chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:srv-archive
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:test-bindmount
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

128 Commits
srv-archiv ... test-bindm

Author SHA1 Message Date
chn
8f6bb9f6db test bindmount 2024-11-10 22:19:12 +08:00
chn
b8aa26a83d modules.user: use bind mount 2024-11-10 16:13:54 +08:00
chn
7008fa86cb modules.user: ensure home permission 2024-11-10 14:14:13 +08:00
chn
510fe49d81 modules.packages.vim: fix 2024-11-10 12:56:14 +08:00
chn
8e055d4869 devices.pc: disable remote build 2024-11-10 12:54:17 +08:00
chn
f02ad7eae6 modules.packages.vim: restore 2024-11-10 12:16:27 +08:00
chn
1fdc03ed68 devices.surface: enable vasp 2024-11-10 10:09:54 +08:00
chn
1e39e8e93f modules.system.systemd: fix 2024-11-10 10:08:50 +08:00
chn
a2d3cacf32 update nixpkgs 2024-11-10 10:01:42 +08:00
chn
00a73e319a modules.system.nixpkgs: fix embree 2024-11-10 09:49:28 +08:00
chn
e62ddd0269 packages.py4vasp: fix 2024-11-08 22:05:46 +08:00
chn
4b77c1436b modules.system.font: fix 2024-11-08 00:00:44 +08:00
chn
2c48026189 packages.v-sim: fix 2024-11-07 23:59:07 +08:00
chn
894b7cb0b2 modules.system.kernel: remove scx 2024-11-07 23:56:11 +08:00
chn
979cd2650d modules.packages.desktop: fix telegram 2024-11-07 22:17:03 +08:00
chn
8a824ed9ed Revert "modules.system.nix: fix" 
This reverts commit 24176bbb54.
 2024-11-07 18:53:44 +08:00
chn
a10d14d1e2 Revert "modules.system.nixpkgs: disable test for redis" 
This reverts commit 887ed2bf02.
 2024-11-07 18:53:19 +08:00
chn
9da408acbc modules.services.synapse: remove sliding 2024-11-07 12:45:52 +08:00
chn
fc44aba8d4 packages.mkPnpmPackage: fix 2024-11-06 20:54:40 +08:00
chn
1988bc65b1 modules.packages.helix: fix 2024-11-06 17:05:24 +08:00
chn
887ed2bf02 modules.system.nixpkgs: disable test for redis 2024-11-06 17:05:19 +08:00
chn
fa2f9c9bfd modules.syste.nix-ld: fix 2024-11-06 08:46:22 +08:00
chn
830b399cde Merge branch 'production' into next 2024-11-06 08:40:59 +08:00
chn
24176bbb54 modules.system.nix: fix 2024-11-06 08:39:37 +08:00
chn
22cca25e50 modules.packages.desktop: fix android studio 2024-11-06 08:38:25 +08:00
chn
e5d3733ac9 fix build 2024-11-06 00:05:51 +08:00
chn
a677bed0b7 comment out all fix 2024-11-05 13:51:20 +08:00
chn
beede6fa1f remove unused packages 2024-11-05 13:50:11 +08:00
chn
3beda9fcb8 update everything 2024-11-05 13:34:50 +08:00
chn
7d9284e07d Merge branch 'production' into next 2024-11-04 22:47:11 +08:00
chn
25e4bc244d modules.packages.desktop: fix android studio 2024-11-04 22:46:37 +08:00
chn
1d748d1dd3 modules.packages.desktop: add android sdk 2024-11-02 22:50:39 +08:00
chn
deac145bde Merge branch 'production' into next 2024-11-01 18:43:45 +08:00
chn
2f72a129cc modules.packages.vasp: add wannier90 2024-11-01 14:00:39 +08:00
chn
d64ac811cc update blog 2024-10-30 21:59:47 +08:00
chn
db017a062a modules.packages.server: add hwloc 2024-10-30 14:10:19 +08:00
chn
9e43c18b1a modules.packages.desktop: add qcm 2024-10-30 12:36:09 +08:00
chn
f64520fdd3 fix build 2024-10-28 15:01:18 +08:00
chn
9b393ca5c3 update blog 2024-10-28 14:59:35 +08:00
chn
d02b63b571 modules.system.binfmt: cleanup 2024-10-27 18:12:09 +08:00
chn
e8fa1caf27 modules.system.envfs: cleanup 2024-10-27 18:10:16 +08:00
chn
24e3993be6 modules.system.fontconfig: cleanup 2024-10-27 18:09:46 +08:00
chn
9e654c2dfe modules.system.grub: cleanup 2024-10-27 18:08:10 +08:00
chn
1a82adfd4c modules.user.chn.git: set editor 2024-10-27 18:03:14 +08:00
chn
01dfedf1ea modules.system.impermanence: cleanup 2024-10-27 18:00:46 +08:00
chn
d23155e08e modules.system.initrd: cleanup 2024-10-27 17:39:41 +08:00
chn
b3ffaf1374 modules.system.networking: cleanup 2024-10-27 14:05:53 +08:00
chn
824d32e0a3 modules.system.nix-ld: cleanup 2024-10-27 13:49:31 +08:00
chn
ce82594ac1 modules.system.nix: cleanup 2024-10-27 11:45:19 +08:00
chn
dadaeca8f7 modules.system.sops: cleanup 2024-10-27 11:36:38 +08:00
chn
0942bb95cb modules.model: init 2024-10-27 00:31:38 +08:00
chn
1710b4ec9a modules.packages.helix: fix 2024-10-26 21:25:19 +08:00
chn
aa57c21d1d modules.user: add lly 2024-10-26 20:27:08 +08:00
chn
84a8fdedc0 devices.pc: fix windows boot entry 2024-10-26 18:11:05 +08:00
chn
6faab1f56a devices.vps7: fix webdav 2024-10-25 17:28:29 +08:00
chn
fc757776b2 fix build 2024-10-25 17:09:48 +08:00
chn
670d9bbe50 add aagl back 2024-10-25 17:05:06 +08:00
chn
bf8de33ef3 modules.services: cleanup 2024-10-25 17:00:46 +08:00
chn
ba71159cb6 modules.services.gitea: fix 2024-10-25 16:32:32 +08:00
chn
3fc8fb9d59 Revert "modules.services.nginx: block Amazonbot" 
This reverts commit 78ace37bf7.
 2024-10-25 11:09:36 +08:00
chn
78ace37bf7 modules.services.nginx: block Amazonbot 2024-10-24 23:30:46 +08:00
chn
fd146e244c modules.packages: cleanup 2024-10-24 20:36:31 +08:00
chn
a7c594bfb1 modules.packages.desktop: cleanup 2024-10-24 20:32:29 +08:00
chn
eba1bd6e48 modules.bugs: cleanup 2024-10-24 18:25:47 +08:00
chn
4d2f8bb807 cleanup 2024-10-23 08:15:27 +08:00
chn
24d2ac9b88 use public blog 2024-10-22 18:17:45 +08:00
chn
cfa4f5a17e devices.pc: use dedicated gpu as default 2024-10-22 10:49:58 +08:00
chn
293fbeff8a update blog 2024-10-21 17:04:22 +08:00
chn
4e88fb0bb1 update misskey 2024-10-21 14:02:18 +08:00
chn
1163764286 modules.packages.ssh: use ssh hpn 2024-10-21 09:44:55 +08:00
chn
d6e0300f24 fix nodejs 2024-10-21 09:16:24 +08:00
chn
2039f5ecba make blog repo private 
revert nodejs change
 2024-10-21 00:53:53 +08:00
chn
b7592edc26 fix nodejs_20 2024-10-20 20:31:44 +08:00
chn
39bdf25764 Revert "modules.services.nextcloud: update" 
This reverts commit f05358a7c2.
 2024-10-20 19:15:52 +08:00
chn
f05358a7c2 modules.services.nextcloud: update 2024-10-20 19:13:52 +08:00
chn
4e0a1a48fd move fix into nixos 2024-10-20 19:11:19 +08:00
chn
3597f58f63 fix build 2024-10-20 10:28:56 +08:00
chn
5c5acd7dee packages.mirism: init server 2024-10-20 01:52:17 +08:00
chn
eb886c0c6e packages.mirism: init 2024-10-20 00:09:25 +08:00
chn
a0fd36d690 packages.misirm-old: rename 2024-10-20 00:03:04 +08:00
chn
fe04f6b093 fix ovito 2024-10-19 12:38:58 +08:00
chn
78dc94552f Revert "Reapply "modules.system.nixpkgs: enable ca-derivation"" 
This reverts commit d94ca34041.
 2024-10-19 12:38:07 +08:00
chn
d94ca34041 Reapply "modules.system.nixpkgs: enable ca-derivation" 
This reverts commit 48797c252b.
 2024-10-18 21:55:26 +08:00
chn
5030b33e29 update ovito 2024-10-18 21:41:35 +08:00
chn
5a05c864ca fix steam 2024-10-18 18:51:27 +08:00
chn
65c4f3a4dc Revert "fix nodejs" 
This reverts commit 0a43a9a4fe.
 2024-10-18 12:28:35 +08:00
chn
48797c252b Revert "modules.system.nixpkgs: enable ca-derivation" 
This reverts commit ec49dcf5b9.
 2024-10-18 12:28:11 +08:00
chn
0863e13f6f modules.system.nix: add ca-derivation cache 2024-10-18 11:32:56 +08:00
chn
05b0f79c67 modules.bugs.plasma: remove 2024-10-17 18:38:37 +08:00
chn
7b1123c990 modules.bugs.plasma: fix 2024-10-17 18:09:20 +08:00
chn
84451440f2 modules.services.keyd: init 2024-10-15 22:36:24 +08:00
chn
ec49dcf5b9 modules.system.nixpkgs: enable ca-derivation 2024-10-15 18:06:49 +08:00
chn
0a43a9a4fe fix nodejs 2024-10-15 10:49:27 +08:00
chn
6365b4652e modules.services.ananicy: init 2024-10-14 21:41:27 +08:00
chn
87e6f54b72 update ovito 2024-10-14 16:11:29 +08:00
chn
c64b905cb3 modules.package.helix: init 2024-10-14 13:53:07 +08:00
chn
319c3b227c devices.surface: use xanmod-latest 2024-10-14 13:02:08 +08:00
chn
cbb3393e60 modules.hardware.gpu: fix 2024-10-14 12:50:53 +08:00
chn
041da67aeb devices.surface: fix build 2024-10-14 12:42:12 +08:00
chn
922843aa6c packages.lmod: fix 2024-10-14 12:23:17 +08:00
chn
bf74084724 modules.bugs.plasma: rewrite 2024-10-14 12:22:32 +08:00
chn
421a0854d0 devices.pc: default use cachyos kernel 2024-10-14 11:57:59 +08:00
chn
d70544a2d4 modules.bugs.bluetooth: remove 2024-10-14 11:53:32 +08:00
chn
fb6525d986 modules.bugs.plasma: init 2024-10-14 11:53:30 +08:00
chn
1fbd9f2f98 Merge branch 'next' into production 2024-10-14 11:43:49 +08:00
chn
5c579399d5 remove hdfview 2024-10-12 11:06:11 +08:00
chn
59552cb86e update everything 2024-10-09 08:02:53 +08:00
chn
447106a5e8 Merge branch 'production' into next 2024-10-08 20:48:17 +08:00
chn
9ce119ea5c devices.pc: use xanmod-latest 2024-10-01 10:17:52 +08:00
chn
2ccc906d42 Revert "update nixpkgs" 
This reverts commit 92599b7419.
 2024-10-01 10:15:38 +08:00
chn
92599b7419 update nixpkgs 2024-10-01 10:11:20 +08:00
chn
48388ee644 fix build 2024-10-01 09:55:38 +08:00
chn
da26391714 update nixos-hardware 2024-10-01 09:53:26 +08:00
chn
bdd2cca8d6 devices.pc: add xanmod variant 2024-10-01 09:44:45 +08:00
chn
f0097cddb4 devices.pc: use cachyos kernel 2024-10-01 09:33:25 +08:00
chn
738bcb7277 modules.system.kernel: use xanmod-lts as default 2024-09-30 20:59:46 +08:00
chn
1a1f36caed update everything 2024-09-30 20:51:20 +08:00
chn
4204981cd9 Merge branch 'production' into next 2024-09-30 20:45:55 +08:00
chn
e2b3735392 devices.pc: switch to lts kernel 2024-09-30 20:45:07 +08:00
chn
87b7ca3689 fix build 2024-09-30 20:40:53 +08:00
chn
61316148e1 Merge branch 'production' into next 2024-09-30 00:09:40 +08:00
chn
45cd321bce Merge branch 'production' into next 2024-09-26 21:42:49 +08:00
chn
4f35f43613 fix opencv 2024-09-26 21:42:02 +08:00
chn
6eee2f4eaf modules.system.kernel: remove unused patch 2024-09-26 13:10:27 +08:00
chn
a312f6c06b fix build 2024-09-26 00:10:48 +08:00
chn
965e8cc8dc modules.packages: cleanup 2024-09-25 20:41:28 +08:00
chn
85c41f98fe fix build 2024-09-25 18:29:17 +08:00
chn
5f134d09c2 update everything 2024-09-25 13:29:14 +08:00
125 changed files with 1282 additions and 2489 deletions
Expand all files Collapse all files

1
devices/jykang.xmuhpc/.ssh/authorized_keys
View File

@@ -7,6 +7,7 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW2fx1Sim7X2i/e/RBPEl1q/XbV7wa9pmZfnRINHIv
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRpyIU8ZuYTa0LvsVHmJZ1FA7Lbp4PObjkwo+UcpCP8 wp@xmupc1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRZp8xp9hVO7e/6eflQsnFZj853IRVywc97cTevnWbg hjp@xmupc1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh wm
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc

4
devices/nas/default.nix
View File

@@ -38,10 +38,10 @@ inputs:
swap = [ "/nix/swap/swap" ];
rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
};
initrd.sshd.enable = true;
initrd.sshd = {};
nixpkgs.march = "silvermont";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
networking.networkd = {};
networking = {};
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =

36
devices/pc/default.nix
View File

@@ -4,6 +4,7 @@ inputs:
{
nixos =
{
model.type = "desktop";
system =
{
fileSystems =
@@ -23,7 +24,7 @@ inputs:
resume = "/dev/mapper/swap";
rollingRootfs = {};
};
grub.windowsEntries."645C-284C" = "Windows";
grub.windowsEntries."08D3-10DE" = "Windows";
nix =
{
marches =
@@ -41,29 +42,23 @@ inputs:
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
remote.master = { enable = true; hosts = [ "xmupc1" "xmupc2" ]; };
githubToken.enable = true;
};
nixpkgs =
{ march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
kernel =
{
variant = "xanmod-latest";
patches = [ "hibernate-progress" "amdgpu" ];
variant = "cachyos";
patches = [ "hibernate-progress" ];
modules.modprobeConfig =
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
sysctl.laptop-mode = 5;
gui.enable = true;
};
hardware =
{
cpus = [ "amd" ];
gpu =
{
type = "amd+nvidia";
nvidia = { prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
};
gpu = { type = "nvidia"; nvidia = { dynamicBoost = true; driver = "latest"; }; };
legion = {};
};
virtualization =
@@ -123,7 +118,7 @@ inputs:
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
wireguardIp = "192.168.83.3";
};
gamemode = { enable = true; drmDevice = 1; };
gamemode = { enable = true; drmDevice = 0; };
slurm =
{
enable = true;
@@ -139,10 +134,11 @@ inputs:
tui = { cpuMpiThreads = 4; cpuOpenmpThreads = 4; gpus = [ "4060" ]; };
};
ollama = {};
waydroid = {};
docker = {};
ananicy = {};
keyd = {};
};
bugs = [ "xmunet" "backlight" "amdpstate" "bluetooth" ];
bugs = [ "xmunet" "backlight" "amdpstate" ];
};
boot =
{
@@ -181,14 +177,20 @@ inputs:
};
specialisation =
{
nvidia.configuration =
hybrid.configuration =
{
nixos =
{
hardware.gpu.type = inputs.lib.mkForce "nvidia";
services.gamemode.drmDevice = inputs.lib.mkForce 0;
hardware.gpu =
{ type = inputs.lib.mkForce "amd+nvidia"; nvidia.prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; };
services.gamemode.drmDevice = inputs.lib.mkForce 1;
};
system.nixos.tags = [ "nvidia" ];
system.nixos.tags = [ "hybrid" ];
};
xanmod.configuration =
{
nixos.system.kernel.variant = inputs.lib.mkForce "xanmod-latest";
system.nixos.tags = [ "xanmod" ];
};
};
};

2
devices/pi3b/default.nix
View File

@@ -18,7 +18,7 @@ inputs:
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
networking.networkd = {};
networking = {};
nixpkgs.arch = "aarch64";
kernel.variant = "nixos";
};

4
devices/srv1/default.nix
View File

@@ -4,11 +4,12 @@ inputs:
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount = let inherit (inputs.config.nixos.system.cluster) clusterName nodeName; in
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root" =
@@ -17,7 +18,6 @@ inputs:
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
gui.enable = true;
};
hardware.cpus = [ "intel" ];
services =

4
devices/srv1/node0/default.nix
View File

@@ -4,15 +4,15 @@ inputs:
{
nixos =
{
model.cluster.nodeType = "master";
system =
{
nixpkgs.march = "cascadelake";
networking.networkd.static =
networking.static =
{
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
cluster.nodeType = "master";
};
services =
{

4
devices/srv1/node1/default.nix
View File

@@ -4,12 +4,12 @@ inputs:
{
nixos =
{
model.cluster.nodeType = "worker";
system =
{
nixpkgs.march = "broadwell";
networking.networkd.static.eno2 =
networking.static.eno2 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
cluster.nodeType = "worker";
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };

4
devices/srv1/node2/default.nix
View File

@@ -4,15 +4,15 @@ inputs:
{
nixos =
{
model.cluster.nodeType = "worker";
system =
{
nixpkgs.march = "broadwell";
networking.networkd.static =
networking.static =
{
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
cluster.nodeType = "worker";
fileSystems.mount =
{
nfs."192.168.178.1:/home" = "/home";

4
devices/srv1/node3/default.nix
View File

@@ -4,12 +4,12 @@ inputs:
{
nixos =
{
model.cluster.nodeType = "worker";
system =
{
nixpkgs.march = "broadwell";
networking.networkd.static.eno2 =
networking.static.eno2 =
{ ip = "192.168.178.4"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
cluster.nodeType = "worker";
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };

9
devices/surface/default.nix
View File

@@ -5,6 +5,7 @@ inputs:
{
nixos =
{
model.type = "desktop";
system =
{
fileSystems =
@@ -25,8 +26,7 @@ inputs:
};
nixpkgs.march = "skylake";
nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; };
kernel.patches = [ "surface" "hibernate-progress" ];
gui.enable = true;
kernel = { variant = "xanmod-latest"; patches = [ "surface" "hibernate-progress" ]; };
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
@@ -54,13 +54,12 @@ inputs:
waydroid = {};
docker = {};
};
bugs = [ "xmunet" "suspend-hibernate-no-platform" "bluetooth" ];
packages.vasp = null;
bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
};
powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
services.iptsd.config =
{
Touch = { DisableOnPalm = true; DisableOnStylus = true; Overshoot = 0.5; };
Touchscreen = { DisableOnPalm = true; DisableOnStylus = true; Overshoot = 0.5; };
Contacts = { Neutral = "Average"; NeutralValue = 10; };
};
};

6
devices/vps4/default.nix
View File

@@ -28,10 +28,8 @@ inputs:
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
initrd.sshd.enable = true;
networking.networkd = {};
nix-ld = null;
binfmt = null;
initrd.sshd = {};
networking = {};
};
services =
{

6
devices/vps6/default.nix
View File

@@ -28,8 +28,8 @@ inputs:
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
initrd.sshd.enable = true;
networking.networkd = {};
initrd.sshd = {};
networking = {};
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
};
services =
@@ -53,7 +53,7 @@ inputs:
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "peertube"
"send" "api" "git" "grafana" "peertube"
]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; })

12
devices/vps7/default.nix
View File

@@ -28,20 +28,19 @@ inputs:
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
initrd.sshd.enable = true;
networking.networkd = {};
initrd.sshd = {};
networking = {};
};
services =
{
snapper.enable = true;
sshd = {};
rsshub.enable = true;
wallabag.enable = true;
misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe";
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
@@ -51,7 +50,6 @@ inputs:
send.enable = true;
huginn.enable = true;
fz-new-order = {};
nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana.enable = true;
@@ -64,12 +62,10 @@ inputs:
wireguardIp = "192.168.83.2";
listenIp = "144.126.144.62";
};
vikunja.enable = true;
chatgpt = {};
xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
writefreely = {};
docker = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
};
};
specialisation.generic.configuration =

28
devices/vps7/secrets.yaml
View File

@@ -4,30 +4,23 @@ nginx:
detectAuth:
chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
led: ENC[AES256_GCM,data:Owax7cyp,iv:NCEKyicVCYZNgxJzlO90heUmwPjfXbZEcyXX09XQKI4=,tag:WMTCVMVCD9sJgAhRUsqvYg==,type:str]
chat: ENC[AES256_GCM,data:1HJiO1zU5SX4G56oWxv5zqGyUqnBWByrtSnQ01wvmZ7PmRkrV+DV6StMg5DtJR9HhkWYnbXlbnBHzP+poPUMag==,iv:sfwI62nwGSnsdj1RyADWgXvp5AY+9RQdtSooxbKFWTs=,tag:pN/LF0mo7RXWoIPPzzs8qw==,type:str]
maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str]
synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
postgresql:
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
mastodon: ENC[AES256_GCM,data:IQxoNjZILazu5cxkEzFAqqmGSsOffMQHoRB7AC2NqI/+CJSVsfdwiSVfxN+Jc9dmrqCjscUSxaWCMHnrZj/JyQ==,iv:d6tyj/w0uH2E3qHjEcopVhnmE/Pq0qN9PHthSArryyw=,tag:kfJsxqkErFcG11B0CmiIKw==,type:str]
gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str]
peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
@@ -38,7 +31,6 @@ rsshub:
twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
mail:
bot-encoded: ENC[AES256_GCM,data:HstqDfhKoLqDip9O+mwYGbNlNQ==,iv:CZSTfxJHhI6nG7501cQdJiZ9l3uKS7d5YsA8iVTUuoE=,tag:Rj3rvXJzDp8XzODV/gABog==,type:str]
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
synapse:
synapse:
@@ -47,14 +39,12 @@ synapse:
macaroon: ENC[AES256_GCM,data:2/8GuF/a+ocVtLN0PU17JDvXw/RoXX/CXFHPlI9THl5bY8lBm6tEawijnOKVoFLovfU=,iv:GPAr3ZjqLf9ixevsZoQgs4cPkv0VL4WJoFfQZOdThlw=,tag:HRt/igDEfUJ3K39mG7b9Fg==,type:str]
form: ENC[AES256_GCM,data:Z9cYL9ibRWmOhAYtB269n0cWZSvL4zGgc03ZRag0m8cz2j0god/Fn/w6kx3cyGK1C70=,iv:Yst6WSV63IvbMF5nnicIoBj77eSwVMnAHtHrKo2UcDk=,tag:4qf6F2rdctcCf4J9vECvYg==,type:str]
signing-key: ENC[AES256_GCM,data:BbPJiNcVTqMAL2XG3K3CIbsb8EM4r8ct/WxPK10FHRwAnqChKy3CAviYU9gewO/tNZXHvUYUAUbPww==,iv:IZB/40EE3DIxAqagdH/a4kcSmiec5l24XLCQKCQNaRo=,tag:/1t0WAPBYmYrPTx4V4wgkw==,type:str]
sliding-sync: ENC[AES256_GCM,data:POXExkTRRhXin4lD4MA61xsuzYXCT6U7QtQWtNnEb6kUWRrAvS9mqk+JTBn3onCzf2Azhi3WQOY/t+OiQFXI1w==,iv:GJfJSGb6t/q9KdVCr0dVVcD+e0yZUQzrJrtuhOlYJIE=,tag:ovd1ZXRkk7VoNo8KoYDViA==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:MwZKkYMefshuk46Cne4wn9ooFH8RCDbrxp+MbLJWli9iPHuzJJzUuQNU9EDL0aNbzyYEMt/7DErw42z6KrpGww==,iv:u/SVVTgfJO2FakiYU+uLHXjA4tHU/W6ASsR3S31+pWs=,tag:VTeKNOKwm2bsiZAOVXeBOQ==,type:str]
registration: ENC[AES256_GCM,data:+pA61vTg12lYUyXjLrHSY7y/ExfTQffLlGUI4HBOSFFPTck7bu68FrCaHOIBTtEMfjU=,iv:Ex/phkBZxglG8HiRz+m7h2HNanpq2Pxwbm08vdM3xFc=,tag:mM3YEa70FnCeYIUthK4TeA==,type:str]
macaroon: ENC[AES256_GCM,data:/+RaayKiPPpVV7OWWdaSkSSRHMjb8d58lZcpvltN9cYkN1btvMViEgdLSlfqzRRlPUE=,iv:pg9GXgNsrVWKlUAiCKZ2pYXugRH6MsBIMpHKoYWYLik=,tag:/mj5Ak7XAX/FH7sNPEVALw==,type:str]
form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
sliding-sync: ENC[AES256_GCM,data:BeA6g98IWDP6hnLFI77QqG6esDwB6j3OPzAv3eJxWoTajAsByHSgSYP1vHN5Iok6IgvSSmkf0/HiOJy1Ca8IIA==,iv:ca+t/rYwc/fAVUcz0JTmrRQCOcbDNscbnE8BpHkx/OE=,tag:eEfhUChUt4kRnO82XqRY4g==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:yFDD8GHjZWHN/Yh53DseevKAhDVwrHX60e8sGZnF4BUsUuPA/4S2PRzj7CtlpFzUH3kb0i+HkLKRvbchg93U3as=,iv:JGG7daEKs0oMKTNVi9GS7PrXn/8rFtVkHknACsEQR+g=,tag:RSN6fojLsI4dcuPu2eTiWA==,type:comment]
admin_token: ENC[AES256_GCM,data:OpjREmxJSRj+aGVoP8KKRE7ClNqRtaV8va4WLVmpl1AO6D0q/GapJvhORHQb5s5ZjIAgvWTz1w+fh050Q9sPwRsNUke3FIcyeNy7k0PHgnnVIdxnU1Vn9KMz/SovjQ0/qEQ7tArvW/EXtKfwnP9lsz9m94VBvA==,iv:9AvDqMa2PeQOSrP2th3YBgA2RxPl3oKZTyUzi/yjRTM=,tag:HYFTQDgWvBsHQk8IZxWkfw==,type:str]
@@ -62,7 +52,6 @@ mariadb:
photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str]
huginn: ENC[AES256_GCM,data:1Tdg1WDwGgFSXdChgif8knWS24BIFYnmaiSjJXxs5uj/v/5fJ1alb4K4XHW/kFRjQbuAOFfJiJ9ogJ1KAyk17A==,iv:qLMaQpVaKrjP7g2lWzhaNLghxwiV4YJmyYY1hrpu5I8=,tag:566JCENvOxgwD7tM3aQBiw==,type:str]
writefreely: ENC[AES256_GCM,data:+5jsON4SpeWKWZWlbn233XuQ/6HDzaS3XxUxDbUqAp8S/XGmn/QuFK2f375QJEiyZsnrIYkbN/CiOjdTw+nNzg==,iv:8mKqWegyxrT6908P5G0olVZzpP+BwpE7SYODEry7F3A=,tag:HeYoT0RFJGzX6DWcBQy7Jg==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
nextcloud:
@@ -92,20 +81,11 @@ fz-new-order:
username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
gitlab:
secret: ENC[AES256_GCM,data:hBax7ClSuttBacykKw42pvrvowZW8OeTry/0rkmy5BHyLM7HllNYCOw+tupIOdhVEfgJPWQeBeGuyFHt7lPRWQ==,iv:zOM+eMW04Z9QkTchkAXWYHg2eWTQmGEs/dHtUnvNVd8=,tag:RzLyecuASl9CcmQSuabN6w==,type:str]
otp: ENC[AES256_GCM,data:Hgq5Tyq+BUTsexVsjFWf07fY0znPL50+qIm+fhuVljlauXBZouQjJKMhqTs9zhLECOktYUtp0wrNa++nO1Ys9A==,iv:Am51j8QjDtldtsZL8uCu0I3pr/SQ6R8KUQinznZjClg=,tag:hbtrlG0MGNL3VcbQUG/irQ==,type:str]
dbFile: ENC[AES256_GCM,data:AKxE/Z4jooDlkIl3WpQZIlN+MLxlZ7SEWVF12/8f9aq7LtVl5B0RDA6bZbeM0PU8h4eGcSX9feSpLIVpvBAQxQ==,iv:li6hBLw9filwVVXa01oICtvY9UJsMgB+3XYOgZyCTnY=,tag:wC18TzVMM+dcpIi8wwCcIw==,type:str]
root: ENC[AES256_GCM,data:nPO4MT7BWuCHnWkbHPRYygMpieGsni4+BQs6HVwxBqH5KuD0O7I3PQlcgntxb4kWbqvyWstYW+k9LdscSEzgXg==,iv:fgfW8BljGlOIQzGK+UiEFcT6Hp5ieA8C86kwT8xRlO4=,tag:eSWPda0NYBe47uVYCOUiLg==,type:str]
grafana:
secret: ENC[AES256_GCM,data:QYhopqGcHGr+24qYlfaTdMtnyzmIZYG4PcvS9KYqC24W3M+HmloCkPHh7Y3ZTVg8MnrDGOcbA9YPLdY7eh/u4g==,iv:dh7egVIem2bgDbmWJ1sqH9fLdIYbAIQjnjNvyuEjVq0=,tag:DbIRVHbCcpKGcNc6sDTasA==,type:str]
chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:TS+toaJRgAvC78XVwTciXe2IG8++vaqXVCi/u/8Aej6qq1B9Cb6f20cp5K0=,iv:T/NkLvcYiWzIDG3jWtuhe/sH2GT4z5f0xdUGbSL901I=,tag:qN7YokFBj3Kbbx4ijHTRnw==,type:str]
vikunja:
jwtsecret: ENC[AES256_GCM,data:p6e22qPJzTGB21oWhSr8AA4bfrele9ZOHVtZ8BHgX21IhoKdm58coGtSX1CGXR7J6+1/74RdLY9K88nGrM1F1w==,iv:DGUO8rhf7Lg9dTqSmzlR/Jd2K4oUjO8w9E5bihwsykI=,tag:SpX6UI0QIju/tC1fIL9CCg==,type:str]
chatgpt:
key: ENC[AES256_GCM,data:bkLxKUqkjwpUeqeAZCaAgKiOse8QtZ0zOn9TQNA84+B3rxNiTFPisI8=,iv:Zd5dO5Sdt4HCvNZgS2K0FjJAzti6oE22vahYQl99TrI=,tag:E3o+X84tRsIEGU9Jfb85JQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:Mr6KrAzYoDXA+dPT3oXqK2wm9ahTjZ5GVE/iRPsmcM+S2MABT+8ramyHz9oIFw==,iv:nIZ8rpSxz2GwMbDQFfG3xauMQjiriZ1oxFMrEQeH7sQ=,tag:y5U1T1vV/mmdE/CeaeTR8g==,type:str]
chat: ENC[AES256_GCM,data:8w/0EI64a1dC,iv:dHu9JHcUY7QPd9YBKXnrRXQB2K6jpnLrSFs+1IJmkio=,tag:3ucN3uNnBxxRF+cbLsa1nQ==,type:str]
@@ -120,8 +100,6 @@ xray-server:
#ENC[AES256_GCM,data:j83rYg==,iv:3oEdAoVz7aMcezcy2chTO0LQTtKpTrJJoQZx3PC03BU=,tag:ABteEIyr2Y6MbGQhmrQySQ==,type:comment]
user3: ENC[AES256_GCM,data:Uk0Ax9FVzmmYs+ggWy7z6FEkuj2tppGlvnQdoW6PDI1VA9oI,iv:wSxigXleRUalQR1/TzKfdUVrdyEUuq+Wg42gSv1QMAI=,tag:qn6nBWv6MlGhMarCfI13BA==,type:str]
private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
writefreely:
chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
@@ -149,8 +127,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-05T02:43:01Z"
mac: ENC[AES256_GCM,data:frMtsfATEGOCwkR5g6sOLszwtBq1rfHvofevbzDHuKwJQtI4IXpfgyohyQ64tZ7K6YLqR0bf3yP9A7zyIxAzIvgKciIDdIYI/LUCAmOsUE9On70UiVxFj8WAL700geHfr2X+1Vzl9suMBA3E8h9O02wcuuD4gumZlLgXqzmbtZE=,iv:oB8W9+KO8jJbSnICsN5CMRCRs6uM6y8xszCyWlRCkV0=,tag:JxLLwUsE/7nxDAzMmUYdjg==,type:str]
lastmodified: "2024-10-25T08:48:30Z"
mac: ENC[AES256_GCM,data:VtdB55WtONC5orgSMFPuELRVtjAC9REZIscEtWLZ8Cyo+FEYmFAlj+0cg/5aOk4dr2JVUnkcWNyefM8xw7m78yU3f5KruKH0N741ngkovhJnI1V6yuY9om/NXvux6dkYKmQcAXq87rYkoDg5CFxsU9RKJncBMCA7bekebzo0aIw=,iv:7Jv8ciLxXWkCzZeU82Wv8oxBcesjb9/qzWfn9tqyta8=,tag:aEnX4E5w64oY8bbJ5Z8MRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.1

4
devices/xmupc1/default.nix
View File

@@ -4,6 +4,7 @@ inputs:
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
@@ -47,7 +48,6 @@ inputs:
forwardCompat = false;
};
};
gui = { enable = true; preferred = false; autoStart = true; };
nix.remote.slave.enable = true;
};
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
@@ -96,7 +96,7 @@ inputs:
docker = {};
};
bugs = [ "xmunet" "amdpstate" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" ];
};
services.hardware.bolt.enable = true;
};

8
devices/xmupc1/secrets/default.yaml
View File

@@ -21,6 +21,8 @@ users:
hjp: ENC[AES256_GCM,data:Ii4P9ZsUOEh3cqt3AKWlgUH1CMNnmHln9QNWdTRR3vZXkkR5j5qKAIrAltml/i3xFlt4hftYNufnupog4UlAVWQJhYBlhCSE4g==,iv:eKWmUcKItjd1dsvVP1se5CAhIFqV/eVH03gPJhBau1E=,tag:ZTE0BTSoDpJGqECklGjs2g==,type:str]
#ENC[AES256_GCM,data:hCgqHfpmeJ1Z,iv:pEKUNxhUyNAVtniTIQ2IpMPmXr2O+twq2/3Y2lIoqdw=,tag:RTqcI0XCoOymQD3r4+yS9Q==,type:comment]
zzn: ENC[AES256_GCM,data:/CSffToFJiBotXZ5rPkz0UNgI/iC0ftusPF2Ce6Of3XckjpCcikWj6n3ahJ24XsWQjp3EvacOiBorh+Kg16LjCEl0P2RMIitTQ==,iv:u9IFdp/jw7ehTshPzQVssLeh33iBYCPjSyJSLsc5EVo=,tag:/KXgmU7dcTKG8C4Y7NcMhw==,type:str]
#ENC[AES256_GCM,data:TN/ycWtGSCNY,iv:pSilXx4zKs53XX/L0+QFbwv13rutQG11sU0EgVhaJEA=,tag:L+MpcYYlsMnSpS1JQdnwIQ==,type:comment]
lly: ENC[AES256_GCM,data:XkRaNI0SqooptH/OexBCzZ4RYvA3s7qXbpCtLVidJ4pZU/o7EHlIcvMbeRxqdujhXNQ+vbS3o7CmhwJK2JVVPCCVsd6k0gMDdw==,iv:v/2mgDuR+/lb8mtyv6sn4Z9XXnuDoXkT0DeNQ7850fU=,tag:T8xxo9C7kFSNlLDjEaZK0Q==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
hpcstat:
@@ -52,8 +54,8 @@ sops:
ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:59:56Z"
mac: ENC[AES256_GCM,data:zd3ivzjgdbwGZpZssHeIwwkKFfHDxo/dzvb8ptw9noZ4hDVoC5RL9M/OLN6GrRM0wtpNFZJDs7Zz0i1zMascXdVu6mou/0il6/96r+FkQVBJWbrkY36Lk7ntDAcQmZKWxSUfSF0JPHx1rbkIQSVtsLQrpui9UDxaY5DP23xjLQg=,iv:+ouEpSlo0EovK0Qh27tm7NXSYncbjEc/EMWfWHIrCqE=,tag:4CHXmsJ4LhFBmbep3Wil3w==,type:str]
lastmodified: "2024-10-26T12:26:52Z"
mac: ENC[AES256_GCM,data:TiF/QAh6Y8Xn+3B1rlg+FvZFJ4fGP+szvvopbiEzO6AWBYp8dcD6MmaZstVzJL1BrRIQ3GENcq7EVyfZMWQlW8aRsVF/RrWOSpAKI1tiWDl+10Ov3zjr+Q8sFYTfblWXYH7Tq9pcWBChj1Kj88Ri5xRRfJTuelQoL0igHQBwfFM=,iv:ikzexH8P3CYu7SrRXwWd1Ar3+PEXSSjSVj5E3jwcZyQ=,tag:i5/F33/KcDJVQ4ceYtRErQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.1

