chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 07:49:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:srv
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
..
compare: chn:fcitx5
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

1 Commits
srv ... fcitx5

Author SHA1 Message Date
chn
71f0a9ab87 暂存 2024-08-22 09:59:14 +08:00
208 changed files with 4232 additions and 4560 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -5,4 +5,3 @@ outputs
build
.vscode
.cache
.ccls-cache

26
.sops.yaml
View File

@@ -1,7 +1,7 @@
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- &vps4 age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
@@ -9,10 +9,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
- &srv1-node3 age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5
- &pcvm age1jmu4jym0e0xkq5shx2g7ef4xzre94vaxy2n4fcn0kp94dtlupdxqkzyyp7
creation_rules:
- path_regex: devices/pc/.*$
key_groups:
@@ -59,23 +56,8 @@ creation_rules:
- age:
- *chn
- *pi3b
- path_regex: devices/srv1/node0/.*$
- path_regex: devices/pcvm/.*$
key_groups:
- age:
- *chn
- *srv1-node0
- path_regex: devices/srv1/node1/.*$
key_groups:
- age:
- *chn
- *srv1-node1
- path_regex: devices/srv1/node2/.*$
key_groups:
- age:
- *chn
- *srv1-node2
- path_regex: devices/srv1/node3/.*$
key_groups:
- age:
- *chn
- *srv1-node3
- *pcvm

3
devices/jykang.xmuhpc/.ssh/authorized_keys
View File

@@ -4,9 +4,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKk
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@xmupc1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@xmupc1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW2fx1Sim7X2i/e/RBPEl1q/XbV7wa9pmZfnRINHIv24MCUgtNZ5GHEEW7dvzrQBeRj3I7CAyK8fbuhv/l8HuDtjxJJ1fmcBp9UG5vfpb/UTxayJxHBRrwokp2JL7HKVviI6d8FcNa/T0CMoUNYXnel6dE3B78k9Q0dDxlOGS1MzgsP3Pn66lm0ww9FRAVHe+KkhFmwyQ1VHUxHgK4QjCIt7+9+PJE7fK0aVWBsR309pui7Pbm6mgd4d6mwiBeVvxsNGnI4DsO1hz4N2GapuQy19PDiG7A4H41Z5RYQnv/3XTy4TBXOFQm77v6pyGkCmG6BGnRdvMB6C0hWPJvudbsA/BNp4ApL7/CrwTdLp1z6ToAOLvKrUQAM+hcbJimnFVMXqz7iSYg99XTnzue7ncecp19XiaDJbM47bGXcT4nTO5XaiMYi2xGAHIrij5GIuFF5ymKYSp5ejb1VucMdKlaaAmS10+wdUcuT7tzX/IuVr5aqg2dsxT5aJCRhZ1k2V0= xly@xmuhpc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRpyIU8ZuYTa0LvsVHmJZ1FA7Lbp4PObjkwo+UcpCP8 wp@xmupc1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRZp8xp9hVO7e/6eflQsnFZj853IRVywc97cTevnWbg hjp@xmupc1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh wm
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc

7
devices/nas/default.nix
View File

@@ -24,7 +24,7 @@ inputs:
};
};
};
luks.manual =
decrypt.manual =
{
enable = true;
devices =
@@ -40,8 +40,8 @@ inputs:
};
initrd.sshd.enable = true;
nixpkgs.march = "silvermont";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
networking.networkd = {};
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
networking = { hostname = "nas"; networkd = {}; };
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
@@ -62,7 +62,6 @@ inputs:
publicKey = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
wireguardIp = "192.168.83.4";
};
misskey.instances.misskey = {};
};
};
};

12
devices/nas/secrets.yaml
View File

@@ -4,12 +4,6 @@ acme:
token: ENC[AES256_GCM,data:OrYgBRU1VPpkpDzYMFHINfPSHsXEKABdZOcgiAiBJKcreBoaSVHUvg==,iv:XIeZPJhzmUi5ZHKBCYN5UA9HWH1K+26SvcIWVrHAYDA=,tag:3F93syLBZjcHwnRRkUEjlw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:VPlB4wSbWqSYw3rYRwfAMa39xrPcPZfz7sV2Cq3rmOhifnUPwggxnA+51do=,iv:utnyrB6Yfe5O94Oq4HDVFm/lQ9ZBoyvUT68r2G2PdwA=,tag:snm01vA+z2yKK8d2i5i2ig==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:ezBawTyn+oPKKy6sQuj2BQXhnO4PTbxYWRpQR9URCxqD7bFlnmWU1Q==,iv:eD4yLDA209x6HFtDaqyj8kRxTImdyZCgOminHWb9vt4=,tag:mx+qPp4L9jHRvL90XH1RwA==,type:str]
redis:
misskey-misskey: ENC[AES256_GCM,data:daHnurnqW0MI2uHd3gNT+ZczmytRdwBSsHGkCwNH9hJFMJW/U56HtjG5ivOQzYprWJ5uzgN98ivocbwzJEAGfg==,iv:aE9kvEErN06FNPPFQNchbmg/+SJCKT3QzCN/JTlZovk=,tag:iMo3MTssxKKT02zi8gCZPA==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:QhsmKzYmAV0kGPhtRjTK7npt/Nop5JM9EFPpD8K6KfUJ48w+r+4vTORmERu7D2+fE3XDXxNZeSJg//bGxMmhfg==,iv:qkjkrqepjQ4kbwoaceQSzEP5TjLsiY7ih/ESj5RFpHw=,tag:UtZVW30xcsbGUjU2HjoUvw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -34,8 +28,8 @@ sops:
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-05T02:43:05Z"
mac: ENC[AES256_GCM,data:NyXFwcVCCRfU+QSJVwov38SzRag1vhgfyQ0xtOheKtK/UaA+2Vqiqatp/lKWeri9ltpw5xWBYQnmE6aBHEkrj5RvoXeho3CUWiSqsB/3COn3FSfXGGJ2M642dnCtWqHfTrGNW7bhq/lBisODvtv+SAs108R5yYXhXWotUs/p+W0=,iv:Wsel2unj5X/dBCwt5sLzHmUIqm9c0uqzzpfnUkxq5cc=,tag:a5/I8GWuUOy4F4lOx9TH+w==,type:str]
lastmodified: "2024-07-24T05:14:57Z"
mac: ENC[AES256_GCM,data:9xKBuoVeotcZfiqsKg+iXxOc5BV9kGVvR5f9Anu6DauBceYIBxgeVCDU3dRUPz67MkOK/n2w9+gLchQxUyK8G4ECRTESL+GKpZslNVThb2j6vswLXNBHqsQCoQBlYOiKw5ZM1gpdYJPni8qpsdGvTwc5JkW+FH6v1BdZWaUhc3U=,iv:SyLiMXsQhS+8FFlSMXiD9ETD+mIsz6mePXnJzBODK5g=,tag:YpiU58lJ5Nb78EMyEmJdbw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.8.1

38
devices/pc/default.nix
View File

@@ -13,7 +13,7 @@ inputs:
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto =
decrypt.auto =
{
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
@@ -23,7 +23,7 @@ inputs:
resume = "/dev/mapper/swap";
rollingRootfs = {};
};
grub.windowsEntries."645C-284C" = "Windows";
grub.windowsEntries."7AF0-D2F2" = "Windows";
nix =
{
marches =
@@ -36,7 +36,7 @@ inputs:
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
"skylake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
@@ -53,6 +53,7 @@ inputs:
modules.modprobeConfig =
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
networking.hostname = "pc";
sysctl.laptop-mode = 5;
gui.enable = true;
};
@@ -62,12 +63,14 @@ inputs:
gpu =
{
type = "amd+nvidia";
nvidia = { prime.busId = { amd = "6:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
nvidia = { prime.busId = { amd = "5:0:0"; nvidia = "1:0:0"; }; dynamicBoost = true; driver = "latest"; };
};
legion = {};
};
virtualization =
{
waydroid.enable = true;
docker.enable = true;
kvmHost = { enable = true; gui = true; };
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
@@ -77,6 +80,7 @@ inputs:
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
@@ -101,9 +105,9 @@ inputs:
"log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com"
"dispatchcnglobal.yuanshen.com"
])
++ [{ name = "4006024680.com"; value = "192.168.199.1"; }]
);
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme.cert."debug.mirism.one" = {};
frpClient =
{
@@ -127,22 +131,13 @@ inputs:
slurm =
{
enable = true;
master = "pc";
node.pc =
{
name = "pc"; address = "127.0.0.1";
cpu = { cores = 16; threads = 2; };
memoryMB = 90112;
gpus."4060" = 1;
};
partitions.localhost = [ "pc" ];
tui = { cpuMpiThreads = 4; cpuOpenmpThreads = 4; gpus = [ "4060" ]; };
cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
memoryMB = 90112;
gpus."4060" = 1;
};
ollama = {};
waydroid = {};
docker = {};
};
bugs = [ "xmunet" "backlight" "amdpstate" "bluetooth" ];
bugs = [ "xmunet" "backlight" "amdpstate" ];
};
boot =
{
@@ -168,8 +163,6 @@ inputs:
};
# 禁止鼠标等在睡眠时唤醒
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
# 允许kvm读取物理硬盘
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
networking.extraHosts = "74.211.99.69 mirism.one beta.mirism.one ng01.mirism.one";
services.colord.enable = true;
environment.persistence."/nix/archive" =
@@ -190,6 +183,11 @@ inputs:
};
system.nixos.tags = [ "nvidia" ];
};
zen.configuration =
{
nixos.system.kernel = { variant = inputs.lib.mkForce "zen"; patches = inputs.lib.mkForce []; };
system.nixos.tags = [ "zen" ];
};
};
};
}

10
devices/pc/secrets/default.yaml
View File

@@ -22,10 +22,6 @@ nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
github:
token: ENC[AES256_GCM,data:59z1zSofzUyv2Qfn8oS7dZplzJDtOD/zxhPm07MLbVLHt8mE57IGcw==,iv:nZ4JmIE1h496RN6BChvqo7XWHjur76jP4HMgqGBbMJQ=,tag:pUSGsofG7hvkvJxCRwkg1Q==,type:str]
age: ENC[AES256_GCM,data:EPjip4/tz50e+blPko9NpzDamLRO6BVy64kDnGAhUJJ/bMw6V9Of8RzuiqUupIjEmFiUcgWf9ZsV5RZO3Ai9udq0W7mYS1Y/zn4=,iv:TBs/o6mp8t+S3Ma5/QhnLhzgl852HB3sEzKy9SvKJjU=,tag:2yMUVWPua2g0VOkaXpJzKQ==,type:str]
user:
#ENC[AES256_GCM,data:a4mHxr7bn7BV,iv:FYQk3yv3XgxNO9CnrQefo3WqhO0Sf8Mihfp+Iw4AcWM=,tag:jebxvG+xUidghf5dOlvDYA==,type:comment]
zzn: ENC[AES256_GCM,data:xBSve41JclBYQULPN7yV/1Eyo3u+CHAewVetKHwjvl6Te0kk/+aLx6gs8EpOJGmVaiSAdt6F2ayHXUD8RXXpJIOnnEHk88kqbw==,iv:XPxMLvlVtaZvpWnau5Jwlj/5ty5Zyw4F44ix5G64Z84=,tag:uJfWb0PCebdMtxXMfueULQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ -50,8 +46,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-04T01:39:48Z"
mac: ENC[AES256_GCM,data:VkpF9zTWRLMriukAif6lfp8uy6+IcPDYUnXCQ5XLUtSstEyUoaVBjn+VVAoKkLX3MnyR6gyiYVWDDJmXrsyNoQpjRVQR0yu0p6p7sB3voGKiNxhw5qGwZj4IIXnHFWvktgWiawCiUkmSTUUHxe0XjAh7AWxjGqgAs/oyWGq/YfE=,iv:IQbJAhW/y18s57CAwRPeypQreBqQb0KkJAgIZ90QXJU=,tag:a0AB3l83j31Ex6PH9ziHRg==,type:str]
lastmodified: "2024-05-24T03:34:07Z"
mac: ENC[AES256_GCM,data:+nJ/wuO5G6pEsCiBNEHOYrbiYyGXXIHu3ZUgEVwqLQ10W94EOGLUto61IGtkapk4xmaHYAVmUlq76g2hRGrndLVlUthGnEc5QoQKZoUmrxK7ux1R2ubv0s1k+l2HpRerr/I8X+hHyV0fdxT6ivkpq6OsEzHDnxgewDvYNZGQS4k=,iv:TuzO1Yo0MPms5RrG8+GbwSCOILp9BF7Jsv5JvcAPwFw=,tag:fUNc+ccQDE/jcMLuQ4thCQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.8.1

28
devices/pcarm/default.nix Normal file
View File

@@ -0,0 +1,28 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
# TODO: reparition
vfat."/dev/disk/by-uuid/CE84-E0D8" = "/boot";
btrfs."/dev/disk/by-uuid/61f51d93-d3e5-4028-a903-332fafbfd365" =
{ "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
};
rollingRootfs = {};
};
networking = { hostname = "pcarm"; networkd = {}; };
nixpkgs.arch = "aarch64";
kernel.variant = "nixos";
sops.enable = false;
};
services.sshd = {};
};
};
}

28
devices/pcvm/default.nix Normal file
View File

@@ -0,0 +1,28 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
# TODO: reparition
vfat."/dev/disk/by-uuid/AE90-1DD1" = "/boot";
btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
decrypt.auto."/dev/disk/by-uuid/a9e4a508-3f0b-492e-b932-e2019be28615" = { mapper = "root"; ssd = true; };
rollingRootfs = {};
};
kernel.variant = "xanmod-latest";
networking.hostname = "pcvm";
initrd.sshd.enable = true;
};
hardware.cpus = [ "amd" ];
services.sshd = {};
};
};
}

39
devices/pcvm/secrets.yaml Normal file
View File

@@ -0,0 +1,39 @@
hello: ENC[AES256_GCM,data:7xCy5PqPVdUNIdzqaGQLsPA88mAfRt6T57LjFDwOaTlhdejLPrBdyN4=,iv:dM0QWDpylPjnbtdNrjV8LHISNi/U718+xooFm0qTcbI=,tag:d5HbLG7yF3QRz7nP+4aeiA==,type:str]
example_key: ENC[AES256_GCM,data:K5SD4k9jL5r4ZSUwNQ==,iv:mJrZshT0PKmT7OJE/ZBUWzq1Gc6xXymFbypxwQtQJq8=,tag:I4+AyMh+AVpmWa1fdIJpyA==,type:str]
#ENC[AES256_GCM,data:vHj6+kNand8d1AzgXTaOMQ==,iv:j6b3SDqzVgY8U/puEm9UcpJYGK84gF/YIXzRbG0radQ=,tag:yzfXKHReJ0++3fhk2ztbBA==,type:comment]
example_array:
- ENC[AES256_GCM,data:vRjjfVSy8g5mBZVM/oU=,iv:C+HE4Q157eNhEmcDJSMJINfMgztf6XfELCjotg8q3XU=,tag:JSQDItdYbCCs65tmbeR6tg==,type:str]
- ENC[AES256_GCM,data:xzfN6WiT8r8YcWtS+H4=,iv:btlOvqrn0pITT3rCTIjgS2b5TrfNKym0yPEnE7bJDqg=,tag:Wf40b8zBhrv452OKodkU+w==,type:str]
example_number: ENC[AES256_GCM,data:akqZ12u1wl4Zww==,iv:hS3NBWI7o6dZLtsIsoVHYdtyqpUmbQrpMHPhRRzEd18=,tag:1voFm4LuupWJMGP3xd0k4A==,type:float]
example_booleans:
- ENC[AES256_GCM,data:wWEU8w==,iv:rf8uwo+sP9YFyPmoxROVVmrx+q6Yr0PIOWznM96w9XY=,tag:nVJdD1Z7U8zVRBxs8gLvQQ==,type:bool]
- ENC[AES256_GCM,data:gVe51tg=,iv:eOJ2TOWStHpckNyYx2UdLcipshFpjcWtEids5c+Q8bs=,tag:0iSjlC/TgNfl7ZtXmttgaQ==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTGliaUlvOVlxejZhSDZi
YU96S0VPOE5Ldk56WlJjTzBSRm9oYnBoQ0NBCnhJWmg3KzUrT1VyemRiSWtQeklS
UFFFTjdod0g1d1EvYWJoOElJSjIrWTgKLS0tIDlaQnJOMTZRUms4am1mQjV5MzFJ
QlhKL1ltY2lGZGU0clhIRTRsSW5BOTgK4gKbhvF1bV/YdKOxzqrecHPDAKPOd81V
YnWgLpP6h+zycx80iqwsfqiQJdPyDrfhB43ksn2oxsX0qXtLI9j9TQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jmu4jym0e0xkq5shx2g7ef4xzre94vaxy2n4fcn0kp94dtlupdxqkzyyp7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRU1IRXZkbFQ4elgydTlv
VlRVKzJIWDVCZk5xaTd0Y2JXS2l0Mi85Zm1jCnNkS0NETm5SaG9WUE9Mb3RtbE5B
YTRmWHNXTk9hZHNBT0FxT1RNNnFMNEkKLS0tIGRWNWpLcDVtOEdGZHFPT3paeVo2
QWsreTlaVW5Bd2lZb3JZeTdjcG9WQlEKy3p4QnjPrJtfaueLKBzMz7VZ9QfrTer1
lEP8mInFprR65LtpoKabsTWQwkzURzB/OdbKSYG2o6Rlqy9L3d5eBw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-02T23:46:35Z"
mac: ENC[AES256_GCM,data:OncqYSgPSoge5Nw6eh0A4cm0KXSQhmSpGIu5WSv38LdMto5fNLIK2VRIwaXfq9nyf10bxNN7xSADj2GPhMiwlHM8nIQXtxdlWsZfEOc/qOWM8nz+9DPKtKGD6RZcDLDRhNTDxzPXGWIuY1tDKQpUlt/iDlymSskcqSrdTfBqCGk=,iv:NesxRr6FXXApE8aafnAV3x6hwCoAxoEly/QkcyAQ8Pw=,tag:3o37dr4vKLqEENIdj8RHXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
devices/pi3b/default.nix
View File

@@ -18,7 +18,7 @@ inputs:
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
networking.networkd = {};
networking = { hostname = "pi3b"; networkd = {}; };
nixpkgs.arch = "aarch64";
kernel.variant = "nixos";
};

73
devices/srv1/default.nix
View File

@@ -1,73 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount = let inherit (inputs.config.nixos.system.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
gui.enable = true;
};
hardware.cpus = [ "intel" ];
services =
{
snapper.enable = true;
sshd.passwordAuthentication = true;
smartd.enable = true;
slurm =
{
enable = true;
master = "srv1-node0";
node =
{
srv1-node0 =
{
name = "n0"; address = "192.168.178.1";
cpu = { sockets = 4; cores = 20; threads = 2; };
memoryMB = 122880;
};
srv1-node1 =
{
name = "n1"; address = "192.168.178.2";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryMB = 30720;
};
srv1-node2 =
{
name = "n2"; address = "192.168.178.3";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryMB = 61440;
};
srv1-node3 =
{
name = "n3"; address = "192.168.178.4";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryMB = 38912;
};
};
partitions =
{
localhost = [ "srv1-node0" ];
old = [ "srv1-node1" "srv1-node3" ];
fdtd = [ "srv1-node2" ];
all = [ "srv1-node0" "srv1-node1" "srv1-node2" "srv1-node3" ];
};
tui = { cpuMpiThreads = 8; cpuOpenmpThreads = 10; };
setupFirewall = true;
};
};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
};
};
}

46
devices/srv1/node0/default.nix
View File

@@ -1,46 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "cascadelake";
networking.networkd.static =
{
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
cluster.nodeType = "master";
};
services =
{
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
wireguardIp = "192.168.83.9";
};
nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; };
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
samba =
{
enable = true;
hostsAllowed = "";
shares = { home.path = "/home"; root.path = "/"; };
};
};
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
};
# allow other machine access network by this machine
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
# TODO: why?
networking.firewall.trustedInterfaces = [ "eno146" ];
};
}

56
devices/srv1/node0/secrets/default.yaml
View File

@@ -1,56 +0,0 @@
wireguard:
privateKey: ENC[AES256_GCM,data:egNwovz+DTKoaGs/QQXR3MD7AImGlMlBnYsAZ1nuYnlgTVPM28aiLJ4iLGM=,iv:cFcf/sjqTmGqceNwHnzrhs1IvhDPRJi5YkyFVpjrsrs=,tag:yUwvNYCHjK+7+xkM2cuQNQ==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
acme:
token: ENC[AES256_GCM,data:k5QU1aHvd/hSG4yncffSwnxQvhULHd0I8wtrXD2FcOH3SWswkmzMOA==,iv:WB18Wsl0nxUQ6Om3SXP5+0BtFbNZ8fCXTyPJqj6a9Ik=,tag:dKpr52W7Wdwws87r3hQxqw==,type:str]
users:
#ENC[AES256_GCM,data:rNA32tcCmriP,iv:No3Hyee58jDzZaXOD8SJYzgQXXs58oAddwC5Q9mo55E=,tag:RgZO7fgZkAr3Pawqt0dwmQ==,type:comment]
xll: ENC[AES256_GCM,data:kq6gpuxBRbDP7Yi16WJrrsumnSfersI2kP5pT5efn5CjbL65JaW/Bff9P4OM6b3J21ObT0uRSmParBqW4OvN/UA4KXDhibqwRg==,iv:GvpNgy8kREgxp9v0cyIobgg2ZrrxylMmwq1hRaAoNA8=,tag:RpD/1FjWVglzt8sIAjjpsg==,type:str]
#ENC[AES256_GCM,data:nl+uNO7GVV4r,iv:8hUmN4uWOqJE0g1aYA5dqQq+0oCpYGKe//yuECpmyBM=,tag:79XibRYMadJNE5Uy1O+4Jw==,type:comment]
zem: ENC[AES256_GCM,data:t6zd/9ZoJWEkPhKyfaUXWQM2Y2unpUUq79SEKSt8nmWCQxlBk4PzMX031CwNde/0A4G3ARyIoU8vcFqp8NaBMA64INccKccrGQ==,iv:QOKpu7lm6uiPACNGa0QvHP81PP/4doS3r95h8/nexcs=,tag:J85l6pYh9WT/LyMbTrw+vA==,type:str]
#ENC[AES256_GCM,data:7SGmLzQyXKWo,iv:lr7nM0r7eMc+sCNO8OgwwELH41zTk3W/1i+0rnTc+9s=,tag:ZOkLRhEsFXX6bODu6wUyiQ==,type:comment]
yjq: ENC[AES256_GCM,data:8TF316O4M3UDoSA7rjBn12vUdHOcWXtrvuhqa6K65NaMhHU9rMrPHEikr0tqe5B5ojhh8PRRe+X/Dq19L4rJXThRfzdhALZzsA==,iv:2plZ2m0JuuUMQqYnyETCPH9x5jnLtNl396zvv7ay++s=,tag:X7YSLQOE9xnC63RWCht3GA==,type:str]
#ENC[AES256_GCM,data:yclOn8oHwLYQ,iv:Ba7Q84z6e9/3lv43wdN+bd/aqO/y5qR5I6Z5O6o7U6E=,tag:ecaNN9MgZqDYBCbTlsOZtw==,type:comment]
gb: ENC[AES256_GCM,data:piD2eh5iUXnCEkEyDULPkjbEG4Uc4izoVAuscbb9TPr7Q9WhCJX3FGRYrQp/wmZQ6UETR1jTejtbT9j/kI96BcN2onlwO/lqvw==,iv:oFWeoDp3GQA8aR+/AcJnhkovOWx7MgHoCKy5xdPIJMo=,tag:n2E+zuKckNAU7mOCJW+f1Q==,type:str]
#ENC[AES256_GCM,data:hfcOjdrvK+YD,iv:8rUsS1exsOx+2YEgdATNcWGKqmaCNbpY1EEq1Gv1utE=,tag:Z0lq2ctHBWDtx2tyxOSIBw==,type:comment]
wp: ENC[AES256_GCM,data:DUfGQpSg79W8KD/SWC2B4FqoPGoCrd1miczAQR5YApD00QopMmeDR28uTmHru2KU9DsjkdnWEbgfM49CwXt5FFJennqW36oYbg==,iv:D9+3CMZlJIHm+u14rAEikQoBM3jBQN8Lnx22DN2EIg4=,tag:ZegZmI1kf7Whcw3EE9dwPQ==,type:str]
#ENC[AES256_GCM,data:6pwUu43Lu5/h,iv:lZQ5F8v9VZRGuUoEMH15JLvx40N08ahTEbdEoKEuvsg=,tag:zPMQy6d9/RcukBO1cyeM4A==,type:comment]
hjp: ENC[AES256_GCM,data:dqoQ9hUbptm0//mlcFRrqLh1NpjxFPH+4jeyMG/x9Zvkszw7d71jvkO8KEPBfKnXpPBP2lvFyEqooIMWQJPYiIszHt2f0qSC7A==,iv:5nRcsaylcx74tQR1KddEpZUhmcynMvdHCcJYA7wfJnE=,tag:bGVKD1aDZJUlFg/zagP/eg==,type:str]
#ENC[AES256_GCM,data:Idordi28++/e,iv:5TR6Z14yluxPhrD7ye2mXEQpD53qS9/ZJIZ+S1sTqco=,tag:IkmLWXdxDmFQxtpJxL61pg==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:JuNtb5SRUrxfyjWFn3Be7EU51j/HlwiOpuN0m+Picf/2Bs97kflGnqGKstVRIjWEn4WzqscSaLRsbP9uFfSBHeJ152xfyOqkww==,iv:mQvIC6v+1fziRDYHYSFMOKof1ZcoFskpQDiCAF35sa0=,tag:0IL2VvdMorgE6oziscAB8Q==,type:str]
#ENC[AES256_GCM,data:kyJP952K5atd,iv:TLMUPKshuWqbQ6koiZ9eTXcoDS3jLXYy/gCZbMGrRl4=,tag:M2tLLogovoG2PCojt9CJ9Q==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:ifWnLx1YEewdviqHK8fdesM3c1m1T4g6twnz1cGv1yc4jit68pQWLrRMivdsM4tUcyU9GKwCaElVlvh+dgyy8EZQPKCbvJX6GA==,iv:T5FWReeZ0QOkGJiNfrVrUBhAhbXxlFQJKqQV2tzw9AQ=,tag:XClXGZDWGuoGxzPW7ne2Pg==,type:str]
#ENC[AES256_GCM,data:t8QUVYG4v7fE,iv:N8hDAV7wulPHcfnYTXuZRhb9dQPZqKpfMKK1+ITaZTA=,tag:eKMJDOmqoWWQbv/mm3LaAw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:VlAA+g7SRZyhPSl0Gd1KS7dCwNgRA/o+d8anN88A7E8bSE1ckeTSp+J4YrbbUlLasLhliOZ/nDC0rti+hckGCrjMwweMorSIWg==,iv:7u1yNrN7uxHCF1MsJ2qt1jyQ0ZYYCYKUHwRff50P9oI=,tag:3raCWjdButfmcdy8mH25Jw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUpac093NWh3bnZqWkFY
WGorTlk3WWJRb0RYVWVQc1JacU9GZDhFN0RnCkJkQnJoTkZtYkFEQ1JDZXA1Qzdp
dWxtc3RFbUd4TEZobXBQVWVlL3VETVEKLS0tIExoMUNidEZob2dtTWhmS0VHbDJn
RFNiU0xMOG1UNVY5TTYrcW1GTnIwb0kKyCl+eqpGtqN047+t1C/c1prIaP3tm1jk
1ObtsmGwCxDyIkayqB3WF9DWhNHipXHZXrWT+JQJTD30BABBex+ufg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WXJ0dmh3RTBMci9pVVh6
cWsyNHVub2U1RFhLSnJPSFI1S2lGV21nYm1ZCll2TUQybmtaaTdYd0dGSXVNV1Y3
TC9zbWJQOENsQm1Nc1ZwUTMvczJGK0UKLS0tIHJRemNhdWpRa1pkRnhTZjhCODNM
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:23Z"
mac: ENC[AES256_GCM,data:n7MVBKCUW4xpIiVO4ysBqlG89LjzpDBx9GJWQTrSenLWV/YrIGUxA6QDlRg7yhqV9ldF9Q7hDve1KHw7OxKRx5ot5OZiD3Bq3TwJfS2DarJ2vi9oc1J+CXXach8gp3m4C4RkPJ/y1i3jB2nRfSw5Z/TtdPMbvGXlHh+hhriAqxM=,iv:tyBcXMZzgeUOgYJtU1XkptPOlNoFwH+4z6xTD89aKOw=,tag:apXU989ZL+D8WhWKFTdXTg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node0/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRTJCOTJqclZqV2ZTb3NG\nSUV1VVNnUVpqZGVCc2hlTVBkQUVtVGlQdEhVCk1aNjhhbDZuajhQL1l1allHOXV1\naGRoWEpTZ2haTFFqRDhlclEySjVmMXMKLS0tIFpPdHZvekhDaS9yam5GSEVhZFlw\nZGN1QTVYQjZuUXd0NklqdytYRjRSNWcKC+AmUlZiefdfnP1l/sbQHBUaZGN6ciT8\n/yI2ed25uFGwCo0h+yLywbuNQTv7AiBFM3R+KBSjNDkFSgiGfblVNQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VHhFMi9RZ2VjeUxqTHAz\nZklRbkRGVkg3NDR2elYwbXRHZ1dSQTEwNXl3CkdidmwwVUZJWDllRVdYRWM0WEtX\ncXlHbnlZd1h1Ni9UTEtHK0Z2YzNHcWMKLS0tIHl5ME9UaDBFSkRXeEh4OWNRajZu\nOUdGcHA4Q1I4dS9RMUV0YUZBYmZyK3cKSxvVdG+P9+esK3miJdW9BqgJdEMEq4iS\njWgh5lmSQaat3UzjkOVPPp9Xu3DRpzTFq+dM8bdGDTbzAdrUhxj87w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-15T11:11:36Z",
"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

