update root

This reverts commit b3af5b20b0.

.gitignore

@@ -6,3 +6,4 @@ build
 .vscode
 .cache
 .ccls-cache
+archive

.sops.yaml

@@ -1,14 +1,13 @@
 keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
   - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
   - &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
-  - &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
   - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
   - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
-  - &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
   - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
   - &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
   - &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
   - &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
+  - &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
   - &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
   - &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
   - &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
@@ -19,11 +18,6 @@ creation_rules:
     - age:
       - *chn
       - *pc
-  - path_regex: devices/vps4/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *vps4
   - path_regex: devices/vps6/.*$
     key_groups:
     - age:
@@ -39,11 +33,6 @@ creation_rules:
     - age:
       - *chn
       - *nas
-  - path_regex: devices/surface/.*$
-    key_groups:
-    - age:
-      - *chn
-      - *surface
   - path_regex: devices/xmupc1/.*$
     key_groups:
     - age:
@@ -59,6 +48,11 @@ creation_rules:
     - age:
       - *chn
       - *pi3b
+  - path_regex: devices/one/.*$
+    key_groups:
+    - age:
+      - *chn
+      - *one
   - path_regex: devices/srv1/node0/.*$
     key_groups:
     - age:

devices/jykang.xmuhpc/.bashrc

@@ -37,6 +37,9 @@ fi
 if [ -z "${BASHRC_SOURCED-}" ]; then
 	export PATH=$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts
 	export BASHRC_SOURCED=1
+	if [ "${HPCSTAT_SUBACCOUNT}" == "lyj" ]; then
+		export PATH=$HOME/wuyaping/lyj/bin:$PATH
+	fi
 fi
 
 [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"

devices/jykang.xmuhpc/.ssh/authorized_keys

@@ -7,6 +7,8 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW2fx1Sim7X2i/e/RBPEl1q/XbV7wa9pmZfnRINHIv
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRpyIU8ZuYTa0LvsVHmJZ1FA7Lbp4PObjkwo+UcpCP8 wp@xmupc1
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRZp8xp9hVO7e/6eflQsnFZj853IRVywc97cTevnWbg hjp@xmupc1
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh wm
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
 
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc

devices/nas/default.nix

@@ -38,10 +38,10 @@ inputs:
           swap = [ "/nix/swap/swap" ];
           rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
         };
-        initrd.sshd.enable = true;
+        initrd.sshd = {};
         nixpkgs.march = "silvermont";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
-        networking.networkd = {};
+        networking = {};
       };
       hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
       services =

devices/one/default.nix

@@ -0,0 +1,50 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      model = { type = "desktop"; private = true; };
+      system =
+      {
+        fileSystems =
+        {
+          mount =
+          {
+            vfat."/dev/disk/by-partlabel/one-boot" = "/boot";
+            btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+          };
+          luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
+          swap = [ "/nix/swap/swap" ];
+          resume = { device = "/dev/mapper/root"; offset = 728784; };
+          rollingRootfs = {};
+        };
+        nixpkgs.march = "tigerlake";
+      };
+      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
+      services =
+      {
+        snapper.enable = true;
+        xray.client.enable = true;
+        smartd.enable = true;
+        beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
+        wireguard =
+        {
+          enable = true;
+          peers = [ "vps6" ];
+          publicKey = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
+          wireguardIp = "192.168.83.5";
+        };
+        sshd = {};
+      };
+      bugs = [ "xmunet" ];
+    };
+    boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2015"'' ];
+    security =
+    {
+      pam.services.kde.rules.auth.pass =
+        { modulePath = "pam_succeed_if.so"; args = [ "user" "=" "chn" ]; control = "sufficient"; order = 0; };
+      sudo.wheelNeedsPassword = false;
+    };
+  };
+}

devices/one/secrets.yaml

@@ -0,0 +1,40 @@
+xray-client:
+    uuid: ENC[AES256_GCM,data:GmfSlDQjO4aBq3u50jnFjOR9VxamYHzokUrO9IpIGuBx0j8e,iv:++O2wBUCnHDPowRgtxPQJQePXP2Cda74WXQvlKHbHNw=,tag:XDWhiXwT718RgrBw7L5yzw==,type:str]
+acme:
+    token: ENC[AES256_GCM,data:+zy72VDj8hs1GH7E1U04WhiGq0xkIPGC8pHbAYR70OK5E6EOdkQwKA==,iv:oYNSrOH3pLhltYw2NX1d4s6jiUgMssWiIK//62i0ptQ=,tag:C5ekSVjmwSEphsTZ/DLcsg==,type:str]
+nginx:
+    maxmind-license: ENC[AES256_GCM,data:/x9HJWh4Kpp5xy4TfuC/bP4Z/gMOFgAalz91cewHj1/tPxFe5R/nQA==,iv:K696zu685ydzwFMKIrqz1GiYLMKGM1dLNDWdhH4U0L8=,tag:nFwqXc7RPIYcQxVIu6GWgw==,type:str]
+wireguard:
+    privateKey: ENC[AES256_GCM,data:NgA5rHB6GwqiNSx1mhxObywuiZWq5qpcNrlpk6HaD9hzQoL0j1IrrgMCqkU=,iv:ZZUlSJeQPN2/JxjhR08FdEZl3gCFuNpJ3M93C6JovHs=,tag:rCtWHOYCmgZKF1lRlIAReA==,type:str]
+github:
+    token: ENC[AES256_GCM,data:rGiseVhDBU+rNcz92QXHeqAQ4lC7l5dba8d7rGUIIoEcpBVGwGh/5w==,iv:lf4aMBAQxI140qJsMLqHpI3dKRw6HiV20cyn0WFWbT8=,tag:w1P9MrqgUAmPzVWkIFs1jg==,type:str]
+age: ENC[AES256_GCM,data:5QX7wYQpbKSX88bAWSRqi8Y3Pmwb1KZ6LYrHURs7N2VHjbXOaSM9lm1GRrUjUHQE/r2CUku3TnMphczBMb0qLxSliay7QB2W0+o=,iv:qCTpul0ESBN7NWznBR8546A+Is7x7+Su4yHDX1b+FNY=,tag:aVU7B5lygQrBh5l260jJLQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOUJWMm5xT040cEoxQit5
+            ZnhhQWVyWjlnejhzQlEvVVg3ZGVJb05iL1hjCnF5bzFTUTZFYkNQR0k5U0xmOW1t
+            TXhsRHFIeVBBSXc1UURON2M4MDlTMEUKLS0tIGdSbTdZdmdjY0dmNjkrRjd0VkhK
+            eWV6SDJqT1B2MEp1MURkV0E4S3Z0Zm8KX9lEjG4u2QRe1zH+13rbedCWl1B7vvl8
+            2iMHj1qQ4JkCeq83llEH5IuDXKYnKKXSi8l3nU/l6Aw6yx/KHDFK/g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2K3VKTVJqMTl2cWxUZHhM
+            OVg5ZjN0VGNpVXQ5M1FKZHloZ0ZnWTZ2ZWowCjJIYTlhRU8wd1JienlUTHIwWXYw
+            eFY1d2MxeStBd013VmszbTUzTkF6U2cKLS0tIDdDNXp4OTdQRjN0MGdIOS9oSldU
+            ZW5PT3VYZWhDMkZUeHViZE41eUhna2sKc8J8mJ8ge9KMb5p6Xi/vRIIXZMEj6Ih+
+            LjLKsgDfMbqNqKaQXSvC3tbvI/dDoiStyCsf4rkTY9QOkyEI80MtXg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-09T13:35:05Z"
+    mac: ENC[AES256_GCM,data:2ILRlQddIKvJubKth/y7+UndarVUv2VQNZmaSbMc/m35qY5nln6Oy32TmCASS5EX+wWXwb/8waWlniPrDQLKdB2vE8PdqQQiYbHgmUQU7bauG8jLPNag47CNhTLMd6C1xymWS42Ie56pi0eNazCXoxIApNBXGtM/ITtBjCMDBHE=,iv:6NLogRo0ibBR+gTb52yAY9l6zrrWdC97whHe0c2tV54=,tag:CNwvVwEBbckgjUG54BhXjQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

devices/pc/default.nix

@@ -4,6 +4,7 @@ inputs:
   {
     nixos =
     {
+      model = { type = "desktop"; private = true; };
       system =
       {
         fileSystems =
@@ -23,7 +24,7 @@ inputs:
           resume = "/dev/mapper/swap";
           rollingRootfs = {};
         };
-        grub.windowsEntries."645C-284C" = "Windows";
+        grub.windowsEntries."08D3-10DE" = "Windows";
         nix =
         {
           marches =
@@ -37,24 +38,24 @@ inputs:
             "broadwell"
             # FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
             "skylake" "cascadelake"
+            # SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
+            "tigerlake"
             # AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
             # SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
             "alderlake"
           ];
-          remote.master = { enable = true; hosts = [ "xmupc1" "xmupc2" ]; };
-          githubToken.enable = true;
         };
         nixpkgs =
           { march = "znver4"; cuda = { enable = true; capabilities = [ "8.9" ]; forwardCompat = false; }; };
         kernel =
         {
+          # TODO: switch to cachyos-lts
           variant = "xanmod-latest";
-          patches = [ "hibernate-progress" "amdgpu" ];
+          patches = [ "hibernate-progress" ];
           modules.modprobeConfig =
             [ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
         };
         sysctl.laptop-mode = 5;
-        gui.enable = true;
       };
       hardware =
       {
@@ -62,7 +63,7 @@ inputs:
         gpu =
         {
           type = "amd+nvidia";
-          nvidia = { prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
+          nvidia = { dynamicBoost = true; driver = "beta"; prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; };
         };
         legion = {};
       };
@@ -97,10 +98,7 @@ inputs:
               [ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
             ++ (builtins.map
               (name: { inherit name; value = "0.0.0.0"; })
-              [
-                "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com"
-                "dispatchcnglobal.yuanshen.com"
-              ])
+              [ "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com" ])
             ++ [{ name = "4006024680.com"; value = "192.168.199.1"; }]
           );
         };
@@ -139,32 +137,40 @@ inputs:
           tui = { cpuMpiThreads = 4; cpuOpenmpThreads = 4; gpus = [ "4060" ]; };
         };
         ollama = {};
-        waydroid = {};
         docker = {};
+        ananicy = {};
+        keyd = {};
       };
-      bugs = [ "xmunet" "backlight" "amdpstate" "bluetooth" ];
+      bugs = [ "xmunet" "backlight" "amdpstate" ];
+      packages = { android-studio = {}; mathematica = {}; };
     };
-    boot =
+    boot.loader.grub =
     {
-      kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2015"'' ];
-      loader.grub =
+      extraFiles =
       {
-        extraFiles =
-        {
-          "DisplayEngine.efi" = ./bios/DisplayEngine.efi;
-          "SetupBrowser.efi" = ./bios/SetupBrowser.efi;
-          "UiApp.efi" = ./bios/UiApp.efi;
-          "EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
-        };
-        extraEntries = 
-        ''
-          menuentry 'Advanced UEFI Firmware Settings' {
-            insmod fat
-            insmod chain
-            chainloader @bootRoot@/EFI/Boot/Bootx64.efi
-          }
-        '';
+        "DisplayEngine.efi" = ./bios/DisplayEngine.efi;
+        "SetupBrowser.efi" = ./bios/SetupBrowser.efi;
+        "UiApp.efi" = ./bios/UiApp.efi;
+        "EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
+        "nixos.iso" = inputs.topInputs.self.src.iso;
       };
+      extraEntries = 
+      ''
+        menuentry 'Advanced UEFI Firmware Settings' {
+          insmod fat
+          insmod chain
+          chainloader @bootRoot@/EFI/Boot/Bootx64.efi
+        }
+        menuentry 'Live ISO' {
+          set iso_path=@bootRoot@/nixos.iso
+          export iso_path
+          search --set=root --file "$iso_path"
+          loopback loop "$iso_path"
+          root=(loop)
+          configfile /boot/grub/loopback.cfg
+          loopback --delete loop
+        }
+      '';
     };
     # 禁止鼠标等在睡眠时唤醒
     services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
@@ -172,24 +178,5 @@ inputs:
     users.users.qemu-libvirtd.extraGroups = [ "disk" ];
     networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
     services.colord.enable = true;
-    environment.persistence."/nix/archive" =
-    {
-      hideMounts = true;
-      users.chn.directories = builtins.map
-        (dir: { directory = "repo/${dir}"; user = "chn"; group = "chn"; mode = "0755"; })
-        [ "BPD-paper" "kurumi-asmr" "BPD-paper-old" "SiC-20240705" ];
-    };
-    specialisation =
-    {
-      nvidia.configuration =
-      {
-        nixos =
-        {
-          hardware.gpu.type = inputs.lib.mkForce "nvidia";
-          services.gamemode.drmDevice = inputs.lib.mkForce 0;
-        };
-        system.nixos.tags = [ "nvidia" ];
-      };
-    };
   };
 }

devices/pc/secrets/default.yaml

@@ -26,6 +26,8 @@ age: ENC[AES256_GCM,data:EPjip4/tz50e+blPko9NpzDamLRO6BVy64kDnGAhUJJ/bMw6V9Of8Rz
 user:
     #ENC[AES256_GCM,data:a4mHxr7bn7BV,iv:FYQk3yv3XgxNO9CnrQefo3WqhO0Sf8Mihfp+Iw4AcWM=,tag:jebxvG+xUidghf5dOlvDYA==,type:comment]
     zzn: ENC[AES256_GCM,data:xBSve41JclBYQULPN7yV/1Eyo3u+CHAewVetKHwjvl6Te0kk/+aLx6gs8EpOJGmVaiSAdt6F2ayHXUD8RXXpJIOnnEHk88kqbw==,iv:XPxMLvlVtaZvpWnau5Jwlj/5ty5Zyw4F44ix5G64Z84=,tag:uJfWb0PCebdMtxXMfueULQ==,type:str]
+wechat2tg:
+    token: ENC[AES256_GCM,data:PrZWR8WiZ7grkpTLqMxwbnkwZttl7n0e1lc1mdHJiFUWq/PqG2wNBC27C58jMg==,iv:02XHhfpN8YPix0REbJDnsBbvCwifbdwBwfuJ2glbvjo=,tag:6aWNqBfwulsjMbl+D6L9vw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -50,8 +52,8 @@ sops:
             OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
             +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-04T01:39:48Z"
-    mac: ENC[AES256_GCM,data:VkpF9zTWRLMriukAif6lfp8uy6+IcPDYUnXCQ5XLUtSstEyUoaVBjn+VVAoKkLX3MnyR6gyiYVWDDJmXrsyNoQpjRVQR0yu0p6p7sB3voGKiNxhw5qGwZj4IIXnHFWvktgWiawCiUkmSTUUHxe0XjAh7AWxjGqgAs/oyWGq/YfE=,iv:IQbJAhW/y18s57CAwRPeypQreBqQb0KkJAgIZ90QXJU=,tag:a0AB3l83j31Ex6PH9ziHRg==,type:str]
+    lastmodified: "2024-12-10T04:14:38Z"
+    mac: ENC[AES256_GCM,data:WLaeLyNQgw7DuRL/mAPRyHPR+i4YuYhf8TT5/5e6Hg14Fs2uvewHB7d2RLefRAg5IlCFerKioNuaAVDK079wCS95OjK5pAuq4rXIcodYSF7wD/yHfdsGp3ptr68rkdurcN1iSw4Xw+gkUjjq3irQYqtTQNGde4ez4O8KEe2tnHo=,iv:o+0siRY3emKZEDCuqya4A29h6F3oNSKGOjEshCXE+UM=,tag:77x58NANaAOsjxFKwuBmvQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

devices/pi3b/default.nix

@@ -18,7 +18,7 @@ inputs:
           swap = [ "/nix/swap/swap" ];
           rollingRootfs = {};
         };
-        networking.networkd = {};
+        networking = {};
         nixpkgs.arch = "aarch64";
         kernel.variant = "nixos";
       };

devices/srv1/default.nix

@@ -4,11 +4,12 @@ inputs:
   {
     nixos =
     {
+      model.type = "server";
       system =
       {
         fileSystems =
         {
-          mount = let inherit (inputs.config.nixos.system.cluster) clusterName nodeName; in
+          mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
           {
             vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
             btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root" =
@@ -17,7 +18,6 @@ inputs:
           swap = [ "/nix/swap/swap" ];
           rollingRootfs = {};
         };
-        gui.enable = true;
       };
       hardware.cpus = [ "intel" ];
       services =

devices/srv1/node0/default.nix

@@ -4,15 +4,15 @@ inputs:
   {
     nixos =
     {
+      model.cluster.nodeType = "master";
       system =
       {
         nixpkgs.march = "cascadelake";
-        networking.networkd.static =
+        networking.static =
         {
           eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
           eno146 = { ip = "192.168.178.1"; mask = 24; };
         };
-        cluster.nodeType = "master";
       };
       services =
       {

devices/srv1/node1/default.nix

@@ -4,12 +4,12 @@ inputs:
   {
     nixos =
     {
+      model.cluster.nodeType = "worker";
       system =
       {
         nixpkgs.march = "broadwell";
-        networking.networkd.static.eno2 =
+        networking.static.eno2 =
           { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
-        cluster.nodeType = "worker";
         fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
       };
       services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };

devices/srv1/node2/default.nix

@@ -4,15 +4,15 @@ inputs:
   {
     nixos =
     {
+      model.cluster.nodeType = "worker";
       system =
       {
         nixpkgs.march = "broadwell";
-        networking.networkd.static =
+        networking.static =
         {
           br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
           eno2 = { ip = "192.168.178.3"; mask = 24; };
         };
-        cluster.nodeType = "worker";
         fileSystems.mount =
         {
           nfs."192.168.178.1:/home" = "/home";

devices/srv1/node3/default.nix

@@ -4,12 +4,12 @@ inputs:
   {
     nixos =
     {
+      model.cluster.nodeType = "worker";
       system =
       {
         nixpkgs.march = "broadwell";
-        networking.networkd.static.eno2 =
+        networking.static.eno2 =
           { ip = "192.168.178.4"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
-        cluster.nodeType = "worker";
         fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
       };
       services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };

devices/surface/default.nix

@@ -1,67 +0,0 @@
-inputs:
-{
-  imports = inputs.localLib.mkModules [ inputs.topInputs.nixos-hardware.nixosModules.microsoft-surface-pro-intel ];
-  config =
-  {
-    nixos =
-    {
-      system =
-      {
-        fileSystems =
-        {
-          mount =
-          {
-            vfat."/dev/disk/by-uuid/4596-D670" = "/boot";
-            btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-          };
-          luks.auto =
-          {
-            "/dev/disk/by-uuid/eda0042b-ffd5-47d1-b828-4cf99d744c9f" = { mapper = "root1"; ssd = true; };
-            "/dev/disk/by-uuid/41d83848-f3dd-4b2f-946f-de1d2ae1cbd4" = { mapper = "swap"; ssd = true; };
-          };
-          swap = [ "/dev/mapper/swap" ];
-          resume = "/dev/mapper/swap";
-          rollingRootfs = {};
-        };
-        nixpkgs.march = "skylake";
-        nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; };
-        kernel.patches = [ "surface" "hibernate-progress" ];
-        gui.enable = true;
-      };
-      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
-      services =
-      {
-        snapper.enable = true;
-        sshd = {};
-        xray.client =
-        {
-          enable = true;
-          dnsmasq.hosts = builtins.listToAttrs (builtins.map
-            (name: { inherit name; value = "0.0.0.0"; })
-            [
-              "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com"
-              "dispatchcnglobal.yuanshen.com"
-            ]);
-        };
-        wireguard =
-        {
-          enable = true;
-          peers = [ "vps6" ];
-          publicKey = "j7qEeODVMH31afKUQAmKRGLuqg8Bxd0dIPbo17LHqAo=";
-          wireguardIp = "192.168.83.5";
-        };
-        beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
-        waydroid = {};
-        docker = {};
-      };
-      bugs = [ "xmunet" "suspend-hibernate-no-platform" "bluetooth" ];
-      packages.vasp = null;
-    };
-    powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
-    services.iptsd.config =
-    {
-      Touch = { DisableOnPalm = true; DisableOnStylus = true; Overshoot = 0.5; };
-      Contacts = { Neutral = "Average"; NeutralValue = 10; };
-    };
-  };
-}

