chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:srv1-add-zgq
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:xray-debug
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

97 Commits
srv1-add-z ... xray-debug

Author SHA1 Message Date
chn
97cd45caf6 debug 2025-06-25 21:19:29 +08:00
chn
13c6dda325 modules.services.xray: add debug info 2025-06-25 21:16:04 +08:00
chn
13d571477b modules.services.xray: revert version 2025-06-25 21:03:49 +08:00
chn
75e3b31219 modules.services.xray: add counter 2025-06-25 20:52:19 +08:00
chn
b5002abe0d devices.xmuhk: add nix config 2025-06-25 13:04:46 +08:00
chn
42080c0b9a devices.jykang: fix passthru 2025-06-25 12:53:56 +08:00
chn
26c1e14910 devices.xmuhk: setup nix 2025-06-25 12:48:48 +08:00
chn
5f9c8e3df2 devices.pc: setup xmuhk mount 2025-06-25 12:39:50 +08:00
chn
3219a7283e devices.jykang: fix nix setting 2025-06-25 12:36:51 +08:00
chn
37d2126c1a Revert "devices.jykang: setup" 
This reverts commit e35e6b2e5d.
 2025-06-25 12:33:44 +08:00
chn
2ebd87a5e6 Revert "devices.jykang: remove nix bin path from PATH" 
This reverts commit 5e7ccc47cb.
 2025-06-25 12:33:19 +08:00
chn
078292edb7 Revert "devices.jykang: cleanup" 
This reverts commit d1fc2b0a1c.
 2025-06-25 12:32:54 +08:00
chn
a8bbc1d47a devices.xmuhk: some singularity fix 2025-06-25 12:27:46 +08:00
chn
fae98186d2 devices.xmuhk: add passthru 2025-06-25 10:51:28 +08:00
chn
715fa9572f Revert "devices.xmuhk: use host singularity" 
This reverts commit 2b43d84981.
 2025-06-25 10:49:21 +08:00
chn
2b43d84981 devices.xmuhk: use host singularity 2025-06-25 10:44:48 +08:00
chn
959df1f144 devices.xmuhk: patch singularity 2025-06-25 10:40:33 +08:00
chn
12dd286e99 devices.xmuhk.lumericalLicenseManager: loose interface name 2025-06-25 10:18:15 +08:00
chn
257e13e463 devices.xmuhk: add lumericalLicenseManager 2025-06-25 10:14:46 +08:00
chn
692de14ca0 modules.services.lumericalLicenseManager: rebuild clean image 2025-06-25 10:00:13 +08:00
chn
5a913287a3 packages.lumerical.createLicense: init 2025-06-25 09:38:30 +08:00
chn
833acb4c21 flake.src: add lumericalLicenseManager.sif 2025-06-25 09:27:53 +08:00
chn
fba563c19b modules.user.chn.ssh: update xmuhk ip 2025-06-25 08:42:31 +08:00
chn
62806e0bab packages.lumerical.lumerical: add openmpi support 2025-06-24 21:42:14 +08:00
chn
efa024f0ae modules.services.lumericalLicenseManager: allow set macAddress 2025-06-24 21:21:35 +08:00
chn
86495bb56f packages.lumerical.license: init 2025-06-24 21:15:44 +08:00
chn
30efbe92a9 flake.src: add license file 2025-06-24 21:08:38 +08:00
chn
0d7eaae89c devices.xmuhk: init 2025-06-24 20:48:45 +08:00
chn
e35e6b2e5d devices.jykang: setup 2025-06-24 19:07:13 +08:00
chn
5e7ccc47cb devices.jykang: remove nix bin path from PATH 2025-06-24 18:43:50 +08:00
chn
d1fc2b0a1c devices.jykang: cleanup 2025-06-24 18:43:05 +08:00
chn
b9dba325a9 flake.lib.buildNixpkgsConfig: move 2025-06-24 18:40:38 +08:00
chn
66bae0761f devices.srv3: add resource to test vm 2025-06-24 17:28:56 +08:00
chn
714cd7c69f package.lumericalLicenseManager: init 2025-06-24 17:28:38 +08:00
chn
9c50c656a0 devices.jykang: add passthru 2025-06-24 15:11:29 +08:00
chn
e7771e8bdc packages.lumerical.raw: use bundled qt 2025-06-24 14:47:45 +08:00
chn
348fb3006a packages.lumerical: add raw packages 2025-06-24 14:46:42 +08:00
chn
52a7c41b93 packages.lumerical: fix packaging 2025-06-24 14:15:47 +08:00
chn
7321486c25 Revert "devices.pc: remove lumericalLicenseManager" 
This reverts commit 8b36f79574.
 2025-06-24 14:05:45 +08:00
chn
0df3891fbd modules.services.lumericalLicenseManager: update license date 2025-06-24 14:04:50 +08:00
chn
40652454e4 devices.pc: remove acme cert debug.mirism.one 2025-06-24 13:40:44 +08:00
chn
8b36f79574 devices.pc: remove lumericalLicenseManager 2025-06-24 13:38:58 +08:00
chn
855f656370 packages.lumerical: use fhsenv 2025-06-24 13:22:39 +08:00
chn
3f781ac120 modules.services.lumericalLicenseManager: use host network 2025-06-24 11:47:31 +08:00
chn
71c90fe22a modules.services.lumericalLicenseManager: fix 2025-06-24 10:36:22 +08:00
chn
571b13476b Revert "modules.services.lumericalLicenseManager: reove" 
This reverts commit b72575045a.
 2025-06-24 10:20:01 +08:00
chn
8d3a779c28 Revert "packages.lumerical: remove" 
This reverts commit f5caaaefe4.
 2025-06-24 10:19:53 +08:00
chn
c7ab6b7536 modules.system.gui: fix 2025-06-23 10:58:31 +08:00
chn
4d55cb17c1 devices.pc: enable remote build 2025-06-23 10:56:42 +08:00
chn
05ab0566cc module.system.gui: remove a workaround for KDE 2025-06-23 09:28:00 +08:00
chn
8f36c57ff2 modules.system.gui: add implementation option 2025-06-22 22:09:06 +08:00
chn
ef02d3c7f8 modules.system.kernel: remote hibernate-progress v6.6 2025-06-22 11:50:15 +08:00
chn
fabc48e0fc modules.system.kernel: add xanmod-unstable 2025-06-22 11:47:57 +08:00
chn
78d58ab06e flake: update nixpkgs-unstable 2025-06-22 09:01:36 +08:00
chn
4fa5f39eb4 modules.system.fileSystems.rollingRootfs: fix 2025-06-21 23:33:48 +08:00
chn
3b8f573ccb modules.system.fileSystems.rollingRootfs: split 2025-06-21 23:27:45 +08:00
chn
7fe7b2aa00 modules.system.fileSystems.rollingRootfs: add backup 2025-06-21 23:24:16 +08:00
chn
9c10a367b2 modules.hardware.cpu: amd add ryzen-smu 2025-06-21 23:15:03 +08:00
chn
1f726c3eef modules.services.gitea: cleanup 2025-06-18 11:35:39 +08:00
chn
e8774e5943 modules.services.httpapi: 整理 2025-06-18 11:29:21 +08:00
chn
a107201eb4 modules.packages.desktop: add waveterm 2025-06-18 08:53:05 +08:00
chn
608693e1c5 modules.packages.vscode: add datawrangler 2025-06-15 17:18:57 +08:00
chn
a8dc47bc3d Revert "modules.packages.vscode: add datawrangler" 
This reverts commit d322beb664.
 2025-06-15 17:18:10 +08:00
chn
d322beb664 modules.packages.vscode: add datawrangler 2025-06-15 17:07:08 +08:00
chn
4d42334ed7 modules.services.podman: fix 2025-06-15 13:40:45 +08:00
chn
c8d6ec6ff6 modules.system.nixpkgs.buildNixpkgsConfig: let podman use nftables 2025-06-15 13:20:09 +08:00
chn
8ac73e5836 modules.services.podman: fix 2025-06-15 13:09:38 +08:00
chn
7f496e3f6c modules.services.huginn/rsshub: use podman 2025-06-15 12:44:38 +08:00
chn
bfeeb85235 modules.services.kvm: fix 2025-06-15 12:36:17 +08:00
chn
5f909eed0c Revert "modules.services.kvm: remove workaround" 
This reverts commit e4e85996f5.
 2025-06-15 12:30:27 +08:00
chn
c75c07f8df modules.services.podman: init, replace docker 2025-06-15 12:21:41 +08:00
chn
1a1e8c3b65 git: remove usage of git lfs 2025-06-15 11:45:12 +08:00
chn
82b04b897a devices.srv3: set pricing date 2025-06-14 13:11:10 +08:00
chn
9ef5d5f35d modules.packages.android-studio: remove 2025-06-13 19:33:05 +08:00
chn
1932d80220 modules.services.kvm: fix 2025-06-13 17:42:59 +08:00
chn
bc12375d04 modules.services.vaultwarden: cleanup 2025-06-13 08:05:18 +08:00
chn
1dde3e856b modules.services.frp: remove 2025-06-13 07:51:23 +08:00
chn
a7976ae167 modules.services.nfs: remove rpcbind, remove firewall rule 2025-06-13 07:49:42 +08:00
chn
746b438058 modules.hardware.cpu: must set, auto deduce from nixpkgs.march 2025-06-12 21:14:19 +08:00
chn
f480369f68 modules.hardware.cpu: cleanup 2025-06-12 21:06:15 +08:00
chn
e4e85996f5 modules.services.kvm: remove workaround 2025-06-12 20:59:27 +08:00
chn
890744ad77 modules.services.kvm: prevent qemu double build 2025-06-12 20:58:54 +08:00
chn
06967ccffd modules.services.kvm: aarch64 support as optional 2025-06-12 20:58:03 +08:00
chn
a1ce57fdbe modules.service.kvm: remove autoSuspend option 2025-06-12 20:50:49 +08:00
chn
832ca323d1 modules.system.fileSystems: set resume device to swap if only one swap device is defined 2025-06-12 20:49:05 +08:00
chn
4c3a1a817d modules.system.fileSystems.rollingRootfs: enable as default 2025-06-12 20:38:46 +08:00
chn
a5a39007f6 devices.pc: remove user test 2025-06-12 17:37:57 +08:00
chn
766bf76564 modules.services.nfs: allow multiple clients 2025-06-12 17:31:50 +08:00
chn
dd6298798c modules.user: fix root git config 2025-06-11 20:24:37 +08:00
chn
efbb595678 modules.packages.desktop: add kruler 2025-06-11 15:45:48 +08:00
chn
179caceae0 modules.hardware.cpu: 整理 2025-06-11 12:22:37 +08:00
chn
8f2d054ae8 modules.system.nix-ld: enable for all system types by default 2025-06-11 09:11:59 +08:00
chn
98c0d7824a Revert "modules.packages.vscode: fix" 
This reverts commit b48d3eeec1.
 2025-06-11 09:11:28 +08:00
chn
b48d3eeec1 modules.packages.vscode: fix 2025-06-11 09:06:09 +08:00
chn
cca3d3afd3 devices.cross.secrets.acme: update token 2025-06-09 21:04:41 +08:00
chn
0a2c1fe437 devices.cross.secrets.acme: split 2025-06-09 20:54:59 +08:00
chn
9320855ceb devices.vps4/vps6: delete xray user 2025-06-09 15:42:40 +08:00
87 changed files with 817 additions and 880 deletions
Expand all files Collapse all files

5
.gitattributes vendored
View File

@@ -1,6 +1 @@
*.png filter=lfs diff=lfs merge=lfs -text
*.icm filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
*.webp filter=lfs diff=lfs merge=lfs -text
*.efi filter=lfs diff=lfs merge=lfs -text
flake/branch.nix merge=ours

3
.sops.yaml
View File

@@ -54,3 +54,6 @@ creation_rules:
- path_regex: devices/cross/secrets/chn.yaml$
key_groups:
- age: [ *chn, *pc, *one, *nas ]
- path_regex: devices/cross/secrets/acme.yaml$
key_groups:
- age: [ *chn, *nas, *pc, *srv3, *vps4, *vps6 ]

