mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 16:59:23 +08:00
Compare commits
1 Commits
srv1
...
srv2-debug
| Author | SHA1 | Date | |
|---|---|---|---|
| 8c82784ed3 |
@@ -28,9 +28,6 @@ users:
|
||||
pen: ENC[AES256_GCM,data:XOKXV0YSFbHC3I3xO8fpWvYerNfVFg2afs+CUp2MZB+yt9KR5bTJdVOfUGldLbWH5CR4v5FxTrTujv24wJ710Rfyugxh9aFJ/w==,iv:tHLoO+XpdUk8S56QUiJQOpVO9C5epam9PMubMN+8fHw=,tag:H0srWRigNUedQMIAfJlfjg==,type:str]
|
||||
#ENC[AES256_GCM,data:K6O0TIYYGZmM8iOwsQ==,iv:xtT8Psnoy51V9gsRo335+VT56FXTcMQ3d4/tnuWouew=,tag:k8irtZ33G3UFK++rzcmyiw==,type:comment]
|
||||
reonokiy: ENC[AES256_GCM,data:fPKdOPAKbXUvK5Jj08T0iSD23mhhkTXCexgB5q3v5JS4c6V4S+W14WOkS4UHrMQls/rHslw0NyMzS5G27A+5vN+EN+xJZfuRGg==,iv:tSdNOgs61tyt7/hUKt8bfKvpq9qOQU14ligdxBs/ATs=,tag:6IoS/p2StKtFREIpxsWkdg==,type:str]
|
||||
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
|
||||
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
|
||||
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
|
||||
telegram:
|
||||
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
|
||||
user:
|
||||
@@ -177,7 +174,7 @@ sops:
|
||||
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
|
||||
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-05T04:25:07Z"
|
||||
mac: ENC[AES256_GCM,data:x7wXcdExnf3grO9uS90dQMCSTgJiCyz5sdiek4EnYPsb/EVXfbzYnOo05T3ns8nNfQb6jCKBr/TZO6ZhOneaa/b8uZrG3c4EtDRVptm6+8PydgG5pv5ZiVLb83XR/t11xLWyzc8livLiTPb2RT0UglznOWCGPz20ULoI+JphGGc=,iv:iE7sRIyY2Espmaushcb0VJMjUZYhSGAqRdhmQRMkndU=,tag:0qsijRFyFshIKZTwVbvntw==,type:str]
|
||||
lastmodified: "2025-05-14T01:17:28Z"
|
||||
mac: ENC[AES256_GCM,data:r1FWYKz9aJtmhH7MLPqwZjG0W7LULScGd63CnIqsm2AbFIs6DgW33zDsgwrl1oblx/zYGda3irB5s1+otR38DU0VE7jqLYzHpb3eLsE986ZTwe9Tujy6BJm2Pyng60BJTTBwKU8awS2WpbTUivK1aVivNfBffQIL5Scv/qkyH3U=,iv:1USu0hh8IM2T/w1Fm/udGswPJcxKmvcG6XwlS2ku6iY=,tag:F/rZiGc3KTaNA0YtrWF3+w==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
version: 3.9.2
|
||||
|
||||
@@ -2,7 +2,6 @@ inputs:
|
||||
let
|
||||
publicKey =
|
||||
{
|
||||
vps4 = "sUB97q3lPyGkFqPmjETzDP71J69ZVfaUTWs85+HA12g=";
|
||||
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
|
||||
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
|
||||
@@ -62,7 +61,7 @@ let
|
||||
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
|
||||
(builtins.listToAttrs
|
||||
(
|
||||
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps4" "vps6" "srv3" ])
|
||||
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps6" "srv3" ])
|
||||
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ])
|
||||
))
|
||||
# 校内网络
|
||||
|
||||
@@ -25,9 +25,20 @@ inputs:
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
xray.client.dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
|
||||
xray.client =
|
||||
{
|
||||
enable = true;
|
||||
# TODO: remove on next month
|
||||
xray =
|
||||
{
|
||||
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
|
||||
serverName = "xserver.srv3.chn.moe";
|
||||
};
|
||||
dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
|
||||
};
|
||||
beesd."/".hashTableSizeMB = 10 * 128;
|
||||
nfs."/" = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc";
|
||||
nix-serve.hostname = "nix-store.nas.chn.moe";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
xray-client:
|
||||
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:P6N53f5LQObXW63yciSB11XMFtUlJsp1ZhPs/Wqt5iMR9pxI6CNa92CKWzGJFHvBGQ0ORjY9Qz928lEp9AOSpOsGwUhUFfm1QTKVIg8DTzcBuojIwCHUQAxPbVw=,iv:3RVKj7JZLWDyEjup4UgDj/9OT1Mxs5ouu+kFicBFhDY=,tag:EfwoT/2NfGu9sJbmRylSRQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
@@ -21,7 +23,7 @@ sops:
|
||||
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
|
||||
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T01:22:01Z"
|
||||
mac: ENC[AES256_GCM,data:OxRUW3e2SXTTdb7Iwvsf/UaHsTIVxohJwRIFExh5N/dJhU9Ui8omKBjkooiGaysrZEVEZNAWSp2zvTPXUdZrtW2fikyhF6Fsg7jUFFTqhV/sjYMy7gISbfkcGF9SuYGByuuySyXPqsfg+ESeBmMVZiqDSEPYJWu+q8OwThdhsAM=,iv:UnSfmuxcV+tr7wd59Xg0MG2QbP2uOshVhN5C++9ZSzA=,tag:cWiG85xv2OuiBOoAlvVBGw==,type:str]
|
||||
lastmodified: "2025-06-02T06:24:12Z"
|
||||
mac: ENC[AES256_GCM,data:slnXbWsxKYIh0nocX+yjVlCNJ97ieeNF9IRSsUZ3XiSQJEmhW9TQ3Eb8TpvcTYpEkyXrb3b8Z3Lw79VTe3L64/TA+DYzpxfzo0E5CWQBRNSbHoL46FLLjc7sEmW+IiGdzoLUeOPDbYPKYIGfGxymPfuO+Wp3t42kxfWuXs3KiMQ=,iv:I1kRJ8SUQaFNIPFjcCGKvkyr2t7G8TN+WJOksP8Onbs=,tag:m1qMyGWpBwJ8yxyuxLHVJQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -24,7 +24,16 @@ inputs:
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
services =
|
||||
{
|
||||
xray.client = {};
|
||||
xray.client =
|
||||
{
|
||||
enable = true;
|
||||
# TODO: remove on next month
|
||||
xray =
|
||||
{
|
||||
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
|
||||
serverName = "xserver.srv3.chn.moe";
|
||||
};
|
||||
};
|
||||
beesd."/".hashTableSizeMB = 64;
|
||||
sshd = {};
|
||||
};
|
||||
|
||||
@@ -74,13 +74,23 @@ inputs:
|
||||
};
|
||||
};
|
||||
sshd = {};
|
||||
xray.client.dnsmasq.hosts = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(name: { inherit name; value = "144.34.225.59"; })
|
||||
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
|
||||
)
|
||||
// { "4006024680.com" = "192.168.199.1"; };
|
||||
xray.client =
|
||||
{
|
||||
enable = true;
|
||||
# TODO: remove on next month
|
||||
xray =
|
||||
{
|
||||
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.vps4";
|
||||
serverName = "xserver.vps4.chn.moe";
|
||||
};
|
||||
dnsmasq.hosts = builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(name: { inherit name; value = "144.34.225.59"; })
|
||||
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
|
||||
)
|
||||
// { "4006024680.com" = "192.168.199.1"; };
|
||||
};
|
||||
acme.cert."debug.mirism.one" = {};
|
||||
nix-serve = {};
|
||||
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
|
||||
|
||||
@@ -63,7 +63,7 @@ inputs:
|
||||
};
|
||||
};
|
||||
packages.vasp = {};
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -21,8 +21,7 @@ inputs:
|
||||
};
|
||||
services =
|
||||
{
|
||||
sshd.motd = true;
|
||||
xray.client.dnsmasq.extraInterfaces = [ "eno146" ];
|
||||
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
|
||||
beesd."/" = { hashTableSizeMB = 128; threads = 4; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
};
|
||||
|
||||
@@ -22,7 +22,7 @@ inputs:
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client = {};
|
||||
xray.client.enable = true;
|
||||
beesd."/".threads = 4;
|
||||
kvm.nodatacow = true;
|
||||
};
|
||||
|
||||
@@ -35,7 +35,7 @@ inputs:
|
||||
hardware.gpu.type = "nvidia";
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
sshd = { passwordAuthentication = true; groupBanner = true; };
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
@@ -81,7 +81,7 @@ inputs:
|
||||
};
|
||||
};
|
||||
packages = { vasp = {}; mumax = {}; lammps = {}; };
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" "zqq" ];
|
||||
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -13,19 +13,22 @@ inputs:
|
||||
{
|
||||
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
|
||||
wireless = [ "457的5G" ];
|
||||
masquerade = [ "eno2" ];
|
||||
# masquerade = [ "eno2" ];
|
||||
trust = [ "eno2" ];
|
||||
};
|
||||
};
|
||||
services =
|
||||
{
|
||||
xray.client = { dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; }; };
|
||||
xray.client =
|
||||
{
|
||||
enable = true;
|
||||
dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
|
||||
};
|
||||
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
|
||||
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
|
||||
groupshare = {};
|
||||
hpcstat = {};
|
||||
ollama = {};
|
||||
sshd = { groupBanner = true; motd = true; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -102,7 +102,7 @@ inputs:
|
||||
gitea = { enable = true; ssh = {}; };
|
||||
grafana = {};
|
||||
fail2ban = {};
|
||||
xray.server = {};
|
||||
xray.server.serverName = "xserver.srv3.chn.moe";
|
||||
docker = {};
|
||||
peertube = {};
|
||||
nginx.applications.webdav.instances."webdav.chn.moe" = {};
|
||||
|
||||
@@ -75,8 +75,48 @@ xray-server:
|
||||