devices/surface/secrets.yaml

@@ -1,36 +0,0 @@
-xray-client:
-    uuid: ENC[AES256_GCM,data:WEBAH3PQM5ahNpH/kvTtcjcJ2GllmmRlBR2oclG6AimGenSg,iv:TMp0WTOe9fuELSZoVGenl5XSZUFoiYUBEMWMn4NFv1g=,tag:GJTE0EELcZkrnGAKLYer1g==,type:str]
-wireguard:
-    privateKey: ENC[AES256_GCM,data:P/tyZHaEAahZUBF22dJEZb6mACm/wmUunPDG0vS7SNW3sWbzxRSut0haR/g=,iv:8VMv5iotmDrYDLiszcOvJHkD8l6uE+SboPSILr6KuzU=,tag:U/FIBhvghwDTvFtUWEqr4g==,type:str]
-github:
-    token: ENC[AES256_GCM,data:SyqrpFfy+y7syReWs0Bi23651ew41Us8aqjImBTzkDanOtWQgIYC6g==,iv:H3Y/TuP3VvZv6MlRAdLOY0CiNUeoqGZRNg0s58ZSkQ8=,tag:rSf4E8Whvue/LZ+VlSqDDQ==,type:str]
-age: ENC[AES256_GCM,data:KEaMrk9eldR6oCqNqSpwhbJKj+JrN1KBkDL5p9itaszGf4tnDRidcleCQi1Ae17osYXIEh4+OxX/d6RKb9TP6JMLJe0iq6c9sC8=,iv:ztiP2Vz4AFZkd8ZG7xYlqYrV3JZYvmX07Ez6GtJ6yp0=,tag:PS8oSkkrrpgYYVfjbTtkaQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzV1pvWkVGSFg5TVAvRlhu
-            TnFnMEszcDRWWHlQanAyRkRpQWdqQkdhTzFvCjBqUG4xNFBiRnlSeTNQSmdkVkdD
-            UlVCQjRFVExuZHdrSnViajZGZ3c2dWsKLS0tIHlQYU5VeGpEQzllMmxLSnJZZzZx
-            N1R3Mkhxa0dOVlJiU0V2OEZVVzZVMFkKae3c1axl22uxh9wMygAHs6q1WA5ImOS8
-            uzKSthWSqtC7DMqgUFaaSjBYM2TN3l402syx71xVFyyAmCcGZbbJcg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSHJVRGIwQUFpVER5SWxq
-            YjJOT0lXN3dFOFpjMFlWV3JCbmZFN0hnNEJBClpQUEczK2RWTGlVTmJRbVZaUC8y
-            bEFrL1RjTTNlYVNnRVRBZlRjaTlnUEEKLS0tIE5GM01pTGFFcWVVSWEvUHE3Z08r
-            a2xybTRFUFZZN20zajZJTVNwVEpGcEEKglmFMk7z1q5IlZ+lZf9M0HtknmvcYt/P
-            2/z5e8wLN1Hy0Zsbv0yIL/NmqwxAOGJOdzz7ElJszk/Y4kUr9aRasg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-01T15:22:09Z"
-    mac: ENC[AES256_GCM,data:Br2+miNeZI41QyTXdhJ5Mdwq5no/d4kJgESwiltcRZV/Pax8R+GFeLDg/AQFoh1fLHU6bTX45SN0wnIrIeCnkoXV0U2RiT7bdtBaDrGxqnFvjMVE0VaUrj9bpagta13tahsEfI17cyUq4BqwS4BXx60RXvbvs9jZ5/dfpYunGsc=,iv:FfWYfS40XcFgF8lEYK4IHypLzz7svFxPL+WuudQm3oA=,tag:0KDBdf7w6BdcQ8Qt3k1isg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.0

devices/vps4/default.nix

@@ -1,46 +0,0 @@
-inputs:
-{
-  config =
-  {
-    nixos =
-    {
-      system =
-      {
-        fileSystems =
-        {
-          mount =
-          {
-            btrfs =
-            {
-              "/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
-              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-            };
-          };
-          luks.manual =
-          {
-            enable = true;
-            devices."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
-            delayedMount = [ "/" ];
-          };
-          swap = [ "/nix/swap/swap" ];
-          rollingRootfs = {};
-        };
-        grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
-        nixpkgs.march = "znver2";
-        nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
-        initrd.sshd.enable = true;
-        networking.networkd = {};
-        nix-ld = null;
-        binfmt = null;
-      };
-      services =
-      {
-        snapper.enable = true;
-        sshd = {};
-        fail2ban = {};
-        beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
-        xray.server = { serverName = "xserver.vps4.chn.moe"; userNumber = 4; };
-      };
-    };
-  };
-}

devices/vps4/secrets.yaml

@@ -1,51 +0,0 @@
-xray-server:
-    clients:
-        #ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
-        user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
-        #ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
-        user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
-        #ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
-        user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
-        #ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
-        user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
-    private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
-acme:
-    token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
-nginx:
-    detectAuth:
-        chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
-        led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
-        chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
-    maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
-telegram:
-    token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
-    chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
-            ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
-            cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
-            VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
-            YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
-            bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
-            dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
-            Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
-            1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-25T03:19:55Z"
-    mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.0

devices/vps6/default.nix

@@ -28,8 +28,8 @@ inputs:
         grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
         nixpkgs.march = "sandybridge";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
-        initrd.sshd.enable = true;
-        networking.networkd = {};
+        initrd.sshd = {};
+        networking = {};
         # do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
       };
       services =
@@ -53,7 +53,7 @@ inputs:
             (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
             [
               "xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
-              "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "peertube"
+              "send" "api" "git" "grafana" "peertube"
             ]))
           // (builtins.listToAttrs (builtins.map
             (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; })
@@ -68,6 +68,7 @@ inputs:
             main.enable = true;
             nekomia.enable = true;
             blog = {};
+            sticker = {};
           };
         };
         coturn = {};
@@ -77,7 +78,7 @@ inputs:
         wireguard =
         {
           enable = true;
-          peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" "pi3b" "srv1-node0" ];
+          peers = [ "pc" "nas" "one" "vps7" "xmupc1" "xmupc2" "pi3b" "srv1-node0" ];
           publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
           wireguardIp = "192.168.83.1";
           listenIp = "74.211.99.69";

devices/vps6/secrets.yaml

@@ -14,7 +14,7 @@ xray-server:
         user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
         #ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
         user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str]
-        #ENC[AES256_GCM,data:PTYBkBHs16U=,iv:qr3u7OveM1CmTBIf9gZK4fTRuLCpcZCwf8jmnd1L3Co=,tag:w3O41NG7yCwCVqPGh/6SXA==,type:comment]
+        #ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
         user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
         #ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment]
         user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str]
@@ -91,8 +91,8 @@ sops:
             ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
             ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-26T04:24:17Z"
-    mac: ENC[AES256_GCM,data:AXhLmyZWGD6KvMkyHqmCERE6eNE3pD5Pa/9mRBWZe4hiXL4mKTzCn5C/ODGQ1ZeQjDdP+awjJRvLRjMiYFhVlU8rKpg/f2G1gDr4cIbr61sCdzXKX8wFW0G7bJWxxpAC4X59+u9EJ3sNcyf7bJrMdkTzTYpgXh29mtl2bprcdJQ=,iv:pK4hYexcWng3GwOmWGqgyMsmATnXgcwR3NH4UxCwpvE=,tag:zpv64JWoXc5cDCukDuW51g==,type:str]
+    lastmodified: "2024-12-09T04:05:38Z"
+    mac: ENC[AES256_GCM,data:ViclEjB/F9dS2fdtKPlegQPdPY9GeHW6AqnBcf18RlG9V+jnyym0RgkrmOiNokbD4WZSO+o/Y//hFzSeiqINHuNs5SvoslXy23bnThrnf8pDeoowJITV3eQZgNw78qKqJxoXft4b79xetSdZasI1W4YxE/PCjdpkOtgJZ7I5oTI=,iv:se5pq320AEnRuZAA3hO7H2LarCJwnK2sTmZU+s4DYBg=,tag:g4aS5C8PWj+mzbSSK61Z3g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

devices/vps7/default.nix

@@ -28,20 +28,19 @@ inputs:
         grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
         nixpkgs.march = "znver2";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
-        initrd.sshd.enable = true;
-        networking.networkd = {};
+        initrd.sshd = {};
+        networking = {};
       };
       services =
       {
         snapper.enable = true;
         sshd = {};
         rsshub.enable = true;
-        wallabag.enable = true;
         misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe";
         synapse.instances =
         {
           synapse.matrixHostname = "synapse.chn.moe";
-          matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
+          matrix = { port = 8009; redisPort = 6380; };
         };
         vaultwarden.enable = true;
         beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
@@ -51,7 +50,6 @@ inputs:
         send.enable = true;
         huginn.enable = true;
         fz-new-order = {};
-        nginx.applications = { kkmeeting.enable = true; webdav.instances."webdav.chn.moe" = {}; };
         httpapi.enable = true;
         gitea = { enable = true; ssh = {}; };
         grafana.enable = true;
@@ -64,12 +62,10 @@ inputs:
           wireguardIp = "192.168.83.2";
           listenIp = "144.126.144.62";
         };
-        vikunja.enable = true;
-        chatgpt = {};
         xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
-        writefreely = {};
         docker = {};
         peertube = {};
+        nginx.applications.webdav.instances."webdav.chn.moe" = {};
       };
     };
     specialisation.generic.configuration =

devices/vps7/secrets.yaml

@@ -4,30 +4,23 @@ nginx:
     detectAuth:
         chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
         led: ENC[AES256_GCM,data:Owax7cyp,iv:NCEKyicVCYZNgxJzlO90heUmwPjfXbZEcyXX09XQKI4=,tag:WMTCVMVCD9sJgAhRUsqvYg==,type:str]
-        chat: ENC[AES256_GCM,data:1HJiO1zU5SX4G56oWxv5zqGyUqnBWByrtSnQ01wvmZ7PmRkrV+DV6StMg5DtJR9HhkWYnbXlbnBHzP+poPUMag==,iv:sfwI62nwGSnsdj1RyADWgXvp5AY+9RQdtSooxbKFWTs=,tag:pN/LF0mo7RXWoIPPzzs8qw==,type:str]
     maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
 redis:
     rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
-    wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
     misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
     nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
     send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
-    mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str]
     synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
     synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
     peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
 postgresql:
-    wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
     misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
     synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
     vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
     nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
-    mastodon: ENC[AES256_GCM,data:IQxoNjZILazu5cxkEzFAqqmGSsOffMQHoRB7AC2NqI/+CJSVsfdwiSVfxN+Jc9dmrqCjscUSxaWCMHnrZj/JyQ==,iv:d6tyj/w0uH2E3qHjEcopVhnmE/Pq0qN9PHthSArryyw=,tag:kfJsxqkErFcG11B0CmiIKw==,type:str]
     gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
     grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
-    akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
     synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
-    vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str]
     peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
 rsshub:
     pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
@@ -38,7 +31,6 @@ rsshub:
     twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
     bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
 mail:
-    bot-encoded: ENC[AES256_GCM,data:HstqDfhKoLqDip9O+mwYGbNlNQ==,iv:CZSTfxJHhI6nG7501cQdJiZ9l3uKS7d5YsA8iVTUuoE=,tag:Rj3rvXJzDp8XzODV/gABog==,type:str]
     bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
 synapse:
     synapse:
@@ -47,14 +39,12 @@ synapse:
         macaroon: ENC[AES256_GCM,data:2/8GuF/a+ocVtLN0PU17JDvXw/RoXX/CXFHPlI9THl5bY8lBm6tEawijnOKVoFLovfU=,iv:GPAr3ZjqLf9ixevsZoQgs4cPkv0VL4WJoFfQZOdThlw=,tag:HRt/igDEfUJ3K39mG7b9Fg==,type:str]
         form: ENC[AES256_GCM,data:Z9cYL9ibRWmOhAYtB269n0cWZSvL4zGgc03ZRag0m8cz2j0god/Fn/w6kx3cyGK1C70=,iv:Yst6WSV63IvbMF5nnicIoBj77eSwVMnAHtHrKo2UcDk=,tag:4qf6F2rdctcCf4J9vECvYg==,type:str]
         signing-key: ENC[AES256_GCM,data:BbPJiNcVTqMAL2XG3K3CIbsb8EM4r8ct/WxPK10FHRwAnqChKy3CAviYU9gewO/tNZXHvUYUAUbPww==,iv:IZB/40EE3DIxAqagdH/a4kcSmiec5l24XLCQKCQNaRo=,tag:/1t0WAPBYmYrPTx4V4wgkw==,type:str]
-        sliding-sync: ENC[AES256_GCM,data:POXExkTRRhXin4lD4MA61xsuzYXCT6U7QtQWtNnEb6kUWRrAvS9mqk+JTBn3onCzf2Azhi3WQOY/t+OiQFXI1w==,iv:GJfJSGb6t/q9KdVCr0dVVcD+e0yZUQzrJrtuhOlYJIE=,tag:ovd1ZXRkk7VoNo8KoYDViA==,type:str]
     matrix:
         coturn: ENC[AES256_GCM,data:MwZKkYMefshuk46Cne4wn9ooFH8RCDbrxp+MbLJWli9iPHuzJJzUuQNU9EDL0aNbzyYEMt/7DErw42z6KrpGww==,iv:u/SVVTgfJO2FakiYU+uLHXjA4tHU/W6ASsR3S31+pWs=,tag:VTeKNOKwm2bsiZAOVXeBOQ==,type:str]
         registration: ENC[AES256_GCM,data:+pA61vTg12lYUyXjLrHSY7y/ExfTQffLlGUI4HBOSFFPTck7bu68FrCaHOIBTtEMfjU=,iv:Ex/phkBZxglG8HiRz+m7h2HNanpq2Pxwbm08vdM3xFc=,tag:mM3YEa70FnCeYIUthK4TeA==,type:str]
         macaroon: ENC[AES256_GCM,data:/+RaayKiPPpVV7OWWdaSkSSRHMjb8d58lZcpvltN9cYkN1btvMViEgdLSlfqzRRlPUE=,iv:pg9GXgNsrVWKlUAiCKZ2pYXugRH6MsBIMpHKoYWYLik=,tag:/mj5Ak7XAX/FH7sNPEVALw==,type:str]
         form: ENC[AES256_GCM,data:7HF7HMUH1BTJgXXP6cpUiVj0jCwGW57bx9wKTJu7PnRsNuAam/+nKX7Zfg7WD+gSBlA=,iv:SYeUsuFVgAA6U6STCtKT5c5E8Kglh3x7hy6+Op4n0W8=,tag:eICmHTwwn0KcgNhdDGnusA==,type:str]
         signing-key: ENC[AES256_GCM,data:hzxxDbGp1L09O7+ueUSa5lJOY/QvF2zvHdpueEHjaPQEToQt9mr2loeTQHC7ObTegfLb9UHrI1jn4A==,iv:KngfahwYZZmDQ5LeOUPWptTMGAC8TZm1G0FWcrwCwsw=,tag:U9pW6/boBIpiswn67Ezrfw==,type:str]
-        sliding-sync: ENC[AES256_GCM,data:BeA6g98IWDP6hnLFI77QqG6esDwB6j3OPzAv3eJxWoTajAsByHSgSYP1vHN5Iok6IgvSSmkf0/HiOJy1Ca8IIA==,iv:ca+t/rYwc/fAVUcz0JTmrRQCOcbDNscbnE8BpHkx/OE=,tag:eEfhUChUt4kRnO82XqRY4g==,type:str]
 vaultwarden:
     #ENC[AES256_GCM,data:yFDD8GHjZWHN/Yh53DseevKAhDVwrHX60e8sGZnF4BUsUuPA/4S2PRzj7CtlpFzUH3kb0i+HkLKRvbchg93U3as=,iv:JGG7daEKs0oMKTNVi9GS7PrXn/8rFtVkHknACsEQR+g=,tag:RSN6fojLsI4dcuPu2eTiWA==,type:comment]
     admin_token: ENC[AES256_GCM,data:OpjREmxJSRj+aGVoP8KKRE7ClNqRtaV8va4WLVmpl1AO6D0q/GapJvhORHQb5s5ZjIAgvWTz1w+fh050Q9sPwRsNUke3FIcyeNy7k0PHgnnVIdxnU1Vn9KMz/SovjQ0/qEQ7tArvW/EXtKfwnP9lsz9m94VBvA==,iv:9AvDqMa2PeQOSrP2th3YBgA2RxPl3oKZTyUzi/yjRTM=,tag:HYFTQDgWvBsHQk8IZxWkfw==,type:str]
@@ -62,7 +52,6 @@ mariadb:
     photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
     freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str]
     huginn: ENC[AES256_GCM,data:1Tdg1WDwGgFSXdChgif8knWS24BIFYnmaiSjJXxs5uj/v/5fJ1alb4K4XHW/kFRjQbuAOFfJiJ9ogJ1KAyk17A==,iv:qLMaQpVaKrjP7g2lWzhaNLghxwiV4YJmyYY1hrpu5I8=,tag:566JCENvOxgwD7tM3aQBiw==,type:str]
-    writefreely: ENC[AES256_GCM,data:+5jsON4SpeWKWZWlbn233XuQ/6HDzaS3XxUxDbUqAp8S/XGmn/QuFK2f375QJEiyZsnrIYkbN/CiOjdTw+nNzg==,iv:8mKqWegyxrT6908P5G0olVZzpP+BwpE7SYODEry7F3A=,tag:HeYoT0RFJGzX6DWcBQy7Jg==,type:str]
 photoprism:
     adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
 nextcloud:
@@ -92,20 +81,11 @@ fz-new-order:
         username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
         password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
         comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
-gitlab:
-    secret: ENC[AES256_GCM,data:hBax7ClSuttBacykKw42pvrvowZW8OeTry/0rkmy5BHyLM7HllNYCOw+tupIOdhVEfgJPWQeBeGuyFHt7lPRWQ==,iv:zOM+eMW04Z9QkTchkAXWYHg2eWTQmGEs/dHtUnvNVd8=,tag:RzLyecuASl9CcmQSuabN6w==,type:str]
-    otp: ENC[AES256_GCM,data:Hgq5Tyq+BUTsexVsjFWf07fY0znPL50+qIm+fhuVljlauXBZouQjJKMhqTs9zhLECOktYUtp0wrNa++nO1Ys9A==,iv:Am51j8QjDtldtsZL8uCu0I3pr/SQ6R8KUQinznZjClg=,tag:hbtrlG0MGNL3VcbQUG/irQ==,type:str]
-    dbFile: ENC[AES256_GCM,data:AKxE/Z4jooDlkIl3WpQZIlN+MLxlZ7SEWVF12/8f9aq7LtVl5B0RDA6bZbeM0PU8h4eGcSX9feSpLIVpvBAQxQ==,iv:li6hBLw9filwVVXa01oICtvY9UJsMgB+3XYOgZyCTnY=,tag:wC18TzVMM+dcpIi8wwCcIw==,type:str]
-    root: ENC[AES256_GCM,data:nPO4MT7BWuCHnWkbHPRYygMpieGsni4+BQs6HVwxBqH5KuD0O7I3PQlcgntxb4kWbqvyWstYW+k9LdscSEzgXg==,iv:fgfW8BljGlOIQzGK+UiEFcT6Hp5ieA8C86kwT8xRlO4=,tag:eSWPda0NYBe47uVYCOUiLg==,type:str]
 grafana:
     secret: ENC[AES256_GCM,data:QYhopqGcHGr+24qYlfaTdMtnyzmIZYG4PcvS9KYqC24W3M+HmloCkPHh7Y3ZTVg8MnrDGOcbA9YPLdY7eh/u4g==,iv:dh7egVIem2bgDbmWJ1sqH9fLdIYbAIQjnjNvyuEjVq0=,tag:DbIRVHbCcpKGcNc6sDTasA==,type:str]
     chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
 wireguard:
     privateKey: ENC[AES256_GCM,data:TS+toaJRgAvC78XVwTciXe2IG8++vaqXVCi/u/8Aej6qq1B9Cb6f20cp5K0=,iv:T/NkLvcYiWzIDG3jWtuhe/sH2GT4z5f0xdUGbSL901I=,tag:qN7YokFBj3Kbbx4ijHTRnw==,type:str]
-vikunja:
-    jwtsecret: ENC[AES256_GCM,data:p6e22qPJzTGB21oWhSr8AA4bfrele9ZOHVtZ8BHgX21IhoKdm58coGtSX1CGXR7J6+1/74RdLY9K88nGrM1F1w==,iv:DGUO8rhf7Lg9dTqSmzlR/Jd2K4oUjO8w9E5bihwsykI=,tag:SpX6UI0QIju/tC1fIL9CCg==,type:str]
-chatgpt:
-    key: ENC[AES256_GCM,data:bkLxKUqkjwpUeqeAZCaAgKiOse8QtZ0zOn9TQNA84+B3rxNiTFPisI8=,iv:Zd5dO5Sdt4HCvNZgS2K0FjJAzti6oE22vahYQl99TrI=,tag:E3o+X84tRsIEGU9Jfb85JQ==,type:str]
 telegram:
     token: ENC[AES256_GCM,data:Mr6KrAzYoDXA+dPT3oXqK2wm9ahTjZ5GVE/iRPsmcM+S2MABT+8ramyHz9oIFw==,iv:nIZ8rpSxz2GwMbDQFfG3xauMQjiriZ1oxFMrEQeH7sQ=,tag:y5U1T1vV/mmdE/CeaeTR8g==,type:str]
     chat: ENC[AES256_GCM,data:8w/0EI64a1dC,iv:dHu9JHcUY7QPd9YBKXnrRXQB2K6jpnLrSFs+1IJmkio=,tag:3ucN3uNnBxxRF+cbLsa1nQ==,type:str]
@@ -120,8 +100,6 @@ xray-server:
         #ENC[AES256_GCM,data:j83rYg==,iv:3oEdAoVz7aMcezcy2chTO0LQTtKpTrJJoQZx3PC03BU=,tag:ABteEIyr2Y6MbGQhmrQySQ==,type:comment]
         user3: ENC[AES256_GCM,data:Uk0Ax9FVzmmYs+ggWy7z6FEkuj2tppGlvnQdoW6PDI1VA9oI,iv:wSxigXleRUalQR1/TzKfdUVrdyEUuq+Wg42gSv1QMAI=,tag:qn6nBWv6MlGhMarCfI13BA==,type:str]
     private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
-writefreely:
-    chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str]
 peertube:
     secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
     password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
@@ -149,8 +127,8 @@ sops:
             SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
             HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-05T02:43:01Z"
-    mac: ENC[AES256_GCM,data:frMtsfATEGOCwkR5g6sOLszwtBq1rfHvofevbzDHuKwJQtI4IXpfgyohyQ64tZ7K6YLqR0bf3yP9A7zyIxAzIvgKciIDdIYI/LUCAmOsUE9On70UiVxFj8WAL700geHfr2X+1Vzl9suMBA3E8h9O02wcuuD4gumZlLgXqzmbtZE=,iv:oB8W9+KO8jJbSnICsN5CMRCRs6uM6y8xszCyWlRCkV0=,tag:JxLLwUsE/7nxDAzMmUYdjg==,type:str]
+    lastmodified: "2024-11-13T03:06:27Z"
+    mac: ENC[AES256_GCM,data:aIgKGuyrNWt2etXCtqHXxXwLSTkGhX3wk9NcHXv4u/rkZ3wUz8iJv24whMIN+ZFhQmNV1TLuPncd/O6bYra1YmG0FXSyBkgfQdVbCAR7ys1yXpdz00zcC7zMqm3CeNui89DZH27P5z6cDtNG4Z/dLz6lpln/ummYcdcb+/7KbZQ=,iv:Gl8turVRflUOB3PWqLfwU4JPoy0k9zLKir4CKB9628s=,tag:aJ8PDOfn/XBeklIlSkC2vg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

