnRq2fNdNz3lVlAVYpPjVHkFm60IvPcajjds=,tag:eDJYYf3eRw+FxfaHiRDk5Q==,type:str]
|
||||
#ENC[AES256_GCM,data:O3ovvRYzFrQY,iv:/Zs8e6u7wdp18AacZ3WWBvn5PDtXDnQ6ZyqLiyYmvAY=,tag:HmhKBI3aRCIR34vOEnv1iA==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:ee0naewdOjIxA0QEpmUyOSu++sUJQneEufhJBHiyOR7jAPTU,iv:09fZ0dLUZHp9wM2lCiIcTzFey2AkWBmnUCfq8W3FM6Y=,tag:dHBVo/Ok3Q9vy1pIbWC1Kw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:3h+cpSHULgwlI/zOI0IL4t4diDzm7qWW1sOWZqkFRWCB0CAfGyydGNlZkqA=,iv:pVpmw0aEDssQSr724h9NvJqFMHu0NupDfCSt1RWVnUk=,tag:fonuszujTzeo2HqO1OokEw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
|
||||
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
|
||||
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
|
||||
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
|
||||
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
|
||||
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
|
||||
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
|
||||
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
|
||||
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T07:42:38Z"
|
||||
mac: ENC[AES256_GCM,data:fQm8aI6KdoJVxcl4MQP7Q6EZVqmmLFo9A3Hjo/tKZA+VOYvQWFBxIKwy5Cj0SBi4pWsSjwG6pJZ7m6Wh/dDK4KlgkoaXgAYj+efHtScOH5Gkb0sTpAkHNL+/CJ/cO1doXiXRGj47fn1QB9o9WBaomtOWQbzDts4eFs9pdm8TAq4=,iv:91Ilig4j0ELHEatTY7ALKwwr8AzYnRwhKbdWDcufZF4=,tag:UfwaudQTNKu+uryCZjo3mw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,88 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/0067ef91-06f7-416e-88cb-4880ce04afa4"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "znver2";
|
||||
initrd.sshd = {};
|
||||
network = {};
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
xray = { server = {}; xmuPersist = {}; };
|
||||
nginx =
|
||||
{
|
||||
streamProxy.map =
|
||||
{
|
||||
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
|
||||
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
|
||||
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
|
||||
"xservernas.chn.moe" = { upstream = "wg0.nas.chn.moe:443"; proxyProtocol = false; };
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
|
||||
[ "xn--qbtm095lrg0bfka60z" ]));
|
||||
applications =
|
||||
{
|
||||
element.instances."element.chn.moe" = {};
|
||||
synapse-admin.instances."synapse-admin.chn.moe" = {};
|
||||
catalog.enable = true;
|
||||
main = {};
|
||||
nekomia.enable = true;
|
||||
blog = {};
|
||||
sticker = {};
|
||||
tgapi = {};
|
||||
};
|
||||
};
|
||||
coturn = {};
|
||||
httpua = {};
|
||||
mirism = {};
|
||||
fail2ban = {};
|
||||
beesd."/" = {};
|
||||
# bind = {};
|
||||
};
|
||||
};
|
||||
networking.nftables.tables.forward =
|
||||
{
|
||||
family = "inet";
|
||||
content =
|
||||
let
|
||||
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0";
|
||||
in
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
|
||||
tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname wg0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
|
||||
user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str]
|
||||
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
|
||||
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:+MKTpaA8hO8q0kyY0V1csedLOtIf760Vr0+WllGe9lgMJ5da,iv:5txOM3sFOhKVX4EVozb8XHWLU0fUNxCF9YAwTYaTL6c=,tag:jkgOVgiEc5phY1XNETsdpA==,type:str]
|
||||
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
|
||||
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str]
|
||||
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
|
||||
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
|
||||
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:AnZb12dioiCamubOb6fsGWoM55zfPMeRbu+j8bRRcMfSQFJf,iv:rB+4B11JFC0oS2ExUW18f5WvhnE4EuHh3IiEyxWeY3A=,tag:jt+3yxDvhusvB8ppbdAwzw==,type:str]
|
||||
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:+SA+VcZcy5ckuS/46Dn093VvuqxrIACuqMAMx6Ko5yw0DVdW,iv:TeLXb1WI7uhcPDkXYSlKIxdE6Kz+nCnlB+ZYpWcaF4I=,tag:YB0sPD9yHMARhiMJs7JKcA==,type:str]
|
||||
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:Pec0CVGia/ZIaq7WerZlr0/waJ/Ev1OKwt7V3PBxBSFMLi7p,iv:wYTdhv4Xoe58KBIwV1vk/V4IcdVzQrBgmzGaRD7qHQs=,tag:IZVt5LmjTUge8XntujJlTA==,type:str]
|
||||
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:iTZViWyKkCU1y6mvB0NzkXf3I98U/+nCs21ZD6M285YKaU6q,iv:vFgA3sv/7ENcw3gyJLiiHLwroXtVJjAxZXViqjXF3mQ=,tag:u3b9Uu6TIPPYX0TW5X5Sjg==,type:str]
|
||||
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:ID/A7yCWQIWRoU7Emhel2ASZfTweqXYmpC5q6Fm6ptD0XfCu,iv:YrFjIilO4pH+QxVVDTqwkufj2VSC38y9lAJfD8w522I=,tag:1v/T7vWeh0LMi0OL0FVs9g==,type:str]
|
||||
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:esInSvj+a90TAl+b/n9m2iJsH7e6tlQRwSsoLBCy8KA9a0Z3,iv:U4c0pZzqS1s5H6XW3YRSCvDhtxnwCnyKR/tObefX2Rw=,tag:YtY/t4xsmZaj4lC39XQ5SA==,type:str]
|
||||
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:6h343SreoMqz5ZHkdyDI/je4v10r5zBV7cWc6Pj4x5sI2cvE,iv:7WSikMxAZJUnv3+GPq40d8r9JkKRRH/SPW5F5fy5HHY=,tag:6h5Z7+WXT/dLNeEIrC0UGw==,type:str]
|
||||
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:HJj0e6EHXEYmDXlZcS8UlfEQo/4y47w3sYKgb2Ojq6E4vMdE,iv:xThlGl/DDLLgoY5VkBSCx9HIvxy2ZlO5Q987vIMu0lA=,tag:gB07jP6Do4/6RmVaLB3Ecg==,type:str]
|
||||
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:unW8dOhNbPNLWd7X2prpD82tcqUua7msq8nX3ykFs8STsuto,iv:OLaZ9XQDFGaA1VENgsSn/3HQXp957Zf9MD9GPZ4KLE8=,tag:UK27LK+De3AzbI2mEIsQpw==,type:str]
|
||||
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
|
||||
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
|
||||
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:LClSrxtBzuJUD4J4QaYXHUr8XSi+N7Zh193j/YeBZRm9sjgf,iv:djiq3+iVnuKK2HveoCm/j8FezzrHRGnjbyoO6iGm6eA=,tag:N5hqYyvJGxnwT8wbxdnjiA==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
|
||||
send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
coturn:
|
||||
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:5M7EAy/6+2UASWkjxE0Jrxwl0aNdAVZaUjQnD1wU3YvOAQ/c2DSL8hVtKf8=,iv:a2tXFf1+aP0JhdNtzP8e82KJ71m2o8nx+G0wIx4VMig=,tag:l4TS4QBz2fIkC9/GnZgHnQ==,type:str]
|
||||
xray-xmu-client:
|
||||
cookie: ENC[AES256_GCM,data:RZ2WFnsX7s/PVqA7ZKhGqw==,iv:CknFoAcHIiIwJI1IEXkFdWXcOCAZr50pfwmQN72OI8o=,tag:w2pNU1APxlSQsGMIEdE2OA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXc4NzREZHlhMDV2WXlM
|
||||
a2I4d1pjWm9Xd2gzUDUwZ1ZSTkFGR1ZQNDJzCmJwcWFxRWNNVGxTNno2b1NxNktO
|
||||
aHhINXBjdmE3alFGYk9kUHZ1UzdJUk0KLS0tIFdKMDlvb1Z2Qi8xRjl0MXpKMDMz
|
||||
cVVNdDRDNmtHZlJEcVRXR1FLVkZrMWcKn2iTHH7/52fJNXcbDFbzOxNAaiQRA0nO
|
||||
we74EeNzcaaQwuEmBQPKxd/g7/kjhnHzTkoX3OneXMd/gBZMn2knXw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEw1bXA4QUZkUzJ0Z3pM
|
||||
Z0xHam5SLzRGV21XYUtxTFh1VnhQUk1NbzAwCkU1Z3VTR1FtZ05GOWNDOENlZTgz
|
||||
SitzYXo2Q2VEaGtLTGE2UGRoUDkxN28KLS0tIHhRS2Y1cnQreC9Fc2FLdGR1ZXdJ
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T05:54:47Z"
|
||||
mac: ENC[AES256_GCM,data:OtHwr58A1UOfYxQR88ay76fWmAyWPl5YtNbAiv0LXPLZPRtLGBJKuTjMaHr17AMepFZ+u5IPV2r8z1AUDj0opLXlv3Ik/DJ2PCcQTOBH+/lnSgzJKWfdCip9/wFR6N3dT0PKKLuBiURB9ZCYmtnq6E5+Guadc6ATYDSEpwbENZQ=,iv:kXsYMGjAtUlv1UqFU8Xv0zagohnpHkzSI72mq5HKY7k=,tag:KR+1A8l2VvbzDZV/00hbJg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
@@ -1,12 +0,0 @@
|
||||
# .bash_profile
|
||||
|
||||
# Get the aliases and functions
|
||||
if [ -f ~/.bashrc ]; then
|
||||
. ~/.bashrc
|
||||
fi
|
||||
|
||||
# User specific environment and startup programs
|
||||
|
||||
PATH=$PATH:$HOME/bin
|
||||
|
||||
export PATH
|
||||
@@ -1,43 +0,0 @@
|
||||
# .bashrc
|
||||
|
||||
# Source global definitions
|
||||
if [ -f /etc/bashrc ]; then
|
||||
. /etc/bashrc
|
||||
fi
|
||||
|
||||
export PATH=$PATH:/data/gpfs01/wlin/bin
|
||||
|
||||
# User specific aliases and functions
|
||||
export PATH=/data/gpfs01/wlin/bin/vaspkit.1.4.1/bin:${PATH}
|
||||
#export PATH=~/bin:/data/gpfs01/wlin/opt/mpich_ifort/bin:$PATH
|
||||
#export LD_LIBRARY_PATH=/data/gpfs01/wlin/opt/mpich_ifort/lib:$LD_LIBRARY_PATH
|
||||
#export PATH=~/bin:/data/gpfs01/wlin/opt/mpich/bin:$PATH
|
||||
#export LD_LIBRARY_PATH=/data/gpfs01/wlin/opt/mpich/lib:$LD_LIBRARY_PATH
|
||||
export P4_RSHCOMMAND=ssh
|
||||
shopt -s cdspell
|
||||
export HISTCONTROL=ignoredups
|
||||
#shopt -s histappend
|
||||
PROMPT_COMMAND='history -a'
|
||||
export C3_RSH="ssh -x"
|
||||
export OMP_NUM_THREADS=1
|
||||
export MKL_NUM_THREADS=1
|
||||
alias grep='grep --color'
|
||||
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
|
||||
|
||||
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S `whoami`@${USER_IP}: "
|
||||
export HISTFILESIZE=1000000
|
||||
export PROMPT_COMMAND="history -a; history -r; $PROMPT_COMMAND"
|
||||
shopt -s histappend
|
||||
# Auto add env parameter $PROMPT_COMMAND when use non-Linux tty login by ssh.
|
||||
if [ "$SSH_CONNECTION" != '' -a "$TERM" != 'linux' ]; then
|
||||
declare -a HOSTIP
|
||||
HOSTIP=`echo $SSH_CONNECTION |awk '{print $3}'`
|
||||
export PROMPT_COMMAND='echo -ne "\033]0;${USER}@$HOSTIP:[${HOSTNAME%%.*}]:${PWD/#$HOME/~} \007"'
|
||||
fi
|
||||
ulimit -s unlimited
|
||||
export PYTHONPATH=/data/gpfs01/wlin/bin/VaspBandUnfolding-master:${PYTHONPATH}
|
||||
|
||||
# vsts, see https://theory.cm.utexas.edu/vtsttools/scripts.html
|
||||
export PATH=$PATH:/data/gpfs01/wlin/yjj/vtstscripts-1022
|
||||
export PERL5LIB=/data/gpfs01/wlin/yjj/vtstscripts-1022
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# install nix
|
||||
|
||||
1. Build nix using `nix build github:NixOS/nixpkgs/nixos-24.11#nixStatic`, upload, create symlink `nix-store` `nix-build` etc. pointing to it.
|
||||
2. Upload `.config/nix/nix.conf`.
|
||||
|
||||
# install or update packages
|
||||
|
||||
1. On nixos, make sure `/public/home/xmuhk/.nix` is mounted correctly.
|
||||
2. Build using `sudo nix build --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' .#xmuhk` .
|
||||
3. Diff store using `sudo nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' -qR ./result | grep -Fxv -f <(ssh xmuhk find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' --export | xz -T0 | pv > xmuhk.nar.xz` .
|
||||
4. Upload `xmuhk.nar.xz` to hpc.
|
||||
5. On hpc, `pv xmuhk.nar.xz | xz -d | nix-store --import` .
|
||||
6. Create gcroot using `nix build /xxx-xmuhk -o .nix/state/gcroots/current`, where `/xxx-xmuhk` is the last path printed by `nix-store --import` .
|
||||
@@ -1,69 +0,0 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = null; nixRoot = "/public/home/xmuhk/.nix"; nixos = false; };
|
||||
});
|
||||
lumericalLicenseManager =
|
||||
let
|
||||
ip = "${pkgs.iproute2}/bin/ip";
|
||||
awk = "${pkgs.gawk}/bin/awk";
|
||||
sed = "${pkgs.gnused}/bin/sed";
|
||||
chmod = "${pkgs.coreutils}/bin/chmod";
|
||||
sing = "/public/software/singularity/singularity-3.8.3/bin/singularity";
|
||||
in pkgs.writeShellScriptBin "lumericalLicenseManager"
|
||||
''
|
||||
echo "Cleaning up..."
|
||||
${sing} instance stop lumericalLicenseManager || true
|
||||
[ -d /tmp/lumerical ] && chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical || true
|
||||
mkdir -p /tmp/lumerical
|
||||
while true; do
|
||||
if ! ss -tan | grep -q ".*TIME-WAIT .*:1084 "; then break; fi
|
||||
sleep 10
|
||||
done
|
||||
|
||||
echo "Extracting image..."
|
||||
${sing} build --sandbox /tmp/lumerical/lumericalLicenseManager \
|
||||
${inputs.self.src.lumerical.licenseManager.sifImageFile}
|
||||
mkdir /tmp/lumerical/lumericalLicenseManager/public
|
||||
|
||||
echo 'Searching for en* interface...'
|
||||
iface=$(${ip} -o link show | ${awk} -F': ' '/^[0-9]+: en/ {print $2; exit}')
|
||||
if [ -n "$iface" ]; then
|
||||
echo "Found interface: $iface"
|
||||
echo 'Extracting MAC address...'
|
||||
mac=$(${ip} link show "$iface" | ${awk} '/link\/ether/ {print $2}' | ${sed} 's/://g')
|
||||
echo "Extracted MAC address: $mac"
|
||||
else
|
||||
echo "No interface starting with 'en' found." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo 'Creating license file...'
|
||||
${sed} -i "s|xxxxxxxxxxxxx|$mac|" \
|
||||
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
|
||||
${sed} -i 's|2022.1231|2035.1231|g' \
|
||||
/tmp/lumerical/lumericalLicenseManager/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
|
||||
|
||||
echo "Starting license manager..."
|
||||
${sing} instance start --writable /tmp/lumerical/lumericalLicenseManager lumericalLicenseManager
|
||||
${sing} exec instance://lumericalLicenseManager /bin/sh -c \
|
||||
"pushd /home/ansys_inc/shared_files/licensing; (./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"
|
||||
|
||||
cleanup() {
|
||||
echo "Stopping license manager..."