user0: ENC[AES256_GCM,data:n6gIZGYdT6wEfKgizFvIE802AkpR8BpSPSZrQ5WP/aZWzLUL,iv:AxnwFOzmIRm3nTLpi8/4lkv+TjO4y4RZQtHO0GriD8o=,tag:nllDCaLZd6JNS2JqwvgVyg==,type:str]
|
||||
#ENC[AES256_GCM,data:uhAauqQ1oQ==,iv:0Sr6YjarjkLmBq5H1ELb3SYBzrTVhqIE6qPxc9HYeKY=,tag:NvGGSY99Y7d3OTnpOr2p2g==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:EcEySx/n52rN5REPEWNjCuWywokvOetadbljqPpDPADTeeSk,iv:7r3CdvHJT1iZvx1Xn53It1ZxIkdLVIeQ+Q03zISm94k=,tag:8cIGZUlIhVgRc2FeU931kQ==,type:str]
|
||||
#ENC[AES256_GCM,data:qbXmxTn+Mwk3zw==,iv:8F/0ELOwXMrKaigfRmwvGREujqNwM6XjIeaPyr6JS5U=,tag:PF/PAQCwzH7uOj+xgM0rKw==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:cA2oKqGsKuZyydMQspbSrWqsQIAde/VtGIPybC2gr3Bg355H,iv:YOj+6f6YR3Ze3x5IrqdqzXp9e3v1jdAu8re1Is6Q4eQ=,tag:n/CV6+PX/y+okpJwRraSDA==,type:str]
|
||||
#ENC[AES256_GCM,data:VcLtO+6YWg==,iv:TWM3IY00V+LaJzk+E8ji/v7Ol4TCvSP/FHzFsV5MGIE=,tag:CijsW2O/AKpWgQUm6ipPeg==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:F3HK6znDEsN8UO7B9vBs03jyjqoQ+MGCcNJuOeglSBzLD2Hy,iv:TKBRe8Qmn9DL4AEilX20YcKbz6bydKsQUuUd5lyM2jE=,tag:nAyrTD4zkJ6CjLuj29zuJQ==,type:str]
|
||||
#ENC[AES256_GCM,data:UFE3pg02VA==,iv:thT5OYPIHLIjKB7uiAk5vff8rtsgwncdo+U0KmW3uTE=,tag:qGWmSsI1mzg8ZbpunxBuyw==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:FYMQFFTCue+umBl5OwJvlZ+NyocsRbkycr+y1L6d6LPdR9px,iv:ZX9Z0dqmBvvXlz+oEYd7vQ5rW5lvmlc+bneDguQld30=,tag:y3d7aDWOtO0T3Yf5pGnffQ==,type:str]
|
||||
#ENC[AES256_GCM,data:KuuPQQ==,iv:LGGqLFV4CnUMLWaNbHj6bRseetvdMdSOefV1FeYlJSA=,tag:wXlqKM2BuoMRZAwYbv5eOg==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:T5p0POx9Cnqdlp0blEYvAnRNIDOCNVdpOBR4rVQ1/07/rOCX,iv:EZx6ToeORzHoG+aEPi9oiTcwp4bOIAJpPUvemhYM96Q=,tag:aSS+RY5rEzr62mbE+JDanw==,type:str]
|
||||
#ENC[AES256_GCM,data:tmlMaaDT4Q==,iv:zDBCjdBioiXGbJve03VcwCt81hiFxyKqql9rp6zW25g=,tag:cxedo8U2FICH5yMoPXwQMg==,type:comment]
|
||||
user6: ENC[AES256_GCM,data:LzYfIXgZP0q9FpxDM6skSTiwOxEO+N5wuFq86KAazqe8zS/h,iv:Jh7bWMVr5U69L1uARLMUciWvv/aRjJJeEXvU5bo8e3A=,tag:PxesHErVSlkbuNeeRpQfEA==,type:str]
|
||||
#ENC[AES256_GCM,data:boB2Ug==,iv:echGnXhoj2wX7GDj302nbirmzQFCqql2jtY0JaNyla4=,tag:7YnhNwCFZ9rOstanr0wGcw==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:s1O6GRn/9T9DWKlcXJTnOoAPZnPgHGBpZZcEDAKRtiYAI/5p,iv:JyaGsolN5WgQekPYxJiJbniuxLPf3+elHHbd3+ZrLtc=,tag:32wNUTqyyaKoPRQdB4U0SA==,type:str]
|
||||
#ENC[AES256_GCM,data:cvG7WQcnwj+u9A==,iv:ui40+u9yE/Prksmiqed1NjuHyNP2RGtgSMazfI8ultc=,tag:he2F4i71Z8gFdW3fmRdhUA==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:roCYRvszJo7weozfIRoGgUhIs1f2a5/a2d1b/Iy6WEbbehOS,iv:tcOsL0SE4qMRPZIGOlzRIaMJvcapx2H9HK4D8qmSbIs=,tag:Z0skFdgtpjSR7jli3dwd5A==,type:str]
|
||||
#ENC[AES256_GCM,data:IFXAXr0RVg/DCA==,iv:pKdnsUFX4XXJIZleA71fAfua1ibSa/2tgjdqnhbt/Rg=,tag:2Fv397j/uJDFZ/uvBxtrQw==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:5HP+OVmf+dsS8sDHakC7Yx1HVutMoTbITONHQiSvHw+17M9J,iv:TYDf7lx04pHohbGBbPJvOAoIGUKqil59k4Pt405/9kA=,tag:HUxT/uSR8sYCXQ8uX69Fqg==,type:str]
|
||||
#ENC[AES256_GCM,data:7TJeKZM=,iv:FKcgDOtV417n1xmufqB3WENrbZ0V93sI5/XhiDYouMw=,tag:TchW2jgxZAXHvvMYY089dA==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:+u1KwJo3Y4enFM2RVr379GF7O6r9bWofUEZ2994IIC+Ce2NV,iv:ssKA5y3JM4tm+JdVznQFUAYmlrHaWd8hQXs6R/aEXN8=,tag:Q5uuM1sBZJRYBe4XXTL3ZQ==,type:str]
|
||||
#ENC[AES256_GCM,data:O3qEWI+vFA==,iv:R7HLFRNszV6yXwciNfk/rTbDQYLmKsTCQFCfWIpJdfY=,tag:DjuM2a48/lDF11aLIf3Fgw==,type:comment]
|
||||
user11: ENC[AES256_GCM,data:4HDGJq9nl8oGeQEo0XBEUiJweAaZ9yWc9Ib1TM91Djj2jH8d,iv:1i9/bZhHkhc8dP9Pg4gIRnCms61AP9VYxAG4acV3gpQ=,tag:vID9DEXZu3wGbXDqsLVEAg==,type:str]
|
||||
#ENC[AES256_GCM,data:CdJubErTSg==,iv:UKn0lvbCzJnE241Tg3yjSx4xZNbp5sa/NfgIlRNU5z8=,tag:6FMGY6hbMQQFoN31z4e4uw==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:U+ynUYI+l6McI9oWF4PNiLUwvNowdseZ5gO8o73cX8MsXS2+,iv:r0KIBXczRkubZqyM/LUBPp/x9Zb/rvDJIKGGKkR3EfY=,tag:yn7806HD7ei57UtpuPjlkg==,type:str]
|
||||
#ENC[AES256_GCM,data:3trgclrgDXhKUg==,iv:qyLmCBaB5ql950diUj7YlPi6P3a0hYH8adADEI0AGrU=,tag:Oleq79giA9/gYBO8Carznw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:M6JXRrqnKrdihAA1aUg9zzJfhCK5TLLRf4wZkemnlHyaXnLL,iv:OA6i+BGYTr9gILE3jzFILLZvPRZeAvmSbXEStihN3aw=,tag:WcpTKRC8crDhzKHcxjtICQ==,type:str]
|
||||
#ENC[AES256_GCM,data:VryB1AM=,iv:6FdWfpQ53bdpkXZ22gpy8GxKb1X7bak0K/Oa56mP7Uw=,tag:VBg7u7MSMl4Pr72W6ugYEg==,type:comment]
|
||||
user14: ENC[AES256_GCM,data:g8y07VaxsuTs74L5xF/XDlmYetOfXFwHEr+FCHRtFLKwTAVq,iv:TjT49pTk97l3u1wGG7BmqZr/LAMC2765er3HGarOANw=,tag:zt1ojulNjWcuKIdix6NFJw==,type:str]
|
||||
#ENC[AES256_GCM,data:Bawjfo3ubW1eXA==,iv:m2/ViC9AIZUV3Wl9EBYV5L0QQDw7QgXPpQ7WX22XpQ8=,tag:1wqpie9BuDi7BiDCvRIWog==,type:comment]
|
||||
user15: ENC[AES256_GCM,data:2Ylnb7ZJgr3ha0rXrjkscPX9zJI2L9aydfL5Ndl2b9cJmVUC,iv:mu0GlGGXH4njmi4KzsvFSJN2zC5IcXVQ6oqVv2ClWpM=,tag:AIhnDqQehLyJY+wh7RWTYg==,type:str]
|
||||
#ENC[AES256_GCM,data:uORLUE+excPAuw==,iv:K1Qch9qkg5T59+lcMC7vHWu1mnOv2dH5cOAZHX8HhgQ=,tag:chVMn/kb3Rr3f2igjbsAUA==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:D4lPjTb2kaYfUSCCRaMpGNtzLIfvPvfiJK+kkTQtSMOBglpN,iv:FCpHHBSKDYA+H6fgabNggXJlenzg5am5excBknpD1uU=,tag:FPQaBfLiZ5PBJa8gCpBfTA==,type:str]
|
||||
#ENC[AES256_GCM,data:Cfs0Ul9BHWW/oQ==,iv:OOcRWmc7fy2RnE7+TtSBauKa1k1/unC1nFJ2SJ3yWqk=,tag:q6MjcXEYuep1eRw5BJspqw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:2mzbUcGRye0cdgQxoTzSeKaM+m1dUPvKq61uBnGvZDFXrqQ7,iv:hxkruf0Xo1ZNJ/ym5YdLGJF5aK5nXZMJ46XC18Aksmc=,tag:KrUCTgDgYndxhi8QSYpGwA==,type:str]
|
||||
#ENC[AES256_GCM,data:vHvpcqJaH2hPTg==,iv:S1WbgLU+15FMJr699YGY4f9r8wIg880tjJo6W6APhx0=,tag:F7fbA83eco8/Qd6u4vUMbA==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:LwZKy71ecB/E2EMIaUuFV0a7j+16EWo8LA9/0Gc8lpXAQpaT,iv:+cjrRDSvW7KFGDlpI6W+eDi3bux+eQl6NXNjnUoj7L0=,tag:PurtN+Vede0DNTQqbea1Ig==,type:str]
|
||||
#ENC[AES256_GCM,data:rhbv9bL/0d7pGA==,iv:XvKiQWO72BfHhVRyti5ST9+f9tPUne2IcMNC08kD9r8=,tag:qhA6q4MrX3lAELrrGM8LCQ==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:jOyA913cS21eGwjUPY/XrQUBofoHwsCHghpmjzGx7cBzk/K0,iv:wXAnuSUhJ+gwGvMF7/YsfgeTHOvQC+S6rM5DzypvOuo=,tag:b/FsoypjkVYLSfyowNL2Nw==,type:str]
|
||||
#ENC[AES256_GCM,data:Q48F7+SNdz7duKY=,iv:KIb6lIJWAVXKekBhwPztkySYDA7IP4jMjDsWy+waeFQ=,tag:s8hEz2zrh1ZXNKi/IuVV4Q==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:D6+eQdWO/W4P1ul9zQLpUQxqNA+kytz5ZHH6HmU/jwSuq3hU,iv:U4H7Ez0P3gWBLVeQ6O4PN4AmVP7Ij3oArhMmfT1BWic=,tag:l6TNsJFXXH/+yMcszkVRrQ==,type:str]
|
||||
#ENC[AES256_GCM,data:F8qJksiC3Z8GbJc=,iv:yDBYQLUFFSXMn5Vo69rXzGBWzA+GkYw1qHS/ShisH7w=,tag:mnxj03thlYN5KhKDUO7hug==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:QeSxzBR6fLAyoUsA4aGKilYHcF42SNdkwjdwWZbxNvqZU6bf,iv:ocZGB4i8M7qM9Ypp3BUlGIdGL0AQx8NdO5yBZFLB6fk=,tag:WMFmljoJSnCU8BL/GfiZMg==,type:str]
|
||||
#ENC[AES256_GCM,data:LxUne7UMT32f,iv:AyVaLB7Ni6HB5BE+InEG99TQsEzdQG7EXoHXC8PLGlQ=,tag:j5GoVfDsqoHypkxYFNPjyg==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:lzFvCb/zbTZs2jmYUfl3onGeWjBCdjxcIzAIff/fm6Qre+HZ,iv:eSiosE3eOrl7iLnOV41w+pwdtcske/4R1Bf1D1qxsOo=,tag:r69jFKp/FlxN3MEL5E6EXA==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:xz7xFt/g++E79bIl6AeBWATHDB+gHBIoXo5vdWTeyrAT1RtllgYie9k3Fg==,iv:x7fdmSINQA+F7a08jpuvCAg7vIZpsYaoX+EnitJMUCk=,tag:GAb/RRdAOlteIQPxeIMAXQ==,type:str]
|
||||
peertube:
|
||||
secrets: ENC[AES256_GCM,data:OR3OA8qJsq1gAYiv1rShNa8eODzIxPOpVbqbnseSCMUNx4+FeOgReTLl7cXHPxbBkrJbsfEq5XYm1QtRtxotdw==,iv:6vz0ezsFuCNsBduNhm4VQ+it6oEJF/eMxktVFhdXgug=,tag:hmW7BwF9C53SAHhu2HBLYg==,type:str]
|
||||
@@ -104,7 +144,7 @@ sops:
|
||||
d0h3aDh5QXFZYWJFdmNVYnJxQ3pBeVUKTl0XVvtwJcz+RpSylgDPl/R8msInxvWX
|
||||
eQGmrDHibeE1V+KSDiuNzC4MVRIrOnh1beHrhnVQ86HwPVgJqs2FoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T01:35:04Z"
|
||||
mac: ENC[AES256_GCM,data:q2BolEBB6Ik8yx6NHnnE3Wcl2rGVZN86dpfLJrrFOxWd8fZyfBQ/00v4dUZSZw0aQoMj1V2RBDyVtScuRiH0NVb6+RfX+0t3zTEf6guuJdurczLBz9+D51+Th3KE1uk+UjI7J+Q/TOWTvoGMj8P4XZCXQsCDIct/vbLGqNB9CgM=,iv:/6xR7KXXLejm9Iuqcxc/7IqLEckNhmaJTKzJGonSrng=,tag:XdeCoEkHefw2HqTGSchUJA==,type:str]
|
||||
lastmodified: "2025-05-26T10:55:01Z"
|
||||
