chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 13:19:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:steamdeck
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:rocm
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

266 Commits
steamdeck ... rocm

Author SHA1 Message Date
chn
9bbf8aba8b Merge branch 'edge' into rocm 2025-10-01 10:06:10 +08:00
chn
e8e30ce861 devices.pc: switch to xray vps4 2025-10-01 10:01:46 +08:00
chn
05ab5100eb modules.system.kernel: add btusb patch 2025-10-01 10:01:46 +08:00
chn
a75a676f71 flake: update misskey 2025-10-01 10:00:57 +08:00
chn
fb7520baba modules.system.fileSystems.rollingRootfs: remove nodatacow 2025-09-29 20:59:34 +08:00
chn
a845980427 modules.system.fileSystems.rollingRootfs: disable compress-force 2025-09-29 20:59:00 +08:00
chn
e73b15ab8d modules.system.fileSystems.rollingRootfs: do not wait on btrfs module, since it may be built-in 2025-09-29 20:58:02 +08:00
chn
e191c286df Reapply "devices.pc: enable rocm support" 
This reverts commit 7dba94af81.
 2025-09-29 17:54:55 +08:00
chn
7dba94af81 Revert "devices.pc: enable rocm support" 
This reverts commit db977df437.
 2025-09-29 17:20:22 +08:00
chn
c233fde9f2 Reapply "devices.pc: switch to cachyos kernel" 
This reverts commit d40f1fbcab.
 2025-09-29 17:17:50 +08:00
chn
db977df437 devices.pc: enable rocm support 2025-09-29 15:03:34 +08:00
chn
592bbb4816 modules.hardware.gpu: remove nvidia prime offload 2025-09-29 15:02:21 +08:00
chn
e725287577 devices.pc: cleanup 2025-09-29 14:58:23 +08:00
chn
9e78540bda devices.pc: add icelake-server support 2025-09-29 09:13:21 +08:00
chn
fb4fcfd780 src: fix netboot 2025-09-27 15:49:18 +08:00
chn
14aab3cdcf modules.packages.git: fix 2025-09-27 11:05:51 +08:00
chn
9348c13940 lib.buildNixpkgsConfig: fix sphinx build 2025-09-27 00:28:49 +08:00
chn
d40f1fbcab Revert "devices.pc: switch to cachyos kernel" 
This reverts commit 2226ffc2a4.
 2025-09-26 23:37:27 +08:00
chn
7674dae93f modules.system.kernel: fix cachyos 2025-09-26 19:54:46 +08:00
chn
2226ffc2a4 devices.pc: switch to cachyos kernel 2025-09-26 19:07:39 +08:00
chn
2c772df044 devices.jykang: remove unused packages 2025-09-26 17:22:28 +08:00
chn
cb5f34b8b9 devices.jykang.xmuhpc: add python-lyj 2025-09-26 17:21:17 +08:00
chn
212b27fb9a packages.pybinding: init 2025-09-26 17:18:06 +08:00
chn
d84c5daee3 lib.buildNixpkgsConfig: fix chrome and chromium 2025-09-26 14:59:33 +08:00
chn
f57dfcabeb module.system.gui: fix gtk2 config 2025-09-26 01:11:53 +08:00
chn
4c3b1a2952 Revert "module.system.gui: niri use gnome keyring" 
This reverts commit 9b5bd4ed07.
 2025-09-25 18:42:09 +08:00
chn
9b5bd4ed07 module.system.gui: niri use gnome keyring 2025-09-25 16:55:51 +08:00
chn
030720e4ef modules.system.gui: fix kwallet under niri 2025-09-25 16:45:43 +08:00
chn
a0dac3e24b Reapply "module.system.gui: use kwallet in niri" 
This reverts commit e28519b2f4.
 2025-09-25 15:47:40 +08:00
chn
e28519b2f4 Revert "module.system.gui: use kwallet in niri" 
This reverts commit 5ecf68637f.
 2025-09-25 15:36:03 +08:00
chn
8c382b860f modules.packages: enable kde-pim and kdeconnect unconditionally 2025-09-25 15:25:56 +08:00
chn
5ecf68637f module.system.gui: use kwallet in niri 2025-09-25 15:24:12 +08:00
chn
c4783d9cc6 fix home-manager gtk2 config file 2025-09-25 14:26:33 +08:00
chn
43dee44546 resolve all warnings 2025-09-25 14:22:26 +08:00
chn
3f88573b66 modules.services.postgresql: fix 2025-09-25 14:16:16 +08:00
chn
05c789d6b0 modules.system.fileSystems.cluster: fix 2025-09-25 14:03:58 +08:00
chn
9919d8bf0b fix niri build failed 2025-09-25 13:40:02 +08:00
chn
9899f0bb07 Merge branch 'unstable' into edge 2025-09-25 13:26:18 +08:00
chn
f227e862f5 Reapply "devices.pc: enable niri specialisation" 
This reverts commit 47d35f67e9.