|
||||
${sing} instance stop lumericalLicenseManager
|
||||
chmod -R u+w /tmp/lumerical && rm -rf /tmp/lumerical
|
||||
}
|
||||
trap cleanup SIGINT SIGTERM SIGHUP EXIT
|
||||
tail -f /dev/null
|
||||
'';
|
||||
in pkgs.symlinkJoin
|
||||
{
|
||||
name = "xmuhk";
|
||||
paths = (with pkgs; [ hello btop htop iotop pv localPackages.lumerical.lumerical.cmd ])
|
||||
++ [ lumericalLicenseManager ];
|
||||
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
|
||||
passthru = { inherit pkgs; };
|
||||
}
|
||||
@@ -1,2 +0,0 @@
|
||||
store = local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log
|
||||
experimental-features = flakes nix-command
|
||||
@@ -1,2 +0,0 @@
|
||||
* archive: archive
|
||||
* one-fprint: test fingerpint on one
|
||||
31
doc/setup.md
31
doc/setup.md
@@ -1,31 +0,0 @@
|
||||
```bash
|
||||
nixos-install --flake .#vps4 --option substituters https://nix-store.chn.moe \
|
||||
--option require-sigs false --option system-features gccarch-znver2 \
|
||||
--option extra-experimental-features ca-derivations
|
||||
nix-serve -p 5000
|
||||
nix copy --substitute-on-destination --to ssh://server /run/current-system
|
||||
nix copy --to ssh://nixos@192.168.122.56 ./result
|
||||
sudo nixos-install --flake .#bootstrap --option substituters http://192.168.122.1:5000 --option require-sigs false
|
||||
sudo chattr -i var/empty
|
||||
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
sudo nixos-rebuild switch --flake .#vps6 --log-format internal-json -v |& nom --json
|
||||
boot.shell_on_fail systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
|
||||
sudo usbipd
|
||||
ssh -R 3240:127.0.0.1:3240 root@192.168.122.57
|
||||
modprobe vhci-hcd
|
||||
sudo usbip bind -b 3-6
|
||||
usbip attach -r 127.0.0.1 -b 3-6
|
||||
systemd-cryptenroll --fido2-device=auto /dev/vda2
|
||||
systemd-cryptsetup attach root /dev/vda2
|
||||
ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
|
||||
ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
|
||||
systemd-machine-id-setup --root=/mnt/nix/persistent
|
||||
pg_dump -h 127.0.0.1 -U synapse -Fc -f synaps.dump synapse
|
||||
pg_restore -h 127.0.0.1 -U misskey -d misskey --data-only --jobs=4 misskey.dump
|
||||
cryptsetup luksUUID --uuid=<the new UUID> /dev/sda1
|
||||
mungekey -k munge.key
|
||||
mv munge.key munge.key.orig
|
||||
sops -e --input-type binary --output-type binary munge.key.orig > munge.key
|
||||
rm munge.key.orig
|
||||
sudo nix build --store 'local?root=/mnt' --option substituters https://nix-store.chn.moe --option require-sigs false /nix/store/khhqmly5295ns33dz1s3m3sb79icj6bi-nixos-system-srv3-production-24.11
|
||||
```
|
||||
10
doc/todo.md
10
doc/todo.md
@@ -1,10 +0,0 @@
|
||||
* 打包 intel 编译器
|
||||
* 切换到 niri,清理 plasma
|
||||
* 调整其它用户的 zsh 配置
|
||||
* 调整 motd
|
||||
* 找到 wg1 不能稳定工作的原因;确定 persistentKeepalive 发包的协议、是否会被正确 NAT。
|
||||
* 清理 mariadb,移动到 persistent
|
||||
* 清理多余文件
|
||||
* 移动日志到 persistent
|
||||
* 准备单独一个的 archive
|
||||
* 测试透明代理代理其它机器的情况
|
||||
@@ -1,12 +0,0 @@
|
||||
* merge upstream, update flake
|
||||
* update src
|
||||
* fix all build errors
|
||||
* update modules (synapse)
|
||||
* update postgresql nextcloud
|
||||
* update stateVersion
|
||||
* switch
|
||||
* fix disabled packages
|
||||
* upstream patches
|
||||
* merge upstream again
|
||||
* switch
|
||||
* build all
|
||||
@@ -1,9 +0,0 @@
|
||||
1. 调整代码,编译。
|
||||
2. 将系统上传到新机。不要 rebuild。
|
||||
3. 如果原机数据比较多,则先传输一个快照过去。
|
||||
4. 将原机停机,修改 dns。
|
||||
5. 传输原机的数据到新机,但不要替换子卷。
|
||||
6. 替换 initrd ssh key,rebuild。
|
||||
7. 替换子卷。
|
||||
8. 替换 luks 密钥。
|
||||
9. 重启。
|
||||
1961
flake.lock
generated
1961
flake.lock
generated
File diff suppressed because it is too large
Load Diff
783
flake.nix
783
flake.nix
@@ -3,84 +3,721 @@
|
||||
|
||||
inputs =
|
||||
{
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
nixpkgs-2505.url = "github:CHN-beta/nixpkgs/nixos-25.05";
|
||||
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
|
||||
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
|
||||
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
|
||||
home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
impermanence.url = "github:CHN-beta/impermanence";
|
||||
plasma-manager =
|
||||
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
|
||||
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
|
||||
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
sops-nix =
|
||||
{
|
||||
url = "github:pjones/plasma-manager";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
|
||||
};
|
||||
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-flatpak.url = "github:gmodena/nix-flatpak";
|
||||
chaotic =
|
||||
{
|
||||
url = "github:chaotic-cx/nyx";
|
||||
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
|
||||
};
|
||||
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
bscpkgs = { url = "github:CHN-beta/bscpkgs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
niri = { url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix4vscode = { url = "github:nix-community/nix4vscode"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
dankmaterialshell = { url = "github:AvengeMedia/DankMaterialShell"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
|
||||
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
|
||||
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
|
||||
zpp-bits = { url = "github:eyalz800/zpp_bits"; flake = false; };
|
||||
concurrencpp = { url = "github:David-Haim/concurrencpp"; flake = false; };
|
||||
cppcoro = { url = "github:Garcia6l20/cppcoro"; flake = false; };
|
||||
date = { url = "github:HowardHinnant/date"; flake = false; };
|
||||
matplotplusplus = { url = "github:alandefreitas/matplotplusplus"; flake = false; };
|
||||
nameof = { url = "github:Neargye/nameof"; flake = false; };
|
||||
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
|
||||
v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
|
||||
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
|
||||
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
|
||||
mumax = { url = "github:mumax/3"; flake = false; };
|
||||
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
|
||||
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
|
||||
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
|
||||
hextra = { url = "github:imfing/hextra"; flake = false; };
|
||||
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
|
||||
py4vasp = { url = "github:vasp-dev/py4vasp?ref=v0.10.2"; flake = false; };
|
||||
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
|
||||
blog = { url = "git+https://git.chn.moe/chn/blog-public.git?lfs=1"; flake = false; };
|
||||
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git?lfs=1"; flake = false; };
|
||||
vaspberry = { url = "github:Infant83/VASPBERRY"; flake = false; };
|
||||
ufo = { url = "git+https://git.chn.moe/chn/ufo.git?lfs=1"; flake = false; };
|
||||
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
|
||||
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
|
||||
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
|
||||
phono3py = { url = "github:phonopy/phono3py/v3.15.1"; flake = false; };
|
||||
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
|
||||
speedtest = { url = "github:librespeed/speedtest"; flake = false; };
|
||||
pybinding = { url = "git+https://github.com/dean0x7d/pybinding?submodules=1"; flake = false; };
|
||||
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nur.url = "github:nix-community/NUR";
|
||||
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
};
|
||||
|
||||
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
|
||||
{
|
||||
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
|
||||
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
|
||||
overlays.default = final: prev:
|
||||
{ localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
|
||||
config =
|
||||
outputs = inputs:
|
||||
let
|
||||
localLib = import ./local/lib inputs.nixpkgs.lib;
|
||||
in
|
||||
{
|
||||
branch = import ./flake/branch.nix;
|
||||
dns = inputs.self.packages.x86_64-linux.dns-push.meta.config;
|
||||
packages.x86_64-linux =
|
||||
{
|
||||
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
|
||||
(builtins.concatStringsSep "\n" (builtins.map
|
||||
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
|
||||
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ]));
|
||||
}
|
||||
// (
|
||||
builtins.listToAttrs (builtins.map
|
||||
(system:
|
||||
{
|
||||
name = system;
|
||||
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
|
||||
})
|
||||
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ])
|
||||
);
|
||||
nixosConfigurations = builtins.listToAttrs (builtins.map
|
||||
(system:
|
||||
{
|
||||
name = system.name;
|
||||
value = inputs.nixpkgs.lib.nixosSystem
|
||||
{
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { topInputs = inputs; inherit localLib; };
|
||||
modules = localLib.mkModules
|
||||
(
|
||||
[
|
||||
(inputs: { config.nixpkgs.overlays = [(final: prev:
|
||||
{
|
||||
localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; });
|
||||
unstablePackages = import inputs.topInputs.nixpkgs-unstable
|
||||
{ system = "x86_64-linux"; config.allowUnfree = true; };
|
||||
})]; })
|
||||
./modules
|
||||
]
|
||||
++ system.value
|
||||
);
|
||||
};
|
||||
})
|
||||
(localLib.attrsToList
|
||||
{
|
||||
"pc" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto =
|
||||
{
|
||||
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
|
||||
"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
|
||||
};
|
||||
mdadm =
|
||||
"ARRAY /dev/md/swap metadata=1.2 name=pc:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
resume = "/dev/mapper/swap";
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub =
|
||||
{
|
||||
windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
|
||||
installDevice = "efi";
|
||||
};
|
||||
nix =
|
||||
{
|
||||
marches =
|
||||
[
|
||||
"alderlake"
|
||||
# CX16
|
||||
"sandybridge"
|
||||
# CX16 SAHF FXSR
|
||||
"silvermont"
|
||||
# RDSEED MWAITX SHA CLZERO CX16 SSE4A ABM CLFLUSHOPT WBNOINVD
|
||||
"znver2" "znver3"
|
||||
# CX16 SAHF FXSR HLE RDSEED
|
||||
"broadwell"
|
||||
];
|
||||
keepOutputs = true;
|
||||
};
|
||||
nixpkgs = { march = "alderlake"; cudaSupport = true; };
|
||||
gui.enable = true;
|
||||
kernel =
|
||||
{
|
||||
patches = [ "cjktty" "preempt" ];
|
||||
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
||||
};
|
||||
impermanence.enable = true;
|
||||
networking = { hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" "nvidia" ];
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
prime =
|
||||
{ enable = true; mode = "offload"; busId = { intel = "PCI:0:2:0"; nvidia = "PCI:1:0:0"; };};
|
||||
gamemode.drmDevice = 1;
|
||||
};
|
||||
packages =
|
||||
{
|
||||
packageSet = "workstation";
|
||||
extraPrebuildPackages = with inputs.pkgs; [ llvmPackages_git.stdenv ];
|
||||
extraPythonPackages = [(pythonPackages:
|
||||
[ inputs.pkgs.localPackages.upho inputs.pkgs.localPackages.spectral ])];
|
||||
};
|
||||
virtualization =
|
||||
{
|
||||
waydroid.enable = true;
|
||||
docker.enable = true;
|
||||
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
|
||||
# kvmGuest.enable = true;
|
||||
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
|
||||
};
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
private = true;
|
||||
hostsAllowed = "192.168. 127.";
|
||||
shares =
|
||||
{
|
||||
media.path = "/run/media/chn";
|
||||
home.path = "/home/chn";
|
||||
mnt.path = "/mnt";
|
||||
share.path = "/home/chn/share";
|
||||
};
|
||||
};
|
||||
sshd.enable = true;
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns =
|
||||
{
|
||||
extraInterfaces = [ "docker0" ];
|
||||
hosts =
|
||||
{
|
||||
"mirism.one" = "216.24.188.24";
|
||||
"beta.mirism.one" = "216.24.188.24";
|
||||
"ng01.mirism.one" = "216.24.188.24";
|
||||
"debug.mirism.one" = "127.0.0.1";
|
||||
"initrd.vps6.chn.moe" = "74.211.99.69";
|
||||
"nix-store.chn.moe" = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
|
||||
acme = { enable = true; certs = [ "debug.mirism.one" ]; };
|
||||
frpClient =
|
||||
{
|
||||
enable = true;
|
||||
serverName = "frp.chn.moe";
|
||||
user = "pc";
|
||||
tcp.store = { localPort = 443; remotePort = 7676; };
|
||||
};
|
||||
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
|
||||
smartd.enable = true;
|
||||
nginx = { enable = true; transparentProxy.enable = false; };
|
||||
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
|
||||
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
|
||||
};
|
||||
bugs =
|
||||
[
|
||||
"intel-hdmi" "suspend-hibernate-no-platform" "hibernate-iwlwifi" "suspend-lid-no-wakeup" "xmunet"
|
||||
"suspend-hibernate-waydroid" "embree"
|
||||
];
|
||||
};})
|
||||
];
|
||||
"vps6" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "sandybridge";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking = { hostname = "vps6"; nebula.enable = true; };
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
packages.packageSet = "server";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
|
||||
frpServer = { enable = true; serverName = "frp.chn.moe"; };
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
transparentProxy =
|
||||
{
|
||||
externalIp = "74.211.99.69";
|
||||
map =
|
||||
{
|
||||
"ng01.mirism.one" = 7411;
|
||||
"beta.mirism.one" = 9114;
|
||||
"nix-store.chn.moe" = 7676;
|
||||
"direct.xn--qbtm095lrg0bfka60z.chn.moe" = 7676;
|
||||
};
|
||||
};
|
||||
};
|
||||
misskey-proxy =
|
||||
{
|
||||
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
|
||||
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
};
|
||||
coturn.enable = true;
|
||||
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
|
||||
};
|
||||
};})
|
||||
];
|
||||
"vps4" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "znver3";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "vps4";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
packages.packageSet = "server";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
"vps7" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
|
||||
nixpkgs.march = "broadwell";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking = { hostname = "vps7"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
gui.enable = true;
|
||||
};
|
||||
packages =
|
||||
{
|
||||
packageSet = "desktop";
|
||||
};
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
rsshub.enable = true;
|
||||
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
|
||||
wallabag.enable = true;
|
||||
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
|
||||
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
|
||||
synapse.enable = true;
|
||||
synapse-proxy."synapse.chn.moe" = {};
|
||||
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
|
||||
};
|
||||
};})
|
||||
];
|
||||
"nas" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.manual =
|
||||
{
|
||||
enable = true;
|
||||
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
|
||||
delayedMount = [ "/" ];
|
||||
};
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
|
||||
nixpkgs.march = "silvermont";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
initrd =
|
||||
{
|
||||
network.enable = true;
|
||||
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
|
||||
};
|
||||
