chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 19:00:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:staging
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
..
compare: chn:benchmark
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

1 Commits
staging ... benchmark

Author SHA1 Message Date
chn
0a51443b79 add phoronix-test-suite 2023-09-10 01:24:02 +08:00
439 changed files with 6240 additions and 19135 deletions
Expand all files Collapse all files

6
.gitattributes vendored
View File

@@ -1,6 +0,0 @@
*.png filter=lfs diff=lfs merge=lfs -text
*.icm filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
*.webp filter=lfs diff=lfs merge=lfs -text
*.efi filter=lfs diff=lfs merge=lfs -text
flake/branch.nix merge=ours

8
.gitignore vendored
View File

@@ -1,9 +1,3 @@
result
result-*
result-man
outputs
.direnv
build
.vscode
.cache
.ccls-cache
archive

87
.sops.yaml
View File

@@ -1,56 +1,45 @@
keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
- &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &srv3 age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
- &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
creation_rules:
- path_regex: devices/pc/.*$
key_groups: [{ age: [ *chn, *pc ] }]
- path_regex: devices/vps4/.*$
key_groups: [{ age: [ *chn, *vps4 ] }]
- path_regex: devices/vps6/.*$
key_groups: [{ age: [ *chn, *vps6 ] }]
- path_regex: devices/nas/.*$
key_groups: [{ age: [ *chn, *nas ] }]
- path_regex: devices/one/.*$
key_groups: [{ age: [ *chn, *one ] }]
- path_regex: devices/srv1/secrets/.*$
key_groups: [{ age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ] }]
- path_regex: devices/srv1/node0/.*$
key_groups: [{ age: [ *chn, *srv1-node0 ] }]
- path_regex: devices/srv1/node1/.*$
key_groups: [{ age: [ *chn, *srv1-node1 ] }]
- path_regex: devices/srv1/node2/.*$
key_groups: [{ age: [ *chn, *srv1-node2 ] }]
- path_regex: devices/srv2/secrets/.*$
key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1 ] }]
- path_regex: devices/srv2/node0/.*$
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
- path_regex: devices/srv2/node1/.*$
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
- path_regex: devices/srv3/.*$
key_groups: [{ age: [ *chn, *srv3 ] }]
- path_regex: devices/test/.*$
key_groups: [{ age: [ *chn, *test ] }]
- path_regex: devices/test-pc/.*$
key_groups: [{ age: [ *chn, *test-pc ] }]
- path_regex: devices/test-pc-vm/.*$
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
- path_regex: devices/cross/secrets/default.yaml$
- path_regex: secrets/pc\.yaml$
key_groups:
- age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*srv3, *test, *test-pc, *test-pc-vm]
- path_regex: devices/cross/secrets/chn.yaml$
- age:
- *chn
- *pc
- path_regex: secrets/vps6\.yaml$
key_groups:
- age: [ *chn, *pc, *one, *nas ]
- age:
- *chn
- *vps6
- path_regex: secrets/vps4\.yaml$
key_groups:
- age:
- *chn
- path_regex: secrets/vps7\.yaml$
key_groups:
- age:
- *chn
- *vps7
- path_regex: secrets/nas\.yaml$
key_groups:
- age:
- *chn
- path_regex: secrets/xmupc1\.yaml$
key_groups:
- age:
- *chn
- path_regex: secrets/yoga\.yaml$
key_groups:
- age:
- *chn
- *yoga
- path_regex: secrets/pe\.yaml$
key_groups:
- age:
- *chn
- *pe

26
README.md
View File

@@ -1,26 +0,0 @@
This is my NixOS configuration. I use it to manage:
* some vps serving some websites and services (misskey, synapse), etc.
* my laptop (Lenovo R9000P 2023), and my tablet (One Netbook One Mix 4).
* some cluster for scientific computing (vasp, lammps, etc).
With the following highlights:
* All binary is compiled for specific CPU (`-march=xxx`, like that on Gentoo).
* All packages and configurations are managed by Nix, as much reproducible as possible.
## Using overlay
An overlay is provided through `outputs.overlays.default`, you could use it in your `configuration.nix` like this:
```nix
{
inputs.chn-nixos.url = "github:CHN-beta/nixos";
outputs.nixosConfigurations.my-host = inputs.nixpkgs.lib.nixosSystem
{
modules = [({pkgs, ...}: { config =
{
nixpkgs.overlays = [ inputs.chn-nixos.overlays.default ];
environment.systemPackages = [ pkgs.localPackages.vasp.intel ];
};})];
};
}
```

1
devices/cross/default.nix
View File

@@ -1 +0,0 @@
inputs: { imports = inputs.localLib.findModules ./.; }

27
devices/cross/luks-manual/default.nix
View File

@@ -1,27 +0,0 @@
inputs:
let devices =
{
nas =
{
"/dev/disk/by-partlabel/nas-root3".mapper = "root3";
"/dev/disk/by-partlabel/nas-root4".mapper = "root4";
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
};
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
srv3 =
{
"/dev/disk/by-partlabel/srv3-root1" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-partlabel/srv3-swap" = { mapper = "swap"; ssd = true; };
};
};
in
{
config =
{
nixos.system.fileSystems.luks.manual =
let inherit (inputs.config.nixos.model) hostname;
in if devices ? ${hostname} then devices.${hostname} else inputs.lib.mkOptionDefault null;
home-manager.users.chn.config.nixos.decrypt = devices;
};
}

BIN
devices/cross/luks-manual/nas.key
View File

Binary file not shown.

BIN
devices/cross/luks-manual/srv3.key
View File

Binary file not shown.

BIN
devices/cross/luks-manual/vps4.key
View File

Binary file not shown.

BIN
devices/cross/luks-manual/vps6.key
View File

Binary file not shown.

56
devices/cross/secrets/chn.yaml
View File

@@ -1,56 +0,0 @@
chn:
age: ENC[AES256_GCM,data:MSJe0mI4PUkl4B/R6no/Zsb7STRZcZBKz7+CckMnEuSrjNx/5Jxv6IugUEAREXEUxmpNi7Sx6aR8SYDqJO5UaaGYbCp+PN8DrBg=,iv:185PoGeQ3+D6rYI1xdfrciKu9nj/8d2yya//U39vS6s=,tag:mhP0Ix2iX3uaAqPAnin3Jg==,type:str]
rsa: ENC[AES256_GCM,data:yHnveqSfwd2sLYLOm4tkXoHj08zFRQsaSEL0NJz76dFCO/ZnyIbFh8WnW1y6bUUKzWl4AZxcLIBL0GCf+5R+gDRcXLLGCY6TziRb5fo/6ryJ9EbqntVI5V7oXUPSmGMPuhWcVFB2YurgdvFgXMAki7HMmXLD3xMzFp2/my1mBTOqksJiHL1Bq56bBOQihQ8FEpESc6E/lS7hA6oq8u2RIKKLDCDScdLTmbl1XmzO2xqoPoWJNGkW1PBVUzMMSfmfpswfUK4Tt09o7AwnCUsb5u4PC9aGLUdhjS/Q+zdDpXLZpU1VuX4Nypqmyx0v1KgMIDVu2FNl2OUbTvHCDW3OwMkCA2ww4OlD4p9BFTszAzs8eFxSyCZkiWNp+SfI9WgjsZV4S1nJJfIIlkZYqja7DYOQEyeS0IZ7jyuGsTBhy5iTjekiCUa9iEBXmHHw5I80H/mhDeLyYKnnSttPi4xNt8flO9k3TDURFNW4L/2sEexoL0BLCkt/nGolEcyHCvWKm+UOnfYEJ5G1/NwufFrQybzP+TuiqSauGk5oIEi/vvcX2/luwdPyOONeY2SrHoLehh6lhbM9WExdpSfawWAWB43NabKZf7Wp6JLsadZCUvlfQSvM7YE+Z9ZZPffsiPIiKkkABR5FnKVmO52AfX73r17VJgK2fMeabW4o1ktVzMX12tW2+GpzlOTDXcdKnzjdDQMv+u1Hyn9H/K1S1HmB9RZkyTXzUMR3iC5A4VSy+iFqIgA/kTvwKxjYfTBOvaME9kqqF40E+s7Vx2lM9gvfwYXm/OHSIKJkpo8m+DdGShyMD/iopZPW+QayavXdw1ilVWlJxwwCn+KDq/nsQhWMXH5A+7f0d/P+I2kKQWNNhAFm7Bq6+FrIa7FOT+u85Bl6r9rdnmfkz3rKYlvXFkvlr2fYA7UIzc3vFJadxLL1gvIeedmiuTgyY2JzljvWxAxOKbD9H/EAkl1dKMx2xc6IalXj1ERUcZSl90ijaUfkmxqFjZWXDkFLOipPFoNF4RXF0Bf7H8uWBajvrZOifwXoiYFygnl4vHbLQmdzgjs+lBEsEjTflCxaeRfGNUrqYdIN1MOOMXaaTBk4AkHHVxi6EplJS6Z31qnaecNGSlT2SdoGmKPy5IiS0E9gtOq9w81OBh85zoTh0I2XGWyJmhvOpJIReQEUiFb5vlXc1ryPp6etlitECxBTDGqu1BIqYroivwpWSLFYihOsZtmSUuRRRKlWMq19CFZ2KkmrT+APWMVBv4F/6uaapEQaLFrmDys2G4kCR7Arc04OvVizPUhwGPfcceG9VjsR/CJY/VUq1wFTyjrjCffyIOIXtYr+kYNFtYj5SekpopDxUCTAcuTdtAZlegfrqSss6nsBCFvMQUO30ng0rzRpTXnTt9iHkPnfXU1KLcv6lXU4+5nvHatICyaY0pYLNYWBzpFgp6sOiWWJCZi28jgE91HcaaGnleSoNw/ouTasgF23anqvcABKWuUMSRCsIsSBLQWDTPUo+jfm9NuzduDhIdYKhN0HMCCrHVJdWbYBmG23qqqHoHmEu926ClaP5VDo3PNci2yFKg9gcbjeWD4gCXoVE9tm1OwYucQyMyX/SVb0w+M+k2+yVX+Vx/LBqUkXtbWGfDmwHW3b7j3AZr1pHMx+Trv26p4V4cyOaf6nBezbawYF0M7pRHQQLXpjTru9c/dEEZCOefmDyzTLyShDhfCBiBky8hF0bf5NfF6NfL12fcMlAvtk8OaQC+gd4VL3umQpwmLO8pupnv/5tQAR3R37rfgkLv/N/D4Bbz84TvviEa9aPsY+1XlXsunYIkF1xJVunv+YAR4aexDfd6aapfdV1YXxhrvCMZNDF+kxQJ93i5o2+nyUvXBNrrqlWTTX3HSmTYfOZ5npSUMQRYUG2UduU56NHk8QmUi/mwZJX0mCrpHg2lH9+EIwdgMO8V21rZnE9Yj/ujn29lTvqEWOV1uHgbAS9fGbH9LsS4VhC7V1B4uWyzGEvj8g4hl+rC2c85v6rblgn409JTDCioffFlSS35+6AsKKO6u8Xh7neo8c5SxvYsEOW4EAfnemVns8TOdJViy07bB8XtZU4v2/MHhgA24TKr7wlPfrTvF9UFNx2OK8c3aYP78Xp8cb3j60z3HjqCFFEZyHDD4Ync5BFB36sBbqHHcah+kFl3ZtQnUI5LGZvG6mvSGFMmAhiEzTnsVN/TJglll2uXMIcZpJSwxKIw==,iv:Ks1ESu5QeD5a6dmk+0MHD8mrM0QejBSZwQ1fKjTQiuY=,tag:uLDGeiQHHUUUY00n4jlf8A==,type:str]
ed25519: ENC[AES256_GCM,data:/2Iqm2LOPkjQk0tEJpdICkiUOZ4fT/+tiEgpkCb02/YT+6l4W6cAY4mv3nQZOROaYg2gafzLT+e2UDSyX/fIbh3jA+OKnbUlWQVnzRUoz1QxdoqLjYTVCB5DkECYQveeWdt8Er1sGMzkdlvIkPdfj99RLmKKwwtHI1AXkR741V6t8X3LVRVFJrCBpudczA78Rr6CaTR5BXsEKxbXmD5kGJlYD70yHkrLA9MgWQa+/oIO/2CzjkQx5ULQ9fr/VwlIWXfLiCvHmKyVEtweqSSH3bSn1qC3usVAZaJSnOObAJGeQuS+FcxizbKDXjgc69Jg67mDf5k6VBxTF/xP0YegQpZlVxnwggSN6yyPHJ9zjk27NmsqHfE3fq/TQf2Pk91wIgfV0zN020vmidRKiP5z54aaEO6lnPHPELl7BZQ51NUyYKmh5SL6IX05x64GqRrbPtxhzWSj+WVeWmbVJcoxbohzugjTG1Uj+cxcEfqe7Th50pFjHbyCEIWxhk8toQ7r8VxkuYREkXwSYTm/mx43FZnwDhLkFuIYOh/v+7ln/Cxg+xATUbwZS6RwuN+pIRz75eq7VjwD9sb+pj2K,iv:FTrh8tnL8OlD6PkdXWnqFTkZ5VdxMJL5CncfjK1J/C0=,tag:+cWIwl0CZFERXZoegTpSDg==,type:str]
ed25519_sk: ENC[AES256_GCM,data:NFTheH+JMIu0bdyKOVgFjGIfgKE9o404S6EvK9yelSiYY5/WFRbzRwhSLZC9senT4rMUl9sErjix1nJMesV1DByTvdZqljPGChxac5/JglgZr9NgvhDYLjSnrT0GYlGAgxmDrnSHj2CyPm+5Ael27325QDMLjKnmluvSZaNB7qB+4BNQBEytx5NfLiA26EAxKPqMSDoFFZp/y6FdWFH4sEWz5WAp03shXs+EPmcnSu/9wykjwg7gKvbQJqoB3MJ5N4MsLr7EBPcpOdWvx0E5xZ8GgmuWYxRJNZDILfS5pgaD74uPEj1nODfGd3N0kBBCeKq/clq9hPDfjyrAmTd9EEDJu+q3nf7P6zTIZ0WJ1ZN/hnC7WcpL/p5Y4nDr99u1rd5x+hhk9TI07SPTJBqjpg6oAgM+Dq02jJvCn4VuoxlCTx/dkXyofReU0bjovUXOMEwCfxHwMDa5/QxQ2qYQhNC8x4O+DwxjnhNg1BNVFAVT4mBVxCshKyhQ1C/w8tBTJzD8YkigAKlokI5VoxCINex3SQs2+6NQpCOyiw6TMtH+M54zVlUQeKypOSNmS91crC52/6b9XMA=,iv:xDaelebavplMYLG9c2JUv1ceXJxejTuhjZ/AGHfklrw=,tag:x4zjZasKadbVDf8Zsg+wiA==,type:str]
rsa.ppk: ENC[AES256_GCM,data:9njXWqYEZ7jd0u0lvtmIarEka6n6oHmMeLFvBGejAt2cXZdrZzn5hdotT1+yGrPQYH5n5+f5R8E9wSAZK9Xwn5qfLxXkjmOOVd+L+UFr8fNwlac2GK8Z2OpYKSKg8JbNRw7kgl3ktu8xE6IWqTdL75idvW5JI9iXSSLT9o86oV25HN5Ku/JzRRc9ZlrSugxza/w2yUv7ICT4wGw600aXWhF4R9c2vf6+vZyxaBt7BzaT2+IPPrxDxoW6jx+1fATlwTSiqcKD/0ymy0Hk4ryhI6Vk7BaK5ePC405pdghXA3zwHvRKoFtZGPLy7+iQe4GLE1GEOLN+3MSSAlJEnGMKnwP93IqcAghIXAFXHaJzY1a/492waYqXCc3H/SOlI52oKjZY/SUKoSkDxRoY0wr3OdseFgV/BEWgrunN0MakTiqY6Q8okMX3LXeaUHwnIK9t01eLpvIUA2Y1wI7Olx2Ez1Tp1yPjACTZlQrOPOiCeumlRey15bGNywV3p+DY5wM3zqBn+529MauJv7W2NYIJ6do26hAVpe5FMYb0l/G8AYg0E+AJ2nfVRb8Gu5MxprSNQQEMca+PxKSsmCvicBeNuDreZwt7vpMAb8ndv8O96k8cz2G126Rpe6dgsf3XND3VLWJpYIJYG+KA2AaVCvayAcHRUfIZdZ+wMDJFP+nQHk8wH8/Zu6mWL0nkgFMIj7C/xymdIO1Ugc2CjUlZZtSkgZ6JnAQ+rs94B7QBSCcEnkd4kOU4CvrH1eIyxXS1YH6KhYVhOIXeZFvtI38ergae/ruHfruU4tYk9sj+MmiK7tQDVfiu+XY56mrYt46sDOe36nUDAw1xMLV18Wu7P3wh2zwLrHzRcpTljlcilEh6NQTbIZBm5oQUCJhtYkfPtfsOUs6EKR6Zte1xQE6jdMES6Nnki4OAyv6ZC847jZGkGVg2nFkg8K0d3HoLqsIb3AJMgSNoZtImsGdo4I/jgiBdt9GEjXj5o6zYAvt+F/fea8Lvz/JveU4eL+HA5++pSuuFH33eYntPsPeoi3aXMt3HgHpan9hUAYNSTn0IBrEbsFPkxdaPVhyVygZo7nVzMc1z8xRhMuDv/0DlRpSzd0CM/5nFsaexX03W2ByKUatEP+DXxWswXXV0pod1Q65Jp8X6jr3KrGdzgQ+xqT7yCLDInMP08ug8d3MV8cPvdTLKRy3H789WyBKKH9LE6L36ron3571L2C1YRqnSaCtLF4PZWcYhR8QW8DWhU/tQVPc39ny0PazwEKJK4vAuFc9voYTHMgYJ9fvM+TCRQVRi92yECtHO0XsS08UVz4aJpiBnpCf6k26e9Fv5nZkpjeG8l6j1/FLSbUUzM8Ig8JVJZXOV2mkZxB+UVGAaIAaIFuxHJ0u8EVqNGW/yRneZiFop/j+4/rUmR5QaXsqlp6dIjqGiGQxkAsNVc5TiRG4ChQJn50UyqUFWNT/YIFZyJnE051ztZzl0DXoqLdfjn63HJZ0E7OLVwpe6xYQ3DGvwmH+siq5mdjbhF8477C1oes7q+Pc8L8vlYRTIKeLGm5asN2ZyPDigpAnDcPsZUh4Z1EY9/uu1CTG4A2yUdx1Wk9+1ZZf+X8SGK5YyQofuA1WJR3Nxvxr0K2ThUJc2X4jy1x5FCWqINotiHWEj1VLKUEU/eqWcchp99/r6Ai9DBrsuwd7zLq1/EzWyGRFL04aoaHWkzq/2uxs5mBwJYAoRBhXS544JbWgl3k9gnhiTdwzmHxuJqGLQGGLT4kc7va/ym81dPQE5QlMlEsmf0ecHyT9X67GYIsxQtxi8tepM9ycWVRkH2skYVSodOdNvwRZkmtJIzw2lECdx3Sx3u1RAudXMUdGzviUas1+4V7L5w95QF8mQCS5gkHwu11mH6T6aRGLFRUfKNkbOGoiCzOeGsnoQr0IzkwWZ6Kpk/1z8txKIxNfdM3woxAGKbQ==,iv:rU+t8OnwA5yGRQZYSI9GQcfaZY2EjCPxrsoSzlCy1Ok=,tag:5H2oYeXpEkwIhtnAz6uywQ==,type:str]
xmuhk: ENC[AES256_GCM,data:I87DH/L3FE/qmYNJ4GPbvuEZ0BU3ljoxjVO+C4UUSGiFq+d0SwqteH8X36SZHsPVOJLtbw+HDxvHuu8avCdPgyg+utYQ902PnU6ldvxpPak2eK/mZQo9KOKNQa6U2QPL7Yq3odemlAHTTp8BD5yOc4gnxGP5/TZZt3jcSAza17tqXwO1dDE0o0ilQ4v5SW4AtBF9Tph5sTyYy9+RlGagvUc35hgl00gDzoTd8ydvFGWSVKO5nTRMQQUfJ1/t5L9ruH4+5+W7Ic6bRXGCSSJ+iKUUcR/N2Bjizcae7TOXZ4VmqkCBHUYDcRnI7kLI3An2dliuPsgyIGVBOzmayNFn8MXjJritptbbm1zC60xzJFaamkQdSTTwUBXNVY5Y/0m/W20/AxyMOvpyxWCDx9XKYK9J6BxqI/uSkJ+IIxHZuiDmY8pF4l6THOd37anRxP2u3S2+yv1sVxqu1cVKR4fmtKqry27KcGkRFwU78qm5QQlSOcxXNSp6gsX5BOb7y0f6rWekRmHLN3gcXJPpEF3AYRXhQZs81J9Tij7F/jemXSG8282PHkvZOnnJQZjb02uVu5NxF+8couaYF18oFjncPlPDrJXEtT2tSabma0fneiLDXnlZ05oPXyWbn81b/KvNxgsDnUAOf3p1sdmIcMG2FLSc2jmaeAF2dCnn7EMjWHwpoR9OeTt5Iq2XIvBzqLsq0dfX22OFCxdO+MX3yWEwZQsU/78n45jiIMOFHZq7GuUsMEd6/p1A9yyuEpkhgqxKRPCIzbmJEaLDAiFSeKw5Q8y5u3sE6NWCJouRsyYaBVtjBYuPCxRA/C5MwiJNL8GCxC++GYWn0OTiAmLMbFyFWVMtwcfVD+SRaOdjzL6v2VvtQpAmNnz4FXdQUb2PpImN/s6Rdg1ca9hPMVkqqgfdc5OC1KvwJP6M3s6g7xzarzTz0whJ0mhNthAHWa0rrnnIEdXa1bdxMEHafkv0VTsUayqfU8kA6pILUFz7d7pot1xrs7ucgw+eqT193kc4XyqxJQK26eWuUVyP1Qd5MnBTQnFXplqIY2sTjisICpvhEAdDeWNN0ouXLFEuQfvfINTydGgITMfQgZbdUuqC4PtdnatZGnwEsuXjRpQ2SA6y1mP3gG3AEvfYnhgg+S1F0pcpN4sa9B1DHvs6ILRaNSnHTHWklD1sMD2YXTgpuFHKtxZMa7dc+pCh4vyGViSgauNaACK/91+OlLPoeIPeQoREvzkOhz+VYXRtG6N5lTMLuubhgOdicBKz8Qt9S9BZTOiJ1hEb4uXXTXwkgulUa77Rd5HEnr31l3BvsNrCt3fDNT8Ec46ICeoRnDjPEIZpXTTUZc7C/J1UUuDCQ1dzVmGrZaM6vyRCFzVa6rgj138CkAp2zF5QzJPyHtyrciPCQfgLweAoT6+tUBOngZNcZ+gSZYrA4uRmwlob9Af6uZEL/GA4zRcSCj73h/7VDhjI4IgaxtiTGsMEmHtGBdryVIPuT8eRcdx6tDkulgQvFi0ku9iqKuBCYpveK+y6OO+5V7GIow7gMfU5AGDNYTNkrVIkhV+Bm5Y3s43eHhda6xxVFR948QvrbYIf3PFMcla2tc0LTOk7r/Fyt/3ij77aVjblq+gfoPtFrbEhvg9Yp8NDnlnuqYel+D24eV+Gd6vY79Gu+JGMgZvFlvEhqJSrKVQ8r4lXl8FMP+S8P5XxXkzf6SNbj1Qm0cwTEtg8p00vt4vH8MaYbSFSSwUeJkOEolDMFSW8FPvqenz1tFq8ShFXB7fuNaU1iqyldnSU3xpswjP8RyrSkZPMClSr2esuLx21+YYSJ90zHtB9kLGdTmp9D5hkGa4IpsbvGVlEvB+yfU9AoFwOi+PoajlxabMHFqIwlyGbl5pXd8Da7PFI1PGfkUa9rPBiusk2IDhXGJn7M00HcWzSjfepkE5EbxzXH0NlsXsqCpGlP1KvDIx4NCYMWJgf7iWebytUqO+AR8nAZlIV95b22EzcsGjAzo0SfqBQnyE9D3y4x/JdKKVy8rW8w/++DeAqQw00VE1JfFubi9NLCzqUQV3zgrEb3SC0yswCMowydXV8Ahl+79Km3Hdnm9H2s94iOlIWMCOV/RKWI/qZujq4ccQdvl77GC+5vXEY6bccNfkIMNPCby9O2383EmS2PzLzMdV0rEBoKkotib+i9IRVKIWJ+pwJwWF/ZPdO/ZcX5ds6oT/U9+RLk+Bq2eLAUwHEVd5mhw2V8Ngj9mp0O9P5vcWQhovnYQRh0WJwJUM1mWfiVLS1IZktndP1efTWR+SPw47tuVcuMcX3vxfReERMAIiO1EcR8+9WYzoSasB16sm9sN1nJUx/LgThjzRTszfy+GFJJZ4dIY/noYyH9LvIz5rHKAAbja5c0PjB22DXOdEjARoXIWHTTH1Ab7/eVk/ixbHOx9sOET9C/koI/URX1XtTRIuM1UXt4OJbIn3fvuPOywHTkWeF5WV/19ZrMHSIM/JHGYc4au/sD06C+wJZseXLPXSIJF2LgabEXJjvHsb++gccqD0GofcJVJzgYuOaJ0ZydbJn670xa/qludJ1nMuSEc3Py4jTOs0vyfrMkDQHWUScT1C/HsQH1YcCKeyAZMSh4hphM7MtAY9v60cnhsyOAwmBhVaZGZSaFIWyf1+ea2eTLnF6HEF0HSYl7L0hd1i8bPBxoyjB2DIbxbzR7TiaMuPQ/HPNhZhXuFfZK6iBjrGDlhGCn/vlFgsSCGCdcLwKBdC8dpfgpyf65ccvtIXMQGFZMQynIDNCBnALF5dtTQprXf/O1WRuZSLAF/H7q+2gXl9hMKeCLWfGbGE/cWvrRw81efgjUQ8AuFUttR2wUL2u26JgrDuoCG9+vhs4S4x2tXDooucqIRQDAUEIE6gF6NsWDi33K5baQ3RA5Z6btNPNQkqXtz4yQE0Zlh9mFT/jkXGRfZ6RtJbT5jWdHQONXaTHTFK43eZlViM1VydoEwiCrclyWYHWswKyLNjQWATICe7X9NYyU/S/Rj9dIRUUzm2KjLfMEfjyiLS5MLDu9lmKUdXAcz4nFcCWIc4VRR5fMsMh6Zvk8eh/vn176Ic58byvfjsAAflZ2QQyZLaA+Utr8YbpxwbRp8WYg0Ktt7q3rlh2WegEa6wKdESqcb53dlK8qw3ICPW4XhFAA37Ru4zlZ5O+ayDoCvrsWE924VXe+1ctjGQ5via4ctDTXXl+GALQPbLmEfwSyvaC332fbZ6YRM1fY6GmnliWCfgHh0cPwuGNmXbhn/Bftsy+jL6ljma//pnkHfQrynho8XeW0edyrXY91CJtkHKhF4h4SVq4tLQ4cRFEjFfkwy4UXZ7m6AnY1cr83iGqbuU1TnKn91mxiBoPWx0arRHeTSCK/xRcBOF7NqBdmEMMefeq2lLuv+8VVKFBFUKCL5e0rKcQ1N2G2ALtrgWVjsaI0eJSyD9aGSADnlMWu14g/msECa5Clvzw2Q==,iv:cv9sYcivQZc/hz+Sri9iLkRHV3uStIvwT2/083DsUtQ=,tag:re/iwRtY/mlnxibqXBnkPg==,type:str]
github:
token: ENC[AES256_GCM,data:t95+VgTEkcpsYGty95nKg+4QU86rVnJjw/LZEAk6PHc3ZR3GjPLBtg==,iv:1d/tXqknfEh+GFYj22TRtr7Sq9GpE8NujfAKDwJttD8=,tag:LNyI9Tul7g5mm1gM9ijWMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S0QycmIralcxUVc2TFZU
SjVWZHpJT2tZQzByRUtvbzk5OGFHVzY2UlFFClRMSlIxTmk1ZGZsazdkRDRzOEJ5
NVZYZGhTdFJIaHBxT1BlN0NDdkEzNEkKLS0tIFBzYWtVMnN2YzRLdW80WTUxS2xZ
QnRDZEpyanBZRmVuS1ZjUHNTbWdpb28KWO91rInbh3dvKgVAICB/GAePL9XfsKK8
VDbUUst0RgI/z4xKftw+49HJWvzFpo+pzEzvsU5jZiQwIH19ufGcZg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2a2V0Q09VYW5NbGpkZVBa
Wi81c2lTVHZLeEpaeTB3UFh5ajNWZno5akRrCmdHS0pDdnVqMExkR1V0aEg0OHRn
UzA0YkwyMHZESHNtbm45MEdsdjF5NTAKLS0tIHBIbFdndk1kRU5nQ0pBVFZhZ3JE
TStEQzdYL3VCbU1yUmdmd1RKQVYvbzQKx7fkginIVesbwrM9/9JPKpJMcHhxqJS7
lOa4aN7TlcTo2QswOABJCKXyZwb3LpWoZioQ/jvBPkSFxKarTBC2LQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcWN4b1NnQ3VoUC94elFm
VUUwWGlveWUreTk2VG4yMmhzdVd6VEJaUmo4CnNhcVdRRVRoTUFpUjJlVDNaWlZ1
QXVSVWZDNTlUdWZpVXpqQWl2RXFzUkEKLS0tIGdMbUVLTkJzUmpxUWZieEVWb2Zr
Zk1hSFZFaXQ1ZVcyYnFhUHVaWFM2eEEKMAhn8H7rIt82esqOEwL+19zKxyB/0KjI
x5S/tAzJIqRY5qilkEXBDekgWKFXj7fLKRfifuWAYT7tMC8E2bODVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbjVoUHA4RnBVdUZVV0Ft
bUQ4YmJJNVB1Ni9RWW5SSWpzaG1ZVGYzUWpFCmJvZnFZYW9sWEo5amhjYkNZVWpm
SE1xb1c3cjFaUnBITDIyOFhVRFdPS0UKLS0tIFQ5M29rRDRIYmxPeTNHYWVubkMv
UjFLR3hxSVZVajY0WURiUklveHpzVVkKUwCaBC10Iq931J1umHA3xCWfi1mrmTAx
vaJiadYqmMSwYk8g5thQ4jjweh133nL1AdxjmAZOVPgYUr6rmcRfXA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-10T22:08:33Z"
mac: ENC[AES256_GCM,data:s0GsJysfnqxdLi99gBsTlE7kZ3prTrhCuCtgp3HD3d41r1mMxQ7F8NqBm1jBc5vhYHcHQgS/YfSQ1kM6+RDXN2dZ5NMzchyXtcq9h7smEKxizRbIx0PSoBZfnxR4LTZfBDi4LUBPVVSjb6A+7FDcfXAp+pM/ciuxmvNH9965Xws=,iv:zHiROdgHavc/sCH7oV1cm0JpSBRjxj8QR6yUZzK/fAo=,tag:2TeMi2a71YOawddL/EeJSQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