4
devices/xmupc2/default.nix
View File

@@ -4,6 +4,7 @@ inputs:
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
@@ -40,7 +41,6 @@ inputs:
forwardCompat = false;
};
};
gui = { enable = true; preferred = false; autoStart = true; };
nix =
{
marches =
@@ -89,7 +89,7 @@ inputs:
docker = {};
};
bugs = [ "xmunet" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" ];
};
};
}

8
devices/xmupc2/secrets/default.yaml
View File

@@ -19,6 +19,8 @@ users:
wp: ENC[AES256_GCM,data:yjMDez28pJUo6riIHypQQgjGFbuLwy87eG4ek/+Li2w8b4Cm5JckRvs26o+S0blfICc8WqIqEJGakT2wVBE5O1jGfniKn3PhTA==,iv:dOA318XRd2EXxmTIlk6GhlAR/FBpbKkbPJJCXTwFCxM=,tag:9MkXNUuAoplAzE+4eJpr0w==,type:str]
#ENC[AES256_GCM,data:YGcTkNCeu3m7,iv:jYmVrfRFwQoX1XxeSzS23wRMAD/AnzYBXQjI76Ke2FE=,tag:WJfSmjdggzPojDcJ6GzP+A==,type:comment]
hjp: ENC[AES256_GCM,data:0R5SfBFKuLGurwINnTj31FOrwwfY9bqVS1rG/a0HqIYd+Ui8/2ffFBx0Et+tYIqcxXEJpGbvse43V0naNKmFKlLanfcy9YV/Hg==,iv:mpAUmcVHWWLoreEsG9ha09jxte8mQCLt/A7nm04iX9Y=,tag:bia9pjL0MAcs9vj1gKCVCQ==,type:str]
#ENC[AES256_GCM,data:Q3TFPjvcDmKh,iv:eZ1NXGQr9HogxWa46T26WL63nvqho2/KSji8Dgse76o=,tag:iSGPRMCMolp7LVFjJGPotg==,type:comment]
lly: ENC[AES256_GCM,data:tP/NtJcMUtZPvuAqoM6KhCMybhsTxKSq4WWW3SBzQ/O0FmUXhECQc5CQnI4J9PlalP7Ug+uUQzeBMnHN84pkKNIeHVJhqjU8Zw==,iv:7TPPuSfXypSRnnhuy8LJSXIB+KB+3vWV0G7AbCZpB6s=,tag:iSLgRxOHgUolByFyvwltNQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
sops:
@@ -45,8 +47,8 @@ sops:
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-30T06:31:36Z"
mac: ENC[AES256_GCM,data:UUzv3IewuF4rhbrL2haJ0495p1d4wXA7LHa5ogc5TSv+ZAYuN/HL3VCXQzzKQrzqD3LtgC3DrGgmMNGVyAIzqVFYYxVuAwb03ov+lOp3SHvLTCMqkETbcE525aAIVWNqBXp7RBn7tKC4AD4y7AQihSYhBXO8VF1PeccjaCnN7R8=,iv:G0s8qchlgcm5HVshTKnGyt8nk+D4QYyP7n+5R0TOb8A=,tag:DspvfLf1pBs+/ol8GzT7Xw==,type:str]
lastmodified: "2024-10-26T12:27:03Z"
mac: ENC[AES256_GCM,data:q1EihAxiS23XoKWt4ogBo34pP7J6i/yFglmmvFIdWKIgwaoXWFexKrdu1oRZBIxISW+3b/NzkuUm1anu3sGFGiirDpllg8wu8ezXJJODb8yTU0HJpZ/9vjBPm+ZBt5zFzGky7kmW+qOFfUsZkr8dCiJil/Z0HrXrY2d59ksxhto=,iv:7b6ePa4xXdjrj8O2JWAptsONz8gPApS3roYMuRyrztU=,tag:uzOcc8H2W6VvGDkrex5M6A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.1

698
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

17
flake.nix
View File

@@ -3,18 +3,15 @@
inputs =
{
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.11";
"nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
"nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
"nixpkgs-22.11".url = "github:NixOS/nixpkgs/nixos-22.11";
"nixpkgs-22.05".url = "github:NixOS/nixpkgs/nixos-22.05";
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
{
url = "github:Mic92/sops-nix";
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
};
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -28,7 +25,6 @@
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nixos-hardware.url = "github:CHN-beta/nixos-hardware";
envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-fast-build = { url = "github:/Mic92/nix-fast-build"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
chaotic =
{
@@ -38,8 +34,9 @@
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
catppuccin.url = "github:catppuccin/nix";
bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
poetry2nix = { url = "github:CHN-beta/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:CHN-beta/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
poetry2nix = { url = "github:nix-community/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -50,7 +47,6 @@
eigen = { url = "gitlab:libeigen/eigen"; flake = false; };
matplotplusplus = { url = "github:alandefreitas/matplotplusplus"; flake = false; };
nameof = { url = "github:Neargye/nameof"; flake = false; };
nodesoup = { url = "github:olvb/nodesoup"; flake = false; };
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
v-sim = { url = "gitlab:l_sim/v_sim"; flake = false; };
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
@@ -60,9 +56,6 @@
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
lmod = { url = "github:TACC/Lmod"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
kylin-virtual-keyboard = { url = "git+https://gitee.com/openkylin/kylin-virtual-keyboard.git"; flake = false; };
cjktty = { url = "github:CHN-beta/cjktty-patches"; flake = false; };
zxorm = { url = "github:CHN-beta/zxorm"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
@@ -72,7 +65,7 @@
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog.git"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog-public.git"; flake = false; };
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
};

6
flake/dev.nix
View File

@@ -38,4 +38,10 @@
packages = [ clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
mirism = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.mirism ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
}

4
flake/nixos.nix
View File

@@ -15,7 +15,7 @@ builtins.listToAttrs
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.system.networking.hostname = system;
nixos.model.hostname = system;
};
}
../modules
@@ -38,7 +38,7 @@ builtins.listToAttrs
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.system.cluster = { clusterName = "srv1"; nodeName = node; };
nixos.model.cluster = { clusterName = "srv1"; nodeName = node; };
};
}
../modules

4
flake/src.nix
View File

@@ -1,2 +1,4 @@
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
{}
{
git-lfs-transfer = "sha256-1cGlhLdnU6yTqzcB3J1cq3gawncbtdgkb3LFh2ZmXbM=";
}

27
modules/bugs/default.nix
View File

@@ -14,35 +14,8 @@ inputs:
# xmunet use old encryption
xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
(attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
suspend-hibernate-waydroid.systemd.services =
let
systemctl = "${inputs.pkgs.systemd}/bin/systemctl";
in
{
"waydroid-hibernate" =
{
description = "waydroid hibernate";
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
serviceConfig.Type = "oneshot";
script = "${systemctl} stop waydroid-container";
};
"waydroid-resume" =
{
description = "waydroid resume";
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
serviceConfig.Type = "oneshot";
script = "${systemctl} start waydroid-container";
};
};
backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
hibernate-mt7921e.powerManagement.resumeCommands =
let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in "${modprobe} -r -w 3000 mt7921e && ${modprobe} mt7921e";
# could not use bt keyboard
# https://github.com/bluez/bluez/issues/745
bluetooth.hardware.bluetooth.settings.General.JustWorksRepairing = "always";
};
in
{

6
modules/default.nix
View File

@@ -8,7 +8,6 @@ inputs:
[
topInputs.home-manager.nixosModules.home-manager
topInputs.sops-nix.nixosModules.sops
topInputs.aagl.nixosModules.default
topInputs.nix-index-database.nixosModules.nix-index
topInputs.nur-xddxdd.nixosModules.setupOverlay
topInputs.impermanence.nixosModules.impermanence
@@ -16,6 +15,7 @@ inputs:
topInputs.chaotic.nixosModules.default
{ config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
topInputs.catppuccin.nixosModules.catppuccin
topInputs.aagl.nixosModules.default
(inputs:
{
config =
@@ -23,9 +23,9 @@ inputs:
nixpkgs.overlays =
[
topInputs.qchem.overlays.default
topInputs.aagl.overlays.default
topInputs.bscpkgs.overlays.default
topInputs.poetry2nix.overlays.default
topInputs.aagl.overlays.default
(final: prev:
{
nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
@@ -42,6 +42,6 @@ inputs:
];
};
})
./hardware ./packages ./system ./virtualization ./services ./bugs ./user
./hardware ./packages ./system ./virtualization ./services ./bugs ./user ./model.nix
];
}

5
modules/hardware/default.nix
View File

@@ -4,18 +4,15 @@ inputs:
options.nixos.hardware =
let
inherit (inputs.lib) mkOption types;
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
in
{
bluetooth = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
joystick = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
printer = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
sound = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
};
config = let inherit (inputs.config.nixos) hardware; in inputs.lib.mkMerge
[
# bluetooth
(inputs.lib.mkIf (hardware.bluetooth != null) { hardware.bluetooth.enable = true; })
# joystick
(inputs.lib.mkIf (hardware.joystick != null) { hardware = { xone.enable = true; xpadneo.enable = true; }; })
# printer

4
modules/hardware/gpu.nix
View File

@@ -46,7 +46,9 @@ inputs:
extraPackages =
let packages = with inputs.pkgs;
{
intel = [ intel-vaapi-driver libvdpau-va-gl intel-media-driver ];
# TODO: import from nixos-hardware instead
intel =
[ (intel-vaapi-driver.override { enableHybridCodec = true; }) libvdpau-va-gl intel-media-driver ];
nvidia = [ vaapiVdpau ];
amd = [];
};

33
modules/model.nix Normal file
View File

@@ -0,0 +1,33 @@
inputs:
{
options.nixos.model = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
# not implemented yet
# private = mkOption { type = types.bool; };
cluster = mkOption
{
type = types.nullOr (types.submodule { options =
{
clusterName = mkOption { type = types.nonEmptyStr; };
nodeName = mkOption { type = types.nonEmptyStr; };
nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
};});
default = null;
};
};
config = let inherit (inputs.config.nixos) model; in inputs.lib.mkMerge
[
{ networking.hostName = model.hostname; }
(inputs.lib.mkIf (model.cluster != null)
{ nixos.model.hostname = "${model.cluster.clusterName}-${model.cluster.nodeName}"; })
# TODO: remove it
{
systemd.services = inputs.lib.mkIf (model.cluster.nodeType or null == "worker") (builtins.listToAttrs
(builtins.map
(user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; })
inputs.config.nixos.user.users));
}
];
}

2
modules/packages/chromium.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.chromium = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) chromium; in inputs.lib.mkIf (chromium != null)
{

102
modules/packages/default.nix
View File

@@ -30,105 +30,3 @@ inputs:
];
};
}
# programs.firejail =
# {
# enable = true;
# wrappedBinaries =
# {
# qq =
# {
# executable = "${inputs.pkgs.qq}/bin/qq";
# profile = "${inputs.pkgs.firejail}/etc/firejail/linuxqq.profile";
# };
# };
# };
# config.nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
# only replace stdenv for large and tested packages
# config.programs.ccache.packageNames = [ "webkitgtk" "libreoffice" "tensorflow" "linux" "chromium" ];
# config.nixpkgs.overlays = [(final: prev:
# {
# libreoffice-qt = prev.libreoffice-qt.override (prev: { unwrapped = prev.unwrapped.override
# (prev: { stdenv = final.ccacheStdenv.override { stdenv = prev.stdenv; }; }); });
# python3 = prev.python3.override { packageOverrides = python-final: python-prev:
# {
# tensorflow = python-prev.tensorflow.override
# { stdenv = final.ccacheStdenv.override { stdenv = python-prev.tensorflow.stdenv; }; };
# };};
# # webkitgtk = prev.webkitgtk.override (prev:
# # { stdenv = final.ccacheStdenv.override { stdenv = prev.stdenv; }; enableUnifiedBuilds = false; });
# wxGTK31 = prev.wxGTK31.override { stdenv = final.ccacheStdenv.override { stdenv = prev.wxGTK31.stdenv; }; };
# wxGTK32 = prev.wxGTK32.override { stdenv = final.ccacheStdenv.override { stdenv = prev.wxGTK32.stdenv; }; };
# # firefox-unwrapped = prev.firefox-unwrapped.override
# # { stdenv = final.ccacheStdenv.override { stdenv = prev.firefox-unwrapped.stdenv; }; };
# # chromium = prev.chromium.override
# # { stdenv = final.ccacheStdenv.override { stdenv = prev.chromium.stdenv; }; };
# # linuxPackages_xanmod_latest = prev.linuxPackages_xanmod_latest.override
# # {
# # kernel = prev.linuxPackages_xanmod_latest.kernel.override
# # {
# # stdenv = final.ccacheStdenv.override { stdenv = prev.linuxPackages_xanmod_latest.kernel.stdenv; };
# # buildPackages = prev.linuxPackages_xanmod_latest.kernel.buildPackages //
# # { stdenv = prev.linuxPackages_xanmod_latest.kernel.buildPackages.stdenv; };
# # };
# # };
# })];
# config.programs.ccache.packageNames = [ "libreoffice-unwrapped" ];
# cross-x86_64-pc-linux-musl/gcc
# dev-cpp/cpp-httplib ? how to use
# dev-cpp/cppcoro
# dev-cpp/date
# dev-cpp/nameof
# dev-cpp/scnlib
# dev-cpp/tgbot-cpp
# dev-libs/pocketfft
# dev-util/intel-hpckit
# dev-util/nvhpc
# kde-misc/wallpaper-engine-kde-plugin
# media-fonts/arphicfonts
# media-fonts/sarasa-gothic
# media-gfx/flameshot
# media-libs/libva-intel-driver
# media-libs/libva-intel-media-driver
# media-sound/netease-cloud-music
# net-vpn/frp
# net-wireless/bluez-tools
# sci-libs/mkl
# sci-libs/openblas
# sci-libs/pfft
# sci-libs/scalapack
# sci-libs/wannier90
# sci-mathematics/ginac
# sci-mathematics/mathematica
# sci-mathematics/octave
# sci-physics/lammps::touchfish-os
# sci-physics/vsim
# sci-visualization/scidavis
# sys-apps/flatpak
# sys-cluster/modules
# sys-devel/distcc
# sys-fs/btrfs-progs
# sys-fs/compsize
# sys-fs/dosfstools
# sys-fs/duperemove
# sys-fs/exfatprogs
# sys-fs/mdadm
# sys-fs/ntfs3g
# sys-kernel/dracut
# sys-kernel/linux-firmware
# sys-kernel/xanmod-sources
# sys-kernel/xanmod-sources:6.1.12
# sys-kernel/xanmod-sources::touchfish-os
# sys-libs/libbacktrace
# sys-libs/libselinux
# x11-apps/xinput
# x11-base/xorg-apps
# x11-base/xorg-fonts
# x11-base/xorg-server
# x11-misc/imwheel
# x11-misc/optimus-manager
# x11-misc/unclutter-xfixes
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );

45
modules/packages/desktop/default.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.desktop = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) desktop; in inputs.lib.mkIf (desktop != null)
{
@@ -16,7 +16,7 @@ inputs:
# system management
# TODO: module should add yubikey-touch-detector into path
gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror # inputs.pkgs."pkgs-23.11".etcher
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror
(
writeShellScriptBin "xclip"
''
@@ -33,41 +33,41 @@ inputs:
# networking
remmina putty mtr-gui
# media
mpv nomacs spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
waifu2x-converter-cpp inkscape blender whalebird paraview
mpv nomacs yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk qcm
waifu2x-converter-cpp inkscape blender paraview vlc whalebird spotify obs-studio
# themes
klassy localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
(catppuccin-kde.override { flavour = [ "latte" ]; }) (catppuccin-kvantum.override { variant = "latte"; })
klassy
localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
# terminal
warp-terminal
# development
adb-sync scrcpy weston cage openbox krita jetbrains.clion android-studio dbeaver-bin cling fprettify
aircrack-ng
adb-sync scrcpy dbeaver-bin cling aircrack-ng
weston cage openbox krita jetbrains.clion androidStudioPackages.stable.full fprettify
# desktop sharing
rustdesk-flutter
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden electrum
jabref
john crunch hashcat
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden hashcat
electrum jabref john crunch
# download
qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
# editor
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq
typora # appflowy notion-app-enhanced joplin-desktop standardnotes logseq
# news
fluent-reader rssguard newsflash newsboat
# nix tools
nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
nix-template nil pnpm-lock-export bundix
# instant messager
element-desktop telegram-desktop discord fluffychat zoom-us signal-desktop slack nur-linyinfeng.wemeet
nheko # qq nur-xddxdd.wechat-uos TODO: cinny-desktop
element-desktop telegram-desktop discord zoom-us slack nur-linyinfeng.wemeet nheko
fluffychat signal-desktop qq nur-xddxdd.wechat-uos cinny-desktop
# browser
google-chrome tor-browser microsoft-edge
# office
crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk pdfchain hdfview
davinci-resolve texliveFull
crow-translate zotero pandoc libreoffice-qt texliveFull poppler_utils pdftk pdfchain davinci-resolve
# TODO: enable in next release
# hdfview
ydict texstudio
# matplot++ needs old gnuplot
inputs.pkgs."pkgs-23.11".gnuplot
# math, physics and chemistry
@@ -75,7 +75,7 @@ inputs:
(mathematica.overrideAttrs (prev: { postInstall = (prev.postInstall or "") + "ln -s ${prev.src} $out/src"; }))
(quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14; }) jmol mpi localPackages.ufo
# virtualization
wineWowPackages.stagingFull virt-viewer bottles genymotion playonlinux
virt-viewer bottles wineWowPackages.stagingFull genymotion playonlinux
# media
nur-xddxdd.svp
# for kdenlive auto subtitle
@@ -85,7 +85,7 @@ inputs:
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
phonopy scipy scikit-learn jupyterlab autograd
# TODO: broken on python 3.12 tensorflow keras
# for phonopy
inputs.pkgs.localPackages.spectroscopy numpy
@@ -142,10 +142,13 @@ inputs:
};
nixpkgs.overlays = [(final: prev:
{
telegram-desktop = prev.telegram-desktop.overrideAttrs (attrs:
telegram-desktop = prev.telegram-desktop.override
{
patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./telegram.patch ];
});
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs (prev:
{
patches = prev.patches or [] ++ [ ./telegram.patch ];
});
};
})];
services.pcscd.enable = true;
};