kernel.patches = [ "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "nas";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
packages.packageSet = "server";
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
sshd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
"xmupc1" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto =
|
||||
{
|
||||
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
|
||||
"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
|
||||
};
|
||||
mdadm =
|
||||
"ARRAY /dev/md/swap metadata=1.2 name=pc:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
resume = "/dev/mapper/swap";
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "efi";
|
||||
nixpkgs = { march = "znver3"; cudaSupport = true; };
|
||||
nix =
|
||||
{
|
||||
marches =
|
||||
[
|
||||
"znver3" "znver2"
|
||||
# PREFETCHW RDRND XSAVE XSAVEOPT PTWRITE SGX GFNI-SSE MOVDIRI MOVDIR64B CLDEMOTE WAITPKG LZCNT
|
||||
# PCONFIG SERIALIZE HRESET KL WIDEKL AVX-VNNI
|
||||
"alderlake"
|
||||
# SAHF FXSR XSAVE
|
||||
"sandybridge"
|
||||
# SAHF FXSR PREFETCHW RDRND
|
||||
"silvermont"
|
||||
];
|
||||
substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
};
|
||||
gui.enable = true;
|
||||
kernel =
|
||||
{
|
||||
patches = [ "cjktty" "preempt" ];
|
||||
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
||||
};
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "xmupc1";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" "nvidia" ];
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
prime =
|
||||
{ enable = true; mode = "offload"; busId = { intel = "PCI:0:2:0"; nvidia = "PCI:1:0:0"; };};
|
||||
};
|
||||
packages.packageSet = "workstation";
|
||||
virtualization =
|
||||
{
|
||||
docker.enable = true;
|
||||
kvmHost = { enable = true; gui = true; };
|
||||
};
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
hostsAllowed = "192.168. 127.";
|
||||
shares =
|
||||
{
|
||||
media.path = "/run/media/chn";
|
||||
home.path = "/home/chn";
|
||||
mnt.path = "/mnt";
|
||||
share.path = "/home/chn/share";
|
||||
};
|
||||
};
|
||||
sshd.enable = true;
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns =
|
||||
{
|
||||
extraInterfaces = [ "docker0" ];
|
||||
hosts =
|
||||
{
|
||||
"mirism.one" = "216.24.188.24";
|
||||
"beta.mirism.one" = "216.24.188.24";
|
||||
"ng01.mirism.one" = "216.24.188.24";
|
||||
"debug.mirism.one" = "127.0.0.1";
|
||||
"initrd.vps6.chn.moe" = "74.211.99.69";
|
||||
"nix-store.chn.moe" = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" ];
|
||||
frpClient =
|
||||
{
|
||||
enable = true;
|
||||
serverName = "frp.chn.moe";
|
||||
user = "xmupc1";
|
||||
tcp.store = { localPort = 443; remotePort = 7676; };
|
||||
};
|
||||
smartd.enable = true;
|
||||
nginx = { enable = true; transparentProxy.enable = false; };
|
||||
postgresql.enable = true;
|
||||
};
|
||||
bugs = [ "xmunet" "firefox" "embree" ];
|
||||
};})
|
||||
];
|
||||
"yoga" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
|
||||
{ mapper = "root"; ssd = true; };
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
nixpkgs.march = "silvermont";
|
||||
gui.enable = true;
|
||||
grub.installDevice = "efi";
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "yoga";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" ];
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
virtualization.docker.enable = true;
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
sshd.enable = true;
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" ];
|
||||
smartd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
"pe" =
|
||||
[
|
||||
(inputs: { config.nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/A0F1-74E5" = "/boot/efi";
|
||||
btrfs =
|
||||
{
|
||||
"/dev/disk/by-uuid/a7546428-1982-4931-a61f-b7eabd185097"."/boot" = "/boot";
|
||||
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
};
|
||||
decrypt.auto."/dev/disk/by-uuid/0b800efa-6381-4908-bd63-7fa46322a2a9" =
|
||||
{ mapper = "root"; ssd = true; };
|
||||
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
|
||||
};
|
||||
grub.installDevice = "efiRemovable";
|
||||
gui.enable = true;
|
||||
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
|
||||
kernel.patches = [ "cjktty" "preempt" ];
|
||||
impermanence.enable = true;
|
||||
networking.hostname = "pe";
|
||||
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
cpus = [ "intel" ];
|
||||
gpus = [ "intel" "nvidia" ];
|
||||
bluetooth.enable = true;
|
||||
joystick.enable = true;
|
||||
printer.enable = true;
|
||||
sound.enable = true;
|
||||
};
|
||||
packages.packageSet = "desktop";
|
||||
virtualization.docker.enable = true;
|
||||
services =
|
||||
{
|
||||
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
|
||||
fontconfig.enable = true;
|
||||
sshd.enable = true;
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
serverAddress = "74.211.99.69";
|
||||
serverName = "vps6.xserver.chn.moe";
|
||||
dns.extraInterfaces = [ "docker0" ];
|
||||
};
|
||||
firewall.trustedInterfaces = [ "virbr0" ];
|
||||
smartd.enable = true;
|
||||
};
|
||||
};})
|
||||
];
|
||||
}));
|
||||
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
|
||||
# nix-serve -p 5000
|
||||
# nix copy --substitute-on-destination --to ssh://server /run/current-system
|
||||
# nix copy --to ssh://nixos@192.168.122.56 ./result
|
||||
# sudo nixos-install --flake .#bootstrap
|
||||
# --option substituters http://192.168.122.1:5000 --option require-sigs false
|
||||
# sudo chattr -i var/empty
|
||||
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
# sudo nixos-rebuild switch --flake .#vps6 --log-format internal-json -v |& nom --json
|
||||
# boot.shell_on_fail systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
|
||||
# sudo usbipd
|
||||
# ssh -R 3240:127.0.0.1:3240 root@192.168.122.57
|
||||
# modprobe vhci-hcd
|
||||
# sudo usbip bind -b 3-6
|
||||
# usbip attach -r 127.0.0.1 -b 3-6
|
||||
# systemd-cryptenroll --fido2-device=auto /dev/vda2
|
||||
# systemd-cryptsetup attach root /dev/vda2
|
||||
deploy =
|
||||
{
|
||||
sshUser = "root";
|
||||
user = "root";
|
||||
fastConnection = true;
|
||||
autoRollback = false;
|
||||
magicRollback = false;
|
||||
nodes = builtins.listToAttrs (builtins.map
|
||||
(node:
|
||||
{
|
||||
name = node;
|
||||
value =
|
||||
{
|
||||
hostname = node;
|
||||
profiles.system.path = inputs.self.nixosConfigurations.${node}.pkgs.deploy-rs.lib.activate.nixos
|
||||
inputs.self.nixosConfigurations.${node};
|
||||
};
|
||||
})
|
||||
[ "vps6" "vps4" "vps7" ]);
|
||||
};
|
||||
};
|
||||
devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
|
||||
src = import ./flake/src.nix { inherit inputs; };
|
||||
apps.x86_64-linux.dns-push = { type = "app"; program = "${inputs.self.packages.x86_64-linux.dns-push}"; };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
"production"
|
||||
@@ -1,58 +0,0 @@
|
||||
{ inputs }: let inherit (inputs.self.nixosConfigurations.pc) pkgs; in
|
||||
{
|
||||
biu = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.biu ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
hpcstat = pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
|
||||
{
|
||||
inputsFrom = [ (pkgs.localPackages.hpcstat.override { version = null; }) ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
sbatch-tui = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.sbatch-tui ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
ufo = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.ufo ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
chn-bsub = pkgs.mkShell
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.chn-bsub ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
};
|
||||
info = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.info ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
vm = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.vm ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
xinli = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
|
||||
{
|
||||
inputsFrom = [ pkgs.localPackages.xinli ];
|
||||
packages = [ pkgs.clang-tools_18 ];
|
||||
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
|
||||
hardeningDisable = [ "all" ];
|
||||
};
|
||||
}
|
||||
@@ -1,14 +0,0 @@
|
||||
providers:
|
||||
config:
|
||||
class: octodns.provider.yaml.YamlProvider
|
||||
directory: env/OCTODNS_CONFIG
|
||||
cloudflare:
|
||||
class: octodns_cloudflare.CloudflareProvider
|
||||
token: env/CLOUDFLARE_TOKEN
|
||||
pagerules: false
|
||||
zones:
|
||||
'*':
|
||||
sources:
|
||||
- config
|
||||
targets:
|
||||
- cloudflare
|
||||
@@ -1,86 +0,0 @@
|
||||
localLib:
|
||||
let
|
||||
cname =
|
||||
{
|
||||
nas = [ "initrd.nas" ];
|
||||
office = [ "srv2-node0" "xserverxmu" ];
|
||||
vps4 =
|
||||
[
|
||||
"initrd.vps4" "xserver2.vps4"
|
||||
# to nas
|
||||
"git" "grafana" "matrix" "peertube" "send" "vikunja" "铜锣湾" "xservernas" "chat" "freshrss" "huginn" "nextcloud"
|
||||
"photoprism" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
|
||||
];
|
||||
vps6 =
|
||||
[
|
||||
"blog" "catalog" "coturn" "element" "initrd.vps6" "sticker" "synapse-admin" "tgapi" "ua" "xserver2"
|
||||
"xserver2.vps6"
|
||||
# to pc
|
||||
"铜锣湾实验室"
|
||||
];
|
||||
"xlog.autoroute" = [ "xlog" ];
|
||||
"wg0.srv1-node0" = [ "wg0.srv1" ];
|
||||
"wg0.srv2-node0" = [ "wg0.srv2" ];
|
||||
srv1-node0 = [ "srv1" ];
|
||||
srv2-node0 = [ "srv2" ];
|
||||
"wg1.pc" = [ "nix-store" ];
|
||||
"wg1.nas" = [ "nix-store.nas" ];
|
||||
"wg0.nas" = [ "ssh.git" ];
|
||||
};
|
||||
a =
|
||||
{
|
||||
nas = "192.168.1.2";
|
||||
pc = "192.168.1.3";
|
||||
office = "210.34.16.21";
|
||||
srv1-node0 = "59.77.36.250";
|
||||
vps4 = "104.234.37.61";
|
||||
vps6 = "144.34.225.59";
|
||||
search = "127.0.0.1";
|
||||
srv1-node1 = "192.168.178.2";
|
||||
srv1-node2 = "192.168.178.3";
|
||||
srv2-node1 = "192.168.178.2";
|
||||
"409test" = "192.168.1.5";
|
||||
};
|
||||
wireguard = import ./wireguard.nix;
|
||||
in
|
||||
{
|
||||
"" =
|
||||
[
|
||||
{ type = "ALIAS"; value = "vps6.chn.moe."; }
|
||||
{
|
||||
type = "MX";
|
||||
values =
|
||||
[
|
||||
{ exchange = "tuesday.mxrouting.net."; preference = 10; }
|
||||
{ exchange = "tuesday-relay.mxrouting.net."; preference = 20; }
|
||||
];
|
||||
}
|
||||
{ type = "TXT"; value = "v=spf1 include:mxlogin.com -all"; }
|
||||
];
|
||||
"_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
|
||||
autoroute = { type = "NS"; values = "vps6.chn.moe."; };
|
||||
"mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
|
||||
"webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
|
||||
"x._domainkey" =
|
||||
{
|
||||
type = "TXT";
|
||||
value = ''v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CjW96ffx1tVrJkt630lSRrdEF495OAkFbUxwgZm+EjMhdQtG3erl+AzcyjK3gJpg2ylqOYxCFElerqiN9IiggYy4z6tJwVqoh7bucMbO5J4EJQvFdbyRveq7LVm+n5Qgr/CRi6105zfpzX0NbQZoLINSJMCGOmWcYPZZYv7T260ghVFkn4qVpAkFqvvc+RBtY9P96nPZ+omYvpKDV+JReNanxBZRoxuKQDpYPZhV7E6mLulzHzFyuwDLg7THBCcmEr3DlAAeZcLdm6cTdwYTG2cMv2CUiocSdxmrZeBaWa1Xef+70ddrr823o105l6PP437L4337JIMH19g9iTT+QIDAQAB'';
|
||||
};
|
||||
}
|
||||
// builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(cname: builtins.map
|
||||
(name: { inherit name; value = { type = "CNAME"; value = "${cname.name}.chn.moe."; }; })
|
||||
cname.value)
|
||||
(localLib.attrsToList cname)))
|
||||
// builtins.listToAttrs (builtins.map
|
||||
(a: {inherit (a) name; value = { inherit (a) value; type = "A"; }; })
|
||||
(localLib.attrsToList a))
|
||||
// builtins.listToAttrs (builtins.concatLists (builtins.map
|
||||
(net: builtins.map
|
||||
(peer:
|
||||
{
|
||||
name = "${net.name}.${peer.name}";
|
||||
value = { type = "A"; value = "192.168.${builtins.toString net.value}.${builtins.toString peer.value}"; };
|
||||
})
|
||||
(localLib.attrsToList wireguard.peer))
|
||||
(localLib.attrsToList wireguard.net)))
|
||||
@@ -1 +0,0 @@
|
||||
_: { entry = { type = "CNAME"; value = "vps6.chn.moe."; }; }
|
||||
@@ -1 +0,0 @@
|
||||
_: { "" = { type = "ALIAS"; value = "vps6.chn.moe."; }; }
|
||||
@@ -1,15 +0,0 @@
|
||||
{
|
||||
net = { wg0 = 83; wg1 = 84; };
|
||||
peer =
|
||||
{
|
||||
vps4 = 2;
|
||||
vps6 = 1;
|
||||
pc = 3;
|
||||
nas = 4;
|
||||
srv1-node0 = 9;
|
||||
srv1-node1 = 6;
|
||||
srv1-node2 = 8;
|
||||
srv2-node0 = 7;
|
||||
srv2-node1 = 10;
|
||||
};
|
||||
}
|
||||
@@ -1,37 +0,0 @@
|
||||
{ writeShellScript, writeTextDir, symlinkJoin, octodns, tokenPath, localLib, lib }:
|
||||
let
|
||||
addTtl = config:
|
||||
let addTtl' = attrs: attrs // { octodns.cloudflare.auto-ttl = true; };
|
||||
in builtins.mapAttrs (n: v: if builtins.isList v then builtins.map addTtl' v else addTtl' v) config;
|
||||
config = builtins.listToAttrs (builtins.map
|
||||
(domain: { name = domain; value = import ./config/${domain}.nix localLib; })
|
||||
[ "chn.moe" "nekomia.moe" "mirism.one" ]);
|
||||
configDir = symlinkJoin
|
||||
{
|
||||
name = "config";
|
||||
paths = builtins.map
|
||||
(domain: writeTextDir "${domain.name}.yaml" (builtins.toJSON (addTtl domain.value)))
|
||||
(localLib.attrsToList config);
|
||||
};
|
||||
meta.config = config //
|
||||
{
|
||||
wireguard = import ./config/wireguard.nix;
|
||||
"chn.moe" = config."chn.moe"
|
||||
// {
|
||||
# 查询域名对应的 ip
|
||||
getAddress = deviceName:
|
||||
let
|
||||
dns = meta.config."chn.moe";
|
||||
f = domain:
|
||||
if dns.${domain}.type == "A" then dns.${domain}.value
|
||||
else if dns.${domain}.type == "CNAME" then f (lib.removeSuffix ".chn.moe." dns.${domain}.value)
|
||||
else throw "Not found ${domain}";
|
||||
in f deviceName;
|
||||
};
|
||||
};
|
||||
in lib.addMetaAttrs meta (writeShellScript "dns-push"
|
||||
''
|
||||
export OCTODNS_CONFIG=${configDir}
|
||||
export CLOUDFLARE_TOKEN=$(cat ${tokenPath})
|
||||
${octodns}/bin/octodns-sync --config-file ${./config.yaml} --doit --force
|
||||
'')
|
||||
@@ -1,13 +0,0 @@
|
||||
diff --git a/boost/process/v2/stdio.hpp b/boost/process/v2/stdio.hpp
|
||||
index 01d0216..4084e46 100644
|
||||
--- a/boost/process/v2/stdio.hpp
|
||||
+++ b/boost/process/v2/stdio.hpp
|
||||
@@ -184,7 +184,7 @@ struct process_io_binding
|
||||
process_io_binding & operator=(const process_io_binding &) = delete;
|
||||
|
||||
process_io_binding(process_io_binding && other) noexcept
|
||||
- : fd(other.fd), fd_needs_closing(other.fd), ec(other.ec)
|
||||
+ : fd(other.fd), fd_needs_closing(other.fd_needs_closing), ec(other.ec)
|
||||
{
|
||||
other.fd = target;
|
||||
other.fd_needs_closing = false;
|
||||
@@ -1,177 +0,0 @@
|
||||
# inputs = { lib, topInputs, ...}; nixpkgs = { march, cuda, nixRoot, nixos, arch, rocm };
|
||||
{ inputs, nixpkgs }:
|
||||
let
|
||||
platformConfig =
|
||||
if nixpkgs.march == null then { system = "${nixpkgs.arch or "x86_64"}-linux"; }
|
||||
else
|
||||
{
|
||||
${if nixpkgs.nixos then "hostPlatform" else "localSystem"} =
|
||||
{ system = "${nixpkgs.arch or "x86_64"}-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
|
||||
};
|
||||
cudaConfig = inputs.lib.optionalAttrs (nixpkgs.cuda or null != null)
|
||||
(
|
||||
{ cudaSupport = true; }
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.cuda.capabilities != null)
|
||||
{ cudaCapabilities = nixpkgs.cuda.capabilities; })
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
|
||||
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
|
||||
);
|
||||
rocmConfig = inputs.lib.optionalAttrs (nixpkgs.rocm or false) { rocmSupport = true; };
|
||||