180
devices/cross/secrets/default.yaml
View File

@@ -1,180 +0,0 @@
users:
#ENC[AES256_GCM,data:2KeaiyOl51RB,iv:BGqlx1jzOWgG1zaxGfDtWfpbrgFCgAiTbPPMHoRP6KM=,tag:VhbvcwxV561iB03zIhvPQg==,type:comment]
xll: ENC[AES256_GCM,data:Y9jk/9yKwYiUeC9h7NkNNRYllyakXco108J8ZPLYQT+u7NsIMZ4kw27IjV4ytwH3k5Xid4jLKEsmKayNAW7kPNdbFfACcugL7w==,iv:cDtPmsHefigsqJZMPqOReVj9YOOgDXQhmulUHYUqYfo=,tag:8SS8dstzuon6f3y4pVA+wQ==,type:str]
#ENC[AES256_GCM,data:fptM8gt/IHBZ,iv:gX09x6/ZRXIXG0wOFBUCj6ZtMaTXebcSzvFMsS8vxcY=,tag:M5KFPF8Gmsd87lQ/hqhXnA==,type:comment]
zem: ENC[AES256_GCM,data:w0797tV3yFqXbZmhB48kvxK1SJCAFpIjgja2sai2YQB2Z3ELJaQMTIsmgI6p85m/Q15nzFVPdEAsxz6ts3eskRttOSw9mXeNyA==,iv:D3yesKHqbhab1Zk5ZKAm9sKi5KXVt+0JD0pOO5VgptY=,tag:ySURHTqQc0Rxd2u1igZ8Kg==,type:str]
#ENC[AES256_GCM,data:XwSZ0w8UgIgR,iv:i4tBBEC/lagRmk7AbzFFjDEnKOzxObkTul/wc+tyyXA=,tag:EKrU4YZ4iOaXpbn/lrZJlw==,type:comment]
yjq: ENC[AES256_GCM,data:Oy6b2sl59z2WA5/ifzJoq1KHzvbo+Izwac7yInRPGURxymUU/KvwW8p/XXIJsKkd2BjNaYkdELjNVrhTFd/tRhK+mCy8GSK4Lg==,iv:AGVSFIyqI5HNA+5e+ME3FKKoYMS4MCi4gjaxknord1A=,tag:ayLj6n98F2r62WdDqIaE3w==,type:str]
#ENC[AES256_GCM,data:H1WyypgcuhcF,iv:mw2bcXzisgxeUIw6zC4nwHPhsrz5XNIsL72aGyEwyX0=,tag:A2Cb+DuX0BM61TK6/nWEgw==,type:comment]
gb: ENC[AES256_GCM,data:ZfcJtiEmdZux90Vqn/L8oq16C10rfRPhxX+FnskJ/+OfdAVheEt9IeIdXpkVfIXU68rIBhDFI60Andm9gmddqoQqHhBj/W9gAA==,iv:fyCkc92YxeIumHODfOU2PWpVfeDJ8RKxKHRfFUYGF0g=,tag:cIn5rZSN8fONNz2GNSUOow==,type:str]
#ENC[AES256_GCM,data:5q0u/KpWah5X,iv:FiMDektaHAFHenCT89skQ7gQgoMHdY8BtoyEv0L3npA=,tag:tNtRbpY2bYIUVjLx+IwGvg==,type:comment]
wp: ENC[AES256_GCM,data:EcAOCjsqNFzRQtgjgtLn4X7G05cTN/SCmEGCtV/DRISj20Y3kMzbOSmtJoeII7mVA1WITxjhyBXX7abFjD80sZMGF4Th87kXiA==,iv:er9mbrz3F81vHLGPNYiyVO80hOXI3ZjFUuJbMaYWNeE=,tag:le7Fw45V0pdkHoXywdjFsA==,type:str]
#ENC[AES256_GCM,data:bh0mHOovPAba,iv:doFuGvLagS17tgNm28J+T1qTvXAzPsenVN3heTDkNts=,tag:e0lsqlvXVk6lDqe1xGkemQ==,type:comment]
hjp: ENC[AES256_GCM,data:agAmi5i8cdAC5B75E92PbDGG399AJyI87zbgErtYxM5CHLTBxPjAfqLLEAHTdRbfo53wHQEbG4/fFkunwrHrCdspKtsuFrK4xg==,iv:m+MregSzL5EsuNW/oiJXJIFeq4n1CAaQQV9AKId7rxg=,tag:nOI//Z/4gBfB7F2jwX7cWA==,type:str]
#ENC[AES256_GCM,data:jHalo04u3gd+,iv:RjIwI0Kqmy0uVTxRRu1gNG/2eZXnl7iiuC9KOSV1RfU=,tag:Jvza//JVEtLwdtYk5+sY+Q==,type:comment]
lly: ENC[AES256_GCM,data:5ZHy3nXe4SoGi+hu+woQwB/h7HyLdDlE6fkO6FXttEW4ZaBjIqiXOz2M9XMTmcMih9S7fGJPXDBD76oHGVY5W5ytyi3i1wyaFg==,iv:RWhQFYAIs5AELumViQRTsVPNfsV59zQYDFVX+DZpPrc=,tag:R3E1IBUAN7XOjrwNEwjZ5A==,type:str]
#ENC[AES256_GCM,data:fz4CpQWCXmHX,iv:8UexUxCvtcmk7S8qPdKd3jxro7PspCYX6G7ujAEQ7HM=,tag:LgyieyMQ0zZLD0EW+POeoQ==,type:comment]
GROUPIII-1: ENC[AES256_GCM,data:WfdbkyWIDl+lD3xPC5TMBQ+U2hIjHYyhNhnZ1PH9uowSdRCqoPAJ2GS7X35WrlrgTl67ByaTwhXP8r9LR7eL0YwdivTL/wxOXw==,iv:OBaEPQVBeShs+UH2BBIBLGT44tPiVyQ8G1ReZ4jALH0=,tag:SnwGrb3eI57rJUoqE6HR0g==,type:str]
#ENC[AES256_GCM,data:OWTTbVhXIxSp,iv:GP6a2S9XdQ0xzTBQ91zkEgrNMtY1WVodTH/F/wh/mqU=,tag:6nzpvk9RFsAJxaL0Qiau0A==,type:comment]
GROUPIII-2: ENC[AES256_GCM,data:NMnWdKTGyK9AhrmzdDaxgzeFbbc0TGPlfYzOr7g0zexxBTjyJiwox9thEglkkyA23e5GgNs6zObqUknZT3M7/epzbQDoSQYCmQ==,iv:+nSj1P2LlME48VjSF1t2ziPkhgKiDlLkAaL+PBCV/hU=,tag:41YqBFHAbfrmbf3kVC45CQ==,type:str]
#ENC[AES256_GCM,data:0QMjEtxrhSj8,iv:YyMHdZTx/OViWBZ+1CGGAwaOLlqR6WdrKG1g44sZGYE=,tag:N5uMwbWJJF+DGiopdYm2Mw==,type:comment]
GROUPIII-3: ENC[AES256_GCM,data:c+HRdDZPugIVI2vmuOlorhjZzxS11c6CJiZ3ZEwFFHfIoIUmGsXoRPGraJ0BjI3W+XZbI6qk211yufTgXLVj7nOVi0PW/9mteg==,iv:H8DlkTjkL/f6Oa2LG3dHRsJuWkEqokUJ/mjMyDnEAc4=,tag:0QmUyfAbYnn7vs4AdwQtYw==,type:str]
#ENC[AES256_GCM,data:F347rPlEQZyz,iv:VlbVlc/tFmmoe8lVDza7ZJgHavZ/1NM9mK3KZNVrpbk=,tag:iRdvv0ajtgrJgMe87vBFfA==,type:comment]
zzn: ENC[AES256_GCM,data:P76cGOGJK3B7Z3nxZ9BlvvyegJ+4JX25kax7/Bj/0VKsH1cGEfyvNbPH8qYUZqm+zUvqEoFNZKWM4+IQKO7Zo9IXCJhGItL1Nw==,iv:e9lnHecgzSrHJkxumRpKGHzGlYbM5Yov4F4Dd4fIqrc=,tag:G7Cr7d1KZfldzYNRL1eSpA==,type:str]
aleksana: ENC[AES256_GCM,data:xRqQLPpcv0Ymz7wV0jDDz1i6eKIZKEXvqofO58VSHEC9aVSTLV7aXLw2kQ8PrAPo4FAkne2F6MYQGRwZFIHOjxfhw+ncXVDHxg==,iv:OSbT/f2LRUFY3DEyCCbWkPzwsrsNdVz6ah5ITRt+Kjc=,tag:00z36RTe76p1uxFCchGcpg==,type:str]
#ENC[AES256_GCM,data:xAGWajpTpg2keMthwQ==,iv:sQreB2mExZlWgVsig7885zf4LI6RFSitYUnD4ngvhfQ=,tag:viEY1wUVlDCqKm5ucQWzsA==,type:comment]
alikia: ENC[AES256_GCM,data:N4lyS8XZSxP3su+Frz00BPU+II+N6nosu4yOLPSG7zxefcJoG7i5bG3bzb1OQLc/x4fTuD2Wd6mEy6q66cizBkGn3xQHZIaW2w==,iv:FO64ACjOS6+UzWKP5WdcFOGZTzslfetX/VAxyUPZ3ds=,tag:6Kf0MCRUj9cbxyk4TsH8iA==,type:str]
#ENC[AES256_GCM,data:1br5bc3q0jBn4WrJzQ==,iv:YmIFhDd9Wl4dcKJLBC6A3v7oUXhBin6ZOuJknSiaYfw=,tag:8gtEBug4vHQkxN/9tLjqSw==,type:comment]
pen: ENC[AES256_GCM,data:XOKXV0YSFbHC3I3xO8fpWvYerNfVFg2afs+CUp2MZB+yt9KR5bTJdVOfUGldLbWH5CR4v5FxTrTujv24wJ710Rfyugxh9aFJ/w==,iv:tHLoO+XpdUk8S56QUiJQOpVO9C5epam9PMubMN+8fHw=,tag:H0srWRigNUedQMIAfJlfjg==,type:str]
#ENC[AES256_GCM,data:K6O0TIYYGZmM8iOwsQ==,iv:xtT8Psnoy51V9gsRo335+VT56FXTcMQ3d4/tnuWouew=,tag:k8irtZ33G3UFK++rzcmyiw==,type:comment]
reonokiy: ENC[AES256_GCM,data:fPKdOPAKbXUvK5Jj08T0iSD23mhhkTXCexgB5q3v5JS4c6V4S+W14WOkS4UHrMQls/rHslw0NyMzS5G27A+5vN+EN+xJZfuRGg==,iv:tSdNOgs61tyt7/hUKt8bfKvpq9qOQU14ligdxBs/ATs=,tag:6IoS/p2StKtFREIpxsWkdg==,type:str]
telegram:
token: ENC[AES256_GCM,data:zfMATU2E6cwoiyfszV35vkQG6JSk00y589wmGEf4wQNncPhNsvh+NcSfnTwHTQ==,iv:Q46mUquhUZLGQsCDYitk4IPu24MpVnYmi7aHyZL/b1E=,tag:QVbrwAA9mWK/ToJfGIs9ug==,type:str]
user:
chn: ENC[AES256_GCM,data:mTt2D+SkvVL8,iv:L0Pk5p46E2kKBdRWCGpwOKS0BsbIhZUslpIFWvkssMY=,tag:+AjbNJ1SW/8Mx1HLpWAd2w==,type:str]
hjp: ENC[AES256_GCM,data:ZXTQhax0gT4PKw==,iv:MerbaWWC4SLazEuuJrxAxf9e5aaX9xpq9St+h9aqvMQ=,tag:x9knShK90OKZPcn9fKzvMA==,type:str]
acme:
token: ENC[AES256_GCM,data:M8/R019chds8zr2BqnRnKP40NZxwq4fz06NaOeOOFYecLyDjIOq5mg==,iv:VPr4XD0Y+6G1P1xwMDyrWPiTvCYdiMV0nPcmqCvIA3Y=,tag:KEyCIHRmRkNviA4bMTMybg==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:MtmNo6hHlU75N6PvzF7P5i6Q+myV4Keb1JRXVeHxTennNpKfAndsKg==,iv:DqM91JX+1WX8Zqzha2Tm3ztFaSzKYQg+b9NvUm+6jxY=,tag:XnDTBL9MA/B8XfPZqdk7Eg==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR09MUytUL2h3cWlIanNF
VWd6SVNWOGVlVVpGbGtyQWxnZlk0cEx2TFJzCmhtbGRFcDdlWDAxU3NneXloSS9U
WXBtQmg4dFhOb3J3bThCUDliUmJ4NVUKLS0tIG1uQjdiODdHWVVrVGIwb2lPN1V1
QjVyWFAzQTRDWXMyMXdUNytKcy9abmsKZ6maa6DoKPkDAYXGLVoLWIi3fzzs1SVF
C/9y2PG/j7F8Pd4hUHl7ILWN/VNbYKQwGYp59+kKeAzeSHkJeTTKyg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaitpVkkvNEFOMEZXK2s0
Z1o0UTZ4NFRrd2NqNzhNVWhncmdWWDlzZ2swCkthMU50WldYajN1eEZCRVRUZ2d6
TU8za1R0aUdCV3hZaVlIRE01UHdYc2MKLS0tIFNWcFdVWGc5dUVtWnVVbGh1WFVU
UzFsYS9tL0xNeDBmQWIrTVB2MkVtdVUKjMADWap5h4NGj3ESamUHz3+8AtO2sOL6
wFm/sTfEuhFqO8bodtBXB/veQOrr97Dw8PhO/6CO5JdGTEyFIZ3DoQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOFprRWZQaVpMQkxJN2Vw
RVB6QXN6bDJPcEt3YURaby9PZm1FZHhDRmtZClBiV0JobHZRejhWVzhOZThRTTJ1
UE91bzdWMjJvYllIWXBmQkNReThIc00KLS0tIGRLa0V1b3ZWSVQzc01sUlBMVzBz
blZyM0FpelBoTE5Ia2J3S2c0WE5FcVEKKTJ5jzNLkLixv+8DlcTrR9sWs6GihPG6
x9w/Zu5H4DK9EVFyksTujRZZMI6o4lHzl2VIrgkTNQUwIPtsqo5KMQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQWwvbXZoNHFxM1Y3L0pO
cDlML1ZWWXppeWxaZjZwOFVvbHNubmxEYUI4ClB6Wm00dTRFUE8xTFNlUmdacjFU
VGNiMFk1SHpOVnJ6RWdyVXk3WGkxZm8KLS0tIDFnamZqa1VqdUVXWFN5YW5CNGhh
UHc5bCsvVFV2eDlLR2Q3STFCQXpZRzgKSVvG8HcDtBJAh8iNrQd+UKbgs/k5Yf2t
KqMdODturfudk8QJn3pR97essszrsK/HS4yptp71bBSj3qK50Lp/rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Rkc2MVhUc0tTUkNsenQ2
aVM1dG9MSVpwaFloU1ZRWmVsaEtYVGY3NlFnCm5PM0VpWVFKdExJbExIMnZ0Tmw1
eCtVdkRpVW9lcFA5bWwwbWNaYTMzejQKLS0tIHA4MTd1anM4NWtmQUx1cVlsWFVQ
bk5iV2xRazdoZnY1dGhKSGFFdUFWY3MKGoxBih7fDQoZFxj8JjiRAl8D3/8xWBeq
RS/8C6v+/V+Afnv9QN6uYt0l4YeGn8tv1TRNWXHZl0A6DFjzouwhZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2hsZGExRnFaclpUNEdr
bkJJM2gySmtzUlVmZWoxZ3pST2l2dGtCdnhnClNWeVZqWTJ1Mk1pMGZCaXppU0lY
RUtlT3YrQmZuVTZ3TjJYMlhGMTVMMncKLS0tIDJsaVQ3aHZIWHhXOFJ1WmpQUDNk
SjBSRm4wWjhpUzFmVUtwdGUvbmVIV0EKzgfa9i+VJLPvBRrFbNavZtG1hK6jazoD
WHkWedx4AUUJQQlp12Wetj/0yY9jF3BLv/wvEAusq6Z4dO2aHr3sRA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcWFOcXAyYjNoSEhLdEtC
ang3bHJ2RmtaL2RManE0K3B0elg4aHJmODB3ClZLSXA5MmhVT2ZZSm9KSUlod3BB
V05lT3h0a3NQZnMrNERwNk1LTHRiVlkKLS0tIElESTNEVUpZbk93WFpXNnRTYzY5
K2tkMlVCRnBKdVRzWk9aQy9kUUx3L1kKNO9LsaJDfF0v/XCMYV0lmHLFakbVjj+H
wGJZQYgu/sETDZQVMeu42fQ++IKElmpfq2/o6+gM7aI0RxLqnBryfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrYnBzd1k5UEhXZ0wxSU02
elZkYlhDWC9CbWFkRlM2bCs2dzNTSlk4TUJnCm1WVnVxaUYwZ1QvNHJRb29ER21P
UWhOb2tETWRJR09Sb0l6VXRMaU5KZlkKLS0tIFA3TldTUmJ0Y0xJemJPS0wwK05D
SHVXTGUraDE4anJOZFFuaHBKV1lMSWMKemZfKWbI0YR4QuR5zqvGKSnU3HzwZHvo
DJ9u2eq7R7OwtDscn9qCwPThORxLMWdI3n+3+XVwAysqW2efrvnGgA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOFZQZmRHVUdjTXpDbFFm
SGt1d2lmYXVZa21iSFhMOTUzMmRIU3BIOUI4CmFvT1BMZmE1eC9tV3dJbVJ4ME8z
N25hc0NyZmtMbGFxYmtPSkFkSGZ4bFEKLS0tIE5sUFBTanJONjhtR3BnYjVYdlYr
NVZNeDFJOGJIdFlacE9LMmFuakZYUkUKmuK+ogCs3WH9TiGiUfRZ9L98aqRli91A
1xHYMJOc5FwI+jaHp1m7nkn+egIOmKvyyejI2ZHQ84tItS+aoiI0bw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRHdHMFAvRFRCNmNES2R0
Q3ptRDVrQ3JHaXBxSUlldVd5WUNFc1ZQeDBFCnNiMFErODJhbk5LQ1VGd01oU1N2
eXk4Q3VRcUNNWURDUitUMWNOQlJaeWsKLS0tIDRKQ2M1Rnpla3o1NTlCeC9wbGJo
cGZxcDUyYzZBMXRpbi94RkcvQXc5aDAKrHpvCDpECN5HS1qeNoiOwKWpT46bLQBd
404XgHar20AswgDIjAMp5KJ1pkluQ9j5pVKNFjqJ+9sb3RLYM7Z06Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR3RhUHBORW1BNFh5M1c0
QlhmUDY1T0ZmN2dGaUhLOVkxN2NiUklBU1hVCjY0MXBoNmw0ekpQYlMzdFZhNFA5
NE9XdnlaaGdiSU1BYkRvcThaYmpVcTAKLS0tIGk4UHMwK20yQ2w0N0hoQnZYK2Fk
czU0M2dQbU8rMkZJbEJaZ1NhcE1yZFEKUWe5IaDuPjfQ/m76m6DdvF8HWmDiVH1k
IQk6sIJfbcINGOVP+JYGJPWgq6LGg1EdW4ONctosVk6kxRO30N0rVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YXF5aGRobkFVdFQzRFBp
NnhvdWtxU2dxa2s4d2FiYnBrdmMvakU1cFhvCnJ4NWVCc0t2ajFpdWVMM25XUnE4
a3E3N0laOEYwNDBNdTc4WjdZR2R3M1EKLS0tIC9WRGpJSUhhM0JGZVJWaHlvSkRH
bXErdTlYQWh3cmZITWxIeDYzaklWbmcKKG08GymtessnDUfg/AgmQh9eyJx25Y+c
RyhAdNl6Lu2Hv7e/oqr23SmwFuhzgPl6eL8t1Nz3s1KraShZazjpQA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK2tkZXZkYWZWcEFhS1h2
YTk2N3F4L3AzNzdmZXhLRXpOLzlRa1NNSXlnCjRNL3paejlRUTZrVEFwdWdzRzVp
NVFReGwrZk9IdVhQSnFzK3lVMWRPOTgKLS0tIGs2azNoQm51ZDZrOEJDbEhRVTFu
aVdEZ0s4SjljZFc5ZTJwK3ZON3VlRVkKB1apktkRqW0R/Epn3bZf/Aym5evUmxm+
TLkJxTT6TVcgjobcpFvMmI+pqRWfh5Opj9a9lSe5QvsXxdgOs0mvzg==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWlhIdTdtNkpZU3Y5T1Vl
WjZXLzJYVDdweFpITEh6cmszOVYrZWI5eTM0CmNSTnd4T3g0dFNiTDNCM2hEOTVo
OS85R0VqdEZkTlhGWFNRZFpXZGlWTFEKLS0tIHQ1YWJrZERJUlZwZnU3RThucVRL
NHdwcGl2Wk11TFdCd25OTE1nVDNYd2MKOxa2f7bFgFE2zCR1kKtC6giQhr1P79W0
MKxil/x2T8rBNkK6sN0PjkphKdg9LVit86ilHPwTgnkl9oz8Cs6X5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL1ZjRzJNQVFNekFUVlQv
SmJWMDRZMXNDaTNNd093b25kSk5nTDg0K244CmVLK08xKzlleXpWblRkbGZVMENi
U0NGVVhycUN6OEZDNjFBUndSdnRLdE0KLS0tIHJEeTVIY2xwZWdqdG9JRVhsRENq
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-14T01:17:28Z"
mac: ENC[AES256_GCM,data:r1FWYKz9aJtmhH7MLPqwZjG0W7LULScGd63CnIqsm2AbFIs6DgW33zDsgwrl1oblx/zYGda3irB5s1+otR38DU0VE7jqLYzHpb3eLsE986ZTwe9Tujy6BJm2Pyng60BJTTBwKU8awS2WpbTUivK1aVivNfBffQIL5Scv/qkyH3U=,iv:1USu0hh8IM2T/w1Fm/udGswPJcxKmvcG6XwlS2ku6iY=,tag:F/rZiGc3KTaNA0YtrWF3+w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.2

113
devices/cross/ssh.nix
View File

@@ -1,113 +0,0 @@
inputs:
let
devices =
{
vps4 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIF7Y0tjt1XLPjqJ8HEB26W9jVfJafRQ3pv5AbPaxEc/Z";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJkOPTFvX9f+Fn/KHOIvUgoRiJfq02T42lVGQhpMUGJq";
};
vps6 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
# 通过 initrd.xxx.chn.moe 访问
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
};
nas =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
};
one.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIC5i2Z/vK0D5DBRg3WBzS2ejM0U+w3ZPDJRJySdPcJ5d";
pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
srv1-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; };
srv1-node1 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIFmG/ZzLDm23NeYa3SSI0a0uEyQWRFkaNRE9nB8egl7";
# 不能直接访问,需要通过哪个机器跳转
proxyJump = "srv1";
};
srv1-node2 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDhgEApzHhVPDvdVFPRuJ/zCDiR1K+rD4sZzH77imKPE";
proxyJump = "srv1";
};
srv2-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6"; extraAccess = [ "srv2" ]; };
srv2-node1 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
proxyJump = "srv2";
};
srv3 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIg2wuwWqIOWNx1kVmreF6xTrGaW7rIaXsEPfCMe+5P9";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIPW7XPhNsIV0ZllaueVMHIRND97cHb6hE9O21oLaEdCX";
# 默认仅包括wireguard访问的域名和直接访问的域名这里写额外的域名
extraAccess = [ "ssh.git" ];
};
};
in
{
config =
{
programs.ssh.knownHosts = builtins.listToAttrs (builtins.concatLists (builtins.map
(device:
[{
inherit (device) name;
value =
{
publicKey = "ssh-ed25519 ${device.value.publicKey}";
hostNames =
# 直接访问
[ "${device.name}.chn.moe" ]
# 通过 wirewireguard 访问
++ (builtins.map (net: "${net}.${device.name}.chn.moe")
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net))
# 额外的域名
++ (builtins.map (domain: "${domain}.chn.moe") device.value.extraAccess or []);
};
}]
++ inputs.lib.optionals (device.value ? initrdPublicKey)
[{
name = "initrd.${device.name}";
value =
{
publicKey = "ssh-ed25519 ${device.value.initrdPublicKey}";
hostNames = [ "initrd.${device.name}.chn.moe" ];
};
}])
(inputs.localLib.attrsToList devices)));
nixos.user.sharedModules = [{ config.programs.ssh.matchBlocks =
let genericConfig =
{ forwardX11 = true; forwardX11Trusted = true; forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; };
in builtins.listToAttrs (builtins.concatLists (builtins.concatLists
[
# 直接访问
(builtins.map
(device: builtins.map
(name:
{
inherit name;
value = genericConfig //
{ host = name; hostname = "${name}.chn.moe"; proxyJump = device.value.proxyJump or null; };
})
((device.value.extraAccess or []) ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
# 通过 wireguard 访问
(builtins.concatLists (builtins.map
(net: builtins.map
(device: builtins.map
(name:
{
name = "${net}.${name}";
value = genericConfig // { host = "${net}.${name}"; hostname = "${net}.${name}.chn.moe"; };
})
((device.value.extraAccess or []) ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net)))
]));
}];
};
}

244
devices/cross/wireguard.nix
View File

@@ -1,244 +0,0 @@
inputs:
let
publicKey =
{
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
one = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww=";
srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo=";
srv2-node0 = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
srv2-node1 = "wc+DkY/WlGkLeI8cMcoRHcCcITNqX26P1v5JlkQwWSc=";
srv3 = "a1pUi12SN6fIFiHA9W0N1ycuSz1fWUSpZnjz20OPaBk=";
};
dns = inputs.topInputs.self.config.dns.wireguard;
networks = # 对于每个网络,只需要设置每个设备的 listenPort以及每个设备的每个 peer 的 publicKey endpoint allowedIPs
{
# 星形网络,所有流量通过 vps6 中转
wg0 = let vps6ListenIp = "144.34.225.59"; in
{
devices =
{
vps6 =
{
listenPort = 51820;
peer = builtins.listToAttrs (builtins.map
(peerName:
{
name = peerName;
value =
{
publicKey = publicKey.${peerName};
allowedIPs = [ "192.168.${builtins.toString dns.net.wg0}.${builtins.toString dns.peer.${peerName}}" ];
};
})
(inputs.lib.remove "vps6" (builtins.attrNames publicKey)));
};
}
// (builtins.listToAttrs (builtins.map
(deviceName:
{
name = deviceName;
value.peer.vps6 =
{
publicKey = publicKey.vps6;
endpoint = "${vps6ListenIp}:51820";
allowedIPs = [ "192.168.${builtins.toString dns.net.wg0}.0/24" ];
};
})
(inputs.lib.remove "vps6" (builtins.attrNames publicKey))));
};
# 两两互连
wg1 =
let
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
# 设备之间可以直接连接的子网
# 若一个设备可以主动接受连接,则设置它接受连接的 ip否则设置为 null
subnet =
[
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
(builtins.listToAttrs
(
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps6" "srv3" ])
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ])
))
# 校内网络
(builtins.listToAttrs
(
(builtins.map (n: { name = n; value = getAddress n; }) [ "srv1-node0" "srv2-node0" ])
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" ])
))
# 办公室或者宿舍局域网
(builtins.listToAttrs (builtins.map (n: { name = n; value = getAddress n; }) [ "pc" "nas" "one" ]))
# 集群内部网络
(builtins.listToAttrs (builtins.map
(n: { name = "srv1-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; })
(builtins.genList (n: n) 3)))
(builtins.listToAttrs (builtins.map
(n: { name = "srv2-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; })
(builtins.genList (n: n) 2)))
];
# 给定起止点,返回最短路径的第一跳的目的地
# 如果两个设备不能连接,返回 null;
# 如果可以直接、主动连接,返回 { ip = 地址; };如果可以直接连接但是被动连接,返回 { ip = null; }
# 如果需要中转,返回 { jump = 下一跳; }
connection =
let
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
netToEdges = subnet:
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
in inputs.lib.unique (builtins.concatLists (builtins.map
(dev1: builtins.map
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
devWithAddress));
# 在一个图中加入一个边current 的结构是from.to = null or { ip = "" or null; length = l; jump = ""; }
addEdge = current: newEdge: builtins.mapAttrs
(nameFrom: valueFrom: builtins.mapAttrs
(nameTo: valueTo:
# 忽略自己到自己的路
if nameFrom == nameTo then null
# 如果要加入的边包含起点
else if newEdge ? "${nameFrom}" then
# 如果要加入的边包含终点,那么这两个点可以直连
if newEdge ? "${nameTo}" then { ip = newEdge.${nameTo}; length = 1; }
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
# 如果边的另外一个点到终点可以连接
if current.${edgePoint2}.${nameTo} != null then
# 如果之前不能连接,则使用新的连接
if current.${nameFrom}.${nameTo} == null then
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
# 如果之前可以连接,且新连接更短,同样更新连接
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边包不包含起点但包含终点
else if newEdge ? "${nameTo}" then
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
# 如果起点与另外一个点可以相连
if current.${nameFrom}.${edgePoint2} != null then
# 如果之前不能连接,则使用新的连接
if current.${nameFrom}.${nameTo} == null then
{
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
length = current.${nameFrom}.${edgePoint2}.length + 1;
}
# 如果之前可以连接,且新连接更短,同样更新连接
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
{
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
length = current.${nameFrom}.${edgePoint2}.length + 1;
}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果起点与另外一个点不可以相连,则不改变连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边不包含起点和终点
else
let
edgePoints = builtins.attrNames newEdge;
p1 = builtins.elemAt edgePoints 0;
p2 = builtins.elemAt edgePoints 1;
in
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
if current.${nameFrom}.${nameTo} == null then
{
jump = current.${nameFrom}.${p1}.jump or p1;
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
}
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
else builtins.head (inputs.lib.sort
(a: b: if a == null then false else if b == null then true else a.length < b.length)
[
# 原先的连接
current.${nameFrom}.${nameTo}
# 正着连接
{
jump = current.${nameFrom}.${p1}.jump or p1;
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
}
# 反着连接
{
jump = current.${nameFrom}.${p2}.jump or p2;
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
}
])
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
{
jump = current.${nameFrom}.${p2}.jump or p2;
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
}
# 如果正着连接、反向连接都不行,那么就不更新连接
else current.${nameFrom}.${nameTo})
valueFrom)
current;
# 初始时,所有点之间都不连接
init = builtins.listToAttrs (builtins.map
(dev1:
{
name = dev1;
value = builtins.listToAttrs (builtins.map
(dev2: { name = dev2; value = null; })
(builtins.attrNames publicKey));
})
(builtins.attrNames publicKey));
in builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges subnet));
in
{
devices = builtins.listToAttrs (builtins.map
(deviceName:
{
name = deviceName;
value =
{
listenPort = 51820 + dns.peer.${deviceName};
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
(peerName:
# 如果不能直连,就不用加 peer
inputs.lib.optionals (connection.${deviceName}.${peerName} ? ip)
[{
name = peerName;
value =
{
publicKey = publicKey.${peerName};
allowedIPs =
[ "192.168.${builtins.toString dns.net.wg1}.${builtins.toString dns.peer.${peerName}}" ]
++ builtins.map
(destination:
"192.168.${builtins.toString dns.net.wg1}.${builtins.toString dns.peer.${destination}}")
(builtins.filter
(destination: connection.${deviceName}.${destination}.jump or null == peerName)
(builtins.attrNames publicKey));
}
// inputs.lib.optionalAttrs (connection.${deviceName}.${peerName}.ip != null)
{
endpoint = "${connection.${deviceName}.${peerName}.ip}:"
+ builtins.toString (51820 + dns.peer.${peerName});
};
}])
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
};
})
(builtins.attrNames publicKey));
};
};
in
{
config.nixos.services.wireguard = inputs.lib.mkMerge (builtins.map
(network:
let inherit (inputs.config.nixos.model) hostname;
in inputs.lib.optionalAttrs (network.value.devices ? ${hostname}) { ${network.name} =
network.value.devices.${hostname}
// {
ip = "192.168.${builtins.toString dns.net.${network.name}}.${builtins.toString dns.peer.${hostname}}";
};})
(inputs.localLib.attrsToList networks));
}