mac: ENC[AES256_GCM,data:ek8oYslh51198fhnYy8LgZQBo3QEnCumeSzLEIEFp/bQshfPVtiMt29n37y89GZjfvd/UL/J/i4sxHqF328+MoMtIYwcDzJoHp/ZNJYZoM19UjEsPL5YemRRXz++gw3tvDgqPzYvtr93pg6+WcPNToIhzsew7QzYj2xLiSaecvQ=,iv:wk8RcTUbZwUHRAgNRuZ3SWWv6O57hHBCkccYNZiMwPQ=,tag:8bwhsrkk8bVMwThZQPkNXg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -28,7 +28,7 @@ inputs:
|
||||
{
|
||||
sshd = {};
|
||||
fail2ban = {};
|
||||
xray.server = {};
|
||||
xray.server.serverName = "xserver.vps4.chn.moe";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -4,45 +4,27 @@ xray-server:
|
||||
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
|
||||
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
|
||||
#ENC[AES256_GCM,data:4Y00hDJ+8Hjq3Q==,iv:XWZYNC1T5B55B43tcuzzvOOFtHqZJ9XDuEaYQOO5cR4=,tag:5oNFsqUtSiv8CY6aHyGjNQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:MRMdc7LRYqgRsfKKW6LnP14g3JoFT6g7jzkXW8gIAeqypyoc,iv:tfPBD2FkIljz3xasYNJsj3vh2lEObrvSZ95FyCgWcTs=,tag:B1PQpyX24DqrPscL/pjZmQ==,type:str]
|
||||
#ENC[AES256_GCM,data:gGd3kkNcyIwOXg4=,iv:vILDvtdvopPM8lZDDpedvtXYHpoPvPn1A8AJca41r9A=,tag:2LMImcmdyPKsQDloq7041Q==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:+KUVcqy18t6Fd+QNgB5DeZkNSA6lsjebO+xnzxzIjWuZ9UmS,iv:qugbmBv9jk1yfH2s0A0jla0DR3jkdXLVUeWGcj6v68U=,tag:4FUf/guDzPqgDcb1086WTA==,type:str]
|
||||
#ENC[AES256_GCM,data:jCgKe0t2xQ==,iv:UE48L/JpobN6LUd6Z9RlsUGSJ1sHHgiL6xj8lPztwJc=,tag:xnwWLQm+GIUzsfBO/TXhrg==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:3yrdvbcH/ToAQpTLppSVp2FNGjatyBInKP85bAY9OrEtzhhQ,iv:4zvb1nzKjrCNWWKelOnDhsNBAC7Ak6ZpJlvQKqGJrgc=,tag:dBOTBJDJhJsKHKg/vGmpxQ==,type:str]
|
||||
#ENC[AES256_GCM,data:2ptsDQ==,iv:dEzyk6NQcFZQPx8h/ViCqtRaQ/8dfMTVKBq+iguk6nU=,tag:11SLIAhtcHja4G9HUXr9Ng==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:NO9rpzFkySistf9++oXpo1tBaa4XtPtcCGR+2IWmhQYEH/l1,iv:OG+U0avgo9mjmU3soxRNL71ZC7Ee4ijpsJMRn3jYvhw=,tag:QuBFX2KHgNJ+f3RwqEH4+Q==,type:str]
|
||||
#ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
|
||||
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:Ie8M385wtRx8bWIdCupnda799kL0OLBsWdk9pHTY7IxxaZbn,iv:OrRYOkaC9uI9E1Eb8GYqmYr9VAUM895oO8NSdvxUPCQ=,tag:NZTUE4KnUjhg/auoALavTA==,type:str]
|
||||
#ENC[AES256_GCM,data:Wwq+ypJgx6OcXA==,iv:dSvFz4I5tFx+ZVClxNGKwcbIQe7OY43OzAhqRiDK2TQ=,tag:CYUs1cJ/zqc+Y0yFec7Upw==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:2GyFDXIiAN3mTobwnY4czV2Egoin3B5Ih+aet3yT+krPTkPq,iv:NwrzO//HXwKMudgD+yK1hsj9o71RG6BfBle3logvuLE=,tag:WWpioPsnhHvVSrzAmN16Sg==,type:str]
|
||||
#ENC[AES256_GCM,data:vVz6E2juGqXS1Q==,iv:9itEkwMsW8cqSzwV2EZtgJVgaW7aJJ5fw1rLuKFwiKM=,tag:9hRADkot8kELoYAgd6Dz7Q==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:HgSVrry+nKGW9X9N6h8hsI9VETKtSEi+/ZC9QvNZW4zETQxt,iv:ERgmCDPBpboA/+Sxeq6BvWoMxsv3Kkczqb/mbXz9pOk=,tag:bklzRg9toKy//6T8xdtbRw==,type:str]
|
||||
#ENC[AES256_GCM,data:2sHxXec=,iv:aA61+cmDw4rHab7RuRRK3eUDx5d6gpmfw4RpQ6Nd0mc=,tag:H9kovJyn3Te3ir9X234VGA==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:CqrwaZp1fHd/WEGQH3xWI8DZ2/AavCqwTtwZeHmnrct5yoD3,iv:IBOHGQlw+uQt8Ryp/mCDcglfSPNXvvHOjNnrT+7nOHQ=,tag:tEkGEtPaOBK+P3LrQzOLsQ==,type:str]
|
||||
#ENC[AES256_GCM,data:oB64XheVxA==,iv:Ci9apSqTHQ02IFhqVvlC3hO8yWRKELVtJE3H/CUgFyY=,tag:4uV2aYzzZAUW+OZf7QEVPg==,type:comment]
|
||||
user11: ENC[AES256_GCM,data:pk9b5lFhuAfhKMcTUIdlx6eQHn+MJaPQEs6flmUhhHA2ygj/,iv:UGuPrxJPh+V7vSFjmgmBc9vhg7qye5SrNCFiiTcnDk0=,tag:D/B4PTafZe4r/W/dVWC2CA==,type:str]
|
||||
#ENC[AES256_GCM,data:Rw4BWXZutQ==,iv:rXe2i1G/xQkpBl0wh6VIzaNoidCc3JL4sy6v5hcOF/M=,tag:2tZyH8B0ZL7XptKHk6TcAQ==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:CsbquwEn+iOKCzda8z26FYk2i5aPk2xzqGIYORiD4lotvnFE,iv:zHPmlT4LAc6NDjXrExze23dZZFIj0c1eR4WW74cu+qs=,tag:5MDFrZNgv54mK05ImSvpkw==,type:str]
|
||||
#ENC[AES256_GCM,data:vqYkwGVcQ8yZbA==,iv:1ckVSiAgjuT/K0MuVHe8D2hHE7X2qxCHpb+y6nrFCsI=,tag:so9oFl6bXlJT2O+prplazw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:KUraqncs8iPr7z+COfJ1z0TLNLlgctxy8FCav95+kkVXtStx,iv:Uv90bnVmmQh6f9pKOWmEKCul5VPxF7rrQ9GYrsCGPp8=,tag:I0r5o8xIYuq5/MIXSOHT3Q==,type:str]
|
||||
#ENC[AES256_GCM,data:F2x+2zrePYDkCA==,iv:aTMeqvGVI43xLsN9submgciiJEjY4hYypJ9RJLIBYTE=,tag:quKW+MATVzRw1bda2jGjdg==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:BjnUUnNyqUvvPbfa1CeYvcVbMOwz6/Em4YhxRgmlicOSwro+,iv:LULwzjV5PRihTHNZFJ21IrDG3rW3qX4CYwF4Xu1KdZg=,tag:pZAI4OEx24d6h/h9JyQ/hA==,type:str]
|
||||
#ENC[AES256_GCM,data:aka1O9hn/dZX3Q==,iv:rWik4cYtHY/Z3xQ0p/i49zTXVmKEQDV4OMn12UaQr3Q=,tag:hPm4bugH9RAtsykj0BJ0Pw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:URZqRUDtG5FDrZDsmI7CFn4ilp97GJtgaVVB+j0dRUdtVGoq,iv:iUkcr6Oo29y5PIGF/GJRltn5DD19yEcBIsJAaYs43AI=,tag:gzSsjeQxvjvfFVkDHPkfvQ==,type:str]
|
||||
#ENC[AES256_GCM,data:JkMniTrakuonAA==,iv:V5KmQL+C5O2mb3ktlm1ITjLaa1NxToQlyToqYbGme9U=,tag:UTZm05uyb5j0Pf9vuxyIxg==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:fFtnkBnaOktHaIfk7dN2U73UkloToiLvP3Pg2VAqPzvTE49h,iv:DZrba7RWmaeOQsqh3Kq/IuFS9so5u5ItK5WwV/65FYE=,tag:v+pOozYvrJJIsj7A/a3S/g==,type:str]
|
||||
#ENC[AES256_GCM,data:gR0WsUYdBZBWjA==,iv:rnXZQaDNu+cEzneEa6/2pO+qUXl/fut8FJ3n90A6ATs=,tag:azNGPfWv+ZgOU/B5PMCVZg==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:S8VSoBIR/RqwctgYPtyIPEK2hXLr4LZ/jJvvFHA6CGgp9/Ff,iv:8eLCZEaiquwZyswwLkLoJcl7UPWTVYmQqZ2egAGFWWM=,tag:VgJiSt8eRcRhppMXkAkmKg==,type:str]
|
||||
#ENC[AES256_GCM,data:vWW1bNyENgcspxI=,iv:xXCrjHyxVtodkVu/wgy1OrHGGm20nEd1iyparWcycYE=,tag:FRu132btquzXkiLXlnq1Iw==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:Wux6pzwor0B1A9d1y0QEpcNnYn1pObloHxghSONHcsQ266/7,iv:jWSuswV6vTQdL764I/zxFC5gkFOa5Qwj54rggmmZX7I=,tag:4hmqBTn0T3a6Sjt9lofwbg==,type:str]
|
||||
#ENC[AES256_GCM,data:IJWHWxbhy+gxhxk=,iv:HzMi211JiVfHUhEJm+q/K0tCjUEXDhollUf8Bm+HVA0=,tag:P22Q/h+DUhhJayZftcvVfg==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:0X5x3SATZm25kVf8cu7TGm2t95DneLAqhP16fRQCtROzyZyg,iv:dmlwRmubnRq2fNdNz3lVlAVYpPjVHkFm60IvPcajjds=,tag:eDJYYf3eRw+FxfaHiRDk5Q==,type:str]
|
||||
#ENC[AES256_GCM,data:O3ovvRYzFrQY,iv:/Zs8e6u7wdp18AacZ3WWBvn5PDtXDnQ6ZyqLiyYmvAY=,tag:HmhKBI3aRCIR34vOEnv1iA==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:ee0naewdOjIxA0QEpmUyOSu++sUJQneEufhJBHiyOR7jAPTU,iv:09fZ0dLUZHp9wM2lCiIcTzFey2AkWBmnUCfq8W3FM6Y=,tag:dHBVo/Ok3Q9vy1pIbWC1Kw==,type:str]
|
||||
user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:3h+cpSHULgwlI/zOI0IL4t4diDzm7qWW1sOWZqkFRWCB0CAfGyydGNlZkqA=,iv:pVpmw0aEDssQSr724h9NvJqFMHu0NupDfCSt1RWVnUk=,tag:fonuszujTzeo2HqO1OokEw==,type:str]
|
||||
acme:
|
||||
token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
|
||||
nginx:
|
||||
detectAuth:
|
||||
chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
|
||||
led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
|
||||
chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
|
||||
maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
|
||||
telegram:
|
||||
token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
|
||||
chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
|
||||
enc: |
|
||||
@@ -62,7 +44,8 @@ sops:
|
||||
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
|
||||
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T01:35:34Z"
|
||||
mac: ENC[AES256_GCM,data:40uhvaJNu1ELo6xHYECEOTE0lVcrcMmZKJpLmE28D2pyXnl6UQza0j9O7944+Ii+VroSvm7juB86gR8/x6URabQF0l2HTiYtBvyPicxdobB209i5JSULiCUe1zlfz8WyQ4VnPAJ9SJny59ucMYxMh8RM4UPtXWLs5whcqt5ooSk=,iv:5odm078cRXnwTA233NV7edcYTfMmTLFLrGRhE/oi8SU=,tag:2t06LMMrRkmbAQbCad6URA==,type:str]
|
||||
lastmodified: "2024-08-25T03:19:55Z"
|
||||
mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
version: 3.9.0
|
||||
|
||||
@@ -27,7 +27,7 @@ inputs:
|
||||
services =
|
||||
{
|
||||
sshd = {};
|
||||
xray.server = {};
|
||||
xray.server.serverName = "vps6.xserver.chn.moe";
|
||||
frpServer = { enable = true; serverName = "frp.chn.moe"; };
|
||||
nginx =
|
||||
{
|
||||
@@ -62,26 +62,5 @@ inputs:
|
||||
beesd."/" = {};
|
||||
};
|
||||
};
|
||||
networking.nftables.tables.forward =
|
||||
{
|
||||
family = "inet";
|
||||
content = let srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0"; in
|
||||
''
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain output {
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
# 需要忽略透明代理发出的流量(gid 不是 nginx)
|
||||