devices/xmupc1/default.nix

@@ -4,6 +4,7 @@ inputs:
   {
     nixos =
     {
+      model.type = "server";
       system =
       {
         fileSystems =
@@ -47,7 +48,6 @@ inputs:
             forwardCompat = false;
           };
         };
-        gui = { enable = true; preferred = false; autoStart = true; };
         nix.remote.slave.enable = true;
       };
       hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
@@ -96,7 +96,7 @@ inputs:
         docker = {};
       };
       bugs = [ "xmunet" "amdpstate" ];
-      user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];
+      user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" ];
     };
     services.hardware.bolt.enable = true;
   };

devices/xmupc1/secrets/default.yaml

@@ -21,6 +21,8 @@ users:
     hjp: ENC[AES256_GCM,data:Ii4P9ZsUOEh3cqt3AKWlgUH1CMNnmHln9QNWdTRR3vZXkkR5j5qKAIrAltml/i3xFlt4hftYNufnupog4UlAVWQJhYBlhCSE4g==,iv:eKWmUcKItjd1dsvVP1se5CAhIFqV/eVH03gPJhBau1E=,tag:ZTE0BTSoDpJGqECklGjs2g==,type:str]
     #ENC[AES256_GCM,data:hCgqHfpmeJ1Z,iv:pEKUNxhUyNAVtniTIQ2IpMPmXr2O+twq2/3Y2lIoqdw=,tag:RTqcI0XCoOymQD3r4+yS9Q==,type:comment]
     zzn: ENC[AES256_GCM,data:/CSffToFJiBotXZ5rPkz0UNgI/iC0ftusPF2Ce6Of3XckjpCcikWj6n3ahJ24XsWQjp3EvacOiBorh+Kg16LjCEl0P2RMIitTQ==,iv:u9IFdp/jw7ehTshPzQVssLeh33iBYCPjSyJSLsc5EVo=,tag:/KXgmU7dcTKG8C4Y7NcMhw==,type:str]
+    #ENC[AES256_GCM,data:TN/ycWtGSCNY,iv:pSilXx4zKs53XX/L0+QFbwv13rutQG11sU0EgVhaJEA=,tag:L+MpcYYlsMnSpS1JQdnwIQ==,type:comment]
+    lly: ENC[AES256_GCM,data:XkRaNI0SqooptH/OexBCzZ4RYvA3s7qXbpCtLVidJ4pZU/o7EHlIcvMbeRxqdujhXNQ+vbS3o7CmhwJK2JVVPCCVsd6k0gMDdw==,iv:v/2mgDuR+/lb8mtyv6sn4Z9XXnuDoXkT0DeNQ7850fU=,tag:T8xxo9C7kFSNlLDjEaZK0Q==,type:str]
 mariadb:
     slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
 hpcstat:
@@ -52,8 +54,8 @@ sops:
             ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
             IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-31T15:59:56Z"
-    mac: ENC[AES256_GCM,data:zd3ivzjgdbwGZpZssHeIwwkKFfHDxo/dzvb8ptw9noZ4hDVoC5RL9M/OLN6GrRM0wtpNFZJDs7Zz0i1zMascXdVu6mou/0il6/96r+FkQVBJWbrkY36Lk7ntDAcQmZKWxSUfSF0JPHx1rbkIQSVtsLQrpui9UDxaY5DP23xjLQg=,iv:+ouEpSlo0EovK0Qh27tm7NXSYncbjEc/EMWfWHIrCqE=,tag:4CHXmsJ4LhFBmbep3Wil3w==,type:str]
+    lastmodified: "2024-10-26T12:26:52Z"
+    mac: ENC[AES256_GCM,data:TiF/QAh6Y8Xn+3B1rlg+FvZFJ4fGP+szvvopbiEzO6AWBYp8dcD6MmaZstVzJL1BrRIQ3GENcq7EVyfZMWQlW8aRsVF/RrWOSpAKI1tiWDl+10Ov3zjr+Q8sFYTfblWXYH7Tq9pcWBChj1Kj88Ri5xRRfJTuelQoL0igHQBwfFM=,iv:ikzexH8P3CYu7SrRXwWd1Ar3+PEXSSjSVj5E3jwcZyQ=,tag:i5/F33/KcDJVQ4ceYtRErQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

devices/xmupc2/default.nix

@@ -4,6 +4,7 @@ inputs:
   {
     nixos =
     {
+      model.type = "server";
       system =
       {
         fileSystems =
@@ -40,7 +41,6 @@ inputs:
             forwardCompat = false;
           };
         };
-        gui = { enable = true; preferred = false; autoStart = true; };
         nix =
         {
           marches =
@@ -89,7 +89,7 @@ inputs:
         docker = {};
       };
       bugs = [ "xmunet" ];
-      user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];
+      user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" ];
     };
   };
 }

devices/xmupc2/secrets/default.yaml

@@ -19,6 +19,8 @@ users:
     wp: ENC[AES256_GCM,data:yjMDez28pJUo6riIHypQQgjGFbuLwy87eG4ek/+Li2w8b4Cm5JckRvs26o+S0blfICc8WqIqEJGakT2wVBE5O1jGfniKn3PhTA==,iv:dOA318XRd2EXxmTIlk6GhlAR/FBpbKkbPJJCXTwFCxM=,tag:9MkXNUuAoplAzE+4eJpr0w==,type:str]
     #ENC[AES256_GCM,data:YGcTkNCeu3m7,iv:jYmVrfRFwQoX1XxeSzS23wRMAD/AnzYBXQjI76Ke2FE=,tag:WJfSmjdggzPojDcJ6GzP+A==,type:comment]
     hjp: ENC[AES256_GCM,data:0R5SfBFKuLGurwINnTj31FOrwwfY9bqVS1rG/a0HqIYd+Ui8/2ffFBx0Et+tYIqcxXEJpGbvse43V0naNKmFKlLanfcy9YV/Hg==,iv:mpAUmcVHWWLoreEsG9ha09jxte8mQCLt/A7nm04iX9Y=,tag:bia9pjL0MAcs9vj1gKCVCQ==,type:str]
+    #ENC[AES256_GCM,data:Q3TFPjvcDmKh,iv:eZ1NXGQr9HogxWa46T26WL63nvqho2/KSji8Dgse76o=,tag:iSGPRMCMolp7LVFjJGPotg==,type:comment]
+    lly: ENC[AES256_GCM,data:tP/NtJcMUtZPvuAqoM6KhCMybhsTxKSq4WWW3SBzQ/O0FmUXhECQc5CQnI4J9PlalP7Ug+uUQzeBMnHN84pkKNIeHVJhqjU8Zw==,iv:7TPPuSfXypSRnnhuy8LJSXIB+KB+3vWV0G7AbCZpB6s=,tag:iSLgRxOHgUolByFyvwltNQ==,type:str]
 mariadb:
     slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
 sops:
@@ -45,8 +47,8 @@ sops:
             M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
             LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-30T06:31:36Z"
-    mac: ENC[AES256_GCM,data:UUzv3IewuF4rhbrL2haJ0495p1d4wXA7LHa5ogc5TSv+ZAYuN/HL3VCXQzzKQrzqD3LtgC3DrGgmMNGVyAIzqVFYYxVuAwb03ov+lOp3SHvLTCMqkETbcE525aAIVWNqBXp7RBn7tKC4AD4y7AQihSYhBXO8VF1PeccjaCnN7R8=,iv:G0s8qchlgcm5HVshTKnGyt8nk+D4QYyP7n+5R0TOb8A=,tag:DspvfLf1pBs+/ol8GzT7Xw==,type:str]
+    lastmodified: "2024-10-26T12:27:03Z"
+    mac: ENC[AES256_GCM,data:q1EihAxiS23XoKWt4ogBo34pP7J6i/yFglmmvFIdWKIgwaoXWFexKrdu1oRZBIxISW+3b/NzkuUm1anu3sGFGiirDpllg8wu8ezXJJODb8yTU0HJpZ/9vjBPm+ZBt5zFzGky7kmW+qOFfUsZkr8dCiJil/Z0HrXrY2d59ksxhto=,iv:7b6ePa4xXdjrj8O2JWAptsONz8gPApS3roYMuRyrztU=,tag:uzOcc8H2W6VvGDkrex5M6A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

flake.nix

@@ -3,18 +3,11 @@
 
   inputs =
   {
-    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-24.11";
     "nixpkgs-23.11".url = "github:CHN-beta/nixpkgs/nixos-23.11";
     "nixpkgs-23.05".url = "github:CHN-beta/nixpkgs/nixos-23.05";
-    "nixpkgs-22.11".url = "github:NixOS/nixpkgs/nixos-22.11";
-    "nixpkgs-22.05".url = "github:NixOS/nixpkgs/nixos-22.05";
-    home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; };
-    sops-nix =
-    {
-      url = "github:Mic92/sops-nix";
-      inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
-    };
-    aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
+    home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
+    sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
     nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
     nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
     nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -26,9 +19,7 @@
       inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
     };
     nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nixos-hardware.url = "github:CHN-beta/nixos-hardware";
     envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
-    nix-fast-build = { url = "github:/Mic92/nix-fast-build"; inputs.nixpkgs.follows = "nixpkgs"; };
     nix-flatpak.url = "github:gmodena/nix-flatpak";
     chaotic =
     {
@@ -38,8 +29,9 @@
     gricad = { url = "github:Gricad/nur-packages"; flake = false; };
     catppuccin.url = "github:catppuccin/nix";
     bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
-    poetry2nix = { url = "github:CHN-beta/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; };
-    winapps = { url = "github:CHN-beta/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
+    poetry2nix = { url = "github:nix-community/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; };
+    winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
+    aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; };
 
     misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
     rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -50,19 +42,14 @@
     eigen = { url = "gitlab:libeigen/eigen"; flake = false; };
     matplotplusplus = { url = "github:alandefreitas/matplotplusplus"; flake = false; };
     nameof = { url = "github:Neargye/nameof"; flake = false; };
-    nodesoup = { url = "github:olvb/nodesoup"; flake = false; };
     tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
-    v-sim = { url = "gitlab:l_sim/v_sim"; flake = false; };
+    v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
     rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
     blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
     slate = { url = "github:TheBigWazz/Slate"; flake = false; };
-    linux-surface = { url = "github:linux-surface/linux-surface"; flake = false; };
     lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
     lmod = { url = "github:TACC/Lmod"; flake = false; };
     mumax = { url = "github:CHN-beta/mumax"; flake = false; };
-    kylin-virtual-keyboard = { url = "git+https://gitee.com/openkylin/kylin-virtual-keyboard.git"; flake = false; };
-    cjktty = { url = "github:CHN-beta/cjktty-patches"; flake = false; };
-    zxorm = { url = "github:CHN-beta/zxorm"; flake = false; };
     openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
     sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
     sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
@@ -72,9 +59,13 @@
     nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
     py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
     pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
-    blog = { url = "git+https://git.chn.moe/chn/blog.git"; flake = false; };
+    blog = { url = "git+https://git.chn.moe/chn/blog-public.git"; flake = false; };
     nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
     spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
+    vaspberry = { url = "github:Infant83/VASPBERRY"; flake = false; };
+    ufo = { url = "git+https://git.chn.moe/chn/ufo.git"; flake = false; };
+    highfive = { url = "git+https://github.com/CHN-beta/HighFive?submodules=1"; flake = false; };
+    stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
   };
 
   outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in

flake/dev.nix

@@ -5,24 +5,28 @@
     inputsFrom = [ pkgs.localPackages.biu ];
     packages = [ pkgs.clang-tools_18 ];
     CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+    hardeningDisable = [ "all" ];
   };
   hpcstat = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
   {
     inputsFrom = [ (pkgs.localPackages.hpcstat.override { version = null; }) ];
     packages = [ pkgs.clang-tools_18 ];
     CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+    hardeningDisable = [ "all" ];
   };
   sbatch-tui = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
   {
     inputsFrom = [ pkgs.localPackages.sbatch-tui ];
     packages = [ pkgs.clang-tools_18 ];
     CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+    hardeningDisable = [ "all" ];
   };
   ufo = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
   {
     inputsFrom = [ pkgs.localPackages.ufo ];
     packages = [ pkgs.clang-tools_18 ];
     CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+    hardeningDisable = [ "all" ];
   };
   chn-bsub = pkgs.mkShell
   {
@@ -38,4 +42,10 @@
       packages = [ clang-tools_18 ];
       CMAKE_EXPORT_COMPILE_COMMANDS = "1";
     };
+  mirism = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
+  {
+    inputsFrom = [ pkgs.localPackages.mirism ];
+    packages = [ pkgs.clang-tools_18 ];
+    CMAKE_EXPORT_COMPILE_COMMANDS = "1";
+  };
 }

flake/nixos.nix

@@ -15,7 +15,7 @@ builtins.listToAttrs
             config =
             {
               nixpkgs.overlays = [ inputs.self.overlays.default ];
-              nixos.system.networking.hostname = system;
+              nixos.model.hostname = system;
             };
           }
           ../modules
@@ -23,7 +23,7 @@ builtins.listToAttrs
         ];
       };
     })
-    [ "nas" "pc" "pi3b" "surface" "vps4" "vps6" "vps7" "xmupc1" "xmupc2" ])
+    [ "nas" "pc" "pi3b" "vps6" "vps7" "xmupc1" "xmupc2" "one" ])
   ++ (builtins.map
     (node:
     {
@@ -38,7 +38,7 @@ builtins.listToAttrs
             config =
             {
               nixpkgs.overlays = [ inputs.self.overlays.default ];
-              nixos.system.cluster = { clusterName = "srv1"; nodeName = node; };
+              nixos.model.cluster = { clusterName = "srv1"; nodeName = node; };
             };
           }
           ../modules

flake/packages.nix

@@ -23,6 +23,11 @@
     };
   chn-bsub = pkgs.pkgsStatic.localPackages.chn-bsub;
   blog = pkgs.callPackage inputs.blog { inherit (inputs) hextra; };
+  vaspberry = pkgs.pkgsStatic.localPackages.vaspberry.override
+  {
+    gfortran = pkgs.pkgsStatic.gfortran;
+    lapack = pkgs.pkgsStatic.openblas;
+  };
 }
 // (builtins.listToAttrs (builtins.map
   (system: { inherit (system) name; value = system.value.config.system.build.toplevel; })

flake/src.nix

@@ -1,2 +1,10 @@
 { inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
-{}
+{
+  git-lfs-transfer = "sha256-V2cnWCyzxwxlOXXTB8Kz4X4VHvu0H/SqHBzPFwlp73o=";
+  iso = pkgs.fetchurl
+  {
+    url = "https://releases.nixos.org/nixos/24.11/nixos-24.11beta709057.0c582677378f"
+      + "/nixos-plasma6-24.11beta709057.0c582677378f-x86_64-linux.iso";
+    sha256 = "000wmfn6k5awqwsx9qldhdgahv4k09w4yzmvf0djs51qjdpha082";
+  };
+}