15
devices/jykang.xmuhpc/default.nix
View File

@@ -1,15 +0,0 @@
# sudo nix build --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' .#jykang
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' -qR ./result | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&real=/nix/store' --export > data.nar
# cat data.nar | nix-store --import
inputs:
let pkgs = import inputs.nixpkgs (import ../../modules/system/nixpkgs/buildNixpkgsConfig.nix
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; };
});
in pkgs.symlinkJoin
{
name = "jykang";
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
}

3
devices/jykang.xmuhpc/files/.bash_logout
View File

@@ -1,3 +0,0 @@
if [ -z "${CHN_DEBUG-}" ]; then
hpcstat logout
fi

3
devices/jykang.xmuhpc/files/.bash_profile
View File

@@ -1,3 +0,0 @@
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

45
devices/jykang.xmuhpc/files/.bashrc
View File

@@ -1,45 +0,0 @@
# This is really FOLLISH but it works
if [ -z "${BASHRC_SOURCED-}" ]; then
if [[ $TERM == chn_unset_ls_colors* ]]; then
export TERM=${TERM#*:}
export CHN_LS_USE_COLOR=1
fi
if [[ $TERM == chn_cd* ]]; then
export TERM=${TERM#*:}
cd ~/${TERM%%:*}
export TERM=${TERM#*:}
fi
if [[ $TERM == hpcstat_subaccount* ]]; then
export TERM=${TERM#*:}
export HPCSTAT_SUBACCOUNT=${TERM%%:*}
export TERM=${TERM#*:}
fi
if [[ $TERM == chn_debug* ]]; then
export TERM=${TERM#*:}
export CHN_DEBUG=1
fi
export HPCSTAT_DATADIR=$HOME/linwei/chn/software/hpcstat/var/lib/hpcstat
export HPCSTAT_SHAREDIR=$HOME/linwei/chn/software/hpcstat/share/hpcstat
export HPCSTAT_SSH_BINDIR=$HOME/linwei/chn/software/hpcstat/bin
export HPCSTAT_DUC_BINDIR=$HOME/linwei/chn/software/hpcstat/bin
export HPCSTAT_BSUB=/opt/ibm/lsfsuite/lsf/10.1/linux2.6-glibc2.3-x86_64/bin/bsub
${HPCSTAT_SSH_BINDIR}/hpcstat login
if [ "$?" -ne 0 ]; then
exit 1
fi
fi
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
if [ -z "${BASHRC_SOURCED-}" ]; then
export PATH=$HPCSTAT_SSH_BINDIR:$PATH:$HOME/bin:$HOME/linwei/chn/software/scripts:$HOME/.nix/state/gcroots/current/bin
export BASHRC_SOURCED=1
if [ "${HPCSTAT_SUBACCOUNT}" == "lyj" ]; then
export PATH=$HOME/wuyaping/lyj/bin:$PATH
fi
fi
[ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"

21
devices/jykang.xmuhpc/files/.ssh/authorized_keys
View File

@@ -1,21 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXlhoouWG+arWJz02vBP/lxpG2tUjx8jhGBnDeNyMu0OtGcnHMAWcb3YDP0A2XJIVFBCCZMM2REwnSNbHRSCl1mTdRbelfjA+7Jqn1wnrDXkAOG3S8WYXryPGpvavu6lgW7p+dIhGiTLWwRbFH+epFTn1hZ3A1UofVIWTOPdoOnx6k7DpQtIVMWiIXLg0jIkOZiTMr3jKfzLMBAqQ1xbCV2tVwbEY02yxxyxIznbpSPReyn1RDLWyqqLRd/oqGPzzhEXNGNAZWnSoItkYq9Bxh2AvMBihiTir3FEVPDgDLtS5LUpM93PV1yTr6JyCPAod9UAxpfBYzHKse0KCQFoZH chn@chn-PC
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWAfyfDFctbzJTiuK9IPw3yFLqt7vqd/T0/HoZfH/bzLZ8GVeod2oz6kjm3ns0IG94HO5vGMEmQfbK1ZKT2TqA7ve+3wG9seiwfh8xh7Xhl2AnaF0pjHEXnw+w8mTzxCv9qRhsgfHuuBVhH6PguHvk66GKjvNaxTJhlKAyNogOI3jLnw7ODFScldHbJlMYl1pBHV/G/Zeuq0qnA/pkeiFdvlsZUVGD0cCfuoHm8FCfEzv6pfkhVJUH0v5rof8GiT9eg7ntG49Gei1lkH5NosbY8f6fEKNSoOc0dm5g2FaI3D7LJixwQ6rMiJwmPb6A4oHmcJQKokU8uhROQorYLgV7RtrnHu2cHMRW6SiAUvpmvaPPcxn8CbfuSOGDhYRKxNJNtWRK08Urtq9tYD+Fpze4QoZXxN35uvsi3lMA55PK0AsTm/aVGslzHUUzgWtDxcI2pLAm9rFpCRPCY+UC1Xp5vjZoqZXwhJ81qZ7VXWTM2voxCrKAlu+Zg2FaQD5szOU= gb@xmupc1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@xmupc1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@xmupc1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@xmupc1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW2fx1Sim7X2i/e/RBPEl1q/XbV7wa9pmZfnRINHIv24MCUgtNZ5GHEEW7dvzrQBeRj3I7CAyK8fbuhv/l8HuDtjxJJ1fmcBp9UG5vfpb/UTxayJxHBRrwokp2JL7HKVviI6d8FcNa/T0CMoUNYXnel6dE3B78k9Q0dDxlOGS1MzgsP3Pn66lm0ww9FRAVHe+KkhFmwyQ1VHUxHgK4QjCIt7+9+PJE7fK0aVWBsR309pui7Pbm6mgd4d6mwiBeVvxsNGnI4DsO1hz4N2GapuQy19PDiG7A4H41Z5RYQnv/3XTy4TBXOFQm77v6pyGkCmG6BGnRdvMB6C0hWPJvudbsA/BNp4ApL7/CrwTdLp1z6ToAOLvKrUQAM+hcbJimnFVMXqz7iSYg99XTnzue7ncecp19XiaDJbM47bGXcT4nTO5XaiMYi2xGAHIrij5GIuFF5ymKYSp5ejb1VucMdKlaaAmS10+wdUcuT7tzX/IuVr5aqg2dsxT5aJCRhZ1k2V0= xly@xmuhpc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRpyIU8ZuYTa0LvsVHmJZ1FA7Lbp4PObjkwo+UcpCP8 wp@xmupc1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRZp8xp9hVO7e/6eflQsnFZj853IRVywc97cTevnWbg hjp@xmupc1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwUhEAFHjkbUfOf0ng8I80YbKisbSeY4lq/byinV7lh wm
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5bg5cayOLfnfUBJz8LeyaYfP41s9pIqUgXn6w9xtvR lly
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBoDGk9HYphkngx2Ix/vef2ZntdVNK1kbS9pY8+TzI41 yxf
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi6O1Sf1BBV1dYyH1jcHiws+ntwVfV29+6Paq1CQaET hss
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmJoiGO5YD3lbbIOJ99Al2xxm6QS9q+dTCTtlALjYI5f9ICGZJT8PEGlV9BBNCRQdgb3i2LBzQi90Tq1oG6/PcTV3Mto2TawLz5+2+ym29eIq1QIhVTLmZskK815FpawWqxY6+xpGU3vP1WjrFBbhGtl+CCaN+P2TWNkrR8FjG2144hdAlFfEEqfQC+TXbsyJCYoExuxGDJo8ae0JGbz9w1A1UbjnHwKnoxvirTFEbw9IHJIcTdUwuQKOrwydboCOqeaHt74+BnnCOZhpYqMDacrknHITN4GfFFzbs6FsE8NAwFk6yvkNXXzoe60iveNXtCIYuWjG517LQgHAC5BdaPgqzYNg+eqSul72e+jjRs+KDioNqvprw+TcBBO1lXZ2VQFyWyAdV2Foyaz3Wk5qYlOpX/9JLEp6H3cU0XCFR25FdXmjQ4oXN1QEe+2akV8MQ9cWhFhDcbY8Q1EiMWpBVC1xbt4FwE8VCTByZOZsQ0wPVe/vkjANOo+brS3tsR18= 00@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxcIWDQxVyIRqCGR4uWtrh4tLc025+q6du2GVsox8IzmBFkjNY8Au5GIMP5BKRstxFdg3f/wam8krckUN9rv5+OHB9U8HGz77Xs0FktqRVNMaDPdptePZQJ9A9eW3kkFDfQnORJtiVcEWfUBS3pi0QFOHylnG27YyC/Vjx9tjvtJWKsQEVTFJbFHPdi+G7lHTpqIGx+/a2JN9O6uVujXXYvjSVXsd+CWB9VMZMvYCIz2Ecb6RqR3brj4FhRRl8zyCj+J4ACYFdGWL98fTab2uPHbpVeKrefFFA43JOD/4zwBx/uw7MAQAq0GunTV3FpBfIAQHWgftf2fSlbz20oPjCwdYn9ZuGJOBUroryex7AKZmnSYM3biLHcctQfZtxqVPEU3W/62MUsI/kZb9RcF24JRksMoS2XWTiv2HFf5ijQGLXXOjqiTlGncwiKf65DwkDBsSxzgbXk5Uo86viq6UITFXPx/RytU+SUiN4Wb7wcBTjt/+tyQd1uqc7+3DCDXk= 01@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkT/P4MnzxBh8sRi0oQ88duNpY/ejFtptGqUQJVobj23vbu7ju6x/yuXqnHFOLi/IOZgNl5oBhRlJekRL+FWMIwpPBA6MnbVNkHXvwu5kLXVTt0O9dhJfDiPPbYcNjOhw4o8aZMc0oEyz8xZgkPoIehHQda+K5vRhFnYCRgn2X92VY/dW1QqPJKEfN47Tsp00w8wyKixEvuJe8OBEoKDpiZYzbXJKuoKhCdMp0uMHMCojYuYP9rGZO6bHl7Q6cYotGx1jH2pe30Ujtm3Xbm44H1mhXr1K/lhcHfojSge8POqii+eaXSCzqRlXaWyvrL9JLaaRD7GfWDaRWSKDfN8Ha4mnUvRtObRMSLOnr2QOTLJw9QPnlDDxCd1q7yluKraccYnTQQP5JuBwkRqjuJTatd9b18Z14HffmXZNR7asT1sJXK1rWKeLTrZwqxpkuwLAnbr60PVwfMHZeZ6FVPXGZ4wQb22lFHvaZZCEJf+9QDXpDn5L59FlaBYO2Xwojj3s= 02@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOF3LfnQiI8wpsXGn87bt7rbUZcgsdaOSOswk4Vf4dBautEdQZc0q+UDB2TlR2K8L7SPyywpl5z67euN5QRJLEwg8flTybiJp3EKDctYEM22sa36ONcSIJ/iHSdCkwtPXkBYreh9e+MAHfTroIKK5zM/P1QIN3NrknIXpWjLDF73ejrxE+EXRK6jbuWfo+5dnLnDoUFt1e+pYLZos5KRRB94Qt5I79D/cAg3hG+Zl2FCCOpn1hIdLo/kWJTKUPe61oUaIxriV6nCXp/pU1BHlM43hGowiHa4bVZIs8Eo4r7OI9thhSuS2BKSifibBKIicZtntSlS/I3xa5am28YLmrOiEXRsjPom7trO8qIhPfYOc/yFDg1gcpLxyNroCPooPBzPxUqrTT96Q4fDDTaqfyuVxQFxbYoFAqQs8/lw6WcGJ4fGC5JPsPiwoSdQy/B7gCfQcFjPXp1NH8Sx+xMLCmxRqdKSyeiEwoyB0tZ6ngaI73HFhCPX1/rLx3xv0zd/8= 03@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC96jp6qFrWt4651Arg+Ua6AU3CjftZuounKLlZ8s268Lo9Cba+nmoOGRNzefqr+f6/7KmFKd9+jqS3ZnKFQbzRFVzzHHIT7tSlgxFRw+yb553/vgm7z6d0HGd3B7XjpIpR7DrM/unnXtiT/WuX+UIKKQ1S4kHp4fTJxZuwzYgNWDsT7O/5H7nBoRVuUSG/achCzTq5V5WfNjvrGZypCmcCw5MTH3Iab4qQ7fhRK46e/OpgSMmsY1ZuEynIwVtimW4G10MUWZdawN4LHBNsCDBmBu0H1DYBb9AUW5IuifAyFPPlTOPtuzpEganaMwotcXiAwhfPQg1c0TfbB4ZJPow612dzxcflHAJyFy2LXbiG0rF48h0GpW5gY92QkeMQcbybKOS5yVlXynNNg0nL1bx+reu7Fy4jurc0facTaqzpSiyXsBLSOva+DZrxl2MBDLEdykkQMNIY69GeeC2XIN4tbfGDYU8VVtwnXJUkmeHAge5ypI1kkPhYRDxPDspym9M= 04@xmuhpc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9FmT0i2j9JsnyeVrEZP8gaWHnc5NnhJgb1sP8MP/pjx/GMEkms2LQvZYNw8MQvGA6HH/O2acy5NIdD69QkRlALXZlWpUQco8JDuJe7+2xkTMGPOAqB5YLMHRpFGHUmDMuSFGSg2YyLXaWXoWmib5xAvTL95xAcdNgp5xqWvO2N55edDeVOY5cTmIE2vC0nm5JSjMEMcIuqL8yJ3AweN4JkD8CVVy3po8f+krKsaYB+f21MqqSnCQ/cpKlWHuMN9k85hP/FB1E7gBXW/MuZ1uOm4IzjBhj8tYVN0UY7Mo2/9PhFqoBKGr6vs7Nx1mXBJ/A1lIKvW+ROvQ9ADpOfww6kPuHbX16gQ55JG7zneWeiP5pVaI4YZ4O1vAvARw/SaSFhRdpymPs5r+wdIDV9gGoqORrYqoPBz7Q02V71W+EV7WFAgxiJozO0vZwD9JJ2zivyIJfcVtIOMIvEhfsha7Hviut4JIOyoaEHjIZYsmvYHEeEBA4pTUHIUZlZj/St7U= 05@xmuhpc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRWge2+B1Et03n/B4ALBcAnjvtWPPmcFAoIlLP8oFkB hpcstat

165
devices/jykang.xmuhpc/files/.vaspkit
View File

@@ -1,165 +0,0 @@
# cp how_to_set_environment_variables ~/.vaspkit and modify the ~/.vaspkit file based on the settings in your supercomputer!
# All environment variables are case sensitive.
VASP5 = .TRUE. # .TRUE. or .FALSE.; Set .FALSE. if you are using vasp.4.x
LDA_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/POTCAR/PAW_LDA
PBE_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/POTCAR/PAW_PBE
GGA_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/POTCAR/PAW_PW91
VASPKIT_UTILITIES_PATH = /data/gpfs01/jykang/linwei/chn/software/vaspkit-1.4.1/utilities
PYTHON_BIN = /data/gpfs01/jykang/linwei/chn/software/scripts/chn_python3.sh
POTCAR_TYPE = PBE # PBE, PW91 or LDA; Set PBE if you want to make PBE-POTCAR file
GW_POTCAR = .FALSE. # .TRUE. or .FALSE.; For example, H_GW, O_GW will be chose when POTCAR_GW set to .TRUE.
RECOMMENDED_POTCAR = .TRUE. # .TRUE. or .FALSE.; The recommended PAW potential will be chose when RECOMMENDED_POTCAR set to .TRUE.
SET_FERMI_ENERGY_ZERO = .TRUE. # .TRUE. or .FALSE.; The Fermi Energy will be set to zero eV when SET_FERMI_ENERGY_ZERO set to .TRUE.
SET_MINI_INCAR = .FALSE. # .TRUE. or .FALSE.; A simplified INCAR will be written when MINI_INCAR set to .TRUE.
USER_DEFINED_INCAR = .FALSE. # .TRUE. or .FALSE.; whether to use embedded INCAR templates or user defined INCAR templates
WRITE_SELECTIVE_DYNAMICS = .FALSE. # .TRUE. or .FALSE.; the selective dymanics set will be forced to write when SET_SELECTIVE_DYNAMICS_MODE set to .TRUE.
GET_DOS_FROM_HYBRID_BAND = .FASLE. # .TRUE. or .FALSE.; whether to calculate DOS using optimized tetrahedron method in the hybrid band strucutre calculations
ADVANCED_USER = .TRUE. # .TRUE. or .FALSE.; Please fill in your settings in the block 'USER_DEFINED' if you want vaspkit to integrate your own scripts in the 'UTILITIES' file.
SET_INCAR_WRITE_MODE = OVERRIDE # OVERRIDE, APPEND, BACK-UP-OLD,BACK-UP-NEW; "Customize INCAR File" whether to override existing or appending existing INCAR/backup existing INCAR to INCAR.old && write into INCAR/write into INCAR.new
APPLY_SCISSOR_CORRECTION = .FALSE. # .TRUE. or .FALSE.; whether to rigidly shift of the conduction band with respect to the valence band of nonmagnetic semiconductors to matches with that of the experimental, HSE or GW value (default: .FALSE)
APPLY_PHS_CORRECTION = .FALSE. # .TRUE. or .FALSE.; whether to make PHS correction during linear optical calculations. More details are given in Comput. Mater. Sci. 172 (2020) 109315
NORMALIZE_ORBITAL_WEIGHTS = .FALSE. # .TRUE. or .FALSE.; whether to normalize orbital-projected weights in each state (default: .FALSE.)
REORIENTATE_LATTICE_VECTORS = .FALSE. # .TRUE. or .FALSE.; reorientate lattice vectors when build supercell or heterojunction or not (default: .FALSE.)
GET_IRREDUCIBLE_KPOINTS = .TRUE. # .TRUE. or .FALSE.; Control whether to generate k-points in the symmetry-irreducible wedge of the Brillouin Zone (default: .TRUE.)
FACTOR_ENCUT2NPWS = 0.262465831d0 # Adjust the final decimal place (or one beyond that) of this parameter if you encounter an error message saying that “Error: the calculated NPWS is not equal to the read NPWS”.
SYMMETRY_TOLERANCE = 1E-5 # Tolerance in Cartesian coordinates to find crystal symmetry, compatibility with SYMPREC (default: 1E-5)
LATTICE_TOLERANCE = 0.2 # Float lattice tolerance for the lattice vectors (default: 0.2 angstrom)
ANGLE_TOLERANCE = 0.2 # Float angle tolerance for the lattice vectors in degrees (default: 0.2 degree)
EMIN = -20.0 # Minimum energy for evaluation of DOS (default: -20.0 eV)
EMAX = 20.0 # Maximum energy for evaluation of DOS (default: 20.0 eV)
SIGMA = 0.2 # The width of the smearing to calculate DOS from eigenvalue (default: 0.2 eV)
NEDOS = 2001 # Number of grid points in DOS (default: 2001)
GAMMA_CENTERED = .TRUE. # .TRUE. or .FALSE. (default: .TRUE.).
VACUUM_THICKNESS = 15.0 # The thickness of vacuum to build slab or 2D materials (default: 10 angstrom)
CENTER_SLAB = .TRUE. # Center the slab in the z direction; (default: .TRUE.)
# New added in Version 1.3.0
MAX_ATOM_NUMBER = 10000 # The maximum number of atoms to screen heterostructures (default: 10000)
MIN_ATOM_NUMBER = 1 # The minimum number of atoms to screen heterostructures (default: 1)
MIN_LATTICE_ANGLE = 0.0 # The minimum lattice angle to screen heterostructures (default: 0.0)
MAX_LATTICE_ANGLE = 180.0 # The maximum lattice angle to screen heterostructures (default: 180.0)
GET_INTERPOLATED_DATA = .FALSE. # .TRUE. or .FALSE.; Whether to interpolate the grid data of charge/spin density, potential, band structure, etc. (default: .FALSE.)
INTERPOLATION_SPACING = 0.04 # Determines the number of interpolation grids, in unit of A in real-space or 1/A in reciprocal space (default: 0.04)
INTERPOLATION_METHOD = 'cubic' # 'linear', 'cubic' (3rd order-spline interpolation), quartic (4th order-spline interpolation), or FFT available only for 2D and 3D grids (default method: 'cubic')
AUTO_SUBMIT_JOB = .FALSE. # .TRUE. or .FALSE. (default: .FASLE.). Whether to auto-submit vaspkit or vasp job or not.
SUBMIT_JOB_COMMAND = 'qsub job.sh' # The command line to submit job
AUTO_PLOT = .TRUE. # TRUE. or .FALSE. (default: .FASLE.). Whether to auto-plot data graphs in the post-processing.
# New added in Version 1.4.1
REDUCE_FERMISURFACE_FILE = .FALSE. # TRUE. or .FALSE. (default: .FASLE.). Whether to write only the bands which cross the Fermi energy.
WEIGHT_THRESHOLD = 0.00 # Threshold value of spectra weight in the band structure unfolding.
# New added in Version 1.5.0
CENTER_DEFECT_POSITION = .TRUE. # Move the position of defect to the center of the supercell; (default value: .TRUE.)
VACUUM_THICKNES = 10 # Vacuum thickness (default value: 10 Angstrom).
UNWRAP_TRAJECTORIES = .TRUE. # Unwrap MD trajectories or not; (default value: .TRUE.)
#USER_DEFINED
#Synopsis:The first parameter is the command-id,starting with 'u'; the second is the interpreter, like 'python/bash/perl'(Please left it blank if you are using an executive binary); the third is the name of a script or an executive binary; the fourth one is a switch, if any extra argv is needed, please set if .TRUE. ; the last on is the description, MUST use '_' as delimiter.
# id interpreter script argv description
#Example1 'u1 python get_entropy.py .TRUE. get_entropy'
#Example2 'u2 hello.exe .FALSE. ls '
u1 python get_entropy.py .TRUE. get_entropy_for_adsorbate
u2 python bader2pqr.py .FALSE. bader2pqr
#END_USER_DEFINED
#+------------------------------------------------------------------------------------------------------------------+
#| Customize VASP job script |
#| Must copy the block from #BEGIN_CUSTOMIZE_JOB_SCRIPT to #END_CUSTOMIZE_JOB_SCRIPT |
#+------------------------------------------------------------------------------------------------------------------+
#BEGIN_CUSTOMIZE_JOB_SCRIPT
#PBS -N name
#PBS -o out
#PBS -e err
#PBS -l nodes=2:ppn=4
#PBS -r y
cd $PBS_O_WORKDIR
mpirun -np 8 vasp_std > vasp-out
#END_CUSTOMIZE_JOB_SCRIPT
#+------------------------------------------------------------------------------------------------------------------+
#BEGIN_CUSTOMIZE_PLOT
#+------------------------------------------------------------------------------------------------------------------+
#| WARNNING! The character-type values of plot variables are case sensitive and must be enclosed in single quotes. |
#+------------------------------------------------------------------------------------------------------------------+
# https://matplotlib.org/3.3.3/tutorials/introductory/customizing.html
# https://matplotlib.org/tutorials/text/text_props.html
# https://github.com/rougier/matplotlib-cheatsheet
# Advanced Features of VASPKIT Pro version
figure_format = 'pdf' # string type (default: 'jpg'). Options: 'png', 'pdf', 'eps', 'jpg', etc.
figure_height = 4.0 # float type (default: 4.0). The height of the figure.
figure_width = 5.0 # float type (default: 5.0). The width of the figure.
dpi = 400 # integer type (default: 400). The resolution of the figure in dots-per-inch.
set_tight_layout = .FALSE. # .TRUE. or .FALSE (default: .FALSE.). Automatically adjust the padding between and around subplots.
# Global settings =
figure_style = 'default' # string type (default: 'default'). Options: 'default', 'classic', 'grayscale', 'seaborn', 'bmh', 'seaborn-notebook', etc.
font_family = 'arial' # string type (default: 'arial'). Options: 'fantasy','arial','sans-serif', 'monospace', 'cursive', 'serif', etc.
global_fontsize = 12.0 # float type (default: 15.0).
label_fontsize = 12.0 # float type (default: 15.0).
number_format = '%.3f' # string type (default: 15.0).
# Legend-related settings =
show_legend = .TRUE. # .TRUE. or .FALSE (default: .TRUE.).
legend_location = 'best' # string type (default: 'best'). Options: 'best', 'upper right', 'upper left', 'lower left', 'lower right', 'right', 'center left', 'center right', 'lower center', 'upper center', 'center', etc.
legend_fontsize = 12.0 # float type (default: 14.0).
=
# Line-related settings =
line_colors = ['b', 'g', 'r', 'm'] # string type (default: 'blue'). Options: 'red', 'green', 'cyan', '#4c005c', etc.
line_styles = ['-', '-', '-', '-'] # string type (default: '-'). Options: '-' or solid, '--' or 'dashed', '-.' or 'dashdot', etc.
line_widths = [1.5, 1.5, 1.5] # float type (default: 1.5).
line_alpha = [1.0, 1.0, 1.0] # float type (default: 1.0). 0.0< alpha <=1.0, adjust the transparency of each line (by default, alpha=1.0)
fill_areas = .FALSE. # .TRUE. or .FALSE (default: .FLASE.). Fill the area between two horizontal curves.
# Marker-related settings =
#marker_colors = ['blue', 'cyan', 'red', 'magenta', 'orange', 'lawngreen', 'deeppink', 'brown', 'dodgerblue']
marker_symbols = ['o','o','o'] # string type (default: 'o'). Options: 'o': Circle, 'x': Cross, '+': Plus sign, 'D': Filled diamond, 's': Square, '^': Triangle, etc.
marker_colors = ['#0db14b', '#4c005c', '#d93b2b','#0075dc', '#740aff', '#993f00', '#4c005c', '#426600']
marker_sizes = [60, 60.0, 60.0] # float type (default: 10.0).
marker_scale = 1.0 # float type (default: 1.0). marker_sizes = marker_sizes * marker_scale
marker_alpha = [0.8, 0.7, 0.6, 0.5, 0.4] # float type (default: 1.0). 0.0< alpha <=1.0), adjust the transparency of markers (by default, alpha=1.0)
# Tick-related settings =
#x_label = 'Wave vector' # string type (No default value).
#y_label = 'Energy (eV)' # string type (No default value).
#z_label = 'k$_x$ ($\\mathrm{\\AA}$)' # string type (No default value).
#x_limits = [-8.0, 8.0] # float type [xmin, xmax] (No default value).
#y_limits = [-8.0, 8.0] # float type [ymin, ymax] (No default value).
#z_limits = [-8.0, 8.0] # float type [zmin, zmax] (No default value).
#x_major_locator = 2.0 # float type (No default value).
#y_major_locator = 2.0 # float type (No default value).
#z_major_locator = 2.0 # float type (No default value).
#x_minor_locator = 1.0 # float type (No default value).
#y_minor_locator = 1.0 # float type (No default value).
#z_minor_locator = 1.0 # float type (No default value).
# contour-related settings
colormap = 'RdBu' # string typ (default: 'jet'). Options: 'jet', 'hsv', 'viridis', 'gray', etc.
contour_levels = 5 # integer type (default: 5).
contour_limits = [0.0, 0.5] # float type (No default value).
display_colorbar = .FLASE. # .TRUE. or .FALSE (default: .FLASE.).
display_level_value = .FLASE. # .TRUE. or .FALSE (default: .FLASE.).
display_contour = .FLASE. # .TRUE. or .FALSE (default: .FLASE.).
colorbar_shrink = 0.5 # float type (default: 0.4).
colorbar_orientation = 'vertical' # 'horizontal' or 'vertical' (default: 'horizontal')
# 3D-plot related settings
elevation = 12.0 # float type (default: 12).
azimuth = 24.0 # float type (default: 23).
display_coordinate_axes = .TRUE. # .TRUE. or .FALSE (default: .TRUE.).
display_brillouin_zone = .TRUE. # .TRUE. or .FALSE (default: .TRUE.).
axis_length = [1.0, 1.0, 1.0] # Determine the length of each axis
box_linewidth = 1.0 # Specify the transparency level for the lines of the box or Brillouin zone
box_linealpha = 1.0 # Evaluate the line width of the box or Brillouin zone
# XKCD sketch-style related settings
xkcd_style = .FALSE. # .TRUE. or .FALSE (default: .FLASE.). Turn on xkcd sketch-style drawing mode or not.
xkcd_scale = 1 # float type (default: 1.0). The amplitude of the wiggle perpendicular to the source line (default: 1).
xkcd_length = 100 # float type (default: 100.0). The length of the wiggle along the line (default: 100).
xkcd_randomness = 2 # float type (default: 2.0). The scale factor by which the length is shrunken or expanded (default: 2).
# band structure related settings
disconnecte_band_paths = .TRUE. # .TRUE. or .FALSE (default: .TRUE.). Turn on disconnected band paths drawing mode or not.
#END_CUSTOMIZE_PLOT

2
devices/jykang.xmuhpc/files/linwei/chn/software/hpcstat/bin/bsub
View File

@@ -1,2 +0,0 @@
#!/usr/bin/env sh
hpcstat submitjob "$@"

44
devices/nas/default.nix
View File

@@ -1,44 +0,0 @@
inputs:
{
config =
{
nixos =
{
model = { type = "desktop"; private = true; };
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/627D-1FAA" = "/boot";
btrfs."/dev/mapper/root3" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/dev/mapper/swap" ];
rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
};
initrd.sshd = {};
nixpkgs.march = "silvermont";
networking = {};
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
sshd = {};
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
};
beesd."/".hashTableSizeMB = 10 * 128;
nfs."/" = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc";
};
};
};
}

27
devices/nas/secrets.yaml
View File

@@ -1,27 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
wireguard: ENC[AES256_GCM,data:JaOSq474mGOoQQcdJ/j9fYo2e1vjXMPxJ69TOd079FrSkbzbIteWww5f8Xo=,iv:uy/NC2+tibL61XJDZK/spKjV9u0oXK4YzjFjYmCAL0k=,tag:en+c8cHaPvDqJL+EpQjr0g==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
-----END AGE ENCRYPTED FILE-----
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-19T01:47:25Z"
mac: ENC[AES256_GCM,data:J79zVjfGgptSjh+ShPBOd+lJ9i+NuS2Uw7P4ZvF7xeahn7fbT8bercsBv1F1USwW2ituTBMZFmxaspGjAD+azEM2X7zSJnVtbKr+T9FY6i2N+kPIxdseyw93JLZ1pPTy9bQeXRAJYlJHyEw4zHEpMBbWSI88I+i43s2xkScwEuU=,iv:4Ge0dHPxa4zF++0eeHy8fH7t5ndFznhFAKnrV7WOOXs=,tag:+UG3b93zFo/EfOfCQrPoBg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

44
devices/one/default.nix
View File

@@ -1,44 +0,0 @@
inputs:
{
config =
{
nixos =
{
model = { type = "desktop"; private = true; };
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/one-boot" = "/boot";
btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root"; offset = 4728064; };
rollingRootfs = {};
};
nixpkgs.march = "tigerlake";
};
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
services =
{
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
};
beesd."/".hashTableSizeMB = 64;
sshd = {};
kvm = {};
};
bugs = [ "xmunet" ];
};
};
}

32
devices/one/secrets.yaml
View File

@@ -1,32 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:GmfSlDQjO4aBq3u50jnFjOR9VxamYHzokUrO9IpIGuBx0j8e,iv:++O2wBUCnHDPowRgtxPQJQePXP2Cda74WXQvlKHbHNw=,tag:XDWhiXwT718RgrBw7L5yzw==,type:str]
wireguard: ENC[AES256_GCM,data:OuduClOu9y9adCcV1+U/NLp/t1yWPkuyptproTJv4beImptrLOVGbhb5fb8=,iv:qa1jpzAlUEhPBznZw6j4CYquTCpmNZ+uNbyHjH2qGy4=,tag:+5I2CRuyCAMSy74xVtdJGA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOUJWMm5xT040cEoxQit5
ZnhhQWVyWjlnejhzQlEvVVg3ZGVJb05iL1hjCnF5bzFTUTZFYkNQR0k5U0xmOW1t
TXhsRHFIeVBBSXc1UURON2M4MDlTMEUKLS0tIGdSbTdZdmdjY0dmNjkrRjd0VkhK
eWV6SDJqT1B2MEp1MURkV0E4S3Z0Zm8KX9lEjG4u2QRe1zH+13rbedCWl1B7vvl8
2iMHj1qQ4JkCeq83llEH5IuDXKYnKKXSi8l3nU/l6Aw6yx/KHDFK/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2K3VKTVJqMTl2cWxUZHhM
OVg5ZjN0VGNpVXQ5M1FKZHloZ0ZnWTZ2ZWowCjJIYTlhRU8wd1JienlUTHIwWXYw
eFY1d2MxeStBd013VmszbTUzTkF6U2cKLS0tIDdDNXp4OTdQRjN0MGdIOS9oSldU
ZW5PT3VYZWhDMkZUeHViZE41eUhna2sKc8J8mJ8ge9KMb5p6Xi/vRIIXZMEj6Ih+
LjLKsgDfMbqNqKaQXSvC3tbvI/dDoiStyCsf4rkTY9QOkyEI80MtXg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T10:44:01Z"
mac: ENC[AES256_GCM,data:Sso6g9UEH7faygbcrypsnB/4h8cIwveLdVI+YgDDfTHMC5nxXj+xtfFHhzao1pkyvF0avUVjsMVXLRcB48eDcbZdXwBvoNKg0mpL7VAeOnDuwElI6GGpRVTaOsZC9LT9d1kuGkmavMljCvmaA3sPLZsvW3Hqjdicj+suMoQJ/nE=,iv:DYf0m9PfJ1qx3gI/6T6ByxJWHrdVGgiNMCVhcBOrgBw=,tag:Ddw2HFuCmk6PFnxF4G13hQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

BIN
devices/pc/bios/Bootx64.efi LFS
View File

Binary file not shown.