62
devices/cross/secrets/acme.yaml Normal file
View File

@@ -0,0 +1,62 @@
acme:
token: ENC[AES256_GCM,data:Zm4vCgYbrm8wtYMYqtRkMF7hm8feTcZXITKbJgWsgagWbbHE5Z8zoA==,iv:RSRw188gjoAdhTErApuF8tBSsD+aT3LGhifcy417Qzw=,tag:4ZHfkW8aCJ6BW8mtL261yQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOFEwcjQyUmlpRDJ1WVFt
WUJVM29wdTFwZmNWTHNkMFpjeThCaGt0VkJjCjZ1bnNGVnF0dmdKVE1VdzJoeXJk
ZXM0b0NZeENMY2g0R203Rnc4Y2x3QTQKLS0tIHVPc1NuaGx5ZE92R3VTenpiRGNI
UWhxZVBpL1VSMVFabVJ3WWUrMjlrRTAKpya6EFm4EQ3o35C5Bdyyaw4Qys8IM2fe
OrA5b9xElsEhfGzkpRXkEtsbMhbbpNu0zvDBpylU8rU70tffcWh1sA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUowREVqOXBiZE02RUU2
RVU3MkxNVFRiaUFHQzlzdXpQNFRvanhDMGdjCm1qUytTNzAyY3g1OXI4L0hmK2Va
a0hJem5FNkFYTnBxbnhJT0QrbVBzdk0KLS0tIDkxeGYwTnNaUVVBa2NxT1dGWVRF
UE9uY2tjdE1ZTVFXSWI5czE1ZHVBV0UKYHyDTeejdMwfYW2u6r9MWZ9qJU2mTYJx
qK2/91+T5/paq23+gEpMJeCbCMfcws9xeaf4KgWdBr/JNgjNQ3mhyQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIbjBLelBWR0ZpZEFrL3A2
UExIamd3aElvZUNCK2VwZVJrdHMyWGZNYnhJCnBoUlF4ZWtKMDVIYzhqUlpxZXpr
UlY4VnVwcFkxMzc0Q0VoQW03QU9BODQKLS0tIGtoRStxL3BFd09CMi9zT0pwZEwr
d0hRWnVQOWVxdGRxRXpBZGtMQ24xbm8KtlIU+T++8IQRDLXAH1pBXa6hNqHD19ti
AIZGn7+Eh/b6wOkndNpzLCWGVVm9yo7qMY7AzYNIz7SU/9a0JPGuGQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxbFVkbjdHWm9xTlEwbzBE
Ky9KcjVvc0l2ZkJnOVdxVzFpUDMydDRuNWtVCmpkYXl1dG91TG84em16cFlRcG5y
WTBKM1VuWmV3dUlpcE1ka093aHh6REEKLS0tIC91OHF0TnhDUjlqVWcvMjl1czlm
YVRXZS9PRVpwNmFaY3pNT0JZNzB3R2MKHClUpTySdpU8AFNYoqT37KWkJbPgmd2+
UhtufEWWgSL6j/npU0yxHNcsmU5gfd45TnTxp4sSOupJUDM0B4FKlQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObkt4a25UcGo4MnoxOVJQ
WkF6elVWODYvSWw1QWtPYTJKS1gxUXRDVjNJCndNcU5GUHhMZW5uTzNpV2NtYUVh
K0dYNGlmRzd5ZkZVaGd3cjJFVEFSMXMKLS0tIEVRQWtaY0d3TERsV0ZNcVc0Vyty
WnZxTGxOY0NROU4vYTl1WWREemptaDAKhzzRPyr370b7ccTM5DE+jOczmXDqZBt5
fYQ04+yLjcULNhqlu52mJRH1X5Se2pXbCzEG6JFiKCEra0wiYhoo5Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbjRpMWZ6eXZubjVUUlNL
Z0N3ZkhoeVoxVzVwMHJzQzhJVjZ5MFhTU3dFCllwVWVWbm1KMTlUcEd0empxS1J2
NzRSbkE5cEJLMmZCcjZBMTF0TUF2SEUKLS0tIFN6TVNEMU4rVVl1OEdzWGJSRmdl
cndmbU16NkRmMHo5ZlJYMUFBUmlIZDQKNVXn3/twQKZC+74tRlpG2wx0hLEZuuka
DKtNg6nnhd/UsVNF6/MSTwjnwXeilNemV7ffAbSE4tixcfBV3niILg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-09T13:04:33Z"
mac: ENC[AES256_GCM,data:xKqvMTW+TTKPtuHh/pSGvxXXIpeKtzVWgwKPibGX9UTIpnDNzfylmkT6OouqQyI/HTQmiL67ch6gaFSMAbXfpw7JA9YpKif6p84rs3RelKzRLKinDpUtcvWhY1DEA2nsNWOdFHxu7EZhHRbXttRoB372kdV5063MJRvwuqslMpo=,iv:T4ff9w1AYGO9JIzuJz6VbPoS19OcIy9zFvOMLp3F2LE=,tag:x5Yk7tVSilKK68ZRhAnsIw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

6
devices/cross/secrets/default.yaml
View File

@@ -35,8 +35,6 @@ telegram:
user:
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
acme:
token: ENC[AES256_GCM,data:M8/R019chds8zr2BqnRnKP40NZxwq4fz06NaOeOOFYecLyDjIOq5mg==,iv:VPr4XD0Y+6G1P1xwMDyrWPiTvCYdiMV0nPcmqCvIA3Y=,tag:KEyCIHRmRkNviA4bMTMybg==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:MtmNo6hHlU75N6PvzF7P5i6Q+myV4Keb1JRXVeHxTennNpKfAndsKg==,iv:DqM91JX+1WX8Zqzha2Tm3ztFaSzKYQg+b9NvUm+6jxY=,tag:XnDTBL9MA/B8XfPZqdk7Eg==,type:str]
sops:
@@ -176,7 +174,7 @@ sops:
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-05T02:24:04Z"
mac: ENC[AES256_GCM,data:bdiWl2Un3IzYZx5vRcrxptfgJZl63qN/7ZosNNqiNlUU2vfyEQhOvXNxjRRgHI1HCBiqKdecKLC1qQyTHVhCTovjdciqlAMSLIQ1QFoq0+FVMagp8JXocfrxeyzyY8z4z7ACJc9MFtZ1ueBy+bqjlX7ArgGyltoGy2UsiJK6q40=,iv:RsOod/sQa/cHf72z/+neU4W87CDXD5U3b5aH4ArKVLo=,tag:K3Zl6X0bslhvwVjeqRSVnw==,type:str]
lastmodified: "2025-06-09T12:54:56Z"
mac: ENC[AES256_GCM,data:pAJ1mr02yp41jTcvy56OCUvJZh0NJXqAj582F85eevOIVy/GKQyvBonSkT0vN85q8UXw6tsNBpSqLi5MEoP2QhSP6x6mMZ6fHHGtkhw2ROmuTcfGdHDIq0SMU6arukEVDFlVsoneNXUUmdvwDjxAGv4qf7sI4ynPwu0V9xurYiI=,iv:ZuCObomHvfEPEKnepRyTOiojOEh6mfWW+bF/ytsTqiU=,tag:k0WuI8eewWeCQkiXDisjZw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

11
devices/jykang.xmuhpc/default.nix
View File

@@ -1,8 +1,8 @@
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' .#jykang
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' -qR ./result | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' --export > data.nar
# cat data.nar | nix-store --import
inputs:
let pkgs = import inputs.nixpkgs (import ../../modules/system/nixpkgs/buildNixpkgsConfig.nix
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' .#jykang
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | sudo xargs nix-store --store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export > data.nar
# cat data.nar | nix-store --import
{ inputs, localLib }:
let pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; };
@@ -12,4 +12,5 @@ in pkgs.symlinkJoin
name = "jykang";
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs; };
}

1
devices/jykang.xmuhpc/files/.config/nix/nix.conf Normal file
View File

@@ -0,0 +1 @@
store = local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log

4
devices/nas/default.nix
View File

@@ -21,13 +21,13 @@ inputs:
nixpkgs.march = "silvermont";
network = {};
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
hardware.gpu.type = "intel";
services =
{
sshd = {};
xray.client.dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
beesd."/".hashTableSizeMB = 10 * 128;
nfs."/" = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc";
nfs."/" = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc")];
};
};
};

3
devices/one/default.nix
View File

@@ -17,11 +17,10 @@ inputs:
luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root"; offset = 4728064; };
rollingRootfs = {};
};
nixpkgs.march = "tigerlake";
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
hardware.gpu.type = "intel";
services =
{
xray.client = {};

BIN
devices/pc/bios/Bootx64.efi
View File

Binary file not shown.

BIN
devices/pc/bios/DisplayEngine.efi
View File

Binary file not shown.

BIN
devices/pc/bios/SetupBrowser.efi
View File

Binary file not shown.

BIN
devices/pc/bios/UiApp.efi
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Default.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native_HDR.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_REC709.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_sRGB.icm
View File

Binary file not shown.

63
devices/pc/default.nix
View File

@@ -17,6 +17,7 @@ inputs:
"/nix" = "/nix";
"/nix/rootfs/current" = "/";
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
};
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.nas"}:/" =
{ mountPoint = "/nix/remote/nas"; hard = false; };
@@ -28,38 +29,35 @@ inputs:
{ mapper = "swap"; ssd = true; before = [ "root1" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = {};
};
grub.windowsEntries."08D3-10DE" = "Windows";
nix.marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# SAHF FXSR XSAVE RDRND LZCNT HLE
"haswell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# SAHF FXSR XSAVE RDRND LZCNT HLE
"haswell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
remote.master.host.srv2-node0 = [ "skylake" ];
};
nixpkgs = { march = "znver4"; cuda.capabilities = [ "8.9" ]; };
sysctl.laptop-mode = 5;
};
hardware =
{
cpus = [ "amd" ];
gpu = { type = "nvidia"; nvidia.dynamicBoost = true; };
legion = {};
};
hardware = { gpu = { type = "nvidia"; nvidia.dynamicBoost = true; }; legion = {}; };
services =
{
samba =
@@ -81,7 +79,6 @@ inputs:
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
)
// { "4006024680.com" = "192.168.199.1"; };
acme.cert."debug.mirism.one" = {};
nix-serve = {};
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd."/" = { hashTableSizeMB = 4 * 128; threads = 4; };
@@ -104,17 +101,17 @@ inputs:
};
};
ollama = {};
docker = {};
podman = {};
ananicy = {};
keyd = {};
lumericalLicenseManager.macAddress = "745d22c7d297";
searx = {};
kvm = {};
kvm.aarch64 = true;
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
nfs."/" = "192.168.84.0/24";
nfs."/" = [ "192.168.84.0/24" ];
};
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
packages = { android-studio = {}; mathematica = {}; vasp = {}; lammps = {}; };
user.users = [ "chn" "test" ];
packages = { mathematica = {}; vasp = {}; lammps = {}; };
};
boot.loader.grub =
{

2
devices/srv1/default.nix
View File

@@ -16,10 +16,8 @@ inputs:
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
};
hardware.cpus = [ "intel" ];
services =
{
sshd.passwordAuthentication = true;

1
devices/srv2/default.nix
View File

@@ -18,7 +18,6 @@ inputs:
{ mountPoint = "/nix/remote/pc"; hard = false; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs.cuda.capabilities =
[

2
devices/srv2/node0/default.nix
View File

@@ -5,7 +5,6 @@ inputs:
nixos =
{
model.cluster.nodeType = "master";
hardware.cpus = [ "intel" ];
system =
{
nixpkgs.march = "skylake";
@@ -16,6 +15,7 @@ inputs:
masquerade = [ "eno2" ];
trust = [ "eno2" ];
};
nix.remote.slave = {};
};
services =
{

1
devices/srv2/node1/default.nix
View File

@@ -4,7 +4,6 @@ inputs:
{
nixos =
{
hardware.cpus = [ "amd" ];
system =
{
nixpkgs.march = "znver3";