modules/bugs/default.nix

@@ -14,35 +14,8 @@ inputs:
       # xmunet use old encryption
       xmunet.nixpkgs.config.packageOverrides = pkgs: { wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs
         (attrs: { patches = attrs.patches ++ [ ./xmunet.patch ];}); };
-      suspend-hibernate-waydroid.systemd.services =
-        let
-          systemctl = "${inputs.pkgs.systemd}/bin/systemctl";
-        in
-        {
-          "waydroid-hibernate" =
-          {
-            description = "waydroid hibernate";
-            wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            serviceConfig.Type = "oneshot";
-            script = "${systemctl} stop waydroid-container";
-          };
-          "waydroid-resume" =
-          {
-            description = "waydroid resume";
-            wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
-            serviceConfig.Type = "oneshot";
-            script = "${systemctl} start waydroid-container";
-          };
-        };
       backlight.boot.kernelParams = [ "nvidia.NVreg_RegistryDwords=EnableBrightnessControl=1" ];
       amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
-      hibernate-mt7921e.powerManagement.resumeCommands =
-        let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in "${modprobe} -r -w 3000 mt7921e && ${modprobe} mt7921e";
-      # could not use bt keyboard
-      # https://github.com/bluez/bluez/issues/745
-      bluetooth.hardware.bluetooth.settings.General.JustWorksRepairing = "always";
     };
   in
     {

modules/default.nix

@@ -8,7 +8,6 @@ inputs:
     [
       topInputs.home-manager.nixosModules.home-manager
       topInputs.sops-nix.nixosModules.sops
-      topInputs.aagl.nixosModules.default
       topInputs.nix-index-database.nixosModules.nix-index
       topInputs.nur-xddxdd.nixosModules.setupOverlay
       topInputs.impermanence.nixosModules.impermanence
@@ -16,6 +15,7 @@ inputs:
       topInputs.chaotic.nixosModules.default
       { config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
       topInputs.catppuccin.nixosModules.catppuccin
+      topInputs.aagl.nixosModules.default
       (inputs:
       {
         config =
@@ -23,9 +23,9 @@ inputs:
           nixpkgs.overlays =
           [
             topInputs.qchem.overlays.default
-            topInputs.aagl.overlays.default
             topInputs.bscpkgs.overlays.default
             topInputs.poetry2nix.overlays.default
+            topInputs.aagl.overlays.default
             (final: prev:
             {
               nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";
@@ -42,6 +42,6 @@ inputs:
           ];
         };
       })
-      ./hardware ./packages ./system ./virtualization ./services ./bugs ./user
+      ./hardware ./packages ./system ./virtualization ./services ./bugs ./user ./model.nix
     ];
   }

modules/hardware/default.nix

@@ -4,18 +4,15 @@ inputs:
   options.nixos.hardware =
     let
       inherit (inputs.lib) mkOption types;
-      default = if inputs.config.nixos.system.gui.enable then {} else null;
+      default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
     in
     {
-      bluetooth = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
       joystick = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
       printer = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
       sound = mkOption { type = types.nullOr (types.submodule {}); inherit default; };
     };
   config = let inherit (inputs.config.nixos) hardware; in inputs.lib.mkMerge
   [
-    # bluetooth
-    (inputs.lib.mkIf (hardware.bluetooth != null) { hardware.bluetooth.enable = true; })
     # joystick
     (inputs.lib.mkIf (hardware.joystick != null) { hardware = { xone.enable = true; xpadneo.enable = true; }; })
     # printer

modules/hardware/gpu.nix

@@ -46,6 +46,8 @@ inputs:
             extraPackages =
               let packages = with inputs.pkgs;
               {
+                # TODO: import from nixos-hardware instead
+                # enableHybridCodec is only needed for some old intel gpus (Atom, Nxxx, etc)
                 intel = [ intel-vaapi-driver libvdpau-va-gl intel-media-driver ];
                 nvidia = [ vaapiVdpau ];
                 amd = [];
@@ -64,10 +66,6 @@ inputs:
           };
         };
         boot.blacklistedKernelModules = [ "nouveau" ];
-        environment.variables =
-          if builtins.elem "nvidia" gpus then { VDPAU_DRIVER = "nvidia"; }
-          else if builtins.elem "intel" gpus then { VDPAU_DRIVER = "va_gl"; }
-          else {};
         services.xserver.videoDrivers =
           let driver = { intel = "modesetting"; amd = "amdgpu"; nvidia = "nvidia"; };
           in builtins.map (gpu: driver.${gpu}) gpus;

modules/model.nix

@@ -0,0 +1,32 @@
+inputs:
+{
+  options.nixos.model = let inherit (inputs.lib) mkOption types; in
+  {
+    hostname = mkOption { type = types.nonEmptyStr; };
+    type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
+    private = mkOption { type = types.bool; default = false; };
+    cluster = mkOption
+    {
+      type = types.nullOr (types.submodule { options =
+      {
+        clusterName = mkOption { type = types.nonEmptyStr; };
+        nodeName = mkOption { type = types.nonEmptyStr; };
+        nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
+      };});
+      default = null;
+    };
+  };
+  config = let inherit (inputs.config.nixos) model; in inputs.lib.mkMerge
+  [
+    { networking.hostName = model.hostname; }
+    (inputs.lib.mkIf (model.cluster != null)
+      { nixos.model.hostname = "${model.cluster.clusterName}-${model.cluster.nodeName}"; })
+    # TODO: remove it
+    {
+      systemd.services = inputs.lib.mkIf (model.cluster.nodeType or null == "worker") (builtins.listToAttrs
+        (builtins.map
+          (user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; })
+          inputs.config.nixos.user.users));
+    }
+  ];
+}

modules/packages/android-studio.nix

@@ -0,0 +1,12 @@
+inputs:
+{
+  options.nixos.packages.android-studio = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.packages) android-studio; in inputs.lib.mkIf (android-studio != null)
+  {
+    nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ];
+  };
+}

modules/packages/chromium.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.chromium = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) chromium; in inputs.lib.mkIf (chromium != null)
   {

modules/packages/default.nix

@@ -12,123 +12,25 @@ inputs:
     _packages = mkOption { type = types.listOf types.unspecified; default = []; };
     _pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
     _prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
+    _pythonEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+    _vscodeEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
   };
   config =
   {
     environment.systemPackages = with inputs.config.nixos.packages.packages;
       (inputs.lib.lists.subtractLists excludePackages (_packages ++ extraPackages))
       ++ [
-        (inputs.pkgs.python3.withPackages (pythonPackages:
-          inputs.lib.lists.subtractLists
-            (builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
-              excludePythonPackages))
-            (builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
-              (_pythonPackages ++ extraPythonPackages)))))
+        (
+          (inputs.pkgs.python3.withPackages (pythonPackages:
+            inputs.lib.lists.subtractLists
+              (builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
+                excludePythonPackages))
+              (builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
+                (_pythonPackages ++ extraPythonPackages)))))
+          .override (prev: { makeWrapperArgs = prev.makeWrapperArgs or [] ++ _pythonEnvFlags; }))
         (inputs.pkgs.writeTextDir "share/prebuild-packages"
           (builtins.concatStringsSep "\n" (builtins.map builtins.toString
             (inputs.lib.lists.subtractLists excludePrebuildPackages (_prebuildPackages ++ extraPrebuildPackages)))))
       ];
   };
 }
-
-    # programs.firejail =
-    # {
-    #   enable = true;
-    #   wrappedBinaries =
-    #   {
-    #     qq =
-    #     {
-    #       executable = "${inputs.pkgs.qq}/bin/qq";
-    #       profile = "${inputs.pkgs.firejail}/etc/firejail/linuxqq.profile";
-    #     };
-    #   };
-    # };
-
-# config.nixpkgs.config.replaceStdenv = { pkgs }: pkgs.ccacheStdenv;
-  # only replace stdenv for large and tested packages
-  # config.programs.ccache.packageNames = [ "webkitgtk" "libreoffice" "tensorflow" "linux" "chromium" ];
-  # config.nixpkgs.overlays = [(final: prev:
-  # {
-  #   libreoffice-qt = prev.libreoffice-qt.override (prev: { unwrapped = prev.unwrapped.override
-  #     (prev: { stdenv = final.ccacheStdenv.override { stdenv = prev.stdenv; }; }); });
-  #   python3 = prev.python3.override { packageOverrides = python-final: python-prev:
-  #     {
-  #       tensorflow = python-prev.tensorflow.override
-  #         { stdenv = final.ccacheStdenv.override { stdenv = python-prev.tensorflow.stdenv; }; };
-  #     };};
-  #   # webkitgtk = prev.webkitgtk.override (prev:
-  #   #   { stdenv = final.ccacheStdenv.override { stdenv = prev.stdenv; }; enableUnifiedBuilds = false; });
-  #   wxGTK31 = prev.wxGTK31.override { stdenv = final.ccacheStdenv.override { stdenv = prev.wxGTK31.stdenv; }; };
-  #   wxGTK32 = prev.wxGTK32.override { stdenv = final.ccacheStdenv.override { stdenv = prev.wxGTK32.stdenv; }; };
-  #   # firefox-unwrapped = prev.firefox-unwrapped.override
-  #   #   { stdenv = final.ccacheStdenv.override { stdenv = prev.firefox-unwrapped.stdenv; }; };
-  #   # chromium = prev.chromium.override
-  #   #   { stdenv = final.ccacheStdenv.override { stdenv = prev.chromium.stdenv; }; };
-  #   # linuxPackages_xanmod_latest = prev.linuxPackages_xanmod_latest.override
-  #   # {
-  #   #   kernel = prev.linuxPackages_xanmod_latest.kernel.override
-  #   #   {
-  #   #     stdenv = final.ccacheStdenv.override { stdenv = prev.linuxPackages_xanmod_latest.kernel.stdenv; };
-  #   #     buildPackages = prev.linuxPackages_xanmod_latest.kernel.buildPackages //
-  #   #       { stdenv = prev.linuxPackages_xanmod_latest.kernel.buildPackages.stdenv; };
-  #   #   };
-  #   # };
-  # })];
-  # config.programs.ccache.packageNames = [ "libreoffice-unwrapped" ];
-
-# cross-x86_64-pc-linux-musl/gcc
-# dev-cpp/cpp-httplib ? how to use
-# dev-cpp/cppcoro
-# dev-cpp/date
-# dev-cpp/nameof
-# dev-cpp/scnlib
-# dev-cpp/tgbot-cpp
-# dev-libs/pocketfft
-# dev-util/intel-hpckit
-# dev-util/nvhpc
-# kde-misc/wallpaper-engine-kde-plugin
-# media-fonts/arphicfonts
-# media-fonts/sarasa-gothic
-# media-gfx/flameshot
-# media-libs/libva-intel-driver
-# media-libs/libva-intel-media-driver
-# media-sound/netease-cloud-music
-# net-vpn/frp
-# net-wireless/bluez-tools
-# sci-libs/mkl
-# sci-libs/openblas
-# sci-libs/pfft
-# sci-libs/scalapack
-# sci-libs/wannier90
-# sci-mathematics/ginac
-# sci-mathematics/mathematica
-# sci-mathematics/octave
-# sci-physics/lammps::touchfish-os
-# sci-physics/vsim
-# sci-visualization/scidavis
-# sys-apps/flatpak
-# sys-cluster/modules
-# sys-devel/distcc
-# sys-fs/btrfs-progs
-# sys-fs/compsize
-# sys-fs/dosfstools
-# sys-fs/duperemove
-# sys-fs/exfatprogs
-# sys-fs/mdadm
-# sys-fs/ntfs3g
-# sys-kernel/dracut
-# sys-kernel/linux-firmware
-# sys-kernel/xanmod-sources
-# sys-kernel/xanmod-sources:6.1.12
-# sys-kernel/xanmod-sources::touchfish-os
-# sys-libs/libbacktrace
-# sys-libs/libselinux
-# x11-apps/xinput
-# x11-base/xorg-apps
-# x11-base/xorg-fonts
-# x11-base/xorg-server
-# x11-misc/imwheel
-# x11-misc/optimus-manager
-# x11-misc/unclutter-xfixes
-
-#   ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );

modules/packages/desktop/default.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.desktop = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) desktop; in inputs.lib.mkIf (desktop != null)
   {
@@ -16,7 +16,7 @@ inputs:
           # system management
           # TODO: module should add yubikey-touch-detector into path
           gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
-          kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror # inputs.pkgs."pkgs-23.11".etcher
+          kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror geekbench xpra
           (
             writeShellScriptBin "xclip"
             ''
@@ -33,24 +33,22 @@ inputs:
           # networking
           remmina putty mtr-gui
           # media
-          mpv nomacs spotify yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc obs-studio
-          waifu2x-converter-cpp inkscape blender whalebird paraview
+          mpv nomacs yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk qcm
+          waifu2x-converter-cpp inkscape blender paraview vlc whalebird spotify obs-studio
           # themes
+          klassy localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
           catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
           (catppuccin-kde.override { flavour = [ "latte" ]; }) (catppuccin-kvantum.override { variant = "latte"; })
-          klassy
-          localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
           # terminal
           warp-terminal
           # development
-          adb-sync scrcpy weston cage openbox krita jetbrains.clion android-studio dbeaver-bin cling fprettify
-          aircrack-ng
+          adb-sync scrcpy dbeaver-bin cling aircrack-ng
+          weston cage openbox krita jetbrains.clion fprettify
           # desktop sharing
           rustdesk-flutter
           # password and key management
-          yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden electrum
-          jabref
-          john crunch hashcat
+          yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden hashcat
+          electrum jabref john crunch
           # download
           qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
           # editor
@@ -61,21 +59,22 @@ inputs:
           nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
           nix-template nil pnpm-lock-export bundix
           # instant messager
-          element-desktop telegram-desktop discord fluffychat zoom-us signal-desktop slack nur-linyinfeng.wemeet
-          nheko # qq nur-xddxdd.wechat-uos TODO: cinny-desktop
+          element-desktop telegram-desktop discord zoom-us slack nur-linyinfeng.wemeet nheko
+          fluffychat signal-desktop qq nur-xddxdd.wechat-uos cinny-desktop
           # browser
           google-chrome tor-browser microsoft-edge
           # office
-          crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk pdfchain hdfview
-          davinci-resolve texliveFull
+          crow-translate zotero pandoc libreoffice-qt texliveFull poppler_utils pdftk pdfchain davinci-resolve
+          ydict texstudio panoply pspp
           # matplot++ needs old gnuplot
           inputs.pkgs."pkgs-23.11".gnuplot
           # math, physics and chemistry
-          octaveFull root ovito localPackages.vesta localPackages.v-sim
-          (mathematica.overrideAttrs (prev: { postInstall = (prev.postInstall or "") + "ln -s ${prev.src} $out/src"; }))
-          (quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14; }) jmol mpi localPackages.ufo
+          octaveFull ovito localPackages.vesta localPackages.v-sim jmol mpi geogebra6 localPackages.ufo
+          (quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14;
+            wannier90 = inputs.pkgs.wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; }; })
+          inputs.pkgs."pkgs-23.11".hdfview
           # virtualization
-          wineWowPackages.stagingFull virt-viewer bottles genymotion playonlinux
+          virt-viewer bottles wineWowPackages.stagingFull genymotion playonlinux
           # media
           nur-xddxdd.svp
           # for kdenlive auto subtitle
@@ -85,7 +84,7 @@ inputs:
             (builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
         _pythonPackages = [(pythonPackages: with pythonPackages;
         [
-          phonopy scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
+          phonopy scipy scikit-learn jupyterlab autograd
           # TODO: broken on python 3.12 tensorflow keras
           # for phonopy
           inputs.pkgs.localPackages.spectroscopy numpy
@@ -142,10 +141,13 @@ inputs:
     };
     nixpkgs.overlays = [(final: prev:
     {
-      telegram-desktop = prev.telegram-desktop.overrideAttrs (attrs:
+      telegram-desktop = prev.telegram-desktop.override
       {
-        patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./telegram.patch ];
-      });
+        unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs (prev:
+        {
+          patches = prev.patches or [] ++ [ ./telegram.patch ];
+        });
+      };
     })];
     services.pcscd.enable = true;
   };

modules/packages/desktop/telegram.patch

@@ -1,12 +1,12 @@
-diff --color -ur a/Telegram/SourceFiles/data/components/sponsored_messages.cpp b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
---- a/Telegram/SourceFiles/data/components/sponsored_messages.cpp	1970-01-01 08:00:01.000000000 +0800
-+++ b/Telegram/SourceFiles/data/components/sponsored_messages.cpp	2024-05-21 20:41:12.849951324 +0800
-@@ -193,7 +193,7 @@
+diff --git a/Telegram/SourceFiles/data/components/sponsored_messages.cpp b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
+index d2746ad9..f46b51fb 100644
+--- a/Telegram/SourceFiles/data/components/sponsored_messages.cpp
++++ b/Telegram/SourceFiles/data/components/sponsored_messages.cpp
+@@ -195,6 +195,7 @@ void SponsoredMessages::inject(
  }
  
  bool SponsoredMessages::canHaveFor(not_null<History*> history) const {
--	return history->peer->isChannel();
 +	return false;
- }
- 
- void SponsoredMessages::request(not_null<History*> history, Fn<void()> done) {
+ 	if (history->peer->isChannel()) {
+ 		return true;
+ 	} else if (const auto user = history->peer->asUser()) {

modules/packages/firefox.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.firefox = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) firefox; in inputs.lib.mkIf (firefox != null)
   {

modules/packages/flatpak.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
   {

modules/packages/helix.nix

@@ -0,0 +1,21 @@
+inputs:
+{
+  options.nixos.packages.helix = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) helix; in inputs.lib.mkIf (helix != null)
+  {
+    nixos =
+    {
+      user.sharedModules =
+      [{
+        config.programs.helix =
+        {
+          enable = true;
+          defaultEditor = true;
+          settings.theme = "catppuccin_latte";
+        };
+      }];
+      packages.packages._packages = [ inputs.pkgs.helix ];
+    };
+  };
+}

modules/packages/lammps.nix

@@ -3,22 +3,19 @@ inputs:
   options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
   {
     nixos.packages.packages._packages =
       let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null;
       in
-        if cuda then [((inputs.pkgs.lammps-mpi.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
+        if cuda then [((inputs.pkgs.lammps.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
           .overrideAttrs (prev:
           {
-            cmakeFlags = prev.cmakeFlags ++ inputs.lib.optionals cuda
-            [
-              "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD"
-            ];
-            nativeBuildInputs = prev.nativeBuildInputs ++ inputs.lib.optionals cuda
-              [ inputs.pkgs.cudaPackages.cudatoolkit ];
+            cmakeFlags = prev.cmakeFlags ++ [ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
+            nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.cudaPackages.cudatoolkit ];
+            buildInputs = prev.buildInputs ++ [ inputs.pkgs.mpi ];
           }))]
         else [ inputs.pkgs.lammps-mpi ];
   };

modules/packages/mathematica.nix

@@ -0,0 +1,13 @@
+inputs:
+{
+  options.nixos.packages.mathematica = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.packages) mathematica; in inputs.lib.mkIf (mathematica != null)
+  {
+    nixos.packages.packages._packages = [ (inputs.pkgs.mathematica.overrideAttrs
+      (prev: { postInstall = (prev.postInstall or "") + "ln -s ${prev.src} $out/src"; })) ];
+  };
+}

modules/packages/mumax.nix

@@ -4,7 +4,7 @@ inputs:
   {
     type = types.nullOr (types.submodule {});
     default =
-      if inputs.config.nixos.system.gui.enable
+      if (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
         && (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
       then {}
       else null;