BIN
devices/pc/bios/DisplayEngine.efi LFS
View File

Binary file not shown.

BIN
devices/pc/bios/SetupBrowser.efi LFS
View File

Binary file not shown.

BIN
devices/pc/bios/UiApp.efi LFS
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Default.icm LFS
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native.icm LFS
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native_HDR.icm LFS
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_REC709.icm LFS
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_sRGB.icm LFS
View File

Binary file not shown.

171
devices/pc/default.nix
View File

@@ -1,171 +0,0 @@
inputs:
{
config =
{
nixos =
{
model = { type = "desktop"; private = true; };
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
btrfs."/dev/mapper/root1" =
{
"/nix" = "/nix";
"/nix/rootfs/current" = "/";
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
};
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.nas"}:/" =
{ mountPoint = "/nix/remote/nas"; hard = false; };
};
luks.auto =
{
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root1" ]; };
};
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = {};
};
grub.windowsEntries."08D3-10DE" = "Windows";
nix.marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# SAHF FXSR XSAVE RDRND LZCNT HLE
"haswell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
nixpkgs = { march = "znver4"; cuda.capabilities = [ "8.9" ]; };
kernel.variant = "cachyos-lts";
sysctl.laptop-mode = 5;
};
hardware =
{
cpus = [ "amd" ];
gpu = { type = "nvidia"; nvidia.dynamicBoost = true; };
legion = {};
};
services =
{
samba =
{
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd = {};
xray.client =
{
enable = true;
# TODO: remove on next month
xray =
{
serverAddress = inputs.topInputs.self.config.dns."chn.moe".getAddress "xserver.srv3";
serverName = "xserver.srv3.chn.moe";
};
dnsmasq.hosts = builtins.listToAttrs
(
(builtins.map
(name: { inherit name; value = "144.34.225.59"; })
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
++ (builtins.map
(name: { inherit name; value = "0.0.0.0"; })
[ "log-upload.mihoyo.com" "uspider.yuanshen.com" "ys-log-upload.mihoyo.com" ])
)
// {
"4006024680.com" = "192.168.199.1";
"hpc.xmu.edu.cn" = "121.192.191.11";
};
};
acme.cert."debug.mirism.one" = {};
nix-serve = {};
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
beesd."/" = { hashTableSizeMB = 4 * 128; threads = 4; };
slurm =
{
enable = true;
master = "pc";
node.pc =
{
name = "pc"; address = "127.0.0.1";
cpu = { sockets = 2; cores = 8; threads = 2; };
memoryGB = 80;
gpus."4060" = 1;
};
partitions.localhost = [ "pc" ];
tui =
{
cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
gpuQueues = [{ name = "localhost"; gpuIds = [ "4060" ]; }];
};
};
ollama = {};
docker = {};
ananicy = {};
keyd = {};
searx = {};
kvm = {};
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
nfs."/" = "192.168.84.0/24";
};
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
packages = { android-studio = {}; mathematica = {}; vasp = {}; };
user.users = [ "chn" "test" ];
};
boot.loader.grub =
{
extraFiles =
{
"DisplayEngine.efi" = ./bios/DisplayEngine.efi;
"SetupBrowser.efi" = ./bios/SetupBrowser.efi;
"UiApp.efi" = ./bios/UiApp.efi;
"EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
"nixos.iso" = inputs.topInputs.self.src.iso.nixos;
};
extraEntries =
''
menuentry 'Advanced UEFI Firmware Settings' {
insmod fat
insmod chain
chainloader @bootRoot@/EFI/Boot/Bootx64.efi
}
menuentry 'Live ISO' {
set iso_path=@bootRoot@/nixos.iso
export iso_path
search --set=root --file "$iso_path"
loopback loop "$iso_path"
root=(loop)
configfile /boot/grub/loopback.cfg
loopback --delete loop
}
'';
};
# 禁止鼠标等在睡眠时唤醒
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
# 允许kvm读取物理硬盘
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
networking.extraHosts = "144.34.225.59 mirism.one beta.mirism.one ng01.mirism.one";
services.colord.enable = true;
};
}

44
devices/pc/secrets/default.yaml
View File

@@ -1,44 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:XU7/GZ8cJmDwNsrQfoFHrquZT5QkjvTPZfnghX3BLyvPLlrX,iv:e/BQkZ5ydWD4P/qT9OUloB8/cXImfkG3YZnuIeNLoTc=,tag:EW3ZBzGnyIrUfcMeJqm4aA==,type:str]
store:
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
redis:
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
wireguard: ENC[AES256_GCM,data:9QoVM69efr3+UGEo/GPY6IBBxfcqE+3erRTrqSdeTf4XziVMlzWTMdhV9jU=,iv:3abQtZ8cpejqXsJPx6SvSS2cXAKMDkEKEhl9LE319RQ=,tag:1uBPK/0VLPPMzj4rl+iQMQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:fGvNMmqk7Cee28VJ1QoBVrBbgIUbj/F1W0SRjdP8N4K/M8Wx4AVm1kAr0IAhPWyDLXlIjM1NUvuEV5BpYDBdjg==,iv:rFTMJ4x2kgENQUA8ftSaLjdOc25i5mWR3UYbdq54vjs=,tag:6feD0eCSv7bcHWBveLNJwg==,type:str]
nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
searx:
secret-key: ENC[AES256_GCM,data:KhIP+Rz3rMfNgPEGTlKGvm6gl1/ZuPI=,iv:GcaLEJHKJO3n6IaeiFr9PaJ6eNx04/VjX3UgmBF429g=,tag:HkplyH9hTHUaEZ709TyitA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcDBqZldlajB1RURQVW03
TWJTaDlvVEYvZDd5dXBJV0c2V3FGY0laMUZ3CkxjQUtLRHBOZkQ4Mk5JTGd5V0M4
VUJ5aHJGSDl0MWpDSTNnQ2RSRnpPQ0kKLS0tIFA2em42NXNmZkJZWCs1Tmxia1VV
RnRPQ05LTDZTOEY3OWVMdmhHTTRKT1EKyBnGiEpkJ9TUGMSne5RUX5U4Nc49gXOn
8q6IeBWnI3mkVA0PElAThSpXLMMzq01uDrcZEeE9BocyU7Y/JRbUMA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeEw5YWpQNXM2dWpVY3Uw
bjBFQmVKeDlqYUFPNGhwVlVwdTdDaDY2bUNNCmJncHhrbHplU2ZvTHROcU1LNzBE
dnRlOFF2eXhHKzZ5VzQvS3RPb3FsWTAKLS0tIHNDcmdGTWl1VTREaVJXR1VzSUs0
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-24T11:27:02Z"
mac: ENC[AES256_GCM,data:uNkThOX3NEUeiaJVavZ0rCpQRT+GbRXADiMuAwb/tg38fBrKQeUO9ohicl/UfiDFRTfCaiuH3T757jX2b51go2s0B6n7DOvPYYZ5EWGnM69RFxrdDfWfge8n8/SHmuKR9dPJb/eSa8HAs8uDnqBPoR5SqG5lnyZs3a7P/kjK2T4=,iv:snmnuYmcuyhGs4YrIGFLmDffFE9yecB/vsM0MvxBR4k=,tag:vbqA7jvVCFHvLoLmKbfO4g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2

24
devices/pc/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-02-24T05:48:31Z",
"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

69
devices/srv1/default.nix
View File

@@ -1,69 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
};
hardware.cpus = [ "intel" ];
services =
{
sshd.passwordAuthentication = true;
slurm =
{
enable = true;
master = "srv1-node0";
node =
{
srv1-node0 =
{
name = "n0"; address = "192.168.178.1";
cpu = { sockets = 4; cores = 20; threads = 2; };
memoryGB = 112;
};
srv1-node1 =
{
name = "n1"; address = "192.168.178.2";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryGB = 112;
};
srv1-node2 =
{
name = "n2"; address = "192.168.178.3";
cpu = { sockets = 4; cores = 8; threads = 2; };
memoryGB = 56;
};
};
partitions =
{
n0 = [ "srv1-node0" ];
n1 = [ "srv1-node1" ];
n2 = [ "srv1-node2" ];
all = [ "srv1-node0" "srv1-node1" "srv1-node2" ];
};
tui.cpuQueues =
[
{ name = "n0"; mpiThreads = 8; openmpThreads = 10; }
{ name = "n1"; mpiThreads = 8; openmpThreads = 4; }
];
};
};
packages.vasp = {};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" ];
};
};
}

33
devices/srv1/node0/default.nix
View File

@@ -1,33 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.cluster.nodeType = "master";
system =
{
nixpkgs.march = "cascadelake";
networking.static =
{
eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
eno146 = { ip = "192.168.178.1"; mask = 24; };
};
};
services =
{
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
beesd."/" = { hashTableSizeMB = 128; threads = 4; };
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
};
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
};
# allow other machine access network by this machine
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
# TODO: why?
networking.firewall.trustedInterfaces = [ "eno146" ];
};
}

34
devices/srv1/node0/secrets.yaml
View File

@@ -1,34 +0,0 @@
wireguard: ENC[AES256_GCM,data:B5YdOhpXruQY1Hqb7hpIyPZinSNG+Ub/jE2/hiwZT2WCHjT6Ujz/W8eKbuk=,iv:XcfZb34SjYEsxvo6HEGCd7wy0dsrNIEJ0bORznZZceA=,tag:uFlbepSwch2wJCRITlVNTA==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:6JzTyJ+GVzLd0jWfvCc2dBdBVWz6RFH/8Gr73TNz6dNCyQjG,iv:ddGpYbIHN9PV3w6Oh65vEvv82jTChxgMdltIRPz++DY=,tag:nbFFk3S/y0hS3NFWGLPVJQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:IoRiruMV+bdf4qTSQBy9Npoyf1R0HkTdvxZShcSlvxlz7uKujWnlH4fc5eR6yytHcEZ9uPLib9XbGojUQOFERA==,iv:E0ac0DyhplaHEc2WmcXY0Fjpkt/pnY9PaATe0idqCRA=,tag:Vo/DBIUO6DBFCXQ1RLrchg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUpac093NWh3bnZqWkFY
WGorTlk3WWJRb0RYVWVQc1JacU9GZDhFN0RnCkJkQnJoTkZtYkFEQ1JDZXA1Qzdp
dWxtc3RFbUd4TEZobXBQVWVlL3VETVEKLS0tIExoMUNidEZob2dtTWhmS0VHbDJn
RFNiU0xMOG1UNVY5TTYrcW1GTnIwb0kKyCl+eqpGtqN047+t1C/c1prIaP3tm1jk
1ObtsmGwCxDyIkayqB3WF9DWhNHipXHZXrWT+JQJTD30BABBex+ufg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WXJ0dmh3RTBMci9pVVh6
cWsyNHVub2U1RFhLSnJPSFI1S2lGV21nYm1ZCll2TUQybmtaaTdYd0dGSXVNV1Y3
TC9zbWJQOENsQm1Nc1ZwUTMvczJGK0UKLS0tIHJRemNhdWpRa1pkRnhTZjhCODNM
OThDMWRsWnVTbzRGTTZqSDBkNWZJMlEKdQ/ipO7O5OvaGa81c2P7fi1ncufueSzX
2njlHHz1gJCtjpktYaVvS6KSYtJoI9oNrF0YN5D/3kKW8TicsSGKaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T10:44:35Z"
mac: ENC[AES256_GCM,data:lfckL0SJXq+eY3d9SUHihE4Alp6VAI7ugoQygMsphi91yvmAZ1YBbrTVxjzQpL1dT+7zhOhzE2dTqCLXUl1gjbYYo1S6zco73EdU4k/AX3LEAhCJCxG1LVvN/Kf+XoMSauFM7z+E8zZJCvT9/Jijxy/Ty/XBoP9z7gmpQSuRntI=,iv:5hVa0bsv3B9/I+BSxNYOYHFRnM3BfP8GvhlM65lWLFo=,tag:gs2NOe7h6AqYbmCBUMd9FA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

19
devices/srv1/node1/default.nix
View File

@@ -1,19 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "broadwell";
networking.static.eno2 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
};
services.beesd."/".threads = 4;
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

30
devices/srv1/node1/secrets.yaml
View File

@@ -1,30 +0,0 @@
wireguard: ENC[AES256_GCM,data:D4ukKVu4yn3hS3AZJqt3XTgZNbt44Vyiu6I5lCNw9c/VEqXBx3GDlKdcVPY=,iv:S1S0sU0vQcTahFI+GyBz1n/0LVsK3ImFDuLtuQxmgik=,tag:oZ1NWOCcsRb+kjfq/LcL2w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRXgwcllHZmZHcHZmZllq
c2NrbnFSaVVBTnhSNk9Pb1ZSWGp6UlVaanlVCkNObzcwUlYwZDdyOTByOXA5M0lz
QTJQMFcvWGY2VmZFS1kydjJSWmgyazQKLS0tIEs0VHZJckcyZUZaWURqZjdoQkVI
Zzl2RUFBRCtuMkpidWU1cmZlZWU0OEEKyMO8I43PiG+1Eu/8aKuNPKeA50P1bSyD
Nv5xyKaqcs6737Gw/zk0tY7EkeeruDfemxgsb527g3hYogHNXr9oOw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcEo5a2srUTlhWXFQd2FJ
YmtBMzJqZE53R0J6TG80UWxMQ1A1WEpFNzJFCkJBSWQ3S2pTVnpGZ2JlRnpBYU1J
UWRKdEduQ1JMQ05GejVaakZYNzh4STgKLS0tIFBMVTN1MDcwVERucmoyWm5MQWcz
cWpEMWU1TjZKbnFTWm4xY2QwdWx3aFkK0O6p2piq8RKOcSTT49i0pnlt+gOk+QMF
r+EJU0zobWwe3PrDg8jjw5HpMxrpDzHcD0XMnVQW0Fd9pn6n4VfpUw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-16T05:03:27Z"
mac: ENC[AES256_GCM,data:13eXFmTRo9lZvQ3+iApHuei5r/OCSCs2gxqEe3nmavQgq1kQXKcD+4ciS/Shd9CJFZrjAu9oRByu5ZeZOnj11u6z3EmnXIwHptMEZe+N6r+Z2uKcBUa/TSJBnYcCrMQ1NM16GXRTi1bwpx4iT4v377lgd1orCa5C10iD6W3/9b0=,iv:FBGi1hSAu0Bz5NKz4mixfbUXbjI725RHccmEO4/jumo=,tag:vCHzTsTV7kJKNapFTxS55A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

32
devices/srv1/node2/default.nix
View File

@@ -1,32 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
nixpkgs.march = "broadwell";
networking.static =
{
br0 = { ip = "192.168.1.12"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
eno2 = { ip = "192.168.178.3"; mask = 24; };
};
fileSystems.mount.btrfs."/dev/disk/by-partlabel/srv1-node2-nodatacow" =
{ "/nix/nodatacow" = "/nix/nodatacow"; "/nix/backups" = "/nix/backups"; };
};
services =
{
xray.client.enable = true;
beesd."/".threads = 4;
kvm.nodatacow = true;
};
};
boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "eno2" ];
# add a bridge for kvm
# 设置桥接之后不能再给eno1配置ip需要转而给 br0 配置ip
networking.bridges.br0.interfaces = [ "eno1" ];
};
}

32
devices/srv1/node2/secrets.yaml
View File

@@ -1,32 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:U+unsiKt9vNo/EXEpLHR0Ny3DxQEwx7a40KmwZDZki7RQEuM,iv:7w90HNM5lfh2VY20AcUEVdu5X2uxqXxR0hARncmMR60=,tag:xIbKc+9SF5LP/tY/XoGYxA==,type:str]
wireguard: ENC[AES256_GCM,data:xoIm26btEBuHjgcIrB8gRHAaEdBq3/E5XtoF0YPxnSHB7k3GWJfAxeL4vrw=,iv:HuOFNUgGROF97beF6C4amspd+NV/2uO6OihNMz23hSY=,tag:YJjFM8mqYOuJEulpVHt8FA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WlJNWmp2VUxpcXR3NE92
TnNuLzg0SVZKdmt1cEVZU2FodXZPdmt6Rm5rClhrbDh3SzFlMU9LVFpEZDFLUGZZ
d2RBTVNCamNBWFVEVW9FMjYxcUE4Rm8KLS0tIHBwYjlMU2tnUTZweDBYcmZXUC9l
OWFUeE9xdldpTUQ3cDFENjU4YUVwSkUKp7yZGpvKMSm6rvsoPbcaqVznL3wzGEXB
OGzrmgY083Gyjb5P/0wPY0ShGMWfWQW6vGchoqVuwr4oHKT3APcrIg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRjBjdGFEMjR6QnQ0a3Nz
c2lmVWE0bFh3amRULytZOVhYS3dkL2JmRVhVClVQalh1WjJqcWcxT3ZXMWduN3Nl
UzdFNXNQUmtaaTVIVVFVYXkyZEFPUncKLS0tIExrTDA0OEJzQklQOHNJZzBJdzJP
MVU1UW9lWFJnSTE2aC9ZL0huYURUK3MK5U4cLWRMm+FFo8ATE/OoAcHzYHFMpOtV
Q5kbq5PDMdp4qvoM3T4kLsB34oU55HjFvac0pilOhNRrz4xRMQgvoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-16T05:04:26Z"
mac: ENC[AES256_GCM,data:JlAgVoTpT6NRT1gvYQre6N8PzHLxbC9z1E42OM40Qs/nhcjYnsRNPiUEvSUClgx+B2G99S/b9R/wQqovBQFtdRDdlCMhz0ZVgLe48ak74EOYn6fwXy37amXP6doW86wS/N2fQeKhyMiJPHurRGamm+jsUUALohx6p1zm47NWL0c=,iv:oQV5be92oyOj0h6IrEY70VfoJYqEFVMtI0PYEALIXfo=,tag:WlH+fTUlPynhupXpBvdl+g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

32
devices/srv1/secrets/munge.key
View File

@@ -1,32 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c0lOZnZXY0ljWCs2aFoz\ncHVQNVJJK3loVEI1amIzYWU3YUJjbWtUa0I0CmJnaUhhT2pEeG1ySGxHOU1LMk5z\nak9RNkxXRkxBelVTYks1TXJuazNjRVEKLS0tIE9JbktPcGFvYWk2NWV1K2J1SXhT\nQVpubWhsUTJ4SWNXTFNvRjQ3aE1kUFEKeuatL0NX6KbvZL3hafjbNPeBFDFBxSOv\no6Jvm9s4/Lp5m6YRVcQyInAoycC+O7GYwfCKVbPNMAamOhDraIoE4w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOEFXV01sRXM5bTc2TGdE\nMWZraktqOUpTSWk0Vk1KNUdqNnVVNWptZkJJCktYMk5jL2ExTTMyY2NOUXdybUNi\nZ2hhTlBtaVZlZ3BDd0xBWTRoKzBJbmcKLS0tIEQyQlByNmtxdUFuQVZ6N3I3Rjdk\ndW1ldlIrZ0lxenZPMVNBcFJDMDM5QncK7p/F1Usnp2OQZ0Mp+cpQBY+ELu5n3UrD\nZN14dzPqnPpoC5nKOzGp7veg8ssH5VCX0xxI8ZJCihKwyJG/FP3pBQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeDhuTkJFclM3dS9wV3Nz\naFdrVS9KSENEMklhdVgxcFpEU2N2ZWVKL0VFCmFVSHhybW9YNU5HVHliL1VVcmNk\nWHpsQTFGMWYvc1loNGVGUm54K0VwYzAKLS0tIEhYOE9nMnk2OFl2dFZRWlNTVTZt\nM2VBaGpTMSs5bzJwMHdJREV5ZzVzbGsKu0al3a6aJ40GbcCH4tF0Va6XgNxXOZmM\n7HXqH6s25dqbKTa8iNpGeaJhjRBzkyLjq1uRtQ9X4vXg9RuRhNYPxQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaHJ6U0hlZGVkWHptby9T\nVk1ONHovUTZKZUFZaW9XZVVoRk9UVWMxUldRCkNacG5FelBQbVZCbWhvSkx2TFJi\nZmd1VXFRODZNWmlGT1hJcUszbTM1Y1kKLS0tIElXRzRsTldKbTV1ZlZLNUJhVWdn\ndnRTMnc0cHpKaC82Z05VYlJ3a3luTm8KNBEKH7yeyzSyCh5D6YYc3Oayie6xDWEl\nyJVZHVmk87fzDtmVSP07KbiWeGur9epHCEjA0et/76+RXObIQQ6XGQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-09-15T11:11:36Z",
"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

87
devices/srv2/default.nix
View File

@@ -1,87 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc"}:/" =
{ mountPoint = "/nix/remote/pc"; hard = false; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs.cuda.capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
};
hardware.gpu.type = "nvidia";
services =
{
sshd = { passwordAuthentication = true; groupBanner = true; };
slurm =
{
enable = true;
master = "srv2-node0";
node =
{
srv2-node0 =
{
name = "n0"; address = "192.168.178.1";
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryGB = 240;
gpus."4090" = 1;
};
srv2-node1 =
{
name = "n1"; address = "192.168.178.2";
cpu = { sockets = 2; cores = 8; threads = 2; };
memoryGB = 80;
gpus = { "3090" = 1; "4090" = 1; };
};
};
partitions =
{
all = [ "srv2-node0" "srv2-node1" ];
n0 = [ "srv2-node0" ];
n1 = [ "srv2-node1" ];
};
defaultPartition = "all";
tui =
{
cpuQueues =
[
{ name = "n0"; mpiThreads = 8; openmpThreads = 5; memoryGB = 216; allocateCpus = 43; }
{ name = "n1"; mpiThreads = 4; openmpThreads = 3; memoryGB = 32; allocateCpus = 12; }
];
gpuQueues =
[
{ name = "all"; gpuIds = [ "4090" "3090" ]; }
{ name = "n0"; gpuIds = [ "4090" ]; }
{ name = "n1"; gpuIds = [ "3090" "4090" ]; }
];
};
};
};
packages.vasp = {};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" "zzn" ];
};
};
}

38
devices/srv2/node0/default.nix
View File

@@ -1,38 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.cluster.nodeType = "master";
hardware.cpus = [ "intel" ];
system =
{
nixpkgs.march = "skylake";
networking =
{
static.eno2 = { ip = "192.168.178.1"; mask = 24; };
wireless = [ "4575G" ];
};
};
services =
{
xray.client =
{
enable = true;
dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
};
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
hpcstat = {};
ollama = {};
};
};
# allow other machine access network by this machine
systemd.network.networks."10-eno2".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

39
devices/srv2/node0/secrets.yaml
View File

@@ -1,39 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
wireguard: ENC[AES256_GCM,data:TEi3LAZA0BaPxeXA1yFMD6fQPRKSndVyAzNycCD/5CYXmNVyO7zv4o23ahg=,iv:tEKFPyuqmpsWf0vDoSaw4Ai6S5DzacZFA4otNgnknxY=,tag:qZJzr/Yyoex2hDfVtT6nYA==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
hpcstat:
key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str]
wireless:
#ENC[AES256_GCM,data:xrg3Wxj/ghbWgg==,iv:6stu7voI5no2Y3YmnMrvTS8hev3eqjoWAyD5zTgyehc=,tag:cxkS7y7S1oM+/SJmlT10fw==,type:comment]
457的5G: ENC[AES256_GCM,data:QjHlyGU4JIYymyh41T+c33T3EOpbqDOoD3U+v6/BzjlWLLeZQXU2hwPCVh4fi2bwn7yNkp4ygAYmFPVPZWoT1A==,iv:Tc6Guzsn5hkjWH6UWSb1KlfWCBXIi2OWdn/wttmCXnQ=,tag:FhyH6JmjSTuqSeFy+GyQhg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T10:44:43Z"
mac: ENC[AES256_GCM,data:6EeWT8IiCGyRdR/9WDoTTM8bBuhzf2LtP1kahCgfvFpU6g5HB+qG5O0eXaL0DMKg7OQJKHIS/wZVaEierVwno0CnP1WR7y9l6Rlab2nVG4YCNkEkwqZgIWFOUi0aZrZQc7WC3rUk1gxiJK38nEa4ebk8oqAbyHyKHsFAeUcMbqA=,iv:oqRLvYsXct+OwcymXslEH4o03vLNeV2eU/4zK8R+gKs=,tag:0d1DYjCGRewUd4aHPIpFSw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

21
devices/srv2/node1/default.nix
View File

@@ -1,21 +0,0 @@
inputs:
{
config =
{
nixos =
{
hardware.cpus = [ "amd" ];
system =
{
nixpkgs.march = "znver3";
networking.static.enp58s0 =
{ ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
};
services.beesd."/".hashTableSizeMB = 64;
};
services.hardware.bolt.enable = true;
boot.initrd.systemd.network.networks."10-enp58s0" = inputs.config.systemd.network.networks."10-enp58s0";
# make slurm sub process to be able to communicate with the master
networking.firewall.trustedInterfaces = [ "enp58s0" ];
};
}

30
devices/srv2/node1/secrets.yaml
View File

@@ -1,30 +0,0 @@
wireguard: ENC[AES256_GCM,data:zfyNpCZ2EhQdsz+/vknjtbT1vMLebil1tarIcxLoUQ3J5XOKTCQBay4jBL8=,iv:tF6I5HHhDMfoGAfrtkmvrlqsSpX9YZL8dtzxAgBCp5c=,tag:DeOFwrIGbwVtf42iO1dm6g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndWFBbXpxRlI3bmc2VFJD
Y2hLK1RobnBYVEd1SXpiYXc5Wk1Ia09UUWgwCjE2WVZySnhXNzBtNGdJak9lbjE4
dEp6NnNQc0dNNDZsb3Z4ek9zVk4xeDAKLS0tIGVLdDBxOVZ2ek1MN0MwTTlwZTh4
T2VSaWx3UkxpZ2d6NC84djNpbGZUYUUKJHx6GZcnJpSoPE0HFvU+B4CsNtrcg8lx
LGaLYmciM87kXY1enOEzDk6px9GX9hFy6/73XBJVrIU0OC/w671vHw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUHUrcnoySm9CcVJCdXRk
YmRzQ25mOFJBQjFtS01VWkxUTUU5WUI5WUdJCktLSFM3ZWl6N3ZUaTVpdWdNU09y
RTFCczNTeHNhYzNmbWtjNTdOMW9ITnMKLS0tIHFNT3JCbFB6K0FodTJrS3FtRGVq
c0I4VUdiZytoQWRsUUhBVStDR2VPT3MKDkDQ3sKJjotYUfoBWF85t3LYtz1OVFws
2IdtJBHISb5j3xnAs/UUHDPzjUUsgb+sTHm9krQy3LDuELNY6KGMPw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-16T05:05:21Z"
mac: ENC[AES256_GCM,data:aPNsWBi4sm4UhX1qpk412eYNCZltKkRMWWgopZw6mjMLSOSb6E1yi8NjRJMj04RpE2XoVCkKP6R5Qo0I95wxY5qZHJuUp/5srqjAf/fHWz1QmXThogaMzM2jue7+NHUSQXrPnh0ZspXD47HyxMUOhlnewZ3EfOw7B5qKAYR1f6I=,iv:mnwtf0B7x5AbMzivg27zqIkhBdkDb5qq8eDBCGMdK0c=,tag:PCtirta++gCSsQsQo+bSmA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

28
devices/srv2/secrets/munge.key
View File

@@ -1,28 +0,0 @@
{
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeDlnOGlTYlY5a2wyaUxo\nSk5uaFVQWTY1Q25ad0NkSTQ2bTZEYU5ibWg4ClpnM1NLbFArUEtndjFGamgwdDBF\nWnNMalNRWWhLL2V3S1RWRHh3MGErUUUKLS0tIGt0MGJ4SzNDTWZNUHM0djFDSjdo\nbDMvbWRDVURzQmVWdGFQeDVWQmN5Q2MKBpbH7QXL1sf0c7ix9yd2r7vEBScixvBM\nom1tHgJmwxhep7DSyvjg/xslag7U2vF69gPrcAlnAndZsLCtsYdvyw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa2Z5V0VPRWhYaXZ3STBa\nMWVsS01CYVBzeHM0T29pUWtQYlVyWCtheFRzCk5JYUpqN1cwWDFwUkZ2Q2xkL3U5\nRlNpMTQ2QTBQZFdYMmJIZjdnOWNjalEKLS0tIEZZREZPVmQxZ25MaHlMZ0VuWExT\nR2dJZ1lWdGt5dWNIM1FyQ2dZV0dlTTQKhUnA3pnoXb18/b/Jzyk0fC6GnmIMmYfl\nVgzCoCDSHNSvW/qUoT22hJfZCMFvIzOHEpmufMHCecZdisUozfWFuQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYnBaYmprYTIySWFnOVhk\nTThHNEptc2luWTFxSTBBMnY1Q1FkQjNBaWlBClFRbWlIdmRRVnZ0TGJVTlhNRHN0\nS1JZZnJLU2xCS3Q4ZTBDWU9ScnBtOEEKLS0tIFNCMmtDd0VJR0JucUJSZHo3dHZl\nWm9ZQ0dOamZvSTNQNW1uWW85TGxRTWMKKm7NdN69Q7F+KcR7u3kTxhQuzikGUdEZ\n8AkowBgHRndxNgdC6wYV1VeqEkDxXqR/430+EQS0jQQrIXpuXkCDkQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-09T07:59:38Z",
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