16
modules/packages/desktop/telegram.patch
View File

@@ -1,12 +1,12 @@
diff --color -ur a/Telegram/SourceFiles/data/components/sponsored_messages.cpp b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
--- a/Telegram/SourceFiles/data/components/sponsored_messages.cpp 1970-01-01 08:00:01.000000000 +0800
+++ b/Telegram/SourceFiles/data/components/sponsored_messages.cpp 2024-05-21 20:41:12.849951324 +0800
@@ -193,7 +193,7 @@
diff --git a/Telegram/SourceFiles/data/components/sponsored_messages.cpp b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
index d2746ad9..f46b51fb 100644
--- a/Telegram/SourceFiles/data/components/sponsored_messages.cpp
+++ b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
@@ -195,6 +195,7 @@ void SponsoredMessages::inject(
}
bool SponsoredMessages::canHaveFor(not_null<History*> history) const {
- return history->peer->isChannel();
+ return false;
}
void SponsoredMessages::request(not_null<History*> history, Fn<void()> done) {
if (history->peer->isChannel()) {
return true;
} else if (const auto user = history->peer->asUser()) {

2
modules/packages/firefox.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.firefox = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) firefox; in inputs.lib.mkIf (firefox != null)
{

2
modules/packages/flatpak.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
{

21
modules/packages/helix.nix Normal file
View File

@@ -0,0 +1,21 @@
inputs:
{
options.nixos.packages.helix = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.packages) helix; in inputs.lib.mkIf (helix != null)
{
nixos =
{
user.sharedModules =
[{
config.programs.helix =
{
enable = true;
defaultEditor = true;
settings.theme = "catppuccin_latte";
};
}];
packages.packages._packages = [ inputs.pkgs.helix ];
};
};
}

13
modules/packages/lammps.nix
View File

@@ -3,22 +3,19 @@ inputs:
options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
{
nixos.packages.packages._packages =
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null;
in
if cuda then [((inputs.pkgs.lammps-mpi.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
if cuda then [((inputs.pkgs.lammps.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
.overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags ++ inputs.lib.optionals cuda
[
"-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD"
];
nativeBuildInputs = prev.nativeBuildInputs ++ inputs.lib.optionals cuda
[ inputs.pkgs.cudaPackages.cudatoolkit ];
cmakeFlags = prev.cmakeFlags ++ [ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.cudaPackages.cudatoolkit ];
buildInputs = prev.buildInputs ++ [ inputs.pkgs.mpi ];
}))]
else [ inputs.pkgs.lammps-mpi ];
};

2
modules/packages/mumax.nix
View File

@@ -4,7 +4,7 @@ inputs:
{
type = types.nullOr (types.submodule {});
default =
if inputs.config.nixos.system.gui.enable
if (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
&& (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
then {}
else null;

6
modules/packages/server.nix
View File

@@ -12,7 +12,7 @@ inputs:
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch
# lsxx
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc
# top
iotop iftop htop btop powertop s-tui
# editor
@@ -32,13 +32,13 @@ inputs:
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
# nix tools
nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {}) nix-inspect
nix-output-monitor nix-tree ssh-to-age nix-inspect
# development
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
# stupid things
toilet lolcat
# office
todo-txt-cli pdfgrep ffmpeg-full
pdfgrep ffmpeg-full # todo-txt-cli
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);

2
modules/packages/ssh.nix
View File

@@ -111,6 +111,8 @@ inputs:
(inputs.localLib.attrsToList servers));
programs.ssh =
{
# maybe better network performance
package = inputs.pkgs.openssh_hpn;
startAgent = true;
enableAskPassword = true;
askPassword = "${inputs.pkgs.systemd}/bin/systemd-ask-password";

4
modules/packages/steam.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.steam = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) steam; in inputs.lib.mkIf (steam != null)
{
@@ -12,7 +12,7 @@ inputs:
enable = true;
package = inputs.pkgs.steam.override (prev:
{
steam = prev.steam.overrideAttrs (prev:
steam-unwrapped = prev.steam-unwrapped.overrideAttrs (prev:
{
postInstall = prev.postInstall +
''

4
modules/packages/vasp.nix
View File

@@ -3,14 +3,14 @@ inputs:
options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
# TODO: add more options to correctly configure VASP
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
{
nixos.packages.packages._packages = with inputs.pkgs;
(
[ localPackages.vasp.intel localPackages.vasp.vtstscripts localPackages.py4vasp localPackages.vaspkit ]
[ localPackages.vasp.intel localPackages.vasp.vtstscripts localPackages.py4vasp localPackages.vaspkit wannier90 ]
++ (inputs.lib.optional
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
localPackages.vasp.nvidia)

2
modules/packages/vim.nix
View File

@@ -9,7 +9,7 @@ inputs:
config.programs.vim =
{
enable = true;
defaultEditor = true;
defaultEditor = false;
packageConfigurable = inputs.config.programs.vim.package;
settings =
{

2
modules/packages/vscode.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.vscode = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) vscode; in inputs.lib.mkIf (vscode != null)
{

2
modules/packages/winapps/default.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
{

51
modules/services/akkoma.nix
View File

@@ -1,51 +0,0 @@
inputs:
{
options.nixos.services.akkoma = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "akkoma.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) akkoma;
inherit (inputs.lib) mkIf;
in mkIf akkoma.enable
{
services.akkoma =
{
enable = true;
config.":pleroma" =
{
"Pleroma.Web.Endpoint".url.host = akkoma.hostname;
"Pleroma.Repo" =
{
adapter = (inputs.pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
hostname = "127.0.0.1";
username = "akkoma";
password._secret = inputs.config.sops.secrets."akkoma/db".path;
database = "akkoma";
};
":instance" =
{
name = "";
email = "grass@grass.squre";
description = "";
};
};
};
nixos.services =
{
nginx =
{
enable = true;
https."${akkoma.hostname}" =
{
global.tlsCert = "/var/lib/akkoma";
location."/".proxy = { upstream = "http://127.0.0.1:4000"; websocket = true; };
};
};
postgresql.instances.akkoma = {};
};
sops.secrets."akkoma/db" = { owner = "akkoma"; key = "postgresql/akkoma"; };
};
}

14
modules/services/ananicy.nix Normal file
View File

@@ -0,0 +1,14 @@
inputs:
{
options.nixos.services.ananicy = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) ananicy; in inputs.lib.mkIf (ananicy != null)
{
services.ananicy =
{
enable = true;
package = inputs.pkgs.ananicy-cpp;
rulesProvider = inputs.pkgs.ananicy-rules-cachyos;
};
};
}

44
modules/services/chatgpt.nix
View File

@@ -1,44 +0,0 @@
inputs:
{
options.nixos.services.chatgpt = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.str; default = "chat.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) chatgpt; in inputs.lib.mkIf (chatgpt != null)
{
virtualisation.oci-containers.containers.chatgpt =
{
image = "yidadaa/chatgpt-next-web:v2.11.3";
imageFile = inputs.pkgs.dockerTools.pullImage
{
imageName = "yidadaa/chatgpt-next-web";
imageDigest = "sha256:622462a7958f82e128a0e1ebd07b96e837f3d457b912fb246b550fb730b538a7";
sha256 = "00qwh1kjdchf1nhaz18s2yly2xhvpaa83ym5x4wy3z0y3vc1zwxx";
finalImageName = "yidadaa/chatgpt-next-web";
finalImageTag = "v2.11.3";
};
ports = [ "127.0.0.1:6184:3000/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."chatgpt/env".path ];
};
sops =
{
templates."chatgpt/env".content =
''
OPENAI_API_KEY=${inputs.config.sops.placeholder."chatgpt/key"}
BASE_URL=https://oa.api2d.net
'';
secrets."chatgpt/key" = {};
};
nixos.services.nginx =
{
enable = true;
https."${chatgpt.hostname}".location."/".proxy =
{ upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; };
};
};
}

58
modules/services/default.nix
View File

@@ -4,8 +4,7 @@ inputs:
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
smartd.enable = mkOption { type = types.bool; default = false; };
wallabag.enable = mkOption { type = types.bool; default = false; };
noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.model.type == "desktop"; };
};
config =
let
@@ -16,61 +15,6 @@ inputs:
in mkMerge
[
(mkIf services.smartd.enable { services.smartd.enable = true; })
(
mkIf services.wallabag.enable
{
virtualisation.oci-containers.containers.wallabag =
{
image = "wallabag/wallabag:2.6.2";
imageFile = inputs.pkgs.dockerTools.pullImage
{
imageName = "wallabag/wallabag";
imageDigest = "sha256:241e5c71f674ee3f383f428e8a10525cbd226d04af58a40ce9363ed47e0f1de9";
sha256 = "0zflrhgg502w3np7kqmxij8v44y491ar2qbk7qw981fysia5ix09";
finalImageName = "wallabag/wallabag";
finalImageTag = "2.6.2";
};
ports = [ "127.0.0.1:4398:80/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."wallabag/env".path ];
};
sops =
{
templates."wallabag/env".content =
let
placeholder = inputs.config.sops.placeholder;
in
''
SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
SYMFONY__ENV__DATABASE_HOST=host.docker.internal
SYMFONY__ENV__DATABASE_PORT=5432
SYMFONY__ENV__DATABASE_NAME=wallabag
SYMFONY__ENV__DATABASE_USER=wallabag
SYMFONY__ENV__DATABASE_PASSWORD=${placeholder."postgresql/wallabag"}
SYMFONY__ENV__REDIS_HOST=host.docker.internal
SYMFONY__ENV__REDIS_PORT=8790
SYMFONY__ENV__REDIS_PASSWORD=${placeholder."redis/wallabag"}
SYMFONY__ENV__SERVER_NAME=wallabag.chn.moe
SYMFONY__ENV__DOMAIN_NAME=https://wallabag.chn.moe
SYMFONY__ENV__TWOFACTOR_AUTH=false
'';
# SYMFONY__ENV__MAILER_DSN=smtp://bot%%40chn.moe@${placeholder."mail/bot-encoded"}:mail.chn.moe
# SYMFONY__ENV__FROM_EMAIL=bot@chn.moe
# SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
secrets."mail/bot-encoded" = {};
};
nixos.services =
{
nginx =
{
enable = true;
https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
};
postgresql.instances.wallabag = {};
redis.instances.wallabag = { user = "root"; port = 8790; };
};
}
)
(mkIf services.noisetorch.enable { programs.noisetorch.enable = true; })
];
}

22
modules/services/gitea.nix
View File

@@ -48,7 +48,27 @@ inputs:
};
nixos.services =
{
nginx = { enable = true; https."${gitea.hostname}".location."/".proxy.upstream = "http://127.0.0.1:3002"; };
nginx =
{
enable = true;
https."${gitea.hostname}".location =
{
"/".proxy.upstream = "http://127.0.0.1:3002";
"/robots.txt".static.root =
let
robotsFile = inputs.pkgs.fetchurl
{
url = "https://gitea.com/robots.txt";
sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
};
robotsDir = inputs.pkgs.runCommand "robots.txt" {}
''
mkdir -p $out
cp ${robotsFile} $out/robots.txt
'';
in "${robotsDir}";
};
};
postgresql.instances.gitea = {};
};
sops.secrets =

21
modules/services/keyd.nix Normal file
View File

@@ -0,0 +1,21 @@
inputs:
{
options.nixos.services.keyd = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) keyd; in inputs.lib.mkIf (keyd != null)
{
services.keyd =
{
enable = true;
keyboards.default =
{
ids = [ "*" ];
settings =
{
main.rightcontrol = "overload(r_ctrl, rightcontrol)";
"r_ctrl:C" = { left = "home"; right = "end"; up = "pageup"; down = "pagedown"; };
};
};
};
};
}

19
modules/services/kmscon.nix
View File

@@ -1,19 +0,0 @@
inputs:
{
options.nixos.services.kmscon = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) kmscon;
in mkIf kmscon.enable
{
services.kmscon =
{
enable = true;
fonts = [{ name = "FiraCode Nerd Font Mono"; package = inputs.pkgs.nerdfonts; }];
};
};
}

8
modules/services/mariadb.nix
View File

@@ -49,11 +49,7 @@ inputs:
sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList mariadb.instances)));
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.nodatacow}".directories = let user = "mysql"; in
[{ directory = "/var/lib/mysql"; inherit user; group = user; mode = "0750"; }];
};
environment.persistence."/nix/nodatacow".directories =
[{ directory = "/var/lib/mysql"; user = "mysql"; group = "mysql"; mode = "0750"; }];
};
}

83
modules/services/mastodon.nix
View File

@@ -1,83 +0,0 @@
inputs:
{
options.nixos.services.mastodon = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "dudu.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) mastodon;
inherit (inputs.lib) mkIf;
inherit (builtins) toString;
in mkIf mastodon.enable
{
services.mastodon =
{
enable = true;
streamingProcesses = 1;
enableUnixSocket = false;
localDomain = mastodon.hostname;
database =
{
createLocally = false;
host = "127.0.0.1";
passwordFile = inputs.config.sops.secrets."mastodon/postgresql".path;
};
redis.createLocally = false;
smtp =
{
createLocally = false;
user = "bot@chn.moe";
port = 465;
passwordFile = inputs.config.sops.secrets."mastodon/mail".path;
host = "mail.chn.moe";
fromAddress = "bot@chn.moe";
authenticate = true;
};
extraEnvFiles = [ inputs.config.sops.templates."mastodon/env".path ];
};
nixos.services =
{
postgresql.instances.mastodon = {};
redis.instances.mastodon.port = inputs.config.services.mastodon.redis.port;
nginx =
{
enable = true;
https."${mastodon.hostname}".location =
{
"/system/".alias.path = "/var/lib/mastodon/public-system/";
"/".static =
{ root = "${inputs.config.services.mastodon.package}/public"; tryFiles = [ "$uri" "@proxy" ]; };
"@proxy".proxy =
{ upstream = "http://127.0.0.1:${toString inputs.config.services.mastodon.webPort}"; websocket = true; };
"/api/v1/streaming/".proxy =
{
upstream = "http://unix:/run/mastodon-streaming/streaming-1.socket";
websocket = true;
};
};
};
};
sops =
{
secrets =
{
"mastodon/mail" = { owner = "mastodon"; key = "mail/bot"; };
"mastodon/postgresql" = { owner = "mastodon"; key = "postgresql/mastodon"; };
};
templates."mastodon/env" =
{
owner = "mastodon";
content =
''
REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/mastodon"}
SMTP_SSL=true
SMTP_AUTH_METHOD=plain
'';
};
};
environment.systemPackages = [ inputs.config.services.mastodon.package ];
# sudo -u mastodon mastodon-tootctl accounts modify chn --role Owner
};
}

113
modules/services/meilisearch.nix
View File

@@ -1,113 +0,0 @@
inputs:
{
options.nixos.services.meilisearch = let inherit (inputs.lib) mkOption types; in
{
instances = mkOption
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
port = mkOption { type = types.ints.unsigned; };
};}));
default = {};
};
ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
config = let inherit (inputs.config.nixos.services) meilisearch; in
{
systemd =
{
services = builtins.listToAttrs (builtins.map
(instance:
{
name = "meilisearch-${instance.name}";
value =
{
description = "meiliSearch ${instance.name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
# environment.RUST_BACKTRACE = "full";
serviceConfig =
{
User = instance.value.user;
Group = inputs.config.users.users.${instance.value.user}.group;
ExecStart =
let
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
{
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
++ (
let inherit (inputs.config.nixos.system.nixpkgs) march;
in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
);
});
config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
in
"${meilisearch}/bin/meilisearch --config-file-path ${config}";
Restart = "always";
StartLimitBurst = 3;
LimitNOFILE = "infinity";
LimitNPROC = "infinity";
LimitCORE = "infinity";
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
Slice = "-.slice";
}
// (if meilisearch.ioLimitDevice != null then
{
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
# iostat -dx 1
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
} else {});
};
})
(inputs.localLib.attrsToList meilisearch.instances));
tmpfiles.rules = builtins.concatLists (builtins.map
(instance:
let
user = instance.value.user;
group = inputs.config.users.users.${instance.value.user}.group;
dir = "/var/lib/meilisearch/${instance.name}";
in
[ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
(inputs.localLib.attrsToList meilisearch.instances));
};
sops =
{
templates = builtins.listToAttrs (builtins.map
(instance:
{
name = "meilisearch-${instance.name}.toml";
value =
{
content =
''
db_path = "/var/lib/meilisearch/${instance.name}"
http_addr = "0.0.0.0:${builtins.toString instance.value.port}"
master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
env = "production"
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
log_level = "INFO"
max_indexing_memory = "16Gb"
max_indexing_threads = 1
'';
owner = instance.value.user;
};
})
(inputs.localLib.attrsToList meilisearch.instances));
secrets = builtins.listToAttrs (builtins.map
(instance: { name = "meilisearch/${instance.name}"; value = {}; })
(inputs.localLib.attrsToList meilisearch.instances));
};
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence;
in inputs.lib.mkIf (impermanence.enable && meilisearch.instances != {})
{ "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; };
};
}

2
modules/services/mirism.nix
View File

@@ -31,7 +31,7 @@ inputs:
{
User = inputs.config.users.users.mirism.name;
Group = inputs.config.users.users.mirism.group;
ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";
ExecStart = "${inputs.pkgs.localPackages.mirism-old}/bin/${instance}";
RuntimeMaxSec = "1d";
Restart = "always";
};

35
modules/services/misskey.nix
View File

@@ -8,11 +8,6 @@ inputs:
port = mkOption { type = types.ints.unsigned; default = 9726; };
redis.port = mkOption { type = types.ints.unsigned; default = 3545; };
hostname = mkOption { type = types.nonEmptyStr; default = "misskey.chn.moe"; };
meilisearch =
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 7700; };
};
};});
default = {};
};
@@ -31,9 +26,7 @@ inputs:
{
enable = instance.value.autoStart;
description = "misskey ${instance.name}";
after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
++ (if instance.value.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ]
else []);
after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ];
requires = after;
wantedBy = [ "multi-user.target" ];
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
@@ -77,7 +70,6 @@ inputs:
let
placeholder = inputs.config.sops.placeholder;
redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
in
''
url: https://${instance.value.hostname}/
@@ -105,17 +97,7 @@ inputs:
proxyRemoteFiles: true
signToActivityPubGet: true
maxFileSize: 1073741824
''
+ (if instance.value.meilisearch.enable then
''
meilisearch:
host: 127.0.0.1
port: ${toString meilisearch.port}
apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
ssl: false
index: misskey
scope: global
'' else "");
'';
owner = inputs.config.users.users."misskey-${instance.name}".name;
};
})
@@ -142,19 +124,6 @@ inputs:
postgresql.instances = listToAttrs (map
(instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
(attrsToList misskey.instances));
meilisearch.instances =
let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances);
in listToAttrs (map
(instance:
{
name = "misskey-${instance.name}";
value =
{
user = inputs.config.users.users."misskey-${instance.name}".name;
port = instance.value.meilisearch.port;
};
})
instances);
nginx =
{
enable = mkIf (misskey.instances != {}) true;