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} tcp dport 7011 fib daddr type local \
|
||||
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
|
||||
}
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname wg0 meta mark & 4 == 4 counter masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -7,41 +7,44 @@ xray-server:
|
||||
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
|
||||
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
|
||||
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
|
||||
user2: ENC[AES256_GCM,data:+MKTpaA8hO8q0kyY0V1csedLOtIf760Vr0+WllGe9lgMJ5da,iv:5txOM3sFOhKVX4EVozb8XHWLU0fUNxCF9YAwTYaTL6c=,tag:jkgOVgiEc5phY1XNETsdpA==,type:str]
|
||||
#ENC[AES256_GCM,data:s6BwbmIwmC1J+vA27pPGh0Q+Rmowkd8ES3hYOny3vX+tjWtW+qiWBz2A9M4=,iv:XXPPaVyP7fEUhNJay2mjjC2f3Vg3wYtBUDoSYQt1Iew=,tag:B2WAfg2Oqwp0t0gE7Jdq6w==,type:comment]
|
||||
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
|
||||
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
|
||||
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
|
||||
user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str]
|
||||
#ENC[AES256_GCM,data:RVChRrOl3R8DiKPS7yduAu5RG7d4VkOZ5akRTp18mK7Hz/xQ7FpxlNqGJcQ=,iv:j7naYq9tD+G5dDB8+hyUVosA3p2O4wlkcxIBlO7hRdo=,tag:TvlSmZwTDGLCX7qOR5Clhg==,type:comment]
|
||||
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
|
||||
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
|
||||
#ENC[AES256_GCM,data:nTsDaAIVIP28YBCw0XONqWoYziAYhszJhLBlJfbFM6w2NB0nQcYWAanhkkA=,iv:rezGcsfxcAUjTtBFd099TDrV+K59cb0gbJCCVqH+nCA=,tag:5g2Zl82MNuHTf12Tb0GWcg==,type:comment]
|
||||
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
|
||||
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
|
||||
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
|
||||
user8: ENC[AES256_GCM,data:AnZb12dioiCamubOb6fsGWoM55zfPMeRbu+j8bRRcMfSQFJf,iv:rB+4B11JFC0oS2ExUW18f5WvhnE4EuHh3IiEyxWeY3A=,tag:jt+3yxDvhusvB8ppbdAwzw==,type:str]
|
||||
#ENC[AES256_GCM,data:hG7EUK7V9QObh7rHKtgTESwNLOf16WXoQrCAAEiK8Nzsr7atwh9DqNIJAww=,iv:3zAY7CImCzvNmsVK/OG3VgYSUL1wdt+keYtuskGO7Gg=,tag:7JeGHrlVkAUOX7bhd8UJaA==,type:comment]
|
||||
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
|
||||
user9: ENC[AES256_GCM,data:+SA+VcZcy5ckuS/46Dn093VvuqxrIACuqMAMx6Ko5yw0DVdW,iv:TeLXb1WI7uhcPDkXYSlKIxdE6Kz+nCnlB+ZYpWcaF4I=,tag:YB0sPD9yHMARhiMJs7JKcA==,type:str]
|
||||
#ENC[AES256_GCM,data:C6ri4a3iCXf7I3PWSoPk1y4143TTFugot1MMxdawWxGyfg/P7SYUBMs+T0U=,iv:v2lCOw+p0hJhXNsUpTSCvqNSBtPaPJGMrk6ukJYtB+w=,tag:WXq9rUYDQKN/cZzZ7CFQvA==,type:comment]
|
||||
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
|
||||
user10: ENC[AES256_GCM,data:Pec0CVGia/ZIaq7WerZlr0/waJ/Ev1OKwt7V3PBxBSFMLi7p,iv:wYTdhv4Xoe58KBIwV1vk/V4IcdVzQrBgmzGaRD7qHQs=,tag:IZVt5LmjTUge8XntujJlTA==,type:str]
|
||||
#ENC[AES256_GCM,data:Gs2pJl4YMPRBDZCmd/1ycXJcArdIb8cUAQ+09OuRm7z/x1ATc9xVr7dE+C4b,iv:JYf4sTzJh7PoQe5yFAC60mJ5zKUIof7QKm5jMfiF5xE=,tag:/CJPT/OmblQvzqkQ1VCP/Q==,type:comment]
|
||||
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
|
||||
user11: ENC[AES256_GCM,data:IFIVzbnZCyn0j7AG0ClBT4byyZyVtRk1JqlWsojqPIVenek2,iv:ONdq1qIXG2kbAjuM/tHSPxce7oD/MHcBw1pBYm9DlEk=,tag:OuzeX0K+fSO7jWadb1uSRQ==,type:str]
|
||||
#ENC[AES256_GCM,data:JOabknMamJFImHErEcsrAMuYBXzJkw/Gm0+6rWrer2ePsoOakN/A3ByCPzwQ,iv:wnUFMeGfkUMkkpJBrFswy1SwJzVBDehEoilnzb43MgY=,tag:sXCKkiwtDp9v7ptpuAfOhQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
|
||||
user12: ENC[AES256_GCM,data:iTZViWyKkCU1y6mvB0NzkXf3I98U/+nCs21ZD6M285YKaU6q,iv:vFgA3sv/7ENcw3gyJLiiHLwroXtVJjAxZXViqjXF3mQ=,tag:u3b9Uu6TIPPYX0TW5X5Sjg==,type:str]
|
||||
#ENC[AES256_GCM,data:LRRsL6u+FH3jHa8UAhEXrb3UTQss9piBle2aH2xuuFw0cupmRd5PlSOBIbvQ,iv:0cccpn4bWkrla6COI5g6pDDW1JoVK4UULYteXoJp38s=,tag:+EFlWxGIw7k85Q2RIL/YHg==,type:comment]
|
||||
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
|
||||
user13: ENC[AES256_GCM,data:ID/A7yCWQIWRoU7Emhel2ASZfTweqXYmpC5q6Fm6ptD0XfCu,iv:YrFjIilO4pH+QxVVDTqwkufj2VSC38y9lAJfD8w522I=,tag:1v/T7vWeh0LMi0OL0FVs9g==,type:str]
|
||||
#ENC[AES256_GCM,data:JFKeeVBSBO8pWttZy/fTX1YaVV69Et1GmHVDLZ1E5vUY3BvajjjS04t7V5TG,iv:rZJQTe5+YgJ6X6uPoQcpTw4AF+gQCVSMe7maFetLEPg=,tag:H4ravqgOgQYgVXMayv7tXw==,type:comment]
|
||||
#ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
|
||||
#ENC[AES256_GCM,data:dpOaSMuXhIiwb+yD3TgOIKkeWBusQvqHbj4PuvH/anF5/P8JagplDpBSIimJ,iv:PkVIthbA21sFC4J4VmwZ/1HZqA6qbjVPnJoRszmeVbs=,tag:PcXPRYLzuC9F0YfNT4mi3A==,type:comment]
|
||||
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
|
||||
user16: ENC[AES256_GCM,data:esInSvj+a90TAl+b/n9m2iJsH7e6tlQRwSsoLBCy8KA9a0Z3,iv:U4c0pZzqS1s5H6XW3YRSCvDhtxnwCnyKR/tObefX2Rw=,tag:YtY/t4xsmZaj4lC39XQ5SA==,type:str]
|
||||
#ENC[AES256_GCM,data:DeWybZ68gAH4cukohO+OQqeNrnRlUdclGHFeH8aBcn0aq1iWh1UCgtiT5xXd,iv:HYq+CiPWCswr+7+uwUblN8N6T38WU/qu9F5VzaLp4Gg=,tag:YKunlBxH4H71FRSuPxR8Uw==,type:comment]
|
||||
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
|
||||
user17: ENC[AES256_GCM,data:6h343SreoMqz5ZHkdyDI/je4v10r5zBV7cWc6Pj4x5sI2cvE,iv:7WSikMxAZJUnv3+GPq40d8r9JkKRRH/SPW5F5fy5HHY=,tag:6h5Z7+WXT/dLNeEIrC0UGw==,type:str]
|
||||
#ENC[AES256_GCM,data:tkJTZZjJfQdU0EDQw9mmc1GRlSpqdwOdsE/QCw4BedDbixjElKqUC5MPRR/b,iv:/3obljBcGiXJfzlTQivkVcaWWcsiqokuU/DmUTchpwg=,tag:E80OLtqoM5XuGk2/xYBYKw==,type:comment]
|
||||
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
|
||||
user18: ENC[AES256_GCM,data:HJj0e6EHXEYmDXlZcS8UlfEQo/4y47w3sYKgb2Ojq6E4vMdE,iv:xThlGl/DDLLgoY5VkBSCx9HIvxy2ZlO5Q987vIMu0lA=,tag:gB07jP6Do4/6RmVaLB3Ecg==,type:str]
|
||||
#ENC[AES256_GCM,data:LXBBph+nPScs6CSHPKwMSvcgFtWrmcOHEhhDZUNClb/7ixJFno82QnRwrnTp,iv:00I8csKFj65qeK8RPbbQ18oQZBrYKeFV3eGwfFXyGDc=,tag:uWUPNfu5Tmqr2LDkijc5cA==,type:comment]
|
||||
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
|
||||
user19: ENC[AES256_GCM,data:unW8dOhNbPNLWd7X2prpD82tcqUua7msq8nX3ykFs8STsuto,iv:OLaZ9XQDFGaA1VENgsSn/3HQXp957Zf9MD9GPZ4KLE8=,tag:UK27LK+De3AzbI2mEIsQpw==,type:str]
|
||||
#ENC[AES256_GCM,data:ttTvPgRtQ4tYmYBSNaO+Bbs/Kz85vuNX+2Od4cOG6yD9yqrSdfLRwVvedVol,iv:ZWZX5rytwefvte/NgNlmmp9FN9vuZ62KVhVgVwX+g7s=,tag:uXx87i/ly6GkLgXA4+QULw==,type:comment]
|
||||
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
|
||||
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
|
||||
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
|
||||
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
|
||||
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
|
||||
user22: ENC[AES256_GCM,data:LClSrxtBzuJUD4J4QaYXHUr8XSi+N7Zh193j/YeBZRm9sjgf,iv:djiq3+iVnuKK2HveoCm/j8FezzrHRGnjbyoO6iGm6eA=,tag:N5hqYyvJGxnwT8wbxdnjiA==,type:str]
|
||||
#ENC[AES256_GCM,data:FnindYeqk6g6aZgajHVejfHPqeF+uSX3QzbrDS6XLZz52aQF5ZQSiJQCaDha,iv:c/mrS0jfy5EzQe4Tkm0QqBH9/okJnCsRZFGhzSjeit0=,tag:e5otDw+I2d7moybCx4jeqw==,type:comment]
|
||||
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
|
||||
send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
@@ -68,7 +71,7 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T01:33:33Z"
|
||||
mac: ENC[AES256_GCM,data:sRZaOvmwZqoxNFKrWtY19t4As7CEu1kXNR1XWO1uo28KEWQJ2n9HLRsdinjG70j/bFyTkXXiBz6Vlhx2RkdhHURKxe/UKuv/5szuGV/aE0NUGu+jYIaSbbIZpv1FkuUYuRFbuaSJnejEyQYW9ahaJYAJgXutqMY/e4xgUJ7Ooeo=,iv:PvAvKe/23u+aPP2moiNrkEqi0CgP9VCwfzcKC8S8Z1w=,tag:YburNo3mniyi4jyUjMF8DQ==,type:str]
|
||||
lastmodified: "2025-05-18T07:37:52Z"
|
||||
mac: ENC[AES256_GCM,data:nfUU2BsDuErJGm8sVB9shRv4N+cIFZmAF1vWF4iZmcJwjP2PekVWcp4COPAlapy5oVhMutr39oW6VsltTR27jVxhI4+dueurMU7KRLD5Bwpk5hQmMAfZxvl4GaP50zehJbCwfApiX9CcjwCUxUjraTs4rG6LK2+8d5Z0PYosm2A=,iv:TR63cpbe3z0K4bWpbEnv/DE9jnAJV1Zv+Aj0HXoA16Y=,tag:fS78JUapMvBtZCFtM1z07A==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
10
doc/todo.md
10
doc/todo.md
@@ -1,14 +1,6 @@
|
||||
* 测试 vasp
|
||||
* 测试 huggin rsshub
|
||||
* 打包 intel 编译器
|
||||
* 切换到 niri,清理 plasma
|
||||
* 调整其它用户的 zsh 配置
|
||||
* 调整 motd
|
||||
* 找到 wg1 不能稳定工作的原因;确定 persistentKeepalive 发包的协议、是否会被正确 NAT。
|
||||
* 备份系统
|
||||
* 备份数据
|
||||
* 清理 mariadb,移动到 persistent
|
||||
* 清理多余文件
|
||||
* 移动日志到 persistent
|
||||
* 更新 srv1
|
||||
* 告知将代理改到 xserver2
|
||||
* 准备单独一个的 archive
|
||||
|
||||
14
flake.lock