28
devices/srv1/node1/default.nix
View File

@@ -1,28 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "broadwell";
networking.networkd.static.eno2 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
cluster.nodeType = "worker";
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
};
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

50
devices/srv1/node1/secrets/default.yaml
View File

@@ -1,50 +0,0 @@
users:
#ENC[AES256_GCM,data:dgM035YLtZfl,iv:h7pHQ6YFa4hxcHMihQTegHmkaCMlfPtqdCqvJxSsXt8=,tag:V2v9C2TfErIOAihtTQpnSw==,type:comment]
xll: ENC[AES256_GCM,data:/YL4vowFLFbbYv06yaKWZH5UNBKs0L6LQ+6O0IsiUZpgW5fGfp2A5JTlH6ne7RGyyTE4GNId0MC7byQbTHHwO+5zVYWpzjDCfQ==,iv:5/VKGsIohoutZf3F4Qj8PruAXSivQ0zsg1pwLwZbCLs=,tag:/vsrCISEbgQ7HnubWOtKow==,type:str]
#ENC[AES256_GCM,data:oT8PFxQdwEt6,iv:eD/wF2toUAT991S0aO7NklpKSnMDH40+73IhU83H9t4=,tag:mxxAUdfHgC/hlvmLc2MlAA==,type:comment]
zem: ENC[AES256_GCM,data:RpmSTr2ZKfUNWg5vYbKB00AG18GNQs+kgx82E9Mg5hoc3HKmbAyIzjxloMn/Bw3MOTnof6Cf1ZzVCs53Wz8YbZFClLEVdKhMKA==,iv:NQJQOxQa/RaGzvGgarq5kWL8ojB1bejEiqJUCJLxgyU=,tag:8cFFQ5kKpZji4YvEYOyzOg==,type:str]
#ENC[AES256_GCM,data:keNqy5SdClQT,iv:N5LX7VJEwLHQ5HsFINs6LupP3rv/XAWFR2e/S52N+Oc=,tag:cqBh1bL1jAEk3mT0pLDd5A==,type:comment]
yjq: ENC[AES256_GCM,data:TagWplgUyhaEAuFpup0TRIxWXIEGwsG/V+gOo/pXSGor30B/BF7+wVozYTZ/iSN7OJJw8I7IZGvxvh0v01BGz1RQO6MEEpSj5A==,iv:TeXXYlhfae78cJFdZk0Nnm24sP43wi9UM80vHwKfXFU=,tag:lhae9Ona5OMlTBAJg3PiIA==,type:str]
#ENC[AES256_GCM,data:jmRMNpJLMqEo,iv:UOfzRSPDFsJ52sa2FVaQsVcU2P2bOYPzh4JLZ/8+hCg=,tag:8rCEYFELB2geXhfUjfZ18A==,type:comment]
gb: ENC[AES256_GCM,data:RneeGyzmdxCceKPzOHaTtS1l6NzuS07NYBxYrLICMLWHPog08FTINWEZx1JmqbAloVna3wE43kPPa9s1w3VbtPBhzRpTVZfUtA==,iv:1vu79FhPiWQ2/G5xzzBdyc790yv/aYKIQFPhaDpBmoA=,tag:vkpT1bDfVufBkDmOs7RomQ==,type:str]
#ENC[AES256_GCM,data:swW/4Fii+fHz,iv:9UZ8W6RY+n3XZkDCxSP/CQQn1Ji+mo2aqgmG9wTF/I4=,tag:2ifOyc0oGzM1iM3rouvvMw==,type:comment]
wp: ENC[AES256_GCM,data:/cIBL7orNYqu6Ybahdd1UVdTbS1SHr3GGb3ib4FDxPUlp/Xr4ARMX+01N6pOahVYwE8Hwp6nr4TdvwFpe2/AE6v2rbyclSzJgA==,iv:ZGwmAgwiC15K5NhajLCTiuW2mLT2gt0KUicDFmMY+JE=,tag:8rcoY6/weOkML90FyDfiSw==,type:str]
#ENC[AES256_GCM,data:6KbDgRf0Lmsh,iv:2vhLHgIzhCrdvQ7w6lCPKOmLlOVRJ5gJ+Pw5NSiMVVc=,tag:E6PwWCsUn3tZwV95zFbwhA==,type:comment]
hjp: ENC[AES256_GCM,data:0hzP2t4ck/0GVa2OoZxETCSQvp0QYN+0MJYl5aJ5hzSOXbwBPlTcIbjckpWDacx4iKGw+skhv1Nhz9lGrhgvddzqb/o1GWkKUw==,iv:OzKTIxDm+AgDAy4rP31kts0PKHuNqBZWc0Vsvh6X8CY=,tag:7Y/6qP+TJd1o0a96gKq5JQ==,type:str]
#ENC[AES256_GCM,data:PQmtt6/8T8Nm,iv:ZDUkaQts3hUQ1nncynoGw8gNV9jYvnXz9rOaqRC6yLE=,tag:jN8sUWnqoWbMlkLEqVKNkg==,type:comment]
zzn: ENC[AES256_GCM,data:YNB9leH/qgXpApA+bnsZiBlfbQSEiOoqhDgKCbwz33zPVc8KRShSS4kWEseiMlYLv7Kfbfy94cEKLOaWBjuRmMrODmC3HZ+rtQ==,iv:Ju02Sz0PHoBftz2W818hmXQ3J/fzLacWv+gy4eGXvjU=,tag:B6mvgWUclyHXgno07jhXQw==,type:str]
#ENC[AES256_GCM,data:UVi9/5NV0ySV,iv:E7ZZvvf6lNJdT4esykilJxhpTu7gqmu9w4w8rII/RSk=,tag:pnl3G0qt7ZzXlA9YWo7LiA==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:M4LHqgN/WYk9Nh7Pawft1tplh/FiADu6GoyImyLGBk8rbNNLT5AXuNYGj97tVYxI0Hwek+zhnmcjAWdDtmkVzE7TcD1WAZbkTA==,iv:GN/jHnEikITXkLRR/tXnhYiTE5bIDOg1d9DrYeASoY4=,tag:hkoAHHYX+q1topjXkRyK2g==,type:str]
#ENC[AES256_GCM,data:EVL/9hYcFl4F,iv:EZ8PMqklNEky0i940vwyQFXrgBoQRwwGDjBgRB18KGg=,tag:cnQzCU7XZ0EO6ojGaEk4Dg==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:7HOyyFtPjhxtvz3cG561aslZ1Ct+DmR290XOxz34sA/vyA+gjvHTWoIpKPGVzSU8vGfaLLV4ta/nOUsK/VfUj00ngwTdkEDkrg==,iv:rkDAE24gaE7MzOcIUX87oMyK6ra0Pt/vUNrIV9p7aFY=,tag:24NTkSu8Fd785uC2Lwr2XQ==,type:str]
#ENC[AES256_GCM,data:sa3uVs8+996Q,iv:eN3S4x/UROkZWV3U2pZpvULgoPdh42lM/Q+jZ13ohsk=,tag:IG0q/+ti4tthAejVp7MCPw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:jfeQWLGUWK4xfgRtS9RjjN76D+JLqTF526SI0XeYnUXtCsKhJYE88hgVnn7m/Af9g1OCj08+UDsM8cyKOJj3+m6h+IZQzCS4bg==,iv:Syf3SYAFvOtfOy4PeA/PcYbuUnABk6f5A+OmZYtdwv8=,tag:cib1RuKxGffjB7R5GSxotA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaHcyMnpWRTAwRzJ0MTFi
elk3QXNqdXQ2MEttNXhBOGF1Vlk5cW12YTM4ClRkUm5zUUo5NjVrNnBlSFFPOVVR
V3VxVWZQQ0VvTm9KZ2Y1L3BpRkFDTjgKLS0tIDJadStsQ1Vya0FMa21Da3ZhUDVN
RVVTQXY2NkdzbVFLY1pYYTRLSGM5WDgKbFabN/iH2YDJaSXdm+7EebKS/As1zH43
HjUp2LHN85/WQEx3VheZRGJBwpNn/Tdunhm0yTdNA1jpzQnO9bIMXg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TTlxNWhMS0dJbkZRSWsv
MitoM1NicmJzbVJBZnhUbnlJejBWVzU1TmpnCkxrVEs2eEE5VnVDN0NNaFZ0b3M0
SXFmc2JxblAvN29Eb2ZrR1llZkp6cmMKLS0tIGdQMjNIRXY2UGIxdGk2Q2V1MXJO
R1BkT1hoSWo1RlJnU0pCdTFYbDFoZmMKKF7cND1jSo+neTTJ+GwW4T0RTOX9mbME
58wjAtkrKSD2vDFMQ/vtPNiohAt6RMdClLVm50yh7Oh961YmvJYnbA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:35Z"
mac: ENC[AES256_GCM,data:UWDwXUfk4R9CfgU2gv1NZsusLq5+VTsvjGQNst99MuxLz4sox8CZuuYsDLB2dobKrJua107yqhbM8Ps42JJVHZEf3WHqP08tRbdIWNVoakYR6UJlNS3WZVR+LlheQI5PfJqPqa7VFgZeSVm7weIPCHqvHt+ak76oyJK1VsI0f+k=,iv:VL9s+LUA/TrOsJNQWC0/v0Yh+hT8uh2vitc9h1xHBEY=,tag:iA8yMpm+0ANAC+2BLN9Agw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node1/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:GHsftJ/b50XSTy3wCX/ms8iGhs7oQMrqw5R+7PxrjAm/VzcYJbAQjYButIeNYB2/r87IGKDEMAskowocqyuhamTZS9n6eElDBZrEoUXc9J/lZvXrNqBa2pDsR5a58X6Paj2kMn8Ke9M3vwHcgniEgZtC2h5u6VwbgPMZniqYT5w=,iv:KhGKrf0tXdLb0sWc6kB9lXjj9jOU+wsy76xGFRmwdz8=,tag:s+NBphi1n00GflKqujZcfA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYWdxSzIrQzRaVnh3K292\nVGkwdWUxanpQbEllWlNvaHBoQ2VYR2pXcVZVCk14ZmxlK1pSWnpCZC8yaE84b1Ew\nNTJUTDErTUVxZzBqdGFORDc1TEo0REkKLS0tIFZJeFIvd3BDOGkwenMrWlAyVHdh\nTzRHNU02RWY4clJ4dk1IV3R4c0VTd2cKeX/tLKOnkbcAhkgCY+T4XWBgc7eUFecn\nfqd6Kxfg6P75OT6Z4ACKsHDGznGk8fYk+Ms67MSCGzr1HXaR14/eVQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxODlXSGpsYk5BZ1piSUhX\nUnlTQXpycmV3YlhLM01SMXZ2ZzFXWEU5MVNZCnVUNFRUTTVNaWVUZWY4dklFMmhW\nWUc1azJFNGJTZFVlRkdSZEd0eUozbk0KLS0tIDhUTFE3cHpFblZTa056R0lscHR4\nSXpoT2QrOU9mcDV2ZjR1bjV4cHZCdXMKyVyxBRY9oyhfj0ZMVRtjf8TT0qRJULwN\nosghj6bPqOFl3C9zBne1Xn/2mOj5lkMZP6MAMPtaW8nvsf/LkZx/Hg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-16T03:08:59Z",
"mac": "ENC[AES256_GCM,data:SjmuJVeJsamHE7Yv5Lvoyjp0CysTo3K1nyJgPI7KKp21H8Xq59g9/zbth4pCdIMHyt43MNUXFkhYD/Ox9ySoDEi2pr7H2kM9fcFM0W/ObM/gm/lt5jTLzzS+OkKys+Yw/WA2nIStSNq7rAb/SKFbHvj1P9YBsJxlOnBzTW7uu8g=,iv:tNjnqRX1D+vY8w7RxZzo+HdfjK9pXJpB5MKnb7EyUXk=,tag:PuLU5zmUH14ZxuTUPIz20Q==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

44
devices/srv1/node2/default.nix
View File

@@ -1,44 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "broadwell";
networking.networkd.static =
{
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
cluster.nodeType = "worker";
fileSystems.mount =
{
nfs."192.168.178.1:/home" = "/home";
btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
};
};
services =
{
xray.client.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
};
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
virtualization.kvmHost = { enable = true; gui = true; };
};
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
# add a bridge for kvm
# 设置桥接之后不能再给eno1配置ip需要转而给 br0 配置ip
networking.bridges.br0.interfaces = [ "eno1" ];
};
}

52
devices/srv1/node2/secrets/default.yaml
View File

@@ -1,52 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
users:
#ENC[AES256_GCM,data:bAA1+Mx9xsFr,iv:5GWh+DyuRydCKm8K1kaiTJIt4ReEugHFnKYfan6RAE4=,tag:VqcWjIMIYhkSj6f/ZclTVw==,type:comment]
xll: ENC[AES256_GCM,data:lqzwlETuKuKa2wh+ickMFiWyprcnIBfRBjri+NWoltxib/LWzEEbyetRc4AKyVaBiDhsOTw6MazPNy2mhcAFwb6pM+QKce5ntA==,iv:VaGQux8MJNPZeHwDpM+yJ47XvOul0qRE8xVdSWjYRhY=,tag:rBWdTPmJX9YsP0l1FtVbJw==,type:str]
#ENC[AES256_GCM,data:AgppEXaJcXhQ,iv:gI4nUzfy7w9yqaWlT1NYk1cHdErCJsrlilwYSGxxCdw=,tag:/A6zwbvQdhX9MLfAdXIVqw==,type:comment]
zem: ENC[AES256_GCM,data:t0rCwed8EzXbEuwTabzSLUd/Gln3YD9IT56JNVHwlodAvFYwtTDJe3cy7K17TmIkL1Nk/hAGzQ2BIZJxaKq7A5pSNIUO1zqMUQ==,iv:jSKCoNKQ5a91kK19w5mE0lJ9lh391ACq64UtLvJ4kLI=,tag:d6+IrgLyCw05vvLcCF5+yQ==,type:str]
#ENC[AES256_GCM,data:s39KO3hHcrOK,iv:ICtP2r9JMjcieHZdyHpj5Z1DympJUcHq2jPpjUwSOzM=,tag:Es3YS+mEg5I3SIujfs50jQ==,type:comment]
yjq: ENC[AES256_GCM,data:gOc59J2eiND+qJJRwLYvTymfrjWNRWw8IwLxDdS2cSu0yTN5SWF1eEg+tYmDqqhPmXkIlenL8VyIZD2P+Qi+Vi7l1pZMnneRCw==,iv:TsWOmHlClMgpXbNsCyvs+wkTvvKViAooA36+O4eQesk=,tag:jp5ZO9tlCPNTNZXWXCUEeg==,type:str]
#ENC[AES256_GCM,data:JmmZl+8nta5Q,iv:qWGS5i+ntmJ9x3HFClVdfypQKqSTUx827OFu/wxx3HQ=,tag:SzvgJtIQb1Z02GDwkAhveQ==,type:comment]
gb: ENC[AES256_GCM,data:pgwGyp/QC+h05grD345pJrJefm4NWd0e6mQEzrsqCbjMi9Ak2nUD+K09mIKQJ39NttC+NQZezRmKUJjDBH50s0O69nBlPOJtgA==,iv:ZLm6KUzD8fTq4YpxhdYjtp7bbDjP7Sy+0fnDO0W5GY0=,tag:H2mNHIQvHe+3YzZ9ITVdOg==,type:str]
#ENC[AES256_GCM,data:94hwxSaMkbIB,iv:4Xjukoo7rxeu4SWjwFeLo5fwSX6a8mpkTOIpnOnR/Io=,tag:XOjY6ziyDdMNo53NFSjcJQ==,type:comment]
wp: ENC[AES256_GCM,data:9/aVAQskZyQrfhVFVHfpdTWDLdoP2ZO7gG6bNcRpOJEBle3V9XqVSwmLViIIysy4XxoR3cym/7WXB96O3C8feK7sbihaRpT+Dg==,iv:WPnDArVKqV7u3EIQ0CMectK1W6gXKOo37oOybyob3As=,tag:1R/0qjRzif4/sTFSs55NuQ==,type:str]
#ENC[AES256_GCM,data:RluXnmnn8CAI,iv:OqzKfed5CARE/KKur0GXDpLBqStEva7YVoQMQX4+FnU=,tag:prOaqWk6ARxEKvnhOnCZhw==,type:comment]
hjp: ENC[AES256_GCM,data:Tb9vCi68B88UZc/ZVSxEI+esKOLlFcAPAaMk9FDmkBycZmzDjHfkUKCxVcOMtqeNSluVZ/5IFgowaYbk9ncK6yoYTjXjj1Z0lA==,iv:COs+ijt0h+UygyhWDQV23NRd/xBcfeqz6CO7D+xw7t8=,tag:RaIMaGrgHkidB9vqLR6cNw==,type:str]
#ENC[AES256_GCM,data:pymPvP+KjTd2,iv:g5tmBMQevuzES9FVlRten8Vzy5nvgamDNPo6Vy018T4=,tag:sMYZAyyAzEyS5CsAyC7xtw==,type:comment]
zzn: ENC[AES256_GCM,data:CJ8cOBjblYIc0GoiPnIbbWfYDfpQW5u31R9T/P0/aVuxi6P44wYYH0posVGthR1laqHIlu8bzgeRyTbBYir/Mw1AGokAnFLEPQ==,iv:dJXFcZ9f3xe3rcPzOLd6AMFh6EyJXlv3/+uR2x9XYsw=,tag:4I1WqtloUSXNeQ6AlVPY5g==,type:str]
#ENC[AES256_GCM,data:r1Rl1+lfgMad,iv:9RGwiYlePcXZFDxw5uc1yEwZ4N3lStmE1cGmsj5dPls=,tag:yGChsxZtIzDjMUgIkd+PdA==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:IIZpTdr5jpidbxYCQ+fODOHdoWI51upPI3yxYlrAAd+RE62t6PzAvHKFmKPivbHmQS5RZrJXE7zm9JtwiodRmPl0pYLxYNBpFQ==,iv:WQc1pOungm1gEqYPk/MITbjs1l83ikcys47CARRgoFk=,tag:sS2mXDIWl32ZZzDtictv9g==,type:str]
#ENC[AES256_GCM,data:VtrWQKVtCHtA,iv:ap/n2HxQ7dgKOA8rIfenv9LOwwAh1na8+I9O/k/wMxs=,tag:Vl03ortuZ5OS2qcBMnc59g==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:fkxYmHEQnCjx/srKBgjreIR0S7mcXyl1h3H80PFsH3A/yCGnJbFCGK1GW1++Q+tziOnEWCTLZ/l9dlPuB5BFSK7iHiVXtkOfVQ==,iv:z6duWl+LFpS5RJnCGxb3yvgHp96uJYoSsAThWrbGYfg=,tag:AKWisEg506eOgdp/4tLU7g==,type:str]
#ENC[AES256_GCM,data:e8HuWaLrvHx5,iv:ZKvfRQtOMV6v3MSCDVoPEsxldI+ZRYJBwrKAD8YZzPc=,tag:tPL3IyjC8f+S+6MoMJSd0A==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:if1S/3AxNLkWvDQJom+4EPRBOpkAPNTkEcqHHLAuEJATSNLlIhVLOPgt10cM4LWx2TdG8V2TcZip9qnr4ABHMsPF5vm6Y53r9Q==,iv:Rba0So8DXJrSC88mjwT8j2AVy84TPm0R6AVf2ZmXNBg=,tag:qiSeYLrw/6QJ7vMiPEZ66A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WlJNWmp2VUxpcXR3NE92
TnNuLzg0SVZKdmt1cEVZU2FodXZPdmt6Rm5rClhrbDh3SzFlMU9LVFpEZDFLUGZZ
d2RBTVNCamNBWFVEVW9FMjYxcUE4Rm8KLS0tIHBwYjlMU2tnUTZweDBYcmZXUC9l
OWFUeE9xdldpTUQ3cDFENjU4YUVwSkUKp7yZGpvKMSm6rvsoPbcaqVznL3wzGEXB
OGzrmgY083Gyjb5P/0wPY0ShGMWfWQW6vGchoqVuwr4oHKT3APcrIg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRjBjdGFEMjR6QnQ0a3Nz
c2lmVWE0bFh3amRULytZOVhYS3dkL2JmRVhVClVQalh1WjJqcWcxT3ZXMWduN3Nl
UzdFNXNQUmtaaTVIVVFVYXkyZEFPUncKLS0tIExrTDA0OEJzQklQOHNJZzBJdzJP
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:42Z"
mac: ENC[AES256_GCM,data:tb6UXalJcNqd1bCJ4pdWQ5lctAXMrwAJsGagNIjtAklVx/0vibEBTvtVdI3CSNA3OuDguyXc/ECGEqlPNpoRq/F5JINfnirEbaBL6KhNkFxaSLVP7mu1u0KH93qhzA2j4jofderpxj+FvOOMVZNuZkrcSPDoufPA/ypY+YaKuu8=,iv:KPyXi7AD6FSmoZKYUDh2zLZnArvdcHau5XZHk8CbwI4=,tag:7T1jUJ7eNkY9VYt2eP+brg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node2/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:04fSLZEkne1LqLZNYpy1tFlKTVUgQNuX9L3cL66FVHD+LqGAyWJGlAnduY+fQMZdDhbBdeEnJKXjyQ2jdDCttuqbPRiJQChtD7ztf+oiP877N143iSY2G245aCjIrAzmFORkGZaQT7nD5oxgCPiLqJzkNPzgjN4HIDsVoYz6jtw=,iv:gTbiJmdXN/62/t53ddfDrYlNLe3AoujT4G03eFQXyZs=,tag:eAYfhXPERqsVKFSkcm+Abw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBb3JtVi92M2JUc3dKVzRt\na1kzNU8ycE1LTmdVZVNFNDNJZmpsTEdCK3hZCjNXajNpcGxXMDJxRjhPMmhFd2la\nZy8xUFZNZXhiVHFtbG9xVmJ3Q2d0NE0KLS0tIDlNWEJqcSsvQTFzc2FxL2F2bVVs\neS9UenMrYXNKbGJVTnZzN3VscWlrRk0K24RHbcTz56GV6AbQt7Yy9+1NClMpQFtk\nf/NO2RYuS0ciHwkJQEw7M48iJuwTSiv1pflXXkNvkl6/I7wPgS/eXw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSjFQbWd4SUhoOExTdnFk\nd3dVVytZaDAyc1F2eUowdmY0azFKbWJ2Z2pZCnhYQWJtVXVjTTRvTlI4SlVyVHh1\nZlBZTlFheVNKdzN5a0RHM3RkTDhzQncKLS0tIFlpbjRUSzdzS3ZuMW8welNRODdR\nWis0ajQrdUNqVWcwMWF4bVlUaWsrc00KfL/zF2RiAanljrNhRT99i2jPvLySMWXx\nEyzYRuTH8ZGXsX4T2VAPjreBt1ahJ/EgBWmCLibEVK62zWfdquAZKg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-20T05:31:41Z",
"mac": "ENC[AES256_GCM,data:7kp2KNU4O1yuBdu7cxzg8BytPWiP8hQ0/mWVKPPn4BXjFleyo8KzLC3XZn9Ovt2fHWiF/4hMreOPIDW1W+8n/DedLa2G+zkHiQDVBCyiLJ+FCELvNPdDwR37RvOJ0Oo3RtQaSK2xBhNwS2Qs1G7DemEGFrWXrZ/SeCG5H6bI4X4=,iv:zGG9jcC3McICjeYZd1aGud+VaUhLXg3J/demAqM4vUM=,tag:RINzMA36WfaTRuEy0cTQKQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

28
devices/srv1/node3/default.nix
View File

@@ -1,28 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "broadwell";
networking.networkd.static.eno2 =
{ ip = "192.168.178.4"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
cluster.nodeType = "worker";
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel ];
};
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