18
modules/services/nginx/applications/kkmeeting.nix
View File

@@ -1,18 +0,0 @@
inputs:
{
options.nixos.services.nginx.applications.kkmeeting = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "kkmeeting.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications) kkmeeting;
inherit (inputs.lib) mkIf;
in mkIf kkmeeting.enable
{
nixos.services.nginx.https.${kkmeeting.hostname}.location."/".static =
{ root = "/srv/kkmeeting"; index = "auto"; charset = "utf-8"; };
systemd.tmpfiles.rules = [ "d /srv/kkmeeting 0700 nginx nginx" "Z /srv/kkmeeting - nginx nginx" ];
};
}

2
modules/services/nginx/default.nix
View File

@@ -336,7 +336,7 @@ inputs:
let
ipset = "${inputs.pkgs.ipset}/bin/ipset";
iptables = "${inputs.pkgs.iptables}/bin/iptables";
ip = "${inputs.pkgs.iproute}/bin/ip";
ip = "${inputs.pkgs.iproute2}/bin/ip";
start = inputs.pkgs.writeShellScript "nginx-proxy.start"
(
''

15
modules/services/nixseperatedebuginfo.nix
View File

@@ -3,17 +3,18 @@ inputs:
options.nixos.services.nixseparatedebuginfo = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config =
let inherit (inputs.config.nixos.services) nixseparatedebuginfo; in inputs.lib.mkIf (nixseparatedebuginfo != {})
{
services.nixseparatedebuginfod.enable = true;
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.nodatacow}".directories = let user = "nixseparatedebuginfod"; in
[{ directory = "/var/cache/nixseparatedebuginfod"; inherit user; group = user; mode = "0755"; }];
};
environment.persistence."/nix/nodatacow".directories =
[{
directory = "/var/cache/nixseparatedebuginfod";
user = "nixseparatedebuginfod";
group = "nixseparatedebuginfod";
mode = "0755";
}];
};
}

8
modules/services/postgresql.nix
View File

@@ -86,11 +86,7 @@ inputs:
sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList postgresql.instances)));
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.nodatacow}".directories = let user = "postgres"; in
[{ directory = "/var/lib/postgresql"; inherit user; group = user; mode = "0750"; }];
};
environment.persistence."/nix/nodatacow".directories =
[{ directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }];
};
}

16
modules/services/samba.nix
View File

@@ -33,18 +33,7 @@ inputs:
enable = true;
# TCP 139 445 UDP 137 138
openFirewall = !samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
settings = listToAttrs (map
(share:
{
name = share.name;
@@ -60,7 +49,8 @@ inputs:
"force directory mode" = "2755";
};
})
(attrsToList samba.shares));
(attrsToList samba.shares))
// { global."hosts allow" = "${samba.hostsAllowed}"; };
};
};
nixos.services.xray.client.v2ray-forwarder =

8
modules/services/slurm.nix
View File

@@ -4,7 +4,7 @@ inputs:
{
enable = mkOption { type = types.bool; default = false; };
# 本机是否为控制节点,如果不是,填写控制节点的主机名
master = mkOption { type = types.nonEmptyStr; default = inputs.config.nixos.system.networking.hostname; };
master = mkOption { type = types.nonEmptyStr; default = inputs.config.nixos.model.hostname; };
node = mkOption { type = types.attrsOf (types.submodule (submoduleInputs: { options =
{
# slurm 中使用的节点名称
@@ -127,7 +127,7 @@ inputs:
TaskPlugin=task/affinity,task/cgroup
'';
extraConfigPaths =
let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
let gpus = slurm.node.${inputs.config.nixos.model.hostname}.gpus or null;
in inputs.lib.mkIf (gpus != null)
(
let gpuString = builtins.concatStringsSep "\n" (builtins.map
@@ -141,7 +141,7 @@ inputs:
systemd =
{
services.slurmd.environment =
let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
let gpus = slurm.node.${inputs.config.nixos.model.hostname}.gpus or null;
in inputs.lib.mkIf (gpus != null)
{
CUDA_PATH = "${inputs.pkgs.cudatoolkit}";
@@ -159,7 +159,7 @@ inputs:
in { allowedTCPPorts = config; allowedUDPPorts = config; };
}
# master 配置
(inputs.lib.mkIf (slurm.master == inputs.config.nixos.system.networking.hostname)
(inputs.lib.mkIf (slurm.master == inputs.config.nixos.model.hostname)
{
services.slurm =
{

368
modules/services/synapse.nix
View File

@@ -8,18 +8,12 @@ inputs:
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8008; };
redisPort = mkOption { type = types.ints.unsigned; default = 6379; };
slidingSyncPort = mkOption { type = types.ints.unsigned; default = 9000; };
hostname = mkOption
{
type = types.nonEmptyStr;
default = "${submoduleInputs.config._module.args.name}.chn.moe";
};
matrixHostname = mkOption { type = types.nonEmptyStr; default = "chn.moe"; };
slidingSyncHostname = mkOption
{
type = types.nonEmptyStr;
default = "syncv3.${submoduleInputs.config.hostname}";
};
# , synapse_homeserver --config-path homeserver.yaml --generate-config --report-stats=yes --server-name xxx
};}));
default = {};
@@ -50,263 +44,203 @@ inputs:
systemd = mkMerge (map
(instance: let workdir = "/var/lib/synapse/${instance.name}"; in
{
services =
{
"synapse-${instance.name}" =
let
package = inputs.pkgs.matrix-synapse.override
{ extras = [ "url-preview" "postgres" "redis" ]; plugins = []; };
config = inputs.config.sops.templates."synapse/${instance.name}/config.yaml".path;
homeserver = "${package}/bin/synapse_homeserver";
in
{
description = "synapse-${instance.name}";
enable = instance.value.autoStart;
after = [ "network-online.target" "postgresql.service" ];
requires = [ "network-online.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
ExecStart = "${homeserver} --config-path ${config} --keys-directory ${workdir}";
Type = "notify";
User = "synapse-${instance.name}";
Group = "synapse-${instance.name}";
WorkingDirectory = workdir;
ExecReload = "${inputs.pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
UMask = "0077";
CapabilityBoundingSet = [ "" ];
# hardening
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [ workdir ];
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
};
};
"synapse-sliding-sync-${instance.name}" =
services."synapse-${instance.name}" =
let
package = inputs.pkgs.matrix-synapse.override
{ extras = [ "url-preview" "postgres" "redis" ]; plugins = []; };
config = inputs.config.sops.templates."synapse/${instance.name}/config.yaml".path;
homeserver = "${package}/bin/synapse_homeserver";
in
{
after = [ "synapse-${instance.name}.service" ];
wants = [ "synapse-${instance.name}.service" ];
description = "synapse-${instance.name}";
enable = instance.value.autoStart;
after = [ "network-online.target" "postgresql.service" ];
requires = [ "network-online.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
ExecStart = "${homeserver} --config-path ${config} --keys-directory ${workdir}";
Type = "notify";
User = "synapse-${instance.name}";
Group = "synapse-${instance.name}";
EnvironmentFile = inputs.config.sops.templates."synapse/${instance.name}-sliding-sync/env".path;
ExecStart = inputs.lib.getExe inputs.pkgs.matrix-sliding-sync;
WorkingDirectory = workdir + "-sliding-sync";
WorkingDirectory = workdir;
ExecReload = "${inputs.pkgs.util-linux}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
RestartSec = "1s";
UMask = "0077";
CapabilityBoundingSet = [ "" ];
# hardening
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [ workdir ];
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
};
};
};
tmpfiles.rules =
[
"d /var/lib/synapse 0755 root root"
"d ${workdir} 0700 synapse-${instance.name} synapse-${instance.name}"
"Z ${workdir} - synapse-${instance.name} synapse-${instance.name}"
"d ${workdir}-sliding-sync 0700 synapse-${instance.name} synapse-${instance.name}"
"Z ${workdir}-sliding-sync - synapse-${instance.name} synapse-${instance.name}"
];
})
(attrsToList synapse.instances));
sops = mkMerge (map
(instance:
{
templates =
templates."synapse/${instance.name}/config.yaml" =
{
"synapse/${instance.name}/config.yaml" =
{
owner = "synapse-${instance.name}";
group = "synapse-${instance.name}";
content =
let
inherit (inputs.config.sops) placeholder;
in builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "${instance.name}.yaml"
owner = "synapse-${instance.name}";
group = "synapse-${instance.name}";
content =
let
inherit (inputs.config.sops) placeholder;
in builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "${instance.name}.yaml"
{
server_name = instance.value.matrixHostname;
public_baseurl = "https://${instance.value.hostname}/";
listeners =
[{
bind_addresses = [ "127.0.0.1" ];
inherit (instance.value) port;
resources = [{ names = [ "client" "federation" ]; compress = false; }];
tls = false;
type = "http";
x_forwarded = true;
}];
database =
{
server_name = instance.value.matrixHostname;
public_baseurl = "https://${instance.value.hostname}/";
listeners =
[{
bind_addresses = [ "127.0.0.1" ];
inherit (instance.value) port;
resources = [{ names = [ "client" "federation" ]; compress = false; }];
tls = false;
type = "http";
x_forwarded = true;
}];
database =
name = "psycopg2";
args =
{
name = "psycopg2";
args =
{
user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
password = placeholder."postgresql/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
database = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
host = "127.0.0.1";
port = "5432";
};
allow_unsafe_locale = true;
user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
password = placeholder."postgresql/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
database = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
host = "127.0.0.1";
port = "5432";
};
redis =
{
enabled = true;
port = instance.value.redisPort;
password = placeholder."redis/synapse-${instance.name}";
};
turn_shared_secret = placeholder."synapse/${instance.name}/coturn";
registration_shared_secret = placeholder."synapse/${instance.name}/registration";
macaroon_secret_key = placeholder."synapse/${instance.name}/macaroon";
form_secret = placeholder."synapse/${instance.name}/form";
signing_key_path = inputs.config.sops.secrets."synapse/${instance.name}/signing-key".path;
email =
{
smtp_host = "mail.chn.moe";
smtp_port = 25;
smtp_user = "bot@chn.moe";
smtp_pass = placeholder."mail/bot";
require_transport_security = true;
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
app_name = "Haonan Chen's synapse";
};
admin_contact = "mailto:chn@chn.moe";
enable_registration = true;
registrations_require_3pid = [ "email" ];
registration_requires_token = true;
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
max_upload_size = "1024M";
web_client_location = "https://element.chn.moe/";
extra_well_known_client_content."org.matrix.msc3575.proxy".url =
"https://${instance.value.slidingSyncHostname}";
report_stats = true;
trusted_key_servers =
[{
server_name = "matrix.org";
verify_keys."ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}];
suppress_key_server_warning = true;
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
{
version = 1;
formatters.precise.format =
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
root = { level = "INFO"; handlers = [ "console" ]; };
disable_existing_loggers = true;
};
pid_file = "/run/synapse-${instance.name}.pid";
media_store_path = "/var/lib/synapse/${instance.name}/media_store";
presence.enabled = true;
url_preview_enabled = true;
url_preview_ip_range_blacklist =
[
"10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.0.0.0/24"
"192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24" "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32"
"203.0.113.0/24" "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8"
];
max_image_pixels = "32M";
dynamic_thumbnails = false;
});
};
"synapse/${instance.name}-sliding-sync/env" =
{
owner = "synapse-${instance.name}";
group = "synapse-${instance.name}";
content =
let
inherit (inputs.config.sops) placeholder;
pgString = "postgresql://"
+ "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}"
+ ":${placeholder."postgresql/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}"}"
+ "@127.0.0.1:5432"
+ "/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}_sliding_sync"
+ "?sslmode=disable";
in
''
SYNCV3_SERVER=https://${instance.value.hostname}
SYNCV3_DB=${pgString}
SYNCV3_SECRET=${placeholder."synapse/${instance.name}/sliding-sync"}
SYNCV3_BINDADDR=127.0.0.1:${toString instance.value.slidingSyncPort}
'';
};
allow_unsafe_locale = true;
};
redis =
{
enabled = true;
port = instance.value.redisPort;
password = placeholder."redis/synapse-${instance.name}";
};
turn_shared_secret = placeholder."synapse/${instance.name}/coturn";
registration_shared_secret = placeholder."synapse/${instance.name}/registration";
macaroon_secret_key = placeholder."synapse/${instance.name}/macaroon";
form_secret = placeholder."synapse/${instance.name}/form";
signing_key_path = inputs.config.sops.secrets."synapse/${instance.name}/signing-key".path;
email =
{
smtp_host = "mail.chn.moe";
smtp_port = 25;
smtp_user = "bot@chn.moe";
smtp_pass = placeholder."mail/bot";
require_transport_security = true;
notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
app_name = "Haonan Chen's synapse";
};
admin_contact = "mailto:chn@chn.moe";
enable_registration = true;
registrations_require_3pid = [ "email" ];
registration_requires_token = true;
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
max_upload_size = "1024M";
web_client_location = "https://element.chn.moe/";
report_stats = true;
trusted_key_servers =
[{
server_name = "matrix.org";
verify_keys."ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}];
suppress_key_server_warning = true;
log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
{
version = 1;
formatters.precise.format =
"%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
root = { level = "INFO"; handlers = [ "console" ]; };
disable_existing_loggers = true;
};
pid_file = "/run/synapse-${instance.name}.pid";
media_store_path = "/var/lib/synapse/${instance.name}/media_store";
presence.enabled = true;
url_preview_enabled = true;
url_preview_ip_range_blacklist =
[
"10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.0.0.0/24"
"192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24" "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32"
"203.0.113.0/24" "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8"
];
max_image_pixels = "32M";
dynamic_thumbnails = false;
});
};
secrets = (listToAttrs (map
(secret: { name = "synapse/${instance.name}/${secret}"; value = {}; })
[ "coturn" "registration" "macaroon" "form" "sliding-sync" ]))
[ "coturn" "registration" "macaroon" "form" ]))
// { "synapse/${instance.name}/signing-key".owner = "synapse-${instance.name}"; }
// { "mail/bot" = {}; };
})
(attrsToList synapse.instances));
nixos.services =
{
postgresql.instances = listToAttrs (concatLists (map
postgresql.instances = listToAttrs (map
(instance:
[
{
name = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
value.initializeFlags = { TEMPLATE = "template0"; LC_CTYPE = "C"; LC_COLLATE = "C"; };
}
{
name = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}_sliding_sync";
value.user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
}
])
(attrsToList synapse.instances)));
{
name = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
value.initializeFlags = { TEMPLATE = "template0"; LC_CTYPE = "C"; LC_COLLATE = "C"; };
})
(attrsToList synapse.instances));
redis.instances = listToAttrs (map
(instance: { name = "synapse-${instance.name}"; value.port = instance.value.redisPort; })
(attrsToList synapse.instances));
nginx =
{
enable = mkIf (synapse.instances != {}) true;
https = listToAttrs (concatLists (map
https = listToAttrs (map
(instance: with instance.value;
[
{
name = hostname;
value.location =
{
name = hostname;
value.location =
"/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
"/.well-known/matrix/server".static =
{
"/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
"/.well-known/matrix/server".static =
root = builtins.toString (inputs.pkgs.writeTextFile
{
root = builtins.toString (inputs.pkgs.writeTextFile
name = "server";
text = builtins.toJSON
{
name = "server";
text = builtins.toJSON
{
"m.server" = "${hostname}:443";
};
destination = "/.well-known/matrix/server";
});
};
"m.server" = "${hostname}:443";
};
destination = "/.well-known/matrix/server";
});
};
}
{
name = slidingSyncHostname;
value.location."/".proxy =
{ upstream = "http://127.0.0.1:${toString slidingSyncPort}"; websocket = true; };
}
])
(attrsToList synapse.instances)));
};
})
(attrsToList synapse.instances));
};
};
};

48
modules/services/vikunja.nix
View File

@@ -1,48 +0,0 @@
inputs:
{
options.nixos.services.vikunja = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 3456; };
hostname = mkOption { type = types.nonEmptyStr; default = "vikunja.chn.moe"; };
};
config = let inherit (inputs.config.nixos.services) vikunja; in inputs.lib.mkIf vikunja.enable
{
services.vikunja =
{
enable = true;
environmentFiles = [ inputs.config.sops.templates."vikunja.env".path ];
settings =
{
service.timezone = "Asia/Shanghai";
mailer = { enable = true; host = "mail.chn.moe"; username = "bot@chn.moe"; fromemail = "bot@chn.moe"; };
defaultsettings.discoverable_by_email = true;
};
inherit (vikunja) port;
frontendScheme = "https";
frontendHostname = vikunja.hostname;
database.type = "postgres";
};
sops =
{
templates."vikunja.env".content = let placeholder = inputs.config.sops.placeholder; in
''
VIKUNJA_SERVICE_JWTSECRET=${placeholder."vikunja/jwtsecret"}
VIKUNJA_DATABASE_PASSWORD=${placeholder."postgresql/vikunja"}
VIKUNJA_MAILER_PASSWORD=${placeholder."mail/bot"}
'';
secrets = { "vikunja/jwtsecret" = {}; "mail/bot" = {}; };
};
systemd.services.vikunja-api.enable = vikunja.autoStart;
nixos.services =
{
postgresql.instances.vikunja = {};
nginx =
{
enable = true;
https.${vikunja.hostname}.location."/".proxy.upstream = "http://127.0.0.1:${builtins.toString vikunja.port}";
};
};
};
}

38
modules/services/writefreely.nix
View File

@@ -1,38 +0,0 @@
inputs:
{
options.nixos.services.writefreely = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "write.chn.moe"; };
};}));
default = null;
};
config = let inherit (inputs.config.nixos.services) writefreely; in inputs.lib.mkIf (writefreely != null)
{
services.writefreely =
{
enable = true;
settings = { server.port = 7264; app = { host = "https://${writefreely.hostname}"; federation = true; }; };
host = writefreely.hostname;
database = { type = "mysql"; passwordFile = inputs.config.sops.secrets."writefreely/mariadb".path; };
admin = { name = "chn"; initialPasswordFile = inputs.config.sops.secrets."writefreely/chn".path; };
};
systemd.services = { writefreely.after = [ "mysql.service" ]; writefreely-mysql-init.after = [ "mysql.service" ]; };
sops.secrets =
{
"writefreely/chn".owner = "writefreely";
"writefreely/mariadb" = { owner = "writefreely"; key = "mariadb/writefreely"; };
};
nixos.services =
{
mariadb.instances.writefreely = {};
nginx =
{
enable = true;
https.${writefreely.hostname}.location."/".proxy.upstream =
"http://127.0.0.1:${builtins.toString inputs.config.services.writefreely.settings.server.port}";
};
};
};
}