102
devices/srv3/README.md
View File

@@ -1,102 +0,0 @@
# 定价与配置
售卖两类 kvm 虚拟机。它们都按照需求的内存和硬盘定价。
## 普通虚拟机
* 硬盘每 10 GB 0.056 美元每月;内存每 128 MB 0.044 美元每月。每 1G 内存附带 1 核心 CPU内存不够 1G 的给 1 核心 CPU。
* 例如4C4G/100G 的配置,每月 2 美元。
* 这个价格相当于母鸡价格的 70% 。
* 适合绝大多数轻度负载。不适合的情况包括:
* 硬盘需要禁用 CoW 以获得尽可能高的 IOPS例如较大的、繁忙的数据库例如大型 mastodon/misskey 实例)。
* 希望内存中的数据一直驻留在内存中(而不是被交换到 swap 中)。
* **可能会超售**,但我凭良心保证,当你需要时,仍然可以占满内存和硬盘;长期占满硬盘和内存不算滥用。
* 前期肯定不会超售(笑死,根本没有那么多用户)。
* 永远不会滥售;但后期可能会视情况调整价格。如果涨价,会延迟三个月生效。如果降价则立即生效。
* 万一出现卖超太多了、不够用的情况,我会自掏腰包增加母鸡配置。
* 实现细节:
* 硬盘会使用 raw 格式,放置在启用 CoW 的 btrfs 子卷中;不预先分配,用到时再分配。
* 内存会允许交换到 swap 中,并开启 KSM。
* 限购:
* 每台内存不能超过 8 GB硬盘不能超过 200 GB。有更大的需求请买下一个配置。
* 每个用户只能购买一台。
* 这个限购措施是为了防止有人和我抬杠,花 70% 的价格把整个母鸡买下来。并不是营销手段。合理需求的情况都可以谈。
* 宿主机会自动创建快照,需要时可以回滚到几个小时或几天前的状态。
## 独立虚拟机(资源独立分配)
* 按照母鸡价格的 1 倍定价。也就是:硬盘每 100 GB 0.8 美元每月;每 5G 内存/2 CPU 2.5 美元每月。
* 实现细节:
* 硬盘会使用 raw 格式,放置在禁用 CoW 的 btrfs 子卷中;预先分配所有容量。
* 内存会锁定在物理内存中。
* CPU 会隔离/锁定在物理 CPU 上。
* 宿主机不会创建硬盘的快照。
* 两类资源可以混合购买。比如可以硬盘按照独立虚拟机的价格购买,内存/CPU 按照普通虚拟机的价格购买。
## 其它细节
* 无论哪个方案,硬盘/内存长时间占满都不算滥用。对于第一个方案CPU 是共享的,请不要长时间占满。
* 暂不限制带宽,合理使用即可。
* 默认共享 IPv4支持端口转发详见下文说明。独立的 IPv4 每个每月 2 美元。
独立的 IPv6 免费,但暂不支持(技术上没有准备好,如果有人有需要我就去准备)。
* 只卖朋友和朋友的朋友(总之得有人保证别拿去做坏事)。
若此定价对您来说仍然难以接受,可以联系我,打五折或者免费。
* 此价格有效期三个月2025-05-17 至 2025-08-17
05-17 前免费08-17 后定价会视情况调整(例如将流量计入收费项目,内存部分相应降价),在那之前会公布新的定价。
* 预计收入无法覆盖成本。如果某个月的收入高于成本,承诺会将多出的部分捐出去。
* 非 kvm 虚拟机的服务(例如,只跑一个 docker 容器,只跑某一个服务)定价私聊,大致上是上方价格再加上我的工作成本(事少的免费,事多的就要实收了)。
* 配置随时可以调整。所以按照自己这个月够用的来就行,不需要为未来留余量。但每次调整都需要重启虚拟机。
* 母鸡价格 40 美元每月,配置在下方列出。
* 机房: LAX3 IPsrv3.chn.moe
* CPU: Intel® Xeon E5-2650L v3 (12 Cores 24 Threads)
* Memory: 64GB ECC DDR4
* Storage: 1TB NVMe (可加8 美元/TB另有 NFS 3 美元/TB)
* Network: 1Gbps, 1x IPv4 (可加2 美元/IPv4), 8TB/month
# 操作
我不提供网页端的控制面板(因为懒得搞,要是有人想替我搞的话那就提供)。
在确认购买后,我会给你一个 VNC 端口和密码。虚拟机会首先启动到 netboot.xyz你需要登陆 VNC 选择自己喜欢的发行版并安装。
安装好系统之后VNC 连接仍然可以使用,你可以使用它来重装系统等。如果你担心安全性,也可以告知我,将它关闭。
此外我还可以提供一个宿主机的账户SSH 连接),用于强制重启虚拟机等(会做好权限的分隔的)。若有需要请告知我。
# 共享 IP
支持多种转发策略。
* TCP/UDP 端口转发,就是最普通的转发。
这个方法只有一个坏处,就是多个虚拟机不能共享同一个公网 IP 的同一个端口。
这导致用户在访问时往往需要明确端口号而不能使用默认端口(因为默认端口已经被占用了),
例如需要使用 https://srv3.chn.moe:4321 而不是 https://srv3.chn.moe。
建议不面向普通用户的服务使用这个方法例如sshcoturn
* 利用 Nginx根据一些信息分流再转发给虚拟机。这可以做到多个虚拟机共享同一个端口但也有缺陷。具体来说它有很多种方法
* 依据 SNI 分流,并透明代理到虚拟机。
这个办法的缺点是,只支持 TLS 连接(例如 https同时服务端看到的用户侧端口会变化通常情况下不影响什么
只要这两个缺点不是问题,就建议用这个方法。
* 依据 SNI 分流并使用代理协议proxy protocol转发给虚拟机。
相比于上一个方法,这个方法可以正确传递用户侧端口号,但需要虚拟机的服务端支持 proxy protocol。
* Nginx 依据 http 的 host 头分流,再发给虚拟机。
这个方法的缺点有很多,例如我需要修改你的域名的 DNS用来申请证书母鸡到虚拟机的连接不加密只支持 http/https等。
这个方法唯一的好处是,如果你不会配置 nginx可以在宿主机上配置好虚拟机只要跑后端的服务就行了。
* 别转发了,直接在宿主机上处理。例如 80 到 443 的跳转。以及如果你想要 host 一个小的、不常改动的静态网站,等。
# 杂项
**如何调整虚拟机启动顺序(重启到 iso 而不是硬盘)?**
先重启虚拟机,然后马上连接 VNC可以看到“Tiano Core”的提示。这个提示只会停留 15 秒,所以重启虚拟机后要迅速连接 VNC。
在这个界面按 ESC 就可以进入虚拟机的 BIOS在这里可以修改虚拟机的一些设置就像实体机的 BIOS 那样)。
如果只是想临时从 ISO 启动可以在这里选择“Boot Manager”然后选择带 “CDROM” 那一项就可以了。
**如何调整硬盘大小?**
* 扩容:你需要在扩容**后**将分区和文件系统调整大(占用虚拟磁盘在末尾新增的空间)。
* 缩容:你需要在缩容**前**将分区和文件系统调整小(在虚拟磁盘的末尾预留出要缩容的空间)。
这些事情都最好你自己来做。我可以尝试帮忙,但不保证数据安全。
**如何强制重启虚拟机/关机后如何开机?**
登陆宿主机后,使用 `vm` 命令,不加任何参数,即可看到提示,按提示操作。

108
devices/srv3/default.nix
View File

@@ -1,108 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/srv3-boot" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/dev/mapper/swap" ];
rollingRootfs = {};
};
nixpkgs.march = "haswell";
initrd.sshd = {};
networking.static.eno1 =
{
ip = "23.135.236.216";
mask = 24;
gateway = "23.135.236.1";
dns = "8.8.8.8";
};
};
hardware.cpus = [ "intel" ];
services =
{
beesd."/" = { hashTableSizeMB = 128; threads = 4;};
sshd = {};
nixvirt.instance =
{
alikia =
{
hardware = { memoryMB = 1024; cpus = 1; };
network = { address = 2; portForward.tcp = [{ host = 5689; guest = 22; }]; };
};
pen =
{
hardware = { memoryMB = 512; cpus = 1; };
network =
{
address = 3;
portForward =
{
tcp =
[
{ host = 5690; guest = 22; }
{ host = 5691; guest = 80; }
{ host = 5692; guest = 443; }
{ host = 22000; guest = 22000; }
];
udp = [{ host = 22000; guest = 22000; }];
web = [ "natsume.nohost.me" ];
};
};
};
test =
{
owner = "chn";
hardware = { memoryMB = 512; cpus = 1; };
network =
{
address = 4;
vnc.openFirewall = false;
portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
};
};
reonokiy =
{
hardware = { memoryMB = 4 * 1024; cpus = 4; };
network = { address = 5; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
};
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden.enable = true;
photoprism.enable = true;
nextcloud = {};
freshrss.enable = true;
send = {};
huginn = {};
httpapi.enable = true;
gitea = { enable = true; ssh = {}; };
grafana = {};
fail2ban = {};
xray.server.serverName = "xserver.srv3.chn.moe";
docker = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
open-webui.ollamaHost = "192.168.83.3";
};
user.users = [ "chn" "aleksana" "alikia" "pen" "reonokiy" ];
};
# TODO: use a generic way
boot.initrd.systemd.network.networks."10-eno1" = inputs.config.systemd.network.networks."10-eno1";
};
}

150
devices/srv3/secrets.yaml
View File

@@ -1,150 +0,0 @@
wireguard: ENC[AES256_GCM,data:Coe4iIEnJVDb4a9KUVTRkXl4kng5Zo6x1Iyr0ErgR2b9bN287mvO6jPUPSc=,iv:fiNUUKobJjitcoxBemIah5Cl5+dSz2Q7sbiOT8bDrRM=,tag:rHfNeRGTxnyVYAu8P/2ewA==,type:str]
nixvirt:
alikia: ENC[AES256_GCM,data:sP3sWN0RrBU=,iv:TetUcaxsRXl0QsGAyXbVUAW12AXjChVN1/X+ku+3nO4=,tag:kBupoPqVlwHuCnwVdBJBKQ==,type:str]
pen: ENC[AES256_GCM,data:okvzUul3UXk=,iv:hcBhsUMP8jdhhKuKdHD1lZi8ixNAC729HfMQ79UzyNk=,tag:SRRav39ScHn0O/sf86CIOw==,type:str]
test: ENC[AES256_GCM,data:MYlMmzgbW9c=,iv:q1qPAwFTh0fj2IHBIlnrOMbTU2BnwIYzOFUHVqWCY/Q=,tag:Mb2bJJemg/LxpKI5whNvQw==,type:str]
reonokiy: ENC[AES256_GCM,data:J/ZM0Vavmnk=,iv:ZT1cMF/JWLWmXyBx331XkBQerOhLJeOd0a53jcSC4S4=,tag:/WCwzOg5LlAS5ZaiI5DSIw==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:cek6iIlJXgU191uzq44rTw==,iv:r7aMj5UzH1sbKkxvS8oyw6kpIcpRygD4ype8qkmnNa0=,tag:x2jWZnnFCO0sHj/OS2BQbA==,type:str]
led: ENC[AES256_GCM,data:JiCmbknE,iv:Z2RFOWIPUk2jaR6qd4PgRb7LwwHSKNapPQq996Mx+yI=,tag:mq6Vtwjw31DKig3Dl4xU+w==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:+wEclSJGMLBMt7Ss2fMlUgq5kRyNiOheQnRvVtbW47eG2mFODBaw04Qftb80aaSE6YpCTNslBGdIjcpIC7FTUA==,iv:6Caod/1AnUxEEC7ZwVrtDZ1kP6Qu50R+9I3eda/p0pk=,tag:/EYXZ6yl3QupVrzIHQMdbA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:nCrH0B3A5B6yMAgTd5TA56PKqJUxwtHeS6BvuUseyKAVbqH581TGsO80mNQ0AJRjviw5o3ftTay79nJnmGld6Q==,iv:fhGcgbpNBo9yUpFDWtuzMos2iPhMdWyc88S0fZDxGao=,tag:QIZ72z5VBqd5pFgaEvMTZg==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:WS+SVmxYs3cNc/+sJQLNYDO0ZkZvmqzW9hCGdDae/N06KGicgiGOKV8LDe1UviGGGzXzB5VG0YvAprEGhUURcQ==,iv:6Ur9FL2+RzU4tfK2V4TaaCpempS1JSSMHz6ebg3mp7c=,tag:qCNqJ3SauPdpxo3f4NVg2g==,type:str]
nextcloud: ENC[AES256_GCM,data:pwxtefU7CjTxyogcpPpvQxvdnYIpggaBHZ+/PaT9lhVfvFcNtBBZ1eeOGbUXMZc7BnkFAUDVTVjr5KV75CeX6Q==,iv:65K3PsNfesaAJ7rSRI66o5UEM3SW5KdUnGc4h9WMkUE=,tag:e2nx9vTlkGekvhm8lYsMkg==,type:str]
send: ENC[AES256_GCM,data:QCfqbGYuBrlwfuHiSsZIZ1OBVnSO9QjhlPWGVRysKbQK+As/RGbJ5QYtPOyKfRg2L1d5Irfu1aGRoVrzpA8O1Q==,iv:MWzJP+JBwf131X030MnzNKMJ3d4Fq/GtbHpuan4N53Y=,tag:z29HS/FQXTvgN1e1HZFJkg==,type:str]
synapse-synapse: ENC[AES256_GCM,data:C6eXXK6SvMmvIa8dVjttorYBScC1SfILqXPMYDCpewVyJCUFzQK3NB8KUz9TMov4P5n+Lm5YItjrUgnhNJA5jQ==,iv:ziJ5JK/+M9d+R6/O/4hQy5DPBw/4XSZVQvIcy55aHRY=,tag:nv0rre2/kyhKu4C5JSE5dg==,type:str]
synapse-matrix: ENC[AES256_GCM,data:E72t568kxMjz+x+nC0kIJJFfgt6njlW8Wx6RuqnI736vW7IaA7scNVQ03lXpqZlKS1M7wUhb1QRPowJxNjSK7A==,iv:5qGHIWb7XXrnbjPQVWt+EcX/yDEV4Ny+TIo5OaRHwOk=,tag:O+SQBmZ7xpToSJYmcSCRWA==,type:str]
peertube: ENC[AES256_GCM,data:lxf5JtlGfDsYY2kzqaas8zPmS3u7Xch6onLVe2yoQZL6Eeb94V8yncqezGFcsGv1k3Xfr4ncoEraupO3RtKYSw==,iv:VM3SAORs2Ol/WKYCffLlHNPAzA37Kp2fgToM1faS7Ew=,tag:gwI80Kn00QOU+9vRsUKchQ==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:BUHwrGGcniD/7+hSHkXegopgG1bRGSt+OXJxKdMOEyeawAkG96af+njJ+WgcZ6KAzQdWtqJATdiTOxpznkvKfA==,iv:9hF/jcGyWFNPzzqVyaVXEabeaGDE92bpVYq1oxvQGOY=,tag:nZObCyAfuMr+B+rlUhCMMA==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:saLuu3wFcqRW2yNF9aZZ4zc6njm6pqqcUUqRTbijXELvZwMy+G+OMKuvgsh71NLDJiNDZdOBAOdUUXlC+okBFQ==,iv:kcHjlpndXENhASkenLN8fNLJjHmcuLN+i7+a+fLjxyU=,tag:Sbr74hl4GsCts2Diw8veRw==,type:str]
synapse_synapse: ENC[AES256_GCM,data:NfXD6BHV9za79NW1kLvJjdOLeHjtcrzx9O9W65jgHYneEmUNKO1nuBgs3PrI8tkBPkmn55UdC+4v2WFjHWXrkQ==,iv:YdF0liKfIBT3CHCr1ufguu9qqYpfXfjOhJY5BO79orE=,tag:OWyN3Zh6uvm10LmCBipJ4w==,type:str]
vaultwarden: ENC[AES256_GCM,data:4thZ0nGnbprVntYH2wG2PAgAJcAYuexQPOJBSpC1ivQgNbmn89L5pSANx5fvYewa834mlqSWHWeSqIw/81tDqg==,iv:d6gARu6yGzALNZrgpvaxWqM1cdkalA17GZ4EVWHqYUc=,tag:guYaW+Ds1TylCLw/naD2mA==,type:str]
nextcloud: ENC[AES256_GCM,data:jeJSAF+oeEXL2BqKbzngnSVvpxE5yuzRq2LLu6EyKT76xHP/whP7QuRxns23dsJnUr55qaRUzDunvoFco8MCZw==,iv:0lxolTDXskNvrVEAC4dV/mIgCMi3B0xH+xVT40Brii0=,tag:YvUtW172rmKK6pY/+4WhXQ==,type:str]
gitea: ENC[AES256_GCM,data:D+WDCVPTAcOg/gpxlcaNHFVHBC8uKOs5VZKQYuF0qNZQn0H0dWQS89K3DsgjBKck7ugiZOyXKUHISBVrfBn+VQ==,iv:qkahWBx8q1g6wlzXKM5Bl1PqxwkprCZzzCq1vGWaj7E=,tag:hWX9jF2qx60QrOForU7LLw==,type:str]
grafana: ENC[AES256_GCM,data:Hm92Qnz5QVWwk6P61vrnnxDFLtdVx2vOMKwy3sRSv+KDnNSYvRNyLQUkyuf7Nh0S167XgAxDPTZQb9k6AjO36g==,iv:oXmfVDr63NGv4rRBb12V9l9dNXxQK7Se/2fbK40d2a0=,tag:DNeeRwEShxUhowkIfr1feg==,type:str]
synapse_matrix: ENC[AES256_GCM,data:HdhB5WAxBa+BaFBVoIo6RwhOxhN5WrTLR11kah9H1sBS5GDPldDw0H274faWFwE/UwXO2ggBEAYvACXr/rXkvQ==,iv:NxOsZqxsP9BSgdlW43AuQGw0VjSGx77wygjdDcINf8s=,tag:CtbG4zcXG2QFFP4dGgOxzg==,type:str]
peertube: ENC[AES256_GCM,data:6P8muSWzJ+A71nZZKlCXRCRwr1HWu7yrSw5bkeHg5As917frrbOMmDCpf21H0q+eagx/ZrRIWod2JXc2YGKCfg==,iv:G/zZeYbDCHffACCvhJlKlJ1cUCkw0+raq5G1ubqIRAg=,tag:HeQA3ueNo/t+8JR9jVUUPQ==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:3nQdmn5RAaeqeI7S/0gPUGOzt7rkizpk3Ouz+pXwbqKBpikXKm4amvwg1Q==,iv:sze0u8un0xyumqHj0YeKcBD9xKZRW77rQdQn7auIf8I=,tag:bWqg+/pBaQJ2J3hjx05hlw==,type:str]
youtube-key: ENC[AES256_GCM,data:NZPG5iYrkOof+L3SKp9SqXmXOt37hvqCxTTibkzXv5TBPcCjPhCe,iv:Re6966w0oRtvHDCt9eYvswDMLNKcM+stIAA+P1qpWbg=,tag:0jNqPlGoXr0bHGMgHUZXCA==,type:str]
youtube-client-id: ENC[AES256_GCM,data:7BOIrxA5FIUo/31p3yqrLJKJhV9IUB25//w343eBoAnr3uD6J9zeLO3nIQv99vItioqFA1RmygCeer9pG7j/FI/MmmT8nGzPcw==,iv:mzKY2XghoXhKTTkO6EiG+ZJFsM39TX6UXJbzh0UA7vc=,tag:w7oiCvURV8yFxxoFR2P/jw==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:JCyNb9biROLSx0RHkr0FqZ26nhU/LRBEnzfx91mmq+Ux0/A=,iv:fEMmanWtWaKBVUJVIeMSu+XV3v8xeccDY3DTJr4LOsk=,tag:bT+XedAZu94h053/1zr7Ow==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:TXNvLTfF4K5RT4D0anzXds/fcdPy3FXddGt5xxLIaxbKIqCAtsQyLEhA+SfQXaBk6T/yKIhtd/H/BLu1jOkiZsFL/8i5GSRSIXyagFrCfh/7tEqhCB0u52Hz5Xy4pkZiqd/AXx84Og==,iv:s+q2ffpJP/rcKu/Pw4KosM5/7boFPArJxgbqL0f1ZkI=,tag:chUtPpJbYuhjv09lRdXHMw==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:scLoap0kDJW8Q9+h9S/JKYafyCUgx75RV7akHY/BYEmFhRNRq5Z2Lg==,iv:GhP3nyaK18PDcoHc18zhuuPAPnfEWgUagBrZNDY3toQ=,tag:qsE2rIgrmlxBW8D3i10KUw==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:fdAX5CpbJZv3fxRdA5SpFwNUZ0jYgYuv8SyKfbJzm5toQ8S5TrQ9WnQk6Jwweqmg3VDRD5l6l/irGsRlLdjt3p7fyAJy0wtzY0jD1xGw8XhdKWevMTysg1YQcMijkJSI0oHpofis975M6EDjcURPWwlR6GqW6POOpMep97siOxiNyBi32TbZHqvIWa1YfyuMcngYMEsShpzWAZCCvLYXoBINXebG1JPHU2xua7EHMO+VH7UFNVCyBYmOw4iXBJ4YFaXqxjQTBza4GDDZ/RVBvO5Egdjovjpj1DR/hOEG4xJHpg6xTsFw,iv:WQTVuovkZjzuu5w743GkMcWqu2p7dmPr9sKHemkbxG4=,tag:eszbpreVfC4LtxnRte241Q==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:ssemzXs7ub4z7pw4hWGSfzBfKH/xzv8bhtqC1dDbZJCnwZ4D4/U9ES9QDrPeKT5AjbdLV/WBvJqWKcwTQjGnRhMrgK2MU2/8Et61mur5WE5GPQjwhWV5JaTMhSxKS3pZtpyvIgy+0iwOj8QQS6mbujHnpb/y0fhszlmUQPBL4eIxm269/FyjBLeRivrJvSmMpLQxxwh2/GTojMPH2F3bclsdMHgZhvYGdJ65hSWn2Q==,iv:PffeWFhC+dYkLSDQKuIHRRDjqE7By/ZIuZIhkjCGDig=,tag:p4iJwqLfqkiKOi/KnoyfQA==,type:str]
mail:
bot: ENC[AES256_GCM,data:XngvO9b98ccRoW9WgfX/Pg==,iv:SE8SK49zhYhDxl6f2UonCzTPcKg23CzbI5V/fOh5zOA=,tag:IXGwnSU+Vx0BQxjgvyBnCQ==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:TQqNzjJV8iM46JZQOKqkydkSrDFH2El4EE1ZCjUPpZ6EM7UHfjjxP536sm7c7adxIZzrj2TlzKufhlGFYfZ8xQ==,iv:OVguyW8sQzfczVHMaMTg6+J0wzTzeTb2zZkXnMEZ4Jk=,tag:dYLMU2bHyg/IR1oyujsoRQ==,type:str]
registration: ENC[AES256_GCM,data:MXlRld2ugF3qDVPbrd3TGiwdFhJEcxKDsvmEV4P9Qap/zp1WcMzfo+wAeXtq18MV7Fw=,iv:ztN6q+1ql9b4NMiyuDEmWbnpWeOPmbEftymMDQ3C53M=,tag:+BI9t1jSNNcfrIU6AaDOXw==,type:str]
macaroon: ENC[AES256_GCM,data:hVkFqtfaOL64qNGjIfmSORm0D8lOvA/H3Mrm11Glrgy11ACjh+zI1CSglQC0SmaKSP0=,iv:ydNz3kXOelPxSFKshjH9+iYw4OItm6QoNGuks8kSDow=,tag:TCHyMXc+gT+fxVyd7HexMQ==,type:str]
form: ENC[AES256_GCM,data:lykxrVPMWz1sBk5GoMRHfHhsVxcT7txvLJ9GM48Jyff5HXh1z4IWuZzOu8HkrELkJrA=,iv:QGV8vqor+wByS9z37sF/iPfrNaL/0jU/yUGiphEl4Fw=,tag:Mg/Oz5hI+oDnp58aQF6Rew==,type:str]
signing-key: ENC[AES256_GCM,data:Ov+ly2t3abRunse65ccPpQgqKzDrF8B2wMaCJt3Bxa+QDu6WwD8DD4E+pcQK5/HaTdsQte8Z/3f2Kw==,iv:SSMjSTrhgHt6iz+oyHe0sHm3Eb82ks5z8DR1Puc1raE=,tag:9X+T4n/6Vl4tUbVM0LJySA==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:BmnF4oyUdbESzOwlqQ5SXYgeUnWgyFE0pdBox33JmaMcOvRPtckD9p38UeMTxp8Pccarmx6f83rdHsifeoiWaw==,iv:1bb3Tn67HTHVNR9ohH1HtqS8wh6t7qtTEl5MNbwn7h8=,tag:xlxMZtqew4pTc9ztY74cHg==,type:str]
registration: ENC[AES256_GCM,data:LB5tWjoAsftqszYZGOXtqLFXa0HyU1b6lVUrBup5SJJdB2ZOnPsNtcgEkZLtMUlQ//M=,iv:jvLEwPv4iKuKfOPV08sPb9Z2XMnN+074DCQX+ARDPf4=,tag:4QxCLcOSQ30dU2Z+0OzGYg==,type:str]
macaroon: ENC[AES256_GCM,data:JSlovYowIe0C2jEFsIJci6+M1GYgbINdp0XkY58oOk1/ztyMnABSXcgZ73pEpLeUCvY=,iv:r2d5COTXL3gz9pb4GxuFQjM5DHsmwAfDy/eqlZyZJoM=,tag:yRn/OBcy1IqMvJQYD9sA6Q==,type:str]
form: ENC[AES256_GCM,data:sN24Yj5miXmUsvEmeSDOxFJxAetQdEJw+kEPNq+iMXyEexqEgoYBseH6kbFZwZAVrBo=,iv:ZtRkme3U1ofUBzT2J9SeRov1+rN5CrSi/ExKX7S5DNY=,tag:gGj8l5JXlzX+2sdHsLfQAg==,type:str]
signing-key: ENC[AES256_GCM,data:nmP8lwTAYGHc0LYcEj2AJE1XwSJBfA/NK+K6/0KGsufxwS1VhCXUWX9s3oEUPwuteTGZesaDVep1Qg==,iv:NcJEhlz6WgorViN2oiUG7kLy8N5kUzr5cD7Z4PRGdTg=,tag:WiWhIKaE5UQwEXunUokaNQ==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:rD0YOnSNf23ZjJhRWWia3+Zbpl6/cynCKlQQFhzaWIclHBk7YU3Z4E9J+YuWzlO8BM0bbp+zMxFGEFvbMrSHEHQ=,iv:PzQOCpSrjFb/aYn70oKrpb3jDy8rtZKPkLQ8qv0GMyE=,tag:wRfa4oHzAKD3BNYghIjZKA==,type:comment]
admin_token: ENC[AES256_GCM,data:oEIaHRqRIVQh+lSv+4p6G26bIKCtAQiw3t/C24C465THrwVa05D2Sax1IZ1JaHKgOmLzo8vxteBmJarARyC4kAnw2vb5bDPT1KCO/6u99mXhQyF3NY3FjmDwWHqTHHZT29dwAmtdFRz7rJQowLVqhBVQzNePdQ==,iv:QVAZ9JwwebqD7zxS8+Ai3K5V60bQbe+ewDc+JBXDMuM=,tag:vUYNlVf7ccooiBIXQWQC0g==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:JWeUPE1mb79IzyIsJime2yaBH+/yno2vbXAXO5E6Tx+al7bUlEH5JzYqz8+g8Jkiz3HhRNI4tcGUcVE7kkLgfA==,iv:ZJlIUGbEL/mGLWzjNEwgvzuzZZZrTy5D7e0eZ5+Ouvg=,tag:WY7/sUd2p2viKKDKsj1TLg==,type:str]
freshrss: ENC[AES256_GCM,data:/qt890Ly7zvuZB4Zn5xHLflc3L6Ex9JDa1BAinbG7OOkPGpnC83g8ivaQA3xL/CU1FRsm9V1OW4Bv2eN7VDhrQ==,iv:xQG5j3e4C7HWGct6gAET9uVUhGFv0BYVMLdL/1sj664=,tag:YaqjUNk7ybjfitrRpreQwQ==,type:str]
huginn: ENC[AES256_GCM,data:vbXI6k3IvTDgQNtKNX9VVJmanO6l+mLoOTq6djEuKfSQAO5UKMq9Xec2rsAibq4reKh503C4too3n2GU1Wo+FA==,iv:rSHmytVa2QWiZ1HH+8AOTOgimYcmPwo4fXgSSq7o+fQ=,tag:5DkdG0TarAs3cSsgPfFNJw==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:X9af31Z4xGu8XJjMfsf3+whEdx96KHMyfJKO+5Q4q1nlnZD+cLjO8Lza2soO1fFndXcowRYsReUAzmXjH8Ffvg==,iv:LmH+JDA3YwydSNr8KbePPDga5ukGFol/BGrHNOZUxPg=,tag:T2HbUNcHnYD5c3GR5rnRmA==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:mhTb6UPo3fIGlKPpER+Lcr2Jyv1nMk5jbQtxoN4txGJAFaJIhK+iAiZDZXBtOiysYqatcC2orJdgt9je8BAVWQ==,iv:G/uDlOGUt/F1GgxpIMGvVuFjcagVnHBudSGXZi3rrXY=,tag:hdE3Pf3G/xrnKaUkYO1WsA==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:Z4UmsXv1KiVfZMIQOEHH,iv:pF5lQLggkxm9y7taDVcp366JKp8U+8akNEdPA+Nf9Uo=,tag:0TajgUI/VgM3FxG1j6c/jA==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:JDN913i+zf6+obWxrNAbgx1NJGPyewRm,iv:lqnjbSk46J0ZJN6ccbbiCiOK92W8fj2mWRwQHKqy2dc=,tag:UYZesryRlfAMo7xhKQ7zgw==,type:str]
grafana:
secret: ENC[AES256_GCM,data:1Wfq8QmhzKBObdktheFPySzXYlOJzHWbYYQXgn3beLOwSlW9f7bUn+wIrRoj1e8WlFJkAU2xywzjzzy/UwpSYA==,iv:/0YoHTs54O+cT6VVt1U5CYXr2qEdY2kijOlnMZMW4d0=,tag:SD/IELlcgfS7p9NBEa6D/g==,type:str]
chn: ENC[AES256_GCM,data:8R92k7RH1491u6lfQdM0U3SG8TPi3vWhZyj810XSjnA=,iv:8v6ijLHgoTPT6MGoP/lWB+UEZCCgOpvfskWCJJ63Udo=,tag:k9SHzJ9d54Rny3n8EbksOw==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:RIih,iv:1KQsPDpbG1A0NFT72tO6sSuQ84vfW07DST+/XzpNZvY=,tag:D3AHUPlCJGyVBbDalTHobQ==,type:comment]
user0: ENC[AES256_GCM,data:n6gIZGYdT6wEfKgizFvIE802AkpR8BpSPSZrQ5WP/aZWzLUL,iv:AxnwFOzmIRm3nTLpi8/4lkv+TjO4y4RZQtHO0GriD8o=,tag:nllDCaLZd6JNS2JqwvgVyg==,type:str]
#ENC[AES256_GCM,data:uhAauqQ1oQ==,iv:0Sr6YjarjkLmBq5H1ELb3SYBzrTVhqIE6qPxc9HYeKY=,tag:NvGGSY99Y7d3OTnpOr2p2g==,type:comment]
user1: ENC[AES256_GCM,data:EcEySx/n52rN5REPEWNjCuWywokvOetadbljqPpDPADTeeSk,iv:7r3CdvHJT1iZvx1Xn53It1ZxIkdLVIeQ+Q03zISm94k=,tag:8cIGZUlIhVgRc2FeU931kQ==,type:str]
#ENC[AES256_GCM,data:qbXmxTn+Mwk3zw==,iv:8F/0ELOwXMrKaigfRmwvGREujqNwM6XjIeaPyr6JS5U=,tag:PF/PAQCwzH7uOj+xgM0rKw==,type:comment]
user2: ENC[AES256_GCM,data:cA2oKqGsKuZyydMQspbSrWqsQIAde/VtGIPybC2gr3Bg355H,iv:YOj+6f6YR3Ze3x5IrqdqzXp9e3v1jdAu8re1Is6Q4eQ=,tag:n/CV6+PX/y+okpJwRraSDA==,type:str]
#ENC[AES256_GCM,data:VcLtO+6YWg==,iv:TWM3IY00V+LaJzk+E8ji/v7Ol4TCvSP/FHzFsV5MGIE=,tag:CijsW2O/AKpWgQUm6ipPeg==,type:comment]
user3: ENC[AES256_GCM,data:F3HK6znDEsN8UO7B9vBs03jyjqoQ+MGCcNJuOeglSBzLD2Hy,iv:TKBRe8Qmn9DL4AEilX20YcKbz6bydKsQUuUd5lyM2jE=,tag:nAyrTD4zkJ6CjLuj29zuJQ==,type:str]
#ENC[AES256_GCM,data:UFE3pg02VA==,iv:thT5OYPIHLIjKB7uiAk5vff8rtsgwncdo+U0KmW3uTE=,tag:qGWmSsI1mzg8ZbpunxBuyw==,type:comment]
user4: ENC[AES256_GCM,data:FYMQFFTCue+umBl5OwJvlZ+NyocsRbkycr+y1L6d6LPdR9px,iv:ZX9Z0dqmBvvXlz+oEYd7vQ5rW5lvmlc+bneDguQld30=,tag:y3d7aDWOtO0T3Yf5pGnffQ==,type:str]
#ENC[AES256_GCM,data:KuuPQQ==,iv:LGGqLFV4CnUMLWaNbHj6bRseetvdMdSOefV1FeYlJSA=,tag:wXlqKM2BuoMRZAwYbv5eOg==,type:comment]
user5: ENC[AES256_GCM,data:T5p0POx9Cnqdlp0blEYvAnRNIDOCNVdpOBR4rVQ1/07/rOCX,iv:EZx6ToeORzHoG+aEPi9oiTcwp4bOIAJpPUvemhYM96Q=,tag:aSS+RY5rEzr62mbE+JDanw==,type:str]
#ENC[AES256_GCM,data:tmlMaaDT4Q==,iv:zDBCjdBioiXGbJve03VcwCt81hiFxyKqql9rp6zW25g=,tag:cxedo8U2FICH5yMoPXwQMg==,type:comment]
user6: ENC[AES256_GCM,data:LzYfIXgZP0q9FpxDM6skSTiwOxEO+N5wuFq86KAazqe8zS/h,iv:Jh7bWMVr5U69L1uARLMUciWvv/aRjJJeEXvU5bo8e3A=,tag:PxesHErVSlkbuNeeRpQfEA==,type:str]
#ENC[AES256_GCM,data:boB2Ug==,iv:echGnXhoj2wX7GDj302nbirmzQFCqql2jtY0JaNyla4=,tag:7YnhNwCFZ9rOstanr0wGcw==,type:comment]
user7: ENC[AES256_GCM,data:s1O6GRn/9T9DWKlcXJTnOoAPZnPgHGBpZZcEDAKRtiYAI/5p,iv:JyaGsolN5WgQekPYxJiJbniuxLPf3+elHHbd3+ZrLtc=,tag:32wNUTqyyaKoPRQdB4U0SA==,type:str]
#ENC[AES256_GCM,data:cvG7WQcnwj+u9A==,iv:ui40+u9yE/Prksmiqed1NjuHyNP2RGtgSMazfI8ultc=,tag:he2F4i71Z8gFdW3fmRdhUA==,type:comment]
user8: ENC[AES256_GCM,data:roCYRvszJo7weozfIRoGgUhIs1f2a5/a2d1b/Iy6WEbbehOS,iv:tcOsL0SE4qMRPZIGOlzRIaMJvcapx2H9HK4D8qmSbIs=,tag:Z0skFdgtpjSR7jli3dwd5A==,type:str]
#ENC[AES256_GCM,data:IFXAXr0RVg/DCA==,iv:pKdnsUFX4XXJIZleA71fAfua1ibSa/2tgjdqnhbt/Rg=,tag:2Fv397j/uJDFZ/uvBxtrQw==,type:comment]
user9: ENC[AES256_GCM,data:5HP+OVmf+dsS8sDHakC7Yx1HVutMoTbITONHQiSvHw+17M9J,iv:TYDf7lx04pHohbGBbPJvOAoIGUKqil59k4Pt405/9kA=,tag:HUxT/uSR8sYCXQ8uX69Fqg==,type:str]
#ENC[AES256_GCM,data:7TJeKZM=,iv:FKcgDOtV417n1xmufqB3WENrbZ0V93sI5/XhiDYouMw=,tag:TchW2jgxZAXHvvMYY089dA==,type:comment]
user10: ENC[AES256_GCM,data:+u1KwJo3Y4enFM2RVr379GF7O6r9bWofUEZ2994IIC+Ce2NV,iv:ssKA5y3JM4tm+JdVznQFUAYmlrHaWd8hQXs6R/aEXN8=,tag:Q5uuM1sBZJRYBe4XXTL3ZQ==,type:str]
#ENC[AES256_GCM,data:O3qEWI+vFA==,iv:R7HLFRNszV6yXwciNfk/rTbDQYLmKsTCQFCfWIpJdfY=,tag:DjuM2a48/lDF11aLIf3Fgw==,type:comment]
user11: ENC[AES256_GCM,data:4HDGJq9nl8oGeQEo0XBEUiJweAaZ9yWc9Ib1TM91Djj2jH8d,iv:1i9/bZhHkhc8dP9Pg4gIRnCms61AP9VYxAG4acV3gpQ=,tag:vID9DEXZu3wGbXDqsLVEAg==,type:str]
#ENC[AES256_GCM,data:CdJubErTSg==,iv:UKn0lvbCzJnE241Tg3yjSx4xZNbp5sa/NfgIlRNU5z8=,tag:6FMGY6hbMQQFoN31z4e4uw==,type:comment]
user12: ENC[AES256_GCM,data:U+ynUYI+l6McI9oWF4PNiLUwvNowdseZ5gO8o73cX8MsXS2+,iv:r0KIBXczRkubZqyM/LUBPp/x9Zb/rvDJIKGGKkR3EfY=,tag:yn7806HD7ei57UtpuPjlkg==,type:str]
#ENC[AES256_GCM,data:3trgclrgDXhKUg==,iv:qyLmCBaB5ql950diUj7YlPi6P3a0hYH8adADEI0AGrU=,tag:Oleq79giA9/gYBO8Carznw==,type:comment]
user13: ENC[AES256_GCM,data:M6JXRrqnKrdihAA1aUg9zzJfhCK5TLLRf4wZkemnlHyaXnLL,iv:OA6i+BGYTr9gILE3jzFILLZvPRZeAvmSbXEStihN3aw=,tag:WcpTKRC8crDhzKHcxjtICQ==,type:str]
#ENC[AES256_GCM,data:VryB1AM=,iv:6FdWfpQ53bdpkXZ22gpy8GxKb1X7bak0K/Oa56mP7Uw=,tag:VBg7u7MSMl4Pr72W6ugYEg==,type:comment]
user14: ENC[AES256_GCM,data:g8y07VaxsuTs74L5xF/XDlmYetOfXFwHEr+FCHRtFLKwTAVq,iv:TjT49pTk97l3u1wGG7BmqZr/LAMC2765er3HGarOANw=,tag:zt1ojulNjWcuKIdix6NFJw==,type:str]
#ENC[AES256_GCM,data:Bawjfo3ubW1eXA==,iv:m2/ViC9AIZUV3Wl9EBYV5L0QQDw7QgXPpQ7WX22XpQ8=,tag:1wqpie9BuDi7BiDCvRIWog==,type:comment]
user15: ENC[AES256_GCM,data:2Ylnb7ZJgr3ha0rXrjkscPX9zJI2L9aydfL5Ndl2b9cJmVUC,iv:mu0GlGGXH4njmi4KzsvFSJN2zC5IcXVQ6oqVv2ClWpM=,tag:AIhnDqQehLyJY+wh7RWTYg==,type:str]
#ENC[AES256_GCM,data:uORLUE+excPAuw==,iv:K1Qch9qkg5T59+lcMC7vHWu1mnOv2dH5cOAZHX8HhgQ=,tag:chVMn/kb3Rr3f2igjbsAUA==,type:comment]
user16: ENC[AES256_GCM,data:D4lPjTb2kaYfUSCCRaMpGNtzLIfvPvfiJK+kkTQtSMOBglpN,iv:FCpHHBSKDYA+H6fgabNggXJlenzg5am5excBknpD1uU=,tag:FPQaBfLiZ5PBJa8gCpBfTA==,type:str]
#ENC[AES256_GCM,data:Cfs0Ul9BHWW/oQ==,iv:OOcRWmc7fy2RnE7+TtSBauKa1k1/unC1nFJ2SJ3yWqk=,tag:q6MjcXEYuep1eRw5BJspqw==,type:comment]
user17: ENC[AES256_GCM,data:2mzbUcGRye0cdgQxoTzSeKaM+m1dUPvKq61uBnGvZDFXrqQ7,iv:hxkruf0Xo1ZNJ/ym5YdLGJF5aK5nXZMJ46XC18Aksmc=,tag:KrUCTgDgYndxhi8QSYpGwA==,type:str]
#ENC[AES256_GCM,data:vHvpcqJaH2hPTg==,iv:S1WbgLU+15FMJr699YGY4f9r8wIg880tjJo6W6APhx0=,tag:F7fbA83eco8/Qd6u4vUMbA==,type:comment]
user18: ENC[AES256_GCM,data:LwZKy71ecB/E2EMIaUuFV0a7j+16EWo8LA9/0Gc8lpXAQpaT,iv:+cjrRDSvW7KFGDlpI6W+eDi3bux+eQl6NXNjnUoj7L0=,tag:PurtN+Vede0DNTQqbea1Ig==,type:str]
#ENC[AES256_GCM,data:rhbv9bL/0d7pGA==,iv:XvKiQWO72BfHhVRyti5ST9+f9tPUne2IcMNC08kD9r8=,tag:qhA6q4MrX3lAELrrGM8LCQ==,type:comment]
user19: ENC[AES256_GCM,data:jOyA913cS21eGwjUPY/XrQUBofoHwsCHghpmjzGx7cBzk/K0,iv:wXAnuSUhJ+gwGvMF7/YsfgeTHOvQC+S6rM5DzypvOuo=,tag:b/FsoypjkVYLSfyowNL2Nw==,type:str]
#ENC[AES256_GCM,data:Q48F7+SNdz7duKY=,iv:KIb6lIJWAVXKekBhwPztkySYDA7IP4jMjDsWy+waeFQ=,tag:s8hEz2zrh1ZXNKi/IuVV4Q==,type:comment]
user20: ENC[AES256_GCM,data:D6+eQdWO/W4P1ul9zQLpUQxqNA+kytz5ZHH6HmU/jwSuq3hU,iv:U4H7Ez0P3gWBLVeQ6O4PN4AmVP7Ij3oArhMmfT1BWic=,tag:l6TNsJFXXH/+yMcszkVRrQ==,type:str]
#ENC[AES256_GCM,data:F8qJksiC3Z8GbJc=,iv:yDBYQLUFFSXMn5Vo69rXzGBWzA+GkYw1qHS/ShisH7w=,tag:mnxj03thlYN5KhKDUO7hug==,type:comment]
user21: ENC[AES256_GCM,data:QeSxzBR6fLAyoUsA4aGKilYHcF42SNdkwjdwWZbxNvqZU6bf,iv:ocZGB4i8M7qM9Ypp3BUlGIdGL0AQx8NdO5yBZFLB6fk=,tag:WMFmljoJSnCU8BL/GfiZMg==,type:str]
#ENC[AES256_GCM,data:LxUne7UMT32f,iv:AyVaLB7Ni6HB5BE+InEG99TQsEzdQG7EXoHXC8PLGlQ=,tag:j5GoVfDsqoHypkxYFNPjyg==,type:comment]
user22: ENC[AES256_GCM,data:lzFvCb/zbTZs2jmYUfl3onGeWjBCdjxcIzAIff/fm6Qre+HZ,iv:eSiosE3eOrl7iLnOV41w+pwdtcske/4R1Bf1D1qxsOo=,tag:r69jFKp/FlxN3MEL5E6EXA==,type:str]
private-key: ENC[AES256_GCM,data:xz7xFt/g++E79bIl6AeBWATHDB+gHBIoXo5vdWTeyrAT1RtllgYie9k3Fg==,iv:x7fdmSINQA+F7a08jpuvCAg7vIZpsYaoX+EnitJMUCk=,tag:GAb/RRdAOlteIQPxeIMAXQ==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:OR3OA8qJsq1gAYiv1rShNa8eODzIxPOpVbqbnseSCMUNx4+FeOgReTLl7cXHPxbBkrJbsfEq5XYm1QtRtxotdw==,iv:6vz0ezsFuCNsBduNhm4VQ+it6oEJF/eMxktVFhdXgug=,tag:hmW7BwF9C53SAHhu2HBLYg==,type:str]
password: ENC[AES256_GCM,data:OaoqvUzWZz4LvVwZMbOSeq0mZyTqWT/E1Dt/N0XwEGwn9LLtarG/LrzV24BMS503N7NIxePVBK0jJCdbO7sI3Q==,iv:aaInNy3UmdF+aOu+Lzo7F0FvEVRbsn2XDwmYLNtYaFE=,tag:l/ONyeZJtZjS6IqwQgMs7A==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:5B1wPAOx3GsLDoYBKHWFzoyXFmn93fdcq6UC2rCt/P5zYLA4VNzfsp0=,iv:Y2gTLCmwB5wY4dhN73HRvTqSMVXbAEd+RjRbgUEuTeE=,tag:vcfNhXpG0C3twFBsm7PHwA==,type:str]
webui: ENC[AES256_GCM,data:Lg32DZ5GC+AYzWc4WloNMQlnpsqW67s5/kXzYwE=,iv:ECncgdYoLkX9GUOX26MXFSO8JOZahUDjTdKV87IRNJ8=,tag:J/5tTR3MI0iGIVDrlacYEg==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaURzWlFQNUpObmtvaUd2
bVc2UXRHajFPeXR5eTNqQnBhaWVOTXRDSEhVCjJVREN5MzF2MXhMSGIvNlM0endj
ZGVhTUFrTXVXRTlvYThaRVZBWmwxd2sKLS0tIDNTME1EaHFKY2J2SWxrRWFpaVJ4
Sm5xUlU2TXpyMUJQWVpoRUdlTnVjOFkKZErjPuX3nNFc3jFPBX462qs9hwguyxUD
POxmT4DMCPAaEz+lNB+Qa03P3TYFJ3LfqTsO7QXO2f9113wFqF2lFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxd2RzNEttTzk5cXVhc2RK
R3hxM1N4TmkyNGp0Z2ZwODZBL0RuMW1qNjFjCkI0N2FMUkd0eENPK0w4MWVJY2d4
NWlvUFdQbUh3SFIycDczZlg0ZEJMalkKLS0tIGs4dHlocTRseXRWYVFxMkdrV2x2
d0h3aDh5QXFZYWJFdmNVYnJxQ3pBeVUKTl0XVvtwJcz+RpSylgDPl/R8msInxvWX
eQGmrDHibeE1V+KSDiuNzC4MVRIrOnh1beHrhnVQ86HwPVgJqs2FoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-26T10:55:01Z"
mac: ENC[AES256_GCM,data:ek8oYslh51198fhnYy8LgZQBo3QEnCumeSzLEIEFp/bQshfPVtiMt29n37y89GZjfvd/UL/J/i4sxHqF328+MoMtIYwcDzJoHp/ZNJYZoM19UjEsPL5YemRRXz++gw3tvDgqPzYvtr93pg6+WcPNToIhzsew7QzYj2xLiSaecvQ=,iv:wk8RcTUbZwUHRAgNRuZ3SWWv6O57hHBCkccYNZiMwPQ=,tag:8bwhsrkk8bVMwThZQPkNXg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