allowInsecurePredicate = p: inputs.lib.warn "Allowing insecure package ${p.name or "${p.pname}-${p.version}"}" true;
|
||||
config = cudaConfig // rocmConfig
|
||||
// {
|
||||
inherit allowInsecurePredicate;
|
||||
allowUnfree = true;
|
||||
android_sdk.accept_license = true;
|
||||
allowBroken = true;
|
||||
}
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
oneapiArch = let match.znver5 = "znver4"; in match.${nixpkgs.march} or nixpkgs.march;
|
||||
nvhpcArch = nixpkgs.march;
|
||||
# contentAddressedByDefault = true;
|
||||
})
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.nixRoot or null != null)
|
||||
{ nix = { storeDir = "${nixpkgs.nixRoot}/store"; stateDir = "${nixpkgs.nixRoot}/state"; }; });
|
||||
in platformConfig //
|
||||
{
|
||||
inherit config;
|
||||
overlays =
|
||||
[
|
||||
inputs.topInputs.aagl.overlays.default
|
||||
inputs.topInputs.nur-xddxdd.overlays.inSubTree
|
||||
inputs.topInputs.buildproxy.overlays.default
|
||||
inputs.topInputs.nix4vscode.overlays.default
|
||||
inputs.topInputs.bscpkgs.overlays.default
|
||||
(final: prev:
|
||||
{
|
||||
nur-linyinfeng = (inputs.topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
|
||||
firefox-addons = (import "${inputs.topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
|
||||
})
|
||||
inputs.topInputs.self.overlays.default
|
||||
(final: prev:
|
||||
let
|
||||
inherit (final) system;
|
||||
genericPackages = import inputs.topInputs.nixpkgs
|
||||
{ inherit system; config = { allowUnfree = true; inherit allowInsecurePredicate; }; };
|
||||
in
|
||||
{
|
||||
inherit genericPackages;
|
||||
telegram-desktop = prev.telegram-desktop.override
|
||||
{
|
||||
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs
|
||||
(prev: { patches = prev.patches or [] ++ [ ./telegram.patch ]; });
|
||||
};
|
||||
libvirt = (prev.libvirt.override { iptables = final.nftables; }).overrideAttrs
|
||||
(prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
|
||||
root = prev.root.overrideAttrs (prev: { cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ]; });
|
||||
boost188 = prev.boost188.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./boost188.patch ]; });
|
||||
chromium = prev.chromium.override (prev:
|
||||
{ commandLineArgs = prev.commandLineArgs or "" + " --disable-features=GlobalShortcutsPortal"; });
|
||||
google-chrome = prev.google-chrome.override (prev:
|
||||
{ commandLineArgs = prev.commandLineArgs or "" + " --disable-features=GlobalShortcutsPortal"; });
|
||||
}
|
||||
// (
|
||||
let
|
||||
marchFilter = version:
|
||||
# old version of nixpkgs does not recognize znver5, use znver4 instead
|
||||
inputs.lib.optionalAttrs (inputs.lib.versionOlder version "25.05") { znver5 = "znver4"; };
|
||||
source =
|
||||
{
|
||||
pkgs-2305 = "nixpkgs-2305";
|
||||
pkgs-2311 = "nixpkgs-2311";
|
||||
pkgs-2411 =
|
||||
{
|
||||
source = "nixpkgs-2411";
|
||||
overlays =
|
||||
[
|
||||
(final: prev: inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
{
|
||||
sphinx = prev.sphinx.overridePythonAttrs (prev:
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_xml_warnings" ]; });
|
||||
})];
|
||||
})
|
||||
];
|
||||
};
|
||||
# pkgs-unstable =
|
||||
# {
|
||||
# source = "nixpkgs-unstable";
|
||||
# overlays =
|
||||
# [
|
||||
# inputs.topInputs.self.overlays.default
|
||||
# (_: _:
|
||||
# {
|
||||
# genericPackages = import inputs.topInputs.nixpkgs-unstable
|
||||
# { inherit system; config = { allowUnfree = true; inherit allowInsecurePredicate; }; };
|
||||
# })
|
||||
# ];
|
||||
# };
|
||||
};
|
||||
packages = name:
|
||||
let flakeSource = inputs.topInputs.${source.${name}.source or source.${name}};
|
||||
in import flakeSource
|
||||
{
|
||||
localSystem =
|
||||
if nixpkgs.march == null then { system = "${nixpkgs.arch or "x86_64"}-linux"; }
|
||||
else
|
||||
let march = (marchFilter flakeSource.lib.version).${nixpkgs.march} or nixpkgs.march;
|
||||
in { system = "${nixpkgs.arch or "x86_64"}-linux"; gcc = { arch = march; tune = march; }; };
|
||||
inherit config;
|
||||
overlays = source.${name}.overlays or [(_: _: {})];
|
||||
};
|
||||
in builtins.listToAttrs (builtins.map
|
||||
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
|
||||
)
|
||||
// (inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx512Support)
|
||||
{ gsl = prev.gsl.overrideAttrs { doCheck = false; }; })
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx512Support)
|
||||
# { libhwy = prev.libhwy.override { stdenv = final.genericPackages.stdenv; }; })
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
assimp = prev.assimp.override { stdenv = final.genericPackages.stdenv; };
|
||||
redis = prev.redis.overrideAttrs (prev: { doCheck = false; });
|
||||
wannier90 = prev.wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; };
|
||||
xen = prev.xen.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./xen.patch ]; });
|
||||
# libinsane = prev.libinsane.overrideAttrs (prev:
|
||||
# { nativeCheckInputs = builtins.filter (p: p.pname != "valgrind") prev.nativeCheckInputs; });
|
||||
lib2geom = prev.lib2geom.overrideAttrs (prev: { doCheck = false; });
|
||||
libreoffice-qt6-fresh = prev.libreoffice-qt6-fresh.override (prev:
|
||||
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
|
||||
''
|
||||
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
|
||||
'';});});
|
||||
opencolorio = prev.opencolorio.overrideAttrs (prev: { doCheck = false; });
|
||||
# openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
|
||||
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
|
||||
# valkey = prev.valkey.overrideAttrs { doCheck = false; };
|
||||
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
|
||||
simde = prev.simde.override { stdenv = final.genericPackages.stdenv; };
|
||||
# ctranslate2 = prev.ctranslate2.overrideAttrs (prev:
|
||||
# { cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
(
|
||||
{ picosvg = prev.picosvg.overridePythonAttrs { doCheck = false; }; }
|
||||
# {
|
||||
# scipy = prev.scipy.overridePythonAttrs (prev:
|
||||
# { disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
|
||||
# rich = prev.rich.overridePythonAttrs (prev:
|
||||
# { disabledTests = prev.disabledTests or [] ++ [ "test_brokenpipeerror" ]; });
|
||||
# }
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx2Support)
|
||||
# {
|
||||
# numcodecs = prev.numcodecs.overridePythonAttrs (prev:
|
||||
# {
|
||||
# disabledTests = prev.disabledTests or []
|
||||
# ++ [ "test_encode_decode" "test_partial_decode" "test_blosc" ];
|
||||
# });
|
||||
# })
|
||||
))];
|
||||
# inherit (final.pkgs-2411) intelPackages_2023;
|
||||
})
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
|
||||
# { c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.arch or null == "aarch64") { nix = final.nixVersions.nix_2_29; })
|
||||
)];
|
||||
}
|
||||
@@ -1,634 +0,0 @@
|
||||
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
|
||||
index e8da15426e..7b5080ae5f 100644
|
||||
--- a/src/network/network_iptables.c
|
||||
+++ b/src/network/network_iptables.c
|
||||
@@ -744,13 +744,6 @@ iptablesForwardRejectIn(virFirewall *fw,
|
||||
const char *iface,
|
||||
iptablesAction action)
|
||||
{
|
||||
- virFirewallAddCmd(fw, layer,
|
||||
- "--table", "filter",
|
||||
- iptablesActionTypeToString(action),
|
||||
- VIR_IPTABLES_FWD_IN_CHAIN,
|
||||
- "--out-interface", iface,
|
||||
- "--jump", "REJECT",
|
||||
- NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
|
||||
index f8b5ab665d..54ed0c6f29 100644
|
||||
--- a/src/network/network_nftables.c
|
||||
+++ b/src/network/network_nftables.c
|
||||
@@ -504,13 +504,6 @@ nftablesAddForwardRejectIn(virFirewall *fw,
|
||||
virFirewallLayer layer,
|
||||
const char *iface)
|
||||
{
|
||||
- virFirewallAddCmd(fw, layer, "insert", "rule",
|
||||
- nftablesLayerTypeToString(layer),
|
||||
- VIR_NFTABLES_PRIVATE_TABLE,
|
||||
- VIR_NFTABLES_FWD_IN_CHAIN,
|
||||
- "oif", iface,
|
||||
- "counter", "reject",
|
||||
- NULL);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.iptables b/tests/networkxml2firewalldata/forward-dev-linux.iptables
|
||||
index bc483c4512..98be4b76ad 100644
|
||||
--- a/tests/networkxml2firewalldata/forward-dev-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/forward-dev-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.nftables b/tests/networkxml2firewalldata/forward-dev-linux.nftables
|
||||
index 8badb74beb..78c0110a32 100644
|
||||
--- a/tests/networkxml2firewalldata/forward-dev-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/forward-dev-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/isolated-linux.iptables b/tests/networkxml2firewalldata/isolated-linux.iptables
|
||||
index 135189ce41..d2d29933aa 100644
|
||||
--- a/tests/networkxml2firewalldata/isolated-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/isolated-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/isolated-linux.nftables b/tests/networkxml2firewalldata/isolated-linux.nftables
|
||||
index d1b4dac178..3d72c1fb09 100644
|
||||
--- a/tests/networkxml2firewalldata/isolated-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/isolated-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-default-linux.iptables b/tests/networkxml2firewalldata/nat-default-linux.iptables
|
||||
index 3cfa61333c..5f401194ed 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-default-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-default-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
|
||||
index 28508292f9..ef7b2b1bc8 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
|
||||
index ce295cbc6d..127ed35826 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
|
||||
index d8a9ba706d..20e51e203c 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
|
||||
index d78537dc5c..a87fe47480 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
|
||||
index a7f09cda59..816a4a8cac 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
|
||||
index ba7f234b82..9244705322 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
|
||||
index b826fe6134..904f515f3d 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
|
||||
index 1e5aa05231..b4f86a256f 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
|
||||
index d8a9ba706d..20e51e203c 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
|
||||
index c2e845cc4f..139110d068 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
|
||||
index ceaed6fa40..6db8eddf6c 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
|
||||
index 8e5c2c8193..0e7686359d 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
@@ -90,12 +84,6 @@ ip6tables \
|
||||
ip6tables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-ip6tables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
|
||||
index 1dc37a26ec..1d65869876 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-port-range-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -45,16 +35,6 @@ nft \
|
||||
rule \
|
||||
ip6 \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip6 \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.iptables b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
|
||||
index 565fff737c..3f2d1ccf5a 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-tftp-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
|
||||
@@ -87,12 +87,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
|
||||
index 28508292f9..ef7b2b1bc8 100644
|
||||
--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/route-default-linux.iptables b/tests/networkxml2firewalldata/route-default-linux.iptables
|
||||
index a7b969c077..866d65014e 100644
|
||||
--- a/tests/networkxml2firewalldata/route-default-linux.iptables
|
||||
+++ b/tests/networkxml2firewalldata/route-default-linux.iptables
|
||||
@@ -71,12 +71,6 @@ iptables \
|
||||
iptables \
|
||||
-w \
|
||||
--table filter \
|
||||
---insert LIBVIRT_FWI \
|
||||
---out-interface virbr0 \
|
||||
---jump REJECT
|
||||
-iptables \
|
||||
--w \
|
||||
---table filter \
|
||||
--insert LIBVIRT_FWX \
|
||||
--in-interface virbr0 \
|
||||
--out-interface virbr0 \
|
||||
diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
|
||||
index 282c9542a5..fc742c9fea 100644
|
||||
--- a/tests/networkxml2firewalldata/route-default-linux.nftables
|
||||
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
|
||||
@@ -13,16 +13,6 @@ nft \
|
||||
rule \
|
||||
ip \
|
||||
libvirt_network \
|
||||
-guest_input \
|
||||
-oif \
|
||||
-virbr0 \
|
||||
-counter \
|
||||
-reject
|
||||
-nft \
|
||||
--ae insert \
|
||||
-rule \
|
||||
-ip \
|
||||
-libvirt_network \
|
||||
guest_cross \
|
||||
iif \
|
||||
virbr0 \
|
||||
@@ -1,12 +0,0 @@
|
||||
diff --git a/Telegram/SourceFiles/data/components/sponsored_messages.cpp b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
|
||||
index d2746ad9..f46b51fb 100644
|
||||
--- a/Telegram/SourceFiles/data/components/sponsored_messages.cpp
|
||||
+++ b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
|
||||
@@ -195,6 +195,7 @@ void SponsoredMessages::inject(
|
||||
}
|
||||
|
||||
bool SponsoredMessages::canHaveFor(not_null<History*> history) const {
|
||||
+ return false;
|
||||
if (history->peer->isChannel()) {
|
||||
return true;
|
||||
} else if (const auto user = history->peer->asUser()) {
|
||||
@@ -1,15 +0,0 @@
|
||||
diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile
|
||||
index d45787665907..80c32163fbbd 100644
|
||||
--- a/xen/arch/x86/boot/Makefile
|
||||
+++ b/xen/arch/x86/boot/Makefile
|
||||
@@ -40,8 +40,8 @@ LD32 := $(LD) $(subst x86_64,i386,$(LDFLAGS_DIRECT))
|
||||
# are affected by both text_diff and text_gap. Ensure the sum of gap and diff
|
||||
# is greater than 2^16 so that any 16bit relocations if present in the object
|
||||
# file turns into a build-time error.
|
||||
-text_gap := 0x010200
|
||||
-text_diff := 0x408020
|
||||
+text_gap := 0x010240
|
||||
+text_diff := 0x608040
|
||||
|
||||
$(obj)/build32.base.lds: AFLAGS-y += -DGAP=$(text_gap) -DTEXT_DIFF=$(text_diff)
|
||||
$(obj)/build32.offset.lds: AFLAGS-y += -DGAP=$(text_gap) -DTEXT_DIFF=$(text_diff) -DAPPLY_OFFSET
|
||||
@@ -1,91 +0,0 @@
|
||||
lib: rec
|
||||
{
|
||||
inherit (lib) attrsToList;
|
||||
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
|
||||
mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
|
||||
|
||||
# Behaviors of these two NixOS modules would be different:
|
||||
# { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
|
||||
# inputs: { environment.systemPackages = [ pkgs.hello ]; }
|
||||
# The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
|
||||
# So that we wrote a wrapper to make it always works like the first one.
|
||||
mkModules = moduleList:
|
||||
(builtins.map
|
||||
(
|
||||
let handle = module: let type = builtins.typeOf module; in
|
||||
if type == "path" || type == "string" then (handle (import module))
|
||||
else if type == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
|
||||
else module;
|
||||
in handle
|
||||
)
|
||||
moduleList);
|
||||
|
||||
# from: https://github.com/NixOS/nix/issues/3759
|
||||
stripeTabs = text:
|
||||
let
|
||||
# Whether all lines start with a tab (or is empty)
|
||||
shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines;
|
||||
# Strip a leading tab from all lines
|
||||
stripTab = lines: builtins.map (line: lib.strings.removePrefix " " line) lines;
|
||||
# Strip tabs recursively until there are none
|
||||
stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines;