generated
14
flake.lock
generated
@@ -503,12 +503,12 @@
|
||||
"nixos-wallpaper": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1749300029,
|
||||
"lastModified": 1744994349,
|
||||
"lfs": true,
|
||||
"narHash": "sha256-m5rQGDo9sogrNFtHNdf4CiUe4odqOVStj03ikUQX7NE=",
|
||||
"narHash": "sha256-DMVWLep/yoR05kfYqjQxazjZXEUw/CRLoELajXQq3eM=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "8da808801224ac49758e4df095922be0c84650c8",
|
||||
"revCount": 8,
|
||||
"rev": "5e4d102f5da8c27589083fb90e3f6edd8383ced8",
|
||||
"revCount": 6,
|
||||
"type": "git",
|
||||
"url": "https://git.chn.moe/chn/nixos-wallpaper.git"
|
||||
},
|
||||
@@ -520,11 +520,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1749016257,
|
||||
"narHash": "sha256-Vi+QhXm6Kau233v7ijtdD5aNpE4RpnUjRUhXGwi7pxk=",
|
||||
"lastModified": 1748494270,
|
||||
"narHash": "sha256-SRyjwD3RfMXpY0/69WErFQ/P8UG1aD5qQQNvEd/NGLs=",
|
||||
"owner": "CHN-beta",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5835771b10e3197408d3ac7d32558c8e2ae0ab8d",
|
||||
"rev": "3eb4afeaf2384476d35dbb5dc51675c5ec1d2b62",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -5,11 +5,11 @@ let
|
||||
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "铜锣湾" ];
|
||||
nas = [ "initrd.nas" ];
|
||||
office = [ "srv2-node0" ];
|
||||
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
|
||||
vps4 = [ "initrd.vps4" "xserver.vps4" ];
|
||||
vps6 =
|
||||
[
|
||||
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
|
||||
"ua" "xserver2" "xserver2.vps6" "铜锣湾实验室"
|
||||
"ua" "vps6.xserver" "铜锣湾实验室"
|
||||
];
|
||||
"xlog.autoroute" = [ "xlog" ];
|
||||
"wg0.srv1-node0" = [ "wg0.srv1" ];
|
||||
@@ -17,7 +17,7 @@ let
|
||||
srv3 =
|
||||
[
|
||||
"chat" "freshrss" "huginn" "initrd.srv3" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
|
||||
"xserver2.srv3" "example"
|
||||
"xserver.srv3" "example"
|
||||
];
|
||||
srv1-node0 = [ "srv1" ];
|
||||
srv2-node0 = [ "srv2" ];
|
||||
|
||||
@@ -36,18 +36,13 @@
|
||||
else if builtins.isAttrs x then builtins.concatMap getDrv (builtins.attrValues x)
|
||||
else if builtins.isList x then builtins.concatMap getDrv x
|
||||
else [];
|
||||
in pkgs.concatText "src" (getDrv (inputs.self.outputs.src));
|
||||
in pkgs.writeClosure (getDrv (inputs.self.outputs.src));
|
||||
dns-push = pkgs.callPackage ./dns
|
||||
{
|
||||
inherit localLib;
|
||||
tokenPath = inputs.self.nixosConfigurations.pc.config.sops.secrets."acme/token".path;
|
||||
octodns = pkgs.octodns.withProviders (_: with pkgs.octodns-providers; [ cloudflare ]);
|
||||
};
|
||||
archive =
|
||||
let devices =
|
||||
[ "nas" "one" "pc" "srv1-node0" "srv1-node1" "srv1-node2" "srv2-node0" "srv2-node1" "srv3" "vps4" "vps6" ];
|
||||
in pkgs.writeText "archive" (builtins.concatStringsSep "\n" (builtins.map
|
||||
(d: "${inputs.self.outputs.nixosConfigurations.${d}.config.system.build.toplevel}") devices));
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(system: { inherit (system) name; value = system.value.config.system.build.toplevel; })
|
||||
|
||||
@@ -49,7 +49,7 @@ inputs:
|
||||
# browser
|
||||
google-chrome tor-browser
|
||||
# office
|
||||
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain activitywatch
|
||||
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain
|
||||
ydict pspp libreoffice-qt6-fresh ocrmypdf typst
|
||||
# required by ltex-plus.vscode-ltex-plus
|
||||
ltex-ls ltex-ls-plus
|
||||
|
||||
@@ -45,8 +45,6 @@ inputs:
|
||||
};
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
security.LOGIN_REMEMBER_DAYS = 365;
|
||||
"git.timeout" = builtins.listToAttrs (builtins.map (n: { name = n; value = 1800; })
|
||||
[ "DEFAULT" "MIGRATE" "MIRROR" "CLONE" "PULL" "GC" ]);
|
||||
};
|
||||
};
|
||||
nixos.services =
|
||||
|
||||
@@ -366,13 +366,38 @@ inputs:
|
||||
systemd.services.nginx-proxy =
|
||||
let
|
||||
ip = "${inputs.pkgs.iproute2}/bin/ip";
|
||||
nft = "${inputs.pkgs.nftables}/bin/nft";
|
||||
nftConfigFile = inputs.pkgs.writeText "nginx.nft"
|
||||
''
|
||||
table inet nginx {
|
||||
chain output {
|
||||
type route hook output priority mangle; policy accept;
|
||||
# 由本机发出、gid 为 nginx、但源地址不是本地监听的地址,说明是透明代理的第一个包,将这个流标记
|
||||
# 但这个包本身不需要处理,正常路由即可。
|
||||
meta skgid ${builtins.toString inputs.config.users.groups.nginx.gid} fib saddr type != local \
|
||||
ct state new counter ct mark set ct mark | 2
|
||||
# 由本机发出、作为透明代理的回复,它不能按照通常的路由,它需要被打上标记并被路由到本地
|
||||
# 这对应于透明代理到本地的服务的情况
|
||||
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2 accept
|
||||
return
|
||||
}
|
||||
# 还需要处理透明代理到其它机器的情况,它们的回复需要在 prerouting 中标记
|
||||
chain prerouting {
|
||||
type filter hook prerouting priority mangle; policy accept;
|
||||
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2 accept
|
||||
return
|
||||
}
|
||||
}
|
||||
'';
|
||||
start = inputs.pkgs.writeShellScript "nginx-proxy.start"
|
||||
''
|
||||
${nft} -f ${nftConfigFile}
|
||||
${ip} rule add fwmark 2/2 table 200
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 200
|
||||
'';
|
||||
stop = inputs.pkgs.writeShellScript "nginx-proxy.stop"
|
||||
''
|
||||
${nft} delete table inet nginx
|
||||
${ip} rule del fwmark 2/2 table 200
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 200
|
||||
'';
|
||||
@@ -390,30 +415,6 @@ inputs:
|
||||
wants = [ "network.target" ];
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
};
|
||||
networking.nftables.tables.nginx =
|
||||
{
|
||||
family = "inet";
|
||||
content =
|
||||
''
|
||||
chain output {
|
||||
type route hook output priority mangle; policy accept;
|
||||
# 由本机发出、gid 为 nginx、但源地址不是本地监听的地址,说明是透明代理的第一个包,将这个流标记
|
||||
# 但这个包本身不需要处理,正常路由即可。
|
||||
meta skgid ${builtins.toString inputs.config.users.groups.nginx.gid} fib saddr type != local \
|
||||
ct state new counter ct mark set ct mark | 2
|
||||
# 由本机发出、作为透明代理的回复,它不能按照通常的路由,它需要被打上标记并被路由到本地
|
||||
# 这对应于透明代理到本地的服务的情况
|
||||
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2 accept
|
||||
return
|
||||
}
|
||||
# 还需要处理透明代理到其它机器的情况,它们的回复需要在 prerouting 中标记
|
||||
chain prerouting {
|
||||
type filter hook prerouting priority mangle; policy accept;
|
||||
ct mark & 2 == 2 ct direction reply counter meta mark set meta mark | 2 accept
|
||||
return
|
||||
}
|
||||
'';
|
||||
};
|
||||
})
|
||||
# streamProxy
|
||||
{
|
||||
|
||||
@@ -288,25 +288,24 @@ inputs:
|
||||
group = "root";
|
||||
setuid = true;
|
||||
};
|
||||
networking =
|
||||
{
|
||||
firewall.allowedTCPPorts = builtins.map (vm: vm.network.vnc.port)
|
||||
(builtins.filter (vm: vm.network.vnc.openFirewall) (builtins.attrValues nixvirt.instance));
|
||||
nftables.tables.nixvirt =
|
||||
{
|
||||
family = "inet";
|
||||
content =
|
||||
let nftRules = builtins.concatLists (builtins.concatLists (builtins.map
|
||||
(vm: builtins.map
|
||||
(protocol: builtins.map
|
||||
(port: "${protocol} dport ${builtins.toString port.host} fib daddr type local counter dnat ip to "
|
||||
+ "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}"
|
||||
+ ":${builtins.toString port.guest}")
|
||||
vm.network.portForward.${protocol})
|
||||
[ "tcp" "udp" ])
|
||||
(builtins.attrValues nixvirt.instance)));
|
||||
in
|
||||
''
|
||||
networking.firewall.allowedTCPPorts = builtins.map (vm: vm.network.vnc.port)
|
||||
(builtins.filter (vm: vm.network.vnc.openFirewall) (builtins.attrValues nixvirt.instance));
|
||||
# TODO: use existing options
|
||||
systemd.services.nixvirt-forward =
|
||||
let
|
||||
nftRules = builtins.concatLists (builtins.concatLists (builtins.map
|
||||
(vm: builtins.map
|
||||
(protocol: builtins.map
|
||||
(port: "${protocol} dport ${builtins.toString port.host} fib daddr type local counter dnat ip to "
|
||||
+ "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}"
|
||||
+ ":${builtins.toString port.guest}")
|
||||
vm.network.portForward.${protocol})
|
||||
[ "tcp" "udp" ])
|
||||
(builtins.attrValues nixvirt.instance)));
|
||||
nft = "${inputs.pkgs.nftables}/bin/nft";
|
||||
nftConfigFile = inputs.pkgs.writeText "nixvirt.nft"
|
||||
''
|
||||
table inet nixvirt {