25
devices/test-pc-vm/default.nix
View File

@@ -1,25 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
networking = {};
};
hardware.cpus = [ "amd" ];
services.sshd = {};
};
};
}

26
devices/test-pc-vm/secrets.yaml
View File

@@ -1,26 +0,0 @@
nixvirt:
chn: ENC[AES256_GCM,data:0llBtdnPLl8=,iv:0w0huoNCvIiaL77Thj1iAwRY5edDlN7I4mMwiNKCzOc=,tag:Eh1b7dymn7jQtL5/rsxC1Q==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcldLRERrOHdadVA4RXdQ
dmsxL1o5aDdJTitqdXBzRWxqVmZKUzFtTlUwCnc2a1N4WUNEVUhsSlFuSExjR0Rl
TlFnNjVpUkpmbWdxYW5oblk5dGQ0THMKLS0tIDFBa0FKQXBPYThFTUwvd2tIaU9p
TERYVkp3dkUxU2ZaTnFRamRKclRRa1EKosUuvJXekUIxIHL8s/QuZf+hCXQS5dMC
HqZ74f/jvIW8i/Etu29VtK3n8MD8W1EenhJjfxOvhpRpLpzQP2GImg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK2F0R1JRR2t6NDhXVnVD
Unh5QmxDaGJtWmhsb1ZDRkMzUlpSeU9GL3lNCkU0ZVYxaWs3MHZDQlNHS25WMTl3
VVVtQUlxeXNQNVQrSTdSbWYzSmlPVGMKLS0tIDlyRm1tYlR3WU9ISjc2T3BSY2FP
Z3h2QWh6eDB6L1krbU9SS050dUhEamMKHnvdCmLuhuIfeBRs3LJ6IEatqrlMJNnc
vhPTVgfn+M8dGo+odTTwlvr5XGzE5cMSxGtdSE33JsbBFfVyaPCFjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-16T05:29:11Z"
mac: ENC[AES256_GCM,data:s1HBVQUDbYP63EntEXe/+9mqFj2zGEtx3ibFauBYmjJvtvw2hs44ODNebMxjasT8zTYICJWWZJxwMvpUs/CbcmSjPAXTV8379lzlOmG2wZLezF+9jWdJi3ZDvM9Y1D0/4GnaIRHof/+kPn/ykFE/gQhP5PQ4OtoV+VTR2fuwDaA=,iv:TUTM8tyZxiAjU3afazfmse+LL53hrSFSCIX4KIDyQq8=,tag:Vx4GsOPAXaZz0rEjsJS8sw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

50
devices/test-pc/default.nix
View File

@@ -1,50 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "znver4";
networking = {};
};
hardware.cpus = [ "amd" ];
services =
{
sshd = {};
nixvirt =
{
subnet = 123;
instance =
{
chn =
{
hardware = { memoryMB = 2048; cpus = 4; };
network =
{
address = 2;
portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
};
};
chn2 =
{
owner = "chn";
hardware = { memoryMB = 2048; cpus = 4; };
network = { address = 3; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
};
};
};
};
};
}

27
devices/test-pc/secrets.yaml
View File

@@ -1,27 +0,0 @@
nixvirt:
chn: ENC[AES256_GCM,data:0llBtdnPLl8=,iv:0w0huoNCvIiaL77Thj1iAwRY5edDlN7I4mMwiNKCzOc=,tag:Eh1b7dymn7jQtL5/rsxC1Q==,type:str]
chn2: ENC[AES256_GCM,data:vlvFNwMfTMg=,iv:DKgX3DCvkfADF/Pj31bRTx/dfTiMxv/JaeN76Kppob8=,tag:SOioaCz/CvvLn2jB+08THQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SGQ0R20zci9aU1l4d2Fs
YkRZQ1FGUW1vSEd3S3FBdGlSTXB4dW54UVJJCk5MMEFZSzdYTFRQL1FRZUFWTXFh
cC90bUx2dkdHUFVoMkhyNjR6U0w1QTAKLS0tIDZHZE4yNlV4cFBTVGN4c3VYZXZ5
enZoU21MQ2VJbHlhSnhwUkNXZjV6OXcKzvdz1TNs/PDISx+QSi6cJ8vWNtZo4jfD
qsrwpxvHou/wptLzYg5gXQuXB0izpOW/AtqA1XqLcTUbLzcRhqFvMg==
-----END AGE ENCRYPTED FILE-----
- recipient: age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWUJVZmdVbWxXck5EY0tR
cFRwZTlWVVpObjFneE95bXNPSUxjNE1DTlg0ClNQRy8yVmF6QWxuY3RGLzdJVEE4
WXEwb1NGVUlJWFRqeWlyN1J0eE15QnMKLS0tIENRQWJ0VXlzNHV6MXh0QUVRZlJu
RFFteDMzeGltVER3QjlpdUllZVNJS3MKyOMAu5xYr1z0YlNDFvaE4l4bposMTPUJ
K13yerfRBxDlOrMhG/lSovusBPkmS3HejDedGgYi1WMvgLuOkNWZ2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-18T01:55:44Z"
mac: ENC[AES256_GCM,data:wGHagytOT30EgjPezkaLXrqml/tn8oMzplYgThb9JbnXJzpCMnZnXeAlnRW/zdXY+Vt+kRfGCm2W/3sif5wB+gu5DCIeGC6OZy9brMVIQLceQ6Wp7IwPTDjMIGYtqe+T3QX6LFAMPUVZOHNBL9eRdO27G2TGP1ojH69MwNt4aQo=,iv:Rn26bQ8crsVFbLAxPcvLeQWwRP484rS/UFnmg8xeTwc=,tag:zs4S6VPNKFUZU6xxC2rIuQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

29
devices/test/default.nix
View File

@@ -1,29 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/test-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/test-root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
rollingRootfs = {};
};
nixpkgs.march = "haswell";
networking = {};
};
hardware.cpus = [ "intel" ];
services =
{
sshd = {};
nginx = { enable = true; applications.example = {}; };
};
};
};
}

30
devices/test/secrets.yaml
View File

@@ -1,30 +0,0 @@
hello: ENC[AES256_GCM,data:y6Kl7kHqgft7T1eiFEeIppvosCACIcVWIQm6TzjS6RgUkJEg17GEZFRy2zTvVg==,iv:wChah8rTtEkkR8pRHO9NdhaGBwsTrrP+tPp7k2SOdn0=,tag:jRdYgJoKz+Q+/m8l/03JoQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcldLRERrOHdadVA4RXdQ
dmsxL1o5aDdJTitqdXBzRWxqVmZKUzFtTlUwCnc2a1N4WUNEVUhsSlFuSExjR0Rl
TlFnNjVpUkpmbWdxYW5oblk5dGQ0THMKLS0tIDFBa0FKQXBPYThFTUwvd2tIaU9p
TERYVkp3dkUxU2ZaTnFRamRKclRRa1EKosUuvJXekUIxIHL8s/QuZf+hCXQS5dMC
HqZ74f/jvIW8i/Etu29VtK3n8MD8W1EenhJjfxOvhpRpLpzQP2GImg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMK2F0R1JRR2t6NDhXVnVD
Unh5QmxDaGJtWmhsb1ZDRkMzUlpSeU9GL3lNCkU0ZVYxaWs3MHZDQlNHS25WMTl3
VVVtQUlxeXNQNVQrSTdSbWYzSmlPVGMKLS0tIDlyRm1tYlR3WU9ISjc2T3BSY2FP
Z3h2QWh6eDB6L1krbU9SS050dUhEamMKHnvdCmLuhuIfeBRs3LJ6IEatqrlMJNnc
vhPTVgfn+M8dGo+odTTwlvr5XGzE5cMSxGtdSE33JsbBFfVyaPCFjQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-10T03:54:30Z"
mac: ENC[AES256_GCM,data:JMr6ybbOk7tDZKUo11bd0xwUfLUuE4DIB5sYOCEVuaXLpDirgMgNSQgayqnnYDLOC7kGA7wDbbcxWhdaT8TcyYwdeha3SgA9mjkruPtOZ4R+ozfLDeqa59h2P+xronaOCDdl9G2JbhLA+k/S2ImBP43iPbcycJViSQs0RrntMxY=,iv:3ZILO4L01r4I2SJWOxe4pp9XLWo6KPPl3t/IbIf07+8=,tag:jhf73Y42fOYmeQS2oA0qSA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

36
devices/vps4/default.nix
View File

@@ -1,36 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/403fe853-8648-4c16-b2b5-3dfa88aee351"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver2";
initrd.sshd = {};
networking = {};
};
services =
{
sshd = {};
fail2ban = {};
beesd."/".hashTableSizeMB = 64;
xray.server.serverName = "xserver.vps4.chn.moe";
};
};
};
}

51
devices/vps4/secrets.yaml
View File

@@ -1,51 +0,0 @@
xray-server:
clients:
#ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
#ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
#ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
#ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
acme:
token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
telegram:
token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T03:19:55Z"
mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

72
devices/vps6/default.nix
View File

@@ -1,72 +0,0 @@
inputs:
{
config =
{
nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/0067ef91-06f7-416e-88cb-4880ce04afa4"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "znver2";
initrd.sshd = {};
networking = {};
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
};
services =
{
sshd = {};
xray.server.serverName = "vps6.xserver.chn.moe";
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
streamProxy.map =
{
"anchor.fm" = { upstream = "anchor.fm:443"; proxyProtocol = false; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; proxyProtocol = false; };
"xlog.chn.moe" = { upstream = "cname.xlog.app:443"; proxyProtocol = false; };
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
[ "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.srv3.chn.moe"; })
[ "xn--s8w913fdga" "misskey" "synapse" "matrix" "send" "api" "git" "grafana" "peertube" ]));
applications =
{
element.instances."element.chn.moe" = {};
synapse-admin.instances."synapse-admin.chn.moe" = {};
catalog.enable = true;
main.enable = true;
nekomia.enable = true;
blog = {};
sticker = {};
tgapi = {};
};
};
coturn = {};
httpua = {};
mirism.enable = true;
fail2ban = {};
beesd."/" = {};
};
};
specialisation.generic.configuration =
{
nixos.system.nixpkgs.march = inputs.lib.mkForce null;
system.nixos.tags = [ "generic" ];
};
};
}