5
devices/srv3/README.md
View File

@@ -41,10 +41,9 @@
独立的 IPv6 免费,但暂不支持(技术上没有准备好,如果有人有需要我就去准备)。
* 只卖朋友和朋友的朋友(总之得有人保证别拿去做坏事)。
若此定价对您来说仍然难以接受,可以联系我,打五折或者免费。
* 此价格有效期三个月2025-05-17 至 2025-08-17
05-17 前免费08-17 后定价会视情况调整(例如将流量计入收费项目,内存部分相应降价),在那之前会公布新的定价。
* 此价格 2025 年 9 月 17 日前有效。之后大概率也不会调整,但保留调整的权利
* 预计收入无法覆盖成本。如果某个月的收入高于成本,承诺会将多出的部分捐出去。
* 非 kvm 虚拟机的服务(例如,只跑一个 docker 容器,只跑某一个服务)定价私聊,大致上是上方价格再加上我的工作成本(事少的免费,事多的就要实收了)。
* 非 kvm 虚拟机的服务(例如,只跑一个 podman 容器,只跑某一个服务)定价私聊,大致上是上方价格再加上我的工作成本(事少的免费,事多的就要实收了)。
* 配置随时可以调整。所以按照自己这个月够用的来就行,不需要为未来留余量。但每次调整都需要重启虚拟机。
* 母鸡价格 40 美元每月,配置在下方列出。
* 机房: LAX3 IPsrv3.chn.moe

14
devices/srv3/default.nix
View File

@@ -15,7 +15,6 @@ inputs:
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/dev/mapper/swap" ];
rollingRootfs = {};
};
nixpkgs.march = "haswell";
initrd.sshd = {};
@@ -31,7 +30,6 @@ inputs:
};
};
};
hardware.cpus = [ "intel" ];
services =
{
beesd."/" = { hashTableSizeMB = 128; threads = 4;};
@@ -68,8 +66,8 @@ inputs:
test =
{
owner = "chn";
memory.sizeMB = 512;
cpu.count = 1;
memory.sizeMB = 4096;
cpu.count = 4;
network =
{
address = 4;
@@ -92,18 +90,18 @@ inputs:
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden.enable = true;
vaultwarden = {};
photoprism.enable = true;
nextcloud = {};
freshrss = {};
send = {};
huginn = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
httpapi = {};
gitea = {};
grafana = {};
fail2ban = {};
xray.server = {};
docker = {};
podman = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
open-webui.ollamaHost = "192.168.83.3";

2
devices/test-pc-vm/default.nix
View File

@@ -13,12 +13,10 @@ inputs:
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
network = {};
};
hardware.cpus = [ "amd" ];
services.sshd = {};
};
};

2
devices/test-pc/default.nix
View File

@@ -13,12 +13,10 @@ inputs:
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
network = { dhcp = [ "nixvirt" ]; bridge.nixvirt.interfaces = [ "enp1s0" ]; };
};
hardware.cpus = [ "amd" ];
services =
{
sshd = {};

2
devices/test/default.nix
View File

@@ -13,12 +13,10 @@ inputs:
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "haswell";
network = {};
};
hardware.cpus = [ "intel" ];
services =
{
sshd = {};

1
devices/vps4/default.nix
View File

@@ -17,7 +17,6 @@ inputs:
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";

6
devices/vps4/secrets.yaml
View File

@@ -20,8 +20,6 @@ xray-server:
user9: ENC[AES256_GCM,data:HgSVrry+nKGW9X9N6h8hsI9VETKtSEi+/ZC9QvNZW4zETQxt,iv:ERgmCDPBpboA/+Sxeq6BvWoMxsv3Kkczqb/mbXz9pOk=,tag:bklzRg9toKy//6T8xdtbRw==,type:str]
#ENC[AES256_GCM,data:2sHxXec=,iv:aA61+cmDw4rHab7RuRRK3eUDx5d6gpmfw4RpQ6Nd0mc=,tag:H9kovJyn3Te3ir9X234VGA==,type:comment]
user10: ENC[AES256_GCM,data:CqrwaZp1fHd/WEGQH3xWI8DZ2/AavCqwTtwZeHmnrct5yoD3,iv:IBOHGQlw+uQt8Ryp/mCDcglfSPNXvvHOjNnrT+7nOHQ=,tag:tEkGEtPaOBK+P3LrQzOLsQ==,type:str]
#ENC[AES256_GCM,data:oB64XheVxA==,iv:Ci9apSqTHQ02IFhqVvlC3hO8yWRKELVtJE3H/CUgFyY=,tag:4uV2aYzzZAUW+OZf7QEVPg==,type:comment]
user11: ENC[AES256_GCM,data:pk9b5lFhuAfhKMcTUIdlx6eQHn+MJaPQEs6flmUhhHA2ygj/,iv:UGuPrxJPh+V7vSFjmgmBc9vhg7qye5SrNCFiiTcnDk0=,tag:D/B4PTafZe4r/W/dVWC2CA==,type:str]
#ENC[AES256_GCM,data:Rw4BWXZutQ==,iv:rXe2i1G/xQkpBl0wh6VIzaNoidCc3JL4sy6v5hcOF/M=,tag:2tZyH8B0ZL7XptKHk6TcAQ==,type:comment]
user12: ENC[AES256_GCM,data:CsbquwEn+iOKCzda8z26FYk2i5aPk2xzqGIYORiD4lotvnFE,iv:zHPmlT4LAc6NDjXrExze23dZZFIj0c1eR4WW74cu+qs=,tag:5MDFrZNgv54mK05ImSvpkw==,type:str]
#ENC[AES256_GCM,data:vqYkwGVcQ8yZbA==,iv:1ckVSiAgjuT/K0MuVHe8D2hHE7X2qxCHpb+y6nrFCsI=,tag:so9oFl6bXlJT2O+prplazw==,type:comment]
@@ -62,7 +60,7 @@ sops:
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-09T01:35:34Z"
mac: ENC[AES256_GCM,data:40uhvaJNu1ELo6xHYECEOTE0lVcrcMmZKJpLmE28D2pyXnl6UQza0j9O7944+Ii+VroSvm7juB86gR8/x6URabQF0l2HTiYtBvyPicxdobB209i5JSULiCUe1zlfz8WyQ4VnPAJ9SJny59ucMYxMh8RM4UPtXWLs5whcqt5ooSk=,iv:5odm078cRXnwTA233NV7edcYTfMmTLFLrGRhE/oi8SU=,tag:2t06LMMrRkmbAQbCad6URA==,type:str]
lastmodified: "2025-06-09T07:42:38Z"
mac: ENC[AES256_GCM,data:fQm8aI6KdoJVxcl4MQP7Q6EZVqmmLFo9A3Hjo/tKZA+VOYvQWFBxIKwy5Cj0SBi4pWsSjwG6pJZ7m6Wh/dDK4KlgkoaXgAYj+efHtScOH5Gkb0sTpAkHNL+/CJ/cO1doXiXRGj47fn1QB9o9WBaomtOWQbzDts4eFs9pdm8TAq4=,iv:91Ilig4j0ELHEatTY7ALKwwr8AzYnRwhKbdWDcufZF4=,tag:UfwaudQTNKu+uryCZjo3mw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

2
devices/vps6/default.nix
View File

@@ -17,7 +17,6 @@ inputs:
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
@@ -28,7 +27,6 @@ inputs:
{
sshd = {};
xray.server = {};
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =

8
devices/vps6/secrets.yaml
View File

@@ -1,5 +1,3 @@
frp:
token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
@@ -22,8 +20,6 @@ xray-server:
user9: ENC[AES256_GCM,data:+SA+VcZcy5ckuS/46Dn093VvuqxrIACuqMAMx6Ko5yw0DVdW,iv:TeLXb1WI7uhcPDkXYSlKIxdE6Kz+nCnlB+ZYpWcaF4I=,tag:YB0sPD9yHMARhiMJs7JKcA==,type:str]
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
user10: ENC[AES256_GCM,data:Pec0CVGia/ZIaq7WerZlr0/waJ/Ev1OKwt7V3PBxBSFMLi7p,iv:wYTdhv4Xoe58KBIwV1vk/V4IcdVzQrBgmzGaRD7qHQs=,tag:IZVt5LmjTUge8XntujJlTA==,type:str]
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
user11: ENC[AES256_GCM,data:IFIVzbnZCyn0j7AG0ClBT4byyZyVtRk1JqlWsojqPIVenek2,iv:ONdq1qIXG2kbAjuM/tHSPxce7oD/MHcBw1pBYm9DlEk=,tag:OuzeX0K+fSO7jWadb1uSRQ==,type:str]
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
user12: ENC[AES256_GCM,data:iTZViWyKkCU1y6mvB0NzkXf3I98U/+nCs21ZD6M285YKaU6q,iv:vFgA3sv/7ENcw3gyJLiiHLwroXtVJjAxZXViqjXF3mQ=,tag:u3b9Uu6TIPPYX0TW5X5Sjg==,type:str]
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
@@ -68,7 +64,7 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-09T01:33:33Z"
mac: ENC[AES256_GCM,data:sRZaOvmwZqoxNFKrWtY19t4As7CEu1kXNR1XWO1uo28KEWQJ2n9HLRsdinjG70j/bFyTkXXiBz6Vlhx2RkdhHURKxe/UKuv/5szuGV/aE0NUGu+jYIaSbbIZpv1FkuUYuRFbuaSJnejEyQYW9ahaJYAJgXutqMY/e4xgUJ7Ooeo=,iv:PvAvKe/23u+aPP2moiNrkEqi0CgP9VCwfzcKC8S8Z1w=,tag:YburNo3mniyi4jyUjMF8DQ==,type:str]
lastmodified: "2025-06-12T23:51:02Z"
mac: ENC[AES256_GCM,data:3QxWxinb3a7jvmHJO1kcePNwd/igurjFWVJw/sGKBuZpo47LU+W8132b9GpKs79AedDa5BM5yu0XN+CPrkviMcNuX5a3lLy8oI22a1N8fuKjEehld1Jq/boitGIsgJgb/M0Hn6yIq1ytuWuxoj2cOvmkEfNuyWRew+htI4DhJ/E=,iv:OyCWfcn218oaA970T9miIWIGSwOFeUbtWI0xO/02Hrw=,tag:c8riJplInFN1ZSPH3ze0QQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

21
devices/xmuhk/README.md Normal file
View File

@@ -0,0 +1,21 @@
# install nix
1. download [nix-portable](https://github.com/DavHau/nix-portable),
move the executable file to `$PATH`, rename it to `nix-portable` and make it executable.
2. create several symlinks (including `nix` `nix-store` etc.) to it.
3. create file `~/.config/nix/nix.conf` with the following content: `ignored-acls = lustre.lov`
4. run `nix --version`, wait for it to initialize and print the version.
# install or update packages
1. run `nix build github:CHN-beta/nixos#xmuhk` elsewhere (on NixOS is better, to avoid impure from FHS envs)
2. `nix-store --export $(nix-store -qR ./result) | xz -T0 | pv > xmuhk.nar.xz`
3. copy `xmuhk.nar.xz` to hpc, import it with `cat xmuhk.nar.xz | nix-store --import`
4. create gcroot symlink: `ln -s /nix/store/xxxx-xmuhk ~/.nix-portable/nix/var/nix/gcroots/current`
5. optionally `nix gc`
6. create `nix-exec` in `$PATH` with the following content, make it executable:
```sh
#!/usr/bin/env sh
nix shell ~/.nix-portable/nix/var/nix/gcroots/current -c "$(basename "$0")" "$@"
```
7. make symlinks to `nix-exec` for needed commands, e.g. `ln -s singularity nix-exec`