|
||||
in
|
||||
# Split into lines. Strip leading tabs. Concat back to string.
|
||||
builtins.concatStringsSep "\n" (stripTabs (lib.strings.splitString "\n" text));
|
||||
|
||||
# find an element in a list, return the index
|
||||
findIndex = e: list:
|
||||
let findIndex_ = i: list: if (builtins.elemAt list i) == e then i else findIndex_ (i + 1) list;
|
||||
in findIndex_ 0 list;
|
||||
|
||||
# return a list of path, including:
|
||||
# - all .nix file in the directory except for default.nix
|
||||
# - all directories containing a default.nix
|
||||
findModules = path:
|
||||
mkModules (builtins.filter (path: path != null) (builtins.map
|
||||
(subPath:
|
||||
if subPath.value == "regular" && subPath.name != "default.nix"
|
||||
then if lib.strings.hasSuffix ".nix" subPath.name
|
||||
then "${path}/${subPath.name}"
|
||||
else null
|
||||
else if subPath.value == "directory"
|
||||
then if (builtins.readDir "${path}/${subPath.name}")."default.nix" or null == "regular"
|
||||
then "${path}/${subPath.name}"
|
||||
else null
|
||||
else null)
|
||||
(attrsToList (builtins.readDir path))));
|
||||
|
||||
# replace the value in a nested attrset. example:
|
||||
# deepReplace
|
||||
# [ { path = [ "a" "b" 1 ]; value = "new value"; } ]
|
||||
# { a = { b = [ "old value" "old value" ]; }; }
|
||||
# => { a = { b = [ "old value" "new value" ]; }; }
|
||||
deepReplace = pattern: origin:
|
||||
let replace = { path, value, content }:
|
||||
if path == [] then
|
||||
if (builtins.typeOf value) == "lambda" then value content
|
||||
else value
|
||||
else let currentPath = builtins.head path; nextPath = builtins.tail path; in
|
||||
if (builtins.typeOf currentPath) == "string" then
|
||||
if (builtins.typeOf content) != "set" then builtins.throw "content should be a set"
|
||||
else builtins.mapAttrs
|
||||
(n: v: if n == currentPath then replace { path = nextPath; inherit value; content = v; } else v) content
|
||||
else if (builtins.typeOf currentPath) == "int" then
|
||||
if (builtins.typeOf content) != "list" then builtins.throw "content should be a list"
|
||||
else lib.imap0
|
||||
(i: v: if i == currentPath then replace { path = nextPath; inherit value; content = v; } else v) content
|
||||
else if (builtins.typeOf currentPath) != "lambda" then throw "path should be a lambda"
|
||||
else
|
||||
if (builtins.typeOf content) == "list" then builtins.map
|
||||
(v: if currentPath v then replace { path = nextPath; inherit value; content = v; } else v) content
|
||||
else if (builtins.typeOf content) == "set" then builtins.listToAttrs (builtins.map
|
||||
(v: if currentPath v then replace { path = nextPath; inherit value; content = v; } else v)
|
||||
(attrsToList content))
|
||||
else throw "content should be a list or a set.";
|
||||
in
|
||||
if (builtins.typeOf pattern) != "list" then throw "pattern should be a list"
|
||||
else if pattern == [] then origin
|
||||
else deepReplace (builtins.tail pattern) (replace ((builtins.head pattern) // { content = origin; }));
|
||||
|
||||
buildNixpkgsConfig = import ./buildNixpkgsConfig;
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
{ inputs, localLib }:
|
||||
let
|
||||
singles = [ "nas" "pc" "vps4" "vps6" "r2s" ];
|
||||
cluster = { srv1 = 3; srv2 = 2; };
|
||||
deviceModules = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(n: { name = n; value = [ { config.nixos.model.hostname = n; } ../modules ../devices/${n} ../devices/cross ]; })
|
||||
singles)
|
||||
++ (builtins.concatLists (builtins.map
|
||||
(cluster: builtins.map
|
||||
(node:
|
||||
{
|
||||
name = "${cluster.name}-${node}";
|
||||
value =
|
||||
[
|
||||
{ config.nixos.model.cluster = { clusterName = cluster.name; nodeName = node; }; }
|
||||
../modules
|
||||
../devices/${cluster.name}
|
||||
../devices/${cluster.name}/${node}
|
||||
../devices/cross
|
||||
];
|
||||
})
|
||||
(builtins.genList (n: "node${builtins.toString n}") cluster.value))
|
||||
(localLib.attrsToList cluster)))
|
||||
);
|
||||
in builtins.mapAttrs
|
||||
(n: v: inputs.nixpkgs.lib.nixosSystem
|
||||
{
|
||||
system = null;
|
||||
specialArgs = { topInputs = inputs; inherit localLib; };
|
||||
modules = localLib.mkModules v;
|
||||
})
|
||||
deviceModules
|
||||
@@ -1,52 +0,0 @@
|
||||
{ inputs, localLib }: rec
|
||||
{
|
||||
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
|
||||
{
|
||||
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
|
||||
nixpkgs = { march = null; nixos = false; };
|
||||
});
|
||||
hpcstat =
|
||||
let
|
||||
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
|
||||
(prev: { doCheck = false; patches = prev.patches ++ [ ../packages/hpcstat/openssh.patch ];});
|
||||
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
|
||||
glaze = pkgs.pkgs-2411.pkgsStatic.glaze.overrideAttrs
|
||||
(prev: { cmakeFlags = prev.cmakeFlags ++ [ "-Dglaze_ENABLE_FUZZING=OFF" ]; });
|
||||
# pkgsStatic.clangStdenv have a bug
|
||||
# https://github.com/NixOS/nixpkgs/issues/177129
|
||||
biu = pkgs.pkgsStatic.localPackages.biu.override { stdenv = pkgs.pkgsStatic.gcc14Stdenv; inherit glaze; };
|
||||
in pkgs.pkgsStatic.localPackages.hpcstat.override
|
||||
{
|
||||
inherit openssh duc biu;
|
||||
standalone = true;
|
||||
version = inputs.self.rev or "dirty";
|
||||
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
|
||||
};
|
||||
inherit (pkgs.localPackages.pkgsStatic) chn-bsub;
|
||||
vaspberry = pkgs.pkgsStatic.localPackages.vaspberry.override
|
||||
{
|
||||
gfortran = pkgs.pkgsStatic.gfortran;
|
||||
lapack = pkgs.pkgsStatic.openblas;
|
||||
};
|
||||
jykang = import ../devices/jykang.xmuhpc { inherit inputs localLib; };
|
||||
xmuhk = import ../devices/xmuhk { inherit inputs localLib; };
|
||||
src =
|
||||
let getDrv = x:
|
||||
if pkgs.lib.isDerivation x then [ x ]
|
||||
else if builtins.isAttrs x then builtins.concatMap getDrv (builtins.attrValues x)
|
||||
else if builtins.isList x then builtins.concatMap getDrv x
|
||||
else [];
|
||||
in pkgs.writeText "src" (builtins.concatStringsSep "\n" (getDrv inputs.self.outputs.src));
|
||||
dns-push = pkgs.callPackage ./dns
|
||||
{
|
||||
inherit localLib;
|
||||
tokenPath = inputs.self.nixosConfigurations.pc.config.nixos.system.sops.secrets."acme/token".path;
|
||||
octodns = pkgs.octodns.withProviders (_: with pkgs.octodns-providers; [ cloudflare ]);
|
||||
};
|
||||
archive = pkgs.writeText "archive" (builtins.concatStringsSep "\n" (builtins.concatLists
|
||||
[
|
||||
(inputs.nixpkgs.lib.mapAttrsToList (_: v: v.config.system.build.toplevel) inputs.self.outputs.nixosConfigurations)
|
||||
[ src ]
|
||||
]));
|
||||
}
|
||||
// (builtins.mapAttrs (_: v: v.config.system.build.toplevel) inputs.self.outputs.nixosConfigurations)
|
||||
219
flake/src.nix
219
flake/src.nix
@@ -1,219 +0,0 @@
|
||||
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
|
||||
{
|
||||
nvhpc =
|
||||
{
|
||||
src = pkgs.fetchurl
|
||||
{
|
||||
url = "https://developer.download.nvidia.com/hpc-sdk/25.3/nvhpc_2025_253_Linux_x86_64_cuda_12.8.tar.gz";
|
||||
sha256 = "11gxb099yxrsxg9i6vydi7znxqiwqqkhgmg90s74qwpjyriqpbsp";
|
||||
};
|
||||
mpi = pkgs.requireFile
|
||||
{
|
||||
name = "openmpi-gitclone.tar.gz";
|
||||
# download from https://content.mellanox.com/hpc/hpc-x/v2.23/hpcx-v2.23-gcc-doca_ofed-ubuntu24.04-cuda12-x86_64.tbz
|
||||
# nix-prefetch-url file://$(pwd)/openmpi-gitclone.tar.gz
|
||||
sha256 = "1lx5gld4ay9p327hdlqsi72911cfm6s5v3yabjlmwr7sb27y8151";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
version = "25.3";
|
||||
cudaVersion = "12.8";
|
||||
};
|
||||
iso =
|
||||
{
|
||||
nixos = pkgs.fetchurl
|
||||
{
|
||||
url = "https://releases.nixos.org/nixos/24.11/nixos-24.11.714826.04ef94c4c158/"
|
||||
+ "nixos-minimal-24.11.714826.04ef94c4c158-x86_64-linux.iso";
|
||||
sha256 = "12zkmlmvvp6g3syb347q4ffhdavfs3hz2qxvvlgrim6k0kzz436k";
|
||||
};
|
||||
netboot = pkgs.fetchurl
|
||||
{
|
||||
url = "https://boot.netboot.xyz/ipxe/netboot.xyz.iso";
|
||||
sha256 = "6GeOcugqElGPoPXeaWVpjcV5bCFxNLShGgN/sjsVzuI=";
|
||||
};
|
||||
};
|
||||
vasp =
|
||||
{
|
||||
vasp = pkgs.requireFile
|
||||
{
|
||||
name = "vasp.6.4.3.tgz";
|
||||
# nix-prefetch-url file://$(pwd)/vasp.6.4.3.tgz
|
||||
sha256 = "1x14dixils77rr4c6yqmxkvyzgfz6906badsw2shksd3y9ryfc7y";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
vtst =
|
||||
{
|
||||
patch = pkgs.fetchzip
|
||||
{
|
||||
url = "http://theory.cm.utexas.edu/code/vtstcode-204.tgz";
|
||||
sha256 = "00qpqiabl568fwqjnmwqwr0jwg7s56xd9lv9lw8q4qxqy19cpg62";
|
||||
};
|
||||
script = pkgs.fetchzip
|
||||
{
|
||||
url = "http://theory.cm.utexas.edu/code/vtstscripts.tgz";
|
||||
sha256 = "0wz9sw72w5gydvavm6sbcfssvvdiw8gh8hs0d0p0b23839dw4w6j";
|
||||
};
|
||||
};
|
||||
};
|
||||
huginn = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "ghcr.io/huginn/huginn";
|
||||
imageDigest = "sha256:68e2c7082cd51d417e5ce76fe123810e9d52f4ab2018569df5b74b913ed3bc64";
|
||||
sha256 = "0jpdysdphy1lyj6zwx2b1kbgs6bfnpkkx85mf1b9ybh3is6gaz6s";
|
||||
finalImageName = "ghcr.io/huginn/huginn";
|
||||
finalImageTag = "latest";
|
||||
};
|
||||
misskey = {};
|
||||
lumerical =
|
||||
{
|
||||
lumerical = pkgs.requireFile
|
||||
{
|
||||
name = "lumerical.zip";
|
||||
sha256 = "03nfacykfzal29jdmygrgkl0fqsc3yqp4ig86h1h9sirci87k94c";
|
||||
hashMode = "recursive";
|
||||
message = "Source not found.";
|
||||
};
|
||||
licenseManager =
|
||||
{
|
||||
crack = pkgs.requireFile
|
||||
{
|
||||
name = "crack";
|
||||
sha256 = "1a1k3nlaidi0kk2xxamb4pm46iiz6k3sxynhd65y8riylrkck3md";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
src = pkgs.requireFile
|
||||
{
|
||||
name = "src";
|
||||
sha256 = "1h93r0bb37279dzghi3k2axf0b8g0mgacw0lcww5j3sx0sqjbg4l";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
image = "6803f9562b941c23db81a2eae5914561f96fa748536199a010fe6f24922b2878";
|
||||
imageFile = pkgs.requireFile
|
||||
{
|
||||
name = "lumericalLicenseManager.tar";
|
||||
sha256 = "ftEZADv8Mgo5coNKs+gxPZPl/YTV3FMMgrF3wUIBEiQ=";
|
||||
message = "Source not found.";
|
||||
};
|
||||
license = pkgs.requireFile
|
||||
{
|
||||
name = "license";
|
||||
sha256 = "07rwin14py6pl1brka7krz7k2g9x41h7ks7dmp1lxdassan86484";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
sifImageFile = pkgs.requireFile
|
||||
{
|
||||
name = "lumericalLicenseManager.sif";
|
||||
sha256 = "i0HGLiRWoKuQYYx44GBkDBbyUvFLbfFShi/hx7KBSuU=";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
};
|
||||
};
|
||||
vesta = rec
|
||||
{
|
||||
version = "3.5.8";
|
||||
src = pkgs.fetchurl
|
||||
{
|
||||
url = "https://jp-minerals.org/vesta/archives/${version}/VESTA-gtk3.tar.bz2";
|
||||
sha256 = "1y4dhqhk0jy7kbkkx2c6lsrm5lirn796mq67r5j1s7xkq8jz1gkq";
|
||||
};
|
||||
desktopFile = pkgs.fetchurl
|
||||
{
|
||||
url = "https://aur.archlinux.org/cgit/aur.git/plain/VESTA.desktop?h=vesta&id=4fae08afc37ee0fd88d14328cf0d6b308fea04d1";
|
||||
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
|
||||
};
|
||||
};
|
||||
# nix-store --query --hash $(nix store add-path . --name 'mirism')
|
||||
mirism-old = pkgs.requireFile
|
||||
{
|
||||
name = "mirism";
|
||||
sha256 = "1zhhzwi325g21kqdip7zzw1i9b354h1wpzd4zhzb1ql9kjdh87q3";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
pslist =
|
||||
{
|
||||
version = "1.4.0";
|
||||
src = pkgs.fetchzip
|
||||
{
|
||||
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-6/pslist_1.4.0.orig.tar.xz";
|
||||
sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
|
||||
};
|
||||
};
|
||||
vaspkit = rec
|
||||
{
|
||||
version = "1.5.1";
|
||||
potcar = pkgs.requireFile
|
||||
{
|
||||
name = "POTCAR";
|
||||
sha256 = "01adpp9amf27dd39m8svip3n6ax822vsyhdi6jn5agj13lis0ln3";
|
||||
hashMode = "recursive";
|
||||
message = "POTCAR not found.";
|
||||
};
|
||||
vaspkit = pkgs.fetchurl
|
||||
{
|
||||
url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.${version}.linux.x64.tar.gz";
|
||||
sha256 = "1cbj1mv7vx18icwlk9d2vfavsfd653943xg2ywzd8b7pb43xrfs1";
|
||||
};
|
||||
};
|
||||
mathematica = pkgs.mathematica.src;
|
||||
oneapi =
|
||||
{
|
||||
src = pkgs.fetchurl
|
||||
{
|
||||
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/2cf9c083-82b5-4a8f-a515-c599b09dcefc/"
|
||||
+ "intel-oneapi-hpc-toolkit-2025.1.1.40_offline.sh";
|
||||
sha256 = "1qjy9dsnskwqsk66fm99b3cch1wp3rl9dx7y884p3x5kwiqdma2x";
|
||||
};
|
||||
version = "2025.1";
|
||||
fullVersion = "2025.1.1.40";
|
||||
components =
|
||||
[
|
||||
"intel.oneapi.lin.dpcpp-cpp-common,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.dpcpp-cpp-common.runtime,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.ifort-compiler,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.compilers-common.runtime,v=2025.1.1+10"
|
||||
"intel.oneapi.lin.mpi.runtime,v=2021.15.0+493"
|
||||
"intel.oneapi.lin.umf,v=0.10.0+355"
|
||||
"intel.oneapi.lin.tbb.runtime,v=2022.1.0+425"
|
||||
"intel.oneapi.lin.compilers-common,v=2025.1.1+10"
|
||||
];
|
||||
};
|
||||
rsshub = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "diygod/rsshub";
|
||||
imageDigest = "sha256:1f9d97263033752bf5e20c66a75e134e6045b6d69ae843c1f6610add696f8c22";
|
||||
hash = "sha256-zN47lhQc3EX28LmGF4N3rDUPqumwmhfGn1OpvBYd2Vw=";
|
||||
finalImageName = "rsshub";
|
||||
finalImageTag = "latest";
|
||||
};
|
||||
atat = pkgs.fetchurl
|
||||
{
|
||||
url = "https://axelvandewalle.github.io/www-avdw/atat/atat3_50.tar.gz";
|
||||
sha256 = "14sblzqsi5bxfhsjbq256bc2gfd7zrxyf5za0iaw77b592ppjg3m";
|
||||
};
|
||||
atomkit = pkgs.fetchurl
|
||||
{
|
||||
url = "mirror://sourceforge/atomkit/Binaries/atomkit.0.9.0.linux.x64.tar.gz";
|
||||
sha256 = "0y9z7wva7zikh83w9q431lgn3bqkh1v5w6iz90dwc75wqwk0w5jr";
|
||||
};
|
||||
guix = pkgs.fetchurl
|
||||
{
|
||||
url = "https://ci.guix.gnu.org/download/2857";
|
||||
name = "guix.iso";
|
||||
sha256 = "0xqabnay8wwqc1a96db8ix1a6bhvgm84s5is1q67rr432q7gqgd4";
|
||||
};
|
||||
peerBanHelper =
|
||||
{
|
||||
image = "ghostchu/peerbanhelper:v8.0.12";
|
||||
imageFile = pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "ghostchu/peerbanhelper";
|
||||
imageDigest = "sha256:fce7047795fe1e6d730ea2583b390ccc336e79eb2d8dae8114f4f63f00208879";
|
||||
hash = "sha256-7Z2ewDpGFXyvCze9HZ7KwFwn9o9R6Y4pjJDcr5Wmy1g=";
|
||||
finalImageName = "ghostchu/peerbanhelper";
|
||||
finalImageTag = "v8.0.12";
|
||||
};
|
||||
};
|
||||
}
|
||||
35
local/lib/default.nix
Normal file
35
local/lib/default.nix
Normal file
@@ -0,0 +1,35 @@
|
||||
lib:
|
||||
{
|
||||
attrsToList = Attrs: builtins.map ( name: { inherit name; value = Attrs.${name}; } ) ( builtins.attrNames Attrs );