77
devices/vps6/secrets.yaml
View File

@@ -1,77 +0,0 @@
frp:
token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str]
#ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment]
user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
#ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment]
#ENC[AES256_GCM,data:s6BwbmIwmC1J+vA27pPGh0Q+Rmowkd8ES3hYOny3vX+tjWtW+qiWBz2A9M4=,iv:XXPPaVyP7fEUhNJay2mjjC2f3Vg3wYtBUDoSYQt1Iew=,tag:B2WAfg2Oqwp0t0gE7Jdq6w==,type:comment]
#ENC[AES256_GCM,data:m0iCqLI8ELaPb9g=,iv:bsh7JHILbOZJ+bgGr0U0rDanjUVGgDzYGhboezspEjE=,tag:o7A4SXoCXk5LXmZ1bidg/w==,type:comment]
user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str]
#ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment]
#ENC[AES256_GCM,data:RVChRrOl3R8DiKPS7yduAu5RG7d4VkOZ5akRTp18mK7Hz/xQ7FpxlNqGJcQ=,iv:j7naYq9tD+G5dDB8+hyUVosA3p2O4wlkcxIBlO7hRdo=,tag:TvlSmZwTDGLCX7qOR5Clhg==,type:comment]
#ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
#ENC[AES256_GCM,data:nTsDaAIVIP28YBCw0XONqWoYziAYhszJhLBlJfbFM6w2NB0nQcYWAanhkkA=,iv:rezGcsfxcAUjTtBFd099TDrV+K59cb0gbJCCVqH+nCA=,tag:5g2Zl82MNuHTf12Tb0GWcg==,type:comment]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
#ENC[AES256_GCM,data:hG7EUK7V9QObh7rHKtgTESwNLOf16WXoQrCAAEiK8Nzsr7atwh9DqNIJAww=,iv:3zAY7CImCzvNmsVK/OG3VgYSUL1wdt+keYtuskGO7Gg=,tag:7JeGHrlVkAUOX7bhd8UJaA==,type:comment]
#ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment]
#ENC[AES256_GCM,data:C6ri4a3iCXf7I3PWSoPk1y4143TTFugot1MMxdawWxGyfg/P7SYUBMs+T0U=,iv:v2lCOw+p0hJhXNsUpTSCvqNSBtPaPJGMrk6ukJYtB+w=,tag:WXq9rUYDQKN/cZzZ7CFQvA==,type:comment]
#ENC[AES256_GCM,data:eCl1bK4=,iv:oYA2CFW6OGGrRYx6OHRYJpbEyFh575UjztvHaXA8UG8=,tag:Pw7xsisQB2Dd0KJeWFq6bQ==,type:comment]
#ENC[AES256_GCM,data:Gs2pJl4YMPRBDZCmd/1ycXJcArdIb8cUAQ+09OuRm7z/x1ATc9xVr7dE+C4b,iv:JYf4sTzJh7PoQe5yFAC60mJ5zKUIof7QKm5jMfiF5xE=,tag:/CJPT/OmblQvzqkQ1VCP/Q==,type:comment]
#ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment]
#ENC[AES256_GCM,data:JOabknMamJFImHErEcsrAMuYBXzJkw/Gm0+6rWrer2ePsoOakN/A3ByCPzwQ,iv:wnUFMeGfkUMkkpJBrFswy1SwJzVBDehEoilnzb43MgY=,tag:sXCKkiwtDp9v7ptpuAfOhQ==,type:comment]
#ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment]
#ENC[AES256_GCM,data:LRRsL6u+FH3jHa8UAhEXrb3UTQss9piBle2aH2xuuFw0cupmRd5PlSOBIbvQ,iv:0cccpn4bWkrla6COI5g6pDDW1JoVK4UULYteXoJp38s=,tag:+EFlWxGIw7k85Q2RIL/YHg==,type:comment]
#ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
#ENC[AES256_GCM,data:JFKeeVBSBO8pWttZy/fTX1YaVV69Et1GmHVDLZ1E5vUY3BvajjjS04t7V5TG,iv:rZJQTe5+YgJ6X6uPoQcpTw4AF+gQCVSMe7maFetLEPg=,tag:H4ravqgOgQYgVXMayv7tXw==,type:comment]
#ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
#ENC[AES256_GCM,data:dpOaSMuXhIiwb+yD3TgOIKkeWBusQvqHbj4PuvH/anF5/P8JagplDpBSIimJ,iv:PkVIthbA21sFC4J4VmwZ/1HZqA6qbjVPnJoRszmeVbs=,tag:PcXPRYLzuC9F0YfNT4mi3A==,type:comment]
#ENC[AES256_GCM,data:4jJkbMD9Psxrag==,iv:arRtRaNrqnYcT7vE3wqgl/y8/65ORaxqTdGw55AKDP8=,tag:pRpta6mXfy0XCyzMA4+cEQ==,type:comment]
#ENC[AES256_GCM,data:DeWybZ68gAH4cukohO+OQqeNrnRlUdclGHFeH8aBcn0aq1iWh1UCgtiT5xXd,iv:HYq+CiPWCswr+7+uwUblN8N6T38WU/qu9F5VzaLp4Gg=,tag:YKunlBxH4H71FRSuPxR8Uw==,type:comment]
#ENC[AES256_GCM,data:/Kec+CdtnT11EA==,iv:DnmbWfgriaE6XAnMqq2UXhHhN+Rd/3YRodKVUCJo6p4=,tag:NimqZpbslKxwzoljaZqEdw==,type:comment]
#ENC[AES256_GCM,data:tkJTZZjJfQdU0EDQw9mmc1GRlSpqdwOdsE/QCw4BedDbixjElKqUC5MPRR/b,iv:/3obljBcGiXJfzlTQivkVcaWWcsiqokuU/DmUTchpwg=,tag:E80OLtqoM5XuGk2/xYBYKw==,type:comment]
#ENC[AES256_GCM,data:h7E4P6BiGjktYg==,iv:DhkK3NNppBqo3sXt9U7kbgfaBPYcSEX2hu6VOAesDiE=,tag:XoVbZklwCmU1EBhv0ujcSw==,type:comment]
#ENC[AES256_GCM,data:LXBBph+nPScs6CSHPKwMSvcgFtWrmcOHEhhDZUNClb/7ixJFno82QnRwrnTp,iv:00I8csKFj65qeK8RPbbQ18oQZBrYKeFV3eGwfFXyGDc=,tag:uWUPNfu5Tmqr2LDkijc5cA==,type:comment]
#ENC[AES256_GCM,data:qGsMmWrUIzVdHw==,iv:DXayEA5zquwOzm+TqECYNHM98r0WSzcP3gA8zkzdPy4=,tag:OKTx12RqP9VxJQOnrBLkmw==,type:comment]
#ENC[AES256_GCM,data:ttTvPgRtQ4tYmYBSNaO+Bbs/Kz85vuNX+2Od4cOG6yD9yqrSdfLRwVvedVol,iv:ZWZX5rytwefvte/NgNlmmp9FN9vuZ62KVhVgVwX+g7s=,tag:uXx87i/ly6GkLgXA4+QULw==,type:comment]
#ENC[AES256_GCM,data:1g2gohLbiixMes8=,iv:E3HA6cAdv3BdLMcrrcWW4Zsc2KLtW7L8Xrk9Z57l49o=,tag:rZ7W9ckf7lzJ23u5zwQiwg==,type:comment]
user20: ENC[AES256_GCM,data:3UbVnn9oMRc0zZR46tWxwM9VFOvMOYm690csUomEVBcS3xPm,iv:KHuPXttLAFr7WT/qa/UYLY8GRsPWYZPyKNmdUh4iFQQ=,tag:jN8rQ0Gv+qnhwOWGH+CwlA==,type:str]
#ENC[AES256_GCM,data:GzxXsTbEvdHV7A0=,iv:uxUG4hnYEsmJtnqbEwamwhtLt3UClt7ktmkGyAFdxsc=,tag:sF8YQ2cejAezI3Bbp9qKIw==,type:comment]
user21: ENC[AES256_GCM,data:hgDJ11crZaWcKrc+ZDQklXwpnvt/sMbARkx3sLZfQGZqQZeA,iv:2Re+hdJuT5yg/qTymfpN+KdU3criOmwuqqg+SHb8iAo=,tag:s16N6u5cRDaoWxnrCkamuw==,type:str]
#ENC[AES256_GCM,data:U0CcBBJraJj9,iv:9kuHsHkSDdDT0Gi/3Oy608RArrg+4cgeii5zWbsGuPA=,tag:EvqqMNvNcWBwie28t0+52w==,type:comment]
#ENC[AES256_GCM,data:FnindYeqk6g6aZgajHVejfHPqeF+uSX3QzbrDS6XLZz52aQF5ZQSiJQCaDha,iv:c/mrS0jfy5EzQe4Tkm0QqBH9/okJnCsRZFGhzSjeit0=,tag:e5otDw+I2d7moybCx4jeqw==,type:comment]
private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str]
send:
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
coturn:
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
wireguard: ENC[AES256_GCM,data:5M7EAy/6+2UASWkjxE0Jrxwl0aNdAVZaUjQnD1wU3YvOAQ/c2DSL8hVtKf8=,iv:a2tXFf1+aP0JhdNtzP8e82KJ71m2o8nx+G0wIx4VMig=,tag:l4TS4QBz2fIkC9/GnZgHnQ==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXc4NzREZHlhMDV2WXlM
a2I4d1pjWm9Xd2gzUDUwZ1ZSTkFGR1ZQNDJzCmJwcWFxRWNNVGxTNno2b1NxNktO
aHhINXBjdmE3alFGYk9kUHZ1UzdJUk0KLS0tIFdKMDlvb1Z2Qi8xRjl0MXpKMDMz
cVVNdDRDNmtHZlJEcVRXR1FLVkZrMWcKn2iTHH7/52fJNXcbDFbzOxNAaiQRA0nO
we74EeNzcaaQwuEmBQPKxd/g7/kjhnHzTkoX3OneXMd/gBZMn2knXw==
-----END AGE ENCRYPTED FILE-----
- recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEw1bXA4QUZkUzJ0Z3pM
Z0xHam5SLzRGV21XYUtxTFh1VnhQUk1NbzAwCkU1Z3VTR1FtZ05GOWNDOENlZTgz
SitzYXo2Q2VEaGtLTGE2UGRoUDkxN28KLS0tIHhRS2Y1cnQreC9Fc2FLdGR1ZXdJ
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-18T07:37:52Z"
mac: ENC[AES256_GCM,data:nfUU2BsDuErJGm8sVB9shRv4N+cIFZmAF1vWF4iZmcJwjP2PekVWcp4COPAlapy5oVhMutr39oW6VsltTR27jVxhI4+dueurMU7KRLD5Bwpk5hQmMAfZxvl4GaP50zehJbCwfApiX9CcjwCUxUjraTs4rG6LK2+8d5Z0PYosm2A=,iv:TR63cpbe3z0K4bWpbEnv/DE9jnAJV1Zv+Aj0HXoA16Y=,tag:fS78JUapMvBtZCFtM1z07A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

12
devices/wlin.xmuhpc/.bash_profile
View File

@@ -1,12 +0,0 @@
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATH

43
devices/wlin.xmuhpc/.bashrc
View File

@@ -1,43 +0,0 @@
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
export PATH=$PATH:/data/gpfs01/wlin/bin
# User specific aliases and functions
export PATH=/data/gpfs01/wlin/bin/vaspkit.1.4.1/bin:${PATH}
#export PATH=~/bin:/data/gpfs01/wlin/opt/mpich_ifort/bin:$PATH
#export LD_LIBRARY_PATH=/data/gpfs01/wlin/opt/mpich_ifort/lib:$LD_LIBRARY_PATH
#export PATH=~/bin:/data/gpfs01/wlin/opt/mpich/bin:$PATH
#export LD_LIBRARY_PATH=/data/gpfs01/wlin/opt/mpich/lib:$LD_LIBRARY_PATH
export P4_RSHCOMMAND=ssh
shopt -s cdspell
export HISTCONTROL=ignoredups
#shopt -s histappend
PROMPT_COMMAND='history -a'
export C3_RSH="ssh -x"
export OMP_NUM_THREADS=1
export MKL_NUM_THREADS=1
alias grep='grep --color'
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S `whoami`@${USER_IP}: "
export HISTFILESIZE=1000000
export PROMPT_COMMAND="history -a; history -r; $PROMPT_COMMAND"
shopt -s histappend
# Auto add env parameter $PROMPT_COMMAND when use non-Linux tty login by ssh.
if [ "$SSH_CONNECTION" != '' -a "$TERM" != 'linux' ]; then
declare -a HOSTIP
HOSTIP=`echo $SSH_CONNECTION |awk '{print $3}'`
export PROMPT_COMMAND='echo -ne "\033]0;${USER}@$HOSTIP:[${HOSTNAME%%.*}]:${PWD/#$HOME/~} \007"'
fi
ulimit -s unlimited
export PYTHONPATH=/data/gpfs01/wlin/bin/VaspBandUnfolding-master:${PYTHONPATH}
# vsts, see https://theory.cm.utexas.edu/vtsttools/scripts.html
export PATH=$PATH:/data/gpfs01/wlin/yjj/vtstscripts-1022
export PERL5LIB=/data/gpfs01/wlin/yjj/vtstscripts-1022

31
doc/setup.md
View File

@@ -1,31 +0,0 @@
```bash
nixos-install --flake .#vps4 --option substituters https://nix-store.chn.moe \
--option require-sigs false --option system-features gccarch-znver2 \
--option extra-experimental-features ca-derivations
nix-serve -p 5000
nix copy --substitute-on-destination --to ssh://server /run/current-system
nix copy --to ssh://nixos@192.168.122.56 ./result
sudo nixos-install --flake .#bootstrap --option substituters http://192.168.122.1:5000 --option require-sigs false
sudo chattr -i var/empty
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
sudo nixos-rebuild switch --flake .#vps6 --log-format internal-json -v |& nom --json
boot.shell_on_fail systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
sudo usbipd
ssh -R 3240:127.0.0.1:3240 root@192.168.122.57
modprobe vhci-hcd
sudo usbip bind -b 3-6
usbip attach -r 127.0.0.1 -b 3-6
systemd-cryptenroll --fido2-device=auto /dev/vda2
systemd-cryptsetup attach root /dev/vda2
ssh-keygen -t rsa -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_rsa_key
ssh-keygen -t ed25519 -C root@pe -f /mnt/nix/persistent/etc/ssh/ssh_host_ed25519_key
systemd-machine-id-setup --root=/mnt/nix/persistent
pg_dump -h 127.0.0.1 -U synapse -Fc -f synaps.dump synapse
pg_restore -h 127.0.0.1 -U misskey -d misskey --data-only --jobs=4 misskey.dump
cryptsetup luksUUID --uuid=<the new UUID> /dev/sda1
mungekey -k munge.key
mv munge.key munge.key.orig
sops -e --input-type binary --output-type binary munge.key.orig > munge.key
rm munge.key.orig
sudo nix build --store 'local?root=/mnt' --option substituters https://nix-store.chn.moe --option require-sigs false /nix/store/khhqmly5295ns33dz1s3m3sb79icj6bi-nixos-system-srv3-production-24.11
```

6
doc/todo.md
View File

@@ -1,6 +0,0 @@
* 使用 wrap 好的 intel 编译器。
* 在挂载根目录前(创建 rootfs 时),按用户复制需要的文件
* 挑选一个好看的主题
* 尝试一些别的计算软件
* 解决 vscode 中的英语语法检查插件,尝试 valentjn.vscode-ltex
* 调整 xmupc1 xmupc2 启动分区

12
doc/upgrade.md
View File

@@ -1,12 +0,0 @@
* merge upstream, update flake
* update src
* fix all build errors
* update modules (synapse)
* update postgresql nextcloud
* update stateVersion
* switch
* fix disabled packages
* upstream patches
* merge upstream again
* switch
* build all

9
doc/迁移服务器.md
View File

@@ -1,9 +0,0 @@
1. 调整代码,编译。
2. 将系统上传到新机。不要 rebuild。
3. 如果原机数据比较多,则先传输一个快照过去。
4. 将原机停机,修改 dns。
5. 传输原机的数据到新机,但不要替换子卷。
6. 替换 initrd ssh keyrebuild。
7. 替换子卷。
8. 替换 luks 密钥。
9. 重启。

1648
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

777
flake.nix
View File

@@ -3,78 +3,721 @@
inputs =
{
self.lfs = true;
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:CHN-beta/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
{
url = "github:Mic92/sops-nix";
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
};
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
nur.url = "github:nix-community/NUR";
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions =
{
url = "github:nix-community/nix-vscode-extensions?ref=4a7f92bdabb365936a8e8958948536cc2ceac7ba";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:CHN-beta/impermanence";
plasma-manager =
{
url = "github:pjones/plasma-manager";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
bscpkgs = { url = "github:CHN-beta/bscpkgs"; inputs.nixpkgs.follows = "nixpkgs"; };
cachyos-lts.url = "github:drakon64/nixos-cachyos-kernel";
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
shadowrz = { url = "github:ShadowRZ/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
zpp-bits = { url = "github:eyalz800/zpp_bits"; flake = false; };
concurrencpp = { url = "github:David-Haim/concurrencpp"; flake = false; };
cppcoro = { url = "github:Garcia6l20/cppcoro"; flake = false; };
date = { url = "github:HowardHinnant/date"; flake = false; };
matplotplusplus = { url = "github:alandefreitas/matplotplusplus"; flake = false; };
nameof = { url = "github:Neargye/nameof"; flake = false; };
tgbot-cpp = { url = "github:reo7sp/tgbot-cpp"; flake = false; };
v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
slate = { url = "github:TheBigWazz/Slate"; flake = false; };
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
hextra = { url = "github:imfing/hextra"; flake = false; };
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog-public.git?lfs=1"; flake = false; };
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git?lfs=1"; flake = false; };
vaspberry = { url = "github:Infant83/VASPBERRY"; flake = false; };
ufo = { url = "git+https://git.chn.moe/chn/ufo.git?lfs=1"; flake = false; };
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
phono3py = { url = "github:phonopy/phono3py"; flake = false; };
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
pnpm2nix-nzbr = { url = "github:CHN-beta/pnpm2nix-nzbr"; inputs.nixpkgs.follows = "nixpkgs"; };
lmix = { url = "github:CHN-beta/lmix"; inputs.nixpkgs.follows = "nixpkgs"; };
dguibert-nur-packages = { url = "github:CHN-beta/dguibert-nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
};
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
{
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
overlays.default = final: prev:
{ localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
config =
outputs = inputs:
let
localLib = import ./local/lib inputs.nixpkgs.lib;
in
{
branch = import ./flake/branch.nix;
dns = inputs.self.packages.x86_64-linux.dns-push.meta.config;
packages.x86_64-linux =
{
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
(builtins.concatStringsSep "\n" (builtins.map
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ]));
}
// (
builtins.listToAttrs (builtins.map
(system:
{
name = system;
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
})
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ])
);
nixosConfigurations = builtins.listToAttrs (builtins.map
(system:
{
name = system.name;
value = inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
(
[
(inputs: { config.nixpkgs.overlays = [(final: prev:
{
localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; });
unstablePackages = import inputs.topInputs.nixpkgs-unstable
{ system = "x86_64-linux"; config.allowUnfree = true; };
})]; })
./modules
]
++ system.value
);
};
})
(localLib.attrsToList
{
"pc" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
};
mdadm =
"ARRAY /dev/md/swap metadata=1.2 name=pc:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub =
{
windowsEntries = { "7317-1DB6" = "Windows"; "7321-FA9C" = "Windows for malware"; };
installDevice = "efi";
};
nix =
{
marches =
[
"alderlake"
# CX16
"sandybridge"
# CX16 SAHF FXSR
"silvermont"
# RDSEED MWAITX SHA CLZERO CX16 SSE4A ABM CLFLUSHOPT WBNOINVD
"znver2" "znver3"
# CX16 SAHF FXSR HLE RDSEED
"broadwell"
];
keepOutputs = true;
};
nixpkgs = { march = "alderlake"; cudaSupport = true; };
gui.enable = true;
kernel =
{
patches = [ "cjktty" "preempt" ];
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
impermanence.enable = true;
networking = { hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
prime =
{ enable = true; mode = "offload"; busId = { intel = "PCI:0:2:0"; nvidia = "PCI:1:0:0"; };};
gamemode.drmDevice = 1;
};
packages =
{
packageSet = "workstation";
extraPrebuildPackages = with inputs.pkgs; [ llvmPackages_git.stdenv ];
extraPythonPackages = [(pythonPackages:
[ inputs.pkgs.localPackages.upho inputs.pkgs.localPackages.spectral ])];
};
virtualization =
{
waydroid.enable = true;
docker.enable = true;
kvmHost = { enable = true; gui = true; autoSuspend = [ "win10" "hardconnect" ]; };
# kvmGuest.enable = true;
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
};
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
samba =
{
enable = true;
private = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "216.24.188.24";
"beta.mirism.one" = "216.24.188.24";
"ng01.mirism.one" = "216.24.188.24";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
};
};
};
firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
acme = { enable = true; certs = [ "debug.mirism.one" ]; };
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "pc";
tcp.store = { localPort = 443; remotePort = 7676; };
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
nginx = { enable = true; transparentProxy.enable = false; };
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
};
bugs =
[
"intel-hdmi" "suspend-hibernate-no-platform" "hibernate-iwlwifi" "suspend-lid-no-wakeup" "xmunet"
"suspend-hibernate-waydroid" "embree"
];
};})
];
"vps6" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/24577c0e-d56b-45ba-8b36-95a848228600"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/4f8aca22-9ec6-4fad-b21a-fd9d8d0514e8" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "sandybridge";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking = { hostname = "vps6"; nebula.enable = true; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
packages.packageSet = "server";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; };
frpServer = { enable = true; serverName = "frp.chn.moe"; };
nginx =
{
enable = true;
transparentProxy =
{
externalIp = "74.211.99.69";
map =
{
"ng01.mirism.one" = 7411;
"beta.mirism.one" = 9114;
"nix-store.chn.moe" = 7676;
"direct.xn--qbtm095lrg0bfka60z.chn.moe" = 7676;
};
};
};
misskey-proxy =
{
"xn--qbtm095lrg0bfka60z.chn.moe".upstream.address = "internal.pc.chn.moe";
"xn--s8w913fdga.chn.moe".upstream.address = "internal.vps7.chn.moe";
};
coturn.enable = true;
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
};
};})
];
"vps4" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver3";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "vps4";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
packages.packageSet = "server";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
};
};})
];
"vps7" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/e36287f7-7321-45fa-ba1e-d126717a65f0"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/db48c8de-bcf7-43ae-a977-60c4f390d5c4" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0";
nixpkgs.march = "broadwell";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking = { hostname = "vps7"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
gui.enable = true;
};
packages =
{
packageSet = "desktop";
};
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
rsshub.enable = true;
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
wallabag.enable = true;
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
synapse.enable = true;
synapse-proxy."synapse.chn.moe" = {};
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
};
};})
];
"nas" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "nas";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
packages.packageSet = "server";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
};
};})
];
"xmupc1" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/3F57-0EBE" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/02e426ec-cfa2-4a18-b3a5-57ef04d66614"."/" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto =
{
"/dev/disk/by-uuid/55fdd19f-0f1d-4c37-bd4e-6df44fc31f26" = { mapper = "root"; ssd = true; };
"/dev/md/swap" = { mapper = "swap"; ssd = true; before = [ "root" ]; };
};
mdadm =
"ARRAY /dev/md/swap metadata=1.2 name=pc:swap UUID=2b546b8d:e38007c8:02990dd1:df9e23a4";
swap = [ "/dev/mapper/swap" ];
resume = "/dev/mapper/swap";
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efi";
nixpkgs = { march = "znver3"; cudaSupport = true; };
nix =
{
marches =
[
"znver3" "znver2"
# PREFETCHW RDRND XSAVE XSAVEOPT PTWRITE SGX GFNI-SSE MOVDIRI MOVDIR64B CLDEMOTE WAITPKG LZCNT
# PCONFIG SERIALIZE HRESET KL WIDEKL AVX-VNNI
"alderlake"
# SAHF FXSR XSAVE
"sandybridge"
# SAHF FXSR PREFETCHW RDRND
"silvermont"
];
substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
};
gui.enable = true;
kernel =
{
patches = [ "cjktty" "preempt" ];
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
impermanence.enable = true;
networking.hostname = "xmupc1";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
prime =
{ enable = true; mode = "offload"; busId = { intel = "PCI:0:2:0"; nvidia = "PCI:1:0:0"; };};
};
packages.packageSet = "workstation";
virtualization =
{
docker.enable = true;
kvmHost = { enable = true; gui = true; };
};
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares =
{
media.path = "/run/media/chn";
home.path = "/home/chn";
mnt.path = "/mnt";
share.path = "/home/chn/share";
};
};
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns =
{
extraInterfaces = [ "docker0" ];
hosts =
{
"mirism.one" = "216.24.188.24";
"beta.mirism.one" = "216.24.188.24";
"ng01.mirism.one" = "216.24.188.24";
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
};
};
};
firewall.trustedInterfaces = [ "virbr0" ];
frpClient =
{
enable = true;
serverName = "frp.chn.moe";
user = "xmupc1";
tcp.store = { localPort = 443; remotePort = 7676; };
};
smartd.enable = true;
nginx = { enable = true; transparentProxy.enable = false; };
postgresql.enable = true;
};
bugs = [ "xmunet" "firefox" "embree" ];
};})
];
"yoga" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/86B8-CF80" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/e252f81d-b4b3-479f-8664-380a9b73cf83"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/8186d34e-005c-4461-94c7-1003a5bd86c0" =
{ mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
nixpkgs.march = "silvermont";
gui.enable = true;
grub.installDevice = "efi";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "yoga";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop";
virtualization.docker.enable = true;
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
smartd.enable = true;
};
};})
];
"pe" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/A0F1-74E5" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/a7546428-1982-4931-a61f-b7eabd185097"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/0b800efa-6381-4908-bd63-7fa46322a2a9" =
{ mapper = "root"; ssd = true; };
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efiRemovable";
gui.enable = true;
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "pe";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop";
virtualization.docker.enable = true;
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
smartd.enable = true;
};
};})
];
}));
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
# nix-serve -p 5000
# nix copy --substitute-on-destination --to ssh://server /run/current-system
# nix copy --to ssh://nixos@192.168.122.56 ./result
# sudo nixos-install --flake .#bootstrap
# --option substituters http://192.168.122.1:5000 --option require-sigs false
# sudo chattr -i var/empty
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
# sudo nixos-rebuild switch --flake .#vps6 --log-format internal-json -v |& nom --json
# boot.shell_on_fail systemd.setenv=SYSTEMD_SULOGIN_FORCE=1
# sudo usbipd
# ssh -R 3240:127.0.0.1:3240 root@192.168.122.57
# modprobe vhci-hcd
# sudo usbip bind -b 3-6
# usbip attach -r 127.0.0.1 -b 3-6
# systemd-cryptenroll --fido2-device=auto /dev/vda2
# systemd-cryptsetup attach root /dev/vda2
deploy =
{
sshUser = "root";
user = "root";
fastConnection = true;
autoRollback = false;
magicRollback = false;
nodes = builtins.listToAttrs (builtins.map
(node:
{
name = node;
value =
{
hostname = node;
profiles.system.path = inputs.self.nixosConfigurations.${node}.pkgs.deploy-rs.lib.activate.nixos
inputs.self.nixosConfigurations.${node};
};
})
[ "vps6" "vps4" "vps7" ]);
};
};
devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
src = import ./flake/src.nix { inherit inputs; };
apps.x86_64-linux.dns-push = { type = "app"; program = "${inputs.self.packages.x86_64-linux.dns-push}"; };
};
}

1
flake/branch.nix
View File

@@ -1 +0,0 @@
"next"

51
flake/dev.nix
View File

@@ -1,51 +0,0 @@
{ inputs }: let inherit (inputs.self.nixosConfigurations.pc) pkgs; in
{
biu = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.biu ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
hpcstat = pkgs.mkShell.override { stdenv = pkgs.gcc14Stdenv; }
{
inputsFrom = [ (pkgs.localPackages.hpcstat.override { version = null; }) ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
sbatch-tui = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.sbatch-tui ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
ufo = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.ufo ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
chn-bsub = pkgs.mkShell
{
inputsFrom = [ pkgs.localPackages.chn-bsub ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
};
info = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.info ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
vm = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.vm ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
}

14
flake/dns/config.yaml
View File

@@ -1,14 +0,0 @@
providers:
config:
class: octodns.provider.yaml.YamlProvider
directory: env/OCTODNS_CONFIG
cloudflare:
class: octodns_cloudflare.CloudflareProvider
token: env/CLOUDFLARE_TOKEN
pagerules: false
zones:
'*':
sources:
- config
targets:
- cloudflare

87
flake/dns/config/chn.moe.nix
View File

@@ -1,87 +0,0 @@
localLib:
let
cname =
{
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" ];
nas = [ "initrd.nas" ];
office = [ "srv2-node0" ];
vps4 = [ "initrd.vps4" "xserver.vps4" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"ua" "vps6.xserver" ""
];
"xlog.autoroute" = [ "xlog" ];
"wg0.srv1-node0" = [ "wg0.srv1" ];
"wg0.srv2-node0" = [ "wg0.srv2" ];
srv3 =
[
"chat" "freshrss" "huginn" "initrd.srv3" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
"xserver.srv3" "example"
];
srv1-node0 = [ "srv1" ];
srv2-node0 = [ "srv2" ];
"wg1.pc" = [ "nix-store" ];
};
a =
{
nas = "192.168.1.2";
pc = "192.168.1.3";
one = "192.168.1.4";
office = "210.34.16.60";
srv1-node0 = "59.77.36.250";
vps4 = "104.234.37.61";
vps6 = "144.34.225.59";
search = "127.0.0.1";
srv3 = "23.135.236.216";
srv1-node1 = "192.168.178.2";
srv1-node2 = "192.168.178.3";
srv2-node1 = "192.168.178.2";
};
wireguard = import ./wireguard.nix;
in
{
"" =
[
{ type = "ALIAS"; value = "vps6.chn.moe."; }
{
type = "MX";
values =
[
{ exchange = "tuesday.mxrouting.net."; preference = 10; }
{ exchange = "tuesday-relay.mxrouting.net."; preference = 20; }
];
}
{ type = "TXT"; value = "v=spf1 include:mxlogin.com -all"; }
];
"_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
autoroute =
{
type = "NS";
values = builtins.map (suffix: "ns1.huaweicloud-dns.${suffix}.") [ "cn" "com" "net" "org" ];
};
"mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
"webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
"x._domainkey" =
{
type = "TXT";
value = ''v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CjW96ffx1tVrJkt630lSRrdEF495OAkFbUxwgZm+EjMhdQtG3erl+AzcyjK3gJpg2ylqOYxCFElerqiN9IiggYy4z6tJwVqoh7bucMbO5J4EJQvFdbyRveq7LVm+n5Qgr/CRi6105zfpzX0NbQZoLINSJMCGOmWcYPZZYv7T260ghVFkn4qVpAkFqvvc+RBtY9P96nPZ+omYvpKDV+JReNanxBZRoxuKQDpYPZhV7E6mLulzHzFyuwDLg7THBCcmEr3DlAAeZcLdm6cTdwYTG2cMv2CUiocSdxmrZeBaWa1Xef+70ddrr823o105l6PP437L4337JIMH19g9iTT+QIDAQAB'';
};
}
// builtins.listToAttrs (builtins.concatLists (builtins.map
(cname: builtins.map
(name: { inherit name; value = { type = "CNAME"; value = "${cname.name}.chn.moe."; }; })
cname.value)
(localLib.attrsToList cname)))
// builtins.listToAttrs (builtins.map
(a: {inherit (a) name; value = { inherit (a) value; type = "A"; }; })
(localLib.attrsToList a))
// builtins.listToAttrs (builtins.concatLists (builtins.map
(net: builtins.map
(peer:
{
name = "${net.name}.${peer.name}";
value = { type = "A"; value = "192.168.${builtins.toString net.value}.${builtins.toString peer.value}"; };
})
(localLib.attrsToList wireguard.peer))
(localLib.attrsToList wireguard.net)))

1
flake/dns/config/mirism.one.nix
View File

@@ -1 +0,0 @@
_: { entry = { type = "CNAME"; value = "vps6.chn.moe."; }; }

1
flake/dns/config/nekomia.moe.nix
View File

@@ -1 +0,0 @@
_: { "" = { type = "ALIAS"; value = "vps6.chn.moe."; }; }

17
flake/dns/config/wireguard.nix
View File

@@ -1,17 +0,0 @@
{
net = { wg0 = 83; wg1 = 84; };
peer =
{
vps4 = 2;
vps6 = 1;
pc = 3;
nas = 4;
one = 5;
srv1-node0 = 9;
srv1-node1 = 6;
srv1-node2 = 8;
srv2-node0 = 7;
srv2-node1 = 10;
srv3 = 11;
};
}

37
flake/dns/default.nix
View File

@@ -1,37 +0,0 @@
{ writeShellScript, writeTextDir, symlinkJoin, octodns, tokenPath, localLib, lib }:
let
addTtl = config:
let addTtl' = attrs: attrs // { octodns.cloudflare.auto-ttl = true; };
in builtins.mapAttrs (n: v: if builtins.isList v then builtins.map addTtl' v else addTtl' v) config;
config = builtins.listToAttrs (builtins.map
(domain: { name = domain; value = import ./config/${domain}.nix localLib; })
[ "chn.moe" "nekomia.moe" "mirism.one" ]);
configDir = symlinkJoin
{
name = "config";
paths = builtins.map
(domain: writeTextDir "${domain.name}.yaml" (builtins.toJSON (addTtl domain.value)))
(localLib.attrsToList config);
};
meta.config = config //
{
wireguard = import ./config/wireguard.nix;
"chn.moe" = config."chn.moe"
// {
# 查询域名对应的 ip
getAddress = deviceName:
let
dns = meta.config."chn.moe";
f = domain:
if dns.${domain}.type == "A" then dns.${domain}.value
else if dns.${domain}.type == "CNAME" then f (lib.removeSuffix ".chn.moe." dns.${domain}.value)
else throw "Not found ${domain}";
in f deviceName;
};
};
in lib.addMetaAttrs meta (writeShellScript "dns-push"
''
export OCTODNS_CONFIG=${configDir}
export CLOUDFLARE_TOKEN=$(cat ${tokenPath})
${octodns}/bin/octodns-sync --config-file ${./config.yaml} --doit --force
'')