71
devices/xmuhk/default.nix Normal file
View File

@@ -0,0 +1,71 @@
# sudo nix build --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' .#xmuhk
# sudo nix-store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' -qR ./result | sudo xargs nix-store --store --store 'local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log' --export > data.nar
# cat data.nar | nix-store --import
{ inputs, localLib }:
let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = "/public/home/xmuhk/.nix"; };
});
# go = pkgs.go.overrideAttrs (prev:
# {
# buildInputs = builtins.filter (x: x != pkgs.glibc.static) prev.buildInputs;
# });
# buildGoModule = pkgs.buildGoModule.override { inherit go; };
# singularity = (pkgs.singularity.override { inherit buildGoModule; }).overrideAttrs (prev:
# {
# configureFlags = builtins.filter (x: x != "--without-libsubid") prev.configureFlags;
# buildInputs = prev.buildInputs ++ [ pkgs.shadow ];
# # env.CGO_ENABLED = "1";
# # autoPatchelfFlags = [ "--keep-libc" ];
# });
singularity = pkgs.singularity.overrideAttrs (prev:
{
configureFlags = builtins.filter (x: x != "--without-libsubid") prev.configureFlags;
buildInputs = prev.buildInputs ++ [ pkgs.shadow ];
# env.CGO_ENABLED = "1";
# autoPatchelfFlags = [ "--keep-libc" ];
});
lumericalLicenseManager =
let
ip = "${pkgs.iproute2}/bin/ip";
awk = "${pkgs.gawk}/bin/awk";
sed = "${pkgs.gnused}/bin/sed";
chmod = "${pkgs.coreutils}/bin/chmod";
sing = "${singularity}/bin/singularity";
in pkgs.writeShellScriptBin "lumericalLicenseManager"
''
echo "Cleaning up..."
rm -rf /tmp/lumerical
mkdir -p /tmp/lumerical
echo 'Searching for en* interface...'
iface=$(${ip} -o link show | ${awk} -F': ' '/^[0-9]+: en/ {print $2; exit}')
if [ -n "$iface" ]; then
echo "Found interface: $iface"
echo 'Extracting MAC address...'
mac=$(${ip} link show "$iface" | ${awk} '/link\/ether/ {print $2}' | ${sed} 's/://g')
echo "Extracted MAC address: $mac"
else
echo "No interface starting with 'en' found." >&2
exit 1
fi
echo 'Creating license file...'
cp ${inputs.self.src.lumerical.licenseManager.sifImageFile} /tmp/lumerical/license.txt
${chmod} +w /tmp/lumerical/license.txt
${sed} -i "s|xxxxxxxxxxxxx|$mac|" /tmp/lumerical/license.txt
${sed} -i 's|2022.1231|2035.1231|g' /tmp/lumerical/license.txt
echo "Starting license manager..."
${sing} run --pwd /home/ansys_inc/shared_files/licensing --writable-tmpfs \
${inputs.self.src.lumerical.licenseManager.sifImageFile}
'';
in pkgs.symlinkJoin
{
name = "xmuhk";
paths = (with pkgs; [ hello ]) ++ [ lumericalLicenseManager ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs singularity; };
}

1
devices/xmuhk/files/.config/nix/nix.conf Normal file
View File

@@ -0,0 +1 @@
store = local?store=/public/home/xmuhk/.nix/store&state=/public/home/xmuhk/.nix/state&log=/public/home/xmuhk/.nix/log

6
flake.lock generated
View File

@@ -615,11 +615,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1746921044,
"narHash": "sha256-R4hz/Wl2QZDbgj09u9tDdQKY8SS9JIm0F2wc9LKOjD0=",
"lastModified": 1750554037,
"narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "5d04a9f5d569ed7632ee926021d6ab35729fd8d4",
"rev": "f6b1f449aa69592d8f9bce2d4141766b667294ac",
"type": "github"
},
"original": {

3
flake.nix
View File

@@ -3,7 +3,6 @@
inputs =
{
self.lfs = true;
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
@@ -60,7 +59,7 @@
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in
{
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };

2
flake/dns/config/chn.moe.nix
View File

@@ -8,7 +8,7 @@ let
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"blog" "catalog" "coturn" "element" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"ua" "xserver2" "xserver2.vps6" ""
];
"xlog.autoroute" = [ "xlog" ];

1
modules/system/nixpkgs/buildNixpkgsConfig.nix → flake/lib/buildNixpkgsConfig/default.nix
View File

@@ -57,6 +57,7 @@ in platformConfig //
};
libvirt = (prev.libvirt.override { iptables = final.nftables; }).overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
podman = prev.podman.override { iptables = final.nftables; };
root = (prev.root.override { stdenv = final.gcc13Stdenv; }).overrideAttrs (prev:
{
patches = prev.patches or [] ++ [ ./root.patch ];

0
modules/system/nixpkgs/libvirt.patch → flake/lib/buildNixpkgsConfig/libvirt.patch
View File

0
modules/system/nixpkgs/root.patch → flake/lib/buildNixpkgsConfig/root.patch
View File

0
modules/system/nixpkgs/telegram.patch → flake/lib/buildNixpkgsConfig/telegram.patch
View File

2
flake/lib.nix → flake/lib/default.nix
View File

@@ -86,4 +86,6 @@ lib: rec
if (builtins.typeOf pattern) != "list" then throw "pattern should be a list"
else if pattern == [] then origin
else deepReplace (builtins.tail pattern) (replace ((builtins.head pattern) // { content = origin; }));
buildNixpkgsConfig = import ./buildNixpkgsConfig;
}

3
flake/packages.nix
View File

@@ -29,7 +29,8 @@
gfortran = pkgs.pkgsStatic.gfortran;
lapack = pkgs.pkgsStatic.openblas;
};
jykang = import ../devices/jykang.xmuhpc inputs;
jykang = import ../devices/jykang.xmuhpc { inherit inputs localLib; };
xmuhk = import ../devices/xmuhk { inherit inputs localLib; };
src =
let getDrv = x:
if pkgs.lib.isDerivation x then [ x ]

46
flake/src.nix
View File

@@ -64,6 +64,52 @@
finalImageTag = "latest";
};
misskey = {};
lumerical =
{
lumerical = pkgs.requireFile
{
name = "lumerical.zip";
sha256 = "03nfacykfzal29jdmygrgkl0fqsc3yqp4ig86h1h9sirci87k94c";
hashMode = "recursive";
message = "Source not found.";
};
licenseManager =
{
crack = pkgs.requireFile
{
name = "crack";
sha256 = "1a1k3nlaidi0kk2xxamb4pm46iiz6k3sxynhd65y8riylrkck3md";
hashMode = "recursive";
message = "Source file not found.";
};
src = pkgs.requireFile
{
name = "src";
sha256 = "1h93r0bb37279dzghi3k2axf0b8g0mgacw0lcww5j3sx0sqjbg4l";
hashMode = "recursive";
message = "Source file not found.";
};
image = "7bb3a43bd1ad6103a57f700b13d11d486b6ea117838201e4a29d79b33ac72e3a";
imageFile = pkgs.requireFile
{
name = "lumericalLicenseManager.tar";
sha256 = "ftEZADv8Mgo5coNKs+gxPZPl/YTV3FMMgrF3wUIBEiQ=";
message = "Source not found.";
};
license = pkgs.requireFile
{
name = "license";
sha256 = "07rwin14py6pl1brka7krz7k2g9x41h7ks7dmp1lxdassan86484";
message = "Source file not found.";
};
sifImageFile = pkgs.requireFile
{
name = "lumericalLicenseManager.sif";
sha256 = "i0HGLiRWoKuQYYx44GBkDBbyUvFLbfFShi/hx7KBSuU=";
message = "Source file not found.";
};
};
};
vesta =
{
version = "3.90.5a";

29
modules/hardware/cpu.nix Normal file
View File

@@ -0,0 +1,29 @@
inputs:
{
options.nixos.hardware.cpu = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.enum [ "intel" "amd" ];
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
if march == null then null
else if inputs.lib.hasPrefix "znver" march then "amd"
else if (inputs.lib.hasSuffix "lake" march)
|| (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ])
then "intel"
else null;
};
config = let inherit (inputs.config.nixos.hardware) cpu; in inputs.lib.mkIf (cpu != null) (inputs.lib.mkMerge
[
(inputs.lib.mkIf (cpu == "intel")
{
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules =
[ "intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp" ];
})
(inputs.lib.mkIf (cpu == "amd")
{
hardware.cpu.amd = { updateMicrocode = true; ryzen-smu.enable = true; };
environment.systemPackages = with inputs.pkgs; [ zenmonitor ];
programs.ryzen-monitor-ng.enable = true;
})
]);
}

26
modules/hardware/cpus.nix
View File

@@ -1,26 +0,0 @@
inputs:
{
options.nixos.hardware.cpus = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.listOf (types.enum [ "intel" "amd" ]); default = []; };
config = let inherit (inputs.config.nixos.hardware) cpus; in inputs.lib.mkIf (cpus != [])
{
hardware.cpu = builtins.listToAttrs
(builtins.map (name: { inherit name; value = { updateMicrocode = true; }; }) cpus);
boot =
{
initrd.availableKernelModules =
let modules =
{
intel =
[
"intel_cstate" "aesni_intel" "intel_cstate" "intel_uncore" "intel_uncore_frequency" "intel_powerclamp"
];
amd = [];
};
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) cpus);
};
environment.systemPackages =
let packages = with inputs.pkgs; { intel = []; amd = [ zenmonitor ]; };
in builtins.concatLists (builtins.map (cpu: packages.${cpu}) cpus);
};
}

9
modules/packages/android-studio.nix
View File

@@ -1,9 +0,0 @@
inputs:
{
options.nixos.packages.android-studio = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) android-studio; in inputs.lib.mkIf (android-studio != null)
{
nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ];
};
}

11
modules/packages/desktop.nix
View File

@@ -30,7 +30,7 @@ inputs:
obs-studio (inkscape-with-extensions.override { inkscapeExtensions = null; }) kdePackages.kcolorchooser
kdePackages.kdenlive
# development
adb-sync scrcpy dbeaver-bin aircrack-ng fprettify
adb-sync scrcpy dbeaver-bin aircrack-ng fprettify waveterm
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden hashcat
kdePackages.kleopatra
@@ -50,7 +50,7 @@ inputs:
google-chrome tor-browser
# office
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain activitywatch
ydict pspp libreoffice-qt6-fresh ocrmypdf typst
ydict pspp libreoffice-qt6-fresh ocrmypdf typst kdePackages.kruler
# required by ltex-plus.vscode-ltex-plus
ltex-ls ltex-ls-plus
# matplot++ needs old gnuplot
@@ -73,7 +73,7 @@ inputs:
[{
config.programs =
{
plasma =
plasma = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
{
enable = true;
configFile =
@@ -119,8 +119,9 @@ inputs:
adb.enable = true;
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
yubikey-touch-detector.enable = true;
kdeconnect.enable = true;
kde-pim = { enable = true; kmail = true; };
kdeconnect.enable = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde") true;
kde-pim = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
{ enable = true; kmail = true; };
};
services.pcscd.enable = true;
};

11
modules/packages/firefox.nix
View File

@@ -24,7 +24,11 @@ inputs:
{
enable = true;
nativeMessagingHosts = with inputs.pkgs;
[ kdePackages.plasma-browser-integration uget-integrator ];
(
[ uget-integrator ]
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
[ kdePackages.plasma-browser-integration ])
);
# TODO: use fixed-version of plugins
policies.DefaultDownloadDirectory = "\${home}/Downloads";
profiles.default =
@@ -33,8 +37,9 @@ inputs:
[
tampermonkey bitwarden cookies-txt dualsub firefox-color i-dont-care-about-cookies
metamask pakkujs rsshub-radar rsspreview tabliss tree-style-tab ublock-origin
wappalyzer grammarly plasma-integration zotero-connector smartproxy kiss-translator
];
wappalyzer grammarly zotero-connector smartproxy kiss-translator
] ++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
[ plasma-integration ]);
search = { default = "google"; force = true; };
userChrome = builtins.readFile "${inputs.topInputs.lepton}/userChrome.css";
userContent = builtins.readFile "${inputs.topInputs.lepton}/userContent.css";

6
modules/packages/minimal.nix
View File

@@ -34,14 +34,16 @@ inputs:
# nix tools
nix-output-monitor nix-tree ssh-to-age nix-inspect
# development
gdb try inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix rr hexo-cli gh nix-init hugo
gdb try rr hexo-cli gh nix-init hugo
(octodns.withProviders (_: with octodns-providers; [ cloudflare ]))
# stupid things
toilet lolcat localPackages.stickerpicker graph-easy
# office
pdfgrep ffmpeg-full hdf5
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")
[ inputs.topInputs.plasma-manager.packages.${inputs.pkgs.system}.rc2nix ]);
};
programs =
{