|
||||
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
|
||||
mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
|
||||
|
||||
# Behaviors of these two NixOS modules would be different:
|
||||
# { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
|
||||
# inputs: { environment.systemPackages = [ pkgs.hello ]; }
|
||||
# The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
|
||||
# So that we wrote a wrapper to make it always works like the first one.
|
||||
mkModules = moduleList:
|
||||
(builtins.map
|
||||
(
|
||||
let handle = module:
|
||||
if ( builtins.typeOf module ) == "path" then (handle (import module))
|
||||
else if ( builtins.typeOf module ) == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
|
||||
else module;
|
||||
in handle
|
||||
)
|
||||
moduleList);
|
||||
|
||||
# from: https://github.com/NixOS/nix/issues/3759
|
||||
stripeTabs = text:
|
||||
let
|
||||
# Whether all lines start with a tab (or is empty)
|
||||
shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines;
|
||||
# Strip a leading tab from all lines
|
||||
stripTab = lines: builtins.map (line: lib.strings.removePrefix " " line) lines;
|
||||
# Strip tabs recursively until there are none
|
||||
stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines;
|
||||
in
|
||||
# Split into lines. Strip leading tabs. Concat back to string.
|
||||
builtins.concatStringsSep "\n" (stripTabs (lib.strings.splitString "\n" text));
|
||||
}
|
||||
29
local/pkgs/12to11/default.nix
Normal file
29
local/pkgs/12to11/default.nix
Normal file
@@ -0,0 +1,29 @@
|
||||
{
|
||||
lib, stdenv, fetchsvn, xorg, libdrm
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "12to11";
|
||||
version = "193";
|
||||
src = fetchsvn
|
||||
{
|
||||
url = "svn://svn.code.sf.net/p/twelveto11/code";
|
||||
rev = version;
|
||||
sha256 = "12csy55f2xxj03c5b60dvip68mz8cggic6751y3hvj22ar4ncaaj";
|
||||
};
|
||||
postPatch =
|
||||
''
|
||||
for i in *.c
|
||||
do
|
||||
sed -i -e "s|#include <drm_fourcc.h>|#include <libdrm/drm_fourcc.h>|" $i
|
||||
done
|
||||
for i in tests/*.c
|
||||
do
|
||||
sed -i -e "s|#include <drm/drm_fourcc.h>|#include <libdrm/drm_fourcc.h>|" $i
|
||||
done
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ ];
|
||||
buildInputs = [ xorg.imake libdrm.dev ];
|
||||
}
|
||||
28
local/pkgs/default.nix
Normal file
28
local/pkgs/default.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{ lib, pkgs }: with pkgs;
|
||||
{
|
||||
typora = callPackage ./typora {};
|
||||
upho = python3Packages.callPackage ./upho {};
|
||||
spectral = python3Packages.callPackage ./spectral {};
|
||||
vesta = callPackage ./vesta {};
|
||||
oneapi = callPackage ./oneapi {};
|
||||
send = callPackage ./send {};
|
||||
rsshub = callPackage ./rsshub {};
|
||||
misskey = callPackage ./misskey {};
|
||||
mk-meili-mgn = callPackage ./mk-meili-mgn {};
|
||||
phonon-unfolding = callPackage ./phonon-unfolding {};
|
||||
# vasp = callPackage ./vasp
|
||||
# {
|
||||
# stdenv = pkgs.lmix-pkgs.intel21Stdenv;
|
||||
# intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
|
||||
# ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
|
||||
# };
|
||||
vasp = callPackage ./vasp
|
||||
{
|
||||
openmp = llvmPackages.openmp;
|
||||
openmpi = pkgs.openmpi.override { cudaSupport = false; };
|
||||
};
|
||||
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
|
||||
# "12to11" = callPackage ./12to11 {};
|
||||
huginn = callPackage ./huginn {};
|
||||
v_sim = callPackage ./v_sim {};
|
||||
}
|
||||
29
local/pkgs/huginn/default.nix
Normal file
29
local/pkgs/huginn/default.nix
Normal file
@@ -0,0 +1,29 @@
|
||||
{ lib, stdenv, bundlerEnv, fetchFromGitHub }:
|
||||
let
|
||||
pname = "huginn";
|
||||
version = "20230723";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "huginn";
|
||||
rev = "a02977ad420a01b6460634af19f714db4a8f8f36";
|
||||
hash = "sha256-Ty2EDCIjbvcf3PzPupcV4s7ZfAFTuYEjSfy0m+Yt3j4=";
|
||||
};
|
||||
gems = bundlerEnv
|
||||
{
|
||||
name = "${pname}-${version}-gems";
|
||||
gemdir = "${src}";
|
||||
gemfile = "${src}/Gemfile";
|
||||
lockfile = "${src}/Gemfile.lock";
|
||||
gemset = "${src}/gemset.nix";
|
||||
copyGemFiles = true;
|
||||
};
|
||||
in stdenv.mkDerivation
|
||||
{
|
||||
inherit pname version src;
|
||||
buildInputs = [ gems gems.wrappedRuby ];
|
||||
installPhase =
|
||||
''
|
||||
false
|
||||
'';
|
||||
}
|
||||
70
local/pkgs/misskey/default.nix
Normal file
70
local/pkgs/misskey/default.nix
Normal file
@@ -0,0 +1,70 @@
|
||||
{
|
||||
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs_20, writeShellScript, buildFHSEnv,
|
||||
bash, cypress, vips, pkg-config
|
||||
}:
|
||||
let
|
||||
pname = "misskey";
|
||||
version = "13.14.2";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "misskey";
|
||||
rev = "e02ecb3819f6f05352d43b64ae59fa1bd683e2e0";
|
||||
hash = "sha256-zsYM67LYUn+bI6kbdW9blftxw5TUxCdzlfaOOEgZz+Q=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
originalPnpmPackage = mkPnpmPackage
|
||||
{
|
||||
inherit pname version src;
|
||||
nodejs = nodejs_20;
|
||||
copyPnpmStore = true;
|
||||
};
|
||||
startScript = writeShellScript "misskey"
|
||||
''
|
||||
export PATH=${lib.makeBinPath [ bash nodejs_20 nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress ]}:$PATH
|
||||
export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
|
||||
export NODE_ENV=production
|
||||
pnpm run migrateandstart
|
||||
'';
|
||||
in
|
||||
stdenv.mkDerivation
|
||||
{
|
||||
inherit version src pname;
|
||||
nativeBuildInputs =
|
||||
[ bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config ];
|
||||
CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
|
||||
NODE_ENV = "production";
|
||||
configurePhase =
|
||||
''
|
||||
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
|
||||
export npm_config_nodedir=${nodejs_20}
|
||||
|
||||
runHook preConfigure
|
||||
|
||||
store=$(pnpm store path)
|
||||
mkdir -p $(dirname $store)
|
||||
|
||||
cp -f ${originalPnpmPackage.passthru.patchedLockfileYaml} pnpm-lock.yaml
|
||||
cp -RL ${originalPnpmPackage.passthru.pnpmStore} $store
|
||||
chmod -R +w $store
|
||||
pnpm install --frozen-lockfile --offline
|
||||
|
||||
runHook postConfigure
|
||||
'';
|
||||
buildPhase =
|
||||
''
|
||||
runHook preBuild
|
||||
pnpm run build
|
||||
runHook postBuild
|
||||
'';
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
mv * .* $out
|
||||
mkdir -p $out/bin
|
||||
cp ${startScript} $out/bin/misskey
|
||||
mkdir -p $out/files
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
||||
16
local/pkgs/mk-meili-mgn/default.nix
Normal file
16
local/pkgs/mk-meili-mgn/default.nix
Normal file
@@ -0,0 +1,16 @@
|
||||
{ lib, fetchFromGitHub, rustPlatform, pkg-config, openssl }:
|
||||
rustPlatform.buildRustPackage rec
|
||||
{
|
||||
pname = "mk-meili-mgn";
|
||||
version = "20230827";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "mk-meili-mgn";
|
||||
rev = "53e282c992293ec735c9bc964f097b5bdbc3e48a";
|
||||
hash = "sha256-KBSoEGfWKDXZHSzSzak1v0nxtQQGI15DQTyNAPhsIB4=";
|
||||
};
|
||||
cargoHash = "sha256-wNdMPPl2H2iSrNYjoij0Qg/c2S5RjTHpOMV1RfHU27g=";
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ openssl ];
|
||||
}
|
||||
28
local/pkgs/phonon-unfolding/default.nix
Normal file
28
local/pkgs/phonon-unfolding/default.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
stdenv, fetchFromGitHub, gfortran, blas
|
||||
}:
|
||||
stdenv.mkDerivation
|
||||
{
|
||||
pname = "phonon-unfolding";
|
||||
version = "0";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "phonon_unfolding";
|
||||
rev = "ec363ef2bad0ee18a0839a1681ea9915c0b72e1d";
|
||||
hash = "sha256-zDTbtYk5OXf//6eS4gEF7IvrpWcRAz18ue48IDZnfSk=";
|
||||
};
|
||||
buildInputs = [ blas ];
|
||||
nativeBuildInputs = [ gfortran ];
|
||||
buildPhase =
|
||||
''
|
||||
gfortran PhononUnfoldingModule.f90 -o PhononUnfoldingModule.mod -c
|
||||
gfortran PhononUnfolding.f90 -c -o PhononUnfolding.mod
|
||||
gfortran PhononUnfolding.mod PhononUnfoldingModule.mod -o PhononUnfolding -lblas
|
||||
'';
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
cp PhononUnfolding $out/bin
|
||||
'';
|
||||
}
|
||||
58
local/pkgs/rsshub/default.nix
Normal file
58
local/pkgs/rsshub/default.nix
Normal file
@@ -0,0 +1,58 @@
|
||||
{
|
||||
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs, writeShellScript,
|
||||
chromium, bash
|
||||
}:
|
||||
let
|
||||
pname = "rsshub";
|
||||
version = "20230829";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "DIYgod";
|
||||
repo = "RSSHub";
|
||||
rev = "afcf9774260dc6505263cf0428970e890f2f7b1d";
|
||||
hash = "sha256-BQFE0Z5DsFTf0tylQ0NN89hCdXT/Y2M+YPa/10ccOVg=";
|
||||
};
|
||||
originalPnpmPackage = mkPnpmPackage { inherit pname version src nodejs; };
|
||||
nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
|
||||
rsshub-unwrapped = stdenv.mkDerivation
|
||||
{
|
||||
inherit version src;
|
||||
pname = "${pname}-unwrapped";
|
||||
configurePhase =
|
||||
''
|
||||
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
|
||||
export npm_config_nodedir=${nodejs}
|
||||
|
||||
runHook preConfigure
|
||||
|
||||
ln -s ${nodeModules}/. node_modules
|
||||
|
||||
runHook postConfigure
|
||||
'';
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
mv * .* $out
|
||||
runHook postInstall
|
||||
'';
|
||||
};
|
||||
startScript = writeShellScript "rsshub"
|
||||
''
|
||||
cd ${rsshub-unwrapped}
|
||||
export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm chromium ]}:$PATH
|
||||
export CHROMIUM_EXECUTABLE_PATH=chromium
|
||||
pnpm start
|
||||
'';
|
||||
in stdenv.mkDerivation rec
|
||||
{
|
||||
inherit pname version;
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
mkdir -p $out/bin
|
||||
cp ${startScript} $out/bin/rsshub
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
||||
15
local/pkgs/send/default.nix
Normal file
15
local/pkgs/send/default.nix
Normal file
@@ -0,0 +1,15 @@
|
||||
{ buildNpmPackage, fetchFromGitHub, nodejs-16_x }:
|
||||
buildNpmPackage.override { nodejs = nodejs-16_x; }
|
||||
{
|
||||
pname = "send";
|
||||
version = "3.4.23";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "timvisee";
|
||||
repo = "send";
|
||||
rev = "6ad2885a168148fb996d3983457bc39527c7c8e5";
|
||||
hash = "sha256-/w9KhktDVSAmp6EVIRHFM63mppsIzYSm5F7CQQd/2+E=";
|
||||
};
|
||||
npmDepsHash = "sha256-r1iaurKuhpP0sevB5pFdtv9j1ikM1fKL7Jgakh4FzTI=";
|
||||
makeCacheWritable = true;
|
||||
}
|
||||
15
local/pkgs/spectral/default.nix
Normal file
15
local/pkgs/spectral/default.nix
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
lib, fetchPypi, buildPythonPackage,
|
||||
numpy, pillow, wxPython_4_2, matplotlib, ipython, pyopengl
|
||||
}: buildPythonPackage rec
|
||||
{
|
||||
pname = "spectral";
|
||||
version = "0.23.1";
|
||||
src = fetchPypi
|
||||
{
|
||||
inherit pname version;
|
||||
sha256 = "sha256-4YIic1Je81g7J6lmIm1Vr+CefSmnI2z82LwN+x+Wj8I=";
|
||||
};
|
||||
doCheck = false;
|
||||
propagatedBuildInputs = [ numpy pillow wxPython_4_2 matplotlib ipython pyopengl ];
|
||||
}
|
||||
42
local/pkgs/typora/default.nix
Normal file
42
local/pkgs/typora/default.nix
Normal file
@@ -0,0 +1,42 @@
|
||||
{ lib, stdenv, steam-run, fetchurl, writeShellScript }:
|
||||
let
|
||||
typora-dist = stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "typora-dist";
|
||||
version = "1.6.6";
|
||||
src = fetchurl
|
||||
{
|
||||
url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
|
||||
sha256 = "sha256-77mCgmsROLhfuOmOOyl2C5Ug2NfqEvcD+kMA3aiAQtA=";
|
||||
};
|
||||
|
||||
dontFixup = true;
|
||||
|
||||
unpackPhase =
|
||||
''
|
||||
ar x ${src}
|
||||
tar xf data.tar.xz
|
||||
'';
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out
|
||||
mv usr/share $out
|
||||
'';
|
||||
};
|
||||
in stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "typora";
|
||||
inherit (typora-dist) version;
|
||||
BuildInputs = [ typora-dist steam-run ];
|
||||
startScript = writeShellScript "typora" "${steam-run}/bin/steam-run ${typora-dist}/share/typora/Typora $@";
|
||||
phases = [ "installPhase" ];
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin $out/share/applications
|
||||
ln -s ${startScript} $out/bin/typora
|
||||
cp ${typora-dist}/share/applications/typora.desktop $out/share/applications
|
||||
sed -i "s|Exec=.*|Exec=${startScript} %U|g" $out/share/applications/typora.desktop
|
||||
sed -i "s|Icon=.*|Icon=${typora-dist}/share/icons/hicolor/256x256/apps/typora.png|g" \
|
||||
$out/share/applications/typora.desktop
|
||||
'';
|
||||
}
|
||||
14
local/pkgs/upho/default.nix
Normal file
14
local/pkgs/upho/default.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
{ lib, fetchFromGitHub, buildPythonPackage, numpy, h5py, phonopy }: buildPythonPackage rec
|
||||
{
|
||||
pname = "upho";
|
||||
version = "0.6.6";
|
||||
src = fetchFromGitHub
|
||||
{
|
||||
owner = "CHN-beta";
|
||||
repo = "upho";
|
||||
rev = "0f27ac6918e8972c70692816438e4ac37ec6b348";
|
||||
sha256 = "sha256-NvoV+AUH9MmGT4ohrLAAvpLs8APP2DOKYlZVliHrVRM=";
|
||||
};
|
||||
doCheck = false;
|
||||
propagatedBuildInputs = [ numpy h5py phonopy ];
|
||||
}
|
||||
28
local/pkgs/v_sim/default.nix
Normal file
28
local/pkgs/v_sim/default.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
stdenv, lib, fetchFromGitLab,
|
||||
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
|
||||
glib, gtk3, epoxy, libyaml
|
||||
}:
|
||||
stdenv.mkDerivation
|
||||
{
|
||||
pname = "v_sim";
|
||||
version = "3.8.0_p20230824";