modules/packages/root.nix

@@ -0,0 +1,40 @@
+inputs:
+{
+  options.nixos.packages.root = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = {}; };
+  config = let inherit (inputs.config.nixos.packages) root; in inputs.lib.mkIf (root != null)
+  {
+    nixos.packages.packages =
+      let
+        root = inputs.pkgs.root.overrideAttrs rec
+        {
+          version = "6.34.00-rc1";
+          src = inputs.pkgs.fetchurl
+          {
+            url = "https://root.cern/download/root_v${version}.source.tar.gz";
+            sha256 = "1fx6nyv3drcb16a36np7h3vmjlm937j6y9vxkv0sny0grrxcj9lw";
+          };
+          patches = [];
+        };
+        jupyterPath = inputs.pkgs.jupyter-kernel.create { definitions.root = rec
+        {
+          displayName = "ROOT";
+          language = "c++";
+          argv = [ "/run/current-system/sw/bin/python3" "-m" "JupyROOT.kernel.rootkernel" "-f" "{connection_file}" ];
+          logo64 = "${root}/etc/root/notebook/kernels/root/logo-64x64.png";
+          logo32 = inputs.pkgs.runCommand "logo-32x32.png" {}
+            "${inputs.pkgs.imagemagick}/bin/convert ${logo64} -resize 32x32 $out";
+        };};
+      in
+      {
+        _packages = [ root ];
+        _pythonPackages = [(pythonPackages: with pythonPackages; [ metakernel notebook ])];
+        _pythonEnvFlags =
+        [
+          "--prefix JUPYTER_PATH : ${jupyterPath}"
+          "--suffix NIX_PYTHONPATH : ${root}/lib"
+        ];
+        _vscodeEnvFlags = [ "--prefix JUPYTER_PATH : ${jupyterPath}" ];
+      };
+  };
+}

modules/packages/server.nix

@@ -9,10 +9,10 @@ inputs:
       _packages = with inputs.pkgs;
       [
         # basic tools
-        beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
+        beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq yq zellij ipfetch localPackages.pslist
         fastfetch reptyr duc ncdu progress libva-utils ksh neofetch
         # lsxx
-        pciutils usbutils lshw util-linux lsof dmidecode lm_sensors
+        pciutils usbutils lshw util-linux lsof dmidecode lm_sensors hwloc acpica-tools
         # top
         iotop iftop htop btop powertop s-tui
         # editor
@@ -32,13 +32,13 @@ inputs:
         # networking
         ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils wireguard-tools
         # nix tools
-        nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {}) nix-inspect
+        nix-output-monitor nix-tree ssh-to-age nix-inspect
         # development
         gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
         # stupid things
-        toilet lolcat
+        toilet lolcat localPackages.stickerpicker graph-easy
         # office
-        todo-txt-cli pdfgrep ffmpeg-full
+        pdfgrep ffmpeg-full # todo-txt-cli 
       ]
         ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
         ++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);

modules/packages/ssh.nix

@@ -7,16 +7,6 @@ inputs:
     services.openssh.knownHosts =
       let servers =
       {
-        vps4 =
-        {
-          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
-          hostnames = [ "vps4.chn.moe" "104.234.37.61" ];
-        };
-        "initrd.vps4" =
-        {
-          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
-          hostnames = [ "initrd.vps4.chn.moe" "104.234.37.61" ];
-        };
         vps6 =
         {
           ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
@@ -47,15 +37,15 @@ inputs:
           ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
           hostnames = [ "initrd.nas.chn.moe" "192.168.1.2" ];
         };
-        surface =
+        one =
         {
-          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIFdm3DcfHdcLP0oSpVrWwIZ/b9lZuakBSPwCFz2BdTJ7";
-          hostnames = [ "192.168.1.4" "wireguard.surface.chn.moe" "192.168.83.5" ];
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIC5i2Z/vK0D5DBRg3WBzS2ejM0U+w3ZPDJRJySdPcJ5d";
+          hostnames = [ "wireguard.one.chn.moe" "192.168.1.4" "192.168.83.5" ];
         };
         pc =
         {
           ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
-          hostnames = [ "wireguard.pc.chn.moe" "[office.chn.moe]:3673" "192.168.1.105" "192.168.83.3" ];
+          hostnames = [ "wireguard.pc.chn.moe" "[office.chn.moe]:3673" "192.168.1.3" "192.168.83.3" ];
         };
         hpc =
         {
@@ -111,6 +101,8 @@ inputs:
         (inputs.localLib.attrsToList servers));
     programs.ssh =
     {
+      # maybe better network performance
+      package = inputs.pkgs.openssh_hpn;
       startAgent = true;
       enableAskPassword = true;
       askPassword = "${inputs.pkgs.systemd}/bin/systemd-ask-password";
@@ -129,10 +121,10 @@ inputs:
         (
           (builtins.map
             (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
-            [ "vps4" "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" ])
+            [ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" "wireguard.one" ])
           ++ (builtins.map
             (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; }; })
-            [ "wireguard.pc" "wireguard.surface" "wireguard.xmupc1" "wireguard.xmupc2" "srv1" "wireguard.srv1" ])
+            [ "wireguard.pc" "wireguard.xmupc1" "wireguard.xmupc2" "srv1" "wireguard.srv1" ])
           ++ (builtins.map
             (host:
             {
@@ -152,7 +144,7 @@ inputs:
           xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; forwardX11 = true; };
           nas = { host = "nas"; hostname = "192.168.1.2"; forwardX11 = true; };
           pc = { host = "pc"; hostname = "192.168.1.3"; forwardX11 = true; };
-          surface = { host = "surface"; hostname = "192.168.1.4"; forwardX11 = true; };
+          one = { host = "one"; hostname = "192.168.1.4"; forwardX11 = true; };
           gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
           jykang =
           {

modules/packages/steam.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.steam = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) steam; in inputs.lib.mkIf (steam != null)
   {
@@ -12,7 +12,7 @@ inputs:
       enable = true;
       package = inputs.pkgs.steam.override (prev:
       {
-        steam = prev.steam.overrideAttrs (prev:
+        steam-unwrapped = prev.steam-unwrapped.overrideAttrs (prev:
         {
           postInstall = prev.postInstall +
           ''

modules/packages/vasp.nix

@@ -3,14 +3,14 @@ inputs:
   options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   # TODO: add more options to correctly configure VASP
   config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
   {
     nixos.packages.packages._packages = with inputs.pkgs;
     (
-      [ localPackages.vasp.intel localPackages.vasp.vtstscripts localPackages.py4vasp localPackages.vaspkit ]
+      [ localPackages.vasp.intel localPackages.vasp.vtstscripts localPackages.py4vasp localPackages.vaspkit wannier90 ]
         ++ (inputs.lib.optional
           (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
           localPackages.vasp.nvidia)

modules/packages/vim.nix

@@ -9,7 +9,7 @@ inputs:
       config.programs.vim =
       {
         enable = true;
-        defaultEditor = true;
+        defaultEditor = false;
         packageConfigurable = inputs.config.programs.vim.package;
         settings =
         {

modules/packages/vscode.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.vscode = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) vscode; in inputs.lib.mkIf (vscode != null)
   {
@@ -18,12 +18,15 @@ inputs:
               (set:
               {
                 name = set;
-                value = nix-vscode-extensions.vscode-marketplace.${set} // vscode-extensions.${set} or {};
+                value = vscode-extensions.${set} or {}
+                  // nix-vscode-extensions.vscode-marketplace.${set}
+                  // nix-vscode-extensions.vscode-marketplace-release.${set} or {};
               })
               (inputs.lib.unique
               (
-                (builtins.attrNames nix-vscode-extensions.vscode-marketplace)
-                ++ (builtins.attrNames vscode-extensions)
+                (builtins.attrNames vscode-extensions)
+                  ++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace)
+                  ++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace-release)
               )));
             in with extensions;
               (with github; [ copilot github-vscode-theme ])
@@ -51,7 +54,12 @@ inputs:
                 ms-python.python
                 # theme
                 pkief.material-icon-theme
-              ];
+              ]
+              # jupyter
+              # TODO: use last release
+              ++ (with vscode-extensions.ms-toolsai;
+                [ jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow ]);
+          extraFlags = builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags;
         }
       )];
     };

modules/packages/winapps/default.nix

@@ -3,7 +3,7 @@ inputs:
   options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
   {

modules/services/akkoma.nix

@@ -1,51 +0,0 @@
-inputs:
-{
-  options.nixos.services.akkoma = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "akkoma.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) akkoma;
-      inherit (inputs.lib) mkIf;
-    in mkIf akkoma.enable
-    {
-      services.akkoma =
-      {
-        enable = true;
-        config.":pleroma" =
-        {
-          "Pleroma.Web.Endpoint".url.host = akkoma.hostname;
-          "Pleroma.Repo" =
-          {
-            adapter = (inputs.pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
-            hostname = "127.0.0.1";
-            username = "akkoma";
-            password._secret = inputs.config.sops.secrets."akkoma/db".path;
-            database = "akkoma";
-          };
-          ":instance" =
-          {
-            name = "艹";
-            email = "grass@grass.squre";
-            description = "艹艹艹艹艹";
-          };
-        };
-      };
-      nixos.services =
-      {
-        nginx =
-        {
-          enable = true;
-          https."${akkoma.hostname}" =
-          {
-            global.tlsCert = "/var/lib/akkoma";
-            location."/".proxy = { upstream = "http://127.0.0.1:4000"; websocket = true; };
-          };
-        };
-        postgresql.instances.akkoma = {};
-      };
-      sops.secrets."akkoma/db" = { owner = "akkoma"; key = "postgresql/akkoma"; };
-    };
-}

modules/services/ananicy.nix

@@ -0,0 +1,15 @@
+inputs:
+{
+  options.nixos.services.ananicy = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = null; };
+  config = let inherit (inputs.config.nixos.services) ananicy; in inputs.lib.mkIf (ananicy != null)
+  {
+    services.ananicy =
+    {
+      enable = true;
+      package = inputs.pkgs.ananicy-cpp;
+      rulesProvider = inputs.pkgs.ananicy-rules-cachyos;
+      extraRules = [{ name = "YuanShen.exe"; type = "Game"; }];
+    };
+  };
+}

modules/services/chatgpt.nix

@@ -1,44 +0,0 @@
-inputs:
-{
-  options.nixos.services.chatgpt = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.nullOr (types.submodule { options =
-    {
-      hostname = mkOption { type = types.str; default = "chat.chn.moe"; };
-    };});
-    default = null;
-  };
-  config = let inherit (inputs.config.nixos.services) chatgpt; in inputs.lib.mkIf (chatgpt != null)
-  {
-    virtualisation.oci-containers.containers.chatgpt =
-    {
-      image = "yidadaa/chatgpt-next-web:v2.11.3";
-      imageFile = inputs.pkgs.dockerTools.pullImage
-      {
-        imageName = "yidadaa/chatgpt-next-web";
-        imageDigest = "sha256:622462a7958f82e128a0e1ebd07b96e837f3d457b912fb246b550fb730b538a7";
-        sha256 = "00qwh1kjdchf1nhaz18s2yly2xhvpaa83ym5x4wy3z0y3vc1zwxx";
-        finalImageName = "yidadaa/chatgpt-next-web";
-        finalImageTag = "v2.11.3";
-      };
-      ports = [ "127.0.0.1:6184:3000/tcp" ];
-      extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
-      environmentFiles = [ inputs.config.sops.templates."chatgpt/env".path ];
-    };
-    sops =
-    {
-      templates."chatgpt/env".content =
-      ''
-        OPENAI_API_KEY=${inputs.config.sops.placeholder."chatgpt/key"}
-        BASE_URL=https://oa.api2d.net
-      '';
-      secrets."chatgpt/key" = {};
-    };
-    nixos.services.nginx =
-    {
-      enable = true;
-      https."${chatgpt.hostname}".location."/".proxy =
-        { upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; };
-    };
-  };
-}

modules/services/default.nix

@@ -4,8 +4,7 @@ inputs:
   options.nixos.services = let inherit (inputs.lib) mkOption types; in
   {
     smartd.enable = mkOption { type = types.bool; default = false; };
-    wallabag.enable = mkOption { type = types.bool; default = false; };
-    noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
+    noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.model.type == "desktop"; };
   };
   config =
     let
@@ -16,61 +15,6 @@ inputs:
     in mkMerge
     [
       (mkIf services.smartd.enable { services.smartd.enable = true; })
-      (
-        mkIf services.wallabag.enable
-        {
-          virtualisation.oci-containers.containers.wallabag =
-          {
-            image = "wallabag/wallabag:2.6.2";
-            imageFile = inputs.pkgs.dockerTools.pullImage
-            {
-              imageName = "wallabag/wallabag";
-              imageDigest = "sha256:241e5c71f674ee3f383f428e8a10525cbd226d04af58a40ce9363ed47e0f1de9";
-              sha256 = "0zflrhgg502w3np7kqmxij8v44y491ar2qbk7qw981fysia5ix09";
-              finalImageName = "wallabag/wallabag";
-              finalImageTag = "2.6.2";
-            };
-            ports = [ "127.0.0.1:4398:80/tcp" ];
-            extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
-            environmentFiles = [ inputs.config.sops.templates."wallabag/env".path ];
-          };
-          sops =
-          {
-            templates."wallabag/env".content =
-              let
-                placeholder = inputs.config.sops.placeholder;
-              in
-              ''
-                SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
-                SYMFONY__ENV__DATABASE_HOST=host.docker.internal
-                SYMFONY__ENV__DATABASE_PORT=5432
-                SYMFONY__ENV__DATABASE_NAME=wallabag
-                SYMFONY__ENV__DATABASE_USER=wallabag
-                SYMFONY__ENV__DATABASE_PASSWORD=${placeholder."postgresql/wallabag"}
-                SYMFONY__ENV__REDIS_HOST=host.docker.internal
-                SYMFONY__ENV__REDIS_PORT=8790
-                SYMFONY__ENV__REDIS_PASSWORD=${placeholder."redis/wallabag"}
-                SYMFONY__ENV__SERVER_NAME=wallabag.chn.moe
-                SYMFONY__ENV__DOMAIN_NAME=https://wallabag.chn.moe
-                SYMFONY__ENV__TWOFACTOR_AUTH=false
-              '';
-              # SYMFONY__ENV__MAILER_DSN=smtp://bot%%40chn.moe@${placeholder."mail/bot-encoded"}:mail.chn.moe
-              # SYMFONY__ENV__FROM_EMAIL=bot@chn.moe
-              # SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
-            secrets."mail/bot-encoded" = {};
-          };
-          nixos.services =
-          {
-            nginx =
-            {
-              enable = true;
-              https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
-            };
-            postgresql.instances.wallabag = {};
-            redis.instances.wallabag = { user = "root"; port = 8790; };
-          };
-        }
-      )
       (mkIf services.noisetorch.enable { programs.noisetorch.enable = true; })
     ];
 }

modules/services/docker.nix

@@ -7,19 +7,21 @@ inputs:
     (
       inputs.lib.mkIf (docker != null)
       {
-        # system-wide docker is not needed
-        # virtualisation.docker.enable = true;
-        virtualisation.docker.rootless =
+        virtualisation.docker =
         {
           enable = true;
-          setSocketVariable = true;
-          daemon.settings =
+          rootless =
           {
-            features.buildkit = true;
-            # dns 127.0.0.1 make docker not work
-            dns = [ "1.1.1.1" ];
-            # prevent create btrfs subvol
-            storage-driver = "overlay2";
+            enable = true;
+            setSocketVariable = true;
+            daemon.settings =
+            {
+              features.buildkit = true;
+              # dns 127.0.0.1 make docker not work
+              dns = [ "1.1.1.1" ];
+              # prevent create btrfs subvol
+              storage-driver = "overlay2";
+            };
           };
         };
       }

modules/services/gitea.nix

@@ -48,7 +48,27 @@ inputs:
     };
     nixos.services =
     {
-      nginx = { enable = true; https."${gitea.hostname}".location."/".proxy.upstream = "http://127.0.0.1:3002"; };
+      nginx =
+      {
+        enable = true;
+        https."${gitea.hostname}".location =
+        {
+          "/".proxy.upstream = "http://127.0.0.1:3002";
+          "/robots.txt".static.root =
+            let
+              robotsFile = inputs.pkgs.fetchurl
+              {
+                url = "https://gitea.com/robots.txt";
+                sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
+              };
+              robotsDir = inputs.pkgs.runCommand "robots.txt" {}
+              ''
+                mkdir -p $out
+                cp ${robotsFile} $out/robots.txt
+              '';
+            in "${robotsDir}";
+        };
+      };
       postgresql.instances.gitea = {};
     };
     sops.secrets =

modules/services/keyd.nix

@@ -0,0 +1,21 @@
+inputs:
+{
+  options.nixos.services.keyd = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = null; };
+  config = let inherit (inputs.config.nixos.services) keyd; in inputs.lib.mkIf (keyd != null)
+  {
+    services.keyd =
+    {
+      enable = true;
+      keyboards.default =
+      {
+        ids = [ "*" ];
+        settings =
+        {
+          main.rightcontrol = "overload(r_ctrl, rightcontrol)";
+          "r_ctrl:C" = { left = "home"; right = "end"; up = "pageup"; down = "pagedown"; };
+        };
+      };
+    };
+  };
+}

modules/services/kmscon.nix

@@ -1,19 +0,0 @@
-inputs:
-{
-  options.nixos.services.kmscon = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-  };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.services) kmscon;
-    in mkIf kmscon.enable
-    {
-      services.kmscon =
-      {
-        enable = true;
-        fonts = [{ name = "FiraCode Nerd Font Mono"; package = inputs.pkgs.nerdfonts; }];
-      };
-    };
-}

modules/services/mariadb.nix

@@ -49,11 +49,7 @@ inputs:
     sops.secrets = builtins.listToAttrs (builtins.map
       (db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
       (builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList mariadb.instances)));
-    environment.persistence =
-      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
-      {
-        "${impermanence.nodatacow}".directories = let user = "mysql"; in
-          [{ directory = "/var/lib/mysql"; inherit user; group = user; mode = "0750"; }];
-      };
+    environment.persistence."/nix/nodatacow".directories =
+      [{ directory = "/var/lib/mysql"; user = "mysql"; group = "mysql"; mode = "0750"; }];
   };
 }

modules/services/mastodon.nix

@@ -1,83 +0,0 @@
-inputs:
-{
-  options.nixos.services.mastodon = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.str; default = "dudu.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) mastodon;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) toString;
-    in mkIf mastodon.enable
-    {
-      services.mastodon =
-      {
-        enable = true;
-        streamingProcesses = 1;
-        enableUnixSocket = false;
-        localDomain = mastodon.hostname;
-        database =
-        {
-          createLocally = false;
-          host = "127.0.0.1";
-          passwordFile = inputs.config.sops.secrets."mastodon/postgresql".path;
-        };
-        redis.createLocally = false;
-        smtp =
-        {
-          createLocally = false;
-          user = "bot@chn.moe";
-          port = 465;
-          passwordFile = inputs.config.sops.secrets."mastodon/mail".path;
-          host = "mail.chn.moe";
-          fromAddress = "bot@chn.moe";
-          authenticate = true;
-        };
-        extraEnvFiles = [ inputs.config.sops.templates."mastodon/env".path ];
-      };
-      nixos.services =
-      {
-        postgresql.instances.mastodon = {};
-        redis.instances.mastodon.port = inputs.config.services.mastodon.redis.port;
-        nginx =
-        {
-          enable = true;
-          https."${mastodon.hostname}".location =
-          {
-            "/system/".alias.path = "/var/lib/mastodon/public-system/";
-            "/".static =
-              { root = "${inputs.config.services.mastodon.package}/public"; tryFiles = [ "$uri" "@proxy" ]; };
-            "@proxy".proxy =
-              { upstream = "http://127.0.0.1:${toString inputs.config.services.mastodon.webPort}"; websocket = true; };
-            "/api/v1/streaming/".proxy =
-            {
-              upstream = "http://unix:/run/mastodon-streaming/streaming-1.socket";
-              websocket = true;
-            };
-          };
-        };
-      };
-      sops =
-      {
-        secrets =
-        {
-          "mastodon/mail" = { owner = "mastodon"; key = "mail/bot"; };
-          "mastodon/postgresql" = { owner = "mastodon"; key = "postgresql/mastodon"; };
-        };
-        templates."mastodon/env" =
-        {
-          owner = "mastodon";
-          content =
-          ''
-            REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/mastodon"}
-            SMTP_SSL=true
-            SMTP_AUTH_METHOD=plain
-          '';
-        };
-      };
-      environment.systemPackages = [ inputs.config.services.mastodon.package ];
-      # sudo -u mastodon mastodon-tootctl accounts modify chn --role Owner
-    };
-}