50
devices/srv1/node3/secrets/default.yaml
View File

@@ -1,50 +0,0 @@
users:
#ENC[AES256_GCM,data:uBjvj5Y6SIk8,iv:WxYu6Xkh2T7kb3uLqgkJJtHvCmWyvntcGfCKJfSfSmo=,tag:ueHbPNX3KOVO9RdQnw/nog==,type:comment]
xll: ENC[AES256_GCM,data:Cp2wBFygUBlZnf0oAAxB5L8/qD/LwKksp0YG4Ic7nay8E8kXJGSYDyTK5AdeVh8/MxLgVVY6LMWtUOzFe3WU1u71pgBGF4x+yw==,iv:wXfcHuJzqWmm++vysZW3z4TLEOkgWTUF/pqFDfgwny8=,tag:k9o2yp1AksTGOgREOLlprQ==,type:str]
#ENC[AES256_GCM,data:4CsCDEg/UChs,iv:ENErjaF65B1dCuD56/DCqe37WSCu1q28s2khMyF7I8E=,tag:q9mxHCAsuDGygseYU0pRDg==,type:comment]
zem: ENC[AES256_GCM,data:cPDlicY4vrQ5VTyfCVN0zH5EIV8kH2xqlFEUkmwO3TmKV69Qx0nE+6yiUhENKR72zY3p5w4ZFEtF7maqqklWvThkeSs059aFpA==,iv:g+nASIzOUZuyX5MCFcKOJKsKTQhcpSY4sIKArlVZh8o=,tag:WaAYcxHmFs6/EG3oy56xJA==,type:str]
#ENC[AES256_GCM,data:fu6KBkGEtzD/,iv:OzClxptcUbrbgmYYoQYcInG5Tl6HrjSRVrt3iIaSrqI=,tag:kc+AxJ7UI45j6eW69CiBkA==,type:comment]
yjq: ENC[AES256_GCM,data:QGpjtIrtio3Jc4kGam5cjqCHZJl2c0wWQAD8BXXhiWfwbQF+sQSTk2V3FbvOlHjqcT92ab8qWCCFjIqBH4DJUq+z/eleX6Y4wQ==,iv:aky2Q2kpEf2EhcR9UXIAyf+BSW9CIZCGbyZCp0l3X4c=,tag:RHLILdrK3duFA2iZDDigEw==,type:str]
#ENC[AES256_GCM,data:YUQ73+HZk69O,iv:wY5da+RRnPpXOD5+HdKkyYZ04ZpB3NBtRjRq5Utzlvw=,tag:BE8MhvbxTkn3rG4Pe/zitw==,type:comment]
gb: ENC[AES256_GCM,data:AkPFt/GGyeKdYtY/cW774Yi4rrxhTFRzXe/hf0rbwFESwf4pwgfdcr9e3bp6mfmNy86CCDMsUVPtg49q+DV+9CwHU1ETe1vIbg==,iv:L/kLfEjt3WEQmgAXjOAsnE2Sp45DQP9LLKcZe1FjnVs=,tag:HluImuMHEhiE8yAw3fjNQg==,type:str]
#ENC[AES256_GCM,data:WCkGncBugE2H,iv:ZN3edJuEDKrHo9OZs0jbU1ATI5+WpfVul5i7SK51ME0=,tag:rgxwqwPJcdDNMnRFlxNplA==,type:comment]
wp: ENC[AES256_GCM,data:n7S4got9Q/7s7rZQldnB1wJlB36uqjremc1UDeUmzs6I9Gp9YPj7dJBDAHBNzWruo83ciP6PygHcCmHzBojISgW/HdD5j9cgJw==,iv:ymjB5YWxJJXBA80a2MPYHXBV+bNxUhroPWu+1GJo4XY=,tag:GGVz7kzBrSomBityyZBdvg==,type:str]
#ENC[AES256_GCM,data:2aKW2wBhF2oG,iv:wXRX5ZAr5O0c/H1WvzK1+kG1NbZU92h89NgXB8lHfMk=,tag:gAW2oQxz2dUthyNvMlmxcA==,type:comment]
hjp: ENC[AES256_GCM,data:+9MKYP96nBdLFVcTkpSS/hiTLdTOf5+Rs3dpUus/ym7gl2+aA2rGtlGS+ozALeUV1seNlVAuyhclZG2dH9uhaudlQvQw5ntAzQ==,iv:eobXw5ahEl9I2HlXD+y3NtGFOlPulk+aKVFxuCRe2+g=,tag:zt6MveyltO2xxThG9grZqQ==,type:str]
#ENC[AES256_GCM,data:WLU7JBd7ZNES,iv:GkmmM1n0Squ0rundsz4Q+1dkF9BcCaV1hID8bt/gmxI=,tag:MMukyZlOeE0CcnI51VYPWg==,type:comment]
zzn: ENC[AES256_GCM,data:5uNrzv43K/TQlGDldxqUYscDoEduTJdRz0jgd5dBh3N3bMNHulZbD95IVAj87OkLgdOtlDPZz3DfB5oxKBVcV0XE/E7GwJKILg==,iv:SB/uOB1SdhC5zGCY/OzBRY6wgGQLwKYuFgekxZpX1Y4=,tag:ckOxmdXvhQjGMPssoLeMPQ==,type:str]
#ENC[AES256_GCM,data:xLPmYdIcIUz7,iv:NqaKJJgyMwfVfAYgEAMHXo1qLYfyOHhIcV++lseKcNQ=,tag:qXDuROf4A9T2H61KtrQUpQ==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:izqFF2JD0ZEeNlqrQ9sJcEcrnp/WmyJL46jszmR4fLwrFGcMoekSfOTkzjO8upogY5fIDsn02dwh4mLX74vA8DjeRTaDKZyyfw==,iv:lknYrGgDFQen2w8mtLNHewQXara1ikWvGdvVA8a6Fyg=,tag:EiiMBUhF6YOafD7MCIMA5A==,type:str]
#ENC[AES256_GCM,data:Zt6KCQ3chnLi,iv:RpMBGf2zDVWN13PpTr0Zj18ORdIZT2u34BestCjyLsU=,tag:aBuN2QGhxgnOXPC1NOoROQ==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:fAczfnHue47oHJm/8Hcu8iC+scxUQRNZlJWSCFnmtn8PzbOtPXGVLYaZJs3SRE0F7yYsOUZlHnEPaK5bFjCHioindbS0oimBfQ==,iv:F14TVM+UxXm0UbAgLmQpkI4v+jhQ84a4G8IuWRw1k/o=,tag:R+r0be31nLC0T6Isl9/sdA==,type:str]
#ENC[AES256_GCM,data:xccChTyxO80R,iv:tSxhbmVwhwD1IbXRNglS+WWMXfzUDaoJfCNqfKWqVko=,tag:XrFTahck6EKRf79NNeMRfg==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:LQAAYOKBVKRsVfwRJOr4jBCqnHKG60euQMngfuI82Dewwtnt4fKZ/iDg6otJIXwdMdiYI4ytr573GaAPyadt/UdDv+EqrLQ3qA==,iv:dD7djoiEBjrZCQCKkjzsVD+IK7T9sL02zxRG3b1uwQ8=,tag:sqJ0Q665aXVnPHWlTS0Rag==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQy8reUxHUm5leVk4dzhx
L0h2ZVVONnlEWlBXWlhKa082aXJGRlhIaUhZCkQxSFV3SHcyQjNCN3NyK3h0V1hN
SHVZYXJjenlPR2lrL1J0ZkpoTlQ3S1kKLS0tIEZPU2c4VHpzdEwzWTVTUk9OdDFI
em9JMjA0VFk3Q0NKSWt4YllkWHpYNWMKJxCl3tXFHSUfawt8pB21WLKvUWwTn+Jl
gz52soH0P/k7bg6Lx4gs5WywIIIOWnHg7p0BJS9BCmFWvXR442c2XQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaG1ZdERieVMzM2JjY3Zt
KzRTVCt6eVRsSmJXT3FKL0pSVHF0L25SSGlRCkg5bGVHcEhBam56bHdBcUZHRWF0
ODVkamc0RlJxNk5hRjMzTVRkYVNsam8KLS0tICsrTXdGMzZ2UmE1VmNyK3pwME1u
bHQzK1EvVEhvZFI5MjVxL0Q5UVZYdGsKJl2M3eOB0lRyu2VO1qDjW1pNJ9HhwAS6
g5yOa2fxLJn4bvmQAJYeNJ1Wi6sYaBvkbeOegjaKjW4ZvwhP5kWqRA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-29T06:38:50Z"
mac: ENC[AES256_GCM,data:pQDphBruG5s5trIOY1fvcCAnLDx+NcVJ6cEP48u92JRnM5cojYXbiFt6Mlq+bYLxkXb2PoKMBoohRbsNdYLRgz3BGAY//Kc5OHGWzi7r9t4/iuhcouZsV/6wHGnrJ0yECS2+LPkT+/JXnYv1ZJTpUR0TSmTvnCgJI6xpWt8HDSA=,iv:Oyn7UESWVDqh3kDFAX3opbC/XEYOa1s3wmGolc1uhTM=,tag:aasXTc9+bgLgCaLDNfbJGA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

24
devices/srv1/node3/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:9uBZv+GmpEqEbpE1E4szW3EPA6AJPUprWMQs2XwXq/VfrOfVG+Dz6PsAfPgOgii9KMPZb+358lfdhXbKF2cjflMw9Iz1wc2eU8vrbbU7toisLnuYBm2676wKzatQVbL0SHvlyScVIEwNphTJdIPJuMD0JrFMfDV7J/jdgwdpPRE=,iv:fk1YA7IXX/9/jU9jqAg4YrFZrprm9zoBw5avnKtvBnw=,tag:rfsCsir2C4UsUTgfvbRCVg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRm9wakd5Z2cwblM4a3c3\nVURGS3prTHJ5R1RzOGpXaXFOcFlNWGJCTGtjCmt3Q2M1Z0FaTGRscDlOamI2L2Yy\nQUlaNWJMcHdEVVIzMzdYVXdVZVpHd3MKLS0tIGlscllCSnJCS1JDNEVXWXhJVUNa\naFlPSU9lZnpPbFY3VkI3NkNtVlNTWHcKfRcjJroaUVDePl+mg22NndJfFciAuolg\nsOEaEZCH/cIJg0XTXfM18ZRUl4IuMmR3D2L4KAhzbfADNmC81mpMLw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeDBPMWZnRXRPbkRXQVpm\nL0pwWDE4blRuYUV6QVJyOHBITUJjU1ViR25rCjRJTmF0MDhjNEhFQVNHZ3M4QUJ4\nQ05DbTlVbjhMMDhTdGlZN01tRUxOZE0KLS0tIEExMXZTSzJjeEdqcHBNWjhGSFIx\nQmJaSHh4dHdUTjRmWUZIUFdmVkI3YncKvCunmgurC7YO0Y5FssulaJ/VDvuiR5Y+\nOxfMe34ilsF+k8bTBAuYLlDCl8uQ14cPiOLAhAw1vdFgs9o8cs9MUg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-20T06:03:27Z",
"mac": "ENC[AES256_GCM,data:sEMEYJDZhhza1HvtmQ9maK9gXgBNfNGDhvSySoz/GuiTrs2Hhae/YI+o6DvYHPDUoOJGVwLjHVhfoIYw9CvoCZNm8Gn3fUSeP372x2kRAjFJYJ56qovU5hz7H/m1Mm9CQ38PvnsWMgc+dB1q0h01g4x7/URfjJDlU+Rq4n3f6B4=,iv:v/P0xSTBjGrmhzeAiS0eaQ4Y7pls9xCKPq9gysLuINY=,tag:SsCPc1av/pGpZS5AqzJdxA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

16
devices/surface/default.nix
View File

@@ -14,7 +14,7 @@ inputs:
vfat."/dev/disk/by-uuid/4596-D670" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto =
decrypt.auto =
{
"/dev/disk/by-uuid/eda0042b-ffd5-47d1-b828-4cf99d744c9f" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-uuid/41d83848-f3dd-4b2f-946f-de1d2ae1cbd4" = { mapper = "swap"; ssd = true; };
@@ -24,11 +24,14 @@ inputs:
rollingRootfs = {};
};
nixpkgs.march = "skylake";
nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; };
kernel.patches = [ "surface" "hibernate-progress" ];
gui.enable = true;
nix = { substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ]; githubToken.enable = true; };
kernel = { variant = "xanmod-lts"; patches = [ "surface" "hibernate-progress" ]; };
networking.hostname = "surface";
gui = { enable = true; touchscreen = true; };
initrd.unl0kr = {};
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
virtualization = { docker.enable = true; waydroid.enable = true; };
services =
{
snapper.enable = true;
@@ -43,6 +46,7 @@ inputs:
"dispatchcnglobal.yuanshen.com"
]);
};
firewall.trustedInterfaces = [ "virbr0" ];
wireguard =
{
enable = true;
@@ -51,10 +55,8 @@ inputs:
wireguardIp = "192.168.83.5";
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
waydroid = {};
docker = {};
};
bugs = [ "xmunet" "suspend-hibernate-no-platform" "bluetooth" ];
bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
packages.vasp = null;
};
powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';

7
devices/surface/secrets.yaml
View File

@@ -4,7 +4,6 @@ wireguard:
privateKey: ENC[AES256_GCM,data:P/tyZHaEAahZUBF22dJEZb6mACm/wmUunPDG0vS7SNW3sWbzxRSut0haR/g=,iv:8VMv5iotmDrYDLiszcOvJHkD8l6uE+SboPSILr6KuzU=,tag:U/FIBhvghwDTvFtUWEqr4g==,type:str]
github:
token: ENC[AES256_GCM,data:SyqrpFfy+y7syReWs0Bi23651ew41Us8aqjImBTzkDanOtWQgIYC6g==,iv:H3Y/TuP3VvZv6MlRAdLOY0CiNUeoqGZRNg0s58ZSkQ8=,tag:rSf4E8Whvue/LZ+VlSqDDQ==,type:str]
age: ENC[AES256_GCM,data:KEaMrk9eldR6oCqNqSpwhbJKj+JrN1KBkDL5p9itaszGf4tnDRidcleCQi1Ae17osYXIEh4+OxX/d6RKb9TP6JMLJe0iq6c9sC8=,iv:ztiP2Vz4AFZkd8ZG7xYlqYrV3JZYvmX07Ez6GtJ6yp0=,tag:PS8oSkkrrpgYYVfjbTtkaQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ -29,8 +28,8 @@ sops:
a2xybTRFUFZZN20zajZJTVNwVEpGcEEKglmFMk7z1q5IlZ+lZf9M0HtknmvcYt/P
2/z5e8wLN1Hy0Zsbv0yIL/NmqwxAOGJOdzz7ElJszk/Y4kUr9aRasg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-01T15:22:09Z"
mac: ENC[AES256_GCM,data:Br2+miNeZI41QyTXdhJ5Mdwq5no/d4kJgESwiltcRZV/Pax8R+GFeLDg/AQFoh1fLHU6bTX45SN0wnIrIeCnkoXV0U2RiT7bdtBaDrGxqnFvjMVE0VaUrj9bpagta13tahsEfI17cyUq4BqwS4BXx60RXvbvs9jZ5/dfpYunGsc=,iv:FfWYfS40XcFgF8lEYK4IHypLzz7svFxPL+WuudQm3oA=,tag:0KDBdf7w6BdcQ8Qt3k1isg==,type:str]
lastmodified: "2024-05-24T03:36:38Z"
mac: ENC[AES256_GCM,data:Dv6WO5K0GFVm4Rt+GjXeE1vwqlPkP+kmRCGU41rbSR3YBcL8mkpBRQQXJiMU99cQQMK/rCGy+k91fhGnG5xFT/FdEZF8qUjRHPZ5MdWCjPOuY/LrXWnSnwwJa2neQLFH/ToUkNaGHCk/FngnZ/e0U43Rnwt3iHRDBG3io8oDY0M=,iv:Jf5EtkTuf/MFDq6UiOo8/31ev5zBiaP9WnlgsUgK5Y4=,tag:r6ql+UbXbG5A1vtbsGXnJQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.8.1

10
devices/vps4/default.nix
View File

@@ -16,7 +16,7 @@ inputs:
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
@@ -27,11 +27,10 @@ inputs:
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.networkd = {};
nix-ld = null;
binfmt = null;
networking = { hostname = "vps4"; networkd = {}; };
kernel.variant = "xanmod-latest";
};
services =
{
@@ -39,7 +38,6 @@ inputs:
sshd = {};
fail2ban = {};
beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
xray.server = { serverName = "xserver.vps4.chn.moe"; userNumber = 4; };
};
};
};

60
devices/vps4/secrets.yaml
View File

@@ -1,25 +1,13 @@
xray-server:
clients:
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
#ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
acme:
token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
hello: ENC[AES256_GCM,data:mX0hKnLdaujfHSyIikkannf8DDo+r7R0,iv:my9nYiaburkWHQLsNetqD3dYVwsEkJhC7hoh0XagoOk=,tag:D7uhoFGMrTWT3K4LNMFcUA==,type:str]
example_key: ENC[AES256_GCM,data:ezHOG8aSXYlosn7ymQ==,iv:NLm785UMihcL1K/M4u7k+P2XftyLlIxtQGPmMLc+rs8=,tag:h9xk+do8pYzxYzUaKKb1PQ==,type:str]
#ENC[AES256_GCM,data:pgOf9IVK9ijocRr0uEO0ZA==,iv:aQ2dvfAVhkFWtcDM4VeJQa+NN6kw9IlvidL/usoP/lE=,tag:49iS4s1EfQK5VhlF9nqWRQ==,type:comment]
example_array:
- ENC[AES256_GCM,data:W8QJiOY6ofqE+XRodK0=,iv:KQ/mYY4N/YA9LhZvJtPJPqRVQq4ob/xa8JSQY06Vm4M=,tag:7NQgidSCjER//ru3AXgLzQ==,type:str]
- ENC[AES256_GCM,data:nNML0iYEFdW4S5rJVHM=,iv:LQ1/E/7FExXB16Ur4b59XAUlWSFPub6LQBaFCY+a2lE=,tag:LqPymQ7k5ZsS8d9Z09xJuA==,type:str]
example_number: ENC[AES256_GCM,data:UiALks+CeKFusw==,iv:8gQ0aB+9YHXKVDX7moqdQmNJLGDNGfo+glezE39xXgQ=,tag:sJG+DJNzCtx+l4bBgQTtCQ==,type:float]
example_booleans:
- ENC[AES256_GCM,data:n3cV5g==,iv:z2p5oh8BhEMvwwIDaO8aM8VfxmsR6Z7473pd348tsmU=,tag:oSYsNuk6vY21Nepy8Hkb7g==,type:bool]
- ENC[AES256_GCM,data:ns3chHI=,iv:db8M/qF03VKaT/8Q4NqfCdI1zAU9H8JWZFqnzwI7QvI=,tag:FdgUanhezouVdv+9a9/gxQ==,type:bool]
sops:
kms: []
gcp_kms: []
@@ -29,23 +17,23 @@ sops:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaE9nWEZFaE51alYyTUgr
RVBKZ1MvNitBdGpMWURIUkhCTlF6Y1hueVFjCnp2Q0JVL0t2UEZrSmxMbFVwZ0k5
QVZDdXNjWmg0S3BIaXF0NDBHOThiMDAKLS0tIDBpenAyTE51MWVkaHFvTFhzNmVV
WnlKUFZWNWtaYUpPZkplSm04Q3RFb00Kghj7jLLcLpc8njNyxPj6JWZbBRn2Ou9j
FJLfCGLePuJPmdBBN4AGHmtrkfw/SMZJ50DXhKSJSxM91zuJSqFV1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- recipient: age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYkJ1NllUR1pMaUdmZ3Z6
OEVLWC9nZHNxNWJSZ3VZUVZ3eWlLNWN5V24wClZ3dTh3SVNRS0Z4TFJrNDJBVnJj
aDhYNTdSV2JmUVNXR1ZkN1BOdzZzRHcKLS0tIFNhUGIxRVM5MFdvUWZWOG5kYlFM
RjZtLzY5b00vMExFSU1xZEl0NFJQQlEK4yUe3V0u6A3niES0Nq28rRYZ1fTEL0Fh
RBGZNCute1SShrLZPgNr/lFAc6d8DH6N0IuDKcjguuWtyHY/LFYuYw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T03:19:55Z"
mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
lastmodified: "2024-06-27T09:40:19Z"
mac: ENC[AES256_GCM,data:ZdocsIbkzcWsTia7s98T5hjM5HDyBc1a0pwAb3IEFAom9Q0LjOs02BjsBKQT9Z+eMU+Ugkaz+kgP4hwYbcUuAbiVChU6sLMxUPwQDE8E7sJINZvJzth4Kl5SF4qz9fEuY8ZTP1hHc/HC6fSfWm+zH8n755aBjrzdIUvPV0Qv3xI=,iv:SSjyvgMSgZsoKHspRrNJpkmRTDdFqQlJGLUybyMcXbg=,tag:EBLpGZLNwDZxsWwh7Eva7w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.8.1

22
devices/vps6/default.nix
View File

@@ -16,7 +16,7 @@ inputs:
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
@@ -27,16 +27,16 @@ inputs:
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.networkd = {};
networking = { hostname = "vps6"; networkd = {}; };
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
};
services =
{
snapper.enable = true;
sshd = {};
xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 22; };
xray.server = { serverName = "vps6.xserver.chn.moe"; userNumber = 20; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
@@ -52,13 +52,8 @@ inputs:
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
[
"xn--s8w913fdga" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "peertube"
]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.nas.chn.moe"; })
[
"misskey"
"xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
"send" "kkmeeting" "api" "git" "grafana" "vikunja" "write"
]));
applications =
{
@@ -67,7 +62,7 @@ inputs:
catalog.enable = true;
main.enable = true;
nekomia.enable = true;
blog = {};
blog.enable = true;
};
};
coturn = {};
@@ -77,7 +72,7 @@ inputs:
wireguard =
{
enable = true;
peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" "pi3b" "srv1-node0" ];
peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" "pi3b" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";
@@ -85,6 +80,7 @@ inputs:
};
beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
};
user.users = [ "chn" "zqq" ];
};
specialisation.generic.configuration =
{

10
devices/vps6/secrets.yaml
View File

@@ -44,10 +44,6 @@ xray-server:
user18: ENC[AES256_GCM,data:dssxPEv8srXydunolaaDAYYo+BOXhp2PoqidOWH3z6NYBpyB,iv:WCLcMMwQJiHZBwreQpaOZp2saXvjBwgYUqSf7HQhMgA=,tag:5jsAVcgAgO+7JhBINz6tzQ==,type:str]
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
user19: ENC[AES256_GCM,data:+Mh15DR9xvFAwks86iuHEA9FpObKWTSuVOEzUDpBUS/h0hOz,iv:zYIkic2bibvwCBpomnJ9465mda1rbm3RERBZY9twXuc=,tag:bwdL6DAGgkGYhYFI2C4A+A==,type:str]
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
nginx:
#ENC[AES256_GCM,data:85LrqdTMIhSa,iv:mIQPYz8VPd5AxeMCQEdTGMD0Iqa5QEAa5+8JVFaj3JM=,tag:TcZd7S3WRPpEV9lHI1fzbw==,type:comment]
@@ -91,8 +87,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-26T04:24:17Z"
mac: ENC[AES256_GCM,data:AXhLmyZWGD6KvMkyHqmCERE6eNE3pD5Pa/9mRBWZe4hiXL4mKTzCn5C/ODGQ1ZeQjDdP+awjJRvLRjMiYFhVlU8rKpg/f2G1gDr4cIbr61sCdzXKX8wFW0G7bJWxxpAC4X59+u9EJ3sNcyf7bJrMdkTzTYpgXh29mtl2bprcdJQ=,iv:pK4hYexcWng3GwOmWGqgyMsmATnXgcwR3NH4UxCwpvE=,tag:zpv64JWoXc5cDCukDuW51g==,type:str]
lastmodified: "2024-06-30T10:43:57Z"
mac: ENC[AES256_GCM,data:Mg/DZghIkaWM5KEjk5zg3S0L5qPa8/rkc2ooSjA1ewzbDhTKls2tzv7fQqLx2WQtcJiKkoVx22UkiL0AzBwJdCr3473vx93ajTVK9HNu3jqXmuzSiv2iVS21EX9tyBNiL6uWlVAtlVfMMs69PEUF+EJIYY5TkVVPaQjzEebwo5w=,iv:tFON7RVSnNNHo5U4dRuMGDhH5iPGShW9uoda+apiIjI=,tag:3nG/u7vaChFBHoDsLLb23w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.8.1

15
devices/vps7/default.nix
View File

@@ -16,7 +16,7 @@ inputs:
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
luks.manual =
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
@@ -27,9 +27,9 @@ inputs:
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd.sshd.enable = true;
networking.networkd = {};
networking = { hostname = "vps7"; networkd = {}; };
};
services =
{
@@ -37,14 +37,15 @@ inputs:
sshd = {};
rsshub.enable = true;
wallabag.enable = true;
misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; slidingSyncPort = 9001; };
};
vaultwarden.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
beesd.instances.root = { device = "/"; hashTableSizeMB = 1024; loadAverage = 4; };
photoprism.enable = true;
nextcloud = {};
freshrss.enable = true;
@@ -62,14 +63,12 @@ inputs:
peers = [ "vps6" ];
publicKey = "n056ppNxC9oECcW7wEbALnw8GeW7nrMImtexKWYVUBk=";
wireguardIp = "192.168.83.2";
listenIp = "144.126.144.62";
listenIp = "95.111.228.40";
};
vikunja.enable = true;
chatgpt = {};
xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
writefreely = {};
docker = {};
peertube = {};
};
};
specialisation.generic.configuration =