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority dstnat; policy accept;
|
||||
${builtins.concatStringsSep "\n" nftRules}
|
||||
@@ -315,9 +314,23 @@ inputs:
|
||||
type nat hook output priority dstnat; policy accept;
|
||||
${builtins.concatStringsSep "\n" nftRules}
|
||||
}
|
||||
'';
|
||||
}
|
||||
'';
|
||||
start = inputs.pkgs.writeShellScript "nixvirt.start" "${nft} -f ${nftConfigFile}";
|
||||
stop = inputs.pkgs.writeShellScript "nixvirt.stop" "${nft} delete table inet nixvirt";
|
||||
in
|
||||
{
|
||||
description = "nixvirt port forward";
|
||||
after = [ "nftables.service" "nixvirt.service" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = start;
|
||||
ExecStop = stop;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
boot.kernelParams =
|
||||
let cpusets = builtins.concatLists (builtins.map
|
||||
(vm: vm.cpu.set)
|
||||
|
||||
@@ -53,7 +53,7 @@ inputs:
|
||||
{
|
||||
slurm =
|
||||
{
|
||||
package = (inputs.pkgs.slurm.override { enableX11 = false; enableNVML = false; }).overrideAttrs
|
||||
package = (inputs.pkgs.slurm.override { enableGtk2 = true; }).overrideAttrs
|
||||
(prev:
|
||||
let
|
||||
inherit (inputs.config.nixos.system.nixpkgs) cuda;
|
||||
|
||||
@@ -6,7 +6,6 @@ inputs:
|
||||
{
|
||||
passwordAuthentication = mkOption { type = types.bool; default = false; };
|
||||
groupBanner = mkOption { type = types.bool; default = false; };
|
||||
motd = mkOption { type = types.bool; default = false; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
@@ -26,7 +25,8 @@ inputs:
|
||||
};
|
||||
};
|
||||
}
|
||||
(inputs.lib.mkIf sshd.motd
|
||||
# 如果是服务器,那么启用 motd
|
||||
(inputs.lib.mkIf (inputs.config.nixos.model.type == "server")
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
@@ -34,7 +34,7 @@ inputs:
|
||||
[ (inputs.pkgs.fancy-motd.overrideAttrs { src = inputs.topInputs.fancy-motd; }) ];
|
||||
user.sharedModules = [(home-inputs: { config.programs.zsh.loginExtra =
|
||||
''
|
||||
[ -f /etc/fancy-motd/banner ] && (lolcat -f /etc/fancy-motd/banner 2> /dev/null)
|
||||
[ -f /etc/fancy-motd/banner ] && lolcat -f /etc/fancy-motd/banner
|
||||
motd
|
||||
'';})];
|
||||
};
|
||||
|
||||
@@ -2,38 +2,32 @@ inputs:
|
||||
{
|
||||
options.nixos.services.xray = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
client = mkOption
|
||||
client =
|
||||
{
|
||||
type = types.nullOr (types.submodule (submoduleInputs: { options =
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
xray =
|
||||
{
|
||||
xray =
|
||||
serverAddress = mkOption { type = types.nonEmptyStr; default = "144.34.225.59"; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
|
||||
};
|
||||
dnsmasq =
|
||||
{
|
||||
extraInterfaces = mkOption
|
||||
{
|
||||
serverName = mkOption { type = types.nonEmptyStr; default = "xserver2.chn.moe"; };
|
||||
serverAddress = mkOption
|
||||
{
|
||||
type = types.nonEmptyStr;
|
||||
default = inputs.topInputs.self.config.dns."chn.moe".getAddress
|
||||
(inputs.lib.removeSuffix ".chn.moe" submoduleInputs.config.xray.serverName);
|
||||
};
|
||||
type = types.listOf types.nonEmptyStr;
|
||||
default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0";
|
||||
};
|
||||
dnsmasq =
|
||||
{
|
||||
extraInterfaces = mkOption
|
||||
{
|
||||
type = types.listOf types.nonEmptyStr;
|
||||
default = inputs.lib.optional (inputs.config.nixos.services.docker != null) "docker0";
|
||||
};
|
||||
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
};
|
||||
v2ray-forwarder.noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
|
||||
};}));
|
||||
default = null;
|
||||
hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
|
||||
};
|
||||
v2ray-forwarder.noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
|
||||
# 是否允许代理来自其它机器的流量(相关端口会被放行)
|
||||
allowForward = mkOption { type = types.bool; default = true; };
|
||||
};
|
||||
server = mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
serverName = mkOption { type = types.nonEmptyStr; default = "xserver2.chn.moe"; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
@@ -43,12 +37,12 @@ inputs:
|
||||
{
|
||||
assertions =
|
||||
[{
|
||||
assertion = !(xray.client != null && xray.server != null);
|
||||
assertion = !(xray.client.enable && xray.server != null);
|
||||
message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
|
||||
}];
|
||||
}
|
||||
(
|
||||
inputs.lib.mkIf (xray.client != null)
|
||||
inputs.lib.mkIf xray.client.enable
|
||||
{
|
||||
services =
|
||||
{
|
||||
@@ -63,7 +57,7 @@ inputs:
|
||||
server = [ "127.0.0.1#10853" ];
|
||||
interface = xray.client.dnsmasq.extraInterfaces ++ [ "lo" ];
|
||||
bind-dynamic = true;
|
||||
address = builtins.map (host: "/${host.name}/${host.value}")
|
||||
address = map (host: "/${host.name}/${host.value}")
|
||||
(inputs.localLib.attrsToList xray.client.dnsmasq.hosts);
|
||||
};
|
||||
};
|
||||
@@ -75,127 +69,132 @@ inputs:
|
||||
{
|
||||
owner = inputs.config.users.users.v2ray.name;
|
||||
group = inputs.config.users.users.v2ray.group;
|
||||
content = let chinaDns = "223.5.5.5"; foreignDns = "8.8.8.8"; in builtins.toJSON
|
||||
{
|
||||
log.loglevel = "warning";
|
||||
dns =
|
||||
content =
|
||||
let
|
||||
chinaDns = "223.5.5.5";
|
||||
foreignDns = "8.8.8.8";
|
||||
in
|
||||
builtins.toJSON
|
||||
{
|
||||
servers =
|
||||
# 先尝试匹配域名列表进行查询,若匹配成功则使用前两个 dns 查询。
|
||||
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
|
||||
[
|
||||
{
|
||||
address = chinaDns;
|
||||
domains = [ "geosite:geolocation-cn" ];
|
||||
expectIPs = [ "geoip:cn" ];
|
||||
skipFallback = true;
|
||||
}
|
||||
{
|
||||
address = foreignDns;
|
||||
domains = [ "geosite:geolocation-!cn" ];
|
||||
expectIPs = [ "geoip:!cn" ];
|
||||
skipFallback = true;
|
||||
}
|
||||
{ address = chinaDns; expectIPs = [ "geoip:cn" ]; }
|
||||
{ address = foreignDns; }
|
||||
];
|
||||
disableCache = true;
|
||||
queryStrategy = "UseIPv4";
|
||||
tag = "dns-internal";
|
||||
};
|
||||
inbounds =
|
||||
[
|
||||
log.loglevel = "warning";
|
||||
dns =
|
||||
{
|
||||
port = 10853;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
|
||||
tag = "dns-in";
|
||||
}
|
||||
{
|
||||
port = 10880;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { network = "tcp,udp"; followRedirect = true; };
|
||||
streamSettings.sockopt.tproxy = "tproxy";
|
||||
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
|
||||
tag = "common-in";
|
||||
}
|
||||
{
|
||||
port = 10881;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { network = "tcp,udp"; followRedirect = true; };
|
||||
streamSettings.sockopt.tproxy = "tproxy";
|
||||
tag = "xmu-in";
|
||||
}
|
||||
{
|
||||
port = 10883;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { network = "tcp,udp"; followRedirect = true; };
|
||||
streamSettings.sockopt.tproxy = "tproxy";
|
||||
tag = "proxy-in";
|
||||
}
|
||||
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "proxy-socks-in"; }
|
||||
{ port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
|
||||
];
|
||||
outbounds =
|
||||
[
|
||||
{
|
||||
protocol = "vless";
|
||||
settings.vnext =
|
||||
[{
|
||||
address = xray.client.xray.serverAddress;
|
||||
port = 443;
|
||||
users =
|
||||
[{
|
||||
id = inputs.config.sops.placeholder."xray-client/uuid";
|
||||
encryption = "none";
|
||||
flow = "xtls-rprx-vision-udp443";
|
||||
}];
|
||||
}];
|
||||
streamSettings =
|
||||
{
|
||||
network = "raw";
|
||||
security = "reality";
|
||||
realitySettings =
|
||||
servers =
|
||||
# 先尝试匹配域名列表进行查询,若匹配成功则使用前两个 dns 查询。
|
||||
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
|
||||
[
|
||||
{
|
||||
inherit (xray.client.xray) serverName;
|
||||
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
|
||||
fingerprint = "firefox";
|
||||
};
|
||||
};
|
||||
tag = "proxy-vless";
|
||||
}
|
||||
{ protocol = "freedom"; tag = "direct"; }
|
||||
{ protocol = "dns"; tag = "dns-out"; }
|
||||
{
|
||||
protocol = "socks";
|
||||
settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
|
||||
tag = "xmu-out";
|
||||
}
|
||||
{ protocol = "blackhole"; tag = "block"; }
|
||||
];
|
||||
routing =