 2025-09-25 13:26:01 +08:00
chn
484867f79a Reapply "modules.system.gui: enable dankMaterialShell when using niri" 
This reverts commit 169d819b0e.
 2025-09-25 13:25:54 +08:00
chn
3143b2f3a4 lib.buildNixpkgsConfig: fix embree build 2025-09-25 12:03:35 +08:00
chn
69e9bb5fbc lib.buildNixpkgsConfig: fix libreoffice build 2025-09-25 11:55:29 +08:00
chn
2f6d5e543e lib.buildNixpkgsConfig: fix opencolorio build 2025-09-25 09:48:44 +08:00
chn
d793ffa583 modules.packages.root: fix logo path 2025-09-25 09:46:39 +08:00
chn
a3859ea5d5 lib.buildNixpkgsConfig: fix libreoffice build 2025-09-25 09:44:49 +08:00
chn
2307a326e3 packages.lumerical: fix 2025-09-25 08:55:24 +08:00
chn
6ef6d01185 lib.buildNixpkgsConfig: fix xen build 2025-09-25 08:30:18 +08:00
chn
60ad069b43 lib.buildNixpkgsConfig: fix wannier90 build 2025-09-24 19:42:44 +08:00
chn
a9d5f8e8a5 lib.buildNixpkgsConfig: fix redis build 2025-09-24 19:41:14 +08:00
chn
cc92fdf9c4 modules.packages.git: add config 2025-09-24 14:56:11 +08:00
chn
169d819b0e Revert "modules.system.gui: enable dankMaterialShell when using niri" 
This reverts commit 601573b79d.
 2025-09-24 14:55:18 +08:00
chn
79e5db1596 Revert "lib.buildNixpkgsConfig: fix plog" 
This reverts commit 04ad036ee2.
 2025-09-24 04:49:32 +08:00
chn
47d35f67e9 Revert "devices.pc: enable niri specialisation" 
This reverts commit f645276a30.
 2025-09-23 21:42:15 +08:00
chn
601573b79d modules.system.gui: enable dankMaterialShell when using niri 2025-09-23 21:40:27 +08:00
chn
f645276a30 devices.pc: enable niri specialisation 2025-09-23 21:22:37 +08:00
chn
0e6d185c22 devices.pc: enable waydroid 2025-09-23 21:21:27 +08:00
chn
c85180c5dd lib.buildNixpkgsConfig: fix simde build 2025-09-23 16:00:08 +08:00
chn
f18fc0a1a0 lib.buildNixpkgsConfig: fix rapidjson build 2025-09-23 13:47:12 +08:00
chn
5975bbbfaa lib.buildNixpkgsConfig: fix picosvg build 2025-09-23 12:31:49 +08:00
chn
04ad036ee2 lib.buildNixpkgsConfig: fix plog 2025-09-23 10:45:18 +08:00
chn
bdf91e6454 lib.buildNixpkgsConfig: fix lib2geom build 2025-09-23 07:53:11 +08:00
chn
9c755b1fd3 lib.buildNixpkgsConfig: fix gsl build 2025-09-23 07:41:39 +08:00
chn
f9335cef57 modules.packages.desktop: add subtitleeditor 2025-09-22 13:20:28 +08:00
chn
2b6f07125c Merge branch 'production' into edge 2025-09-22 12:37:26 +08:00
chn
cfd8b12cff modules.services.xray.client: use DoH for China DNS 2025-09-22 12:37:17 +08:00
chn
a7228dc6b0 modules.system.fileSystems: fix home-manager bind mounts 2025-09-22 10:30:11 +08:00
chn
0d00c2279d Merge branch 'production' into native-rog 2025-09-22 10:22:42 +08:00
chn
512c2da606 mounts.system.fileSystems.cluster: fix home-manager fail 2025-09-22 10:21:52 +08:00
chn
7c6ba7979d modules.packages.zsh: remove empty .zlogin 2025-09-22 10:13:44 +08:00
chn
f98789267b modules.packages.desktop: remove tensorflow 2025-09-22 10:11:26 +08:00
chn
3c611744b8 lib.buildNixpkgsConfig: fix bscpkgs overlay inclusion 2025-09-22 10:07:15 +08:00
chn
88e06d9441 packages.ufo: fix build 2025-09-22 10:05:26 +08:00
chn
89fe80e627 packages.vesta: fix build 2025-09-22 10:03:22 +08:00
chn