modules/services/meilisearch.nix

@@ -1,113 +0,0 @@
-inputs:
-{
-  options.nixos.services.meilisearch = let inherit (inputs.lib) mkOption types; in
-  {
-    instances = mkOption
-    {
-      type = types.attrsOf (types.submodule (submoduleInputs: { options =
-      {
-        user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
-        port = mkOption { type = types.ints.unsigned; };
-      };}));
-      default = {};
-    };
-    ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-  };
-  config = let inherit (inputs.config.nixos.services) meilisearch; in
-  {
-    systemd =
-    {
-      services = builtins.listToAttrs (builtins.map
-        (instance:
-        {
-          name = "meilisearch-${instance.name}";
-          value =
-          {
-            description = "meiliSearch ${instance.name}";
-            wantedBy = [ "multi-user.target" ];
-            after = [ "network.target" ];
-            # environment.RUST_BACKTRACE = "full";
-            serviceConfig =
-            {
-              User = instance.value.user;
-              Group = inputs.config.users.users.${instance.value.user}.group;
-              ExecStart =
-                let
-                  meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
-                  {
-                    RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
-                      ++ (
-                        let inherit (inputs.config.nixos.system.nixpkgs) march;
-                        in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
-                      );
-                  });
-                  config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
-                in
-                  "${meilisearch}/bin/meilisearch --config-file-path ${config}";
-              Restart = "always";
-              StartLimitBurst = 3;
-              LimitNOFILE = "infinity";
-              LimitNPROC = "infinity";
-              LimitCORE = "infinity";
-              CPUSchedulingPolicy = "idle";
-              IOSchedulingClass = "idle";
-              IOSchedulingPriority = 4;
-              IOAccounting = true;
-              IOWeight = 1;
-              Nice = 19;
-              Slice = "-.slice";
-            }
-            // (if meilisearch.ioLimitDevice != null then
-            {
-              IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
-              IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
-              # iostat -dx 1
-              IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
-              IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
-            } else {});
-          };
-        })
-        (inputs.localLib.attrsToList meilisearch.instances));
-      tmpfiles.rules = builtins.concatLists (builtins.map
-        (instance:
-          let
-            user = instance.value.user;
-            group = inputs.config.users.users.${instance.value.user}.group;
-            dir = "/var/lib/meilisearch/${instance.name}";
-          in
-            [ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
-        (inputs.localLib.attrsToList meilisearch.instances));
-    };
-    sops =
-    {
-      templates = builtins.listToAttrs (builtins.map
-        (instance:
-        {
-          name = "meilisearch-${instance.name}.toml";
-          value =
-          {
-            content =
-            ''
-              db_path = "/var/lib/meilisearch/${instance.name}"
-              http_addr = "0.0.0.0:${builtins.toString instance.value.port}"
-              master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
-              env = "production"
-              dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
-              log_level = "INFO"
-              max_indexing_memory = "16Gb"
-              max_indexing_threads = 1
-            '';
-            owner = instance.value.user;
-          };
-        })
-        (inputs.localLib.attrsToList meilisearch.instances));
-      secrets = builtins.listToAttrs (builtins.map
-        (instance: { name = "meilisearch/${instance.name}"; value = {}; })
-        (inputs.localLib.attrsToList meilisearch.instances));
-    };
-    environment.persistence =
-      let inherit (inputs.config.nixos.system) impermanence;
-      in inputs.lib.mkIf (impermanence.enable && meilisearch.instances != {})
-        { "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; };
-  };
-}

modules/services/mirism.nix

@@ -31,7 +31,7 @@ inputs:
               {
                 User = inputs.config.users.users.mirism.name;
                 Group = inputs.config.users.users.mirism.group;
-                ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";
+                ExecStart = "${inputs.pkgs.localPackages.mirism-old}/bin/${instance}";
                 RuntimeMaxSec = "1d";
                 Restart = "always";
               };

modules/services/misskey.nix

@@ -8,11 +8,6 @@ inputs:
       port = mkOption { type = types.ints.unsigned; default = 9726; };
       redis.port = mkOption { type = types.ints.unsigned; default = 3545; };
       hostname = mkOption { type = types.nonEmptyStr; default = "misskey.chn.moe"; };
-      meilisearch =
-      {
-        enable = mkOption { type = types.bool; default = false; };
-        port = mkOption { type = types.ints.unsigned; default = 7700; };
-      };
     };});
     default = {};
   };
@@ -31,9 +26,7 @@ inputs:
           {
             enable = instance.value.autoStart;
             description = "misskey ${instance.name}";
-            after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
-              ++ (if instance.value.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ]
-                else []);
+            after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ];
             requires = after;
             wantedBy = [ "multi-user.target" ];
             environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
@@ -77,7 +70,6 @@ inputs:
               let
                 placeholder = inputs.config.sops.placeholder;
                 redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
-                meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
               in
               ''
                 url: https://${instance.value.hostname}/
@@ -105,17 +97,7 @@ inputs:
                 proxyRemoteFiles: true
                 signToActivityPubGet: true
                 maxFileSize: 1073741824
-              ''
-              + (if instance.value.meilisearch.enable then
-              ''
-                meilisearch:
-                  host: 127.0.0.1
-                  port: ${toString meilisearch.port}
-                  apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
-                  ssl: false
-                  index: misskey
-                  scope: global
-              '' else "");
+              '';
             owner = inputs.config.users.users."misskey-${instance.name}".name;
           };
         })
@@ -142,19 +124,6 @@ inputs:
         postgresql.instances = listToAttrs (map
           (instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
           (attrsToList misskey.instances));
-        meilisearch.instances =
-          let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances);
-          in listToAttrs (map
-            (instance:
-            {
-              name = "misskey-${instance.name}";
-              value =
-              {
-                user = inputs.config.users.users."misskey-${instance.name}".name;
-                port = instance.value.meilisearch.port;
-              };
-            })
-            instances);
         nginx =
         {
           enable = mkIf (misskey.instances != {}) true;

modules/services/nextcloud.nix

@@ -16,7 +16,7 @@ inputs:
       hostName = nextcloud.hostname;
       appstoreEnable = false;
       https = true;
-      package = inputs.pkgs.nextcloud29;
+      package = inputs.pkgs.nextcloud30;
       maxUploadSize = "10G";
       config =
       {

modules/services/nginx/applications/kkmeeting.nix

@@ -1,18 +0,0 @@
-inputs:
-{
-  options.nixos.services.nginx.applications.kkmeeting = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "kkmeeting.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services.nginx.applications) kkmeeting;
-      inherit (inputs.lib) mkIf;
-    in mkIf kkmeeting.enable
-    {
-      nixos.services.nginx.https.${kkmeeting.hostname}.location."/".static =
-        { root = "/srv/kkmeeting"; index = "auto"; charset = "utf-8"; };
-      systemd.tmpfiles.rules = [ "d /srv/kkmeeting 0700 nginx nginx" "Z /srv/kkmeeting - nginx nginx" ];
-    };
-}

modules/services/nginx/applications/sticker/.gitignore

@@ -0,0 +1 @@
+/config.json

modules/services/nginx/applications/sticker/default.nix

@@ -0,0 +1,22 @@
+inputs:
+{
+  options.nixos.services.nginx.applications.sticker = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule {});
+    default = {};
+  };
+  config = let inherit (inputs.config.nixos.services.nginx.applications) sticker; in inputs.lib.mkIf (sticker != null)
+  {
+    nixos.services.nginx.https."sticker.chn.moe".location."/".static =
+    {
+      root = builtins.toString (inputs.pkgs.runCommand "web" {}
+      ''
+        mkdir -p $out
+        cp -r ${inputs.topInputs.stickerpicker}/web/* $out
+        chmod -R +w $out
+        cp -r ${./web}/* $out
+      '');
+      index = [ "index.html" ];
+    };
+  };
+}

modules/services/nginx/applications/sticker/web/packs/index.json

@@ -0,0 +1,7 @@
+{
+  "packs": [
+    "Mare_by_WuMingv2Bot.json",
+    "line_191054124446_by_moe_sticker_bot.json"
+  ],
+  "homeserver_url": "https://matrix.chn.moe"
+}

modules/services/nginx/default.nix

@@ -250,6 +250,9 @@ inputs:
               # nginx will try to redirect https://blog.chn.moe/docs to https://blog.chn.moe:3068/docs/ in default
               # this make it redirect to /docs/ without hostname
               absolute_redirect off;
+              # allow realip module to set ip
+              set_real_ip_from 0.0.0.0/0;
+              real_ip_header proxy_protocol;
             '';
             proxyTimeout = "1d";
             recommendedZstdSettings = true;
@@ -336,7 +339,7 @@ inputs:
           let
             ipset = "${inputs.pkgs.ipset}/bin/ipset";
             iptables = "${inputs.pkgs.iptables}/bin/iptables";
-            ip = "${inputs.pkgs.iproute}/bin/ip";
+            ip = "${inputs.pkgs.iproute2}/bin/ip";
             start = inputs.pkgs.writeShellScript "nginx-proxy.start"
             (
               ''

modules/services/nixseperatedebuginfo.nix

@@ -3,17 +3,18 @@ inputs:
   options.nixos.services.nixseparatedebuginfo = let inherit (inputs.lib) mkOption types; in mkOption
   {
     type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
+    default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
   };
   config =
     let inherit (inputs.config.nixos.services) nixseparatedebuginfo; in inputs.lib.mkIf (nixseparatedebuginfo != {})
     {
       services.nixseparatedebuginfod.enable = true;
-      environment.persistence =
-        let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
-        {
-          "${impermanence.nodatacow}".directories = let user = "nixseparatedebuginfod"; in
-          [{ directory = "/var/cache/nixseparatedebuginfod"; inherit user; group = user; mode = "0755"; }];
-        };
+      environment.persistence."/nix/nodatacow".directories =
+      [{
+        directory = "/var/cache/nixseparatedebuginfod";
+        user = "nixseparatedebuginfod";
+        group = "nixseparatedebuginfod";
+        mode = "0755";
+      }];
     };
 }

modules/services/postgresql.nix

@@ -86,11 +86,7 @@ inputs:
     sops.secrets = builtins.listToAttrs (builtins.map
       (db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
       (builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList postgresql.instances)));
-    environment.persistence =
-      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
-      {
-        "${impermanence.nodatacow}".directories = let user = "postgres"; in
-          [{ directory = "/var/lib/postgresql"; inherit user; group = user; mode = "0750"; }];
-      };
+    environment.persistence."/nix/nodatacow".directories =
+      [{ directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }];
   };
 }

modules/services/samba.nix

@@ -33,18 +33,7 @@ inputs:
           enable = true;
           # TCP 139 445 UDP 137 138
           openFirewall = !samba.private;
-          securityType = "user";
-          extraConfig =
-          ''
-            workgroup = WORKGROUP
-            server string = Samba Server
-            server role = standalone server
-            hosts allow = ${samba.hostsAllowed}
-            dns proxy = no
-          '';
-          #  obey pam restrictions = yes
-          #  encrypt passwords = no
-          shares = listToAttrs (map
+          settings = listToAttrs (map
             (share:
             {
               name = share.name;
@@ -60,7 +49,8 @@ inputs:
                 "force directory mode" = "2755";
               };
             })
-            (attrsToList samba.shares));
+            (attrsToList samba.shares))
+            // { global."hosts allow" = "${samba.hostsAllowed}"; };
         };
       };
       nixos.services.xray.client.v2ray-forwarder =

modules/services/slurm.nix

@@ -4,7 +4,7 @@ inputs:
   {
     enable = mkOption { type = types.bool; default = false; };
     # 本机是否为控制节点，如果不是，填写控制节点的主机名
-    master = mkOption { type = types.nonEmptyStr; default = inputs.config.nixos.system.networking.hostname; };
+    master = mkOption { type = types.nonEmptyStr; default = inputs.config.nixos.model.hostname; };
     node = mkOption { type = types.attrsOf (types.submodule (submoduleInputs: { options =
     {
       # slurm 中使用的节点名称
@@ -127,7 +127,7 @@ inputs:
             TaskPlugin=task/affinity,task/cgroup
           '';
           extraConfigPaths =
-            let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
+            let gpus = slurm.node.${inputs.config.nixos.model.hostname}.gpus or null;
             in inputs.lib.mkIf (gpus != null)
             (
               let gpuString = builtins.concatStringsSep "\n" (builtins.map
@@ -141,7 +141,7 @@ inputs:
       systemd =
       {
         services.slurmd.environment =
-          let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
+          let gpus = slurm.node.${inputs.config.nixos.model.hostname}.gpus or null;
           in inputs.lib.mkIf (gpus != null)
           {
             CUDA_PATH = "${inputs.pkgs.cudatoolkit}";
@@ -159,7 +159,7 @@ inputs:
         in { allowedTCPPorts = config; allowedUDPPorts = config; };
     }
     # master 配置
-    (inputs.lib.mkIf (slurm.master == inputs.config.nixos.system.networking.hostname)
+    (inputs.lib.mkIf (slurm.master == inputs.config.nixos.model.hostname)
     {
       services.slurm =
       {