89
flake/lib.nix
View File

@@ -1,89 +0,0 @@
lib: rec
{
attrsToList = attrs: builtins.map (name: { inherit name; value = attrs.${name}; }) (builtins.attrNames attrs);
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
# Behaviors of these two NixOS modules would be different:
# { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
# inputs: { environment.systemPackages = [ pkgs.hello ]; }
# The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
# So that we wrote a wrapper to make it always works like the first one.
mkModules = moduleList:
(builtins.map
(
let handle = module: let type = builtins.typeOf module; in
if type == "path" || type == "string" then (handle (import module))
else if type == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
else module;
in handle
)
moduleList);
# from: https://github.com/NixOS/nix/issues/3759
stripeTabs = text:
let
# Whether all lines start with a tab (or is empty)
shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines;
# Strip a leading tab from all lines
stripTab = lines: builtins.map (line: lib.strings.removePrefix " " line) lines;
# Strip tabs recursively until there are none
stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines;
in
# Split into lines. Strip leading tabs. Concat back to string.
builtins.concatStringsSep "\n" (stripTabs (lib.strings.splitString "\n" text));
# find an element in a list, return the index
findIndex = e: list:
let findIndex_ = i: list: if (builtins.elemAt list i) == e then i else findIndex_ (i + 1) list;
in findIndex_ 0 list;
# return a list of path, including:
# - all .nix file in the directory except for default.nix
# - all directories containing a default.nix
findModules = path:
mkModules (builtins.filter (path: path != null) (builtins.map
(subPath:
if subPath.value == "regular" && subPath.name != "default.nix"
then if lib.strings.hasSuffix ".nix" subPath.name
then "${path}/${subPath.name}"
else null
else if subPath.value == "directory"
then if (builtins.readDir "${path}/${subPath.name}")."default.nix" or null == "regular"
then "${path}/${subPath.name}"
else null
else null)
(attrsToList (builtins.readDir path))));
# replace the value in a nested attrset. example:
# deepReplace
# [ { path = [ "a" "b" 1 ]; value = "new value"; } ]
# { a = { b = [ "old value" "old value" ]; }; }
# => { a = { b = [ "old value" "new value" ]; }; }
deepReplace = pattern: origin:
let replace = { path, value, content }:
if path == [] then
if (builtins.typeOf value) == "lambda" then value content
else value
else let currentPath = builtins.head path; nextPath = builtins.tail path; in
if (builtins.typeOf currentPath) == "string" then
if (builtins.typeOf content) != "set" then builtins.throw "content should be a set"
else builtins.mapAttrs
(n: v: if n == currentPath then replace { path = nextPath; inherit value; content = v; } else v) content
else if (builtins.typeOf currentPath) == "int" then
if (builtins.typeOf content) != "list" then builtins.throw "content should be a list"
else lib.imap0
(i: v: if i == currentPath then replace { path = nextPath; inherit value; content = v; } else v) content
else if (builtins.typeOf currentPath) != "lambda" then throw "path should be a lambda"
else
if (builtins.typeOf content) == "list" then builtins.map
(v: if currentPath v then replace { path = nextPath; inherit value; content = v; } else v) content
else if (builtins.typeOf content) == "set" then builtins.listToAttrs (builtins.map
(v: if currentPath v then replace { path = nextPath; inherit value; content = v; } else v)
(attrsToList content))
else throw "content should be a list or a set.";
in
if (builtins.typeOf pattern) != "list" then throw "pattern should be a list"
else if pattern == [] then origin
else deepReplace (builtins.tail pattern) (replace ((builtins.head pattern) // { content = origin; }));
}

34
flake/nixos.nix
View File

@@ -1,34 +0,0 @@
{ inputs, localLib }:
let
singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" "test" "test-pc" "test-pc-vm" ];
cluster = { srv1 = 3; srv2 = 2; };
deviceModules = builtins.listToAttrs
(
(builtins.map
(n: { name = n; value = [ { config.nixos.model.hostname = n; } ../modules ../devices/${n} ../devices/cross ]; })
singles)
++ (builtins.concatLists (builtins.map
(cluster: builtins.map
(node:
{
name = "${cluster.name}-${node}";
value =
[
{ config.nixos.model.cluster = { clusterName = cluster.name; nodeName = node; }; }
../modules
../devices/${cluster.name}
../devices/${cluster.name}/${node}
../devices/cross
];
})
(builtins.genList (n: "node${builtins.toString n}") cluster.value))
(localLib.attrsToList cluster)))
);
in builtins.mapAttrs
(_: v: inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules v;
})
deviceModules

50
flake/packages.nix
View File

@@ -1,50 +0,0 @@
{ inputs, localLib }: rec
{
pkgs = (import inputs.nixpkgs
{
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [ inputs.self.overlays.default ];
});
hpcstat =
let
openssh = (pkgs.pkgsStatic.openssh.override { withLdns = false; etcDir = null; }).overrideAttrs
(prev: { doCheck = false; patches = prev.patches ++ [ ../packages/hpcstat/openssh.patch ];});
duc = pkgs.pkgsStatic.duc.override { enableCairo = false; cairo = null; pango = null; };
glaze = pkgs.pkgsStatic.glaze.overrideAttrs
(prev: { cmakeFlags = prev.cmakeFlags ++ [ "-Dglaze_ENABLE_FUZZING=OFF" ]; });
# pkgsStatic.clangStdenv have a bug
# https://github.com/NixOS/nixpkgs/issues/177129
biu = pkgs.pkgsStatic.localPackages.biu.override { stdenv = pkgs.pkgsStatic.gcc14Stdenv; inherit glaze; };
in pkgs.pkgsStatic.localPackages.hpcstat.override
{
inherit openssh duc biu;
standalone = true;
version = inputs.self.rev or "dirty";
stdenv = pkgs.pkgsStatic.gcc14Stdenv;
};
inherit (pkgs.localPackages) blog;
inherit (pkgs.localPackages.pkgsStatic) chn-bsub;
vaspberry = pkgs.pkgsStatic.localPackages.vaspberry.override
{
gfortran = pkgs.pkgsStatic.gfortran;
lapack = pkgs.pkgsStatic.openblas;
};
jykang = import ../devices/jykang.xmuhpc inputs;
src =
let getDrv = x:
if pkgs.lib.isDerivation x then [ x ]
else if builtins.isAttrs x then builtins.concatMap getDrv (builtins.attrValues x)
else if builtins.isList x then builtins.concatMap getDrv x
else [];
in pkgs.writeClosure (getDrv (inputs.self.outputs.src));
dns-push = pkgs.callPackage ./dns
{
inherit localLib;
tokenPath = inputs.self.nixosConfigurations.pc.config.sops.secrets."acme/token".path;
octodns = pkgs.octodns.withProviders (_: with pkgs.octodns-providers; [ cloudflare ]);
};
}
// (builtins.listToAttrs (builtins.map
(system: { inherit (system) name; value = system.value.config.system.build.toplevel; })
(localLib.attrsToList inputs.self.outputs.nixosConfigurations)))

137
flake/src.nix
View File

@@ -1,137 +0,0 @@
{ inputs }: let inherit (inputs.self.packages.x86_64-linux) pkgs; in
{
nvhpc =
{
src = pkgs.fetchurl
{
url = "https://developer.download.nvidia.com/hpc-sdk/25.3/nvhpc_2025_253_Linux_x86_64_cuda_12.8.tar.gz";
sha256 = "11gxb099yxrsxg9i6vydi7znxqiwqqkhgmg90s74qwpjyriqpbsp";
};
mpi = pkgs.requireFile
{
name = "openmpi-gitclone.tar.gz";
# download from https://content.mellanox.com/hpc/hpc-x/v2.23/hpcx-v2.23-gcc-doca_ofed-ubuntu24.04-cuda12-x86_64.tbz
# nix-prefetch-url file://$(pwd)/openmpi-gitclone.tar.gz
sha256 = "1lx5gld4ay9p327hdlqsi72911cfm6s5v3yabjlmwr7sb27y8151";
message = "Source file not found.";
};
version = "25.3";
cudaVersion = "12.8";
};
iso =
{
nixos = pkgs.fetchurl
{
url = "https://releases.nixos.org/nixos/24.11/nixos-24.11.714826.04ef94c4c158/"
+ "nixos-minimal-24.11.714826.04ef94c4c158-x86_64-linux.iso";
sha256 = "12zkmlmvvp6g3syb347q4ffhdavfs3hz2qxvvlgrim6k0kzz436k";
};
netboot = pkgs.fetchurl
{
url = "https://boot.netboot.xyz/ipxe/netboot.xyz.iso";
sha256 = "01hlslbi2i3jkzjwn24drhd2lriaqiwr9hb83r0nib9y1jvr3k5p";
};
};
vasp =
{
vasp = pkgs.requireFile
{
name = "vasp.6.4.3.tgz";
# nix-prefetch-url file://$(pwd)/vasp.6.4.3.tgz
sha256 = "1x14dixils77rr4c6yqmxkvyzgfz6906badsw2shksd3y9ryfc7y";
message = "Source file not found.";
};
vtst =
{
patch = pkgs.fetchzip
{
url = "http://theory.cm.utexas.edu/code/vtstcode-204.tgz";
sha256 = "00qpqiabl568fwqjnmwqwr0jwg7s56xd9lv9lw8q4qxqy19cpg62";
};
script = pkgs.fetchzip
{
url = "http://theory.cm.utexas.edu/code/vtstscripts.tgz";
sha256 = "0wz9sw72w5gydvavm6sbcfssvvdiw8gh8hs0d0p0b23839dw4w6j";
};
};
};
huginn = pkgs.dockerTools.pullImage
{
imageName = "ghcr.io/huginn/huginn";
imageDigest = "sha256:68e2c7082cd51d417e5ce76fe123810e9d52f4ab2018569df5b74b913ed3bc64";
sha256 = "0jpdysdphy1lyj6zwx2b1kbgs6bfnpkkx85mf1b9ybh3is6gaz6s";
finalImageName = "ghcr.io/huginn/huginn";
finalImageTag = "latest";
};
misskey = {};
vesta =
{
version = "3.90.5a";
src = pkgs.fetchurl
{
url = "https://jp-minerals.org/vesta/archives/testing/VESTA-gtk3-x86_64.tar.bz2";
sha256 = "0y277m2xvjyzx8hncc3ka73lir8x6x2xckjac9fdzg03z0jnpqzf";
};
desktopFile = pkgs.fetchurl
{
url = "https://aur.archlinux.org/cgit/aur.git/plain/VESTA.desktop?h=vesta&id=4fae08afc37ee0fd88d14328cf0d6b308fea04d1";
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
};
};
# nix-store --query --hash $(nix store add-path . --name 'mirism')
mirism-old = pkgs.requireFile
{
name = "mirism";
sha256 = "0f50pvdafhlmrlbf341mkp9q50v4ld5pbx92d2w1633f18zghbzf";
hashMode = "recursive";
message = "Source file not found.";
};
pslist =
{
version = "1.4.0";
src = pkgs.fetchzip
{
url = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/pslist/1.4.0-6/pslist_1.4.0.orig.tar.xz";
sha256 = "1sp1h7ccniz658ms331npffpa9iz8llig43d9mlysll420nb3xqv";
};
};
vaspkit = rec
{
version = "1.5.1";
potcar = pkgs.requireFile
{
name = "POTCAR";
sha256 = "01adpp9amf27dd39m8svip3n6ax822vsyhdi6jn5agj13lis0ln3";
hashMode = "recursive";
message = "POTCAR not found.";
};
vaspkit = pkgs.fetchurl
{
url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.${version}.linux.x64.tar.gz";
sha256 = "1cbj1mv7vx18icwlk9d2vfavsfd653943xg2ywzd8b7pb43xrfs1";
};
};
mathematica = pkgs.mathematica.src;
oneapi =
{
src = pkgs.fetchurl
{
url = "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/2cf9c083-82b5-4a8f-a515-c599b09dcefc/"
+ "intel-oneapi-hpc-toolkit-2025.1.1.40_offline.sh";
sha256 = "1qjy9dsnskwqsk66fm99b3cch1wp3rl9dx7y884p3x5kwiqdma2x";
};
version = "2025.1";
fullVersion = "2025.1.1.40";
components =
[
"intel.oneapi.lin.dpcpp-cpp-common,v=2025.1.1+10"
"intel.oneapi.lin.dpcpp-cpp-common.runtime,v=2025.1.1+10"
"intel.oneapi.lin.ifort-compiler,v=2025.1.1+10"
"intel.oneapi.lin.compilers-common.runtime,v=2025.1.1+10"
"intel.oneapi.lin.mpi.runtime,v=2021.15.0+493"
"intel.oneapi.lin.umf,v=0.10.0+355"
"intel.oneapi.lin.tbb.runtime,v=2022.1.0+425"
"intel.oneapi.lin.compilers-common,v=2025.1.1+10"
];
};
}

35
local/lib/default.nix Normal file
View File

@@ -0,0 +1,35 @@
lib:
{
attrsToList = Attrs: builtins.map ( name: { inherit name; value = Attrs.${name}; } ) ( builtins.attrNames Attrs );
mkConditional = condition: trueResult: falseResult: let inherit (lib) mkMerge mkIf; in
mkMerge [ ( mkIf condition trueResult ) ( mkIf (!condition) falseResult ) ];
# Behaviors of these two NixOS modules would be different:
# { pkgs, ... }@inputs: { environment.systemPackages = [ pkgs.hello ]; }
# inputs: { environment.systemPackages = [ pkgs.hello ]; }
# The second one would failed to evaluate because nixpkgs would not pass pkgs to it.
# So that we wrote a wrapper to make it always works like the first one.
mkModules = moduleList:
(builtins.map
(
let handle = module:
if ( builtins.typeOf module ) == "path" then (handle (import module))
else if ( builtins.typeOf module ) == "lambda" then ({ pkgs, utils, ... }@inputs: (module inputs))
else module;
in handle
)
moduleList);
# from: https://github.com/NixOS/nix/issues/3759
stripeTabs = text:
let
# Whether all lines start with a tab (or is empty)
shouldStripTab = lines: builtins.all (line: (line == "") || (lib.strings.hasPrefix " " line)) lines;
# Strip a leading tab from all lines
stripTab = lines: builtins.map (line: lib.strings.removePrefix " " line) lines;
# Strip tabs recursively until there are none
stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines;
in
# Split into lines. Strip leading tabs. Concat back to string.
builtins.concatStringsSep "\n" (stripTabs (lib.strings.splitString "\n" text));
}

29
local/pkgs/12to11/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
lib, stdenv, fetchsvn, xorg, libdrm
}:
stdenv.mkDerivation rec
{
pname = "12to11";
version = "193";
src = fetchsvn
{
url = "svn://svn.code.sf.net/p/twelveto11/code";
rev = version;
sha256 = "12csy55f2xxj03c5b60dvip68mz8cggic6751y3hvj22ar4ncaaj";
};
postPatch =
''
for i in *.c
do
sed -i -e "s|#include <drm_fourcc.h>|#include <libdrm/drm_fourcc.h>|" $i
done
for i in tests/*.c
do
sed -i -e "s|#include <drm/drm_fourcc.h>|#include <libdrm/drm_fourcc.h>|" $i
done
'';
nativeBuildInputs = [ ];
buildInputs = [ xorg.imake libdrm.dev ];
}

28
local/pkgs/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ lib, pkgs }: with pkgs;
{
typora = callPackage ./typora {};
upho = python3Packages.callPackage ./upho {};
spectral = python3Packages.callPackage ./spectral {};
vesta = callPackage ./vesta {};
oneapi = callPackage ./oneapi {};
send = callPackage ./send {};
rsshub = callPackage ./rsshub {};
misskey = callPackage ./misskey {};
mk-meili-mgn = callPackage ./mk-meili-mgn {};
phonon-unfolding = callPackage ./phonon-unfolding {};
# vasp = callPackage ./vasp
# {
# stdenv = pkgs.lmix-pkgs.intel21Stdenv;
# intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
# ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
# };
vasp = callPackage ./vasp
{
openmp = llvmPackages.openmp;
openmpi = pkgs.openmpi.override { cudaSupport = false; };
};
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
# "12to11" = callPackage ./12to11 {};
huginn = callPackage ./huginn {};
v_sim = callPackage ./v_sim {};
}

29
local/pkgs/huginn/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, stdenv, bundlerEnv, fetchFromGitHub }:
let
pname = "huginn";
version = "20230723";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "huginn";
rev = "a02977ad420a01b6460634af19f714db4a8f8f36";
hash = "sha256-Ty2EDCIjbvcf3PzPupcV4s7ZfAFTuYEjSfy0m+Yt3j4=";
};
gems = bundlerEnv
{
name = "${pname}-${version}-gems";
gemdir = "${src}";
gemfile = "${src}/Gemfile";
lockfile = "${src}/Gemfile.lock";
gemset = "${src}/gemset.nix";
copyGemFiles = true;
};
in stdenv.mkDerivation
{
inherit pname version src;
buildInputs = [ gems gems.wrappedRuby ];
installPhase =
''
false
'';
}

70
local/pkgs/misskey/default.nix Normal file
View File

@@ -0,0 +1,70 @@
{
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs_20, writeShellScript, buildFHSEnv,
bash, cypress, vips, pkg-config
}:
let
pname = "misskey";
version = "13.14.2";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "misskey";
rev = "e02ecb3819f6f05352d43b64ae59fa1bd683e2e0";
hash = "sha256-zsYM67LYUn+bI6kbdW9blftxw5TUxCdzlfaOOEgZz+Q=";
fetchSubmodules = true;
};
originalPnpmPackage = mkPnpmPackage
{
inherit pname version src;
nodejs = nodejs_20;
copyPnpmStore = true;
};
startScript = writeShellScript "misskey"
''
export PATH=${lib.makeBinPath [ bash nodejs_20 nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress ]}:$PATH
export CYPRESS_RUN_BINARY="${cypress}/bin/Cypress"
export NODE_ENV=production
pnpm run migrateandstart
'';
in
stdenv.mkDerivation
{
inherit version src pname;
nativeBuildInputs =
[ bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config ];
CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
NODE_ENV = "production";
configurePhase =
''
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
export npm_config_nodedir=${nodejs_20}
runHook preConfigure
store=$(pnpm store path)
mkdir -p $(dirname $store)
cp -f ${originalPnpmPackage.passthru.patchedLockfileYaml} pnpm-lock.yaml
cp -RL ${originalPnpmPackage.passthru.pnpmStore} $store
chmod -R +w $store
pnpm install --frozen-lockfile --offline
runHook postConfigure
'';
buildPhase =
''
runHook preBuild
pnpm run build
runHook postBuild
'';
installPhase =
''
runHook preInstall
mkdir -p $out
mv * .* $out
mkdir -p $out/bin
cp ${startScript} $out/bin/misskey
mkdir -p $out/files
runHook postInstall
'';
}

16
local/pkgs/mk-meili-mgn/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ lib, fetchFromGitHub, rustPlatform, pkg-config, openssl }:
rustPlatform.buildRustPackage rec
{
pname = "mk-meili-mgn";
version = "20230827";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "mk-meili-mgn";
rev = "53e282c992293ec735c9bc964f097b5bdbc3e48a";
hash = "sha256-KBSoEGfWKDXZHSzSzak1v0nxtQQGI15DQTyNAPhsIB4=";
};
cargoHash = "sha256-wNdMPPl2H2iSrNYjoij0Qg/c2S5RjTHpOMV1RfHU27g=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl ];
}

28
local/pkgs/phonon-unfolding/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
stdenv, fetchFromGitHub, gfortran, blas
}:
stdenv.mkDerivation
{
pname = "phonon-unfolding";
version = "0";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "phonon_unfolding";
rev = "ec363ef2bad0ee18a0839a1681ea9915c0b72e1d";
hash = "sha256-zDTbtYk5OXf//6eS4gEF7IvrpWcRAz18ue48IDZnfSk=";
};
buildInputs = [ blas ];
nativeBuildInputs = [ gfortran ];
buildPhase =
''
gfortran PhononUnfoldingModule.f90 -o PhononUnfoldingModule.mod -c
gfortran PhononUnfolding.f90 -c -o PhononUnfolding.mod
gfortran PhononUnfolding.mod PhononUnfoldingModule.mod -o PhononUnfolding -lblas
'';
installPhase =
''
mkdir -p $out/bin
cp PhononUnfolding $out/bin
'';
}

58
local/pkgs/rsshub/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs, writeShellScript,
chromium, bash
}:
let
pname = "rsshub";
version = "20230829";
src = fetchFromGitHub
{
owner = "DIYgod";
repo = "RSSHub";
rev = "afcf9774260dc6505263cf0428970e890f2f7b1d";
hash = "sha256-BQFE0Z5DsFTf0tylQ0NN89hCdXT/Y2M+YPa/10ccOVg=";
};
originalPnpmPackage = mkPnpmPackage { inherit pname version src nodejs; };
nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };
rsshub-unwrapped = stdenv.mkDerivation
{
inherit version src;
pname = "${pname}-unwrapped";
configurePhase =
''
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
export npm_config_nodedir=${nodejs}
runHook preConfigure
ln -s ${nodeModules}/. node_modules
runHook postConfigure
'';
installPhase =
''
runHook preInstall
mkdir -p $out
mv * .* $out
runHook postInstall
'';
};
startScript = writeShellScript "rsshub"
''
cd ${rsshub-unwrapped}
export PATH=${lib.makeBinPath [ bash nodejs nodejs.pkgs.pnpm chromium ]}:$PATH
export CHROMIUM_EXECUTABLE_PATH=chromium
pnpm start
'';
in stdenv.mkDerivation rec
{
inherit pname version;
phases = [ "installPhase" ];
installPhase =
''
runHook preInstall
mkdir -p $out/bin
cp ${startScript} $out/bin/rsshub
runHook postInstall
'';
}

15
local/pkgs/send/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ buildNpmPackage, fetchFromGitHub, nodejs-16_x }:
buildNpmPackage.override { nodejs = nodejs-16_x; }
{
pname = "send";
version = "3.4.23";
src = fetchFromGitHub
{
owner = "timvisee";
repo = "send";
rev = "6ad2885a168148fb996d3983457bc39527c7c8e5";
hash = "sha256-/w9KhktDVSAmp6EVIRHFM63mppsIzYSm5F7CQQd/2+E=";
};
npmDepsHash = "sha256-r1iaurKuhpP0sevB5pFdtv9j1ikM1fKL7Jgakh4FzTI=";
makeCacheWritable = true;
}

15
local/pkgs/spectral/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{
lib, fetchPypi, buildPythonPackage,
numpy, pillow, wxPython_4_2, matplotlib, ipython, pyopengl
}: buildPythonPackage rec
{
pname = "spectral";
version = "0.23.1";
src = fetchPypi
{
inherit pname version;
sha256 = "sha256-4YIic1Je81g7J6lmIm1Vr+CefSmnI2z82LwN+x+Wj8I=";
};
doCheck = false;
propagatedBuildInputs = [ numpy pillow wxPython_4_2 matplotlib ipython pyopengl ];
}

42
local/pkgs/typora/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{ lib, stdenv, steam-run, fetchurl, writeShellScript }:
let
typora-dist = stdenv.mkDerivation rec
{
pname = "typora-dist";
version = "1.6.6";
src = fetchurl
{
url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
sha256 = "sha256-77mCgmsROLhfuOmOOyl2C5Ug2NfqEvcD+kMA3aiAQtA=";
};
dontFixup = true;
unpackPhase =
''
ar x ${src}
tar xf data.tar.xz
'';
installPhase =
''
mkdir -p $out
mv usr/share $out
'';
};
in stdenv.mkDerivation rec
{
pname = "typora";
inherit (typora-dist) version;
BuildInputs = [ typora-dist steam-run ];
startScript = writeShellScript "typora" "${steam-run}/bin/steam-run ${typora-dist}/share/typora/Typora $@";
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/bin $out/share/applications
ln -s ${startScript} $out/bin/typora
cp ${typora-dist}/share/applications/typora.desktop $out/share/applications
sed -i "s|Exec=.*|Exec=${startScript} %U|g" $out/share/applications/typora.desktop
sed -i "s|Icon=.*|Icon=${typora-dist}/share/icons/hicolor/256x256/apps/typora.png|g" \
$out/share/applications/typora.desktop
'';
}

14
local/pkgs/upho/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ lib, fetchFromGitHub, buildPythonPackage, numpy, h5py, phonopy }: buildPythonPackage rec
{
pname = "upho";
version = "0.6.6";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "upho";
rev = "0f27ac6918e8972c70692816438e4ac37ec6b348";
sha256 = "sha256-NvoV+AUH9MmGT4ohrLAAvpLs8APP2DOKYlZVliHrVRM=";
};
doCheck = false;
propagatedBuildInputs = [ numpy h5py phonopy ];
}

28
local/pkgs/v_sim/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
stdenv, lib, fetchFromGitLab,
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
glib, gtk3, epoxy, libyaml
}:
stdenv.mkDerivation
{
pname = "v_sim";
version = "3.8.0_p20230824";
src = fetchFromGitLab
{
owner = "l_sim";
repo = "v_sim";
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
};
buildInputs = [ glib gtk3 epoxy libyaml ];
nativeBuildInputs =
[
autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
gtk-doc gfortran libxslt.bin
];
enableParallelBuilding = true;
postPatch =
''
./autogen.sh
'';
}

77
local/pkgs/vasp/default.nix Normal file
View File

@@ -0,0 +1,77 @@
# {
# stdenv, requireFile, config, rsync, intel-mpi, ifort,
# mkl
# }:
# stdenv.mkDerivation rec
# {
# pname = "vasp";
# version = "6.4.0";
# # nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
# src = requireFile
# {
# name = "${pname}-${version}";
# sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
# hashMode = "recursive";
# message = "Source file not found.";
# };
# VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
# MKLROOT = mkl;
# makeFlags = "DEPS=1";
# enableParallelBuilding = true;
# buildInputs = [ mkl intel-mpi ifort ];
# nativeBuildInputs = [ rsync ];
# configurePhase =
# ''
# cp arch/makefile.include.intel makefile.include
# echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
# echo "OBJECTS_LIB += getshmem.o" >> makefile.include
# mkdir -p bin
# '';
# installPhase =
# ''
# mkdir -p $out/bin
# for i in std gam ncl; do
# cp bin/vasp_$i $out/bin/vasp-cpu-${version}-$i
# done
# '';
# doStrip = false;
# doFixup = false;
# }
{
stdenvNoCC, requireFile, rsync, blas, scalapack, openmpi, openmp, gfortran, gcc, fftwMpi
}:
stdenvNoCC.mkDerivation rec
{
pname = "vasp";
version = "6.4.0";
# nix-store --query --hash $(nix store add-path ./vasp-6.4.0)
src = requireFile
{
name = "${pname}-${version}";
sha256 = "189i1l5q33ynmps93p2mwqf5fx7p4l50sls1krqlv8ls14s3m71f";
hashMode = "recursive";
message = "Source file not found.";
};
# VASP_TARGET_CPU = if config ? oneapiArch then "-x${config.oneapiArch}" else "";
# MKLROOT = mkl;
makeFlags = "DEPS=1";
enableParallelBuilding = true;
buildInputs = [ blas scalapack openmpi openmp gfortran gfortran.cc gcc fftwMpi.dev fftwMpi ];
nativeBuildInputs = [ rsync ];
FFTW_ROOT = fftwMpi.dev;
configurePhase =
''
cp ${./makefile.include/${version}-gnu} makefile.include
chmod +w makefile.include
echo "CPP_OPTIONS += -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj" >> makefile.include
echo "OBJECTS_LIB += getshmem.o" >> makefile.include
mkdir -p bin
'';
installPhase =
''
mkdir -p $out/bin
for i in std gam ncl; do
cp bin/vasp_$i $out/bin/vasp-gnu-${version}-$i
done
'';
}

31
packages/vasp/gnu/makefile.include → local/pkgs/vasp/makefile.include/6.4.0-gnu
View File

@@ -8,7 +8,7 @@ CPP_OPTIONS = -DHOST=\"LinuxGNU\" \
-Duse_bse_te \
-Dtbdyn \
-Dfock_dblbuf \
-D_OPENMP -Duse_shmem -Dshmem_bcast_buffer -Dshmem_rproj
-D_OPENMP
CPP = gcc -E -C -w $*$(FUFFIX) >$*$(SUFFIX) $(CPP_OPTIONS)
@@ -19,7 +19,7 @@ FREE = -ffree-form -ffree-line-length-none
FFLAGS = -w -ffpe-summary=none
OFLAG = -O2
OFLAG = -O3
OFLAG_IN = $(OFLAG)
DEBUG = -O0
@@ -35,7 +35,7 @@ CFLAGS_LIB = -O
FFLAGS_LIB = -O1
FREE_LIB = $(FREE)
OBJECTS_LIB = linpack_double.o getshmem.o
OBJECTS_LIB = linpack_double.o
# For the parser library
CXX_PARS = g++
@@ -49,35 +49,46 @@ LLIBS = -lstdc++
# When compiling on the target machine itself, change this to the
# relevant target when cross-compiling for another architecture
# VASP_TARGET_CPU ?= -march=native
# FFLAGS += $(VASP_TARGET_CPU)
# For gcc-10 and higher (comment out for older versions)
FFLAGS += -fallow-argument-mismatch
# BLAS and LAPACK (mandatory)
# OPENBLAS_ROOT ?= /path/to/your/openblas/installation
# BLASPACK = -L$(OPENBLAS_ROOT)/lib -lopenblas
BLASPACK = -lblas
# scaLAPACK (mandatory)
# SCALAPACK_ROOT ?= /path/to/your/scalapack/installation
# SCALAPACK = -L$(SCALAPACK_ROOT)/lib -lscalapack
SCALAPACK = -lscalapack
LLIBS += $(SCALAPACK) $(BLASPACK)
# FFTW (mandatory)
LLIBS += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
# FFTW_ROOT ?= /path/to/your/fftw/installation
# LLIBS += -L$(FFTW_ROOT)/lib -lfftw3 -lfftw3_omp
LLIBS += -lfftw3 -lfftw3_omp
INCS += -I$(FFTW_ROOT)/include
# HDF5-support (optional but strongly recommended)
CPP_OPTIONS+= -DVASP_HDF5
LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
INCS += -I$(HDF5_ROOT)/include
#CPP_OPTIONS+= -DVASP_HDF5
#HDF5_ROOT ?= /path/to/your/hdf5/installation
#LLIBS += -L$(HDF5_ROOT)/lib -lhdf5_fortran
#INCS += -I$(HDF5_ROOT)/include
# For the VASP-2-Wannier90 interface (optional)
CPP_OPTIONS += -DVASP2WANNIER90
LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
#CPP_OPTIONS += -DVASP2WANNIER90
#WANNIER90_ROOT ?= /path/to/your/wannier90/installation
#LLIBS += -L$(WANNIER90_ROOT)/lib -lwannier
# For the fftlib library (recommended)
CPP_OPTIONS+= -Dsysv
FCL += fftlib.o
CXX_FFTLIB = g++ -fopenmp -std=c++11 -DFFTLIB_THREADSAFE
INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
# INCS_FFTLIB = -I./include -I$(FFTW_ROOT)/include
INCS_FFTLIB = -I./include
LIBS += fftlib
LLIBS += -ldl

19
packages/vaspkit.nix → local/pkgs/vaspkit/default.nix
View File

@@ -1,11 +1,22 @@
{ stdenv, src, autoPatchelfHook, makeWrapper, python3, attrsToList, gnused }:
{ stdenv, fetchurl, requireFile, autoPatchelfHook, makeWrapper, python3, attrsToList, gnused }:
let
potcar = requireFile
{
name = "POTCAR";
sha256 = "01adpp9amf27dd39m8svip3n6ax822vsyhdi6jn5agj13lis0ln3";
hashMode = "recursive";
message = "POTCAR not found.";
};
unwrapped = stdenv.mkDerivation
{
pname = "vaspkit-unwrapped";
inherit (src) version;
src = src.vaspkit;
version = "1.4.1";
buildInputs = [ autoPatchelfHook stdenv.cc.cc ];
src = fetchurl
{
url = "mirror://sourceforge/vaspkit/Binaries/vaspkit.1.4.1.linux.x64.tar.gz";
sha256 = "0i5m7nbvqk7hzxisyydjvs2l8lnvj9vsxa170783kv9zmp51lnvs";
};
installPhase =
''
runHook preInstall
@@ -15,7 +26,7 @@ let
'';
};
python = python3.withPackages (pythonPackages: with pythonPackages; [ numpy scipy matplotlib ]);
envirmentVariables = let inherit (src) potcar; in
envirmentVariables =
{
LDA_PATH = "${potcar}/PAW_LDA";
PBE_PATH = "${potcar}/PAW_PBE";

Some files were not shown because too many files have changed in this diff Show More