8
modules/services/xray/default.nix → modules/services/xray.nix
View File

@@ -56,8 +56,6 @@ inputs:
{
enable = true;
settingsFile = inputs.config.sops.templates."xray-client.json".path;
package = inputs.pkgs.xray.overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./disable-splice.patch ];});
};
dnsmasq =
{
@@ -235,7 +233,7 @@ inputs:
let
ipset = "${inputs.pkgs.ipset}/bin/ipset";
iptables = "${inputs.pkgs.iptables}/bin/iptables";
ip = "${inputs.pkgs.iproute}/bin/ip";
ip = "${inputs.pkgs.iproute2}/bin/ip";
autoPort = "10880";
xmuPort = "10881";
proxyPort = "10883";
@@ -347,8 +345,6 @@ inputs:
{
enable = true;
settingsFile = inputs.config.sops.templates."xray-server.json".path;
package = inputs.pkgs.xray.overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./disable-splice.patch ];});
};
sops =
{
@@ -497,7 +493,7 @@ inputs:
chat = inputs.config.sops.secrets."telegram/chat".path;
in
''
message='${inputs.config.nixos.system.networking.hostname} xray:\n'
message='${inputs.config.nixos.model.hostname} xray:\n'
for i in {0..${toString ((builtins.length userList) - 1)}}
do
upload_bytes=$(${xray} api stats --server=127.0.0.1:6149 \

14
modules/services/xray/disable-splice.patch
View File

@@ -1,14 +0,0 @@
diff --git a/proxy/proxy.go b/proxy/proxy.go
index db92051..54d36b4 100644
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -504,7 +504,8 @@ func CopyRawConnIfExist(ctx context.Context, readerConn net.Conn, writerConn net
splice = false
}
}
- if splice {
+ _ = splice
+ if false {
newError("CopyRawConn splice").WriteToLog(session.ExportIDToError(ctx))
statWriter, _ := writer.(*dispatcher.SizeStatWriter)
//runtime.Gosched() // necessary

4
modules/system/binfmt.nix
View File

@@ -1,8 +1,6 @@
inputs:
{
options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.system) binfmt; in inputs.lib.mkIf (binfmt != null)
config =
{
programs.java = { enable = true; binfmt = true; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" "x86_64-windows" ];

21
modules/system/cluster.nix
View File

@@ -1,21 +0,0 @@
inputs:
{
options.nixos.system.cluster = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
clusterName = mkOption { type = types.nonEmptyStr; };
nodeName = mkOption { type = types.nonEmptyStr; };
nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.system) cluster; in inputs.lib.mkIf (cluster != null)
{
nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}";
# 作为从机时home-manager 需要被禁用
systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map
(user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; })
inputs.config.nixos.user.users));
};
}

2
modules/system/default.nix
View File

@@ -17,7 +17,7 @@ inputs:
supportedFilesystems = [ "ntfs" "nfs" "nfsv4" ];
# consoleLogLevel = 7;
};
hardware.enableAllFirmware = true;
hardware = { enableAllFirmware = true; bluetooth.enable = true; };
environment =
{
sessionVariables = rec

4
modules/system/envfs.nix
View File

@@ -1,8 +1,6 @@
inputs:
{
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null)
config =
{
services.envfs.enable = true;
environment.variables.ENVFS_RESOLVE_ALWAYS = "1";

9
modules/system/fontconfig.nix → modules/system/font.nix
View File

@@ -1,11 +1,6 @@
inputs:
{
options.nixos.services.fontconfig = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
};
config = let inherit (inputs.config.nixos.services) fontconfig; in inputs.lib.mkIf (fontconfig != null)
config = inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
{
fonts =
{
@@ -13,7 +8,7 @@ inputs:
packages = with inputs.pkgs;
[
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts hack-font inter
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk-sans
noto-fonts-emoji corefonts vistafonts vistafonts-chs
];
fontconfig.defaultFonts =

2
modules/system/grub.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
options.nixos.system.grub = let inherit (inputs.lib) mkOption types; in
{
timeout = mkOption { type = types.int; default = 5; };
timeout = mkOption { type = types.int; default = if inputs.config.nixos.model.type == "server" then 15 else 5; };
windowsEntries = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
# "efi" using efi, "efiRemovable" using efi with install grub removable, or dev path like "/dev/sda" using bios
installDevice = mkOption { type = types.str; default = "efi"; };

67
modules/system/gui.nix
View File

@@ -1,46 +1,39 @@
inputs:
{
options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
preferred = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.enable; };
autoStart = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
};
config = let inherit (inputs.config.nixos.system) gui; in inputs.lib.mkIf gui.enable
{
services =
config = inputs.lib.mkMerge
[
# enable gui
(inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
{
displayManager =
services =
{
sddm = { enable = inputs.lib.mkDefault true; wayland.enable = true; theme = "breeze"; };
defaultSession = "plasma";
displayManager =
{
sddm = { enable = inputs.lib.mkDefault true; wayland.enable = true; theme = "breeze"; };
defaultSession = "plasma";
};
desktopManager.plasma6.enable = true;
xserver.enable = true;
};
desktopManager.plasma6.enable = true;
xserver.enable = true;
};
systemd.services.display-manager.enable = inputs.lib.mkDefault gui.autoStart;
environment =
{
sessionVariables =
environment =
{
GTK_USE_PORTAL = "1";
NIXOS_OZONE_WL = inputs.lib.mkIf gui.preferred "1";
};
plasma6.excludePackages = inputs.lib.mkIf (!gui.preferred) [ inputs.pkgs.kdePackages.plasma-nm ];
persistence = let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
{
"${impermanence.root}".directories =
sessionVariables.GTK_USE_PORTAL = "1";
persistence."/nix/rootfs/current".directories =
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }];
};
};
xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
i18n.inputMethod =
{
enable = true;
type = "fcitx5";
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
};
programs.dconf.enable = true;
};
xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
i18n.inputMethod =
{
enable = true;
type = "fcitx5";
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
};
programs.dconf.enable = true;
})
# prefer gui or not
(inputs.localLib.mkConditional (builtins.elem inputs.config.nixos.model.type [ "desktop" ])
{ environment.sessionVariables.NIXOS_OZONE_WL = "1"; }
{ environment.plasma6.excludePackages = [ inputs.pkgs.kdePackages.plasma-nm ]; })
];
}

15
modules/system/impermanence.nix
View File

@@ -1,17 +1,10 @@
inputs:
{
options.nixos.system.impermanence = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = true; };
persistence = mkOption { type = types.nonEmptyStr; default = "/nix/persistent"; };
root = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs/current"; };
nodatacow = mkOption { type = types.nullOr types.nonEmptyStr; default = "/nix/nodatacow"; };
};
config = let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
config =
{
environment.persistence =
{
"${impermanence.persistence}" =
"/nix/persistent" =
{
hideMounts = true;
directories =
@@ -33,7 +26,7 @@ inputs:
"/etc/ssh/ssh_host_rsa_key"
];
};
"${impermanence.root}" =
"/nix/rootfs/current" =
{
hideMounts = true;
directories =
@@ -45,7 +38,7 @@ inputs:
"/var/lib/flatpak"
];
};
"${impermanence.nodatacow}" =
"/nix/nodatacow" =
{
hideMounts = true;
directories =

21
modules/system/initrd.nix
View File

@@ -2,15 +2,7 @@ inputs:
{
options.nixos.system.initrd = let inherit (inputs.lib) mkOption types; in
{
sshd =
{
enable = mkOption { type = types.bool; default = false; };
hostKeys = mkOption
{
type = types.listOf types.nonEmptyStr;
default = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ];
};
};
sshd = mkOption { type = types.nullOr (types.submodule {}); default = null; };
unl0kr = mkOption { type = types.nullOr (types.submodule {}); default = null; };
};
config = let inherit (inputs.config.nixos.system) initrd; in inputs.lib.mkMerge
@@ -23,18 +15,21 @@ inputs:
};
}
(
inputs.lib.mkIf (initrd.sshd.enable)
inputs.lib.mkIf (initrd.sshd != null)
{
boot =
{
initrd =
{
network = { enable = true; ssh = { enable = true; hostKeys = initrd.sshd.hostKeys; }; };
network =
{
enable = true;
ssh = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
# resolved does not work in initrd, causing network.target to fail
services.resolved.enable = false;
};
# ip=dhcp only attain ipv4
# ip=on will reset systemd-networkd configs
# do not use ip=xxx, as it will override systemd-networkd configurations
# kernelParams = [ "ip=on" ];
};
}

47
modules/system/kernel/0001-drm-amdgpu-sdma5.2-limit-wptr-workaround-to-sdma-5.2.patch
View File

@@ -1,47 +0,0 @@
From 123c4d46272b7e72d7db3fe8b4131a8cc99613fb Mon Sep 17 00:00:00 2001
From: Alex Deucher <alexander.deucher@amd.com>
Date: Wed, 14 Aug 2024 10:28:24 -0400
Subject: [PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1
The workaround seems to cause stability issues on other
SDMA 5.2.x IPs.
Fixes: a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell")
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3556
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
---
drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
index d740255edf5a..bc9b240a3488 100644
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
@@ -225,14 +225,16 @@ static void sdma_v5_2_ring_set_wptr(struct amdgpu_ring *ring)
DRM_DEBUG("calling WDOORBELL64(0x%08x, 0x%016llx)\n",
ring->doorbell_index, ring->wptr << 2);
WDOORBELL64(ring->doorbell_index, ring->wptr << 2);
- /* SDMA seems to miss doorbells sometimes when powergating kicks in.
- * Updating the wptr directly will wake it. This is only safe because
- * we disallow gfxoff in begin_use() and then allow it again in end_use().
- */
- WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR),
- lower_32_bits(ring->wptr << 2));
- WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI),
- upper_32_bits(ring->wptr << 2));
+ if (amdgpu_ip_version(adev, SDMA0_HWIP, 0) == IP_VERSION(5, 2, 1)) {
+ /* SDMA seems to miss doorbells sometimes when powergating kicks in.
+ * Updating the wptr directly will wake it. This is only safe because
+ * we disallow gfxoff in begin_use() and then allow it again in end_use().
+ */
+ WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR),
+ lower_32_bits(ring->wptr << 2));
+ WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI),
+ upper_32_bits(ring->wptr << 2));
+ }
} else {
DRM_DEBUG("Not using doorbell -- "
"mmSDMA%i_GFX_RB_WPTR == 0x%08x "
--
2.46.0

141
modules/system/kernel/btrfs.patch
View File

@@ -1,141 +0,0 @@
From ae1e766f623f7a2a889a0b09eb076dd9a60efbe9 Mon Sep 17 00:00:00 2001
From: Filipe Manana <fdmanana@suse.com>
Date: Sun, 11 Aug 2024 11:53:42 +0100
Subject: btrfs: only run the extent map shrinker from kswapd tasks
Currently the extent map shrinker can be run by any task when attempting
to allocate memory and there's enough memory pressure to trigger it.
To avoid too much latency we stop iterating over extent maps and removing
them once the task needs to reschedule. This logic was introduced in commit
b3ebb9b7e92a ("btrfs: stop extent map shrinker if reschedule is needed").
While that solved high latency problems for some use cases, it's still
not enough because with a too high number of tasks entering the extent map
shrinker code, either due to memory allocations or because they are a
kswapd task, we end up having a very high level of contention on some
spin locks, namely:
1) The fs_info->fs_roots_radix_lock spin lock, which we need to find
roots to iterate over their inodes;
2) The spin lock of the xarray used to track open inodes for a root
(struct btrfs_root::inodes) - on 6.10 kernels and below, it used to
be a red black tree and the spin lock was root->inode_lock;
3) The fs_info->delayed_iput_lock spin lock since the shrinker adds
delayed iputs (calls btrfs_add_delayed_iput()).
Instead of allowing the extent map shrinker to be run by any task, make
it run only by kswapd tasks. This still solves the problem of running
into OOM situations due to an unbounded extent map creation, which is
simple to trigger by direct IO writes, as described in the changelog
of commit 956a17d9d050 ("btrfs: add a shrinker for extent maps"), and
by a similar case when doing buffered IO on files with a very large
number of holes (keeping the file open and creating many holes, whose
extent maps are only released when the file is closed).
Reported-by: kzd <kzd@56709.net>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219121
Reported-by: Octavia Togami <octavia.togami@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CAHPNGSSt-a4ZZWrtJdVyYnJFscFjP9S7rMcvEMaNSpR556DdLA@mail.gmail.com/
Fixes: 956a17d9d050 ("btrfs: add a shrinker for extent maps")
CC: stable@vger.kernel.org # 6.10+
Tested-by: kzd <kzd@56709.net>
Tested-by: Octavia Togami <octavia.togami@gmail.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
fs/btrfs/extent_map.c | 22 ++++++----------------
fs/btrfs/super.c | 10 ++++++++++
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
index 23b65dc73c0048..10ac5f657e3889 100644
--- a/fs/btrfs/extent_map.c
+++ b/fs/btrfs/extent_map.c
@@ -1147,8 +1147,7 @@ static long btrfs_scan_inode(struct btrfs_inode *inode, struct btrfs_em_shrink_c
return 0;
/*
- * We want to be fast because we can be called from any path trying to
- * allocate memory, so if the lock is busy we don't want to spend time
+ * We want to be fast so if the lock is busy we don't want to spend time
* waiting for it - either some task is about to do IO for the inode or
* we may have another task shrinking extent maps, here in this code, so
* skip this inode.
@@ -1191,9 +1190,7 @@ next:
/*
* Stop if we need to reschedule or there's contention on the
* lock. This is to avoid slowing other tasks trying to take the
- * lock and because the shrinker might be called during a memory
- * allocation path and we want to avoid taking a very long time
- * and slowing down all sorts of tasks.
+ * lock.
*/
if (need_resched() || rwlock_needbreak(&tree->lock))
break;
@@ -1222,12 +1219,7 @@ static long btrfs_scan_root(struct btrfs_root *root, struct btrfs_em_shrink_ctx
if (ctx->scanned >= ctx->nr_to_scan)
break;
- /*
- * We may be called from memory allocation paths, so we don't
- * want to take too much time and slowdown tasks.
- */
- if (need_resched())
- break;
+ cond_resched();
inode = btrfs_find_first_inode(root, min_ino);
}
@@ -1285,14 +1277,12 @@ long btrfs_free_extent_maps(struct btrfs_fs_info *fs_info, long nr_to_scan)
ctx.last_ino);
}
- /*
- * We may be called from memory allocation paths, so we don't want to
- * take too much time and slowdown tasks, so stop if we need reschedule.
- */
- while (ctx.scanned < ctx.nr_to_scan && !need_resched()) {
+ while (ctx.scanned < ctx.nr_to_scan) {
struct btrfs_root *root;
unsigned long count;
+ cond_resched();
+
spin_lock(&fs_info->fs_roots_radix_lock);
count = radix_tree_gang_lookup(&fs_info->fs_roots_radix,
(void **)&root,
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 83478deada3bd2..11044e9e2cb110 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -28,6 +28,7 @@
#include <linux/btrfs.h>
#include <linux/security.h>
#include <linux/fs_parser.h>
+#include <linux/swap.h>
#include "messages.h"
#include "delayed-inode.h"
#include "ctree.h"
@@ -2409,6 +2410,15 @@ static long btrfs_free_cached_objects(struct super_block *sb, struct shrink_cont
const long nr_to_scan = min_t(unsigned long, LONG_MAX, sc->nr_to_scan);
struct btrfs_fs_info *fs_info = btrfs_sb(sb);
+ /*
+ * We may be called from any task trying to allocate memory and we don't
+ * want to slow it down with scanning and dropping extent maps. It would
+ * also cause heavy lock contention if many tasks concurrently enter
+ * here. Therefore only allow kswapd tasks to scan and drop extent maps.
+ */
+ if (!current_is_kswapd())
+ return 0;
+
return btrfs_free_extent_maps(fs_info, nr_to_scan);
}
--
cgit 1.2.3-korg

28
modules/system/kernel/default.nix
View File

@@ -59,15 +59,6 @@ inputs:
let
patches =
{
cjktty =
[{
name = "cjktty";
patch =
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in "${inputs.topInputs.cjktty}/v6.x/cjktty-${version}.patch";
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
}];
lantian =
[{
name = "lantian";
@@ -134,27 +125,10 @@ inputs:
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in ./hibernate-progress-${version}.patch;
}];
# TODO: remove in 6.11
btrfs =
[{
name = "btrfs";
patch =
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in if version == "6.10" then ./btrfs.patch else null;
}];
amdgpu =
[{
name = "amdgpu";
patch = ./0001-drm-amdgpu-sdma5.2-limit-wptr-workaround-to-sdma-5.2.patch;
}];
};
in builtins.concatLists (builtins.map (name: patches.${name}) (kernel.patches ++ [ "btrfs" ]));
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
}
(
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "cachyos" kernel.variant)
{ nixos.packages.packages._packages = [ inputs.pkgs.scx ]; }
)
(
inputs.lib.mkIf (kernel.variant == "rpi3")
{ boot.initrd = { systemd.enableTpm2 = false; includeDefaultModules = false; }; }

128
modules/system/kernel/hibernate-progress-6.11.patch Normal file
View File

@@ -0,0 +1,128 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index 5bc04bfe2db1..6e7b17b97de7 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -563,7 +563,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -578,7 +578,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -588,7 +588,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -795,8 +795,8 @@ static int save_compressed_image(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -817,7 +817,7 @@ static int save_compressed_image(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -888,9 +888,9 @@ static int save_compressed_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
- pr_info("Image size after compression: %d kbytes\n",
+ pr_err("Image size after compression: %d kbytes\n",
(atomic_read(&compressed_size) / 1024));
out_clean:
@@ -1105,7 +1105,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1123,7 +1123,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1133,7 +1133,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1328,8 +1328,8 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1459,7 +1459,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1485,7 +1485,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1593,7 +1593,7 @@ int swsusp_check(bool exclusive)
}
if (!error && swsusp_header->flags & SF_HW_SIG &&
swsusp_header->hw_sig != swsusp_hardware_signature) {
- pr_info("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
+ pr_err("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
swsusp_header->hw_sig, swsusp_hardware_signature);
error = -EINVAL;
}