|
||||
src = fetchFromGitLab
|
||||
{
|
||||
owner = "l_sim";
|
||||
repo = "v_sim";
|
||||
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
|
||||
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
|
||||
};
|
||||
buildInputs = [ glib gtk3 epoxy libyaml ];
|
||||
nativeBuildInputs =
|
||||
[
|
||||
autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
|
||||
gtk-doc gfortran libxslt.bin
|
||||
];
|
||||
enableParallelBuilding = true;
|
||||
postPatch =
|
||||
''
|
||||
./autogen.sh
|
||||
'';
|
||||
}
|
||||
77
local/pkgs/vasp/default.nix
Normal file
77
local/pkgs/vasp/default.nix
Normal file
@@ -0,0 +1,77 @@
|
||||
# {
|
||||
# stdenv, requireFile, config, rsync, intel-mpi, ifort,
|
||||
# mkl
|
||||
# }:
|
||||
# stdenv.mkDerivation rec
|
||||
# {
|
||||
# pname = "vasp";
|
||||
# version = "6.4.0";
|
||||
# # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
|
||||
# src = requireFile
|
||||
# {
|
||||
# name = "${pname}-${version}";
|
||||
# sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
|
||||
# hashMode = "recursive";
|
||||
# message = "Source file not found.";
|
||||
# };
|
||||
# VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
|
||||
# MKLROOT = mkl;
|
||||
# makeFlags = "DEPS=1";
|
||||
# enableParallelBuilding = true;
|
||||
# buildInputs = [ mkl intel-mpi ifort ];
|
||||
# nativeBuildInputs = [ rsync ];
|
||||
# configurePhase =
|
||||
# ''
|
||||
# cp arch/makefile.include.intel makefile.include
|
||||
# echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
|
||||
# echo "OBJECTS_LIB += getshmem.o" >> makefile.include
|
||||
# mkdir -p bin
|
||||
# '';
|
||||
# installPhase =
|
||||
# ''
|
||||
# mkdir -p $out/bin
|
||||
# for i in std gam ncl; do
|
||||
# cp bin/vasp_$i $out/bin/vasp-cpu-${version}-$i
|
||||
# done
|
||||
# '';
|
||||
# doStrip = false;
|
||||
# doFixup = false;
|
||||
# }
|
||||
{
|
||||
stdenvNoCC, requireFile, rsync, blas, scalapack, openmpi, openmp, gfortran, gcc, fftwMpi
|
||||
}:
|
||||
stdenvNoCC.mkDerivation rec
|
||||
{
|
||||
pname = "vasp";
|
||||
version = "6.4.0";
|
||||
# nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
|
||||
src = requireFile
|
||||
{
|
||||
name = "${pname}-${version}";
|
||||
sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
|
||||
hashMode = "recursive";
|
||||
message = "Source file not found.";
|
||||
};
|
||||
# VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
|
||||
# MKLROOT = mkl;
|
||||
makeFlags = "DEPS=1";
|
||||
enableParallelBuilding = true;
|
||||
buildInputs = [ blas scalapack openmpi openmp gfortran gfortran.cc gcc fftwMpi.dev fftwMpi ];
|
||||
nativeBuildInputs = [ rsync ];
|
||||
FFTW_ROOT = fftwMpi.dev;
|
||||
configurePhase =
|
||||
''
|
||||
cp ${./makefile.include/${version}-gnu} makefile.include
|
||||
chmod +w makefile.include
|
||||
echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
|
||||
echo "OBJECTS_LIB += getshmem.o" >> makefile.include
|
||||
mkdir -p bin
|
||||
'';
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
for i in std gam ncl; do
|
||||
cp bin/vasp_$i $out/bin/vasp-gnu-${version}-$i
|
||||
done
|
||||
'';
|
||||
}
|
||||
@@ -8,7 +8,7 @@ CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
|
||||
-Duse_bse_te \
|
||||
-Dtbdyn \
|
||||
-Dfock_dblbuf \
|
||||
-D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
|
||||
-D_OPENMP
|
||||
|
||||
CPP = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)
|
||||
|
||||
@@ -19,7 +19,7 @@ FREE = -ffree-form -ffree-line-length-none
|
||||
|
||||
FFLAGS = -w -ffpe-summary=none
|
||||
|
||||
OFLAG = -O2
|
||||
OFLAG = -O3
|
||||
OFLAG_IN = $(OFLAG)
|
||||
DEBUG = -O0
|
||||
|
||||
@@ -35,7 +35,7 @@ CFLAGS_LIB = -O
|
||||
FFLAGS_LIB = -O1
|
||||
FREE_LIB = $(FREE)
|
||||
|
||||
OBJECTS_LIB = linpack_double.o getshmem.o
|
||||
OBJECTS_LIB = linpack_double.o
|
||||
|
||||
# For the parser library
|
||||
CXX_PARS = g++
|
||||
@@ -49,35 +49,46 @@ LLIBS = -lstdc++
|
||||
|
||||
# When compiling on the target machine itself, change this to the
|
||||
# relevant target when cross-compiling for another architecture
|
||||
# VASP_TARGET_CPU ?= -march=native
|
||||
# FFLAGS += $(VASP_TARGET_CPU)
|
||||
|
||||
# For gcc-10 and higher (comment out for older versions)
|
||||
FFLAGS += -fallow-argument-mismatch
|
||||
|
||||
# BLAS and LAPACK (mandatory)
|
||||
# OPENBLAS_ROOT ?= /path/to/your/openblas/installation
|
||||
# BLASPACK = -L$(OPENBLAS_ROOT)/lib -lopenblas
|
||||
BLASPACK = -lblas
|
||||
|
||||
# scaLAPACK (mandatory)
|
||||
# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
|
||||
# SCALAPACK = -L$(SCALAPACK_ROOT)/lib -lscalapack
|
||||
SCALAPACK = -lscalapack
|
||||
|
||||
LLIBS += $(SCALAPACK) $(BLASPACK)
|
||||
|
||||
# FFTW (mandatory)
|
||||
LLIBS += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
|
||||
# FFTW_ROOT ?= /path/to/your/fftw/installation
|
||||
# LLIBS += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
|
||||
LLIBS += -lfftw3 -lfftw3_omp
|
||||
INCS += -I$(FFTW_ROOT)/include
|
||||
|
||||
# HDF5-support (optional but strongly recommended)
|
||||
CPP_OPTIONS+= -DVASP_HDF5
|
||||
LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
|
||||
INCS += -I$(HDF5_ROOT)/include
|
||||
#CPP_OPTIONS+= -DVASP_HDF5
|
||||
#HDF5_ROOT ?= /path/to/your/hdf5/installation
|
||||
#LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
|
||||
#INCS += -I$(HDF5_ROOT)/include
|
||||
|
||||
# For the VASP-2-Wannier90 interface (optional)
|
||||
CPP_OPTIONS += -DVASP2WANNIER90
|
||||
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
|
||||
#CPP_OPTIONS += -DVASP2WANNIER90
|
||||
#WANNIER90_ROOT ?= /path/to/your/wannier90/installation
|
||||
#LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
|
||||
|
||||
# For the fftlib library (recommended)
|
||||
CPP_OPTIONS+= -Dsysv
|
||||
FCL += fftlib.o
|
||||
CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
|
||||
INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
|
||||
# INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
|
||||
INCS_FFTLIB = -I./include
|
||||
LIBS += fftlib
|
||||
LLIBS += -ldl
|
||||
@@ -1,11 +1,22 @@
|
||||
{ stdenv, src, autoPatchelfHook, makeWrapper, python3, attrsToList, gnused }:
|
||||
{ stdenv, fetchurl, requireFile, autoPatchelfHook, makeWrapper, python3, attrsToList, gnused }:
|
||||
let
|
||||
potcar = requireFile
|
||||
{
|
||||
name = "POTCAR";
|
||||
sha256 = "01adpp9amf27dd39m8svip3n6ax822vsyhdi6jn5agj13lis0ln3";
|
||||
hashMode = "recursive";
|
||||
message = "POTCAR not found.";
|
||||
};
|
||||
unwrapped = stdenv.mkDerivation
|
||||
{
|
||||
pname = "vaspkit-unwrapped";
|
||||
inherit (src) version;
|
||||
src = src.vaspkit;
|
||||
version = "1.4.1";
|
||||
buildInputs = [ autoPatchelfHook stdenv.cc.cc ];
|
||||
src = fetchurl
|
||||
{
|
||||
url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.1.4.1.linux.x64.tar.gz";
|
||||
sha256 = "0i5m7nbvqk7hzxisyydjvs2l8lnvj9vsxa170783kv9zmp51lnvs";
|
||||
};
|
||||
installPhase =
|
||||
''
|
||||
runHook preInstall
|
||||
@@ -15,7 +26,7 @@ let
|
||||
'';
|
||||
};
|
||||
python = python3.withPackages (pythonPackages: with pythonPackages; [ numpy scipy matplotlib ]);
|
||||
envirmentVariables = let inherit (src) potcar; in
|
||||
envirmentVariables =
|
||||
{
|
||||
LDA_PATH = "${potcar}/PAW_LDA";
|
||||
PBE_PATH = "${potcar}/PAW_PBE";
|
||||
42
local/pkgs/vesta/default.nix
Normal file
42
local/pkgs/vesta/default.nix
Normal file
@@ -0,0 +1,42 @@
|
||||
{
|
||||
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook, makeWrapper,
|
||||
glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec
|
||||
{
|
||||
pname = "vesta";
|
||||
version = "3.5.5";
|
||||
src = fetchurl
|
||||
{
|
||||
url = "https://jp-minerals.org/vesta/archives/${version}/VESTA-gtk3.tar.bz2";
|
||||
sha256 = "sRzQNJA7+hsjLWmykqe6bH0p1/aGEB8hCuxCyPzxYHs=";
|
||||
};
|
||||
desktopFile = fetchurl
|
||||
{
|
||||
url = "https://aur.archlinux.org/cgit/aur.git/plain/VESTA.desktop?h=vesta&id=4fae08afc37ee0fd88d14328cf0d6b308fea04d1";
|
||||
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook makeWrapper ];
|
||||
buildInputs = [ glib gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst ];
|
||||
|
||||
unpackPhase = "tar -xf ${src}";
|
||||
|
||||
installPhase =
|
||||
''
|
||||
echo $out
|
||||
mkdir -p $out/share/applications
|
||||
cp ${desktopFile} $out/share/applications/vesta.desktop
|
||||
sed -i "s|Exec=.*|Exec=$out/bin/vesta|" $out/share/applications/vesta.desktop
|
||||
sed -i "s|Icon=.*|Icon=$out/opt/VESTA-gtk3/img/logo.png|" $out/share/applications/vesta.desktop
|
||||
|
||||
mkdir -p $out/opt
|
||||
cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
|
||||
|
||||
mkdir -p $out/bin
|
||||
makeWrapper $out/opt/VESTA-gtk3/VESTA $out/bin/vesta
|
||||
|
||||
patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
|
||||
'';
|
||||
}
|
||||
@@ -1,32 +1,87 @@
|
||||
inputs:
|
||||
let bugs =
|
||||
{
|
||||
# suspend & hibernate do not use platform
|
||||
suspend-hibernate-no-platform.systemd.sleep.extraConfig =
|
||||
''
|
||||
SuspendState=freeze
|
||||
HibernateMode=shutdown
|
||||
'';
|
||||
# xmunet use old encryption
|
||||
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
|
||||
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
|
||||
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
|
||||
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
|
||||
iwlwifi.boot.extraModprobeConfig =
|
||||
''
|
||||
options iwlwifi power_save=0
|
||||
options iwlmvm power_scheme=1
|
||||
options iwlwifi uapsd_disable=1
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
options.nixos.bugs = inputs.lib.mkOption
|
||||
{
|
||||
type = inputs.lib.types.listOf (inputs.lib.types.enum (builtins.attrNames bugs));
|
||||
default = [];
|
||||
};
|
||||
config = inputs.lib.mkMerge (builtins.map
|
||||
(bug: inputs.lib.mkIf (builtins.elem bug inputs.config.nixos.bugs) bugs.${bug})
|
||||
(builtins.attrNames bugs));
|
||||
}
|
||||
let
|
||||
inherit (inputs.localLib) stripeTabs;
|
||||
inherit (builtins) map attrNames;
|
||||
inherit (inputs.lib) mkMerge mkIf mkOption types;
|
||||
bugs =
|
||||
{
|
||||
# intel i915 hdmi
|
||||
intel-hdmi.boot.kernelPatches = [{ name = "intel-hdmi"; patch = ./intel-hdmi.patch; }];
|
||||
# suspend & hibernate do not use platform
|
||||
suspend-hibernate-no-platform.systemd.sleep.extraConfig =
|
||||
''
|
||||
SuspendState=freeze
|
||||
HibernateMode=shutdown
|
||||
'';
|
||||
# reload iwlwifi after resume from hibernate
|
||||
hibernate-iwlwifi.systemd.services.reload-iwlwifi-after-hibernate =
|
||||
{
|
||||
description = "reload iwlwifi after resume from hibernate";
|
||||
after = [ "systemd-hibernate.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in
|
||||
''
|
||||
${modprobe} -r iwlwifi
|
||||
${modprobe} iwlwifi
|
||||
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
|
||||
'';
|
||||
wantedBy = [ "systemd-hibernate.service" ];
|
||||
};
|
||||
# disable wakeup on lid open
|
||||
suspend-lid-no-wakeup.systemd.services.lid-no-wakeup =
|
||||
{
|
||||
description = "lid no wake up";
|
||||
serviceConfig.Type = "oneshot";
|
||||
script =
|
||||
let
|
||||
cat = "${inputs.pkgs.coreutils}/bin/cat";
|
||||
grep = "${inputs.pkgs.gnugrep}/bin/grep";
|
||||
in
|
||||
''
|
||||
if ${cat} /proc/acpi/wakeup | ${grep} LID0 | ${grep} -q enabled
|
||||
then
|
||||
echo LID0 > /proc/acpi/wakeup
|
||||
fi
|
||||
'';
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
# xmunet use old encryption
|
||||
xmunet.nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];});
|
||||
};
|
||||
suspend-hibernate-waydroid.systemd.services =
|
||||
let
|
||||
systemctl = "${inputs.pkgs.systemd}/bin/systemctl";
|
||||
in
|
||||
{
|
||||
"waydroid-hibernate" =
|
||||
{
|
||||
description = "waydroid hibernate";
|
||||
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
|
||||
before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = "${systemctl} stop waydroid-container";
|
||||
};
|
||||
"waydroid-resume" =
|
||||
{
|
||||
description = "waydroid resume";
|
||||
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
|
||||
after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = "${systemctl} start waydroid-container";
|
||||
};
|
||||
};
|
||||
firefox.programs.firefox.enable = inputs.lib.mkForce false;
|
||||
embree.nixpkgs.overlays =
|
||||
[(final: prev: { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })];
|
||||
};
|
||||
in
|
||||
{
|
||||
options.nixos.bugs = mkOption
|
||||
{
|
||||
type = types.listOf (types.enum (attrNames bugs));
|
||||
default = [];
|
||||
};
|
||||
config = mkMerge (map (bug: mkIf (builtins.elem bug inputs.config.nixos.bugs) bugs.${bug}) (attrNames bugs));
|
||||
}
|
||||
|
||||
14
modules/bugs/intel-hdmi.patch
Normal file
14
modules/bugs/intel-hdmi.patch
Normal file
@@ -0,0 +1,14 @@
|
||||
diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c
|
||||
index 55544d484318..d6f257f8fd14 100644
|
||||
--- a/drivers/gpu/drm/i915/display/intel_bios.c
|
||||
+++ b/drivers/gpu/drm/i915/display/intel_bios.c
|
||||
@@ -2708,7 +2708,7 @@ static void parse_ddi_port(struct intel_bios_encoder_data *devdata)
|
||||
if (i915->display.vbt.ports[port]) {
|
||||
drm_dbg_kms(&i915->drm,
|
||||
"More than one child device for port %c in VBT, using the first.\n",
|
||||
port_name(port));
|
||||
- return;
|
||||
+ // return;
|
||||
}
|
||||
|
||||
sanitize_device_type(devdata, port);
|
||||
@@ -1,30 +1,35 @@