modules/services/synapse.nix

@@ -8,18 +8,12 @@ inputs:
       autoStart = mkOption { type = types.bool; default = true; };
       port = mkOption { type = types.ints.unsigned; default = 8008; };
       redisPort = mkOption { type = types.ints.unsigned; default = 6379; };
-      slidingSyncPort = mkOption { type = types.ints.unsigned; default = 9000; };
       hostname = mkOption
       {
         type = types.nonEmptyStr;
         default = "${submoduleInputs.config._module.args.name}.chn.moe";
       };
       matrixHostname = mkOption { type = types.nonEmptyStr; default = "chn.moe"; };
-      slidingSyncHostname = mkOption
-      {
-        type = types.nonEmptyStr;
-        default = "syncv3.${submoduleInputs.config.hostname}";
-      };
       # , synapse_homeserver --config-path homeserver.yaml --generate-config --report-stats=yes --server-name xxx
     };}));
     default = {};
@@ -50,263 +44,203 @@ inputs:
       systemd = mkMerge (map
         (instance: let workdir = "/var/lib/synapse/${instance.name}"; in
         {
-          services =
-          {
-            "synapse-${instance.name}" =
-              let
-                package = inputs.pkgs.matrix-synapse.override
-                  { extras = [ "url-preview" "postgres" "redis" ]; plugins = []; };
-                config = inputs.config.sops.templates."synapse/${instance.name}/config.yaml".path;
-                homeserver = "${package}/bin/synapse_homeserver";
-              in
-              {
-                description = "synapse-${instance.name}";
-                enable = instance.value.autoStart;
-                after = [ "network-online.target" "postgresql.service" ];
-                requires = [ "network-online.target" "postgresql.service" ];
-                wantedBy = [ "multi-user.target" ];
-                serviceConfig =
-                {
-                  ExecStart = "${homeserver} --config-path ${config} --keys-directory ${workdir}";
-                  Type = "notify";
-                  User = "synapse-${instance.name}";
-                  Group = "synapse-${instance.name}";
-                  WorkingDirectory = workdir;
-                  ExecReload = "${inputs.pkgs.util-linux}/bin/kill -HUP $MAINPID";
-                  Restart = "on-failure";
-                  UMask = "0077";
-                  CapabilityBoundingSet = [ "" ];
-
-                  # hardening
-                  LockPersonality = true;
-                  NoNewPrivileges = true;
-                  PrivateDevices = true;
-                  PrivateTmp = true;
-                  PrivateUsers = true;
-                  ProcSubset = "pid";
-                  ProtectClock = true;
-                  ProtectControlGroups = true;
-                  ProtectHome = true;
-                  ProtectHostname = true;
-                  ProtectKernelLogs = true;
-                  ProtectKernelModules = true;
-                  ProtectKernelTunables = true;
-                  ProtectProc = "invisible";
-                  ProtectSystem = "strict";
-                  ReadWritePaths = [ workdir ];
-                  RemoveIPC = true;
-                  RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
-                  RestrictNamespaces = true;
-                  RestrictRealtime = true;
-                  RestrictSUIDSGID = true;
-                  SystemCallArchitectures = "native";
-                  SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
-                };
-              };
-            "synapse-sliding-sync-${instance.name}" =
+          services."synapse-${instance.name}" =
+            let
+              package = inputs.pkgs.matrix-synapse.override
+                { extras = [ "url-preview" "postgres" "redis" ]; plugins = []; };
+              config = inputs.config.sops.templates."synapse/${instance.name}/config.yaml".path;
+              homeserver = "${package}/bin/synapse_homeserver";
+            in
             {
-              after = [ "synapse-${instance.name}.service" ];
-              wants = [ "synapse-${instance.name}.service" ];
+              description = "synapse-${instance.name}";
+              enable = instance.value.autoStart;
+              after = [ "network-online.target" "postgresql.service" ];
+              requires = [ "network-online.target" "postgresql.service" ];
               wantedBy = [ "multi-user.target" ];
               serviceConfig =
               {
+                ExecStart = "${homeserver} --config-path ${config} --keys-directory ${workdir}";
+                Type = "notify";
                 User = "synapse-${instance.name}";
                 Group = "synapse-${instance.name}";
-                EnvironmentFile = inputs.config.sops.templates."synapse/${instance.name}-sliding-sync/env".path;
-                ExecStart = inputs.lib.getExe inputs.pkgs.matrix-sliding-sync;
-                WorkingDirectory = workdir + "-sliding-sync";
+                WorkingDirectory = workdir;
+                ExecReload = "${inputs.pkgs.util-linux}/bin/kill -HUP $MAINPID";
                 Restart = "on-failure";
-                RestartSec = "1s";
+                UMask = "0077";
+                CapabilityBoundingSet = [ "" ];
+
+                # hardening
+                LockPersonality = true;
+                NoNewPrivileges = true;
+                PrivateDevices = true;
+                PrivateTmp = true;
+                PrivateUsers = true;
+                ProcSubset = "pid";
+                ProtectClock = true;
+                ProtectControlGroups = true;
+                ProtectHome = true;
+                ProtectHostname = true;
+                ProtectKernelLogs = true;
+                ProtectKernelModules = true;
+                ProtectKernelTunables = true;
+                ProtectProc = "invisible";
+                ProtectSystem = "strict";
+                ReadWritePaths = [ workdir ];
+                RemoveIPC = true;
+                RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+                RestrictNamespaces = true;
+                RestrictRealtime = true;
+                RestrictSUIDSGID = true;
+                SystemCallArchitectures = "native";
+                SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
               };
             };
-          };
           tmpfiles.rules =
           [
             "d /var/lib/synapse 0755 root root"
             "d ${workdir} 0700 synapse-${instance.name} synapse-${instance.name}"
             "Z ${workdir} - synapse-${instance.name} synapse-${instance.name}"
-            "d ${workdir}-sliding-sync 0700 synapse-${instance.name} synapse-${instance.name}"
-            "Z ${workdir}-sliding-sync - synapse-${instance.name} synapse-${instance.name}"
           ];
         })
         (attrsToList synapse.instances));
       sops = mkMerge (map
         (instance:
         {
-          templates =
+          templates."synapse/${instance.name}/config.yaml" =
           {
-            "synapse/${instance.name}/config.yaml" =
-            {
-              owner = "synapse-${instance.name}";
-              group = "synapse-${instance.name}";
-              content =
-                let
-                  inherit (inputs.config.sops) placeholder;
-                in builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "${instance.name}.yaml"
+            owner = "synapse-${instance.name}";
+            group = "synapse-${instance.name}";
+            content =
+              let
+                inherit (inputs.config.sops) placeholder;
+              in builtins.readFile ((inputs.pkgs.formats.yaml {}).generate "${instance.name}.yaml"
+              {
+                server_name = instance.value.matrixHostname;
+                public_baseurl = "https://${instance.value.hostname}/";
+                listeners =
+                [{
+                  bind_addresses = [ "127.0.0.1" ];
+                  inherit (instance.value) port;
+                  resources = [{ names = [ "client" "federation" ]; compress = false; }];
+                  tls = false;
+                  type = "http";
+                  x_forwarded = true;
+                }];
+                database =
                 {
-                  server_name = instance.value.matrixHostname;
-                  public_baseurl = "https://${instance.value.hostname}/";
-                  listeners =
-                  [{
-                    bind_addresses = [ "127.0.0.1" ];
-                    inherit (instance.value) port;
-                    resources = [{ names = [ "client" "federation" ]; compress = false; }];
-                    tls = false;
-                    type = "http";
-                    x_forwarded = true;
-                  }];
-                  database =
+                  name = "psycopg2";
+                  args =
                   {
-                    name = "psycopg2";
-                    args =
-                    {
-                      user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
-                      password = placeholder."postgresql/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
-                      database = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
-                      host = "127.0.0.1";
-                      port = "5432";
-                    };
-                    allow_unsafe_locale = true;
+                    user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
+                    password = placeholder."postgresql/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
+                    database = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
+                    host = "127.0.0.1";
+                    port = "5432";
                   };
-                  redis =
-                  {
-                    enabled = true;
-                    port = instance.value.redisPort;
-                    password = placeholder."redis/synapse-${instance.name}";
-                  };
-                  turn_shared_secret = placeholder."synapse/${instance.name}/coturn";
-                  registration_shared_secret = placeholder."synapse/${instance.name}/registration";
-                  macaroon_secret_key = placeholder."synapse/${instance.name}/macaroon";
-                  form_secret = placeholder."synapse/${instance.name}/form";
-                  signing_key_path = inputs.config.sops.secrets."synapse/${instance.name}/signing-key".path;
-                  email =
-                  {
-                    smtp_host = "mail.chn.moe";
-                    smtp_port = 25;
-                    smtp_user = "bot@chn.moe";
-                    smtp_pass = placeholder."mail/bot";
-                    require_transport_security = true;
-                    notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
-                    app_name = "Haonan Chen's synapse";
-                  };
-                  admin_contact = "mailto:chn@chn.moe";
-                  enable_registration = true;
-                  registrations_require_3pid = [ "email" ];
-                  registration_requires_token = true;
-                  turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
-                  max_upload_size = "1024M";
-                  web_client_location = "https://element.chn.moe/";
-                  extra_well_known_client_content."org.matrix.msc3575.proxy".url =
-                    "https://${instance.value.slidingSyncHostname}";
-                  report_stats = true;
-                  trusted_key_servers =
-                  [{
-                    server_name = "matrix.org";
-                    verify_keys."ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
-                  }];
-                  suppress_key_server_warning = true;
-                  log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
-                  {
-                    version = 1;
-                    formatters.precise.format =
-                      "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
-                    handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
-                    root = { level = "INFO"; handlers = [ "console" ]; };
-                    disable_existing_loggers = true;
-                  };
-                  pid_file = "/run/synapse-${instance.name}.pid";
-                  media_store_path = "/var/lib/synapse/${instance.name}/media_store";
-                  presence.enabled = true;
-                  url_preview_enabled = true;
-                  url_preview_ip_range_blacklist =
-                  [
-                    "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.0.0.0/24"
-                    "192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24" "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32"
-                    "203.0.113.0/24" "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8"
-                  ];
-                  max_image_pixels = "32M";
-                  dynamic_thumbnails = false;
-                });
-            };
-            "synapse/${instance.name}-sliding-sync/env" =
-            {
-              owner = "synapse-${instance.name}";
-              group = "synapse-${instance.name}";
-              content =
-                let
-                  inherit (inputs.config.sops) placeholder;
-                  pgString = "postgresql://"
-                    + "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}"
-                    + ":${placeholder."postgresql/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}"}"
-                    + "@127.0.0.1:5432"
-                    + "/synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}_sliding_sync"
-                    + "?sslmode=disable";
-                in
-                ''
-                  SYNCV3_SERVER=https://${instance.value.hostname}
-                  SYNCV3_DB=${pgString}
-                  SYNCV3_SECRET=${placeholder."synapse/${instance.name}/sliding-sync"}
-                  SYNCV3_BINDADDR=127.0.0.1:${toString instance.value.slidingSyncPort}
-                '';
-            };
+                  allow_unsafe_locale = true;
+                };
+                redis =
+                {
+                  enabled = true;
+                  port = instance.value.redisPort;
+                  password = placeholder."redis/synapse-${instance.name}";
+                };
+                turn_shared_secret = placeholder."synapse/${instance.name}/coturn";
+                registration_shared_secret = placeholder."synapse/${instance.name}/registration";
+                macaroon_secret_key = placeholder."synapse/${instance.name}/macaroon";
+                form_secret = placeholder."synapse/${instance.name}/form";
+                signing_key_path = inputs.config.sops.secrets."synapse/${instance.name}/signing-key".path;
+                email =
+                {
+                  smtp_host = "mail.chn.moe";
+                  smtp_port = 25;
+                  smtp_user = "bot@chn.moe";
+                  smtp_pass = placeholder."mail/bot";
+                  require_transport_security = true;
+                  notif_from = "Your Friendly %(app)s homeserver <bot@chn.moe>";
+                  app_name = "Haonan Chen's synapse";
+                };
+                admin_contact = "mailto:chn@chn.moe";
+                enable_registration = true;
+                registrations_require_3pid = [ "email" ];
+                registration_requires_token = true;
+                turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
+                max_upload_size = "1024M";
+                web_client_location = "https://element.chn.moe/";
+                report_stats = true;
+                trusted_key_servers =
+                [{
+                  server_name = "matrix.org";
+                  verify_keys."ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
+                }];
+                suppress_key_server_warning = true;
+                log_config = (inputs.pkgs.formats.yaml {}).generate "log.yaml"
+                {
+                  version = 1;
+                  formatters.precise.format =
+                    "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s";
+                  handlers.console = { class = "logging.StreamHandler"; formatter = "precise"; };
+                  root = { level = "INFO"; handlers = [ "console" ]; };
+                  disable_existing_loggers = true;
+                };
+                pid_file = "/run/synapse-${instance.name}.pid";
+                media_store_path = "/var/lib/synapse/${instance.name}/media_store";
+                presence.enabled = true;
+                url_preview_enabled = true;
+                url_preview_ip_range_blacklist =
+                [
+                  "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.0.0.0/24"
+                  "192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24" "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32"
+                  "203.0.113.0/24" "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8"
+                ];
+                max_image_pixels = "32M";
+                dynamic_thumbnails = false;
+              });
           };
           secrets = (listToAttrs (map
             (secret: { name = "synapse/${instance.name}/${secret}"; value = {}; })
-            [ "coturn" "registration" "macaroon" "form" "sliding-sync" ]))
+            [ "coturn" "registration" "macaroon" "form" ]))
             // { "synapse/${instance.name}/signing-key".owner = "synapse-${instance.name}"; }
             // { "mail/bot" = {}; };
         })
         (attrsToList synapse.instances));
       nixos.services =
       {
-        postgresql.instances = listToAttrs (concatLists (map
+        postgresql.instances = listToAttrs (map
           (instance:
-          [
-            {
-              name = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
-              value.initializeFlags = { TEMPLATE = "template0"; LC_CTYPE = "C"; LC_COLLATE = "C"; };
-            }
-            {
-              name = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}_sliding_sync";
-              value.user = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
-            }
-          ])
-          (attrsToList synapse.instances)));
+          {
+            name = "synapse_${replaceStrings [ "-" ] [ "_" ] instance.name}";
+            value.initializeFlags = { TEMPLATE = "template0"; LC_CTYPE = "C"; LC_COLLATE = "C"; };
+          })
+          (attrsToList synapse.instances));
         redis.instances = listToAttrs (map
           (instance: { name = "synapse-${instance.name}"; value.port = instance.value.redisPort; })
           (attrsToList synapse.instances));
         nginx =
         {
           enable = mkIf (synapse.instances != {}) true;
-          https = listToAttrs (concatLists (map
+          https = listToAttrs (map
             (instance: with instance.value;
-            [
+            {
+              name = hostname;
+              value.location =
               {
-                name = hostname;
-                value.location =
+                "/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
+                "/.well-known/matrix/server".static =
                 {
-                  "/".proxy = { upstream = "http://127.0.0.1:${toString port}"; websocket = true; };
-                  "/.well-known/matrix/server".static =
+                  root = builtins.toString (inputs.pkgs.writeTextFile
                   {
-                    root = builtins.toString (inputs.pkgs.writeTextFile
+                    name = "server";
+                    text = builtins.toJSON
                     {
-                      name = "server";
-                      text = builtins.toJSON
-                      {
-                        "m.server" = "${hostname}:443";
-                      };
-                      destination = "/.well-known/matrix/server";
-                    });
-                  };
+                      "m.server" = "${hostname}:443";
+                    };
+                    destination = "/.well-known/matrix/server";
+                  });
                 };
-              }
-              {
-                name = slidingSyncHostname;
-                value.location."/".proxy =
-                  { upstream = "http://127.0.0.1:${toString slidingSyncPort}"; websocket = true; };
-              }
-            ])
-            (attrsToList synapse.instances)));
+              };
+            })
+            (attrsToList synapse.instances));
         };
       };
     };

modules/services/vikunja.nix

@@ -1,48 +0,0 @@
-inputs:
-{
-  options.nixos.services.vikunja = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    autoStart = mkOption { type = types.bool; default = true; };
-    port = mkOption { type = types.ints.unsigned; default = 3456; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "vikunja.chn.moe"; };
-  };
-  config = let inherit (inputs.config.nixos.services) vikunja; in inputs.lib.mkIf vikunja.enable
-  {
-    services.vikunja =
-    {
-      enable = true;
-      environmentFiles = [ inputs.config.sops.templates."vikunja.env".path ];
-      settings =
-      {
-        service.timezone = "Asia/Shanghai";
-        mailer = { enable = true; host = "mail.chn.moe"; username = "bot@chn.moe"; fromemail = "bot@chn.moe"; };
-        defaultsettings.discoverable_by_email = true;
-      };
-      inherit (vikunja) port;
-      frontendScheme = "https";
-      frontendHostname = vikunja.hostname;
-      database.type = "postgres";
-    };
-    sops =
-    {
-      templates."vikunja.env".content = let placeholder = inputs.config.sops.placeholder; in
-      ''
-        VIKUNJA_SERVICE_JWTSECRET=${placeholder."vikunja/jwtsecret"}
-        VIKUNJA_DATABASE_PASSWORD=${placeholder."postgresql/vikunja"}
-        VIKUNJA_MAILER_PASSWORD=${placeholder."mail/bot"}
-      '';
-      secrets = { "vikunja/jwtsecret" = {}; "mail/bot" = {}; };
-    };
-    systemd.services.vikunja-api.enable = vikunja.autoStart;
-    nixos.services =
-    {
-      postgresql.instances.vikunja = {};
-      nginx =
-      {
-        enable = true;
-        https.${vikunja.hostname}.location."/".proxy.upstream = "http://127.0.0.1:${builtins.toString vikunja.port}";
-      };
-    };
-  };
-}

modules/services/wechat2tg.nix

@@ -0,0 +1,48 @@
+inputs:
+{
+  options.nixos.services.wechat2tg = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = null; };
+  config = let inherit (inputs.config.nixos.services) wechat2tg; in inputs.lib.mkIf (wechat2tg != null)
+  {
+    virtualisation.oci-containers.containers.wechat2tg =
+    {
+      image = "finalpi/wechat2tg:v1.3.3";
+      imageFile = inputs.pkgs.dockerTools.pullImage
+      {
+        imageName = "finalpi/wechat2tg";
+        imageDigest = "sha256:48e3aff3f501847f063318b41ca34af7d83278847d2eee40d7ffbf439ee4c194";
+        sha256 = "04hq577d981mdfz0xwklhj9ifgnpbv91d6zkf37awfrbsiqfkrr6";
+        finalImageName = "finalpi/wechat2tg";
+        finalImageTag = "v1.3.3";
+      };
+      volumes = [ "wechat2tg-config:/app/storage" "wechat2tg-files:/app/save-files" ];
+      environmentFiles = [ inputs.config.sops.templates."wechat2tg/env".path ];
+    };
+    sops =
+    {
+      templates."wechat2tg/env".content = let placeholder = inputs.config.sops.placeholder; in
+      ''
+        BOT_TOKEN=${placeholder."wechat2tg/token"}
+        # PROXY_HOST: ""
+        # PROXY_PORT: ""
+        # Proxy type: socks5, http, https
+        # PROXY_PROTOCOL: 'socks5'
+        # Optional username and password
+        # PROXY_USERNAME: ""
+        # PROXY_PASSWORD: ""
+        # API_ID: ""
+        # API_HASH: ""
+        ROOM_MESSAGE='<i>🌐#[topic]</i> ---- <b>👤#[(alias)] #[name]: </b>'
+        OFFICIAL_MESSAGE='<b>📣#[name]: </b>'
+        CONTACT_MESSAGE='<b>👤#[alias_first]: </b>'
+        ROOM_MESSAGE_GROUP='<b>👤#[(alias)] #[name]: </b>'
+        OFFICIAL_MESSAGE_GROUP='<b>📣#[name]: </b>'
+        CONTACT_MESSAGE_GROUP='<b>👤#[alias_first]: </b>'
+        CREATE_ROOM_NAME='#[topic]'
+        CREATE_CONTACT_NAME='#[alias]#[[name]]'
+        MESSAGE_DISPLAY='#[identity]#[br]#[body]'
+      '';
+      secrets."wechat2tg/token" = {};
+    };
+  };
+}

modules/services/writefreely.nix

@@ -1,38 +0,0 @@
-inputs:
-{
-  options.nixos.services.writefreely = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.nullOr (types.submodule (submoduleInputs: { options =
-    {
-      hostname = mkOption { type = types.nonEmptyStr; default = "write.chn.moe"; };
-    };}));
-    default = null;
-  };
-  config = let inherit (inputs.config.nixos.services) writefreely; in inputs.lib.mkIf (writefreely != null)
-  {
-    services.writefreely =
-    {
-      enable = true;
-      settings = { server.port = 7264; app = { host = "https://${writefreely.hostname}"; federation = true; }; };
-      host = writefreely.hostname;
-      database = { type = "mysql"; passwordFile = inputs.config.sops.secrets."writefreely/mariadb".path; };
-      admin = { name = "chn"; initialPasswordFile = inputs.config.sops.secrets."writefreely/chn".path; };
-    };
-    systemd.services = { writefreely.after = [ "mysql.service" ]; writefreely-mysql-init.after = [ "mysql.service" ]; };
-    sops.secrets =
-    {
-      "writefreely/chn".owner = "writefreely";
-      "writefreely/mariadb" = { owner = "writefreely"; key = "mariadb/writefreely"; };
-    };
-    nixos.services =
-    {
-      mariadb.instances.writefreely = {};
-      nginx =
-      {
-        enable = true;
-        https.${writefreely.hostname}.location."/".proxy.upstream =
-          "http://127.0.0.1:${builtins.toString inputs.config.services.writefreely.settings.server.port}";
-      };
-    };
-  };
-}

modules/services/xray.nix

@@ -56,8 +56,6 @@ inputs:
           {
             enable = true;
             settingsFile = inputs.config.sops.templates."xray-client.json".path;
-            package = inputs.pkgs.xray.overrideAttrs
-              (prev: { patches = prev.patches or [] ++ [ ./disable-splice.patch ];});
           };
           dnsmasq =
           {
@@ -235,7 +233,7 @@ inputs:
               let
                 ipset = "${inputs.pkgs.ipset}/bin/ipset";
                 iptables = "${inputs.pkgs.iptables}/bin/iptables";
-                ip = "${inputs.pkgs.iproute}/bin/ip";
+                ip = "${inputs.pkgs.iproute2}/bin/ip";
                 autoPort = "10880";
                 xmuPort = "10881";
                 proxyPort = "10883";
@@ -347,8 +345,6 @@ inputs:
         {
           enable = true;
           settingsFile = inputs.config.sops.templates."xray-server.json".path;
-          package = inputs.pkgs.xray.overrideAttrs
-            (prev: { patches = prev.patches or [] ++ [ ./disable-splice.patch ];});
         };
         sops =
         {
@@ -497,7 +493,7 @@ inputs:
                   chat = inputs.config.sops.secrets."telegram/chat".path;
                 in
                 ''
-                  message='${inputs.config.nixos.system.networking.hostname} xray:\n'
+                  message='${inputs.config.nixos.model.hostname} xray:\n'
                   for i in {0..${toString ((builtins.length userList) - 1)}}
                   do
                     upload_bytes=$(${xray} api stats --server=127.0.0.1:6149 \

modules/services/xray/disable-splice.patch

@@ -1,14 +0,0 @@
-diff --git a/proxy/proxy.go b/proxy/proxy.go
-index db92051..54d36b4 100644
---- a/proxy/proxy.go
-+++ b/proxy/proxy.go
-@@ -504,7 +504,8 @@ func CopyRawConnIfExist(ctx context.Context, readerConn net.Conn, writerConn net
- 				splice = false
- 			}
- 		}
--		if splice {
-+		_ = splice
-+		if false {
- 			newError("CopyRawConn splice").WriteToLog(session.ExportIDToError(ctx))
- 			statWriter, _ := writer.(*dispatcher.SizeStatWriter)
- 			//runtime.Gosched() // necessary

modules/system/binfmt.nix

@@ -1,8 +1,6 @@
 inputs:
 {
-  options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in mkOption
-    { type = types.nullOr (types.submodule {}); default = {}; };
-  config = let inherit (inputs.config.nixos.system) binfmt; in inputs.lib.mkIf (binfmt != null)
+  config =
   {
     programs.java = { enable = true; binfmt = true; };
     boot.binfmt.emulatedSystems = [ "aarch64-linux" "x86_64-windows" ];

modules/system/cluster.nix

@@ -1,21 +0,0 @@
-inputs:
-{
-  options.nixos.system.cluster = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.nullOr (types.submodule { options =
-    {
-      clusterName = mkOption { type = types.nonEmptyStr; };
-      nodeName = mkOption { type = types.nonEmptyStr; };
-      nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
-    };});
-    default = null;
-  };
-  config = let inherit (inputs.config.nixos.system) cluster; in inputs.lib.mkIf (cluster != null)
-  {
-    nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}";
-    # 作为从机时，home-manager 需要被禁用
-    systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map
-      (user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; })
-      inputs.config.nixos.user.users));
-  };
-}

modules/system/default.nix

@@ -17,7 +17,7 @@ inputs:
       supportedFilesystems = [ "ntfs" "nfs" "nfsv4" ];
       # consoleLogLevel = 7;
     };
-    hardware.enableAllFirmware = true;
+    hardware = { enableAllFirmware = true; bluetooth.enable = true; sensor.iio.enable = true; };
     environment =
     {
       sessionVariables = rec

modules/system/envfs.nix

@@ -1,8 +1,6 @@
 inputs:
 {
-  options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
-    { type = types.nullOr (types.submodule {}); default = {}; };
-  config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null)
+  config =
   {
     services.envfs.enable = true;
     environment.variables.ENVFS_RESOLVE_ALWAYS = "1";