181
modules/system/networking.nix
View File

@@ -1,36 +1,30 @@
inputs:
{
options.nixos.system.networking = let inherit (inputs.lib) mkOption types; in
options.nixos.system.networking = let inherit (inputs.lib) mkOption types; in mkOption
{
hostname = mkOption { type = types.nonEmptyStr; };
networkManager.enable = mkOption
{ type = types.bool; default = inputs.config.nixos.system.networking.networkd == null; };
networkd = mkOption
# null: use network-manager; otherwise use networkd
type = types.nullOr (types.submodule { options =
{
type = types.nullOr (types.submodule { options =
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
static = mkOption
{
dhcp = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
static = mkOption
type = types.attrsOf (types.submodule { options =
{
type = types.attrsOf (types.submodule { options =
{
ip = mkOption { type = types.nonEmptyStr; };
mask = mkOption { type = types.ints.unsigned; };
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};});
default = {};
};
};});
default = null;
};
wireless = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
ip = mkOption { type = types.nonEmptyStr; };
mask = mkOption { type = types.ints.unsigned; };
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};});
default = {};
};
wireless = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.system) networking; in inputs.lib.mkMerge
[
# general config
{
networking.hostName = networking.hostname;
boot.kernel.sysctl =
{
"net.core.rmem_max" = 67108864;
@@ -53,86 +47,79 @@ inputs:
"net.bridge.bridge-nf-call-arptables" = false;
};
}
# networkManager
(inputs.lib.mkIf networking.networkManager.enable
{
networking.networkmanager =
(inputs.localLib.mkConditional (networking == null)
{
enable = true;
settings.device.keep-configuration = "no";
};
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
})
# networkd
(inputs.lib.mkIf (networking.networkd != null)
{
systemd.network =
networking.networkmanager =
{
enable = true;
settings.device.keep-configuration = "no";
};
environment.persistence."/nix/persistent".directories =
[{ directory = "/etc/NetworkManager/system-connections"; mode = "0700"; }];
}
{
enable = true;
networks = builtins.listToAttrs
(
(builtins.map
(network:
{
name = "10-${network}";
value =
systemd.network =
{
enable = true;
networks = builtins.listToAttrs
(
(builtins.map
(network:
{
matchConfig.Name = network;
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
linkConfig.RequiredForOnline = "routable";
};
})
networking.networkd.dhcp)
++ (builtins.map
(network:
{
name = "10-${network.name}";
value =
name = "10-${network}";
value =
{
matchConfig.Name = network;
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
linkConfig.RequiredForOnline = "routable";
};
})
networking.dhcp)
++ (builtins.map
(network:
{
matchConfig.Name = network.name;
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
routes = inputs.lib.mkIf (network.value.gateway != null)
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
linkConfig.RequiredForOnline = "routable";
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
};
})
(inputs.localLib.attrsToList networking.networkd.static))
);
};
networking =
{
networkmanager.unmanaged = with networking.networkd; dhcp ++ (builtins.attrNames static);
useNetworkd = true;
};
# dnsable dns fallback, use provided dns servers or no dns
services.resolved.fallbackDns = [];
})
# wpa_supplicant
(inputs.lib.mkIf (networking.wireless != [])
{
networking.wireless =
{
enable = true;
networks = builtins.listToAttrs (builtins.map
(network:
name = "10-${network.name}";
value =
{
matchConfig.Name = network.name;
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
routes = inputs.lib.mkIf (network.value.gateway != null)
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
linkConfig.RequiredForOnline = "routable";
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
};
})
(inputs.localLib.attrsToList networking.static))
);
};
networking =
{
useNetworkd = true;
wireless = inputs.lib.mkIf (networking.wireless or [] != [])
{
name = network;
value.psk = "@${builtins.hashString "md5" network}_PSK@";
})
networking.wireless);
environmentFile = inputs.config.sops.templates."wireless.env".path;
};
sops =
{
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
(network: "${builtins.hashString "md5" network}_PSK=${inputs.config.sops.placeholder."wireless/${network}"}")
networking.wireless);
secrets = builtins.listToAttrs (builtins.map
(network: { name = "wireless/${network}"; value = {}; })
networking.wireless);
};
enable = true;
networks = builtins.listToAttrs (builtins.map
(network:
{
name = network;
value.psk = "@${builtins.hashString "md5" network}_PSK@";
})
networking.wireless);
environmentFile = inputs.config.sops.templates."wireless.env".path;
};
};
# dnsable dns fallback, use provided dns servers or no dns
services.resolved.fallbackDns = [];
sops = inputs.lib.mkIf (networking.wireless or [] != [])
{
templates."wireless.env".content = builtins.concatStringsSep "\n" (builtins.map
(network:
"${builtins.hashString "md5" network}_PSK=${inputs.config.sops.placeholder."wireless/${network}"}")
networking.wireless);
secrets = builtins.listToAttrs (builtins.map
(network: { name = "wireless/${network}"; value = {}; })
networking.wireless);
};
})
];
}

11
modules/system/nix-ld.nix
View File

@@ -1,9 +1,12 @@
inputs:
{
options.nixos.system.nix-ld = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.system) nix-ld; in inputs.lib.mkIf (nix-ld != null)
config =
{
programs.nix-ld = { enable = true; libraries = [ inputs.pkgs.steam-run.fhsenv ]; };
programs.nix-ld =
{
enable = true;
libraries = [(inputs.pkgs.runCommand "steamrun-lib" {}
"mkdir $out; ln -s ${inputs.pkgs.steam-run.fhsenv}/usr/lib64 $out/lib")];
};
};
}

24
modules/system/nix.nix
View File

@@ -4,9 +4,7 @@ inputs:
{
# marches allowed to be compiled on this machine
marches = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
includeBuildDependencies = mkOption { type = types.bool; default = inputs.topInputs.self.config.archive; };
substituters = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
autoOptimiseStore = mkOption { type = types.bool; default = false; };
remote =
{
slave =
@@ -36,7 +34,11 @@ inputs:
experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
keep-failed = true;
max-substitution-jobs = 4;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
trusted-public-keys =
[
"chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE="
"cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
];
trusted-users = [ "@wheel" ];
show-trace = true;
max-jobs = 4;
@@ -82,19 +84,15 @@ inputs:
++ (with inputs.config.nixos.system.nixpkgs; if march == null then [] else [ "gccarch-exact-${march}" ]);
}
# includeBuildDependencies
(inputs.lib.mkIf nix.includeBuildDependencies
{
system.includeBuildDependencies = nix.includeBuildDependencies;
})
{ system.includeBuildDependencies = inputs.topInputs.self.config.archive; }
# substituters
{
nix.settings.substituters = inputs.lib.mkIf (nix.substituters != null) nix.substituters;
nix.settings.substituters = inputs.lib.mkMerge
[
(inputs.lib.mkIf (nix.substituters != null) nix.substituters)
[ "https://cache.ngi0.nixos.org/" ]
];
}
# autoOptimiseStore
(inputs.lib.mkIf nix.autoOptimiseStore
{
nix.settings.auto-optimise-store = nix.autoOptimiseStore;
})
# remote.slave
(inputs.lib.mkIf nix.remote.slave.enable
{

49
modules/system/nixpkgs.nix
View File

@@ -22,8 +22,6 @@ inputs:
{
nixpkgs =
let
permittedInsecurePackages =
[ "openssl_1_1" "python2" "zotero" "electron_27" "electron_28" "olm" "fluffychat" ];
hostPlatform = if nixpkgs.march != null
then { system = "${nixpkgs.arch}-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
else "${nixpkgs.arch}-linux";
@@ -35,14 +33,17 @@ inputs:
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
);
allowInsecurePredicate = p: inputs.lib.warn
"Allowing insecure package ${p.name or "${p.pname}-${p.version}"}" true;
in
{
inherit hostPlatform;
config = cudaConfig //
{
permittedInsecurePackages = map (package: inputs.pkgs.${package}.name) permittedInsecurePackages;
inherit allowInsecurePredicate;
allowUnfree = true;
qchem-config = { optArch = nixpkgs.march; useCuda = nixpkgs.cuda.enable; };
android_sdk.accept_license = true;
}
// (if nixpkgs.march == null then {} else
{
@@ -61,13 +62,7 @@ inputs:
genericPackages = import inputs.topInputs.nixpkgs
{
inherit system;
config =
{
allowUnfree = true;
permittedInsecurePackages = let pkgs = inputs.topInputs.nixpkgs.legacyPackages.${system}; in map
(package: pkgs.${package}.name)
(filter (package: pkgs ? ${package}) permittedInsecurePackages);
};
config = { allowUnfree = true; inherit allowInsecurePredicate; };
};
in
{ inherit genericPackages; }
@@ -77,10 +72,7 @@ inputs:
{
"pkgs-23.11" = "nixpkgs-23.11";
"pkgs-23.05" = "nixpkgs-23.05";
"pkgs-22.11" = "nixpkgs-22.11";
"pkgs-22.05" = "nixpkgs-22.05";
};
permittedInsecurePackages."pkgs-23.11" = [ "electron_19" ];
packages = name: import inputs.topInputs.${source.${name}}
{
localSystem = hostPlatform;
@@ -88,11 +80,7 @@ inputs:
{
allowUnfree = true;
# contentAddressedByDefault = true;
permittedInsecurePackages =
let pkgs = inputs.topInputs.${source.${name}}.legacyPackages.${system};
in map
(package: pkgs.${package}.name)
permittedInsecurePackages.${name} or [];
inherit allowInsecurePredicate;
};
};
in builtins.listToAttrs (map
@@ -101,30 +89,9 @@ inputs:
// (
inputs.lib.optionalAttrs (nixpkgs.march != null)
{
# -march=xxx cause embree build failed
# https://github.com/embree/embree/issues/115
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
libvorbis = prev.libvorbis.override { stdenv = final.genericPackages.stdenv; };
_7zz = prev._7zz.override { stdenv = final.genericPackages.stdenv; };
ispc = genericPackages.ispc;
opencolorio = prev.opencolorio.overrideAttrs { doCheck = false; };
redis = prev.redis.overrideAttrs { doCheck = false; };
krita = final.genericPackages.krita;
geos = prev.geos.overrideAttrs { doCheck = false; };
c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; };
binaryen = prev.binaryen.overrideAttrs
{ cmakeFlags = (prev.cmakeFlags or []) ++ [ "-DCMAKE_CXX_FLAGS=-Wno-maybe-uninitialized" ]; };
fwupd = prev.fwupd.overrideAttrs { doCheck = false; };
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
scalapack = prev.scalapack.overrideAttrs { doCheck = false; };
xdg-desktop-portal = prev.xdg-desktop-portal.overrideAttrs (prev:
{ doCheck = false; nativeBuildInputs = prev.nativeBuildInputs ++ prev.nativeCheckInputs; });
gsl = prev.gsl.overrideAttrs { doCheck = false; };
}
)
// (
inputs.lib.optionalAttrs nixpkgs.cuda.enable
{
waifu2x-converter-cpp = prev.waifu2x-converter-cpp.override
{ stdenv = final.cudaPackages.backendStdenv; };
}
)
)];

19
modules/system/sops.nix
View File

@@ -1,21 +1,16 @@
inputs:
{
options.nixos.system.sops = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = true; };
keyPathPrefix = mkOption { type = types.str; default = "/nix/persistent"; };
};
config = let inherit (inputs.config.nixos.system) sops; in inputs.lib.mkIf sops.enable
config =
{
sops =
{
defaultSopsFile =
let deviceDir =
if (inputs.config.nixos.system.cluster == null) then
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}"
if (inputs.config.nixos.model.cluster == null) then
"${inputs.topInputs.self}/devices/${inputs.config.nixos.model.hostname}"
else
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.cluster.clusterName}"
+ "/${inputs.config.nixos.system.cluster.nodeName}";
"${inputs.topInputs.self}/devices/${inputs.config.nixos.model.cluster.clusterName}"
+ "/${inputs.config.nixos.model.cluster.nodeName}";
in inputs.lib.mkMerge
[
(inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets.yaml") "${deviceDir}/secrets.yaml")
@@ -23,8 +18,8 @@ inputs:
"${deviceDir}/secrets/default.yaml")
];
# sops start before impermanence, so we need to use the absolute path
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
age.sshKeyPaths = [ "/nix/persistent/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ "/nix/persistent/etc/ssh/ssh_host_rsa_key" ];
};
};
}

9
modules/system/systemd.nix
View File

@@ -12,8 +12,13 @@ inputs:
DefaultLimitNOFILE=1048576:1048576
'';
user.extraConfig = "DefaultTimeoutStopSec=10s";
# do not create /var/lib/machines and /var/lib/portables as subvolumes
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
services =
{
# do not create /var/lib/machines and /var/lib/portables as subvolumes
systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
# useless
systemd-machine-id-commit.enable = false;
};
# do not clean /tmp
timers.systemd-tmpfiles-clean.enable = false;
coredump = { enable = true; extraConfig = "Storage=none"; };

258
modules/user/chn/default.nix
View File

@@ -36,7 +36,7 @@ inputs:
"wireguard.surface" "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
]));
extraConfig =
inputs.lib.mkIf (builtins.elem inputs.config.nixos.system.networking.hostname [ "pc" "surface" ])
inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.hostname [ "pc" "surface" ])
''
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_ed25519_sk
@@ -55,7 +55,7 @@ inputs:
(builtins.map
(system:
{
name = system.config.nixos.system.networking.hostname;
name = system.config.nixos.model.hostname;
value = system.config.nixos.system.fileSystems.luks.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
@@ -86,135 +86,133 @@ inputs:
pam.yubico.authorizedYubiKeys.ids = [ "cccccbgrhnub" ];
};
};
environment.persistence =
let inherit (inputs.config.nixos.system) impermanence;
in inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker" && impermanence.enable)
environment.persistence = inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null != "worker")
{
# TODO: make copy or soft link of files
"/nix/persistent".users.chn =
{
# TODO: make copy or soft link of files
"${impermanence.persistence}".users.chn =
{
directories = builtins.map
(dir: { directory = dir.dir or dir; user = "chn"; group = "chn"; mode = dir.mode or "0755"; })
[
# common things
"bin" "Desktop" "Documents" "Downloads" "Music" "Pictures" "repo" "share" "Public" "Videos"
".config" ".local/share"
# # gnome
# { dir = ".config/dconf"; mode = "0700"; } ".config/gtk-2.0" ".config/gtk-3.0" ".config/gtk-4.0"
# ".config/libaccounts-glib"
# # android
# { dir = ".android"; mode = "0750";}
# xmuvpn
".ecdata"
# firefox
{ dir = ".mozilla/firefox/default"; mode = "0700"; }
# ssh
{ dir = ".ssh"; mode = "0700"; }
# steam
".steam" # ".local/share/Steam"
# vscode
".vscode" # ".config/Code" ".config/grammarly-languageserver"
# zotero
".zotero" "Zotero"
# 百度网盘
# ".config/BaiduPCS-Go"
# # bitwarden
# ".config/Bitwarden"
# # blender
# ".config/blender"
# # chromium
# ".config/chromium"
# # crow-translate
# ".config/crow-translate"
# # discord
# ".config/discord"
# # element
# ".config/Element"
# # fcitx
# ".config/fcitx5" ".local/share/fcitx5"
# # github
# ".config/gh"
# # gimp
# ".config/GIMP"
# # chrome
# ".config/google-chrome"
# # inkscape
# ".config/inkscape"
# # jetbrain
# ".config/JetBrains" ".local/share/JetBrains"
# # kde
# ".config/akonadi" ".config/KDE" ".config/kde.org" ".config/kdeconnect" ".config/kdedefaults"
# ".config/Kvantum"
# ".local/share/akonadi" ".local/share/akonadi-davgroupware"
# ".local/share/kactivitymanagerd" ".local/share/kwalletd" ".local/share/plasma"
# ".local/share/plasma-systemmonitor" ".local/share/plasma_notes"
# # libreoffice
# ".config/libreoffice"
# # mathematica
# ".config/mathematica"
# # netease-cloud-music-gtk
# ".config/netease-cloud-music" ".local/share/netease-cloud-music-gtk4"
# # nheko
# ".config/nheko" ".local/share/nheko"
# # ovito
# ".config/Ovito"
# # qbittorrent
# ".config/qBittorrent" ".local/share/qBittorrent"
# # remmina
# ".config/remmina" ".local/share/remmina"
# # slack
# ".config/Slack"
# # spotify
# ".config/spotify"
# # systemd TODO: use declarative
# ".config/systemd/user"
# # typora
# ".config/Typora"
# # xsettingsd
# ".config/xsettingsd"
# # yesplaymusic
# ".config/yesplaymusic"
# # genshin
# ".local/share/anime-game-launcher"
# # applications
# ".local/share/applications" ".local/share/desktop-directories"
# # theme TODO: remove them
# ".local/share/color-schemes" ".local/share/icons" ".local/share/wallpapers"
# # dbeaver
# ".local/share/DbeaverData"
# # docker
# ".local/share/docker"
# # fonts TODO: use declarative
# ".local/share/fonts"
# # gpg
# ".local/share/gnupg"
# # TODO: what is this?
# ".local/share/mime"
# # telegram
# ".local/share/TelegramDesktop"
# # trash
# ".local/share/Trash"
# # waydroid
# ".local/share/waydroid"
# # zsh
# ".local/share/zsh"
];
# TODO: create file if not exist
# files = builtins.map
# (file: { inherit file; parentDirectory = { user = "chn"; group = "chn"; mode = "0755"; }; })
# [
# # kde
# ".config/kactivitymanagerdrc" ".config/plasma-org.kde.plasma.desktop-appletsrc"
# ".config/kactivitymanagerd-switcher" ".config/kactivitymanagerd-statsrc"
# ".config/kactivitymanagerd-pluginsrc"
# ".config/plasmarc" ".config/plasmashellrc" ".config/kwinrc" ".config/krunnerrc"
# ".config/kdeglobals" ".config/kglobalshortcutsrc" ".config/kio_fishrc" ".config/kiorc"
# ".config/kleopatrarc" ".config/kmail2rc" ".config/kmailsearchindexingrc" ".config/kscreenlockerrc"
# ".config/user-dirs.dirs" ".config/yakuakerc"
# # age TODO: use sops to storage
# ".config/sops/age/keys.txt"
# ];
};
directories = builtins.map
(dir: { directory = dir.dir or dir; user = "chn"; group = "chn"; mode = dir.mode or "0755"; })
[
# common things
"bin" "Desktop" "Documents" "Downloads" "Music" "Pictures" "repo" "share" "Public" "Videos"
".config" ".local/share"
# # gnome
# { dir = ".config/dconf"; mode = "0700"; } ".config/gtk-2.0" ".config/gtk-3.0" ".config/gtk-4.0"
# ".config/libaccounts-glib"
# # android
# { dir = ".android"; mode = "0750";}
# xmuvpn
".ecdata"
# firefox
{ dir = ".mozilla/firefox/default"; mode = "0700"; }
# ssh
{ dir = ".ssh"; mode = "0700"; }
# steam
".steam" # ".local/share/Steam"
# vscode
".vscode" # ".config/Code" ".config/grammarly-languageserver"
# zotero
".zotero" "Zotero"
# 百度网盘
# ".config/BaiduPCS-Go"
# # bitwarden
# ".config/Bitwarden"
# # blender
# ".config/blender"
# # chromium
# ".config/chromium"
# # crow-translate
# ".config/crow-translate"
# # discord
# ".config/discord"
# # element
# ".config/Element"
# # fcitx
# ".config/fcitx5" ".local/share/fcitx5"
# # github
# ".config/gh"
# # gimp
# ".config/GIMP"
# # chrome
# ".config/google-chrome"
# # inkscape
# ".config/inkscape"
# # jetbrain
# ".config/JetBrains" ".local/share/JetBrains"
# # kde
# ".config/akonadi" ".config/KDE" ".config/kde.org" ".config/kdeconnect" ".config/kdedefaults"
# ".config/Kvantum"
# ".local/share/akonadi" ".local/share/akonadi-davgroupware"
# ".local/share/kactivitymanagerd" ".local/share/kwalletd" ".local/share/plasma"
# ".local/share/plasma-systemmonitor" ".local/share/plasma_notes"
# # libreoffice
# ".config/libreoffice"
# # mathematica
# ".config/mathematica"
# # netease-cloud-music-gtk
# ".config/netease-cloud-music" ".local/share/netease-cloud-music-gtk4"
# # nheko
# ".config/nheko" ".local/share/nheko"
# # ovito
# ".config/Ovito"
# # qbittorrent
# ".config/qBittorrent" ".local/share/qBittorrent"
# # remmina
# ".config/remmina" ".local/share/remmina"
# # slack
# ".config/Slack"
# # spotify
# ".config/spotify"
# # systemd TODO: use declarative
# ".config/systemd/user"
# # typora
# ".config/Typora"
# # xsettingsd
# ".config/xsettingsd"
# # yesplaymusic
# ".config/yesplaymusic"
# # genshin
# ".local/share/anime-game-launcher"
# # applications
# ".local/share/applications" ".local/share/desktop-directories"
# # theme TODO: remove them
# ".local/share/color-schemes" ".local/share/icons" ".local/share/wallpapers"
# # dbeaver
# ".local/share/DbeaverData"
# # docker
# ".local/share/docker"
# # fonts TODO: use declarative
# ".local/share/fonts"
# # gpg
# ".local/share/gnupg"
# # TODO: what is this?
# ".local/share/mime"
# # telegram
# ".local/share/TelegramDesktop"
# # trash
# ".local/share/Trash"
# # waydroid
# ".local/share/waydroid"
# # zsh
# ".local/share/zsh"
];
# TODO: create file if not exist
# files = builtins.map
# (file: { inherit file; parentDirectory = { user = "chn"; group = "chn"; mode = "0755"; }; })
# [
# # kde
# ".config/kactivitymanagerdrc" ".config/plasma-org.kde.plasma.desktop-appletsrc"
# ".config/kactivitymanagerd-switcher" ".config/kactivitymanagerd-statsrc"
# ".config/kactivitymanagerd-pluginsrc"
# ".config/plasmarc" ".config/plasmashellrc" ".config/kwinrc" ".config/krunnerrc"
# ".config/kdeglobals" ".config/kglobalshortcutsrc" ".config/kio_fishrc" ".config/kiorc"
# ".config/kleopatrarc" ".config/kmail2rc" ".config/kmailsearchindexingrc" ".config/kscreenlockerrc"
# ".config/user-dirs.dirs" ".config/yakuakerc"
# # age TODO: use sops to storage
# ".config/sops/age/keys.txt"
# ];
};
};
};
}