|
||||
inputs: let inherit (inputs) topInputs; in
|
||||
{
|
||||
imports = inputs.localLib.mkModules
|
||||
[
|
||||
topInputs.home-manager.nixosModules.home-manager
|
||||
topInputs.sops-nix.nixosModules.sops
|
||||
topInputs.nix-index-database.nixosModules.nix-index
|
||||
topInputs.impermanence.nixosModules.impermanence
|
||||
topInputs.nix-flatpak.nixosModules.nix-flatpak
|
||||
topInputs.chaotic.nixosModules.default
|
||||
{ config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
|
||||
topInputs.catppuccin.nixosModules.catppuccin
|
||||
topInputs.aagl.nixosModules.default
|
||||
topInputs.nixvirt.nixosModules.default
|
||||
topInputs.niri.nixosModules.niri
|
||||
{ config.niri-flake.cache.enable = false; }
|
||||
(inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
home-manager.sharedModules =
|
||||
[
|
||||
topInputs.plasma-manager.homeModules.plasma-manager
|
||||
topInputs.catppuccin.homeModules.catppuccin
|
||||
topInputs.dankmaterialshell.homeModules.dankMaterialShell
|
||||
];
|
||||
};
|
||||
})
|
||||
] ++ (inputs.localLib.findModules ./.);
|
||||
}
|
||||
inputs:
|
||||
let
|
||||
inherit (inputs) topInputs;
|
||||
inherit (inputs.localLib) mkModules;
|
||||
in
|
||||
{
|
||||
imports = mkModules
|
||||
[
|
||||
topInputs.home-manager.nixosModules.home-manager
|
||||
topInputs.sops-nix.nixosModules.sops
|
||||
topInputs.aagl.nixosModules.default
|
||||
topInputs.nix-index-database.nixosModules.nix-index
|
||||
topInputs.nur.nixosModules.nur
|
||||
topInputs.nur-xddxdd.nixosModules.setupOverlay
|
||||
topInputs.impermanence.nixosModules.impermanence
|
||||
(inputs: { config.nixpkgs.overlays =
|
||||
[
|
||||
topInputs.qchem.overlays.default
|
||||
topInputs.nixd.overlays.default
|
||||
topInputs.nix-alien.overlays.default
|
||||
topInputs.napalm.overlays.default
|
||||
topInputs.pnpm2nix-nzbr.overlays.default
|
||||
topInputs.lmix.overlays.default
|
||||
(import "${topInputs.dguibert-nur-packages}/overlays/nvhpc-overlay")
|
||||
(final: prev:
|
||||
{
|
||||
touchix = topInputs.touchix.packages."${prev.system}";
|
||||
nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
|
||||
nur-xddxdd = topInputs.nur-xddxdd.overlays.default final prev;
|
||||
deploy-rs = { inherit (prev) deploy-rs; inherit ((topInputs.deploy-rs.overlay final prev).deploy-rs) lib; };
|
||||
})
|
||||
];})
|
||||
./hardware ./packages ./system ./virtualization ./services ./bugs ./users
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.hardware.asus = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{ type = types.nullOr (types.submodule {}); default = null; };
|
||||
config = let inherit (inputs.config.nixos.hardware) asus; in inputs.lib.mkIf (asus != null)
|
||||
{
|
||||
services.asusd = { enable = true; enableUserService = true; };
|
||||
programs.rog-control-center.enable = true;
|
||||
};
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.hardware.cpu = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.enum [ "intel" "amd" ]);
|
||||
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
|
||||
if march == null then null
|
||||
else if inputs.lib.hasPrefix "znver" march then "amd"
|
||||
else if (inputs.lib.hasSuffix "lake" march)
|
||||
|| (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ])
|
||||
then "intel"
|
||||
else null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.hardware) cpu; in inputs.lib.mkIf (cpu != null) (inputs.lib.mkMerge
|
||||
[
|
||||
(inputs.lib.mkIf (cpu == "intel")
|
||||
{
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp" ];
|
||||
})
|
||||
(inputs.lib.mkIf (cpu == "amd")
|
||||
{
|
||||
hardware.cpu.amd = { updateMicrocode = true; ryzen-smu.enable = true; };
|
||||
environment.systemPackages = with inputs.pkgs; [ zenmonitor ];
|
||||
programs.ryzen-monitor-ng.enable = true;
|
||||
})
|
||||
]);
|
||||
}
|
||||
@@ -1,39 +1,146 @@
|
||||
inputs:
|
||||
{
|
||||
imports = inputs.localLib.findModules ./.;
|
||||
options.nixos.hardware =
|
||||
let
|
||||
inherit (inputs.lib) mkOption types;
|
||||
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
|
||||
in
|
||||
options.nixos.hardware = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
bluetooth.enable = mkOption { type = types.bool; default = false; };
|
||||
joystick.enable = mkOption { type = types.bool; default = false; };
|
||||
printer.enable = mkOption { type = types.bool; default = false; };
|
||||
sound.enable = mkOption { type = types.bool; default = false; };
|
||||
cpus = mkOption { type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
|
||||
gpus = mkOption { type = types.listOf (types.enum [ "intel" "nvidia" ]); default = []; };
|
||||
prime =
|
||||
{
|
||||
joystick = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
|
||||
printer = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
|
||||
sound = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
|
||||
busId = mkOption { type = types.attrsOf types.str; default = {}; };
|
||||
};
|
||||
config = let inherit (inputs.config.nixos) hardware; in inputs.lib.mkMerge
|
||||
[
|
||||
# joystick
|
||||
(inputs.lib.mkIf (hardware.joystick != null) { hardware = { xone.enable = true; xpadneo.enable = true; }; })
|
||||
# printer
|
||||
(
|
||||
inputs.lib.mkIf (hardware.printer != null)
|
||||
{
|
||||
services =
|
||||
gamemode.drmDevice = mkOption { type = types.int; default = 0; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.config.nixos) hardware;
|
||||
inherit (builtins) listToAttrs map concatLists;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
in mkMerge
|
||||
[
|
||||
# bluetooth
|
||||
(mkIf hardware.bluetooth.enable { hardware.bluetooth.enable = true; })
|
||||
# joystick
|
||||
(mkIf hardware.joystick.enable { hardware = { xone.enable = true; xpadneo.enable = true; }; })
|
||||
# printer
|
||||
(
|
||||
mkIf hardware.printer.enable
|
||||
{
|
||||
printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
|
||||
avahi = { enable = true; nssmdns4 = true; openFirewall = true; };
|
||||
};
|
||||
}
|
||||
)
|
||||
# sound
|
||||
(
|
||||
inputs.lib.mkIf (hardware.sound != null)
|
||||
{
|
||||
services.pulseaudio.enable = false;
|
||||
services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
|
||||
security.rtkit.enable = true;
|
||||
}
|
||||
)
|
||||
];
|
||||
services =
|
||||
{
|
||||
printing = { enable = true; drivers = [ inputs.pkgs.cnijfilter2 ]; };
|
||||
avahi = { enable = true; nssmdns = true; openFirewall = true; };
|
||||
};
|
||||
}
|
||||
)
|
||||
# sound
|
||||
(
|
||||
mkIf hardware.sound.enable
|
||||
{
|
||||
hardware.pulseaudio.enable = false;
|
||||
services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; };
|
||||
sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
environment.etc."wireplumber/main.lua.d/50-alsa-config.lua".text =
|
||||
let
|
||||
content = builtins.readFile
|
||||
(inputs.pkgs.wireplumber + "/share/wireplumber/main.lua.d/50-alsa-config.lua");
|
||||
matched = builtins.match
|
||||
".*\n([[:space:]]*)(--\\[\"session\\.suspend-timeout-seconds\"][^\n]*)[\n].*" content;
|
||||
spaces = builtins.elemAt matched 0;
|
||||
comment = builtins.elemAt matched 1;
|
||||
config = ''["session.suspend-timeout-seconds"] = 0'';
|
||||
in
|
||||
builtins.replaceStrings [(spaces + comment)] [(spaces + config)] content;
|
||||
}
|
||||
)
|
||||
# cpus
|
||||
(
|
||||
mkIf (hardware.cpus != [])
|
||||
{
|
||||
hardware.cpu = listToAttrs
|
||||
(map (name: { inherit name; value = { updateMicrocode = true; }; }) hardware.cpus);
|
||||
boot.initrd.availableKernelModules =
|
||||
let
|
||||
modules =
|
||||
{
|
||||
intel = [ "intel_cstate" "aesni_intel" ];
|
||||
amd = [];
|
||||
};
|
||||
in
|
||||
concatLists (map (cpu: modules.${cpu}) hardware.cpus);
|
||||
}
|
||||
)
|
||||
# gpus
|
||||
(
|
||||
mkIf (hardware.gpus != [])
|
||||
{
|
||||
boot.initrd.availableKernelModules =
|
||||
let
|
||||
modules =
|
||||
{
|
||||
intel = [ "i915" ];
|
||||
nvidia = [ "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ];
|
||||
};
|
||||
in
|
||||
concatLists (map (gpu: modules.${gpu}) hardware.gpus);
|
||||
hardware =
|
||||
{
|
||||
opengl =
|
||||
{
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
extraPackages =
|
||||
with inputs.pkgs;
|
||||
let
|
||||
packages =
|
||||
{
|
||||
intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
|
||||
nvidia = [ vaapiVdpau ];
|
||||
};
|
||||
in
|
||||
concatLists (map (gpu: packages.${gpu}) hardware.gpus);
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
nvidia.nvidiaSettings = builtins.elem "nvidia" hardware.gpus;
|
||||
};
|
||||
}
|
||||
)
|
||||
(mkIf (builtins.elem "intel" hardware.gpus) { services.xserver.deviceSection = ''Driver "modesetting"''; })
|
||||
# prime
|
||||
(
|
||||
mkIf hardware.prime.enable
|
||||
{
|
||||
hardware.nvidia = mkMerge
|
||||
[
|
||||
(
|
||||
mkIf (hardware.prime.mode == "offload")
|
||||
{
|
||||
prime.offload = { enable = true; enableOffloadCmd = true; };
|
||||
powerManagement = { finegrained = true; enable = true; };
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf (hardware.prime.mode == "sync")
|
||||
{
|
||||
prime = { sync.enable = true; };
|
||||
# prime.forceFullCompositionPipeline = true;
|
||||
}
|
||||
)
|
||||
{
|
||||
prime = listToAttrs
|
||||
(map (gpu: { inherit (gpu) value; name = "${gpu.name}BusId"; }) (attrsToList hardware.prime.busId));
|
||||
}
|
||||
|
||||
];
|
||||
}
|
||||
)
|
||||
{ programs.gamemode.settings.gpu.gpu_device = "${toString hardware.gamemode.drmDevice}"; }
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,88 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.hardware.gpu = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
type = mkOption { type = types.nullOr (types.enum [ "intel" "nvidia" "amd" ]); default = null; };
|
||||
nvidia =
|
||||
{
|
||||
dynamicBoost = mkOption { type = types.bool; default = false; };
|
||||
driver = mkOption { type = types.enum [ "production" "latest" "beta" ]; default = "production"; };
|
||||
open = mkOption { type = types.bool; default = true; };
|
||||
};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.hardware) gpu; in inputs.lib.mkIf (gpu.type != null) (inputs.lib.mkMerge
|
||||
[
|
||||
# generic settings
|
||||
(
|
||||
let gpus = inputs.lib.strings.splitString "+" gpu.type; in
|
||||
{
|
||||
boot =
|
||||
{
|
||||
initrd.availableKernelModules =
|
||||
{
|
||||
intel = [ "i915" ];
|
||||
nvidia = []; # early loading breaks resume from hibernation
|
||||
amd = [];
|
||||
}.${gpu.type};
|
||||
blacklistedKernelModules = [ "nouveau" ];
|
||||
};
|
||||
hardware =
|
||||
{
|
||||
graphics =
|
||||
{
|
||||
enable = true;
|
||||
extraPackages =
|
||||
let packages = with inputs.pkgs;
|
||||
{
|
||||
# TODO: import from nixos-hardware instead
|
||||
# enableHybridCodec is only needed for some old intel gpus (Atom, Nxxx, etc)
|
||||
intel = [ intel-vaapi-driver libvdpau-va-gl intel-media-driver ];
|
||||
nvidia = [ vaapiVdpau ];
|
||||
amd = [];
|
||||
};
|
||||
in packages.${gpu.type};
|
||||
};
|
||||
nvidia = inputs.lib.mkIf (gpu.type == "nvidia")
|
||||
{
|
||||
modesetting.enable = true;
|
||||
powerManagement.enable = true;
|
||||
dynamicBoost.enable = inputs.lib.mkIf gpu.nvidia.dynamicBoost true;
|
||||
nvidiaSettings = true;
|
||||
package = inputs.config.boot.kernelPackages.nvidiaPackages.${gpu.nvidia.driver};
|
||||
inherit (gpu.nvidia) open;
|
||||
prime.allowExternalGpu = true;
|
||||
};
|
||||
};
|
||||
services.xserver.videoDrivers =
|
||||
let driver = { intel = "modesetting"; amd = "amdgpu"; nvidia = "nvidia"; };
|
||||
in [ driver.${gpu.type} ];
|
||||
nixos.packages.packages._packages =
|
||||
let packages = with inputs.pkgs;
|
||||
{
|
||||
intel = [ intel-gpu-tools ];
|
||||
nvidia = [ nvtopPackages.full ];
|
||||
amd = [];
|
||||
};
|
||||
in packages.${gpu.type};
|
||||
environment.etc."nvidia/nvidia-application-profiles-rc.d/vram" = inputs.lib.mkIf (gpu.type == "nvidia")
|
||||
{
|
||||
source = inputs.pkgs.writeText "save-vram" (builtins.toJSON
|
||||
{
|
||||
rules = [{ pattern = { feature = "true"; matches = ""; }; profile = "save-vram"; }];
|
||||
profiles = [{ name = "save-vram"; settings = [{ key = "GLVidHeapReuseRatio"; value = 0; }]; }];
|
||||
});
|
||||
};
|
||||
}
|
||||
)
|
||||
# amdgpu
|
||||
(
|
||||
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =
|
||||
{
|
||||
opencl.enable = true;
|
||||
initrd.enable = true;
|
||||
legacySupport.enable = true;
|
||||
amdvlk = { enable = true; support32Bit.enable = true; supportExperimental.enable = true; };
|
||||
};}
|
||||
)
|
||||
]);
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.model = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
hostname = mkOption { type = types.nonEmptyStr; };
|
||||
arch = mkOption { type = types.nonEmptyStr; default = "x86_64"; };
|
||||
type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
cluster = mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
clusterName = mkOption { type = types.nonEmptyStr; };
|
||||
nodeName = mkOption { type = types.nonEmptyStr; };
|
||||
nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
config = let inherit (inputs.config.nixos) model; in inputs.lib.mkMerge
|
||||
[
|
||||
{ networking.hostName = model.hostname; }
|
||||
(inputs.lib.mkIf (model.cluster != null)
|
||||
{ nixos.model.hostname = "${model.cluster.clusterName}-${model.cluster.nodeName}"; })
|
||||
];
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user