modules/system/font.nix

@@ -1,11 +1,6 @@
 inputs:
 {
-  options.nixos.services.fontconfig = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.nullOr (types.submodule {});
-    default = if inputs.config.nixos.system.gui.enable then {} else null;
-  };
-  config = let inherit (inputs.config.nixos.services) fontconfig; in inputs.lib.mkIf (fontconfig != null)
+  config = inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
   {
     fonts =
     {
@@ -13,7 +8,7 @@ inputs:
       packages = with inputs.pkgs;
       [
         noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts hack-font inter
-        noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk
+        noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk-sans
         noto-fonts-emoji corefonts vistafonts vistafonts-chs
       ];
       fontconfig.defaultFonts =

modules/system/grub.nix

@@ -2,7 +2,7 @@ inputs:
 {
   options.nixos.system.grub = let inherit (inputs.lib) mkOption types; in
   {
-    timeout = mkOption { type = types.int; default = 5; };
+    timeout = mkOption { type = types.int; default = if inputs.config.nixos.model.type == "server" then 15 else 5; };
     windowsEntries = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
     # "efi" using efi, "efiRemovable" using efi with install grub removable, or dev path like "/dev/sda" using bios
     installDevice = mkOption { type = types.str; default = "efi"; };

modules/system/gui.nix

@@ -1,46 +1,39 @@
 inputs:
 {
-  options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    preferred = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.enable; };
-    autoStart = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
-  };
-  config = let inherit (inputs.config.nixos.system) gui; in inputs.lib.mkIf gui.enable
-  {
-    services =
+  config = inputs.lib.mkMerge
+  [
+    # enable gui
+    (inputs.lib.mkIf (builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ])
     {
-      displayManager =
+      services =
       {
-        sddm = { enable = inputs.lib.mkDefault true; wayland.enable = true; theme = "breeze"; };
-        defaultSession = "plasma";
+        displayManager =
+        {
+          sddm = { enable = inputs.lib.mkDefault true; wayland.enable = true; theme = "breeze"; };
+          defaultSession = "plasma";
+        };
+        desktopManager.plasma6.enable = true;
+        xserver.enable = true;
       };
-      desktopManager.plasma6.enable = true;
-      xserver.enable = true;
-    };
-    systemd.services.display-manager.enable = inputs.lib.mkDefault gui.autoStart;
-    environment =
-    {
-      sessionVariables =
+      environment =
       {
-        GTK_USE_PORTAL = "1";
-        NIXOS_OZONE_WL = inputs.lib.mkIf gui.preferred "1";
-      };
-      plasma6.excludePackages = inputs.lib.mkIf (!gui.preferred) [ inputs.pkgs.kdePackages.plasma-nm ];
-      persistence = let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
-      {
-        "${impermanence.root}".directories =
+        sessionVariables.GTK_USE_PORTAL = "1";
+        persistence."/nix/rootfs/current".directories =
           [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }];
       };
-    };
-    xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
-    i18n.inputMethod =
-    {
-      enable = true;
-      type = "fcitx5";
-      fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
-        [ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
-    };
-    programs.dconf.enable = true;
-  };
+      xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
+      i18n.inputMethod =
+      {
+        enable = true;
+        type = "fcitx5";
+        fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
+          [ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
+      };
+      programs.dconf.enable = true;
+    })
+    # prefer gui or not
+    (inputs.localLib.mkConditional (builtins.elem inputs.config.nixos.model.type [ "desktop" ])
+      { environment.sessionVariables.NIXOS_OZONE_WL = "1"; }
+      { environment.plasma6.excludePackages = [ inputs.pkgs.kdePackages.plasma-nm ]; })
+  ];
 }

modules/system/impermanence.nix

@@ -1,17 +1,10 @@
 inputs:
 {
-  options.nixos.system.impermanence = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = true; };
-    persistence = mkOption { type = types.nonEmptyStr; default = "/nix/persistent"; };
-    root = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs/current"; };
-    nodatacow = mkOption { type = types.nullOr types.nonEmptyStr; default = "/nix/nodatacow"; };
-  };
-  config = let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
+  config =
   {
     environment.persistence =
     {
-      "${impermanence.persistence}" =
+      "/nix/persistent" =
       {
         hideMounts = true;
         directories =
@@ -33,7 +26,7 @@ inputs:
           "/etc/ssh/ssh_host_rsa_key"
         ];
       };
-      "${impermanence.root}" =
+      "/nix/rootfs/current" =
       {
         hideMounts = true;
         directories =
@@ -45,7 +38,7 @@ inputs:
           "/var/lib/flatpak"
         ];
       };
-      "${impermanence.nodatacow}" =
+      "/nix/nodatacow" =
       {
         hideMounts = true;
         directories =

modules/system/initrd.nix

@@ -2,15 +2,7 @@ inputs:
 {
   options.nixos.system.initrd = let inherit (inputs.lib) mkOption types; in
   {
-    sshd =
-    {
-      enable = mkOption { type = types.bool; default = false; };
-      hostKeys = mkOption
-      {
-        type = types.listOf types.nonEmptyStr;
-        default = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ];
-      };
-    };
+    sshd = mkOption { type = types.nullOr (types.submodule {}); default = null; };
     unl0kr = mkOption { type = types.nullOr (types.submodule {}); default = null; };
   };
   config = let inherit (inputs.config.nixos.system) initrd; in inputs.lib.mkMerge
@@ -23,18 +15,21 @@ inputs:
       };
     }
     (
-      inputs.lib.mkIf (initrd.sshd.enable)
+      inputs.lib.mkIf (initrd.sshd != null)
       {
         boot =
         {
           initrd =
           {
-            network = { enable = true; ssh = { enable = true; hostKeys = initrd.sshd.hostKeys; }; };
+            network =
+            {
+              enable = true;
+              ssh = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
+            };
             # resolved does not work in initrd, causing network.target to fail
             services.resolved.enable = false;
           };
-          # ip=dhcp only attain ipv4
-          # ip=on will reset systemd-networkd configs
+          # do not use ip=xxx, as it will override systemd-networkd configurations
           # kernelParams = [ "ip=on" ];
         };
       }

modules/system/kernel/0001-drm-amdgpu-sdma5.2-limit-wptr-workaround-to-sdma-5.2.patch

@@ -1,47 +0,0 @@
-From 123c4d46272b7e72d7db3fe8b4131a8cc99613fb Mon Sep 17 00:00:00 2001
-From: Alex Deucher <alexander.deucher@amd.com>
-Date: Wed, 14 Aug 2024 10:28:24 -0400
-Subject: [PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1
-
-The workaround seems to cause stability issues on other
-SDMA 5.2.x IPs.
-
-Fixes: a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell")
-Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3556
-Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
----
- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
-index d740255edf5a..bc9b240a3488 100644
---- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
-+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
-@@ -225,14 +225,16 @@ static void sdma_v5_2_ring_set_wptr(struct amdgpu_ring *ring)
- 		DRM_DEBUG("calling WDOORBELL64(0x%08x, 0x%016llx)\n",
- 				ring->doorbell_index, ring->wptr << 2);
- 		WDOORBELL64(ring->doorbell_index, ring->wptr << 2);
--		/* SDMA seems to miss doorbells sometimes when powergating kicks in.
--		 * Updating the wptr directly will wake it. This is only safe because
--		 * we disallow gfxoff in begin_use() and then allow it again in end_use().
--		 */
--		WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR),
--		       lower_32_bits(ring->wptr << 2));
--		WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI),
--		       upper_32_bits(ring->wptr << 2));
-+		if (amdgpu_ip_version(adev, SDMA0_HWIP, 0) == IP_VERSION(5, 2, 1)) {
-+			/* SDMA seems to miss doorbells sometimes when powergating kicks in.
-+			 * Updating the wptr directly will wake it. This is only safe because
-+			 * we disallow gfxoff in begin_use() and then allow it again in end_use().
-+			 */
-+			WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR),
-+			       lower_32_bits(ring->wptr << 2));
-+			WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI),
-+			       upper_32_bits(ring->wptr << 2));
-+		}
- 	} else {
- 		DRM_DEBUG("Not using doorbell -- "
- 				"mmSDMA%i_GFX_RB_WPTR == 0x%08x "
--- 
-2.46.0
-

modules/system/kernel/btrfs.patch

@@ -1,141 +0,0 @@
-From ae1e766f623f7a2a889a0b09eb076dd9a60efbe9 Mon Sep 17 00:00:00 2001
-From: Filipe Manana <fdmanana@suse.com>
-Date: Sun, 11 Aug 2024 11:53:42 +0100
-Subject: btrfs: only run the extent map shrinker from kswapd tasks
-
-Currently the extent map shrinker can be run by any task when attempting
-to allocate memory and there's enough memory pressure to trigger it.
-
-To avoid too much latency we stop iterating over extent maps and removing
-them once the task needs to reschedule. This logic was introduced in commit
-b3ebb9b7e92a ("btrfs: stop extent map shrinker if reschedule is needed").
-
-While that solved high latency problems for some use cases, it's still
-not enough because with a too high number of tasks entering the extent map
-shrinker code, either due to memory allocations or because they are a
-kswapd task, we end up having a very high level of contention on some
-spin locks, namely:
-
-1) The fs_info->fs_roots_radix_lock spin lock, which we need to find
-   roots to iterate over their inodes;
-
-2) The spin lock of the xarray used to track open inodes for a root
-   (struct btrfs_root::inodes) - on 6.10 kernels and below, it used to
-   be a red black tree and the spin lock was root->inode_lock;
-
-3) The fs_info->delayed_iput_lock spin lock since the shrinker adds
-   delayed iputs (calls btrfs_add_delayed_iput()).
-
-Instead of allowing the extent map shrinker to be run by any task, make
-it run only by kswapd tasks. This still solves the problem of running
-into OOM situations due to an unbounded extent map creation, which is
-simple to trigger by direct IO writes, as described in the changelog
-of commit 956a17d9d050 ("btrfs: add a shrinker for extent maps"), and
-by a similar case when doing buffered IO on files with a very large
-number of holes (keeping the file open and creating many holes, whose
-extent maps are only released when the file is closed).
-
-Reported-by: kzd <kzd@56709.net>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=219121
-Reported-by: Octavia Togami <octavia.togami@gmail.com>
-Link: https://lore.kernel.org/linux-btrfs/CAHPNGSSt-a4ZZWrtJdVyYnJFscFjP9S7rMcvEMaNSpR556DdLA@mail.gmail.com/
-Fixes: 956a17d9d050 ("btrfs: add a shrinker for extent maps")
-CC: stable@vger.kernel.org # 6.10+
-Tested-by: kzd <kzd@56709.net>
-Tested-by: Octavia Togami <octavia.togami@gmail.com>
-Signed-off-by: Filipe Manana <fdmanana@suse.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/extent_map.c | 22 ++++++----------------
- fs/btrfs/super.c      | 10 ++++++++++
- 2 files changed, 16 insertions(+), 16 deletions(-)
-
-diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
-index 23b65dc73c0048..10ac5f657e3889 100644
---- a/fs/btrfs/extent_map.c
-+++ b/fs/btrfs/extent_map.c
-@@ -1147,8 +1147,7 @@ static long btrfs_scan_inode(struct btrfs_inode *inode, struct btrfs_em_shrink_c
- 		return 0;
- 
- 	/*
--	 * We want to be fast because we can be called from any path trying to
--	 * allocate memory, so if the lock is busy we don't want to spend time
-+	 * We want to be fast so if the lock is busy we don't want to spend time
- 	 * waiting for it - either some task is about to do IO for the inode or
- 	 * we may have another task shrinking extent maps, here in this code, so
- 	 * skip this inode.
-@@ -1191,9 +1190,7 @@ next:
- 		/*
- 		 * Stop if we need to reschedule or there's contention on the
- 		 * lock. This is to avoid slowing other tasks trying to take the
--		 * lock and because the shrinker might be called during a memory
--		 * allocation path and we want to avoid taking a very long time
--		 * and slowing down all sorts of tasks.
-+		 * lock.
- 		 */
- 		if (need_resched() || rwlock_needbreak(&tree->lock))
- 			break;
-@@ -1222,12 +1219,7 @@ static long btrfs_scan_root(struct btrfs_root *root, struct btrfs_em_shrink_ctx
- 		if (ctx->scanned >= ctx->nr_to_scan)
- 			break;
- 
--		/*
--		 * We may be called from memory allocation paths, so we don't
--		 * want to take too much time and slowdown tasks.
--		 */
--		if (need_resched())
--			break;
-+		cond_resched();
- 
- 		inode = btrfs_find_first_inode(root, min_ino);
- 	}
-@@ -1285,14 +1277,12 @@ long btrfs_free_extent_maps(struct btrfs_fs_info *fs_info, long nr_to_scan)
- 							   ctx.last_ino);
- 	}
- 
--	/*
--	 * We may be called from memory allocation paths, so we don't want to
--	 * take too much time and slowdown tasks, so stop if we need reschedule.
--	 */
--	while (ctx.scanned < ctx.nr_to_scan && !need_resched()) {
-+	while (ctx.scanned < ctx.nr_to_scan) {
- 		struct btrfs_root *root;
- 		unsigned long count;
- 
-+		cond_resched();
-+
- 		spin_lock(&fs_info->fs_roots_radix_lock);
- 		count = radix_tree_gang_lookup(&fs_info->fs_roots_radix,
- 					       (void **)&root,
-diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
-index 83478deada3bd2..11044e9e2cb110 100644
---- a/fs/btrfs/super.c
-+++ b/fs/btrfs/super.c
-@@ -28,6 +28,7 @@
- #include <linux/btrfs.h>
- #include <linux/security.h>
- #include <linux/fs_parser.h>
-+#include <linux/swap.h>
- #include "messages.h"
- #include "delayed-inode.h"
- #include "ctree.h"
-@@ -2409,6 +2410,15 @@ static long btrfs_free_cached_objects(struct super_block *sb, struct shrink_cont
- 	const long nr_to_scan = min_t(unsigned long, LONG_MAX, sc->nr_to_scan);
- 	struct btrfs_fs_info *fs_info = btrfs_sb(sb);
- 
-+	/*
-+	 * We may be called from any task trying to allocate memory and we don't
-+	 * want to slow it down with scanning and dropping extent maps. It would
-+	 * also cause heavy lock contention if many tasks concurrently enter
-+	 * here. Therefore only allow kswapd tasks to scan and drop extent maps.
-+	 */
-+	if (!current_is_kswapd())
-+		return 0;
-+
- 	return btrfs_free_extent_maps(fs_info, nr_to_scan);
- }
- 
--- 
-cgit 1.2.3-korg
-

modules/system/kernel/default.nix

@@ -4,24 +4,19 @@ inputs:
   {
     variant = mkOption
     {
-      type = types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" "cachyos-server" "zen" ];
+      type = types.nullOr (types.enum
+        [ "nixos" "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" "cachyos-server" "zen" ]);
       default = "xanmod-lts";
     };
     patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
-    modules =
-    {
-      install = mkOption { type = types.listOf types.str; default = []; };
-      load = mkOption { type = types.listOf types.str; default = []; };
-      initrd = mkOption { type = types.listOf types.str; default = []; };
-      modprobeConfig = mkOption { type = types.listOf types.str; default = []; };
-    };
+    modules.modprobeConfig = mkOption { type = types.listOf types.str; default = []; };
   };
   config = let inherit (inputs.config.nixos.system) kernel; in inputs.lib.mkMerge
   [
     {
       boot =
       {
-        kernelModules = [ "br_netfilter" ] ++ kernel.modules.load;
+        kernelModules = [ "br_netfilter" ];
         # modprobe --show-depends
         initrd.availableKernelModules =
         [
@@ -41,10 +36,10 @@ inputs:
         ++ (inputs.lib.optionals (kernel.variant != "nixos") [ "crypto_simd" ])
         # for pi3b to show message over hdmi while boot
         ++ (inputs.lib.optionals (kernel.variant == "nixos") [ "vc4" "bcm2835_dma" "i2c_bcm2835" ]);
-        extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
+        extraModulePackages = with inputs.config.boot.kernelPackages; [ v4l2loopback zenpower ];
         extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
         kernelParams = [ "delayacct" ];
-        kernelPackages =
+        kernelPackages = inputs.lib.mkIf (kernel.variant != null)
         {
           nixos = inputs.pkgs.linuxPackages;
           xanmod-lts = inputs.pkgs.linuxPackages_xanmod;
@@ -59,15 +54,6 @@ inputs:
           let
             patches =
             {
-              cjktty =
-              [{
-                name = "cjktty";
-                patch =
-                  let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
-                  in "${inputs.topInputs.cjktty}/v6.x/cjktty-${version}.patch";
-                extraStructuredConfig =
-                  { FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };
-              }];
               lantian =
               [{
                 name = "lantian";
@@ -88,45 +74,6 @@ inputs:
                   HZ = inputs.lib.mkForce (freeform "1000");
                 };
               }];
-              surface =
-                let
-                  version =
-                    let versionArray = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
-                    in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
-                  kernelPatches = builtins.map
-                    (file:
-                    {
-                      name = "surface-${file.name}";
-                      patch = "${inputs.topInputs.linux-surface}/patches/${version}/${file.name}";
-                    })
-                    (builtins.filter
-                      (file: file.value == "regular")
-                      (inputs.localLib.attrsToList (builtins.readDir
-                        "${inputs.topInputs.linux-surface}/patches/${version}")));
-                  kernelConfig = builtins.removeAttrs
-                    (builtins.listToAttrs (builtins.concatLists (builtins.map
-                      (configString:
-                        if builtins.match "CONFIG_.*=." configString == [] then
-                        (
-                          let match = builtins.match "CONFIG_(.*)=(.)" configString; in with inputs.lib.kernel;
-                          [{
-                            name = builtins.elemAt match 0;
-                            value = { m = module; y = yes; }.${builtins.elemAt match 1};
-                          }]
-                        )
-                        else if builtins.match "# CONFIG_.* is not set" configString == [] then
-                        [{
-                          name = builtins.elemAt (builtins.match "# CONFIG_(.*) is not set" configString) 0;
-                          value = inputs.lib.kernel.unset;
-                        }]
-                        else if builtins.match "#.*" configString == [] then []
-                        else if configString == "" then []
-                        else throw "could not parse: ${configString}"
-                      )
-                      (inputs.lib.strings.splitString "\n"
-                        (builtins.readFile "${inputs.topInputs.linux-surface}/configs/surface-${version}.config")))))
-                    [ "VIDEO_IPU3_IMGU" ];
-                in kernelPatches ++ [{ name = "surface-config"; patch = null; extraStructuredConfig = kernelConfig; }];
               hibernate-progress =
               [{
                 name = "hibernate-progress";
@@ -134,27 +81,10 @@ inputs:
                   let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
                   in ./hibernate-progress-${version}.patch;
               }];
-              # TODO: remove in 6.11
-              btrfs =
-              [{
-                name = "btrfs";
-                patch =
-                  let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
-                  in if version == "6.10" then ./btrfs.patch else null;
-              }];
-              amdgpu =
-              [{
-                name = "amdgpu";
-                patch = ./0001-drm-amdgpu-sdma5.2-limit-wptr-workaround-to-sdma-5.2.patch;
-              }];
             };
-          in builtins.concatLists (builtins.map (name: patches.${name}) (kernel.patches ++ [ "btrfs" ]));
+          in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
       };
     }
-    (
-      inputs.lib.mkIf (inputs.lib.strings.hasPrefix "cachyos" kernel.variant)
-        { nixos.packages.packages._packages = [ inputs.pkgs.scx ]; }
-    )
     (
       inputs.lib.mkIf (kernel.variant == "rpi3")
         { boot.initrd = { systemd.enableTpm2 = false; includeDefaultModules = false; }; }