2
modules/user/chn/git.nix
View File

@@ -8,7 +8,7 @@ inputs:
package = inputs.pkgs.gitFull;
extraConfig =
{
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
core.editor = if inputs.config.nixos.model.type == "desktop" then "code --wait" else "hx";
http.postBuffer = 624288000;
advice.detachedHead = false;
merge.conflictstyle = "diff3";

12
modules/user/chn/plasma/autostart.nix
View File

@@ -1,6 +1,6 @@
inputs:
{
config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
config = inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
{
home-manager.users.chn.config.home.file =
let
@@ -64,12 +64,8 @@ inputs:
name = ".config/autostart/${programs.${file}.fileName}";
value.source = programs.${file}.path;
})
(devices.${inputs.config.nixos.system.networking.hostname} or []));
environment.persistence =
let impermanence = inputs.config.nixos.system.impermanence;
in inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker" && impermanence.enable)
{
"${impermanence.root}".users.chn.directories = [ ".config/autostart" ];
};
(devices.${inputs.config.nixos.model.hostname} or []));
environment.persistence."/nix/rootfs/current".users.chn.directories =
inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null != "worker") [ ".config/autostart" ];
};
}

7
modules/user/chn/plasma/konsole.nix
View File

@@ -67,9 +67,8 @@ inputs:
[ "Opacity=1" ] [ "Opacity=0.9\nBlur=true" ]
(builtins.readFile "${inputs.pkgs.konsole}/share/konsole/Breeze.colorscheme");
};
environment.persistence =
let impermanence = inputs.config.nixos.system.impermanence;
in inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker" && impermanence.enable)
{ "${impermanence.root}".users.chn.directories = [ ".local/share/konsole" ".local/share/yakuake" ]; };
environment.persistence."/nix/rootfs/current".users.chn.directories =
inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null != "worker")
[ ".local/share/konsole" ".local/share/yakuake" ];
};
}

2
modules/user/chn/plasma/shortcuts.nix
View File

@@ -1,6 +1,6 @@
inputs:
{
config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
config = inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
{
home-manager.users.chn.config.programs.plasma =
{

2
modules/user/chn/plasma/theme.nix
View File

@@ -1,6 +1,6 @@
inputs:
{
config = inputs.lib.mkIf inputs.config.nixos.system.gui.enable
config = inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
{
home-manager.users.chn.config =
{

2
modules/user/chn/plasma/wallpaper.nix
View File

@@ -7,7 +7,7 @@ inputs:
{
pc = "${nixos-wallpaper}/pixiv-117612023.png";
surface = "${nixos-wallpaper}/fanbox-6682738.png";
}.${inputs.config.nixos.system.networking.hostname} or "${nixos-wallpaper}/pixiv-96734339-x2.png";
}.${inputs.config.nixos.model.hostname} or "${nixos-wallpaper}/pixiv-96734339-x2.png";
in
{
# "plasma-org.kde.plasma.desktop-appletsrc" =

2
modules/user/chn/sops.nix
View File

@@ -3,7 +3,7 @@ inputs:
config = inputs.lib.mkIf
(
(builtins.elem "chn" inputs.config.nixos.user.users)
&& (builtins.elem inputs.config.nixos.system.networking.hostname [ "pc" "surface" ])
&& (builtins.elem inputs.config.nixos.model.hostname [ "pc" "surface" ])
)
{
home-manager.users.chn = homeInputs:

104
modules/user/default.nix
View File

@@ -25,6 +25,7 @@ inputs:
GROUPIII-1 = 1011;
GROUPIII-2 = 1012;
GROUPIII-3 = 1013;
lly = 1014;
misskey-misskey = 2000;
misskey-misskey-old = 2001;
frp = 2002;
@@ -65,6 +66,7 @@ inputs:
group = userName;
isNormalUser = true;
shell = inputs.pkgs.zsh;
createHome = true;
extraGroups = inputs.lib.intersectLists [ "users" "video" "audio" ]
(builtins.attrNames inputs.config.users.groups);
# ykman fido credentials list
@@ -87,29 +89,27 @@ inputs:
home-manager.users = builtins.listToAttrs (builtins.map
(name: { inherit name; value.imports = user.sharedModules; })
user.users);
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker") (builtins.map
environment.persistence."/nix/persistent".directories =
inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null != "worker") (builtins.map
(user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
(builtins.filter (user: user != "chn") user.users));
}
# set hashedPassword if it exist in secrets
(
inputs.lib.mkIf inputs.config.nixos.system.sops.enable
(
let
secrets = inputs.pkgs.localPackages.fromYaml (builtins.readFile inputs.config.sops.defaultSopsFile);
hashedPasswordExist = userName: (secrets ? users) && ((secrets.users or {}) ? ${userName});
in
{
users.users = builtins.listToAttrs (builtins.map
(name: { inherit name; value.hashedPasswordFile = inputs.config.sops.secrets."users/${name}".path; })
(builtins.filter (user: hashedPasswordExist user) user.users));
sops.secrets = builtins.listToAttrs (builtins.map
(name: { name = "users/${name}"; value.neededForUsers = true; })
(builtins.filter (user: hashedPasswordExist user) user.users));
}
)
let
secrets = inputs.pkgs.localPackages.fromYaml (builtins.readFile inputs.config.sops.defaultSopsFile);
hashedPasswordExist = userName: (secrets ? users) && ((secrets.users or {}) ? ${userName});
in
{
users.users = builtins.listToAttrs (builtins.map
(name: { inherit name; value.hashedPasswordFile = inputs.config.sops.secrets."users/${name}".path; })
(builtins.filter (user: hashedPasswordExist user) user.users));
sops.secrets = builtins.listToAttrs (builtins.map
(name: { name = "users/${name}"; value.neededForUsers = true; })
(builtins.filter (user: hashedPasswordExist user) user.users));
}
)
# setup root
{
users.users.root =
{
@@ -123,49 +123,33 @@ inputs:
config.programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
};
}
# setup test
(inputs.lib.mkIf (builtins.elem "test" user.users) { users.users.test.password = "test"; })
# disable symlinks directly under home created by home-manager, use bind-mount instead
{
nixos.user.sharedModules =
[{
home.file = inputs.lib.mkMerge (builtins.map (file: { "${file}".enable = false; })
[ ".zshrc" ".zshenv" ".profile" ".bashrc" ".bash_profile" ]);
}];
fileSystems = inputs.lib.mkMerge (builtins.map
(user: inputs.lib.mkMerge (builtins.map
(file:
{
"/home/${user}/${file}" =
{
device = "${inputs.config.home-manager.users.${user}.home.file.${file}.source}";
options = [ "bind" ];
};
})
[ ".zshrc" ".zshenv" ".profile" ".bashrc" ".bash_profile" ]))
user.users);
users.users = inputs.lib.mkMerge (builtins.map
(user: { ${user}.home = "/home/${user}"; })
user.users);
home-manager.users = inputs.lib.mkMerge (builtins.map
(user: { ${user}.home.homeDirectory = "/home/${user}"; })
user.users);
}
];
}
# environment.persistence."/impermanence".users.chn =
# {
# directories =
# [
# "Desktop"
# "Documents"
# "Downloads"
# "Music"
# "repo"
# "Pictures"
# "Videos"
# ".cache"
# ".config"
# ".gnupg"
# ".local"
# ".ssh"
# ".android"
# ".exa"
# ".gnome"
# ".Mathematica"
# ".mozilla"
# ".pki"
# ".steam"
# ".tcc"
# ".vim"
# ".vscode"
# ".Wolfram"
# ".zotero"
# ];
# files =
# [
# ".bash_history"
# ".cling_history"
# ".gitconfig"
# ".gtkrc-2.0"
# ".root_hist"
# ".viminfo"
# ".zsh_history"
# ];
# };

1
modules/user/lly/id_ed25519.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly

22
packages/default.nix
View File

@@ -3,15 +3,11 @@ inputs: rec
vesta = inputs.pkgs.callPackage ./vesta.nix {};
rsshub = inputs.pkgs.callPackage ./rsshub.nix { inherit mkPnpmPackage; src = inputs.topInputs.rsshub; };
misskey = inputs.pkgs.callPackage ./misskey.nix { inherit mkPnpmPackage; src = inputs.topInputs.misskey; };
mk-meili-mgn = inputs.pkgs.callPackage ./mk-meili-mgn.nix {};
vaspkit = inputs.pkgs.callPackage ./vaspkit.nix { inherit (inputs.localLib) attrsToList; };
v-sim = inputs.pkgs.callPackage ./v-sim.nix { src = inputs.topInputs.v-sim; };
concurrencpp = inputs.pkgs.callPackage ./concurrencpp.nix { src = inputs.topInputs.concurrencpp; };
eigengdb = inputs.pkgs.python3Packages.callPackage ./eigengdb.nix {};
nodesoup = inputs.pkgs.callPackage ./nodesoup.nix { src = inputs.topInputs.nodesoup; };
matplotplusplus = inputs.pkgs.callPackage ./matplotplusplus.nix
{
inherit glad nodesoup;
src = inputs.topInputs.matplotplusplus;
stdenv = inputs.pkgs.clang18Stdenv;
};
@@ -19,10 +15,8 @@ inputs: rec
eigen = inputs.pkgs.callPackage ./eigen.nix { src = inputs.topInputs.eigen; };
nameof = inputs.pkgs.callPackage ./nameof.nix { src = inputs.topInputs.nameof; };
pslist = inputs.pkgs.callPackage ./pslist.nix {};
glad = inputs.pkgs.callPackage ./glad.nix {};
yoga-support = inputs.pkgs.callPackage ./yoga-support.nix {};
tgbot-cpp = inputs.pkgs.callPackage ./tgbot-cpp.nix { src = inputs.topInputs.tgbot-cpp; };
mirism = inputs.pkgs.callPackage ./mirism.nix
mirism-old = inputs.pkgs.callPackage ./mirism-old.nix
{
inherit cppcoro nameof tgbot-cpp date;
nghttp2 = inputs.pkgs.callPackage "${inputs.topInputs."nixpkgs-23.05"}/pkgs/development/libraries/nghttp2"
@@ -31,11 +25,6 @@ inputs: rec
};
cppcoro = inputs.pkgs.callPackage ./cppcoro { src = inputs.topInputs.cppcoro; };
date = inputs.pkgs.callPackage ./date.nix { src = inputs.topInputs.date; };
esbonio = inputs.pkgs.python3Packages.callPackage ./esbonio.nix {};
pix2tex = inputs.pkgs.python3Packages.callPackage ./pix2tex {};
pyreadline3 = inputs.pkgs.python3Packages.callPackage ./pyreadline3.nix {};
torchdata = inputs.pkgs.python3Packages.callPackage ./torchdata.nix {};
torchtext = inputs.pkgs.python3Packages.callPackage ./torchtext.nix { inherit torchdata; };
blurred-wallpaper = inputs.pkgs.callPackage ./blurred-wallpaper.nix { src = inputs.topInputs.blurred-wallpaper; };
slate = inputs.pkgs.callPackage ./slate.nix { src = inputs.topInputs.slate; };
nvhpc = inputs.pkgs.callPackage ./nvhpc.nix {};
@@ -74,8 +63,6 @@ inputs: rec
vtstscripts = inputs.pkgs.callPackage ./vasp/vtstscripts.nix {};
};
mumax = inputs.pkgs.callPackage ./mumax.nix { src = inputs.topInputs.mumax; };
kylin-virtual-keyboard = inputs.pkgs.libsForQt5.callPackage ./kylin-virtual-keyboard.nix
{ src = inputs.topInputs.kylin-virtual-keyboard; };
biu = inputs.pkgs.callPackage ./biu
{
inherit nameof zpp-bits tgbot-cpp concurrencpp pocketfft;
@@ -83,7 +70,6 @@ inputs: rec
boost = inputs.pkgs.boost186;
fmt = inputs.pkgs.fmt_11.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./biu/fmt.patch ]; });
};
zxorm = inputs.pkgs.callPackage ./zxorm.nix { src = inputs.topInputs.zxorm; };
hpcstat = inputs.pkgs.callPackage ./hpcstat
{ inherit sqlite-orm date biu openxlsx; stdenv = inputs.pkgs.clang18Stdenv; };
openxlsx = inputs.pkgs.callPackage ./openxlsx.nix { src = inputs.topInputs.openxlsx; };
@@ -99,10 +85,12 @@ inputs: rec
chn-bsub = inputs.pkgs.callPackage ./chn-bsub { inherit biu; };
winjob = inputs.pkgs.callPackage ./winjob { stdenv = inputs.pkgs.gcc14Stdenv; };
sockpp = inputs.pkgs.callPackage ./sockpp.nix { src = inputs.topInputs.sockpp; };
git-lfs-transfer = inputs.pkgs.callPackage ./git-lfs-transfer.nix { src = inputs.topInputs.git-lfs-transfer; };
py4vasp = inputs.pkgs.callPackage ./py4vasp.nix { src = inputs.topInputs.py4vasp; };
git-lfs-transfer = inputs.pkgs.callPackage ./git-lfs-transfer.nix
{ src = inputs.topInputs.git-lfs-transfer; hash = inputs.topInputs.self.src.git-lfs-transfer; };
py4vasp = inputs.pkgs.callPackage ./py4vasp { src = inputs.topInputs.py4vasp; };
pocketfft = inputs.pkgs.callPackage ./pocketfft.nix { src = inputs.topInputs.pocketfft; };
spectroscopy = inputs.pkgs.callPackage ./spectroscopy.nix { src = inputs.topInputs.spectroscopy; };
mirism = inputs.pkgs.callPackage ./mirism { inherit biu; stdenv = inputs.pkgs.clang18Stdenv; };
fromYaml = content: builtins.fromJSON (builtins.readFile
(inputs.pkgs.runCommand "toJSON" {}

15
packages/eigengdb.nix
View File

@@ -1,15 +0,0 @@
{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
{
name = "eigengdb";
src = fetchFromGitHub
{
owner = "dmillard";
repo = "eigengdb";
rev = "c741edef3f07f33429056eff48d79a62733ed494";
sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
};
doCheck = false;
buildInputs = [ gdb ];
nativeBuildInputs = [ gdb ];
propagatedBuildInputs = [ numpy ];
}

11
packages/esbonio.nix
View File

@@ -1,11 +0,0 @@
{ lib, fetchPypi, buildPythonPackage }: buildPythonPackage rec
{
pname = "esbonio";
version = "0.16.4";
src = fetchPypi
{
inherit pname version;
sha256 = "1MBNBLCEBD6HtlxEASc4iZaXYyNdih2MIHoxK84jMdI=";
};
doCheck = false;
}

4
packages/git-lfs-transfer.nix
View File

@@ -1,6 +1,6 @@
{ buildGoModule, src }: buildGoModule
{ buildGoModule, src, hash }: buildGoModule
{
name = "git-lfs-transfer";
inherit src;
vendorHash = "sha256-DYupPz6VnFeFWG4helRv5ahbTDQk+6w6alxwNGU9B9Q=";
vendorHash = hash;
}

Some files were not shown because too many files have changed in this diff Show More