13
devices/vps7/secrets.yaml
View File

@@ -10,15 +10,16 @@ redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
misskey-misskey: ENC[AES256_GCM,data:OHjt9o+m++NT5aaFbwBT/wSMdUdgf4zscd/JxjCo5HDhC3WeWMJV7z//kATI5Dg4BWAhvPlL02Vrly4RraIzLw==,iv:sQB4/D2SsOuDR3bTrmlNg7o+6ehFznDsqVc3BX9pK20=,tag:tcwTBt/JhyW8ZTAIWIkWBA==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:amUqMycdXUFvjg66pXKnlZqiESBYMci0k8iYzj824SaEqHl3Nq/I0TjYX++xEUg+RGYyTIcSaj96HUANTKpc1A==,iv:ND1mQLHxltRlOdpJ80ywheGo6hkl7OgRyk9TguJMuTw=,tag:dhCCwnCOnyT2iXdEMK0szg==,type:str]
nextcloud: ENC[AES256_GCM,data:jwN/CqwkU/5Rd6w75/bV2Yej9b0CoxZaiJEcZXFx+9XUPY3Xg1tQdEr1SALG8xzOEdoL6WBVs14NvrrL25GeTQ==,iv:p5+0AB52QqScJwMhNIrM/7HAcRPdD9Z8xV6uwIDOwIg=,tag:f1XbNDDRXvGl/dkV9Wp2Ug==,type:str]
send: ENC[AES256_GCM,data:IGxj3cgp+fQBdupfK+IgPEQSPuXdM9LRSLGSATNIkzUWC6sQw1aaKTDuRc8cU2BG6quthRwuWnK/F7k3KrUi8Q==,iv:LI9MkaF4e47FPUyL7AXZpO+CdgF91ScdiqjrE8PZjJ4=,tag:eNugln5M0AhU1xmVWFN7Aw==,type:str]
mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str]
synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
postgresql:
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:Wwtd+hKI0s7m3PbEPHbnSyTsCkW0x8SYHUiCYuNSNCG8i4RAmiAbONNFfWN2hXnmTmRK79Tx/3GR+L0KMzmNGQ==,iv:BekTELToPQXUdZHyNtkuqKyZeez+moI6k907P7NhA3Q=,tag:A5YB0WIa1RkDCtzeBhiuyA==,type:str]
synapse_synapse: ENC[AES256_GCM,data:lzaggyuXM1XwsRxFHslsP89r8wEcgi6LNfbcm+pFWj6WLO8y8WaQIdOkiF3D2ToKDwcw5XgSGSt/VAk6lv+GeA==,iv:8WOL3jze797Wz9kSRq7YpY8OS1TBMqHYhfgZlluJlic=,tag:utNhs1AMbGthp6M2c0x67g==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
nextcloud: ENC[AES256_GCM,data:5UpYSMsZgUgEJHg0ou9Z1RTE+YFFUKuXwPtc6L5XxD4GNo8Gd3CvcQSNGAol+5DtyPKF3q1+ZgtScWGrqU1RyA==,iv:Zfm+Oa4eON8WiJzYUkMFawafDwo9pOnOpWkwHYLIKkk=,tag:4ECMla1dFfCrn7lILwWFNA==,type:str]
@@ -28,15 +29,12 @@ postgresql:
akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str]
peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
youtube-client-id: ENC[AES256_GCM,data:dPo4+HsfXHdxrgF9F0qJmOGcSHDCn2KIkHx3ZYZU94iv8ImiPI9dTRfoz0zq8UIN7rwIKidQu9GxCRrg9aXk34pc35SXzEh8JQ==,iv:ROVHb0QjVsNae9eJevG6qc5dc4gkrGt+Y7S2QYrzmQ4=,tag:Advoh75OKPC7CnIeL4GFbA==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:c/ALpo/4qJdccMgYiSLg9ZgG7ddaMYxHwJYZ/ogJN2ED21k=,iv:CkrIq+Vpuq28CsRNwdKRLnBq6L8NF37y4xhhnmHQHqQ=,tag:SKtHpm/QZWnGViDtSKlUUQ==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:65SbHggbYtfSfaaxJxRgD6+HpOX4vIfjnVZmOAZ9illPMYOu9MIchQ==,iv:49UuC8n6AGj1skuHzQX39Q/QuKlB9IxogIfiiy1GBnw=,tag:Rq6b0H9UFVZ19tU8ZeelRg==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:58nO7ADu2oH/OgLJNYrEEzhf1J0zt8EpuygnSANkGXJju5oSmtM7WLnaMEjC96q14OTTA9QLiFVsbxiFY1eUnraA5W7g7+6CYRXVRZaxz91D/dhKzHGTMjB/LynnNqEIc6liONlcHbyjZNQ+WIqPtjVpCKMN7Mi8cv81/cFX/1GqAwncgDD2oXh1hMPOVY4dYcGKuOG0GjlY6RgOgTPqU3HawQjnoWQjPF+lq2rnWD5HP9ZTxOYa7hm2GgPrxkq1fkRrq+kKYeDh+6M7VLDcm5Fpf+biq6F8fZWzmw4NlVZT9BG0vJFa,iv:vxYXg9Yg9qIWFQXtwTYa4Ds0KSxZYg3M6xdtXKbdaig=,tag:TzCPehk9w+BL4wwgDc1CPg==,type:str]
mail:
bot-encoded: ENC[AES256_GCM,data:HstqDfhKoLqDip9O+mwYGbNlNQ==,iv:CZSTfxJHhI6nG7501cQdJiZ9l3uKS7d5YsA8iVTUuoE=,tag:Rj3rvXJzDp8XzODV/gABog==,type:str]
bot: ENC[AES256_GCM,data:j4Y5oYeVt0sd2z2Qwuqisw==,iv:wasQCTqEMAyttbn1zm9oKck6QiByom+F7ZIMDUse9Gc=,tag:92O4ka6f0I9qnlnVy2dltA==,type:str]
@@ -122,9 +120,6 @@ xray-server:
private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
writefreely:
chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ -149,8 +144,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-05T02:43:01Z"
mac: ENC[AES256_GCM,data:frMtsfATEGOCwkR5g6sOLszwtBq1rfHvofevbzDHuKwJQtI4IXpfgyohyQ64tZ7K6YLqR0bf3yP9A7zyIxAzIvgKciIDdIYI/LUCAmOsUE9On70UiVxFj8WAL700geHfr2X+1Vzl9suMBA3E8h9O02wcuuD4gumZlLgXqzmbtZE=,iv:oB8W9+KO8jJbSnICsN5CMRCRs6uM6y8xszCyWlRCkV0=,tag:JxLLwUsE/7nxDAzMmUYdjg==,type:str]
lastmodified: "2024-08-20T15:48:48Z"
mac: ENC[AES256_GCM,data:buEby7ZmmEFARmRp3r7JwYdMck87u4c3TGkeF2pkc5ORnqIgwSH1XVSjlbK8vTBWz2FKXeQh9wkX3BMaam9dU873/yPBe54BnbZNggZ7jDDEpSTeddfTsM8mrka0xDO3CUHbwCsqYWFm4NLAbCfRPKhrjvSJVyEC85K3eO45Z6M=,iv:/7cOdSi6oiaaFRkSnR+1/XXapjlQdMgom31xrpIGXHk=,tag:XW4WX93bw45zPweblW4Dtg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