|
||||
{
|
||||
domainStrategy = "AsIs";
|
||||
rules = builtins.map (rule: rule // { type = "field"; })
|
||||
address = chinaDns;
|
||||
domains = [ "geosite:geolocation-cn" ];
|
||||
expectIPs = [ "geoip:cn" ];
|
||||
skipFallback = true;
|
||||
}
|
||||
{
|
||||
address = foreignDns;
|
||||
domains = [ "geosite:geolocation-!cn" ];
|
||||
expectIPs = [ "geoip:!cn" ];
|
||||
skipFallback = true;
|
||||
}
|
||||
{ address = chinaDns; expectIPs = [ "geoip:cn" ]; }
|
||||
{ address = foreignDns; }
|
||||
];
|
||||
disableCache = true;
|
||||
queryStrategy = "UseIPv4";
|
||||
tag = "dns-internal";
|
||||
};
|
||||
inbounds =
|
||||
[
|
||||
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
|
||||
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
|
||||
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
|
||||
{
|
||||
inboundTag = [ "common-in" ];
|
||||
domain = [ "geosite:geolocation-!cn" ];
|
||||
outboundTag = "proxy-vless";
|
||||
port = 10853;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
|
||||
tag = "dns-in";
|
||||
}
|
||||
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
|
||||
{
|
||||
port = 10880;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { network = "tcp,udp"; followRedirect = true; };
|
||||
streamSettings.sockopt.tproxy = "tproxy";
|
||||
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
|
||||
tag = "common-in";
|
||||
}
|
||||
{
|
||||
port = 10881;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { network = "tcp,udp"; followRedirect = true; };
|
||||
streamSettings.sockopt.tproxy = "tproxy";
|
||||
tag = "xmu-in";
|
||||
}
|
||||
{
|
||||
port = 10883;
|
||||
protocol = "dokodemo-door";
|
||||
settings = { network = "tcp,udp"; followRedirect = true; };
|
||||
streamSettings.sockopt.tproxy = "tproxy";
|
||||
tag = "proxy-in";
|
||||
}
|
||||
{ port = 10884; protocol = "socks"; settings.udp = true; tag = "proxy-socks-in"; }
|
||||
{ port = 10882; protocol = "socks"; settings.udp = true; tag = "direct-in"; }
|
||||
];
|
||||
outbounds =
|
||||
[
|
||||
{
|
||||
protocol = "vless";
|
||||
settings.vnext =
|
||||
[{
|
||||
address = xray.client.xray.serverAddress;
|
||||
port = 443;
|
||||
users =
|
||||
[{
|
||||
id = inputs.config.sops.placeholder."xray-client/uuid";
|
||||
encryption = "none";
|
||||
flow = "xtls-rprx-vision-udp443";
|
||||
}];
|
||||
}];
|
||||
streamSettings =
|
||||
{
|
||||
network = "raw";
|
||||
security = "reality";
|
||||
realitySettings =
|
||||
{
|
||||
serverName = xray.client.xray.serverName;
|
||||
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
|
||||
fingerprint = "firefox";
|
||||
};
|
||||
};
|
||||
tag = "proxy-vless";
|
||||
}
|
||||
{ protocol = "freedom"; tag = "direct"; }
|
||||
{ protocol = "dns"; tag = "dns-out"; }
|
||||
{
|
||||
protocol = "socks";
|
||||
settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
|
||||
tag = "xmu-out";
|
||||
}
|
||||
{ protocol = "blackhole"; tag = "block"; }
|
||||
];
|
||||
routing =
|
||||
{
|
||||
domainStrategy = "AsIs";
|
||||
rules = builtins.map (rule: rule // { type = "field"; })
|
||||
[
|
||||
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
|
||||
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
|
||||
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
|
||||
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
|
||||
{
|
||||
inboundTag = [ "common-in" ];
|
||||
domain = [ "geosite:geolocation-!cn" ];
|
||||
outboundTag = "proxy-vless";
|
||||
}
|
||||
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
|
||||
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets."xray-client/uuid" = {};
|
||||
};
|
||||
@@ -216,26 +215,93 @@ inputs:
|
||||
};
|
||||
restartTriggers = [ inputs.config.sops.templates."xray-client.json".file ];
|
||||
};
|
||||
# TODO: use existing options
|
||||
v2ray-forwarder =
|
||||
{
|
||||
description = "v2ray-forwarder Daemon";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = let ip = "${inputs.pkgs.iproute2}/bin/ip"; in
|
||||
{
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = inputs.pkgs.writeShellScript "v2ray-forwarder.start"
|
||||
''
|
||||
${ip} rule add fwmark 1/1 table 100
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
|
||||
''
|
||||
${ip} rule del fwmark 1/1 table 100
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
};
|
||||
serviceConfig =
|
||||
let
|
||||
ip = "${inputs.pkgs.iproute2}/bin/ip";
|
||||
nft = "${inputs.pkgs.nftables}/bin/nft";
|
||||
autoPort = "10880";
|
||||
xmuPort = "10881";
|
||||
proxyPort = "10883";
|
||||
in
|
||||
{
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart =
|
||||
let
|
||||
loNet =
|
||||
[
|
||||
"0.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12"
|
||||
"192.0.0.0/24" "192.88.99.0/24" "192.168.0.0/16" "59.77.0.143" "198.18.0.0/15"
|
||||
"198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "240.0.0.0/4"
|
||||
];
|
||||
loNetStr = builtins.concatStringsSep ", " loNet;
|
||||
noproxyUserStr = builtins.concatStringsSep ", " (builtins.map
|
||||
(user: builtins.toString inputs.config.nixos.user.uid.${user})
|
||||
(xray.client.v2ray-forwarder.noproxyUsers ++ [ "v2ray" ]));
|
||||
nftConfigFile = inputs.pkgs.writeText "v2ray.nft"
|
||||
''
|
||||
table inet v2ray {
|
||||
set lo_net { type ipv4_addr; flags interval; elements = { ${loNetStr} }; }
|
||||
set xmu_net { type ipv4_addr; flags interval; }
|
||||
set noproxy_net { type ipv4_addr; flags interval; elements = { 223.5.5.5 }; }
|
||||
set noproxy_src_net { type ipv4_addr; flags interval; }
|
||||
set proxy_net { type ipv4_addr; flags interval; elements = { 8.8.8.8 }; }
|
||||
|
||||
chain prerouting {
|
||||
type filter hook prerouting priority mangle; policy accept;
|
||||
meta l4proto != { tcp, udp } counter return
|
||||
|
||||
# 对于目标地址为本机的新建的流,标记并永不代理
|
||||
fib daddr type local ct state new counter ct mark set ct mark | 1 return
|
||||
ct mark & 1 == 1 counter return
|
||||
|
||||
ip saddr @noproxy_src_net return
|
||||
ip daddr @noproxy_net return
|
||||
ip saddr != 172.16.0.0/12 ip daddr @xmu_net meta l4proto { tcp, udp } \
|
||||
tproxy ip to :${xmuPort} meta mark set meta mark | 1
|
||||
ip daddr @proxy_net meta l4proto { tcp, udp } tproxy ip to :${proxyPort} \
|
||||
meta mark set meta mark | 1
|
||||
ip daddr @lo_net return
|
||||
meta l4proto { tcp, udp } tproxy ip to :${autoPort} meta mark set meta mark | 1
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
chain output {
|
||||
type route hook output priority mangle; policy accept;
|
||||
ct mark & 1 == 1 counter return
|
||||
meta skuid { ${noproxyUserStr} } return
|
||||
|
||||
ip saddr @noproxy_src_net return
|
||||
ip daddr @noproxy_net return
|
||||
ip daddr @xmu_net meta mark set meta mark | 1
|
||||
ip daddr @proxy_net meta mark set meta mark | 1
|
||||
ip daddr @lo_net return
|
||||
meta l4proto { tcp, udp } meta mark set meta mark | 1
|
||||
|
||||
return
|
||||
}
|
||||
}
|
||||
'';
|
||||
in inputs.pkgs.writeShellScript "v2ray-forwarder.start"
|
||||
''
|
||||
${nft} -f ${nftConfigFile}
|
||||
${ip} rule add fwmark 1/1 table 100
|
||||
${ip} route add local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
ExecStop = inputs.pkgs.writeShellScript "v2ray-forwarder.stop"
|
||||
''
|
||||
${nft} delete table inet v2ray
|
||||
${ip} rule del fwmark 1/1 table 100
|
||||
${ip} route del local 0.0.0.0/0 dev lo table 100
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
users =
|
||||
@@ -244,77 +310,12 @@ inputs:
|
||||
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
|
||||
};
|
||||
environment.etc."resolv.conf".text = "nameserver 127.0.0.1";
|
||||
networking =
|
||||
networking.firewall =
|
||||
{
|
||||
nftables.tables.v2ray =
|
||||
{
|
||||
family = "inet";
|
||||
content =
|
||||
let
|
||||
autoPort = "10880";
|
||||
xmuPort = "10881";
|
||||
proxyPort = "10883";
|
||||
loNet =
|
||||
[
|
||||
"0.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12"
|
||||
"192.0.0.0/24" "192.88.99.0/24" "192.168.0.0/16" "59.77.0.143" "198.18.0.0/15"
|
||||