7
modules/packages/vscode.nix
View File

@@ -72,9 +72,12 @@ inputs:
ltex-plus.vscode-ltex-plus
]
# jupyter
# TODO: use last release
# TODO: pick all extensions from nixpkgs or nix-vscode-extensions, explicitly
++ (with vscode-extensions.ms-toolsai;
[ jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow ]);
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
datawrangler
]);
extraFlags = builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags;
}
)];

2
modules/services/acme.nix
View File

@@ -48,7 +48,7 @@ inputs:
CLOUDFLARE_DNS_API_TOKEN=${inputs.config.sops.placeholder."acme/token"}
CLOUDFLARE_PROPAGATION_TIMEOUT=300
'';
secrets."acme/token".sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml";
secrets."acme/token".sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/acme.yaml";
};
};
}

31
modules/services/docker.nix
View File

@@ -1,31 +0,0 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) docker; in inputs.lib.mkIf (docker != null)
{
virtualisation.docker =
{
enable = true;
# prevent create btrfs subvol
storageDriver = "overlay2";
daemon.settings.dns = [ "1.1.1.1" ];
rootless =
{
enable = true;
setSocketVariable = true;
daemon.settings =
{
features.buildkit = true;
# dns 127.0.0.1 make docker not work
dns = [ "1.1.1.1" ];
# prevent create btrfs subvol
storage-driver = "overlay2";
live-restore = true;
};
};
};
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;
networking.firewall.trustedInterfaces = [ "docker0" ];
};
}

203
modules/services/frp.nix
View File

@@ -1,203 +0,0 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
frpClient =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
user = mkOption { type = types.nonEmptyStr; };
tcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
};
}));
default = {};
};
stcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
};
}));
default = {};
};
stcpVisitor = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
};
}));
default = {};
};
};
frpServer =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.lib.strings) splitString;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) frpClient frpServer;
inherit (builtins) map listToAttrs;
in mkMerge
[
(
mkIf frpClient.enable
{
systemd.services.frpc =
let
frpc = "${inputs.pkgs.frp}/bin/frpc";
config = inputs.config.sops.templates."frpc.json";
in
{
description = "Frp Client Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "always";
RestartSec = "5s";
ExecStart = "${frpc} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frpc.json" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = builtins.toJSON
{
auth.token = inputs.config.sops.placeholder."frp/token";
user = frpClient.user;
serverAddr = frpClient.serverName;
serverPort = 7000;
proxies =
(map
(tcp:
{
name = tcp.name;
type = "tcp";
transport.useCompression = true;
inherit (tcp.value) localIp localPort remotePort;
})
(attrsToList frpClient.tcp))
++ (map
(stcp:
{
name = stcp.name;
type = "stcp";
transport.useCompression = true;
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
allowUsers = [ "*" ];
inherit (stcp.value) localIp localPort;
})
(attrsToList frpClient.stcp));
visitors = map
(stcp:
{
name = stcp.name;
type = "stcp";
transport.useCompression = true;
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
serverUser = builtins.elemAt (splitString "." stcp.name) 0;
serverName = builtins.elemAt (splitString "." stcp.name) 1;
bindAddr = stcp.value.localIp;
bindPort = stcp.value.localPort;
})
(attrsToList frpClient.stcpVisitor);
};
};
secrets = listToAttrs
(
[{ name = "frp/token"; value = {}; }]
++ (map
(stcp: { name = "frp/stcp/${stcp.name}"; value = {}; })
(attrsToList (with frpClient; stcp // stcpVisitor)))
);
};
users =
{
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.user.gid.frp;
};
}
)
(
mkIf frpServer.enable
{
systemd.services.frps =
let
frps = "${inputs.pkgs.frp}/bin/frps";
config = inputs.config.sops.templates."frps.json";
in
{
description = "Frp Server Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${frps} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frps.json" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = builtins.toJSON
{
auth.token = inputs.config.sops.placeholder."frp/token";
transport.tls = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
{
force = true;
certFile = "${cert}/full.pem";
keyFile = "${cert}/key.pem";
serverName = frpServer.serverName;
};
};
};
secrets."frp/token" = {};
};
nixos.services.acme.cert.${frpServer.serverName}.group = "frp";
users =
{
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
groups.frp.gid = inputs.config.nixos.user.gid.frp;
};
networking.firewall.allowedTCPPorts = [ 7000 ];
}
)
];
}

21
modules/services/gitea.nix
View File

@@ -1,20 +1,19 @@
inputs:
{
options.nixos.services.gitea = let inherit (inputs.lib) mkOption types; in
options.nixos.services.gitea = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.str; default = "git.chn.moe"; };
ssh = mkOption
type = types.nullOr (types.submodule { options =
{
type = types.nullOr (types.submodule { options =
hostname = mkOption { type = types.str; default = "git.chn.moe"; };
ssh =
{
hostname = mkOption { type = types.str; default = "ssh.${inputs.config.nixos.services.gitea.hostname}"; };
port = mkOption { type = types.nullOr types.ints.unsigned; default = null; };
};});
default = null;
};
};
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) gitea; in inputs.lib.mkIf gitea.enable
config = let inherit (inputs.config.nixos.services) gitea; in inputs.lib.mkIf (gitea != null)
{
services.gitea =
{
@@ -31,8 +30,8 @@ inputs:
ROOT_URL = "https://${gitea.hostname}";
DOMAIN = gitea.hostname;
HTTP_PORT = 3002;
SSH_DOMAIN = inputs.lib.mkIf (gitea.ssh != null) gitea.ssh.hostname;
SSH_PORT = inputs.lib.mkIf ((gitea.ssh.port or null) != null) gitea.ssh.port;
SSH_DOMAIN = gitea.ssh.hostname;
SSH_PORT = inputs.lib.mkIf (gitea.ssh.port != null) gitea.ssh.port;
};
mailer =
{

72
modules/services/httpapi.nix
View File

@@ -1,47 +1,45 @@
inputs:
{
options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) httpapi;
inherit (inputs.lib) mkIf;
inherit (builtins) toString map;
in mkIf httpapi.enable
type = types.nullOr (types.submodule { options =
{
nixos.services =
hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) httpapi; in inputs.lib.mkIf (httpapi != null)
{
nixos.services =
{
phpfpm.instances.httpapi = {};
nginx.https.${httpapi.hostname}.location =
{
phpfpm.instances.httpapi = {};
nginx.https.${httpapi.hostname}.location =
"/files".static.root = "/srv/api";
"/led".static = { root = "/srv/api"; detectAuth.users = [ "led" ]; };
"/notify.php".php =
{
"/files".static.root = "/srv/api";
"/led".static = { root = "/srv/api"; detectAuth.users = [ "led" ]; };
"/notify.php".php =
{
root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
};
root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
};
};
sops =
{
templates."httpapi/notify.php" =
{
owner = inputs.config.users.users.httpapi.name;
group = inputs.config.users.users.httpapi.group;
content =
let
placeholder = inputs.config.sops.placeholder;
request = "https://api.telegram.org/bot${placeholder."telegram/token"}"
+ "/sendMessage?chat_id=${placeholder."telegram/user/chn"}&text=";
in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
};
secrets = let sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml"; in
{ "telegram/token" = { inherit sopsFile; }; "telegram/user/chn" = { inherit sopsFile; }; };
};
systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
};
sops =
{
templates."httpapi/notify.php" =
{
owner = inputs.config.users.users.httpapi.name;
group = inputs.config.users.users.httpapi.group;
content =
let
placeholder = inputs.config.sops.placeholder;
request = "https://api.telegram.org/bot${placeholder."telegram/token"}"
+ "/sendMessage?chat_id=${placeholder."telegram/user/chn"}&text=";
in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
};
secrets = let sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/default.yaml"; in
{ "telegram/token" = { inherit sopsFile; }; "telegram/user/chn" = { inherit sopsFile; }; };
};
systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
};
}

5
modules/services/huginn.nix
View File

@@ -15,14 +15,13 @@ inputs:
image = "ghcr.io/huginn/huginn:latest";
imageFile = inputs.topInputs.self.src.huginn;
ports = [ "127.0.0.1:3000:3000/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."huginn/env".path ];
};
sops =
{
templates."huginn/env".content = let placeholder = inputs.config.sops.placeholder; in
''
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
MYSQL_PORT_3306_TCP_ADDR=host.containers.internal
HUGINN_DATABASE_NAME=huginn
HUGINN_DATABASE_USERNAME=huginn
HUGINN_DATABASE_PASSWORD=${placeholder."mariadb/huginn"}
@@ -51,7 +50,7 @@ inputs:
https.${huginn.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
};
mariadb.instances.huginn = {};
docker = {};
podman = {};
};
};
};

100
modules/services/kvm.nix
View File

@@ -5,21 +5,17 @@ inputs:
type = types.nullOr (types.submodule { options =
{
nodatacow = mkOption { type = types.bool; default = false; };
autoSuspend = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
aarch64 = mkOption { type = types.bool; default = false; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) kvm; in inputs.lib.mkIf (kvm != null)
{
nix.settings.system-features = [ "kvm" ];
boot =
boot = let inherit (inputs.config.nixos.hardware) cpu; in
{
kernelModules =
let modules = { intel = [ "kvm-intel" ]; amd = []; };
in builtins.concatLists (builtins.map (cpu: modules.${cpu}) inputs.config.nixos.hardware.cpus);
extraModprobeConfig =
let configs = { intel = "options kvm_intel nested=1"; amd = ""; };
in builtins.concatStringsSep "\n" (builtins.map (cpu: configs.${cpu}) inputs.config.nixos.hardware.cpus);
kernelModules = { intel = [ "kvm-intel" ]; amd = []; }.${cpu};
extraModprobeConfig = { intel = "options kvm_intel nested=1"; amd = ""; }.${cpu};
};
virtualisation =
{
@@ -33,7 +29,8 @@ inputs:
parallelShutdown = 4;
qemu =
{
ovmf.packages = with inputs.pkgs; [ OVMF.fd pkgsCross.aarch64-multiplatform.OVMF.fd ];
ovmf.packages = with inputs.pkgs;
([ OVMF.fd ] ++ inputs.lib.optionals kvm.aarch64 [ pkgsCross.aarch64-multiplatform.OVMF.fd ]);
swtpm.enable = true;
};
};
@@ -43,82 +40,17 @@ inputs:
{
persistence."/nix/nodatacow".directories = inputs.lib.mkIf kvm.nodatacow
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }];
systemPackages = with inputs.pkgs; [ qemu_full win-spice guestfs-tools virt-manager virt-viewer ];
systemPackages = with inputs.pkgs;
[ win-spice guestfs-tools virt-manager virt-viewer inputs.config.virtualisation.libvirtd.qemu.package ];
};
systemd =
{
services =
let
virsh = "${inputs.pkgs.libvirt}/bin/virsh";
hibernate = inputs.pkgs.writeShellScript "libvirt-hibernate"
''
if [ "$(LANG=C ${virsh} domstate $1)" = 'running' ]
then
if ${virsh} dompmsuspend "$1" disk
then
echo "Waiting for $1 to suspend"
while ! [ "$(LANG=C ${virsh} domstate $1)" = 'shut off' ]
do
sleep 1
done
echo "$1 suspended"
touch "/tmp/libvirt.$1.suspended"
else
echo "Failed to suspend $1"
fi
fi
'';
resume = inputs.pkgs.writeShellScript "libvirt-resume"
''
if [ "$(LANG=C ${virsh} domstate $1)" = 'shut off' ] && [ -f "/tmp/libvirt.$1.suspended" ]
then
if ${virsh} start "$1"
then
echo "Waiting for $1 to resume"
while ! [ "$(LANG=C ${virsh} domstate $1)" = 'running' ]
do
sleep 1
done
echo "$1 resumed"
rm "/tmp/libvirt.$1.suspended"
else
echo "Failed to resume $1"
fi
fi
'';
makeHibernate = machine:
{
name = "libvirt-hibernate-${machine}";
value =
{
description = "libvirt hibernate ${machine}";
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
before = [ "systemd-hibernate.service" "systemd-suspend.service" ];
serviceConfig = { Type = "oneshot"; ExecStart = "${hibernate} ${machine}"; };
};
};
makeResume = machine:
{
name = "libvirt-resume-${machine}";
value =
{
description = "libvirt resume ${machine}";
wantedBy = [ "systemd-hibernate.service" "systemd-suspend.service" ];
after = [ "systemd-hibernate.service" "systemd-suspend.service" ];
serviceConfig = { Type = "oneshot"; ExecStart = "${resume} ${machine}"; };
};
};
makeServices = serviceFunction: builtins.map serviceFunction kvm.autoSuspend;
in builtins.listToAttrs (makeServices makeHibernate ++ makeServices makeResume);
mounts =
[{
what = "${inputs.topInputs.nixvirt.lib.guest-install.virtio-win.iso}";
where = "/var/lib/libvirt/images/virtio-win.iso";
options = "bind";
wantedBy = [ "local-fs.target" ];
}];
};
# workaround a libvirt bug
systemd.mounts =
[{
what = "${inputs.topInputs.nixvirt.lib.guest-install.virtio-win.iso}";
where = "/var/lib/libvirt/images/virtio-win.iso";
options = "bind";
wantedBy = [ "local-fs.target" ];
}];
# libvirt does not setup "allow udp {53, 67}" by default
# https://github.com/NixOS/nixpkgs/issues/263359#issuecomment-1987267279
networking.firewall.interfaces."virbr*".allowedUDPPorts = [ 53 67 ];
hardware.ksm.enable = true;