13
devices/xmupc1/README.md
View File

@@ -5,7 +5,7 @@
* 显卡:
* 409024 G 显存。
* 309024 G 显存。
* P5000: 16 G 显存。
* 2080Ti: 12 G 显存。
* 硬盘2 T。
# 队列系统SLURM
@@ -34,7 +34,7 @@ sbatch
提交一个 VASP GPU 任务的例子:
```bash
sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" --output=output.txt vasp-nvidia
sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" vasp-nvidia
```
* `--gpus` 指定使用GPU 的情况:
@@ -50,7 +50,7 @@ sbatch --gpus=1 --ntasks-per-gpu=1 --job-name="my great job" --output=output.txt
提交一个 VASP CPU 任务的例子:
```bash
sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great job" --output=output.txt vasp-intel
sbatch --ntasks=4 --cpus-per-task=4 --hint=nomultithread --job-name="my great job" vasp-intel
```
* `--ntasks=4 --cpus-per-task=4` 指定使用占用多少核。
@@ -85,7 +85,6 @@ scancel -u chn
```bash
scontrol top 114514
sudo scontrol update JobId=3337 Nice=-2147483645
```
要显示一个任务的详细信息(不包括服务器重启之前算过的任务):
@@ -131,8 +130,6 @@ sacct --units M --format=ALL -j 114514 | bat -S
-s, --oversubscribe
# 包裹一个二进制程序
--wrap=
# 设置为最低优先级
--nice=10000
```
# 支持的连接协议
@@ -191,7 +188,9 @@ RDP 暂时没有硬件加速(主要是毛玻璃之类的特效会有点卡)
samba 就是 windows 共享文件夹的那个协议。
* 地址:因为懒得管理暂时禁用。
* 地址:xmupc1.chn.moe
* 用户名:自己名字的拼音首字母
* 初始密码和 ssh 一样,你可以自己修改密码(使用 `smbpasswd` 命令。samba 的密码和 ssh/rdp 的密码是分开的,它们使用不同的验证机制。
在 windows 上,可以直接在资源管理器中输入 `\\xmupc1.chn.moe` 访问。
也可以将它作为一个网络驱动器添加(地址同样是 `\\xmupc1.chn.moe`)。

20
devices/xmupc1/default.nix
View File

@@ -48,15 +48,17 @@ inputs:
};
};
gui = { enable = true; preferred = false; autoStart = true; };
networking.hostname = "xmupc1";
nix.remote.slave.enable = true;
};
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
virtualization.kvmHost = { enable = true; gui = true; };
virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.enable = true;
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
smartd.enable = true;
beesd.instances =
{
@@ -73,16 +75,9 @@ inputs:
slurm =
{
enable = true;
master = "xmupc1";
node.xmupc1 =
{
name = "xmupc1"; address = "127.0.0.1";
cpu = { cores = 16; threads = 2; };
memoryMB = 94208;
gpus = { "p5000" = 1; "3090" = 1; "4090" = 1; };
};
partitions.localhost = [ "xmupc1" ];
tui = { cpuMpiThreads = 3; cpuOpenmpThreads = 4; gpus = [ "p5000" "3090" "4090" ]; };
cpu = { cores = 16; threads = 2; mpiThreads = 3; openmpThreads = 4; };
memoryMB = 94208;
gpus = { "2080_ti" = 1; "3090" = 1; "4090" = 1; };
};
xrdp = { enable = true; hostname = [ "xmupc1.chn.moe" ]; };
samba =
@@ -93,10 +88,9 @@ inputs:
};
groupshare = {};
hpcstat = {};
docker = {};
};
bugs = [ "xmunet" "amdpstate" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "zqq" ];
};
services.hardware.bolt.enable = true;
};

12
devices/xmupc1/secrets/default.yaml
View File

@@ -15,12 +15,8 @@ users:
yjq: ENC[AES256_GCM,data:ua0DINHutjt2Pk+SfHRQRV99mT3Cnw6rRKO8VRIAlP0dY6QhK9wkNdyRYWYRBKVrWgyFQMGNFYAxIpymjF/X7mBOVI2sOHLgkw==,iv:PUZ6S0KICuqoSA2sDLxdL4gtAOQnQXOUY+5f3qDZgpc=,tag:f39P34vAUOrV23BsKkRarA==,type:str]
#ENC[AES256_GCM,data:6qNjSdjck4Vz,iv:c/GNqCNgRgwgL+2f6Vumtjb/ub9WCBSy8R02NRCDqk8=,tag:b/tucJsHTjSfcK0vgHtE8A==,type:comment]
gb: ENC[AES256_GCM,data:3eAKBiJoC1owCHTFd3Xq8vI8VK980evePc92xCXJJ21M9D1MdbwN8ySZ3Ovjk7VfQmEo8oRv1Ll1sftyrXYoeTHmJsNDxCpR6A==,iv:Ju/ERNuGrgO5kYlbvmkbLJkgiW3Elou34AsJTFITCUg=,tag:POVlxYh9kZ1BMSbt97IVOQ==,type:str]
#ENC[AES256_GCM,data:/2y613pek/CO,iv:gqSh74Ac0BxPdO+fOsQ0K8t2YduwyTVOjMq/A5Wmoz0=,tag:jLUYXu7f27FruwH5rUUZSA==,type:comment]
wp: ENC[AES256_GCM,data:3jeHpeu1YlFhK2+o19q2/JyJPhZFivPbUQzJJbJZ15GzAVh7i1VsTSN31LufXAgsC8KjZHAPhEZlGYvnGpCvPzoISQa5NVAJdQ==,iv:bL3ohgbjA2agFKDwgw0H3LgiHTWB4Y5KlQAtHfEMr+w=,tag:SfLtj7iDcmV3dgOlITFvxA==,type:str]
#ENC[AES256_GCM,data:YIlY7n5pcJTp,iv:Y/+ogxaMgSl0vcMPRr3qdSHjjnnhY+N2Q6jFojzIDyQ=,tag:zat02jxJ8jI2uk8noslmHQ==,type:comment]
hjp: ENC[AES256_GCM,data:Ii4P9ZsUOEh3cqt3AKWlgUH1CMNnmHln9QNWdTRR3vZXkkR5j5qKAIrAltml/i3xFlt4hftYNufnupog4UlAVWQJhYBlhCSE4g==,iv:eKWmUcKItjd1dsvVP1se5CAhIFqV/eVH03gPJhBau1E=,tag:ZTE0BTSoDpJGqECklGjs2g==,type:str]
#ENC[AES256_GCM,data:hCgqHfpmeJ1Z,iv:pEKUNxhUyNAVtniTIQ2IpMPmXr2O+twq2/3Y2lIoqdw=,tag:RTqcI0XCoOymQD3r4+yS9Q==,type:comment]
zzn: ENC[AES256_GCM,data:/CSffToFJiBotXZ5rPkz0UNgI/iC0ftusPF2Ce6Of3XckjpCcikWj6n3ahJ24XsWQjp3EvacOiBorh+Kg16LjCEl0P2RMIitTQ==,iv:u9IFdp/jw7ehTshPzQVssLeh33iBYCPjSyJSLsc5EVo=,tag:/KXgmU7dcTKG8C4Y7NcMhw==,type:str]
#ENC[AES256_GCM,data:oniighfvCNGWUwdhqg==,iv:RVUuZBqCd111QJ7MpgYBuP4fDCzm4NZAtbua9kXkrJM=,tag:21zF8E/3lBTDr54I9NKPVg==,type:comment]
zqq: ENC[AES256_GCM,data:Vjbbs8xIlH3+of7+kLGFVp4bIizU8D5R1qRbCqP5FhzTadXA8KD9/uiYxtrV3oxYGwZ/RlLvriHMClob4ihyDF4U2t8Dc4eVqA==,iv:FjCftpfKPZYThiNOyNkhx9uNyWIsjC5sK5WWcaEBtiY=,tag:MTL490c2SeFGx3EhxEdvkA==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:qQMD8SKNmxb3PdScXNqppF9zkX7dV5i7rvljvZuhiI5zLnu77qYCHBW6ymh0mrY14N9NjxmQZhZWX/H8TvBlcg==,iv:J5N3LjCYW3QmuEkMBpl7qvPFW1Z9ZoPLkj45jKcIW9U=,tag:Tl+ld07+lVkmzt7f/f2MqQ==,type:str]
hpcstat:
@@ -52,8 +48,8 @@ sops:
ZDNHUjE2QVlCV3p0NHdKYW5IMHVBZzQKkZtfyvfroOntg3yRjMw4jQHiQj8eaB2h
IeIHfW4y01mmVT2ofbtB0xYpjcl4gtUlQ8X3tn5iJ9P8gcVo0G598A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:59:56Z"
mac: ENC[AES256_GCM,data:zd3ivzjgdbwGZpZssHeIwwkKFfHDxo/dzvb8ptw9noZ4hDVoC5RL9M/OLN6GrRM0wtpNFZJDs7Zz0i1zMascXdVu6mou/0il6/96r+FkQVBJWbrkY36Lk7ntDAcQmZKWxSUfSF0JPHx1rbkIQSVtsLQrpui9UDxaY5DP23xjLQg=,iv:+ouEpSlo0EovK0Qh27tm7NXSYncbjEc/EMWfWHIrCqE=,tag:4CHXmsJ4LhFBmbep3Wil3w==,type:str]
lastmodified: "2024-08-21T09:56:03Z"
mac: ENC[AES256_GCM,data:9+AR9Y6ik+BH1Spk62LSTU1NFQ8ID0YROF+yf8ss2RqhfP6/5+lsrNjGC7gnEEMYF8UWVtChUuljIK3Q4MtT64JhDWgp8tenbpkJnRFGylzEe37MYajdDY7nrPP7iPUPNvS1ndo6vp/yuEigBXVhCtpjMObj7zIdGnLbtz0sczA=,iv:gNb8gVp9adnlZsMM2afOlFe46Vy15ELmC9vGaaeaInY=,tag:rltLL3WSZytjEemgjCy6Ng==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

8
devices/xmupc2/README.md
View File

@@ -4,7 +4,7 @@
* 内存256 G。
* 显卡:
* 409024 G 显存。
* ~~P500016 G 显存~~暂时拔掉了,否则 4090 供电不够
* P500016 G 显存。
* 硬盘18 T。
# 支持的连接协议
@@ -18,12 +18,14 @@
## RDP
* 地址xmupc2.chn.moe:3390
* 地址xmupc2.chn.moe
* 用户名:自己名字的拼音首字母
* 密码和 ssh 一样(使用同样的验证机制)。
## samba
因端口冲突暂时禁用。
* 地址xmupc2.chn.moe
* 用户名:自己名字的拼音首字母
* 初始密码和 ssh 一样。
其它内容请阅读 [xmupc1](../xmupc1) 的说明,两台机器的软件大致是一样的。

32
devices/xmupc2/default.nix
View File

@@ -41,25 +41,17 @@ inputs:
};
};
gui = { enable = true; preferred = false; autoStart = true; };
nix =
{
marches =
[
"broadwell" "skylake"
# AVX512F CLWB AVX512VL AVX512BW AVX512DQ AVX512CD AVX512VNNI
# "cascadelake"
];
remote.slave.enable = true;
};
grub.windowsEntries."8F50-83B8" = "";
networking.hostname = "xmupc2";
nix.remote.slave.enable = true;
};
hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; };
virtualization.kvmHost = { enable = true; gui = true; };
virtualization = { waydroid.enable = true; docker.enable = true; kvmHost = { enable = true; gui = true; }; };
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.enable = true;
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
wireguard =
@@ -72,24 +64,16 @@ inputs:
slurm =
{
enable = true;
master = "xmupc2";
node.xmupc2 =
{
name = "xmupc2"; address = "127.0.0.1";
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryMB = 253952;
gpus."4090" = 1;
};
partitions.localhost = [ "xmupc2" ];
tui = { cpuMpiThreads = 8; cpuOpenmpThreads = 10; gpus = [ "4090" ]; };
cpu = { sockets = 2; cores = 22; threads = 2; mpiThreads = 4; openmpThreads = 10; };
memoryMB = 253952;
gpus = { "4090" = 1; "p5000" = 1; };
};
xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
docker = {};
};
bugs = [ "xmunet" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "zqq" ];
};
};
}

10
devices/xmupc2/secrets/default.yaml
View File

@@ -15,10 +15,8 @@ users:
yjq: ENC[AES256_GCM,data:sGPQ0xALULREnhzl9g/V91M5osMglsSps6R4gYn5OZc/4xVC1phF3qajVN3YMOr7kKgkHbF2Rjm6/2vuK0k1iYZnFswUAmFlmw==,iv:5vG1hn7SlX6HCpas2BgxBSwWqLby8OCxcH3EKNvceIc=,tag:TVwFBAuosKnEOZecq1phXw==,type:str]
#ENC[AES256_GCM,data:ALHxkRABA+ll,iv:r1IDiHLFcTdLID3q16zrLTavAwQfddC7bXMKcFZFveI=,tag:4Pd0/Q1BmH4gJjaM4hbqqQ==,type:comment]
gb: ENC[AES256_GCM,data:z4CrtdmdLJJ0qZzr7qvihnluJQgjtciX56KdEmtemiRu0llEJk9qz6a23aJ7m40Sfc38elF1/LsvjOuBOC87+BVkKDCj76phag==,iv:WrFVxkr3snmqDXZx5kAYCLp7ixEIzxoT7El3rV7Ovqg=,tag:iExf2Y/HObHQrKMTRvqn7A==,type:str]
#ENC[AES256_GCM,data:XfNExliq7noL,iv:K+rFlZHF1oY5rsTzaO0mgxiE1VlKdtPTifAaesg321k=,tag:Dja8NmPWZdJkf/J/96/wAw==,type:comment]
wp: ENC[AES256_GCM,data:yjMDez28pJUo6riIHypQQgjGFbuLwy87eG4ek/+Li2w8b4Cm5JckRvs26o+S0blfICc8WqIqEJGakT2wVBE5O1jGfniKn3PhTA==,iv:dOA318XRd2EXxmTIlk6GhlAR/FBpbKkbPJJCXTwFCxM=,tag:9MkXNUuAoplAzE+4eJpr0w==,type:str]
#ENC[AES256_GCM,data:YGcTkNCeu3m7,iv:jYmVrfRFwQoX1XxeSzS23wRMAD/AnzYBXQjI76Ke2FE=,tag:WJfSmjdggzPojDcJ6GzP+A==,type:comment]
hjp: ENC[AES256_GCM,data:0R5SfBFKuLGurwINnTj31FOrwwfY9bqVS1rG/a0HqIYd+Ui8/2ffFBx0Et+tYIqcxXEJpGbvse43V0naNKmFKlLanfcy9YV/Hg==,iv:mpAUmcVHWWLoreEsG9ha09jxte8mQCLt/A7nm04iX9Y=,tag:bia9pjL0MAcs9vj1gKCVCQ==,type:str]
#ENC[AES256_GCM,data:UoNCXbGIHDNsmyCJxw==,iv:uTNvqg4xm7E+yn8vFaaihbEGEhLTZ2FNFNCYzdgiDlU=,tag:4bRSZbx6FFzA6MiBYVu0qw==,type:comment]
zqq: ENC[AES256_GCM,data:sfgufV++PfTrdeUBXZhmF1JoSpD8Nj+m0QKFrUMJG/pHb0AUagJEWEJwPsI+m91tZE0qxM271ks+WKqLElmyD4Ftw7ywWzTE0Q==,iv:R05QFUF+fvIHidWpHIR/D/e+UeciS5ehnx1kx+saCgM=,tag:3Awnd+pUQRxjjQ58SUX7Mg==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
sops:
@@ -45,8 +43,8 @@ sops:
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-30T06:31:36Z"
mac: ENC[AES256_GCM,data:UUzv3IewuF4rhbrL2haJ0495p1d4wXA7LHa5ogc5TSv+ZAYuN/HL3VCXQzzKQrzqD3LtgC3DrGgmMNGVyAIzqVFYYxVuAwb03ov+lOp3SHvLTCMqkETbcE525aAIVWNqBXp7RBn7tKC4AD4y7AQihSYhBXO8VF1PeccjaCnN7R8=,iv:G0s8qchlgcm5HVshTKnGyt8nk+D4QYyP7n+5R0TOb8A=,tag:DspvfLf1pBs+/ol8GzT7Xw==,type:str]
lastmodified: "2024-08-21T09:56:44Z"
mac: ENC[AES256_GCM,data:COodLhpL5EA5g15lgimsuxs1vmqJrLDVgtjw+0FLKTq6E1pcQ+zJl+dD0b9u5fYy9BBf56TI8TLJahVPR0eGxbDFlHmx8M9GStlTqaOE3jRsDT8GsihdlvLokyVt8jEfAnaWESTIgfehVL2TrLlsMnIsoVHrzdlEhX5ATXA3QOg=,iv:U/EwFmYWOcxi7ItkR/+MT8gTu7UobH5pxS00qrH/yyU=,tag:RVMcx4X0IS9yvpHrF0owpg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

515
flake.lock generated
View File

@@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1728233826,
"narHash": "sha256-83/OY95iYtZFvjbDXBKo7SFs2GplDvpR2E5N/DDXSRs=",
"lastModified": 1722680456,
"narHash": "sha256-q3ZxjLD/6WnAGwihLlRLoEzIEaVE1AqnH5h1TePYP/I=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "7b8059162c32fc8a246bfb1736cd620751952fdc",
"rev": "54264a57d0c58afd12888eb1c576f96ca811530c",
"type": "github"
},
"original": {
@@ -21,22 +21,6 @@
"type": "github"
}
},
"blog": {
"flake": false,
"locked": {
"lastModified": 1728549173,
"narHash": "sha256-j2fKbd38tPnCS9TQNneGwfC8z9tASzrdoZT9iOOpIvc=",
"ref": "refs/heads/main",
"rev": "de2438b2894cd89c1e3626a8b78566e6c2b6d497",
"revCount": 23,
"type": "git",
"url": "https://git.chn.moe/chn/blog.git"
},
"original": {
"type": "git",
"url": "https://git.chn.moe/chn/blog.git"
}
},
"blurred-wallpaper": {
"flake": false,
"locked": {
@@ -60,26 +44,26 @@
]
},
"locked": {
"lastModified": 1726983918,
"narHash": "sha256-eRGl50mhbJRT9Mk2NbePr6yzxzZRygndx4O7kObVa3g=",
"lastModified": 1713974364,
"narHash": "sha256-ilZTVWSaNP1ibhQIIRXE+q9Lj2XOH+F9W3Co4QyY1eU=",
"ref": "refs/heads/master",
"rev": "7370c1d1ef2421608e1355368361af92777a2c6c",
"revCount": 940,
"rev": "de89197a4a7b162db7df9d41c9d07759d87c5709",
"revCount": 937,
"type": "git",
"url": "https://git.chn.moe/chn/bscpkgs.git"
"url": "https://pm.bsc.es/gitlab/rarias/bscpkgs.git"
},
"original": {
"type": "git",
"url": "https://git.chn.moe/chn/bscpkgs.git"
"url": "https://pm.bsc.es/gitlab/rarias/bscpkgs.git"
}
},
"catppuccin": {
"locked": {
"lastModified": 1724469296,
"narHash": "sha256-p3R4LUNk6gC+fTKRUm9ByXaoRIocnQMwVuJSIxECQ8o=",
"lastModified": 1723691425,
"narHash": "sha256-F25VvHFMaqr26b7goaVWspXaK6XTRFz8RnILV+9OPkk=",
"owner": "catppuccin",
"repo": "nix",
"rev": "874e668ddaf3687e8d38ccd0188a641ffefe1cfb",
"rev": "552056779a136092eb6358c573d925630172fc30",
"type": "github"
},
"original": {
@@ -104,11 +88,11 @@
"yafas": "yafas"
},
"locked": {
"lastModified": 1724689493,
"narHash": "sha256-fNjxhUlj1/tsz4NmVvGiomEhnRlzRNi4/FUmYr7QO5I=",
"lastModified": 1723531925,
"narHash": "sha256-QPETOkVNZwm3Zx0FRfkrPWScbc46I5QwIOdBmByYtKg=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "9fbc509c51ab1e49b5c54a8c06d492830f6d8437",
"rev": "b8b1c616f8b869af7bce3179ad423e3d45b0d079",
"type": "github"
},
"original": {
@@ -219,11 +203,11 @@
"eigen": {
"flake": false,
"locked": {
"lastModified": 1724459406,
"narHash": "sha256-CzysP5sq15+5U/hBBrP9lLecAa09OJH6a1bQ+pmWAVU=",
"lastModified": 1723671724,
"narHash": "sha256-ZYRLIWSqTCUjPvUXONCPlLxUBIlgoF8P/oWEFeJSBuk=",
"owner": "libeigen",
"repo": "eigen",
"rev": "c5189ac656c2bf5eead9bc967282cf084cbaeb64",
"rev": "92e373e6f553dd842337c8467f4ddb669e0e9199",
"type": "gitlab"
},
"original": {
@@ -241,11 +225,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1724111875,
"narHash": "sha256-Cit1pRfzgq8G1vCMRQ4eE4YdaUJPCxvj0p3EvhIPAUY=",
"lastModified": 1719875359,
"narHash": "sha256-JwF3XxYsnVwZwYrHnWuM1KbtiwnhALAlpw5KGpvZek0=",
"owner": "Mic92",
"repo": "envfs",
"rev": "c8493adca165b700f53a53e06f578f3b9f64bcfc",
"rev": "135193473c3eac12922802f42760e2228a6f5ff6",
"type": "github"
},
"original": {
@@ -254,6 +238,22 @@
"type": "github"
}
},
"fcitx5-virtualkeyboard-ui": {
"flake": false,
"locked": {
"lastModified": 1724249565,
"narHash": "sha256-flMCrq4HEhugiwKXCd4xZkgZVF+XUo0C+L0OhRXCfIE=",
"owner": "CHN-beta",
"repo": "fcitx5-virtualkeyboard-ui",
"rev": "695bf005da908c79f1d461c3b0801ce651f34ade",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"repo": "fcitx5-virtualkeyboard-ui",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
@@ -263,11 +263,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1724394478,
"narHash": "sha256-JSiv2uwI4UJo/4pxt4255BfzWCiEberJmBC6pCxnzas=",
"lastModified": 1723444276,
"narHash": "sha256-ErWXmB84hedrDmeaHOaFFfNShC21AopTfM4x4rlvk3c=",
"owner": "nix-community",
"repo": "fenix",
"rev": "2e7bcdc4ef73aa56abd2f970e5a8b9c0cc87e614",
"rev": "70c22198ab822aa93c92a7ec0933908b17131edd",
"type": "github"
},
"original": {
@@ -502,42 +502,6 @@
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-lfs-transfer": {
"flake": false,
"locked": {
@@ -592,22 +556,6 @@
"type": "github"
}
},
"hextra": {
"flake": false,
"locked": {
"lastModified": 1727602023,
"narHash": "sha256-fYfevapv+7x4WmYmte3vhQeOakHMchBGC7eYvOMru+0=",
"owner": "imfing",
"repo": "hextra",
"rev": "94624bcac67cf587ec1006a9c2f0d72fbce9f135",
"type": "github"
},
"original": {
"owner": "imfing",
"repo": "hextra",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -615,11 +563,11 @@
]
},
"locked": {
"lastModified": 1724435763,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"lastModified": 1723399884,
"narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"rev": "086f619dd991a4d355c07837448244029fc2d9ab",
"type": "github"
},
"original": {
@@ -630,11 +578,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1724489415,
"narHash": "sha256-ey8vhwY/6XCKoh7fyTn3aIQs7WeYSYtLbYEG87VCzX4=",
"lastModified": 1719091691,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "c7f5b394397398c023000cf843986ee2571a1fd7",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
"type": "github"
},
"original": {
@@ -652,11 +600,11 @@
]
},
"locked": {
"lastModified": 1724304322,
"narHash": "sha256-/nrlMDubg9oG2VNANRBxsas5RbcJtB6IIDPZC3yHLW8=",
"lastModified": 1723367191,
"narHash": "sha256-noi5tre7BLtxImN38jEHeVOtOG1Xu37sJFwHKSAPHjo=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "924a18ea8df89a39166dd202f3e73cd022825768",
"rev": "91178062f365b64eece94c5dff93e09b07e87d9d",
"type": "github"
},
"original": {
@@ -668,11 +616,11 @@
"kylin-virtual-keyboard": {
"flake": false,
"locked": {
"lastModified": 1723713444,
"narHash": "sha256-AvuoCe9ka0tfXtNW0KxInRI6xoSayiyrX+tBlAjGNLY=",
"lastModified": 1710313521,
"narHash": "sha256-A8Y+lvAPlh0HeTxTaHCdAD/CilQCQwsX4C+fBBKaqTU=",
"ref": "refs/heads/upstream",
"rev": "eba6dbbfd5d3d4128cbd300be7e109088cd82858",
"revCount": 162,
"rev": "a8ec88762d63d676aae4f5f1e6d9d1dedf07cf28",
"revCount": 161,
"type": "git",
"url": "https://gitee.com/openkylin/kylin-virtual-keyboard.git"
},
@@ -684,11 +632,11 @@
"lepton": {
"flake": false,
"locked": {
"lastModified": 1724686250,
"narHash": "sha256-Ngof+vfBm/3HFtjsNZGo9sWIHuoAet8v3f/FSMbARr4=",
"lastModified": 1723185812,
"narHash": "sha256-Mtnoit1CAGJoc8eiJ+0vfGc9v+3tomm8V8/tWfeAj7o=",
"owner": "black7375",
"repo": "Firefox-UI-Fix",
"rev": "c346292707c4507e2ccd890adacba65c85dc62d1",
"rev": "c79922aa45ff04a62e04ef0f8562dc53990b5208",
"type": "github"
},
"original": {
@@ -700,11 +648,11 @@
"linux-surface": {
"flake": false,
"locked": {
"lastModified": 1723861744,
"narHash": "sha256-a4rrhMYb75Kk4G7JEZkacJPWI4u7o5xX88hwgty38D8=",
"lastModified": 1723804050,
"narHash": "sha256-MYwEgnw3KjEm6oh39XUmCq12tKdH+0QZj9SZlWbwyxo=",
"owner": "linux-surface",
"repo": "linux-surface",
"rev": "9103a6bf08d622fd583fd9839d2dc4ef9b2a46e2",
"rev": "4439a5efb6516c443df5f52173cb55aef01560d1",
"type": "github"
},
"original": {
@@ -716,11 +664,11 @@
"lmod": {
"flake": false,
"locked": {
"lastModified": 1724105894,
"narHash": "sha256-MhoKG0QwTAccK0NE8vnm325T8Azqy4VKf77LGaSDNZI=",
"lastModified": 1723142745,
"narHash": "sha256-bNTOW6MffUpiGEfZxP1MSioa2MpYW456wymXHO5Uvr4=",
"owner": "TACC",
"repo": "Lmod",
"rev": "c7974de5ba3376c7bdc123c42a8e9c3648a84ec4",
"rev": "efd893e9a2dab1300a0d6f3ea998dc3503fd8d39",
"type": "github"
},
"original": {
@@ -748,11 +696,11 @@
"misskey": {
"flake": false,
"locked": {
"lastModified": 1727700498,
"narHash": "sha256-h0oJ9128xsNGLzLTssjnTT+11vW4y+jrjy6p9qq6jFE=",
"lastModified": 1724207820,
"narHash": "sha256-tm4YTpKqI7g4ACn8vkJUIFQmKcHlcDTkoBCrHEd3fp8=",
"ref": "refs/heads/chn-mod",
"rev": "1eeabe04311c4aed657b184666152eeb5e837df9",
"revCount": 26110,
"rev": "ac5c495d437fcdba2c523308119477a750440f3d",
"revCount": 25947,
"submodules": true,
"type": "git",
"url": "https://github.com/CHN-beta/misskey"
@@ -798,11 +746,11 @@
"nc4nix": {
"flake": false,
"locked": {
"lastModified": 1724637826,
"narHash": "sha256-/ZI1Bs96JyTxOnG12Rqx2o8aYfwqKxF7IMCUIfLBX3w=",
"lastModified": 1724033015,
"narHash": "sha256-L0HSyoCAfrPF0zdlMmwu7Bpcqz43UsRFkTnXPZjLRiY=",
"owner": "helsinki-systems",
"repo": "nc4nix",
"rev": "c082bb1e4d237090bec9cb845af43627766724a9",
"rev": "924dc2b20cac3bf48f7204d58255a9c62bf80f96",
"type": "github"
},
"original": {
@@ -871,27 +819,6 @@
"type": "github"
}
},
"nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@@ -899,11 +826,11 @@
]
},
"locked": {
"lastModified": 1724576102,
"narHash": "sha256-uM7n5nNL6fmA0bwMJBNll11f4cMWOFa2Ni6F5KeIldM=",
"lastModified": 1723352546,
"narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "e333d62b70b179da1dd78d94315e8a390f2d12e5",
"rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
"type": "github"
},
"original": {
@@ -920,11 +847,11 @@
]
},
"locked": {
"lastModified": 1723950649,
"narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=",
"lastModified": 1723352546,
"narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "392828aafbed62a6ea6ccab13728df2e67481805",
"rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
"type": "github"
},
"original": {
@@ -942,11 +869,11 @@
]
},
"locked": {
"lastModified": 1724635787,
"narHash": "sha256-01rsv0PLT/x5BZybqTnrlYipnG1CFF5s7ZX9otCnFlM=",
"lastModified": 1723685172,
"narHash": "sha256-TXrwOBvk9yQnfS9zgyG6jWJA7bK+UVfnSoGX1Gp4/uU=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "d1980fd00e84460f6769cc1684899fead5224080",
"rev": "e470c879f34c9f3915d7f1fe95c33f9a958f8c10",
"type": "github"
},
"original": {
@@ -986,29 +913,13 @@
"type": "github"
}
},
"nixos-wallpaper": {
"flake": false,
"locked": {
"lastModified": 1715952274,
"narHash": "sha256-i2L4L9mV/wOl6QV+d8pyLZUHS+QIFJN5lYuQrP+CSjk=",
"ref": "refs/heads/main",
"rev": "1ad78b20b21c9f4f7ba5f4c897f74276763317eb",
"revCount": 1,
"type": "git",
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
},
"original": {
"type": "git",
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1727884105,
"narHash": "sha256-J4lHJFQp7AFEa+O52KgYMCXkffAgpXWGyD89AU8xeJE=",
"lastModified": 1724171353,
"narHash": "sha256-Qdxgirl1bChkSnTgvHibkzF0wnak6HtRA0bLB4cindQ=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "e8db202a0ba0b25d01c01b49ed3025f7b0900d59",
"rev": "3f0bb934a09d868ce7e5a4a4ce415afb71a2655e",
"type": "github"
},
"original": {
@@ -1084,11 +995,11 @@
},
"nixpkgs-24_05": {
"locked": {
"lastModified": 1723938990,
"narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=",
"lastModified": 1723556749,
"narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890",
"rev": "4a92571f9207810b559c9eac203d1f4d79830073",
"type": "github"
},
"original": {
@@ -1154,22 +1065,6 @@
"type": "github"
}
},
"nu-scripts": {
"flake": false,
"locked": {
"lastModified": 1725014865,
"narHash": "sha256-EmlwDTEby2PAOQBUAhjiBJ8ymVW3H23V78dFaF8DQKw=",
"owner": "nushell",
"repo": "nu_scripts",
"rev": "614b0733104a7753ed7d775224fe5918877b71de",
"type": "github"
},
"original": {
"owner": "nushell",
"repo": "nu_scripts",
"type": "github"
}
},
"nur-linyinfeng": {
"inputs": {
"devshell": "devshell",
@@ -1184,11 +1079,11 @@
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1724610772,
"narHash": "sha256-XAOnvYuIAMv7V2YVnVLUpMb+kzmxFxaXCaQASyJq7Ho=",
"lastModified": 1723573880,
"narHash": "sha256-OWRxvKlh7+s4VhYiLEC8Dr5MLQ6vlTWFgCTIkO80XMs=",
"owner": "linyinfeng",
"repo": "nur-packages",
"rev": "4593675609c0064d9a01e11df2e5c1ff369b98be",
"rev": "70d09e1e7c10f81b697e3ac2315cbf6779ed62b0",
"type": "github"
},
"original": {
@@ -1210,11 +1105,11 @@
"treefmt-nix": "treefmt-nix_4"
},
"locked": {
"lastModified": 1724379880,
"narHash": "sha256-PatYnOuctc4rYrY7EqUDXbGkeRbyvhNIC845b0HS+oQ=",
"lastModified": 1723629877,
"narHash": "sha256-gd0Dnx1igw1wHvkmihrtVPf/9sWdHgWCsCTpQglBZs0=",
"owner": "xddxdd",
"repo": "nur-packages",
"rev": "655aedb45bb67e16c7ac2a116614f28d36eec8b9",
"rev": "68859480c1412142ad1e011b9f41f12bbee132c1",
"type": "github"
},
"original": {
@@ -1278,17 +1173,16 @@
"openxlsx": {
"flake": false,
"locked": {
"lastModified": 1716560554,
"narHash": "sha256-Aqn1830lG4g7BbwEeePhvGawLarmrIMnF2MXROTUBCw=",
"lastModified": 1722960074,
"narHash": "sha256-KaexHI/Bl3aChkt2glN2oRJREYqFSOAO0Qn6pPccSXw=",
"owner": "troldal",
"repo": "OpenXLSX",
"rev": "f85f7f1bd632094b5d78d4d1f575955fc3801886",
"rev": "06425d541d09907799e93a4226691126bd60af5e",
"type": "github"
},
"original": {
"owner": "troldal",
"repo": "OpenXLSX",
"rev": "f85f7f1bd632094b5d78d4d1f575955fc3801886",
"type": "github"
}
},
@@ -1302,11 +1196,11 @@
]
},
"locked": {
"lastModified": 1724556439,
"narHash": "sha256-gPR3sxkKxISUvydnqoj54znpUkK8av/HVFuFJuYUw3w=",
"lastModified": 1723587631,
"narHash": "sha256-FZ27DsgOROvv/4Cvo34UcIqEJLQ6cKIWHcQsM3zLN3I=",
"owner": "pjones",
"repo": "plasma-manager",
"rev": "5c97fe8af2a2e561f14195ed357d8c451fdbff4c",
"rev": "76dab4ba280ddd1b6c5aec0bb0aa0ace201c39ae",
"type": "github"
},
"original": {
@@ -1315,46 +1209,6 @@
"type": "github"
}
},
"pocketfft": {
"flake": false,
"locked": {
"lastModified": 1722531938,
"narHash": "sha256-1kfMW9xGHtYiiCD4Qh4rXEuAi9EIzJ4lR+YLGjqzoaU=",
"owner": "mreineck",
"repo": "pocketfft",
"rev": "bb87ca50df0478415a12d9011dc374eeed4e9d93",
"type": "github"
},
"original": {
"owner": "mreineck",
"repo": "pocketfft",
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_6",
"treefmt-nix": "treefmt-nix_5"
},
"locked": {
"lastModified": 1725358301,
"narHash": "sha256-clY4INR7RjOVKya3FGNYvOhyFyUhd3dGQsnV2Za3rz0=",
"owner": "CHN-beta",
"repo": "poetry2nix",
"rev": "1f803d2b2faa5b785dfd2fafe99b2411731bf08c",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_5",
@@ -1366,11 +1220,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1723803910,
"narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=",
"lastModified": 1723202784,
"narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba",
"rev": "c7012d0c18567c889b948781bc74a501e92275d1",
"type": "github"
},
"original": {
@@ -1379,22 +1233,6 @@
"type": "github"
}
},
"py4vasp": {
"flake": false,
"locked": {
"lastModified": 1718736886,
"narHash": "sha256-uAKhxPwiI3glSKMfynDIUrXQ7s2sfKw/PGVNoP40y00=",
"owner": "vasp-dev",
"repo": "py4vasp",
"rev": "661b9efed3824b36e67c559f4120b5ecfd231bce",
"type": "github"
},
"original": {
"owner": "vasp-dev",
"repo": "py4vasp",
"type": "github"
}
},
"qchem": {
"inputs": {
"nixpkgs": [
@@ -1402,11 +1240,11 @@
]
},
"locked": {
"lastModified": 1724664864,
"narHash": "sha256-VEaGrv5sGNIdN6eQADXH9GylMp7X7qKCfOBmX93lsik=",
"lastModified": 1723036528,
"narHash": "sha256-/w7Yv1c16nz9O8DQQsBUNWLaR1Y278g8ebHCTD8Wb1E=",
"owner": "Nix-QChem",
"repo": "NixOS-QChem",
"rev": "7fcab915d585fd3c4261ec21585d4e9e117bc2c9",
"rev": "437d809ed9c6cdc4cee9b0e1d04ac6061f8f30f1",
"type": "github"
},
"original": {
@@ -1419,7 +1257,6 @@
"root": {
"inputs": {
"aagl": "aagl",
"blog": "blog",
"blurred-wallpaper": "blurred-wallpaper",
"bscpkgs": "bscpkgs",
"catppuccin": "catppuccin",
@@ -1430,9 +1267,9 @@
"date": "date",
"eigen": "eigen",
"envfs": "envfs",
"fcitx5-virtualkeyboard-ui": "fcitx5-virtualkeyboard-ui",
"git-lfs-transfer": "git-lfs-transfer",
"gricad": "gricad",
"hextra": "hextra",
"home-manager": "home-manager",
"impermanence": "impermanence",
"kylin-virtual-keyboard": "kylin-virtual-keyboard",
@@ -1449,32 +1286,25 @@
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware",
"nixos-wallpaper": "nixos-wallpaper",
"nixpkgs": "nixpkgs",
"nixpkgs-22.05": "nixpkgs-22.05",
"nixpkgs-22.11": "nixpkgs-22.11",
"nixpkgs-23.05": "nixpkgs-23.05",
"nixpkgs-23.11": "nixpkgs-23.11",
"nodesoup": "nodesoup",
"nu-scripts": "nu-scripts",
"nur-linyinfeng": "nur-linyinfeng",
"nur-xddxdd": "nur-xddxdd",
"openxlsx": "openxlsx",
"plasma-manager": "plasma-manager",
"pocketfft": "pocketfft",
"poetry2nix": "poetry2nix",
"py4vasp": "py4vasp",
"qchem": "qchem",
"rsshub": "rsshub",
"rycee": "rycee",
"slate": "slate",
"sockpp": "sockpp",
"sops-nix": "sops-nix",
"spectroscopy": "spectroscopy",
"sqlite-orm": "sqlite-orm",
"tgbot-cpp": "tgbot-cpp",
"v-sim": "v-sim",
"winapps": "winapps",
"zpp-bits": "zpp-bits",
"zxorm": "zxorm"
}
@@ -1482,11 +1312,11 @@
"rsshub": {
"flake": false,
"locked": {
"lastModified": 1725304080,
"narHash": "sha256-Hq64xQwl6r6bEwJHtQ745Bf8mjid8BfUlix7HRvGaU0=",
"lastModified": 1723692588,
"narHash": "sha256-4z39e+om3z3Rcm66NmV5VUfbMueZ/iE+A51SvDf4I9c=",
"owner": "DIYgod",
"repo": "RSSHub",
"rev": "b5ad2fa0cb08e4a718285de575a97b107152eea1",
"rev": "351578a8767f8faa06a26eeace168622503e7682",
"type": "github"
},
"original": {
@@ -1498,11 +1328,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1724345276,
"narHash": "sha256-MKvjkqVL/RJ3QXOA8tSUoK7HHXVGSB2AL+vKxU4Cf+c=",
"lastModified": 1723304838,
"narHash": "sha256-xAxVDxuvCs8WWkrxVWjCiqxTkHhGj7sSppr1YMuEdT8=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "9b724459b5900c2424f5069023d6596a8617284b",
"rev": "0daeb5c0b05cfdf2101b0f078c27539099bf38e6",
"type": "github"
},
"original": {
@@ -1515,11 +1345,11 @@
"rycee": {
"flake": false,
"locked": {
"lastModified": 1725783932,
"narHash": "sha256-ZrDE5yqkgiv0F34w1QFz1oZnNnReW0PEA6vjO6gx4Uc=",
"lastModified": 1723694590,
"narHash": "sha256-7cufibbD4mf84wPBOTq0bNYjtUz5/Aq1azv9Nil5bzk=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "58ac93a2ade218ea5e4dae38246030c7342b1eb4",
"rev": "bc49bde3aa2e9408a22bf62d2faf4358508ce4b6",
"type": "gitlab"
},
"original": {
@@ -1583,30 +1413,14 @@
"type": "github"
}
},
"spectroscopy": {
"flake": false,
"locked": {
"lastModified": 1709899498,
"narHash": "sha256-xZ3AzNqrL73SPyUtVKGE+GDppou/GoatBrRCYVfiv0s=",
"owner": "skelton-group",
"repo": "Phonopy-Spectroscopy",
"rev": "316fbf4f45e2f8d134acf67374de905c705d7db7",
"type": "github"
},
"original": {
"owner": "skelton-group",
"repo": "Phonopy-Spectroscopy",
"type": "github"