aacb42d692 packages.stickerpicker: fix build 2025-09-22 09:56:13 +08:00
chn
e8ebac3697 fix podman build 2025-09-22 09:53:10 +08:00
chn
7dc5d6839c Merge branch 'production' into edge 2025-09-22 09:31:17 +08:00
chn
ae6d56ebb3 flake.src: fix missing mirism source 2025-09-22 09:30:34 +08:00
chn
705d4ad2e9 lib.buildNixpkgsConfig: fix assimp build 2025-09-22 09:07:21 +08:00
chn
e5043baff0 fix build 2025-09-21 22:23:32 +08:00
chn
ddcd209b51 module.system.gui: fix infinite recursion 2025-09-21 22:22:32 +08:00
chn
1773184e54 switch to unstable 2025-09-21 09:31:34 +08:00
chn
37a853ae59 flake: fix py4vasp 2025-09-21 08:25:14 +08:00
chn
55ad203f3d Merge branch 'native-rog' into edge 2025-09-21 08:20:15 +08:00
chn
4cec4f856a Merge branch 'production' into edge 2025-09-20 20:07:58 +08:00
chn
6e7e78dd02 devices: use vps4 to forward nas services 2025-09-20 20:07:23 +08:00
chn
0b19563969 flake.dns: update 2025-09-20 17:37:29 +08:00
chn
c5273d720b devices.cross.wireguard: rework, connect nas to vps4 2025-09-20 16:45:48 +08:00
chn
939334de39 modules.packages.desktop: move some packages to extra 2025-09-20 09:42:30 +08:00
chn
b6116d7c0c devices.pc: disable rocm support since RDNA3.5 was not supported 2025-09-19 19:29:43 +08:00
chn
e6066a6c12 Revert "devices.pc: switch to xanmod-lts kernel" 
This reverts commit 6d51c1990a.
 2025-09-19 16:30:22 +08:00
chn
3e740a7a72 update nixpkgs 2025-09-18 19:03:38 +08:00
chn
6d51c1990a devices.pc: switch to xanmod-lts kernel 2025-09-18 18:42:22 +08:00
chn
c030b363d4 remove deprecated usage 2025-09-17 21:52:22 +08:00
chn
417764527f flake.lib.buildNixpkgsConfig: fix 2025-09-17 21:48:06 +08:00
chn
ffe232b8a0 devices.pc: fix bluetooth 2025-09-17 15:52:21 +08:00
chn
c41d3aefea devices.pc: fix 2025-09-17 07:18:36 +08:00
chn
1e342dac8b modules.hardware.asus: init 2025-09-17 07:01:32 +08:00
chn
9f9c71d9c7 module.hardware.legion: remove 2025-09-17 06:53:10 +08:00
chn
064d892936 devices.pc: add swap 2025-09-17 06:51:46 +08:00
chn
01ff6d3f62 devices.pc: fix suspend 2025-09-17 06:47:48 +08:00
chn
11675e0f35 devices.pc: add znver4 support 2025-09-17 06:45:45 +08:00
chn
c6d0e9cb39 fix dbus 2025-09-17 06:42:47 +08:00
chn
f6243b3665 Revert "devices.pc: remove cpu optimization, to get a working system asap" 
This reverts commit 72236d82af.
 2025-09-16 23:20:40 +08:00
chn
b57222aa34 Merge branch 'production' into native-rog 2025-09-16 23:20:13 +08:00
chn
252cfb3125 modules.system.kernel: remove unused kernel module 2025-09-16 22:59:01 +08:00
chn
784be518eb modules.packages.desktop: remove some packages to extra 2025-09-16 22:58:04 +08:00
chn
b499d7a5b5 modules.package.desktop: move davinci-resolve to extra 2025-09-16 22:53:55 +08:00
chn
6121531d57 fix phono3py 2025-09-16 22:51:51 +08:00
chn
f2f55084ff update nixpkgs 2025-09-16 22:45:41 +08:00
chn
72236d82af devices.pc: remove cpu optimization, to get a working system asap 2025-09-16 22:04:21 +08:00
chn
c25f9e7f24 packages.xlinli: fix 2025-09-16 21:46:54 +08:00
chn
c602884fd6 update everything 2025-09-16 21:19:38 +08:00
chn
ce30a0be8b Reapply "flake.lib.buildNixpkgsConfig: add rocm support" 
This reverts commit 5eb9eaa199.