"198.51.100.0/24" "203.0.113.0/24" "224.0.0.0/4" "240.0.0.0/4"
|
||||
];
|
||||
loNetStr = builtins.concatStringsSep ", " loNet;
|
||||
noproxyUserStr = builtins.concatStringsSep ", " (builtins.map
|
||||
(user: builtins.toString inputs.config.nixos.user.uid.${user})
|
||||
(xray.client.v2ray-forwarder.noproxyUsers ++ [ "v2ray" ]));
|
||||
in
|
||||
''
|
||||
set lo_net { type ipv4_addr; flags interval; elements = { ${loNetStr} }; }
|
||||
set xmu_net { type ipv4_addr; flags interval; }
|
||||
set noproxy_net { type ipv4_addr; flags interval; elements = { 223.5.5.5 }; }
|
||||
set noproxy_src_net { type ipv4_addr; flags interval; }
|
||||
set proxy_net { type ipv4_addr; flags interval; elements = { 8.8.8.8 }; }
|
||||
|
||||
chain prerouting {
|
||||
type filter hook prerouting priority mangle; policy accept;
|
||||
meta l4proto != { tcp, udp } counter return
|
||||
|
||||
# 对于目标地址为本机的新建的流,标记并永不代理
|
||||
fib daddr type local ct state new counter ct mark set ct mark | 1 return
|
||||
ct mark & 1 == 1 counter return
|
||||
|
||||
ip saddr @noproxy_src_net return
|
||||
ip daddr @noproxy_net return
|
||||
ip saddr != 172.16.0.0/12 ip daddr @xmu_net meta l4proto { tcp, udp } \
|
||||
tproxy ip to :${xmuPort} meta mark set meta mark | 1
|
||||
ip daddr @proxy_net meta l4proto { tcp, udp } tproxy ip to :${proxyPort} \
|
||||
meta mark set meta mark | 1
|
||||
ip daddr @lo_net return
|
||||
meta l4proto { tcp, udp } tproxy ip to :${autoPort} meta mark set meta mark | 1
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
chain output {
|
||||
type route hook output priority mangle; policy accept;
|
||||
ct mark & 1 == 1 counter return
|
||||
meta skuid { ${noproxyUserStr} } return
|
||||
|
||||
ip saddr @noproxy_src_net return
|
||||
ip daddr @noproxy_net return
|
||||
ip daddr @xmu_net meta mark set meta mark | 1
|
||||
ip daddr @proxy_net meta mark set meta mark | 1
|
||||
ip daddr @lo_net return
|
||||
meta l4proto { tcp, udp } meta mark set meta mark | 1
|
||||
|
||||
return
|
||||
}
|
||||
'';
|
||||
};
|
||||
firewall =
|
||||
{
|
||||
allowedTCPPorts = [ 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
allowedTCPPortRanges = [{ from = 10880; to = 10884; }];
|
||||
allowedUDPPortRanges = [{ from = 10880; to = 10884; }];
|
||||
};
|
||||
allowedTCPPorts = [ 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
allowedTCPPortRanges = [{ from = 10880; to = 10884; }];
|
||||
allowedUDPPortRanges = [{ from = 10880; to = 10884; }];
|
||||
};
|
||||
}
|
||||
)
|
||||
@@ -326,7 +327,11 @@ inputs:
|
||||
.xray-server.clients;
|
||||
in
|
||||
{
|
||||
services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; };
|
||||
services.xray =
|
||||
{
|
||||
enable = true;
|
||||
settingsFile = inputs.config.sops.templates."xray-server.json".path;
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."xray-server.json" =
|
||||
@@ -348,7 +353,7 @@ inputs:
|
||||
protocol = "vless";
|
||||
settings =
|
||||
{
|
||||
clients = builtins.map
|
||||
clients = map
|
||||
(n:
|
||||
{
|
||||
id = inputs.config.sops.placeholder."xray-server/clients/${n}";
|
||||
|
||||
@@ -45,7 +45,6 @@ inputs:
|
||||
cores = 0;
|
||||
keep-going = true;
|
||||
keep-outputs = true;
|
||||
connect-timeout = 5;
|
||||
};
|
||||
systemd.services.nix-daemon = { serviceConfig.CacheDirectory = "nix"; environment.TMPDIR = "/var/cache/nix"; };
|
||||
}
|
||||
|
||||
@@ -22,6 +22,7 @@ let
|
||||
}
|
||||
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
{
|
||||
# TODO: test znver3 do use AVX
|
||||
oneapiArch = let match = {}; in match.${nixpkgs.march} or nixpkgs.march;
|
||||
nvhpcArch = nixpkgs.march;
|
||||
# contentAddressedByDefault = true;
|
||||
@@ -74,7 +75,38 @@ in platformConfig //
|
||||
pkgs-unstable =
|
||||
{
|
||||
source = "nixpkgs-unstable";
|
||||
overlay = inputs.topInputs.self.overlays.default;
|
||||
overlay = final: prev:
|
||||
(inputs.topInputs.self.overlays.default final prev);
|
||||
# {
|
||||
# ollama = prev.ollama.override { cudaPackages = final.cudaPackages_12_8; };
|
||||
# }
|
||||
# // inputs.lib.optionalAttrs (nixpkgs.march != null)
|
||||
# {
|
||||
# pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
|
||||
# {
|
||||
# scipy = prev.scipy.overridePythonAttrs (prev:
|
||||
# { disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
|
||||
# rapidocr-onnxruntime = prev.rapidocr-onnxruntime.overridePythonAttrs { doCheck = false; };
|
||||
# cfn-lint = prev.cfn-lint.overridePythonAttrs { doCheck = false; };
|
||||
# })];
|
||||
# rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
|
||||
# valkey = prev.valkey.overrideAttrs { doCheck = false; };
|
||||
# }
|
||||
# // inputs.lib.optionalAttrs
|
||||
# (builtins.elem nixpkgs.march [ "skylake" "silvermont" "broadwell" "znver3" ])
|
||||
# { redis = prev.redis.overrideAttrs { doCheck = false; }; }
|
||||
# // inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx2Support)
|
||||
# {
|
||||
# haskellPackages = prev.haskellPackages.override
|
||||
# {
|
||||
# overrides = final: prev:
|
||||
# {
|
||||
# crypton = prev.crypton.overrideAttrs
|
||||
# (prev: { configureFlags = prev.configureFlags or [] ++ [ "--ghc-option=-optc-mno-avx2" ]; });
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
# // (inputs.topInputs.self.overlays.default final prev);
|
||||
};
|
||||
};
|
||||
packages = name: import inputs.topInputs.${source.${name}.source or source.${name}}
|
||||
@@ -122,9 +154,17 @@ in platformConfig //
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
|
||||
rich = prev.rich.overridePythonAttrs (prev:
|
||||
{ disabledTests = prev.disabledTests or [] ++ [ "test_brokenpipeerror" ]; });
|
||||
# paperwork-backend = prev.paperwork-backend.overrideAttrs (prev: { doCheck = false; });
|
||||
}
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx2Support)
|
||||
# {
|
||||
# numcodecs = prev.numcodecs.overridePythonAttrs (prev:
|
||||
# { disabledTests = prev.disabledTests or [] ++ [ "test_encode_decode" "test_partial_decode" ]; });
|
||||
# })
|
||||
))];
|
||||
inherit (final.pkgs-2411) intelPackages_2023;
|
||||
})
|
||||
# // (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
|
||||
# { c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
|
||||
)];
|
||||
}
|
||||
|
||||
@@ -16,8 +16,6 @@ inputs:
|
||||
"kernel.sysrq" = 1;
|
||||
# set to larger value, otherwise the system will be very slow on low memory machines
|
||||
"vm.vfs_cache_pressure" = 100;
|
||||
# when building archive, nix need more than 100k mounts
|
||||
"fs.mount-max" = 1000000;
|
||||
};
|
||||
}
|
||||
(inputs.lib.mkIf (sysctl.laptop-mode != null) { boot.kernel.sysctl."vm.laptop_mode" = sysctl.laptop-mode; })
|
||||
|
||||
@@ -32,8 +32,6 @@ inputs:
|
||||
alikia = 1018;
|
||||
pen = 1019;
|
||||
reonokiy = 1020;
|
||||
zqq = 1021;
|
||||
zgq = 1022;
|
||||
misskey-misskey = 2000;
|
||||
misskey-misskey-old = 2001;
|
||||
frp = 2002;
|
||||
@@ -119,12 +117,7 @@ inputs:
|
||||
users.users.root =
|
||||
{
|
||||
shell = inputs.pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = inputs.lib.mkMerge
|
||||
[
|
||||
[(builtins.readFile ./chn/id_ed25519_sk.pub)]
|
||||
(inputs.lib.mkIf (inputs.config.nixos.model.cluster.clusterName or null == "srv1")
|
||||
[(builtins.readFile ./zgq/id_ed25519.pub)])
|
||||
];
|
||||
openssh.authorizedKeys.keys = [(builtins.readFile ./chn/id_ed25519_sk.pub)];
|
||||
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
||||
};
|
||||
home-manager.users.root = homeInputs:
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config = let inherit (inputs.config.nixos) user; in inputs.lib.mkIf (builtins.elem "zgq" user.users)
|
||||
{
|
||||
users.users.zgq.extraGroups = inputs.lib.mkIf (inputs.config.nixos.model.cluster.clusterName or null == "srv1")
|
||||
[ "wheel" ];
|
||||
};
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHnhPmiGpuK0OlMPLM9QFYpjcr5/WoG8IFoC9EDLSqc zgq
|
||||
@@ -1 +0,0 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM+Hi3Jo/xb7vDm5L75jybjjrE6z7quveuKd0mTeXDP zqq@xmupc1
|
||||
Reference in New Issue
Block a user