}
},
"sqlite-orm": {
"flake": false,
"locked": {
"lastModified": 1724485979,
"narHash": "sha256-jgRCYOtCyXj2E5J3iYBffX2AyBwvhune+i4Pb2eCBrA=",
"lastModified": 1679666045,
"narHash": "sha256-KqphGFcnR1Y11KqL7sxODSv7lEvcURdF6kLd3cg84kc=",
"owner": "fnc12",
"repo": "sqlite_orm",
"rev": "6630268477b1df9d22a6a563c62aec2c91ee4249",
"rev": "ff7c878af872f7987b62d825284fb25d6043af10",
"type": "github"
},
"original": {
@@ -1675,50 +1489,6 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tgbot-cpp": {
"flake": false,
"locked": {
@@ -1785,11 +1555,11 @@
]
},
"locked": {
"lastModified": 1724338379,
"narHash": "sha256-kKJtaiU5Ou+e/0Qs7SICXF22DLx4V/WhG1P6+k4yeOE=",
"lastModified": 1723454642,
"narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "070f834771efa715f3e74cd8ab93ecc96fabc951",
"rev": "349de7bc435bdff37785c2466f054ed1766173be",
"type": "github"
},
"original": {
@@ -1806,32 +1576,11 @@
]
},
"locked": {
"lastModified": 1723808491,
"narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
"lastModified": 1723454642,
"narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_5": {
"inputs": {
"nixpkgs": [
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719749022,
"narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"rev": "349de7bc435bdff37785c2466f054ed1766173be",
"type": "github"
},
"original": {
@@ -1856,28 +1605,6 @@
"type": "gitlab"
}
},
"winapps": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1728108519,
"narHash": "sha256-JnRyiNR1O79n90TPjDBNpqd/Qh6jnP4t92rCgK/s6qU=",
"owner": "CHN-beta",
"repo": "winapps",
"rev": "64478a87a49d6093f4d4f3a281bf0eecd2e6f977",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"ref": "feat-nix-packaging",
"repo": "winapps",
"type": "github"
}
},
"yafas": {
"inputs": {
"flake-schemas": [

158
flake.nix
View File

@@ -37,9 +37,7 @@
};
gricad = { url = "github:Gricad/nur-packages"; flake = false; };
catppuccin.url = "github:catppuccin/nix";
bscpkgs = { url = "git+https://git.chn.moe/chn/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
poetry2nix = { url = "github:CHN-beta/poetry2nix"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:CHN-beta/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
bscpkgs = { url = "git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -63,28 +61,146 @@
kylin-virtual-keyboard = { url = "git+https://gitee.com/openkylin/kylin-virtual-keyboard.git"; flake = false; };
cjktty = { url = "github:CHN-beta/cjktty-patches"; flake = false; };
zxorm = { url = "github:CHN-beta/zxorm"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
sockpp = { url = "github:fpagliughi/sockpp"; flake = false; };
git-lfs-transfer = { url = "github:charmbracelet/git-lfs-transfer"; flake = false; };
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
hextra = { url = "github:imfing/hextra"; flake = false; };
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog.git"; flake = false; };
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
spectroscopy = { url = "github:skelton-group/Phonopy-Spectroscopy"; flake = false; };
fcitx5-virtualkeyboard-ui = { url = "github:CHN-beta/fcitx5-virtualkeyboard-ui"; flake = false; };
# does not support lfs yet
# nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
{
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
overlays.default = final: prev:
{ localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
config = { archive = false; branch = "production"; };
devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
src = import ./flake/src.nix { inherit inputs; };
};
outputs = inputs:
let
localLib = import ./lib.nix inputs.nixpkgs.lib;
devices = builtins.filter (dir: (builtins.readDir ./devices/${dir})."default.nix" or null == "regular" )
(builtins.attrNames (builtins.readDir ./devices));
in
{
packages.x86_64-linux = rec
{
pkgs = (import inputs.nixpkgs
{
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [ inputs.self.overlays.default ];
});
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
(builtins.concatStringsSep "\n" (builtins.map
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
devices));
hpcstat =
let
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
(prev: { doCheck = false; patches = prev.patches ++ [ ./packages/hpcstat/openssh.patch ];});
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
in pkgs.pkgsStatic.localPackages.hpcstat.override
{ inherit openssh duc; standalone = true; version = inputs.self.rev or "dirty"; };
ufo =
let
range-v3 = pkgs.pkgsStatic.range-v3.overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags or []
++ [ "-DRANGE_V3_DOCS=OFF" "-DRANGE_V3_TESTS=OFF" "-DRANGE_V3_EXAMPLES=OFF" ];
doCheck = false;
});
tbb = pkgs.pkgsStatic.tbb_2021_11.overrideAttrs (prev: { cmakeFlags = prev.cmakeFlags or [] ++
[ "-DTBB_TEST=OFF" ]; });
biu = pkgs.pkgsStatic.localPackages.biu.override { inherit range-v3; };
matplotplusplus = pkgs.pkgsStatic.localPackages.matplotplusplus.override { libtiff = null; };
in pkgs.pkgsStatic.localPackages.ufo.override { inherit biu tbb matplotplusplus; };
chn-bsub = pkgs.pkgsStatic.localPackages.chn-bsub;
}
// (builtins.listToAttrs (builtins.map
(system:
{
name = system;
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
})
devices)
);
nixosConfigurations =
(
(builtins.listToAttrs (builtins.map
(system:
{
name = system;
value = inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
(moduleInputs: { config.nixpkgs.overlays = [(prev: final:
# replace pkgs with final to avoid infinite recursion
{ localPackages = import ./packages (moduleInputs // { pkgs = final; }); })]; })
./modules
./devices/${system}
];
};
})
devices))
// {
pi3b = inputs.nixpkgs.lib.nixosSystem
{
system = "aarch64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
(moduleInputs: { config.nixpkgs.overlays = [(prev: final:
# replace pkgs with final to avoid infinite recursion
{ localPackages = import ./packages (moduleInputs // { pkgs = final; }); })]; })
./modules
./devices/pi3b
];
};
}
);
overlays.default = final: prev:
{ localPackages = (import ./packages { inherit (inputs) lib; pkgs = final; topInputs = inputs; }); };
config = { archive = false; branch = "production"; };
devShells.x86_64-linux = let inherit (inputs.self.packages.x86_64-linux) pkgs; in
{
biu = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.biu ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
hpcstat = pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
{
inputsFrom = [ (inputs.self.packages.x86_64-linux.hpcstat.override { version = null; }) ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
sbatch-tui = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.sbatch-tui ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
ufo = pkgs.mkShell
{
inputsFrom = [ (inputs.self.packages.x86_64-linux.ufo.override { version = null; }) ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
chn-bsub = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.chn-bsub ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
winjob =
let inherit (pkgs) clang-tools_18; in let inherit (inputs.self.packages.x86_64-w64-mingw32) pkgs winjob;
in pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
{
inputsFrom = [ winjob ];
packages = [ clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
};
};
}

41
flake/dev.nix
View File

@@ -1,41 +0,0 @@
{ inputs }: let inherit (inputs.self.nixosConfigurations.pc) pkgs; in
{
biu = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.biu ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
hpcstat = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ (pkgs.localPackages.hpcstat.override { version = null; }) ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
sbatch-tui = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.sbatch-tui ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
ufo = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.ufo ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
chn-bsub = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.chn-bsub ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
winjob =
let inherit (pkgs) clang-tools_18; in let inherit (inputs.self.packages.x86_64-w64-mingw32) pkgs winjob;
in pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
{
inputsFrom = [ winjob ];
packages = [ clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
}

51
flake/nixos.nix
View File

@@ -1,51 +0,0 @@
{ inputs, localLib }:
builtins.listToAttrs
(
(builtins.map
(system:
{
name = system;
value = inputs.nixpkgs.lib.nixosSystem
{
system = let arch.pi3b = "aarch64-linux"; in arch.${system} or "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
{
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.system.networking.hostname = system;
};
}
../modules
../devices/${system}
];
};
})
[ "nas" "pc" "pi3b" "surface" "vps4" "vps6" "vps7" "xmupc1" "xmupc2" ])
++ (builtins.map
(node:
{
name = "srv1-${node}";
value = inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
{
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.system.cluster = { clusterName = "srv1"; nodeName = node; };
};
}
../modules
../devices/srv1
../devices/srv1/${node}
];
};
})
[ "node0" "node1" "node2" "node3" ])
)

29
flake/packages.nix
View File

@@ -1,29 +0,0 @@
{ inputs, localLib }: rec
{
pkgs = (import inputs.nixpkgs
{
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [ inputs.self.overlays.default ];
});
hpcstat =
let
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
(prev: { doCheck = false; patches = prev.patches ++ [ ../packages/hpcstat/openssh.patch ];});
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
# pkgsStatic.clangStdenv have a bug
# https://github.com/NixOS/nixpkgs/issues/177129
biu = pkgs.pkgsStatic.localPackages.biu.override { stdenv = pkgs.pkgsStatic.gcc14Stdenv; };
in pkgs.pkgsStatic.localPackages.hpcstat.override
{
inherit openssh duc biu;
standalone = true;
version = inputs.self.rev or "dirty";
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
};
chn-bsub = pkgs.pkgsStatic.localPackages.chn-bsub;
blog = pkgs.callPackage inputs.blog { inherit (inputs) hextra; };
}
// (builtins.listToAttrs (builtins.map
(system: { inherit (system) name; value = system.value.config.system.build.toplevel; })
(localLib.attrsToList inputs.self.outputs.nixosConfigurations)))

2
flake/src.nix
View File

@@ -1,2 +0,0 @@
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
{}

32
flake/lib.nix → lib.nix
View File

@@ -54,36 +54,4 @@ lib: rec
else null
else null)
(attrsToList (builtins.readDir path))));
# replace the value in a nested attrset. example:
# deepReplace
# [ { path = [ "a" "b" 1 ]; value = "new value"; } ]
# { a = { b = [ "old value" "old value" ]; }; }
# => { a = { b = [ "old value" "new value" ]; }; }
deepReplace = pattern: origin:
let replace = { path, value, content }:
if path == [] then
if (builtins.typeOf value) == "lambda" then value content
else value
else let currentPath = builtins.head path; nextPath = builtins.tail path; in
if (builtins.typeOf currentPath) == "string" then
if (builtins.typeOf content) != "set" then builtins.throw "content should be a set"
else builtins.mapAttrs
(n: v: if n == currentPath then replace { path = nextPath; inherit value; content = v; } else v) content
else if (builtins.typeOf currentPath) == "int" then
if (builtins.typeOf content) != "list" then builtins.throw "content should be a list"
else lib.imap0
(i: v: if i == currentPath then replace { path = nextPath; inherit value; content = v; } else v) content
else if (builtins.typeOf currentPath) != "lambda" then throw "path should be a lambda"
else
if (builtins.typeOf content) == "list" then builtins.map
(v: if currentPath v then replace { path = nextPath; inherit value; content = v; } else v) content
else if (builtins.typeOf content) == "set" then builtins.listToAttrs (builtins.map
(v: if currentPath v then replace { path = nextPath; inherit value; content = v; } else v)
(attrsToList content))
else throw "content should be a list or a set.";
in
if (builtins.typeOf pattern) != "list" then throw "pattern should be a list"
else if pattern == [] then origin
else deepReplace (builtins.tail pattern) (replace ((builtins.head pattern) // { content = origin; }));
}

3
modules/bugs/default.nix
View File

@@ -40,9 +40,6 @@ inputs:
amdpstate.boot.kernelParams = [ "amd_pstate=active" ];
hibernate-mt7921e.powerManagement.resumeCommands =
let modprobe = "${inputs.pkgs.kmod}/bin/modprobe"; in "${modprobe} -r -w 3000 mt7921e && ${modprobe} mt7921e";
# could not use bt keyboard
# https://github.com/bluez/bluez/issues/745
bluetooth.hardware.bluetooth.settings.General.JustWorksRepairing = "always";
};
in
{

1
modules/default.nix
View File

@@ -25,7 +25,6 @@ inputs:
topInputs.qchem.overlays.default
topInputs.aagl.overlays.default
topInputs.bscpkgs.overlays.default
topInputs.poetry2nix.overlays.default
(final: prev:
{
nix-vscode-extensions = topInputs.nix-vscode-extensions.extensions."${prev.system}";

2
modules/hardware/default.nix
View File

@@ -28,8 +28,6 @@ inputs:
{
enable = true;
drivers = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.arch == "x86_64") [ inputs.pkgs.cnijfilter2 ];
# TODO: remove in next update
browsed.enable = false;
};
avahi = { enable = true; nssmdns4 = true; openFirewall = true; };
};

2
modules/hardware/gpu.nix
View File

@@ -101,8 +101,8 @@ inputs:
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =
{
opencl.enable = true;
initrd.enable = true; # needed for waydroid
legacySupport.enable = true;
initrd.enable = true;
amdvlk = { enable = true; support32Bit.enable = true; supportExperimental.enable = true; };
};}
)

16
modules/packages/default.nix
View File

@@ -24,9 +24,19 @@ inputs:
excludePythonPackages))
(builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages)
(_pythonPackages ++ extraPythonPackages)))))
(inputs.pkgs.writeTextDir "share/prebuild-packages"
(builtins.concatStringsSep "\n" (builtins.map builtins.toString
(inputs.lib.lists.subtractLists excludePrebuildPackages (_prebuildPackages ++ extraPrebuildPackages)))))
(inputs.pkgs.callPackage ({ stdenv }: stdenv.mkDerivation
{
name = "prebuild-packages";
propagateBuildInputs = inputs.lib.lists.subtractLists excludePrebuildPackages
(_prebuildPackages ++ extraPrebuildPackages);
phases = [ "installPhase" ];
installPhase =
''
runHook preInstall
mkdir -p $out
runHook postInstall
'';
}) {})
];
};
}

50
modules/packages/desktop/default.nix
View File

@@ -16,7 +16,7 @@ inputs:
# system management
# TODO: module should add yubikey-touch-detector into path
gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror # inputs.pkgs."pkgs-23.11".etcher
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x inputs.pkgs."pkgs-23.11".etcher wl-mirror
(
writeShellScriptBin "xclip"
''
@@ -38,7 +38,6 @@ inputs:
# themes
catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
(catppuccin-kde.override { flavour = [ "latte" ]; }) (catppuccin-kvantum.override { variant = "latte"; })
klassy
localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
# terminal
warp-terminal
@@ -62,65 +61,46 @@ inputs:
nix-template nil pnpm-lock-export bundix
# instant messager
element-desktop telegram-desktop discord fluffychat zoom-us signal-desktop slack nur-linyinfeng.wemeet
nheko # qq nur-xddxdd.wechat-uos TODO: cinny-desktop
cinny-desktop nheko # qq nur-xddxdd.wechat-uos
# browser
google-chrome tor-browser microsoft-edge
# office
crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk pdfchain hdfview
davinci-resolve texliveFull
# matplot++ needs old gnuplot
inputs.pkgs."pkgs-23.11".gnuplot
crow-translate zotero pandoc ydict libreoffice-qt texstudio poppler_utils pdftk gnuplot pdfchain hdfview
davinci-resolve
texliveFull
# math, physics and chemistry
octaveFull root ovito localPackages.vesta localPackages.v-sim
(mathematica.overrideAttrs (prev: { postInstall = (prev.postInstall or "") + "ln -s ${prev.src} $out/src"; }))
(quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14; }) jmol mpi localPackages.ufo
octaveFull root ovito localPackages.vesta localPackages.vaspkit localPackages.v-sim
(mathematica.overrideAttrs (prev: { postInstall = prev.postInstall or "" + "ln -s ${src} $out/src"; }))
(quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14; }) jmol mpi
# virtualization
wineWowPackages.stagingFull virt-viewer bottles genymotion playonlinux
# TODO: broken on python 3.12: playonlinux
wineWowPackages.stagingFull virt-viewer bottles genymotion
# media
nur-xddxdd.svp
# for kdenlive auto subtitle
openai-whisper
]
++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" "kalzium" ])))
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
# TODO: fix it
# ++ inputs.lib.optional (inputs.config.nixos.system.nixpkgs.march != null) localPackages.mumax;
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy scipy scikit-learn jupyterlab autograd # localPackages.pix2tex
# TODO: broken on python 3.12 tensorflow keras
# for phonopy
inputs.pkgs.localPackages.spectroscopy numpy
# TODO: broken on python 3.12: tensorflow keras
])];
};
user.sharedModules =
[{
config.programs =
{
plasma =
plasma =
{
enable = true;
configFile =
{
plasma-localerc = { Formats.LANG.value = "en_US.UTF-8"; Translations.LANGUAGE.value = "zh_CN"; };
baloofilerc."Basic Settings".Indexing-Enabled.value = false;
plasmarc.Wallpapers.usersWallpapers.value =
let
inherit (inputs.topInputs) nixos-wallpaper;
isPicture = f: builtins.elem (inputs.lib.last (inputs.lib.splitString "." f))
[ "png" "jpg" "jpeg" "webp" ];
in builtins.concatStringsSep "," (builtins.map (f: "${nixos-wallpaper}/${f.name}")
(builtins.filter (f: (isPicture f.name) && (f.value == "regular"))
(inputs.localLib.attrsToList (builtins.readDir nixos-wallpaper))));
};
powerdevil =
let config =
{
autoSuspend.action = "nothing";
dimDisplay.enable = false;
powerButtonAction = "turnOffScreen";
turnOffDisplay.idleTimeout = "never";
whenLaptopLidClosed = "turnOffScreen";
};
in { AC = config; battery = config; lowBattery = config; };
powerdevil = { AC.autoSuspend.action = "nothing"; battery.autoSuspend.action = "nothing"; };
};
obs-studio =
{

50
modules/packages/firefox.nix
View File

@@ -12,55 +12,7 @@ inputs:
{
enable = true;
languagePacks = [ "zh-CN" "en-US" ];
nativeMessagingHosts.packages = with inputs.pkgs; [ uget-integrator firefoxpwa ];
};
nixos =
{
packages.packages._packages = [ inputs.pkgs.firefoxpwa ];
user.sharedModules =
[{
config =
{
programs.firefox =
{
enable = true;
nativeMessagingHosts = with inputs.pkgs;
[ kdePackages.plasma-browser-integration uget-integrator firefoxpwa ];
# TODO: use fixed-version of plugins
policies.DefaultDownloadDirectory = "\${home}/Downloads";
profiles.default =
{
extensions = with inputs.pkgs.firefox-addons;
[
tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
metamask pakkujs switchyomega rsshub-radar rsspreview tabliss tree-style-tab ublock-origin wallabagger
wappalyzer grammarly plasma-integration zotero-connector pwas-for-firefox smartproxy kiss-translator
];
search = { default = "Google"; force = true; };
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";
extraConfig = builtins.readFile "${inputs.topInputs.lepton}/user.js";
settings =
{
# general
"browser.search.region" = "CN";
"intl.locale.requested" = "zh-CN,en-US";
"browser.aboutConfig.showWarning" = false;
"browser.bookmarks.showMobileBookmarks" = true;
"browser.download.panel.shown" = true;
"browser.download.useDownloadDir" = true;
"browser.newtab.extensionControlled" = true;
"browser.toolbars.bookmarks.visibility" = "never";
# allow to apply userChrome.css
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
# automatically enable extensions
"extensions.autoDisableScopes" = 0;
};
};
};
home.file.".mozilla/firefox/profiles.ini".force = true;
};
}];
nativeMessagingHosts.packages = with inputs.pkgs; [ uget-integrator ];
};
};
}

25
modules/packages/lammps.nix
View File

@@ -1,25 +0,0 @@
inputs:
{
options.nixos.packages.lammps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
};
config = let inherit (inputs.config.nixos.packages) lammps; in inputs.lib.mkIf (lammps != null)
{
nixos.packages.packages._packages =
let cuda = let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null;
in
if cuda then [((inputs.pkgs.lammps-mpi.override { stdenv = inputs.pkgs.cudaPackages.backendStdenv; })
.overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags ++ inputs.lib.optionals cuda
[
"-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD"
];
nativeBuildInputs = prev.nativeBuildInputs ++ inputs.lib.optionals cuda
[ inputs.pkgs.cudaPackages.cudatoolkit ];
}))]
else [ inputs.pkgs.lammps-mpi ];
};
}

16
modules/packages/mumax.nix
View File

@@ -1,16 +0,0 @@
inputs:
{
options.nixos.packages.mumax = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default =
if inputs.config.nixos.system.gui.enable
&& (let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
then {}
else null;
};
config = let inherit (inputs.config.nixos.packages) mumax; in inputs.lib.mkIf (mumax != null)
{
nixos.packages.packages._packages = [ inputs.pkgs.localPackages.mumax ];
};
}

51
modules/packages/nushell.nix
View File

@@ -1,51 +0,0 @@
inputs:
{
options.nixos.packages.nushell = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = {};
};
config = let inherit (inputs.config.nixos.packages) nushell; in inputs.lib.mkIf (nushell != null)
{
nixos =
{
packages.packages._packages = [ inputs.pkgs.nushell ];
user.sharedModules =
[{
config.programs =
{
nushell =
{
enable = true;
extraConfig =
''
source ${inputs.topInputs.nu-scripts}/aliases/git/git-aliases.nu
$env.PATH = ($env.PATH | split row (char esep) | append "~/bin")
'';
};
carapace.enable = true;
oh-my-posh =
{
enable = true;
enableZshIntegration = false;
settings = inputs.localLib.deepReplace
[
{
path = [ "blocks" 0 "segments" (v: v.type or "" == "path") "properties" "style" ];
value = "powerlevel";
}
{
path = [ "blocks" 0 "segments" (v: v.type or "" == "executiontime") "template" ];
value = v: builtins.replaceStrings [ "" ] [ " " ] v;
}
]
(builtins.fromJSON (builtins.readFile
"${inputs.pkgs.oh-my-posh}/share/oh-my-posh/themes/atomic.omp.json"));
};
zoxide.enable = true;
direnv.enable = true;
};
}];
};
};
}

20
modules/packages/server.nix
View File

@@ -10,7 +10,7 @@ inputs:
[
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij ipfetch localPackages.pslist
fastfetch reptyr duc ncdu progress libva-utils ksh neofetch
fastfetch reptyr nushell duc ncdu progress libva-utils ksh neofetch
# lsxx
pciutils usbutils lshw util-linux lsof dmidecode lm_sensors
# top
@@ -26,7 +26,7 @@ inputs:
# file system management
sshfs e2fsprogs duperemove compsize exfatprogs
# disk management
smartmontools hdparm megacli gptfdisk
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
@@ -34,7 +34,7 @@ inputs:
# nix tools
nix-output-monitor nix-tree ssh-to-age (callPackage "${inputs.topInputs.nix-fast-build}" {}) nix-inspect
# development
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init
# stupid things
toilet lolcat
# office
@@ -44,10 +44,8 @@ inputs:
++ (inputs.lib.optional (inputs.config.nixos.system.nixpkgs.arch == "x86_64") rar);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
openai python-telegram-bot fastapi-cli pypdf2 pandas matplotlib plotly gunicorn redis jinja2
openai python-telegram-bot fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2 inquirerpy requests tqdm pydbus
# for vasp plot-workfunc.py
ase
])];
};
programs =
@@ -63,16 +61,8 @@ inputs:
services =
{
udev.packages = with inputs.pkgs; [ yubikey-personalization libfido2 ];
fwupd =
{
enable = true;
# allow fwupd install firmware from any source (e.g. manually extracted from msi)
daemonSettings.OnlyTrusted = false;
};
fwupd.enable = true;
};
home-manager = { useGlobalPkgs = true; useUserPackages = true; };
# allow everyone run compsize
security.wrappers.compsize =
{ setuid = true; owner = "root"; group = "root"; source = "${inputs.pkgs.compsize}/bin/compsize"; };
};
}

31
modules/packages/ssh.nix
View File

@@ -30,12 +30,12 @@ inputs:
vps7 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
hostnames = [ "vps7.chn.moe" "wireguard.vps7.chn.moe" "ssh.git.chn.moe" "144.126.144.62" "192.168.83.2" ];
hostnames = [ "vps7.chn.moe" "wireguard.vps7.chn.moe" "ssh.git.chn.moe" "95.111.228.40" "192.168.83.2" ];
};
"initrd.vps7" =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
hostnames = [ "initrd.vps7.chn.moe" "144.126.144.62" ];
hostnames = [ "initrd.vps7.chn.moe" "95.111.228.40" ];
};
nas =
{
@@ -77,26 +77,6 @@ inputs:
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
hostnames = [ "[xmupc2.chn.moe]:6394" "wireguard.xmupc2.chn.moe" "192.168.83.7" ];
};
srv1-node0 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs";
hostnames = [ "srv1.chn.moe" "node0.srv1.chn.moe" "wireguard.node0.srv1.chn.moe" ];
};
srv1-node1 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIIFmG/ZzLDm23NeYa3SSI0a0uEyQWRFkaNRE9nB8egl7";
hostnames = [ "192.168.178.2" ];
};
srv1-node2 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIDhgEApzHhVPDvdVFPRuJ/zCDiR1K+rD4sZzH77imKPE";
hostnames = [ "192.168.178.3" ];
};
srv1-node3 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIO/4xbQNz6KNcEdjtBMGY8wUoFK1sCgamKl/r+kVjd7O";
hostnames = [ "192.168.178.4" ];
};
};
in builtins.listToAttrs (builtins.map
(server:
@@ -132,7 +112,7 @@ inputs:
[ "vps4" "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" ])
++ (builtins.map
(host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; }; })
[ "wireguard.pc" "wireguard.surface" "wireguard.xmupc1" "wireguard.xmupc2" "srv1" "wireguard.srv1" ])
[ "wireguard.pc" "wireguard.surface" "wireguard.xmupc1" "wireguard.xmupc2" ])
++ (builtins.map
(host:
{
@@ -162,10 +142,7 @@ inputs:
forwardAgent = true;
extraOptions.AddKeysToAgent = "yes";
};
"wireguard.jykang" = jykang // { host = "wireguard.jykang"; proxyJump = "wireguard.xmupc1"; };
srv1-node1 = { host = "srv1-node1"; hostname = "192.168.178.2"; proxyJump = "srv1"; };
srv1-node2 = { host = "srv1-node2"; hostname = "192.168.178.3"; proxyJump = "srv1"; };
srv1-node3 = { host = "srv1-node3"; hostname = "192.168.178.4"; proxyJump = "srv1"; };
"wireguard.jykang" = jykang // { host = "internal.jykang"; proxyJump = "wireguard.xmupc1"; };
};
};
})];

9
modules/packages/vasp.nix
View File

@@ -8,12 +8,7 @@ inputs:
# TODO: add more options to correctly configure VASP
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
{
nixos.packages.packages._packages = with inputs.pkgs;
(
[ localPackages.vasp.intel localPackages.vasp.vtstscripts localPackages.py4vasp localPackages.vaspkit ]
++ (inputs.lib.optional
(let inherit (inputs.config.nixos.system.nixpkgs) cuda; in cuda.enable && cuda.capabilities != null)
localPackages.vasp.nvidia)
);
nixos.packages.packages._packages = inputs.lib.optionals (inputs.config.nixos.system.nixpkgs.march != null)
(with inputs.pkgs.localPackages.vasp; [ intel nvidia vtstscripts ]);
};
}

45
modules/packages/vscode.nix
View File

@@ -26,34 +26,53 @@ inputs:
++ (builtins.attrNames vscode-extensions)
)));
in with extensions;
(with github; [ copilot github-vscode-theme ])
++ (with intellsmi; [ comment-translate ])
++ (with ms-vscode; [ cmake-tools cpptools cpptools-extension-pack hexeditor remote-explorer ])
++ (with ms-vscode-remote; [ remote-ssh ])
(with equinusocio; [ vsc-material-theme vsc-material-theme-icons ])
++ (with github; [ copilot copilot-chat github-vscode-theme ])
++ (with intellsmi; [ comment-translate deepl-translate ])
++ (with ms-python; [ isort python vscode-pylance ])
++ (with ms-toolsai;
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
])
++ (with ms-vscode;
[
(cmake-tools.overrideAttrs { sourceRoot = "extension"; }) cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
test-adapter-converter
])