 2025-09-16 21:08:45 +08:00
chn
bda92824eb update nixpkgs 2025-09-16 21:01:31 +08:00
chn
3893587b48 devices.pc: use xanmod-latest kernel variant 2025-09-16 21:00:39 +08:00
chn
c0e919adf4 Revert "modules.system.kernel: remove unused module" 
This reverts commit ad9ed28fca.
 2025-09-16 20:54:02 +08:00
chn
1b7f706e51 packages.xinli: finish function 2025-09-16 20:44:19 +08:00
chn
ad9ed28fca modules.system.kernel: remove unused module 2025-09-16 17:51:32 +08:00
chn
6c6a234a26 modules.system.kernel: fix kernel build failed 2025-09-16 17:50:39 +08:00
chn
136583cf51 temp fix 2025-09-16 09:39:55 +08:00
chn
2ffc8c79e4 devices.pc: switch to xanmod-unstable kernel 2025-09-16 09:33:49 +08:00
chn
7cc2d28861 flake.lib.buildNixpkgsConfig: fix march for old nixpkgs 2025-09-16 09:22:07 +08:00
chn
a75179b11c devices.pc: switch to xanmod-latest 2025-09-16 08:52:06 +08:00
chn
2765efb973 devices.pc: switch to xanmod-unstable kernel 2025-09-16 08:50:40 +08:00
chn
fb857db9f4 Revert "devices.pc: switch to cachyos kernel" 
This reverts commit 4705912140.
 2025-09-16 08:49:45 +08:00
chn
5227790451 fix chaotic 2025-09-16 08:49:31 +08:00
chn
4705912140 devices.pc: switch to cachyos kernel 2025-09-16 08:49:31 +08:00
chn
5eb9eaa199 Revert "flake.lib.buildNixpkgsConfig: add rocm support" 
This reverts commit 39461fb577.
 2025-09-16 08:49:31 +08:00
chn
64088c407f modules.system.kernel: add cachyos 2025-09-16 08:49:20 +08:00
chn
28fde40cc4 Revert "flake: remove chaotic" 
This reverts commit b48c1dfe3f.
 2025-09-16 08:36:11 +08:00
chn
39461fb577 flake.lib.buildNixpkgsConfig: add rocm support 2025-09-15 23:14:40 +08:00
chn
921ab1d8df Merge branch 'rog-install' into production 2025-09-15 16:12:58 +08:00
chn
593c01b039 modules.services.gitea: increase git timeout to 8 hours 2025-09-14 20:16:54 +08:00
chn
238934ad36 packages.xinli: init 2025-09-14 15:07:55 +08:00
chn
0f0376a57d devices.pc: clean up, ready to install on rog-x 2025-09-14 10:52:36 +08:00
chn
05a333756d modules.services.gitea: fix cron schedule syntax 2025-09-14 05:09:50 +08:00
chn
b868f94d01 modules.services.gitea: use unstable package 2025-09-14 05:01:41 +08:00
chn
544d600638 flake: update nixpkgs-unstable 2025-09-14 05:00:28 +08:00
chn
608fa7f46e devices.pc: add user xly 2025-09-13 17:36:35 +08:00
chn
c515e4f3c6 modules.services.gitea: add git gc and lfs gc cron jobs 2025-09-12 22:44:43 +08:00
chn
f25ff89cf4 module.services.nginx: fix gitea timeout 2025-09-12 15:22:02 +08:00
chn
553dd25488 modules.services.gitea: fix git-lfs-transfer path 2025-09-12 12:24:28 +08:00
chn
7f86a2ea61 devices.nas: resolve git to localhost 2025-09-12 12:17:16 +08:00
chn
053ac5668e modules.services.gitea: fix lfs 2025-09-12 12:11:15 +08:00
chn
980edd9751 Revert "devices.jykang.xmuhpc: add python-cai" 
This reverts commit 66ef3a1eb9.
 2025-09-12 08:18:22 +08:00
chn
ed9bad8211 flake: update nixos-wallpaper 2025-09-11 20:26:05 +08:00
chn
27ff9dc82e devices.one: remove 2025-09-10 22:22:37 +08:00
chn
66ef3a1eb9 devices.jykang.xmuhpc: add python-cai 2025-09-10 10:30:35 +08:00
chn
bd08ec2f3e devices.pc/srv2: move hpc build 2025-09-10 10:22:03 +08:00
chn
566a917571 devices.cross.ssh: fix nas access 2025-09-10 10:02:17 +08:00
chn
444449207e devices.nas/pc: disable nfs 2025-09-09 15:59:22 +08:00
chn
ebfc90518f modules.packages.vscode: fix 2025-09-08 18:55:56 +08:00
chn
743e422b4f Revert "modules.hardware: add huawei printer support" 
This reverts commit 1e8b796512.