26
modules/services/lumericalLicenseManager/Dockerfile Normal file
View File

@@ -0,0 +1,26 @@
# 大概这样做:
# cp -r ~/repo/stuff/44/Lumerical_Suite_2023_R1_CentOS/{LicenseManager,Crack,License} .
# podman build .
# podman image save --format oci-archive 6803f9562b941c23db81a2eae5914561f96fa748536199a010fe6f24922b2878 -o image.tar
# singularity build image.sif oci-archive://image.tar
# nix store add-file ./image.tar --name lumericalLicenseManager.tar
# nix hash file /nix/store/v626n153vdr8sib52623gx1ych8zfsa6-lumericalLicenseManager.tar
# nix store add-file ./image.sif --name lumericalLicenseManager.sif
# nix hash file /nix/store/wr4i09smarzwyn1g2jhxlpkxghcwa01l-lumericalLicenseManager.sif
FROM centos:7
USER root
COPY ./LicenseManager /tmp/LicenseManager
RUN chmod +x /tmp/LicenseManager/INSTALL && \
/tmp/LicenseManager/INSTALL -silent -install_dir /home/ansys_inc -lm && \
rm -rf /tmp/LicenseManager
COPY ./Crack/ansys_inc/ /home/ansys_inc
# RUN sed -i "s|127.0.0.1|0.0.0.0|g" /home/ansys_inc/shared_files/licensing/tools/tomcat/conf/server.xml
RUN chmod -R 777 /home/ansys_inc
RUN ln -s ld-linux-x86-64.so.2 /lib64/ld-lsb-x86-64.so.3
COPY ./License/license.txt /home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
WORKDIR /home/ansys_inc/shared_files/licensing
CMD ["/bin/sh", "-c", "(./start_ansysli &); (./start_lmcenter &); tail -f /dev/null"]

25
modules/services/lumericalLicenseManager/default.nix Normal file
View File

@@ -0,0 +1,25 @@
inputs:
{
options.nixos.services.lumericalLicenseManager = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
macAddress = mkOption { type = types.str; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) lumericalLicenseManager;
in inputs.lib.mkIf (lumericalLicenseManager != null)
{
virtualisation.oci-containers.containers.lumericalLicenseManager =
{
inherit (inputs.topInputs.self.src.lumerical.licenseManager) image imageFile;
extraOptions = [ "--network=host" ];
volumes =
let license = inputs.pkgs.localPackages.lumerical.license.override
{ inherit (lumericalLicenseManager) macAddress; };
in [ "${license}:/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic" ];
};
nixos.services.podman = {};
};
}

18
modules/services/nfs.nix
View File

@@ -1,20 +1,16 @@
inputs:
{
options.nixos.services.nfs = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.attrsOf types.nonEmptyStr; default = {}; }; # export = accessLimit
{ type = types.attrsOf (types.nonEmptyListOf types.nonEmptyStr); default = {}; }; # export = accessLimit
config = let inherit (inputs.config.nixos.services) nfs; in inputs.lib.mkIf (nfs != {})
{
services =
services.nfs.server =
{
rpcbind.enable = true;
nfs.server =
{
enable = true;
exports = builtins.concatStringsSep "\n" (builtins.map
(export: "${export.name} ${export.value}(rw,no_root_squash,sync,crossmnt)")
(inputs.localLib.attrsToList nfs));
};
enable = true;
exports =
let clientString = clients: builtins.concatStringsSep " " (builtins.map
(client: "${client}(rw,no_root_squash,sync,crossmnt)") clients);
in inputs.lib.concatLines (inputs.lib.mapAttrsToList (n: v: "${n} ${clientString v}") nfs);
};
networking.firewall.allowedTCPPorts = [ 2049 ];
};
}

26
modules/services/podman.nix Normal file
View File

@@ -0,0 +1,26 @@
inputs:
{
options.nixos.services.podman = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) podman; in inputs.lib.mkIf (podman != null)
{
virtualisation =
{
containers =
{
enable = true;
containersConf.settings.network.firewall_driver = "nftables";
};
podman =
{
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;
networking.firewall.trustedInterfaces = [ "podman0" ];
};
}

1
modules/services/rsshub.nix
View File

@@ -15,7 +15,6 @@ inputs:
image = "rsshub:latest";
imageFile = inputs.topInputs.self.src.rsshub;
ports = [ "127.0.0.1:5221:5221/tcp" ];
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles = [ inputs.config.sops.templates."rsshub/env".path ];
};
sops =

131
modules/services/vaultwarden.nix
View File

@@ -1,93 +1,56 @@
inputs:
{
options.nixos.services.vaultwarden = let inherit (inputs.lib) mkOption types; in
options.nixos.services.vaultwarden = let inherit (inputs.lib) mkOption types; in mkOption
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) vaultwarden;
inherit (builtins) listToAttrs toString;
inherit (inputs.lib) mkIf;
in mkIf vaultwarden.enable
type = types.nullOr (types.submodule { options =
{
services.vaultwarden =
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services) vaultwarden; in inputs.lib.mkIf (vaultwarden != null)
{
services.vaultwarden =
{
enable = true;
dbBackend = "postgresql";
config =
{
WEB_VAULT_ENABLED = true;
SIGNUPS_VERIFY = true;
DOMAIN = "https://${vaultwarden.hostname}";
SMTP_HOST = "mail.chn.moe";
SMTP_FROM = "bot@chn.moe";
SMTP_FROM_NAME = "vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "bot@chn.moe";
};
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
};
sops =
{
templates."vaultwarden.env" = let placeholder = inputs.config.sops.placeholder; in
{
owner = "vaultwarden";
group = "vaultwarden";
content =
''
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
SMTP_PASSWORD=${placeholder."mail/bot"}
'';
};
secrets = { "vaultwarden/admin_token" = {}; "mail/bot" = {}; };
};
systemd.services.vaultwarden.after = [ "postgresql.service" ];
nixos.services =
{
postgresql.instances.vaultwarden = {};
nginx =
{
enable = true;
dbBackend = "postgresql";
config =
{
DATA_FOLDER = "/var/lib/vaultwarden";
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
ROCKET_PORT = vaultwarden.port;
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
SIGNUPS_VERIFY = true;
DOMAIN = "https://${vaultwarden.hostname}";
SMTP_HOST = "mail.chn.moe";
SMTP_FROM = "bot@chn.moe";
SMTP_FROM_NAME = "vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "bot@chn.moe";
};
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
};
sops =
{
templates."vaultwarden.env" =
let
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
placeholder = inputs.config.sops.placeholder;
in
{
owner = serviceConfig.User;
group = serviceConfig.Group;
content =
''
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
SMTP_PASSWORD=${placeholder."mail/bot"}
'';
};
secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "vaultwarden/admin_token" "mail/bot" ]);
};
systemd.services.vaultwarden = { enable = vaultwarden.autoStart; after = [ "postgresql.service" ]; };
nixos.services =
{
postgresql.instances.vaultwarden = {};
nginx =
{
enable = true;
https.${vaultwarden.hostname} =
{
location = listToAttrs
(
(map
(location:
{
name = location;
value.proxy =
{
upstream = "http://127.0.0.1:${toString vaultwarden.port}";
setHeaders = { Host = vaultwarden.hostname; Connection = ""; };
};
})
[ "/" "/notifications/hub/negotiate" ])
++ (map
(location:
{
name = location;
value.proxy =
{ upstream = "http://127.0.0.1:${toString vaultwarden.websocketPort}"; websocket = true; };
})
[ "/notifications/hub" ])
);
};
};
https.${vaultwarden.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:8222"; websocket = true; };
};
};
};
}

43
modules/services/xray.nix
View File

@@ -18,11 +18,7 @@ inputs:
};
dnsmasq =
{
extraInterfaces = mkOption
{
type = types.listOf types.nonEmptyStr;
default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0";
};
extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
v2ray-forwarder.noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
@@ -52,7 +48,13 @@ inputs:
{
services =
{
xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; };
xray =
{
enable = true;
# there is a bug in xray 25.05
package = inputs.pkgs.pkgs-2411.xray;
settingsFile = inputs.config.sops.templates."xray-client.json".path;
};
dnsmasq =
{
enable = true;
@@ -280,14 +282,15 @@ inputs:
fib daddr type local ct state new counter ct mark set ct mark | 1 return
ct mark & 1 == 1 counter return
ip saddr @noproxy_src_net return
ip daddr @noproxy_net return
ip saddr != 172.16.0.0/12 ip daddr @xmu_net meta l4proto { tcp, udp } \
tproxy ip to :${xmuPort} meta mark set meta mark | 1
ip daddr @proxy_net meta l4proto { tcp, udp } tproxy ip to :${proxyPort} \
ip saddr @noproxy_src_net counter return
ip daddr @noproxy_net counter return
ip saddr != 172.16.0.0/12 ip daddr @xmu_net meta l4proto { tcp, udp } counter \
log prefix "XMU MATCH: " tproxy ip to :${xmuPort} meta mark set meta mark | 1 accept
ip daddr @proxy_net meta l4proto { tcp, udp } counter tproxy ip to :${proxyPort} \
meta mark set meta mark | 1
ip daddr @lo_net return
meta l4proto { tcp, udp } tproxy ip to :${autoPort} meta mark set meta mark | 1
ip daddr @lo_net counter return
meta l4proto { tcp, udp } counter \
log prefix "COMMON MATCH: " tproxy ip to :${autoPort} meta mark set meta mark | 1
return
}
@@ -295,14 +298,14 @@ inputs:
chain output {
type route hook output priority mangle; policy accept;
ct mark & 1 == 1 counter return
meta skuid { ${noproxyUserStr} } return
meta skuid { ${noproxyUserStr} } counter return
ip saddr @noproxy_src_net return
ip daddr @noproxy_net return
ip daddr @xmu_net meta mark set meta mark | 1
ip daddr @proxy_net meta mark set meta mark | 1
ip daddr @lo_net return
meta l4proto { tcp, udp } meta mark set meta mark | 1
ip saddr @noproxy_src_net counter return
ip daddr @noproxy_net counter return
ip daddr @xmu_net counter meta mark set meta mark | 1
ip daddr @proxy_net counter meta mark set meta mark | 1
ip daddr @lo_net counter return
meta l4proto { tcp, udp } counter meta mark set meta mark | 1
return
}

3
modules/system/default.nix
View File

@@ -29,7 +29,6 @@ inputs:
# ANDROID_HOME = "${XDG_DATA_HOME}/android";
HISTFILE= "${XDG_STATE_HOME}/bash/history";
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
GNUPGHOME = "${XDG_DATA_HOME}/gnupg";
GTK2_RC_FILES = "${XDG_CONFIG_HOME}/gtk-2.0/gtkrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
@@ -46,7 +45,7 @@ inputs:
};
i18n = { defaultLocale = "C.UTF-8"; supportedLocales = [ "all" ]; };
users.mutableUsers = false;
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.backend = "podman";
home-manager.sharedModules = [{ home.stateVersion = "25.05"; }];
system =
{