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
++ [
donjayamanne.githistory fabiospampinato.vscode-diff
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference thfriedrich.lammps leetcode.vscode-leetcode # znck.grammarly
james-yu.latex-workshop bbenoist.nix jnoortheen.nix-ide ccls-project.ccls
brettm12345.nixfmt-vscode
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug
hbenl.vscode-test-explorer
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode webfreak.debug
gruntfuggly.todo-tree
# restrctured text
lextudio.restructuredtext trond-snekvik.simple-rst swyddfa.esbonio chrisjsewell.myst-tml-syntax
lextudio.restructuredtext trond-snekvik.simple-rst
# markdown
yzhang.markdown-all-in-one shd101wyy.markdown-preview-enhanced
shd101wyy.markdown-preview-enhanced
# vasp
mystery.vasp-support
yutengjing.open-in-external-app
# ChatGPT-like plugin
codeium.codeium
# git graph
mhutchie.git-graph
# python
ms-python.python
# theme
pkief.material-icon-theme
];
}
)];
_pythonPackages = [(pythonPackages: with pythonPackages;
[
# required by vscode extensions restrucuredtext
localPackages.esbonio
])];
};
};
}

47
modules/packages/winapps/default.nix
View File

@@ -1,47 +0,0 @@
inputs:
{
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.system.gui.enable then {} else null;
};
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
{
nixos.packages.packages._packages =
[
(inputs.pkgs.callPackage "${inputs.topInputs.winapps}/packages/winapps" {})
(inputs.pkgs.runCommand "winapps-windows" {}
''
mkdir -p $out/share/applications
cp ${inputs.pkgs.substituteAll { src = ./windows.desktop; path = inputs.topInputs.winapps; }} \
$out/share/applications/windows.desktop
'')
]
++ builtins.map
(p: inputs.pkgs.runCommand "winapps-${p}" {}
''
mkdir -p $out/share/applications
source ${inputs.topInputs.winapps}/apps/${p}/info
# replace \ with \\
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/\\/\\\\/g')
# replace space with \s
WIN_EXECUTABLE=$(echo $WIN_EXECUTABLE | sed 's/ /\\s/g')
cat > $out/share/applications/${p}.desktop << EOF
[Desktop Entry]
Name=$NAME
Exec=winapps manual "$WIN_EXECUTABLE" %F
Terminal=false
Type=Application
Icon=${inputs.topInputs.winapps}/apps/${p}/icon.svg
StartupWMClass=$FULL_NAME
Comment=$FULL_NAME
Categories=$CATEGORIES
MimeType=$MIME_TYPES
EOF
'')
[
"access-o365" "acrobat-x-pro" "cmd" "excel-o365" "explorer" "illustrator-cc" "powerpoint-o365"
"visual-studio-comm" "word-o365"
];
};
}

9
modules/packages/winapps/windows.desktop
View File

@@ -1,9 +0,0 @@
[Desktop Entry]
Name=Windows
Exec=winapps windows %F
Terminal=false
Type=Application
Icon=@path@/icons/windows.svg
StartupWMClass=Micorosoft Windows
Comment=Micorosoft Windows
Categories=Windows

12
modules/services/chatgpt.nix
View File

@@ -34,11 +34,15 @@ inputs:
'';
secrets."chatgpt/key" = {};
};
nixos.services.nginx =
nixos =
{
enable = true;
https."${chatgpt.hostname}".location."/".proxy =
{ upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; };
services.nginx =
{
enable = true;
https."${chatgpt.hostname}".location."/".proxy =
{ upstream = "http://127.0.0.1:6184"; detectAuth.users = [ "chat" ]; };
};
virtualization.docker.enable = true;
};
};
}

18
modules/services/default.nix
View File

@@ -3,6 +3,7 @@ inputs:
imports = inputs.localLib.findModules ./.;
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
smartd.enable = mkOption { type = types.bool; default = false; };
wallabag.enable = mkOption { type = types.bool; default = false; };
noisetorch.enable = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
@@ -15,6 +16,7 @@ inputs:
inherit (builtins) map listToAttrs toString;
in mkMerge
[
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
(mkIf services.smartd.enable { services.smartd.enable = true; })
(
mkIf services.wallabag.enable
@@ -59,15 +61,19 @@ inputs:
# SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
secrets."mail/bot-encoded" = {};
};
nixos.services =
nixos =
{
nginx =
services =
{
enable = true;
https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
nginx =
{
enable = true;
https."wallabag.chn.moe".location."/".proxy.upstream = "http://127.0.0.1:4398";
};
postgresql.instances.wallabag = {};
redis.instances.wallabag = { user = "root"; port = 8790; };
};
postgresql.instances.wallabag = {};
redis.instances.wallabag = { user = "root"; port = 8790; };
virtualization.docker.enable = true;
};
}
)

38
modules/services/docker.nix
View File

@@ -1,38 +0,0 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkMerge
[
(
inputs.lib.mkIf (docker != null)
{
# system-wide docker is not needed
# virtualisation.docker.enable = true;
virtualisation.docker.rootless =
{
enable = true;
setSocketVariable = true;
daemon.settings =
{
features.buildkit = true;
# dns 127.0.0.1 make docker not work
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
};
};
}
)
# some docker settings should be set unconditionally, as some services depend on them
{
virtualisation.docker =
{
enableNvidia = inputs.lib.mkIf inputs.config.nixos.system.nixpkgs.cuda.enable true;
# prevent create btrfs subvol
storageDriver = "overlay2";
daemon.settings.dns = [ "1.1.1.1" ];
};
}
];
}

1
modules/services/gitea.nix
View File

@@ -43,7 +43,6 @@ inputs:
SMTP_PORT = 465;
USER = "bot@chn.moe";
};
service.REGISTER_MANUAL_CONFIRM = true;
};
};
nixos.services =

6
modules/services/groupshare.nix
View File

@@ -4,11 +4,7 @@ inputs:
{
type = types.nullOr (types.submodule { options =
{
users = mkOption
{
type = types.listOf types.nonEmptyStr;
default = [ "chn" "gb" "xll" "yjq" "zem" "gb" "wp" "hjp" ];
};
users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" "gb" "xll" "yjq" "zem" ]; };
};});
default = null;
};

1
modules/services/huginn.nix
View File

@@ -60,6 +60,7 @@ inputs:
};
mariadb.instances.huginn = {};
};
virtualization.docker.enable = true;
};
};
}

29
modules/services/nfs.nix
View File

@@ -1,29 +0,0 @@
inputs:
{
options.nixos.services.nfs = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
root = mkOption { type = types.nonEmptyStr; };
exports = mkOption { type = types.listOf types.nonEmptyStr; };
accessLimit = mkOption { type = types.nonEmptyStr; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) nfs; in inputs.lib.mkIf (nfs != null)
{
services =
{
rpcbind.enable = true;
nfs.server =
{
enable = true;
exports = "${nfs.root} ${nfs.accessLimit}(rw,no_root_squash,fsid=0,sync,crossmnt)\n"
+ builtins.concatStringsSep "\n" (builtins.map
(export: "${export} ${nfs.accessLimit}(rw,no_root_squash,sync,crossmnt)")
nfs.exports);
};
};
networking.firewall.allowedTCPPorts = [ 2049 ];
};
}

14
modules/services/nginx/applications/blog.nix
View File

@@ -1,13 +1,17 @@
inputs:
{
options.nixos.services.nginx.applications.blog = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.services.nginx.applications.blog = let inherit (inputs.lib) mkOption types; in
{
type = types.nullOr (types.submodule {});
default = null;
enable = mkOption { type = types.bool; default = false; };
};
config = let inherit (inputs.config.nixos.services.nginx.applications) blog; in inputs.lib.mkIf (blog != null)
config =
let
inherit (inputs.config.nixos.services.nginx.applications) blog;
inherit (inputs.lib) mkIf;
in mkIf blog.enable
{
nixos.services.nginx.https."blog.chn.moe".location."/".static =
{ root = builtins.toString inputs.topInputs.self.packages.x86_64-linux.blog; index = [ "index.html" ]; };
{ root = "/srv/blog"; index = [ "index.html" ]; };
systemd.tmpfiles.rules = [ "d /srv/blog 0700 nginx nginx" "Z /srv/blog - nginx nginx" ];
};
}

3
modules/services/nginx/default.nix
View File

@@ -247,9 +247,6 @@ inputs:
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
send_timeout 1d;
# nginx will try to redirect https://blog.chn.moe/docs to https://blog.chn.moe:3068/docs/ in default
# this make it redirect to /docs/ without hostname
absolute_redirect off;
'';
proxyTimeout = "1d";
recommendedZstdSettings = true;

3
modules/services/ollama.nix
View File

@@ -11,6 +11,7 @@ inputs:
{ enable = true; package = inputs.pkgs.genericPackages.open-webui; environment.WEBUI_AUTH = "False"; };
nextjs-ollama-llm-ui.enable = true;
};
nixos.packages.packages._packages = [ inputs.pkgs.oterm ];
# TODO: broken in python 3.12
# nixos.packages._packages = [ inputs.pkgs.oterm ];
};
}

65
modules/services/peertube.nix
View File

@@ -1,65 +0,0 @@
inputs:
{
options.nixos.services.peertube = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "peertube.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) peertube; in inputs.lib.mkIf (peertube != null)
{
services.peertube =
{
enable = true;
localDomain = peertube.hostname;
listenHttp = 5046;
listenWeb = 443;
enableWebHttps = true;
serviceEnvironmentFile = inputs.config.sops.templates."peertube/env".path;
secrets.secretsFile = inputs.config.sops.secrets."peertube/secrets".path;
configureNginx = true;
database =
{
createLocally = true;
host = "127.0.0.1";
passwordFile = inputs.config.sops.secrets."peertube/postgresql".path;
};
redis =
{
host = "127.0.0.1";
port = 7599;
passwordFile = inputs.config.sops.secrets."redis/peertube".path;
};
smtp.passwordFile = inputs.config.sops.secrets."peertube/smtp".path;
settings.smtp =
{
host = "mail.chn.moe";
username = "bot@chn.moe";
from_address = "bot@chn.moe";
};
};
sops =
{
templates."peertube/env".content =
''
PT_INITIAL_ROOT_PASSWORD=${inputs.config.sops.placeholder."peertube/password"}
'';
secrets =
{
"peertube/postgresql" = { owner = inputs.config.services.peertube.user; key = "postgresql/peertube"; };
"peertube/password" = {};
"peertube/secrets".owner = inputs.config.services.peertube.user;
"peertube/smtp" = { owner = inputs.config.services.peertube.user; key = "mail/bot"; };
};
};
nixos.services =
{
nginx = { enable = true; https.${peertube.hostname}.global.configName = peertube.hostname; };
postgresql.instances.peertube = {};
redis.instances.peertube.port = 7599;
};
systemd.services.peertube.after = [ "redis-peertube.service" ];
};
}

2
modules/services/postgresql.nix
View File

@@ -28,7 +28,7 @@ inputs:
settings =
{
unix_socket_permissions = "0700";
shared_buffers = "512MB";
shared_buffers = "8192MB";
work_mem = "512MB";
autovacuum = "on";
};

37
modules/services/rsshub.nix
View File

@@ -13,27 +13,22 @@ inputs:
inherit (builtins) map listToAttrs toString;
in mkIf rsshub.enable
{
systemd =
systemd.services.rsshub =
{
services.rsshub =
description = "rsshub";
after = [ "network.target" "redis-rsshub.service" ];
requires = [ "redis-rsshub.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
description = "rsshub";
after = [ "network.target" "redis-rsshub.service" ];
requires = [ "redis-rsshub.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
User = inputs.config.users.users.rsshub.name;
Group = inputs.config.users.users.rsshub.group;
EnvironmentFile = inputs.config.sops.templates."rsshub/env".path;
WorkingDirectory = "${inputs.pkgs.localPackages.rsshub}";
ExecStart = "${inputs.pkgs.localPackages.rsshub}/bin/rsshub";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
restartTriggers = [ inputs.config.sops.templates."rsshub/env".content ];
User = inputs.config.users.users.rsshub.name;
Group = inputs.config.users.users.rsshub.group;
EnvironmentFile = inputs.config.sops.templates."rsshub/env".path;
WorkingDirectory = "${inputs.pkgs.localPackages.rsshub}";
ExecStart = "${inputs.pkgs.localPackages.rsshub}/bin/rsshub";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
tmpfiles.rules = [ "d /var/cache/rsshub 0700 rsshub rsshub" ];
};
sops =
{
@@ -51,17 +46,11 @@ inputs:
YOUTUBE_CLIENT_ID='${placeholder."rsshub/youtube-client-id"}'
YOUTUBE_CLIENT_SECRET='${placeholder."rsshub/youtube-client-secret"}'
YOUTUBE_REFRESH_TOKEN='${placeholder."rsshub/youtube-refresh-token"}'
TWITTER_AUTH_TOKEN='${placeholder."rsshub/twitter-auth-token"}'
XDG_CONFIG_HOME='/var/cache/rsshub/chromium'
XDG_CACHE_HOME='/var/cache/rsshub/chromium'
BILIBILI_COOKIE_data0='${placeholder."rsshub/bilibili-cookie"}'
'';
secrets = (listToAttrs (map (secret: { name = "rsshub/${secret}"; value = {}; })
[
"pixiv-refreshtoken"
"youtube-key" "youtube-client-id" "youtube-client-secret" "youtube-refresh-token"
"twitter-auth-token"
"bilibili-cookie"
]));
};
users =

14
modules/services/send.nix
View File

@@ -38,14 +38,18 @@ inputs:
REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/send"}
'';
};
nixos.services =
nixos =
{
nginx =
services =
{
enable = true;
https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; };
nginx =
{
enable = true;
https."${send.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:1443"; websocket = true; };
};
redis.instances.send = { user = "root"; port = 9184; };
};
redis.instances.send = { user = "root"; port = 9184; };
virtualization.docker.enable = true;
};
};
}

293
modules/services/slurm.nix
View File

@@ -3,167 +3,32 @@ inputs:
options.nixos.services.slurm = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
# 本机是否为控制节点,如果不是,填写控制节点的主机名
master = mkOption { type = types.nonEmptyStr; default = inputs.config.nixos.system.networking.hostname; };
node = mkOption { type = types.attrsOf (types.submodule (submoduleInputs: { options =
cpu =
{
# slurm 中使用的节点名称
name = mkOption { type = types.nonEmptyStr; };
address = mkOption { type = types.nonEmptyStr; };
cpu =
{
sockets = mkOption { type = types.ints.unsigned; default = 1; };
cores = mkOption { type = types.ints.unsigned; default = 1; };
threads = mkOption { type = types.ints.unsigned; default = 1; };
mpiThreads = mkOption { type = types.ints.unsigned; default = 1; };
openmpThreads = mkOption { type = types.ints.unsigned; default = 1; };
};
memoryMB = mkOption { type = types.ints.unsigned; default = 1024; };
gpus = mkOption { type = types.nullOr (types.attrsOf types.ints.unsigned); default = null; };
};}));};
partitions = mkOption { type = types.attrsOf (types.listOf types.nonEmptyStr); default = {}; };
defaultPartition = mkOption { type = types.nonEmptyStr; default = "localhost"; };
tui =
{
cpuMpiThreads = mkOption { type = types.ints.unsigned; default = 1; };
cpuOpenmpThreads = mkOption { type = types.ints.unsigned; default = 1; };
gpus = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
sockets = mkOption { type = types.ints.unsigned; default = 1; };
cores = mkOption { type = types.ints.unsigned; };
threads = mkOption { type = types.ints.unsigned; default = 1; };
mpiThreads = mkOption { type = types.ints.unsigned; default = 1; };
openmpThreads = mkOption { type = types.ints.unsigned; default = 1; };
};
# 是否打开防火墙相应端口,对于多节点部署需要打开
setupFirewall = mkOption { type = types.bool; default = false; };
memoryMB = mkOption { type = types.ints.unsigned; };
gpus = mkOption { type = types.attrsOf types.ints.unsigned; };
};
config = let inherit (inputs.config.nixos.services) slurm; in inputs.lib.mkIf slurm.enable (inputs.lib.mkMerge
[
# worker 配置
config = let inherit (inputs.config.nixos.services) slurm; in inputs.lib.mkIf slurm.enable
{
services =
{
services =
{
slurm =
{
package = (inputs.pkgs.slurm.override { enableGtk2 = true; }).overrideAttrs
(prev:
let
inherit (inputs.config.nixos.system.nixpkgs) cuda;
inherit (inputs.pkgs.cudaPackages) cuda_nvml_dev;
additionalInputs = inputs.lib.optionals cuda.enable [ cuda_nvml_dev cuda_nvml_dev.lib ];
additionalFlags = inputs.lib.optional cuda.enable "-L${cuda_nvml_dev.lib}/lib/stubs";
in
{
buildInputs = prev.buildInputs or [] ++ additionalInputs;
LDFLAGS = prev.LDFLAGS or [] ++ additionalFlags;
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.wrapGAppsHook ];
postInstall =
''
pushd contribs/pmi2
make install
popd
pushd contribs/pmi
make install
popd
'' + prev.postInstall;
}
);
client.enable = true;
nodeName = builtins.map
(node:
let gpuString =
if node.value.gpus == null then ""
else "Gres=" + builtins.concatStringsSep "," (builtins.map
(gpu: "gpu:${gpu.name}:${builtins.toString gpu.value}")
(inputs.lib.attrsToList node.value.gpus));
in builtins.concatStringsSep " "
[
node.value.name
"NodeHostname=${node.name}"
"NodeAddr=${node.value.address}"
"RealMemory=${builtins.toString node.value.memoryMB}"
"Sockets=${builtins.toString node.value.cpu.sockets}"
"CoresPerSocket=${builtins.toString node.value.cpu.cores}"
"ThreadsPerCore=${builtins.toString node.value.cpu.threads}"
"${gpuString}"
"State=UNKNOWN"
])
(inputs.localLib.attrsToList slurm.node);
partitionName = builtins.map
(partition:
let nodes = builtins.concatStringsSep "," partition.value;
in builtins.concatStringsSep " "
[
partition.name
"Nodes=${builtins.concatStringsSep "," (builtins.map (n: slurm.node.${n}.name) partition.value)}"
"Default=${if partition.name == slurm.defaultPartition then "YES" else "NO"}"
"MaxTime=INFINITE"
"State=UP"
])
(inputs.localLib.attrsToList slurm.partitions);
procTrackType = "proctrack/cgroup";
controlMachine = slurm.master;
controlAddr = slurm.node.${slurm.master}.address;
extraConfig =
''
SelectType=select/cons_tres
SelectTypeParameters=CR_Core
GresTypes=gpu
DefCpuPerGPU=1
TaskProlog=${inputs.pkgs.writeShellScript "set_env" "echo export CUDA_DEVICE_ORDER=PCI_BUS_ID"}
AccountingStorageType=accounting_storage/slurmdbd
AccountingStorageHost=localhost
AccountingStoreFlags=job_comment,job_env,job_extra,job_script
JobCompType=jobcomp/filetxt
JobCompLoc=/var/log/slurmctld/jobcomp.log
SchedulerParameters=enable_user_top
SlurmdDebug=debug2
DebugFlags=NO_CONF_HASH
# automatically resume node after drain
ReturnToService=2
# enable task plugins
TaskPlugin=task/affinity,task/cgroup
'';
extraConfigPaths =
let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
in inputs.lib.mkIf (gpus != null)
(
let gpuString = builtins.concatStringsSep "\n" (builtins.map
(gpu: "Name=gpu Type=${gpu.name} Count=${builtins.toString gpu.value}")
(inputs.localLib.attrsToList gpus));
in [(inputs.pkgs.writeTextDir "gres.conf" "AutoDetect=nvml\n${gpuString}")]
);
};
munge = { enable = true; password = inputs.config.sops.secrets."munge.key".path; };
};
systemd =
{
services.slurmd.environment =
let gpus = slurm.node.${inputs.config.nixos.system.networking.hostname}.gpus or null;
in inputs.lib.mkIf (gpus != null)
{
CUDA_PATH = "${inputs.pkgs.cudatoolkit}";
LD_LIBRARY_PATH = "${inputs.config.hardware.nvidia.package}/lib";
};
};
sops.secrets."munge.key" =
{
format = "binary";
sopsFile = "${builtins.dirOf inputs.config.sops.defaultSopsFile}/munge.key";
owner = inputs.config.systemd.services.munged.serviceConfig.User;
};
networking.firewall =
let config = inputs.lib.mkIf slurm.setupFirewall [ 6818 ];
in { allowedTCPPorts = config; allowedUDPPorts = config; };
}
# master 配置
(inputs.lib.mkIf (slurm.master == inputs.config.nixos.system.networking.hostname)
{
services.slurm =
slurm =
{
server.enable = true;
package = (inputs.pkgs.slurm.override { enableGtk2 = true; }).overrideAttrs
(prev: let inherit (inputs.pkgs.cudaPackages) cuda_nvml_dev; in
{
buildInputs = prev.buildInputs ++ [ cuda_nvml_dev ];
LDFLAGS = [ "-L${cuda_nvml_dev}/lib/stubs" ];
nativeBuildInputs = prev.nativeBuildInputs ++ [ inputs.pkgs.wrapGAppsHook ];
});
clusterName = inputs.config.nixos.system.networking.hostname;
dbdserver =
{
enable = true;
@@ -175,34 +40,100 @@ inputs:
StorageLoc=slurm
'';
};
};
systemd.tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
sops.secrets."slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; };
nixos =
{
packages.packages._packages = [ inputs.pkgs.localPackages.sbatch-tui ];
user.sharedModules = [{ home.packages =
[
(inputs.pkgs.writeShellScriptBin "sbatch"
client.enable = true;
controlMachine = "localhost";
nodeName =
let gpuString = builtins.concatStringsSep "," (builtins.map
(gpu: "gpu:${gpu.name}:${builtins.toString gpu.value}")
(inputs.localLib.attrsToList slurm.gpus));
in inputs.lib.singleton (builtins.concatStringsSep " "
[
"localhost"
"RealMemory=${builtins.toString slurm.memoryMB}"
"Sockets=${builtins.toString slurm.cpu.sockets}"
"CoresPerSocket=${builtins.toString slurm.cpu.cores}"
"ThreadsPerCore=${builtins.toString slurm.cpu.threads}"
"Gres=${gpuString}"
"State=UNKNOWN"
]);
partitionName = [ "localhost Nodes=localhost Default=YES MaxTime=INFINITE State=UP" ];
procTrackType = "proctrack/cgroup";
extraConfig =
let taskProlog =
''
if [ "$#" -eq 0 ]; then
sbatch-tui
else
/run/current-system/sw/bin/sbatch "$@"
fi
'')
];}];
services.mariadb = { enable = true; instances.slurm = {}; };
echo export CUDA_DEVICE_ORDER=PCI_BUS_ID
echo export SLURM_THREADS_PER_CPU=${builtins.toString slurm.cpu.threads}
'';
in
''
SelectType=select/cons_tres
SelectTypeParameters=CR_Core
GresTypes=gpu
DefCpuPerGPU=1
TaskProlog=${inputs.pkgs.writeShellScript "set_env" taskProlog}
AccountingStorageType=accounting_storage/slurmdbd
AccountingStorageHost=localhost
AccountingStoreFlags=job_comment,job_env,job_extra,job_script
JobCompType=jobcomp/filetxt
JobCompLoc=/var/log/slurmctld/jobcomp.log
SchedulerParameters=enable_user_top
SlurmdDebug=debug2
'';
extraConfigPaths =
let gpuString = builtins.concatStringsSep "\n" (builtins.map
(gpu: "Name=gpu Type=${gpu.name} Count=${builtins.toString gpu.value}")
(inputs.localLib.attrsToList slurm.gpus));
in [(inputs.pkgs.writeTextDir "gres.conf" "AutoDetect=nvml\n${gpuString}")];
};
environment.etc."sbatch-tui.yaml".text = builtins.toJSON
munge = { enable = true; password = inputs.config.sops.secrets."munge.key".path; };
};
systemd =
{
services.slurmd.environment =
{
CpuMpiThreads = slurm.tui.cpuMpiThreads;
CpuOpenmpThreads = slurm.tui.cpuOpenmpThreads;
GpuIds = slurm.tui.gpus;
CUDA_PATH = "${inputs.pkgs.cudatoolkit}";
LD_LIBRARY_PATH = "${inputs.config.hardware.nvidia.package}/lib";
};
networking.firewall =
let config = inputs.lib.mkIf slurm.setupFirewall [ 6817 ];
in { allowedTCPPorts = config; allowedUDPPorts = config; };
})
]);
tmpfiles.rules = [ "d /var/log/slurmctld 700 slurm slurm" ];
};
sops =
{
secrets =
{
"munge.key" =
{
format = "binary";
sopsFile = "${builtins.dirOf inputs.config.sops.defaultSopsFile}/munge.key";
owner = inputs.config.systemd.services.munged.serviceConfig.User;
};
"slurm/db" = { owner = "slurm"; key = "mariadb/slurm"; };
};
};
nixos =
{
packages.packages._packages = [(inputs.pkgs.localPackages.sbatch-tui.override { sbatchConfig =
{
cpuMpiThreads = slurm.cpu.mpiThreads;
cpuOpenmpThreads = slurm.cpu.openmpThreads;
gpuIds = builtins.concatStringsSep ", " (builtins.map (gpu: ''"${gpu}"'') (builtins.attrNames slurm.gpus));
};})];
user.sharedModules = [{ home.packages =
[
(inputs.pkgs.writeShellScriptBin "sbatch"
''
if [ "$#" -eq 0 ]; then
sbatch-tui
else
/run/current-system/sw/bin/sbatch "$@"
fi
'')
];}];
services.mariadb = { enable = true; instances.slurm = {}; };
};
};
}

1
modules/services/synapse.nix
View File

@@ -192,7 +192,6 @@ inputs:
admin_contact = "mailto:chn@chn.moe";
enable_registration = true;
registrations_require_3pid = [ "email" ];
registration_requires_token = true;
turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
max_upload_size = "1024M";
web_client_location = "https://element.chn.moe/";

16
modules/services/waydroid.nix
View File

@@ -1,16 +0,0 @@
inputs:
{
options.nixos.services.waydroid = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) waydroid; in inputs.lib.mkIf (waydroid != null)
{ virtualisation.waydroid.enable = true; };
}
# sudo waydroid shell wm set-fix-to-user-rotation enabled
# /var/lib/waydroid/waydroid_base.prop
# default:
# ro.hardware.gralloc=gbm
# ro.hardware.egl=mesa
# nvidia:
# ro.hardware.gralloc=default
# ro.hardware.egl=swiftshader

11
modules/services/xray/default.nix
View File

@@ -15,7 +15,7 @@ inputs:
extraInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0";
default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
};
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
@@ -25,8 +25,6 @@ inputs:
noproxyTcpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
noproxyUdpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
};
# 是否允许代理来自其它机器的流量(相关端口会被放行)
allowForward = mkOption { type = types.bool; default = true; };
};
server = mkOption
{
@@ -331,13 +329,6 @@ inputs:
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
networking.firewall =
{
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
allowedTCPPortRanges = [{ from = 10880; to = 10884; }];
allowedUDPPortRanges = [{ from = 10880; to = 10884; }];
};
}
)
(

2
modules/system/binfmt.nix
View File

@@ -1,7 +1,7 @@
inputs:
{
options.nixos.system.binfmt = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.system) binfmt; in inputs.lib.mkIf (binfmt != null)
{
programs.java = { enable = true; binfmt = true; };

21
modules/system/cluster.nix
View File

@@ -1,21 +0,0 @@
inputs:
{
options.nixos.system.cluster = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
clusterName = mkOption { type = types.nonEmptyStr; };
nodeName = mkOption { type = types.nonEmptyStr; };
nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.system) cluster; in inputs.lib.mkIf (cluster != null)
{
nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}";
# 作为从机时home-manager 需要被禁用
systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map
(user: { name = "home-manager-${inputs.utils.escapeSystemdPath user}"; value.enable = false; })
inputs.config.nixos.user.users));
};
}

2
modules/system/default.nix
View File

@@ -14,7 +14,7 @@ inputs:
time.timeZone = "Asia/Shanghai";
boot =
{
supportedFilesystems = [ "ntfs" "nfs" "nfsv4" ];
supportedFilesystems = [ "ntfs" ];
# consoleLogLevel = 7;
};
hardware.enableAllFirmware = true;

12
modules/system/envfs.nix
View File

@@ -1,10 +1,10 @@
inputs:
{
options.nixos.system.envfs = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null)
{
services.envfs.enable = true;
environment.variables.ENVFS_RESOLVE_ALWAYS = "1";
};
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.system) envfs; in inputs.lib.mkIf (envfs != null) (inputs.lib.mkMerge
[
(builtins.elemAt inputs.topInputs.envfs.nixosModules.envfs.imports 0 inputs)
{ environment.variables.ENVFS_RESOLVE_ALWAYS = "1"; }
]);
}

331
modules/system/fileSystems/default.nix
View File

@@ -1,6 +1,5 @@
inputs:
{
imports = inputs.localLib.findModules ./.;
options.nixos.system.fileSystems = let inherit (inputs.lib) mkOption types; in
{
mount =
@@ -10,6 +9,41 @@ inputs:
# device.subvol = mountPoint;
btrfs = mkOption { type = types.attrsOf (types.attrsOf types.nonEmptyStr); default = {}; };
};
decrypt =
{
auto = mkOption
{
type = types.attrsOf (types.submodule
{
options =
{
mapper = mkOption { type = types.nonEmptyStr; };
ssd = mkOption { type = types.bool; default = false; };
before = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
};
});
default = {};
};
manual =
{
enable = mkOption { type = types.bool; default = false; };
devices = mkOption
{
type = types.attrsOf (types.submodule
{
options =
{
mapper = mkOption { type = types.nonEmptyStr; };
ssd = mkOption { type = types.bool; default = false; };
};
});
default = {};
};
keyFile = mkOption
{ type = types.path; default = ./. + "/${inputs.config.nixos.system.networking.hostname}.key"; };
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
# generate using: sudo mdadm --examine --scan
mdadm = mkOption { type = types.nullOr types.lines; default = null; };
swap = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
@@ -32,112 +66,205 @@ inputs:
default = null;
};
};
config = let inherit (inputs.config.nixos.system) fileSystems; in inputs.lib.mkMerge
[
# mount.vfat
{
fileSystems = builtins.listToAttrs (builtins.map
(device:
{
name = device.value;
value = { device = device.name; fsType = "vfat"; neededForBoot = true; options = [ "noatime" ]; };
})
(inputs.localLib.attrsToList fileSystems.mount.vfat));
}
# mount.btrfs
# Disable CoW for VM image and database: sudo chattr +C images
# resize btrfs:
# sudo btrfs filesystem resize -50G /nix
# sudo cryptsetup status root
# sudo cryptsetup -b 3787456512 resize root
# sudo cfdisk /dev/nvme1n1p3
{