2
modules/system/fileSystems/cluster.nix
View File

@@ -4,7 +4,7 @@ inputs:
[
# for cluster master, export NFS
(inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null == "master")
{ nixos.services.nfs."/" = "192.168.178.0/24"; })
{ nixos.services.nfs."/" = [ "192.168.178.0/24" ]; })
# for cluster worker, mount nfs, disable some home manager files
(let inherit (inputs.config.nixos.model) cluster; in inputs.lib.mkIf (cluster.nodeType or null == "worker")
{ nixos.system.fileSystems.mount.nfs."192.168.178.1:/" = "/nix/remote/${cluster.clusterName}"; })

62
modules/system/fileSystems/default.nix
View File

@@ -17,15 +17,10 @@ inputs:
type = types.nullOr (types.oneOf [ types.nonEmptyStr (types.submodule { options =
{ device = mkOption { type = types.nonEmptyStr; }; offset = mkOption { type = types.ints.unsigned; }; };
})]);
default = null;
};
rollingRootfs = mkOption
{
type = types.nullOr (types.submodule { options =
{
waitDevices = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};});
default = null;
default = let inherit (inputs.config.nixos.system.fileSystems) swap; in
if builtins.length swap == 1
then if inputs.lib.hasPrefix "/dev/" (builtins.head swap) then builtins.head swap else null
else null;
};
};
config = let inherit (inputs.config.nixos.system) fileSystems; in inputs.lib.mkMerge
@@ -85,54 +80,5 @@ inputs:
};
nixos.system.kernel.patches = [ "hibernate-progress" ];
})
# rollingRootfs
(inputs.lib.mkIf (fileSystems.rollingRootfs != null)
{
boot.initrd.systemd =
{
extraBin =
{
grep = "${inputs.pkgs.gnugrep}/bin/grep";
awk = "${inputs.pkgs.gawk}/bin/awk";
chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
};
services.roll-rootfs =
{
wantedBy = [ "initrd.target" ];
after = [ "cryptsetup.target" "systemd-hibernate-resume.service" ];
before = [ "local-fs-pre.target" "sysroot.mount" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script =
let
device = inputs.config.fileSystems."/".device;
waitDevice = builtins.concatStringsSep "\n" (builtins.map
(device: "while ! [ -e ${device} ]; do sleep 1; done")
(fileSystems.rollingRootfs.waitDevices ++ [ device ]));
in
''
while ! lsmod | grep -q btrfs; do sleep 1; done
${waitDevice}
mount ${device} /mnt -m
if [ -f /mnt/nix/rootfs/current/.timestamp ]
then
timestamp=$(cat /mnt/nix/rootfs/current/.timestamp)
subvolid=$(btrfs subvolume show /mnt/nix/rootfs/current | grep 'Subvolume ID:' | awk '{print $NF}')
mv /mnt/nix/rootfs/current /mnt/nix/rootfs/$timestamp-$subvolid
btrfs property set -ts /mnt/nix/rootfs/$timestamp-$subvolid ro true
fi
[ -d /mnt/nix/rootfs/current ] || btrfs subvolume create /mnt/nix/rootfs/current
mkdir -p /mnt/nix/rootfs/current/usr
touch /mnt/nix/rootfs/current/usr/make-systemd-happy
chattr +C /mnt/nix/rootfs/current
echo $(date '+%Y%m%d%H%M%S') > /mnt/nix/rootfs/current/.timestamp
umount /mnt
'';
};
};
})
];
}

9
modules/system/fileSystems/impermanence.nix
View File

@@ -20,11 +20,7 @@ inputs:
"/nix/persistent" =
{
hideMounts = true;
directories =
[
"/var/db" "/var/lib" "/var/log" "/var/spool" "/var/backup" "/srv"
{ directory = "/var/lib/docker/volumes"; mode = "0710"; }
];
directories = [ "/var/db" "/var/lib" "/var/log" "/var/spool" "/var/backup" "/srv" ];
files = [ "/etc/machine-id" ]
++ (builtins.concatLists (builtins.map
(suf: builtins.map (f: "/etc/ssh/ssh_host_${f}_key${suf}") [ "ed25519" "rsa" ])
@@ -33,8 +29,7 @@ inputs:
"/nix/rootfs/current" =
{
hideMounts = true;
directories = [ { directory = "/var/lib/docker"; mode = "0710"; } ]
++ builtins.map (f: "/var/lib/systemd/${f}") [ "linger" "coredump" "backlight" ];
directories = builtins.map (f: "/var/lib/systemd/${f}") [ "linger" "coredump" "backlight" ];
};
"/nix/nodatacow" =
{

74
modules/system/fileSystems/rollingRootfs.nix Normal file
View File

@@ -0,0 +1,74 @@
inputs:
{
options.nixos.system.fileSystems.rollingRootfs = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
waitDevices = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};});
default = {};
};
config =
let inherit (inputs.config.nixos.system.fileSystems) rollingRootfs;
in inputs.lib.mkIf (rollingRootfs != null)
{
boot.initrd.systemd =
{
extraBin =
{
grep = "${inputs.pkgs.gnugrep}/bin/grep";
awk = "${inputs.pkgs.gawk}/bin/awk";
chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
lsmod = "${inputs.pkgs.kmod}/bin/lsmod";
};
services.roll-rootfs =
{
wantedBy = [ "initrd.target" ];
after = [ "cryptsetup.target" "systemd-hibernate-resume.service" ];
before = [ "local-fs-pre.target" "sysroot.mount" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script =
let
device = inputs.config.fileSystems."/".device;
waitDevice = builtins.concatStringsSep "\n" (builtins.map
(device: "while ! [ -e ${device} ]; do sleep 1; done")
(rollingRootfs.waitDevices ++ [ device ]));
in
''
# wait for device to be available
while ! lsmod | grep -q btrfs; do sleep 1; done
${waitDevice}
# mount device
mount ${device} /mnt -m
# move old rootfs, create new one
if [ -f /mnt/nix/rootfs/current/.timestamp ]
then
timestamp=$(cat /mnt/nix/rootfs/current/.timestamp)
subvolid=$(btrfs subvolume show /mnt/nix/rootfs/current | grep 'Subvolume ID:' | awk '{print $NF}')
mv /mnt/nix/rootfs/current /mnt/nix/rootfs/$timestamp-$subvolid
btrfs property set -ts /mnt/nix/rootfs/$timestamp-$subvolid ro true
fi
[ -d /mnt/nix/rootfs/current ] || btrfs subvolume create /mnt/nix/rootfs/current
chattr +C /mnt/nix/rootfs/current
echo $(date '+%Y%m%d%H%M%S') > /mnt/nix/rootfs/current/.timestamp
# make systemd happy
mkdir -p /mnt/nix/rootfs/current/usr
touch /mnt/nix/rootfs/current/usr/make-systemd-happy
# backup persistent
if [ -d /mnt/nix/persistent/.backups ]
then
btrfs subvolume snapshot -r /mnt/nix/persistent \
/mnt/nix/persistent/.backups/boot-$(date '+%Y%m%d%H%M%S')
fi
umount /mnt
'';
};
};
};
}

38
modules/system/gui.nix
View File

@@ -1,13 +1,17 @@
inputs:
{
config = inputs.lib.mkMerge
options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
{
implementation = mkOption { type = types.enum [ "kde" ]; default = "kde"; };
};
config = let inherit (inputs.config.nixos.system) gui; in inputs.lib.mkMerge
[
# enable gui
(inputs.lib.mkIf (inputs.config.nixos.model.type == "desktop")
{
services =
{
desktopManager.plasma6.enable = true;
desktopManager.plasma6.enable = inputs.lib.mkIf (gui.implementation == "kde") true;
greetd =
{
enable = true;
@@ -18,7 +22,7 @@ inputs:
"${inputs.pkgs.greetd.tuigreet}/bin/tuigreet"
"--sessions ${sessionData}/wayland-sessions --xsessions ${sessionData}/xsessions"
"--time --asterisks --remember --remember-user-session"
"--cmd startplasma-wayland"
(inputs.lib.optionalString (gui.implementation == "kde") "--cmd startplasma-wayland")
];
};
};
@@ -28,7 +32,8 @@ inputs:
persistence."/nix/persistent".directories =
[{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; mode = "0700"; }];
};
xdg.portal.extraPortals = builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ];
xdg.portal.extraPortals = (builtins.map (p: inputs.pkgs."xdg-desktop-portal-${p}") [ "gtk" "wlr" ])
++ [ inputs.pkgs.kdePackages.xdg-desktop-portal-kde ];
i18n.inputMethod =
{
enable = true;
@@ -38,28 +43,25 @@ inputs:
programs.dconf.enable = true;
nixos.user.sharedModules = [(hmInputs:
{
config =
config.gtk =
{
gtk =
enable = true;
gtk2 =
{
enable = true;
gtk2 =
{
extraConfig = ''gtk-im-module="fcitx"'';
configLocation = "${hmInputs.config.xdg.configHome}/gtk-2.0/gtkrc";
};
gtk3.extraConfig.gtk-im-module = "fcitx";
gtk4.extraConfig.gtk-im-module = "fcitx";
extraConfig = ''gtk-im-module="fcitx"'';
configLocation = "${hmInputs.config.xdg.configHome}/gtk-2.0/gtkrc";
};
# somehow kde needs this
# TODO: debug
home.file.".cache/thumbnails/.keep".text = "";
gtk3.extraConfig.gtk-im-module = "fcitx";
gtk4.extraConfig.gtk-im-module = "fcitx";
};
})];
})
# prefer gui or not
(inputs.localLib.mkConditional (builtins.elem inputs.config.nixos.model.type [ "desktop" ])
{ environment.sessionVariables.NIXOS_OZONE_WL = "1"; }
{ environment.plasma6.excludePackages = [ inputs.pkgs.kdePackages.plasma-nm ]; })
{
environment.plasma6.excludePackages = inputs.lib.mkIf (gui.implementation == "kde")
[ inputs.pkgs.kdePackages.plasma-nm ];
})
];
}

13
modules/system/kernel/default.nix
View File

@@ -50,19 +50,10 @@ inputs:
nixos = inputs.pkgs.linuxPackages;
xanmod-lts = inputs.pkgs.linuxPackages_xanmod;
xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest;
xanmod-unstable = inputs.pkgs.pkgs-unstable.linuxPackages_xanmod_latest;
}.${kernel.variant};
kernelPatches =
let
patches =
{
hibernate-progress =
[{
name = "hibernate-progress";
patch =
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in ./hibernate-progress-${version}.patch;
}];
};
let patches.hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
};

116
modules/system/kernel/hibernate-progress-6.6.patch
View File

@@ -1,116 +0,0 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index d44f5937f1e5..8905c0438b64 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -552,7 +552,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -567,7 +567,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -577,7 +577,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -767,8 +767,8 @@ static int save_image_lzo(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for compression\n", nr_threads);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for compression\n", nr_threads);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -789,7 +789,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -860,7 +860,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
out_clean:
hib_finish_batch(&hb);
@@ -1071,7 +1071,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1089,7 +1089,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1099,7 +1099,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1283,8 +1283,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for decompression\n", nr_threads);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for decompression\n", nr_threads);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1414,7 +1414,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1440,7 +1440,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;

0
modules/system/kernel/hibernate-progress-6.12.patch → modules/system/kernel/hibernate-progress.patch
View File

5
modules/system/nix-ld.nix
View File

@@ -1,10 +1,7 @@
inputs:
{
options.nixos.system.nix-ld = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
{ type = types.nullOr (types.submodule {}); default = {}; };
config = let inherit (inputs.config.nixos.system) nix-ld; in inputs.lib.mkIf (nix-ld != null)
{
programs.nix-ld =

42
modules/system/nix.nix
View File

@@ -7,20 +7,9 @@ inputs:
substituters = mkOption { type = types.listOf types.nonEmptyStr; default = [ "https://nix-store.chn.moe" ]; };
remote =
{
slave =
{
enable = mkOption { type = types.bool; default = false; };
mandatoryFeatures = mkOption
{
type = types.listOf types.nonEmptyStr;
default = [ "big-parallel" ];
};
};
master =
{
enable = mkOption { type = types.bool; default = false; };
hosts = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
slave = mkOption { type = types.nullOr (types.submodule {}); default = null; };
# host.[gcc arches]
master.host = mkOption { type = types.attrsOf (types.listOf types.nonEmptyStr); default = {}; };
};
githubToken.enable = mkOption { type = types.bool; default = inputs.config.nixos.model.private; };
};
@@ -88,7 +77,7 @@ inputs:
# substituters
{ nix.settings.substituters = nix.substituters ++ [ "https://cache.nixos.org" ]; }
# remote.slave
(inputs.lib.mkIf nix.remote.slave.enable
(inputs.lib.mkIf (nix.remote.slave != null)
{
nix =
{
@@ -103,31 +92,24 @@ inputs:
};
})
# remote.master
(inputs.lib.mkIf nix.remote.master.enable
(inputs.lib.mkIf (nix.remote.master.host != {})
{
assertions = builtins.map
(host:
{
assertion = inputs.topInputs.self.nixosConfigurations.${host}.config.nixos.system.nix.remote.slave.enable;
message = "remote.slave.enable is not set for ${host}";
})
nix.remote.master.hosts;
nix =
{
distributedBuilds = true;
buildMachines = builtins.map
(host: let hostConfig = inputs.topInputs.self.nixosConfigurations.${host}.config; in
buildMachines = inputs.lib.mapAttrsToList
(n: v:
{
hostName = host;
hostName = n;
protocol = "ssh-ng";
systems = [ "x86_64-linux" ] ++ hostConfig.nix.settings.extra-platforms or [];
systems = [ "x86_64-linux" ];
sshUser = "nix-ssh";
sshKey = inputs.config.sops.secrets."nix/remote".path;
maxJobs = 1;
inherit (hostConfig.nixos.system.nix.remote.slave) mandatoryFeatures;
supportedFeatures = hostConfig.nix.settings.system-features;
mandatoryFeatures = [ "big-parallel" ];
supportedFeatures = builtins.map (f: "gccarch-${f}") v;
})
nix.remote.master.hosts;
nix.remote.master.host;
};
sops.secrets."nix/remote" = {};
})

2
modules/system/nixpkgs/default.nix → modules/system/nixpkgs.nix
View File

@@ -15,7 +15,7 @@ inputs:
};
config = let inherit (inputs.config.nixos.system) nixpkgs; in
{
nixpkgs = import ./buildNixpkgsConfig.nix { inherit inputs; nixpkgs = nixpkgs // { nixRoot = null; }; };
nixpkgs = inputs.localLib.buildNixpkgsConfig { inherit inputs; nixpkgs = nixpkgs // { nixRoot = null; }; };
boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
[{
name = "native kernel";

BIN
modules/system/plymouth/nix-doge.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 130 B

After

Width:  |  Height:  |  Size: 21 KiB

3
modules/user/chn/plasma/default.nix
View File

@@ -1,7 +1,8 @@
inputs:
{
imports = inputs.localLib.findModules ./.;
config = inputs.lib.mkIf (inputs.config.nixos.packages.desktop != null)
config = inputs.lib.mkIf
(inputs.config.nixos.packages.desktop != null && inputs.config.nixos.system.gui.implementation == "kde")
{
home-manager.users.chn.config.programs.plasma = inputs.lib.mkMerge
[

3
modules/user/chn/plasma/shortcuts.nix
View File

@@ -1,6 +1,7 @@
inputs:
{
config = inputs.lib.mkIf (inputs.config.nixos.model.type == "desktop")
config = inputs.lib.mkIf
(inputs.config.nixos.model.type == "desktop" && inputs.config.nixos.system.gui.implementation == "kde")
{
home-manager.users.chn.config.programs.plasma =
{

6
modules/user/chn/plasma/wallpaper.nix
View File

@@ -1,5 +1,7 @@
inputs:
{
config.home-manager.users.chn.config.programs.plasma.configFile.kdeglobals.General.accentColorFromWallpaper.value
= true;
config = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
{
home-manager.users.chn.config.programs.plasma.configFile.kdeglobals.General.accentColorFromWallpaper.value = true;
};
}

2
modules/user/chn/ssh.nix
View File

@@ -10,7 +10,7 @@ inputs:
{
matchBlocks = rec
{
xmuhk = { host = "xmuhk"; hostname = "10.26.14.56"; user = "xmuhk"; };
xmuhk = { host = "xmuhk"; hostname = "10.26.14.64"; user = "xmuhk"; };
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:xterm-256color";
"wg0.jykang" = jykang;

8
modules/user/default.nix
View File

@@ -126,7 +126,13 @@ inputs:
imports = user.sharedModules;
config =
{
programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
programs.git =
{
userName = "chn";
userEmail = "chn@chn.moe";
# allow root operate on git repositories owned by others
extraConfig.safe.directory = "*";
};
home.file = inputs.lib.mkIf inputs.config.nixos.model.private
{
".ssh/id_ed25519_sk".source = homeInputs.config.lib.file.mkOutOfStoreSymlink

9
packages/default.nix
View File

@@ -132,6 +132,15 @@ inputs: rec
stdenv = inputs.pkgs.callPackage ./oneapi/stdenv.nix { src = inputs.topInputs.self.src.oneapi; inherit gccFull; };
fmt = (inputs.pkgs.fmt.override { inherit (final) stdenv; }).overrideAttrs { doCheck = false; env.VERBOSE = "1"; };
});
lumerical =
{
lumerical = inputs.pkgs.callPackage ./lumerical/lumerical.nix
{ src = inputs.topInputs.self.src.lumerical.lumerical; };
licenseManager = inputs.pkgs.callPackage ./lumerical/licenseManager.nix
{ inherit (inputs.topInputs.self.src.lumerical.licenseManager) src crack; };
license = inputs.pkgs.callPackage ./lumerical/license.nix
{ src = inputs.topInputs.self.src.lumerical.licenseManager.license; };
};
fromYaml = content: builtins.fromJSON (builtins.readFile
(inputs.pkgs.runCommand "toJSON" {}

6
packages/lumerical/license.nix Normal file
View File

@@ -0,0 +1,6 @@
{ runCommand, src, macAddress ? "000123456789" }: runCommand "license.txt" {}
''
cp ${src} $out
sed -i 's|xxxxxxxxxxxxx|${macAddress}|' $out
sed -i 's|2022.1231|2035.1231|g' $out
''

60
packages/lumerical/licenseManager.nix Normal file
View File

@@ -0,0 +1,60 @@
{ src, crack, buildFHSEnv, stdenvNoCC, writeScript, licenseFile ? "/tmp/lumerical-license" }:
let
builder = buildFHSEnv
{
name = "builder";
targetPkgs = pkgs: with pkgs; [ coreutils glib ];
extraBwrapArgs = [ "--bind" "$out" "$out" ];
};
package = stdenvNoCC.mkDerivation
{
name = "lumericalLicenseManager";
dontUnpack = true;
dontBuild = true;
dontFixup = true;
installPhase =
''
mkdir -p $out
cp -r ${src}/* .
chmod +x ./INSTALL
${builder}/bin/builder ./INSTALL -silent -install_dir $out/opt/ansys_inc -lm
cp -r ${crack}/* $out/opt
ln -sf ${licenseFile} $out/opt/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic
# install update
chmod +w -R $out
cp -rf $out/opt/ansys_inc/shared_files/licensing/linx64/update/* $out/opt/ansys_inc/shared_files/licensing/linx64
rm -rf $out/opt/ansys_inc/shared_files/licensing/linx64/update
cp -rf $out/opt/ansys_inc/shared_files/licensing/tools/update/* $out/opt/ansys_inc/shared_files/licensing/tools
rm -rf $out/opt/ansys_inc/shared_files/licensing/tools/update
# fix some log paths, license manager should have write permissions
rm -rf $out/opt/ansys_inc/shared_files/licensing/tools/tomcat/logs
ln -s /tmp/lumericalLicenseManager/logs $out/opt/ansys_inc/shared_files/licensing/tools/tomcat/logs
ln -sf /tmp/lumericalLicenseManager/ansysli_server.log \
$out/opt/ansys_inc/shared_files/licensing/ansysli_server.log
# fix env
sed -i "s|/home/ansys_inc|$out/opt/ansys_inc/shared_files/licensing/../..|g" \
$out/opt/ansys_inc/shared_files/licensing/tools/tomcat/bin/setenv.sh
rm $out/opt/ansys_inc/shared_files/licensing/tools/tomcat/bin/setenv.sh.old
# fix permissions
chmod +x $out/opt/ansys_inc/shared_files/licensing/tools/tomcat/bin/*
chmod +x $out/opt/ansys_inc/shared_files/licensing/linx64/*
'';
};
startScript = writeScript "fdtd"
''
pushd /opt/ansys_inc/shared_files/licensing
./start_ansysli &
./start_lmcenter &
tail -f /dev/null
'';
in buildFHSEnv
{
name = "lumericalLicenseManager";
passthru = { inherit builder package; };
targetPkgs = pkgs: (with pkgs; [ coreutils glib ]) ++ [ package ];
runScript = startScript;
}

69
packages/lumerical/lumerical.nix Normal file
View File

@@ -0,0 +1,69 @@
{
stdenv, src, buildFHSEnv, writeScript, autoPatchelfHook,
libxml2, libz, freeglut, libGLU, xorg, alsa-lib, freetype, wayland, fontconfig, libxkbcommon, systemd, numactl, nss,
at-spi2-atk, libxcrypt-legacy, glibtool, tbb, libxslt, glib, gtk3, libedit, gdbm, ncurses5, mesa, libdrm, xmlsec,
libsForQt5, mpi
}:
let
unwrapped = stdenv.mkDerivation
{
name = "lumerical-unwrapped";
inherit src;
dontConfigure = true;
dontBuild = true;
installPhase =
''
mkdir -p $out
cp -r $src/v231 $out/opt
chmod -R +w $out
rm $out/opt/{bin/itkdb-bridge,lib/libxmlsec*,lib/libQt5*}
'';
dontFixup = true;
};
startScript = writeScript "fdtd"
''
export XDG_SESSION_TYPE=x11
/opt/bin/fdtd-solutions-app "$@"
'';
raw = stdenv.mkDerivation
{
name = "lumerical";
inherit src;
buildInputs =
[
stdenv.cc.cc libxml2 libz freeglut libGLU alsa-lib freetype wayland fontconfig libxkbcommon systemd numactl nss
libxcrypt-legacy glibtool tbb libxslt glib gtk3 libedit gdbm ncurses5 mesa libdrm xmlsec mpi
]
++ (with xorg; [
libX11 libXt libICE libXdamage libXfixes xcbutilwm xcbutilimage xcbutilkeysyms xcbutilrenderutil libXcursor
libXcomposite libXtst libXft libXScrnSaver
]);
nativeBuildInputs = [ autoPatchelfHook ];
dontConfigure = true;
dontBuild = true;
installPhase =
''
mkdir -p $out
cp -r $src/v231 $out/opt
chmod -R +w $out
rm -r $out/opt/{bin/itkdb-bridge,lib/libxmlsec*}
'';
autoPatchelfIgnoreMissingDeps = [ "libmpi.so.12" "libmex.so" "iboaDesign.so" ];
};
in buildFHSEnv
{
name = "lumerical";
passthru = { inherit unwrapped raw; };
targetPkgs = pkgs: with pkgs;
[
unwrapped libxml2 xmlsec libz libGL stdenv.cc.cc.lib
freeglut libGLU alsa-lib freetype fontconfig libxkbcommon systemd numactl nss
libxcrypt-legacy glibtool tbb libxslt glib gtk3 libedit gdbm ncurses5 mesa libdrm xmlsec
libsForQt5.full libsForQt5.qt5.qtnetworkauth mpi
]
++ (with xorg; [
libX11 libXt libICE libXdamage libXfixes xcbutilwm xcbutilimage xcbutilkeysyms xcbutilrenderutil libXcursor
libXcomposite libXtst libXft libXScrnSaver libSM libXext
]);
runScript = startScript;
}