fileSystems = builtins.listToAttrs (builtins.concatLists (builtins.map
(device: builtins.map
(
subvol:
{
name = subvol.value;
value =
{
device = device.name;
fsType = "btrfs";
# zstd:15 cause sound stuttering
# test on e20dae7d8b317f95718b5f4175bd4246c09735de mathematica ~15G
# zstd:15 5m33s 7.16G
# zstd:8 54s 7.32G
# zstd:3 17s 7.52G
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" "noatime" ];
neededForBoot = true;
};
}
)
(inputs.localLib.attrsToList device.value)
)
(inputs.localLib.attrsToList fileSystems.mount.btrfs)));
}
# mdadm
(inputs.lib.mkIf (fileSystems.mdadm != null)
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
)
# swap
{ swapDevices = builtins.map (device: { device = device; }) fileSystems.swap; }
# resume
(inputs.lib.mkIf (fileSystems.resume != null) { boot =
(
if builtins.typeOf fileSystems.resume == "string" then
{ resumeDevice = fileSystems.resume; }
else
config =
let
inherit (builtins) listToAttrs map concatLists concatStringsSep;
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.system) fileSystems;
in mkMerge
[
# mount.vfat
{
resumeDevice = fileSystems.resume.device;
kernelModules = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
fileSystems = listToAttrs (map
(device:
{
name = device.value;
value = { device = device.name; fsType = "vfat"; neededForBoot = true; options = [ "noatime" ]; };
})
(attrsToList fileSystems.mount.vfat));
}
);})
# rollingRootfs
(inputs.lib.mkIf (fileSystems.rollingRootfs != null)
{
boot.initrd.systemd =
# mount.btrfs
# Disable CoW for VM image and database: sudo chattr +C images
# resize btrfs:
# sudo btrfs filesystem resize -50G /nix
# sudo cryptsetup status root
# sudo cryptsetup -b 3787456512 resize root
# sudo cfdisk /dev/nvme1n1p3
{
extraBin =
fileSystems = listToAttrs (concatLists (map
(
device: map
(
subvol:
{
name = subvol.value;
value =
{
device = device.name;
fsType = "btrfs";
# zstd:15 cause sound stuttering
# test on e20dae7d8b317f95718b5f4175bd4246c09735de mathematica ~15G
# zstd:15 5m33s 7.16G
# zstd:8 54s 7.32G
# zstd:3 17s 7.52G
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" "noatime" ];
neededForBoot = true;
};
}
)
(attrsToList device.value)
)
(attrsToList fileSystems.mount.btrfs)));
}
# decrypt.auto
(
mkIf (fileSystems.decrypt.auto != null)
{
grep = "${inputs.pkgs.gnugrep}/bin/grep";
awk = "${inputs.pkgs.gawk}/bin/awk";
chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
};
services.roll-rootfs =
boot.initrd =
{
luks.devices = (listToAttrs (map
(
device:
{
name = device.value.mapper;
value =
{
device = device.name;
allowDiscards = device.value.ssd;
bypassWorkqueues = device.value.ssd;
crypttabExtraOpts = [ "fido2-device=auto" "x-initrd.attach" ];
};
}
)
(attrsToList fileSystems.decrypt.auto)));
systemd.services =
let
createService = device:
{
name = "systemd-cryptsetup@${device.value.mapper}";
value =
{
before = map (device: "systemd-cryptsetup@${device}.service") device.value.before;
overrideStrategy = "asDropin";
};
};
in
listToAttrs (map createService
(builtins.filter (device: device.value.before != null) (attrsToList fileSystems.decrypt.auto)));
};
}
)
# decrypt.manual
(
mkIf (fileSystems.decrypt.manual.enable)
{
wantedBy = [ "initrd.target" ];
after = [ "cryptsetup.target" "systemd-hibernate-resume.service" ];
before = [ "local-fs-pre.target" "sysroot.mount" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script =
let
inherit (fileSystems.rollingRootfs) device path waitDevices;
waitDevice = builtins.concatStringsSep "\n" (builtins.map
(device: "while ! [ -e ${device} ]; do sleep 1; done") (waitDevices ++ [ device ]));
in
''
while ! lsmod | grep -q btrfs; do sleep 1; done
${waitDevice}
mount ${device} /mnt -m
if [ -f /mnt${path}/current/.timestamp ]
then
timestamp=$(cat /mnt${path}/current/.timestamp)
subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
fi
btrfs subvolume create /mnt${path}/current
chattr +C /mnt${path}/current
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
umount /mnt
'';
};
};
})
];
boot.initrd =
{
luks.forceLuksSupportInInitrd = true;
systemd =
{
extraBin =
{
cryptsetup = "${inputs.pkgs.cryptsetup.bin}/bin/cryptsetup";
usbip = "${inputs.config.boot.kernelPackages.usbip}/bin/usbip";
sed = "${inputs.pkgs.gnused}/bin/sed";
awk = "${inputs.pkgs.gawk}/bin/awk";
decrypt = inputs.pkgs.writeShellScript "decrypt"
''
modprobe vhci-hcd
busid=$(usbip list -r 127.0.0.1 | head -n4 | tail -n1 | awk '{print $1}' | sed 's/://')
usbip attach -r 127.0.0.1 -b $busid
${concatStringsSep "\n" (map
(device: ''systemd-cryptsetup attach ${device.value.mapper} ${device.name} "" fido2-device=auto''
+ (if device.value.ssd then ",discard" else ""))
(attrsToList fileSystems.decrypt.manual.devices))}
'';
};
services.wait-manual-decrypt =
{
wantedBy = [ "initrd-root-fs.target" ];
before = [ "roll-rootfs.service" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script = concatStringsSep "\n" (map
(device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done")
(attrsToList fileSystems.decrypt.manual.devices));
};
};
};
fileSystems = listToAttrs (map
(mount: { name = mount; value.options = [ "x-systemd.device-timeout=48h" ]; })
fileSystems.decrypt.manual.delayedMount);
}
)
# mdadm
(
mkIf (fileSystems.mdadm != null)
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
)
# swap
{ swapDevices = map (device: { device = device; }) fileSystems.swap; }
# resume
(
mkIf (fileSystems.resume != null) { boot =
(
if builtins.typeOf fileSystems.resume == "string" then
{ resumeDevice = fileSystems.resume; }
else
{
resumeDevice = fileSystems.resume.device;
kernelModules = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
}
);}
)
# rollingRootfs
(
mkIf (fileSystems.rollingRootfs != null)
{
boot.initrd.systemd =
{
extraBin =
{
grep = "${inputs.pkgs.gnugrep}/bin/grep";
awk = "${inputs.pkgs.gawk}/bin/awk";
chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
};
services.roll-rootfs =
{
wantedBy = [ "initrd.target" ];
after = [ "cryptsetup.target" "systemd-hibernate-resume.service" ];
before = [ "local-fs-pre.target" "sysroot.mount" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script =
let
inherit (fileSystems.rollingRootfs) device path waitDevices;
waitDevice = concatStringsSep "\n" (builtins.map
(device: "while ! [ -e ${device} ]; do sleep 1; done") (waitDevices ++ [ device ]));
in
''
while ! lsmod | grep -q btrfs; do sleep 1; done
${waitDevice}
mount ${device} /mnt -m
if [ -f /mnt${path}/current/.timestamp ]
then
timestamp=$(cat /mnt${path}/current/.timestamp)
subvolid=$(btrfs subvolume show /mnt${path}/current | grep 'Subvolume ID:' | awk '{print $NF}')
mv /mnt${path}/current /mnt${path}/$timestamp-$subvolid
btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
fi
btrfs subvolume create /mnt${path}/current
chattr +C /mnt${path}/current
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
umount /mnt
'';
};
};
}
)
];
}

81
modules/system/fileSystems/luks/default.nix
View File

@@ -1,81 +0,0 @@
inputs:
{
options.nixos.system.fileSystems.luks = let inherit (inputs.lib) mkOption types; in
{
auto = mkOption
{
type = types.attrsOf (types.submodule { options =
{
mapper = mkOption { type = types.nonEmptyStr; };
ssd = mkOption { type = types.bool; default = false; };
before = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
};});
default = {};
};
manual =
{
enable = mkOption { type = types.bool; default = false; };
devices = mkOption
{
type = types.attrsOf (types.submodule { options =
{
mapper = mkOption { type = types.nonEmptyStr; };
ssd = mkOption { type = types.bool; default = false; };
};});
default = {};
};
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
config = let inherit (inputs.config.nixos.system.fileSystems) luks; in inputs.lib.mkMerge
[
(inputs.lib.mkIf (luks.auto != null) { boot.initrd =
{
luks.devices = (builtins.listToAttrs (builtins.map
(device:
{
name = device.value.mapper;
value =
{
device = device.name;
allowDiscards = device.value.ssd;
bypassWorkqueues = device.value.ssd;
crypttabExtraOpts = [ "fido2-device=auto" "x-initrd.attach" ];
};
})
(inputs.localLib.attrsToList luks.auto)));
systemd.services = builtins.listToAttrs (builtins.map
(device:
{
name = "systemd-cryptsetup@${device.value.mapper}";
value =
{
before = map (device: "systemd-cryptsetup@${device}.service") device.value.before;
overrideStrategy = "asDropin";
};
})
(builtins.filter (device: device.value.before != null) (inputs.localLib.attrsToList luks.auto)));
};})
(inputs.lib.mkIf luks.manual.enable
{
boot.initrd =
{
luks.forceLuksSupportInInitrd = true;
systemd =
{
services.wait-manual-decrypt =
{
wantedBy = [ "initrd-root-fs.target" ];
before = [ "roll-rootfs.service" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script = builtins.concatStringsSep "\n" (builtins.map
(device: "while [ ! -e /dev/mapper/${device.value.mapper} ]; do sleep 1; done")
(inputs.localLib.attrsToList luks.manual.devices));
};
extraBin.cryptsetup = "${inputs.pkgs.cryptsetup}/bin/cryptsetup";
};
};
})
];
}

0
modules/system/fileSystems/luks/nas.key → modules/system/fileSystems/nas.key
View File

28
modules/system/fileSystems/nfs.nix
View File

@@ -1,28 +0,0 @@
inputs:
{
options.nixos.system.fileSystems.mount.nfs = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.attrsOf types.nonEmptyStr); default = null;
};
config = let inherit (inputs.config.nixos.system.fileSystems.mount) nfs; in inputs.lib.mkIf (nfs != null)
{
fileSystems = builtins.listToAttrs (builtins.map
(device:
{
name = device.value;
value = { device = device.name; fsType = "nfs"; neededForBoot = true; };
})
(inputs.localLib.attrsToList nfs));
boot.initrd =
{
network.enable = true;
systemd.extraBin =
{
"ifconfig" = "${inputs.pkgs.nettools}/bin/ifconfig";
"mount.nfs" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs";
"mount.nfs4" = "${inputs.pkgs.nfs-utils}/bin/mount.nfs4";
};
};
services.rpcbind.enable = true;
};
}

0
modules/system/fileSystems/luks/vps4.key → modules/system/fileSystems/vps4.key
View File

0
modules/system/fileSystems/luks/vps6.key → modules/system/fileSystems/vps6.key
View File

0
modules/system/fileSystems/luks/vps7.key → modules/system/fileSystems/vps7.key
View File

9
modules/system/gui.nix → modules/system/gui/default.nix
View File

@@ -5,6 +5,7 @@ inputs:
enable = mkOption { type = types.bool; default = false; };
preferred = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.enable; };
autoStart = mkOption { type = types.bool; default = inputs.config.nixos.system.gui.preferred; };
touchscreen = mkOption { type = types.bool; default = false; };
};
config = let inherit (inputs.config.nixos.system) gui; in inputs.lib.mkIf gui.enable
{
@@ -38,9 +39,13 @@ inputs:
{
enable = true;
type = "fcitx5";
fcitx5.addons = builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ];
fcitx5.addons = (builtins.map (p: inputs.pkgs."fcitx5-${p}")
[ "rime" "chinese-addons" "mozc" "nord" "material-color" ])
++ inputs.lib.mkIf gui.touchscreen (inputs.pkgs.localPackages.fcitx5-virtualkeyboard-ui);
};
programs.dconf.enable = true;
nixpkgs.overlays = inputs.lib.mkIf gui.touchscreen
[(final: prev: { fcitx5 = prev.fcitx5.overrideAttrs (prev:
{ patches = prev.patches or [] ++ [ ./fcitx5.patch ]; });})];
};
}

248
modules/system/gui/fcitx5.patch Normal file
View File

@@ -0,0 +1,248 @@
From 5662218e904bc245c47ce4b33f04c2e3a74c7d92 Mon Sep 17 00:00:00 2001
From: Daijiro Fukuda <fukuda@clear-code.com>
Date: Mon, 28 Feb 2022 15:08:40 +0900
Subject: [PATCH 1/3] Add simple group enumerating function for addons (#452)
---
src/lib/fcitx/inputmethodmanager.cpp | 22 ++++++++++++++++++++++
src/lib/fcitx/inputmethodmanager.h | 3 +++
2 files changed, 25 insertions(+)
diff --git a/src/lib/fcitx/inputmethodmanager.cpp b/src/lib/fcitx/inputmethodmanager.cpp
index 6e842ee07..e2e0d6184 100644
--- a/src/lib/fcitx/inputmethodmanager.cpp
+++ b/src/lib/fcitx/inputmethodmanager.cpp
@@ -276,6 +276,28 @@ const InputMethodGroup &InputMethodManager::currentGroup() const {
return d->groups_.find(d->groupOrder_.front())->second;
}
+void InputMethodManager::enumerateGroup(bool forward) {
+ FCITX_D();
+ if (groupCount() < 2) {
+ return;
+ }
+ emit<InputMethodManager::CurrentGroupAboutToChange>(d->groupOrder_.front());
+ if (forward) {
+ d->groupOrder_.splice(
+ d->groupOrder_.end(),
+ d->groupOrder_,
+ d->groupOrder_.begin()
+ );
+ } else {
+ d->groupOrder_.splice(
+ d->groupOrder_.begin(),
+ d->groupOrder_,
+ std::prev(d->groupOrder_.end())
+ );
+ }
+ emit<InputMethodManager::CurrentGroupChanged>(d->groupOrder_.front());
+}
+
void InputMethodManager::setDefaultInputMethod(const std::string &name) {
FCITX_D();
auto &currentGroup = d->groups_.find(d->groupOrder_.front())->second;
diff --git a/src/lib/fcitx/inputmethodmanager.h b/src/lib/fcitx/inputmethodmanager.h
index 0069c4108..0be42630d 100644
--- a/src/lib/fcitx/inputmethodmanager.h
+++ b/src/lib/fcitx/inputmethodmanager.h
@@ -84,6 +84,9 @@ class FCITXCORE_EXPORT InputMethodManager : public ConnectableObject {
/// Return the current group.
const InputMethodGroup &currentGroup() const;
+ /// Simply enumerate input method groups.
+ void enumerateGroup(bool forward);
+
/**
* Set default input method for current group.
*
From 3891b04380a5dd36b48af753b85c81472e6c03a4 Mon Sep 17 00:00:00 2001
From: Takuro Ashie <ashie@clear-code.com>
Date: Mon, 7 Mar 2022 12:09:34 +0900
Subject: [PATCH 2/3] Make sure to show UI on activate
---
src/frontend/waylandim/waylandimserver.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/frontend/waylandim/waylandimserver.cpp b/src/frontend/waylandim/waylandimserver.cpp
index 58a4b713f..abbe3d8a4 100644
--- a/src/frontend/waylandim/waylandimserver.cpp
+++ b/src/frontend/waylandim/waylandimserver.cpp
@@ -168,6 +168,7 @@ void WaylandIMInputContextV1::activate(wayland::ZwpInputMethodContextV1 *ic) {
ic_->modifiersMap(&array);
wl_array_release(&array);
focusIn();
+ updateUserInterface(UserInterfaceComponent::InputPanel);
}
void WaylandIMInputContextV1::deactivate(wayland::ZwpInputMethodContextV1 *ic) {
From 861f59bd40916936daeac796fc74844a43f11aaa Mon Sep 17 00:00:00 2001
From: daipom <fukuda@clear-code.com>
Date: Fri, 14 Jan 2022 11:24:42 +0900
Subject: [PATCH 3/3] Add function to handle virtual key events to InputContext
We can use `InputContext::virtualKeyEvent` to handle KeyEvents the same
way as physical key events.
---
src/frontend/waylandim/waylandimserver.cpp | 41 +++++++++++++++++++---
src/frontend/waylandim/waylandimserver.h | 2 ++
src/lib/fcitx/inputcontext.cpp | 18 ++++++++++
src/lib/fcitx/inputcontext.h | 13 +++++++
4 files changed, 70 insertions(+), 4 deletions(-)
diff --git a/src/frontend/waylandim/waylandimserver.cpp b/src/frontend/waylandim/waylandimserver.cpp
index abbe3d8a4..87bd3da33 100644
--- a/src/frontend/waylandim/waylandimserver.cpp
+++ b/src/frontend/waylandim/waylandimserver.cpp
@@ -413,13 +413,44 @@ void WaylandIMInputContextV1::keyCallback(uint32_t serial, uint32_t time,
server_->modifiers_, code),
state == WL_KEYBOARD_KEY_STATE_RELEASED, time);
- if (state == WL_KEYBOARD_KEY_STATE_RELEASED && key == repeatKey_) {
+ processKeyEvent(event, false, serial);
+}
+
+void WaylandIMInputContextV1::virtualKeyEventImpl(KeyEvent &event) {
+ // `mods_locked` value seems to be 16 usually.
+ // It will be 18 with the capslocked state,
+ // but we don't have to consider about it in virtual key process.
+ if (event.rawKey().hasModifier()) {
+ if (event.rawKey().states().test(KeyState::Shift)) {
+ modifiersCallback(serial_, (uint32_t)KeyState::Shift, 0, 16, 0);
+ }
+ } else {
+ modifiersCallback(serial_, 0, 0, 16, 0);
+ }
+
+ processKeyEvent(event, true, serial_);
+}
+
+void WaylandIMInputContextV1::processKeyEvent(KeyEvent &event,
+ bool isVirtualKey,
+ uint32_t serial) {
+ const uint32_t key = event.rawKey().code() > 8 ? event.rawKey().code() - 8
+ : 0;
+ const auto state = event.isRelease() ? WL_KEYBOARD_KEY_STATE_RELEASED
+ : WL_KEYBOARD_KEY_STATE_PRESSED;
+
+ const auto cancelRepeat = isVirtualKey
+ ? (state == WL_KEYBOARD_KEY_STATE_RELEASED)
+ // Strict condition for physical keys.
+ : (state == WL_KEYBOARD_KEY_STATE_RELEASED && key == repeatKey_);
+
+ if (cancelRepeat) {
timeEvent_->setEnabled(false);
} else if (state == WL_KEYBOARD_KEY_STATE_PRESSED &&
- xkb_keymap_key_repeats(server_->keymap_.get(), code)) {
+ xkb_keymap_key_repeats(server_->keymap_.get(), event.rawKey().code())) {
if (repeatRate_) {
repeatKey_ = key;
- repeatTime_ = time;
+ repeatTime_ = event.time();
repeatSym_ = event.rawKey().sym();
// Let's trick the key event system by fake our first.
// Remove 100 from the initial interval.
@@ -430,11 +461,13 @@ void WaylandIMInputContextV1::keyCallback(uint32_t serial, uint32_t time,
WAYLANDIM_DEBUG() << event.key().toString()
<< " IsRelease=" << event.isRelease();
+
if (!keyEvent(event)) {
- ic_->key(serial, time, key, state);
+ ic_->key(serial, event.time(), key, state);
}
server_->display_->flush();
}
+
void WaylandIMInputContextV1::modifiersCallback(uint32_t serial,
uint32_t mods_depressed,
uint32_t mods_latched,
diff --git a/src/frontend/waylandim/waylandimserver.h b/src/frontend/waylandim/waylandimserver.h
index 1ffed14db..3b7871a2f 100644
--- a/src/frontend/waylandim/waylandimserver.h
+++ b/src/frontend/waylandim/waylandimserver.h
@@ -84,6 +84,7 @@ class WaylandIMInputContextV1 : public InputContext {
void deactivate(wayland::ZwpInputMethodContextV1 *id);
protected:
+ void virtualKeyEventImpl(KeyEvent &event) override;
void commitStringImpl(const std::string &text) override {
if (!ic_) {
return;
@@ -120,6 +121,7 @@ class WaylandIMInputContextV1 : public InputContext {
void keymapCallback(uint32_t format, int32_t fd, uint32_t size);
void keyCallback(uint32_t serial, uint32_t time, uint32_t key,
uint32_t state);
+ void processKeyEvent(KeyEvent &event, bool isVirtualKey, uint32_t serial);
void modifiersCallback(uint32_t serial, uint32_t mods_depressed,
uint32_t mods_latched, uint32_t mods_locked,
uint32_t group);
diff --git a/src/lib/fcitx/inputcontext.cpp b/src/lib/fcitx/inputcontext.cpp
index e6138036f..1fdc16358 100644
--- a/src/lib/fcitx/inputcontext.cpp
+++ b/src/lib/fcitx/inputcontext.cpp
@@ -243,6 +243,19 @@ bool InputContext::keyEvent(KeyEvent &event) {
return result;
}
+void InputContext::virtualKeyEvent(KeyEvent &event) {
+ decltype(std::chrono::steady_clock::now()) start;
+ // Don't query time if we don't want log.
+ if (::keyTrace().checkLogLevel(LogLevel::Debug)) {
+ start = std::chrono::steady_clock::now();
+ }
+ virtualKeyEventImpl(event);
+ FCITX_KEYTRACE() << "KeyEvent handling time: "
+ << std::chrono::duration_cast<std::chrono::milliseconds>(
+ std::chrono::steady_clock::now() - start)
+ .count();
+}
+
void InputContext::invokeAction(InvokeActionEvent &event) {
FCITX_D();
RETURN_IF_HAS_NO_FOCUS();
@@ -333,6 +346,11 @@ StatusArea &InputContext::statusArea() {
return d->statusArea_;
}
+void InputContext::virtualKeyEventImpl(KeyEvent &event) {
+ FCITX_D();
+ d->postEvent(event);
+}
+
void InputContext::updateClientSideUIImpl() {}
InputContextEventBlocker::InputContextEventBlocker(InputContext *inputContext)
diff --git a/src/lib/fcitx/inputcontext.h b/src/lib/fcitx/inputcontext.h
index 58363b506..8e56f7628 100644
--- a/src/lib/fcitx/inputcontext.h
+++ b/src/lib/fcitx/inputcontext.h
@@ -133,6 +133,10 @@ class FCITXCORE_EXPORT InputContext : public TrackableObject<InputContext> {
/// Send a key event to current input context.
bool keyEvent(KeyEvent &event);
+ /// Send a virtual key event to current input context.
+ /// This handles the event the same way as physical key events.
+ void virtualKeyEvent(KeyEvent &event);
+
/// Returns whether the input context holds the input focus. Input context
/// need to have focus.
bool hasFocus() const;
@@ -253,6 +257,15 @@ class FCITXCORE_EXPORT InputContext : public TrackableObject<InputContext> {
void updateProperty(const InputContextPropertyFactory *factory);
protected:
+ /**
+ * Process the virtual key event.
+ *
+ * @param event KeyEvent
+ *
+ * @see virtualKeyEvent
+ */
+ virtual void virtualKeyEventImpl(KeyEvent &event);
+
/**
* Send the committed string to client
*

4
modules/system/initrd.nix
View File

@@ -33,9 +33,7 @@ inputs:
# resolved does not work in initrd, causing network.target to fail
services.resolved.enable = false;
};
# ip=dhcp only attain ipv4
# ip=on will reset systemd-networkd configs
# kernelParams = [ "ip=on" ];
kernelParams = [ "ip=dhcp" ];
};
}
)

18
modules/system/kernel/default.nix
View File

@@ -5,7 +5,7 @@ inputs:
variant = mkOption
{
type = types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "cachyos" "cachyos-lto" "cachyos-server" "zen" ];
default = "xanmod-lts";
default = "xanmod-latest";
};
patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
modules =
@@ -31,12 +31,6 @@ inputs:
"ahci" "ata_piix" "nvme" "sdhci_acpi" "virtio_pci" "xhci_pci"
# networking for nas
"igb"
# disk for srv1
"megaraid_sas"
# disks for cluster
"nfs" "nfsv4"
# netowrk for srv1
"bnx2x" "tg3"
]
++ (inputs.lib.optionals (kernel.variant != "nixos") [ "crypto_simd" ])
# for pi3b to show message over hdmi while boot
@@ -134,6 +128,11 @@ inputs:
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in ./hibernate-progress-${version}.patch;
}];
amdgpu =
[{
name = "amdgpu";
patch = ./0001-drm-amdgpu-sdma5.2-limit-wptr-workaround-to-sdma-5.2.patch;
}];
# TODO: remove in 6.11
btrfs =
[{
@@ -142,11 +141,6 @@ inputs:
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in if version == "6.10" then ./btrfs.patch else null;
}];
amdgpu =
[{
name = "amdgpu";
patch = ./0001-drm-amdgpu-sdma5.2-limit-wptr-workaround-to-sdma-5.2.patch;
}];
};
in builtins.concatLists (builtins.map (name: patches.${name}) (kernel.patches ++ [ "btrfs" ]));
};

16
modules/system/networking.nix
View File

@@ -16,8 +16,8 @@ inputs:
{
ip = mkOption { type = types.nonEmptyStr; };
mask = mkOption { type = types.ints.unsigned; };
gateway = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
dns = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
gateway = mkOption { type = types.nonEmptyStr; };
dns = mkOption { type = types.nonEmptyStr; default = null; };
};});
default = {};
};
@@ -75,10 +75,10 @@ inputs:
(builtins.map
(network:
{
name = "10-${network}";
name = "10-${network.ssid}";
value =
{
matchConfig.Name = network;
matchConfig.Name = network.ssid;
networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; };
linkConfig.RequiredForOnline = "routable";
};
@@ -91,11 +91,9 @@ inputs:
value =
{
matchConfig.Name = network.name;
address = [ "${network.value.ip}/${builtins.toString network.value.mask}" ];
routes = inputs.lib.mkIf (network.value.gateway != null)
[{ Gateway = network.value.gateway; Destination = "0.0.0.0/0"; }];
address = [ "${network.ip}/${builtins.toString network.mask}" ];
routes = [{ routeConfig.Gateway = network.gateway; }];
linkConfig.RequiredForOnline = "routable";
dns = inputs.lib.mkIf (network.value.dns != null) [ network.value.dns ];
};
})
(inputs.localLib.attrsToList networking.networkd.static))
@@ -106,8 +104,6 @@ inputs:
networkmanager.unmanaged = with networking.networkd; dhcp ++ (builtins.attrNames static);
useNetworkd = true;
};
# dnsable dns fallback, use provided dns servers or no dns
services.resolved.fallbackDns = [];
})
# wpa_supplicant
(inputs.lib.mkIf (networking.wireless != [])

2
modules/system/nix-ld.nix
View File

@@ -1,7 +1,7 @@
inputs:
{
options.nixos.system.nix-ld = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.system) nix-ld; in inputs.lib.mkIf (nix-ld != null)
{
programs.nix-ld = { enable = true; libraries = [ inputs.pkgs.steam-run.fhsenv ]; };

4
modules/system/nix.nix
View File

@@ -15,7 +15,7 @@ inputs:
mandatoryFeatures = mkOption
{
type = types.listOf types.nonEmptyStr;
default = [ "big-parallel" ];
default = [ "gccarch-exact-${inputs.config.nixos.system.nixpkgs.march}" ];
};
};
master =
@@ -88,7 +88,7 @@ inputs:
})
# substituters
{
nix.settings.substituters = inputs.lib.mkIf (nix.substituters != null) nix.substituters;
nix.settings.substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
}
# autoOptimiseStore
(inputs.lib.mkIf nix.autoOptimiseStore

26
modules/system/nixpkgs.nix
View File

@@ -23,7 +23,7 @@ inputs:
nixpkgs =
let
permittedInsecurePackages =
[ "openssl_1_1" "python2" "zotero" "electron_27" "electron_28" "olm" "fluffychat" ];
[ "openssl_1_1" "python2" "zotero" "electron_27" "electron_28" ];
hostPlatform = if nixpkgs.march != null
then { system = "${nixpkgs.arch}-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; }
else "${nixpkgs.arch}-linux";
@@ -46,9 +46,7 @@ inputs:
}
// (if nixpkgs.march == null then {} else
{
# TODO: change znver4 after update oneapi
# TODO: test znver3 do use AVX
oneapiArch = let match = { znver3 = "CORE-AVX2"; znver4 = "core-avx2"; };
oneapiArch = let match = { znver3 = "CORE-AVX2"; znver4 = "CORE-AVX512"; };
in match.${nixpkgs.march} or nixpkgs.march;
nvhpcArch = nixpkgs.march;
# contentAddressedByDefault = true;
@@ -117,7 +115,6 @@ inputs:
scalapack = prev.scalapack.overrideAttrs { doCheck = false; };
xdg-desktop-portal = prev.xdg-desktop-portal.overrideAttrs (prev:
{ doCheck = false; nativeBuildInputs = prev.nativeBuildInputs ++ prev.nativeCheckInputs; });
gsl = prev.gsl.overrideAttrs { doCheck = false; };
}
)
// (
@@ -136,12 +133,19 @@ inputs:
name = "native kernel";
patch = null;
extraStructuredConfig =
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; };
in
{
GENERIC_CPU = inputs.lib.kernel.no;
${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
};
let
kernelConfig =
{
alderlake = "MALDERLAKE";
sandybridge = "MSANDYBRIDGE";
silvermont = "MSILVERMONT";
broadwell = "MBROADWELL";
skylake = "MSKYLAKE";
znver2 = "MZEN2";
znver3 = "MZEN3";
znver4 = "MZEN4";
};
in { GENERIC_CPU = inputs.lib.kernel.no; ${kernelConfig.${nixpkgs.march}} = inputs.lib.kernel.yes; };
}];
};
}

2
modules/system/security.nix
View File

@@ -43,7 +43,5 @@ inputs:
sudo.extraConfig = "Defaults pwfeedback";
};
systemd.user.extraConfig = "DefaultLimitNOFILE=65536:524288";
# needed by xray tproxy if we want to forward traffic from other machine
networking.firewall.checkReversePath = false;
};
}

42
modules/system/sops.nix
View File

@@ -5,26 +5,28 @@ inputs:
enable = mkOption { type = types.bool; default = true; };
keyPathPrefix = mkOption { type = types.str; default = "/nix/persistent"; };
};
config = let inherit (inputs.config.nixos.system) sops; in inputs.lib.mkIf sops.enable
{
sops =
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.system) sops;
in mkIf sops.enable
{
defaultSopsFile =
let deviceDir =
if (inputs.config.nixos.system.cluster == null) then
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}"
else
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.cluster.clusterName}"
+ "/${inputs.config.nixos.system.cluster.nodeName}";
in inputs.lib.mkMerge
[
(inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets.yaml") "${deviceDir}/secrets.yaml")
(inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets/default.yaml")
"${deviceDir}/secrets/default.yaml")
];
# sops start before impermanence, so we need to use the absolute path
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
sops =
{
defaultSopsFile =
let deviceDir = "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}";
in mkIf
(
builtins.pathExists "${deviceDir}/secrets.yaml"
|| builtins.pathExists "${deviceDir}/secrets/default.yaml"
)
(
if builtins.pathExists "${deviceDir}/secrets.yaml" then "${deviceDir}/secrets.yaml"
else "${deviceDir}/secrets/default.yaml"
);
# sops start before impermanence, so we need to use the absolute path
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
};
};
};
}

Some files were not shown because too many files have changed in this diff Show More