 2025-09-08 16:59:20 +08:00
chn
1e8b796512 modules.hardware: add huawei printer support 2025-09-08 16:57:09 +08:00
chn
2dbf1482e2 modules.packages.vscode: fix 2025-09-07 18:22:54 +08:00
chn
fd7fc7aae2 flake: update vscode and extensions 2025-09-07 17:58:40 +08:00
chn
804ffc9554 devices.nas: remove yumieko 2025-09-07 16:58:52 +08:00
chn
22e1d4f2f2 devices.nas: remove yumieko nixvirt instance 2025-09-07 16:55:00 +08:00
chn
bd95e5c7e5 devices.srv1: remove lumerical install 2025-09-07 13:58:06 +08:00
chn
8dcbc18eb9 devices.vps6: add yumieko vnc port forward 2025-09-07 09:15:50 +08:00
chn
dc7d59fceb devices.nas: mount yumieko nixvirt from ssd 2025-09-07 08:56:24 +08:00
chn
a7f522bce8 devices.vps6: add nas yumieko ssh forward 2025-09-07 08:23:42 +08:00
chn
0228860e5c devices.nas: enable nixvirt 2025-09-07 08:23:37 +08:00
chn
23efd75504 modules.services.nixvirt: allow images from anywhere 2025-09-07 08:19:24 +08:00
chn
9830bb15dc packages.sbatch-tui: fix fdtd license 2025-09-06 19:50:24 +08:00
chn
b211e84d01 modules.services.lumericalLicenseManager: do not create fake interface 2025-09-06 19:36:23 +08:00
chn
4028dc1d56 modules.services.lumericalLicenseManager: fix 2025-09-06 19:31:30 +08:00
chn
fd1a81355c packages.sbatch-tui: fix 2025-09-06 19:12:33 +08:00
chn
b5965e2802 flake: update blog 2025-09-06 18:56:20 +08:00
chn
7a5a86b369 dns: set ssh.git to wg0 2025-09-06 18:51:59 +08:00
chn
654798b1f8 devices.srv2: add xly 2025-09-06 18:39:32 +08:00
chn
011dcfd152 devices.srv2: add lumerical package 2025-09-06 18:36:20 +08:00
chn
8ca519ac2f modules.services.slurm: add fdtd 2025-09-06 18:35:45 +08:00
chn
02a1232cf3 modules.packages.desktop: move lammps and mumax to minimal 2025-09-06 18:05:59 +08:00
chn
f4a0e8385b Revert "modules.packages: split mumax and lammps" 
This reverts commit fcb5071e84.
 2025-09-06 18:04:58 +08:00
chn
fcb5071e84 modules.packages: split mumax and lammps 2025-09-06 18:03:03 +08:00
chn
c2cec0a10d devices.pc: add lumerical 2025-09-06 17:54:34 +08:00
chn
bb7ca773c0 devices.nas: set static ip 2025-09-06 17:26:54 +08:00
chn
f793e2d42a devices.vps6: add port forwarding for nas 2025-09-06 15:25:57 +08:00
chn
1ea6614a9e devices.nas: add yumieko user 2025-09-06 15:20:59 +08:00
chn
ac34dae3a7 modules.services.nginx: remove grpc support, fix proxy_pass set header 2025-09-06 14:42:55 +08:00
chn
7249047645 Revert "modules.services.nginx: do not set Host header in global http" 
This reverts commit f4d71c9062.
 2025-09-06 14:27:16 +08:00
chn
998d9a9b48 Revert "add note" 
This reverts commit b8533c6f3e.
 2025-09-06 14:24:11 +08:00
chn
b56e637660 Revert "modules.services.huginn: fix" 
This reverts commit c86532bddd.
 2025-09-06 14:24:01 +08:00
chn
1da5f62e4b modules.services.gitea: add anubis proxy 2025-09-06 14:17:18 +08:00
chn
b8533c6f3e add note 2025-09-06 13:59:02 +08:00
chn
4171d3de62 modules.services.photoprism: fix 2025-09-06 13:50:06 +08:00
chn
c86532bddd modules.services.huginn: fix 2025-09-06 13:49:52 +08:00
chn
822fe1753f devices.nas: disable fail2ban 2025-09-06 13:49:36 +08:00
chn
aaf5948f80 devices.vps6: forward more services to wg0.nas.chn.moe 2025-09-06 12:27:02 +08:00
chn
83f7ea173c devices.nas: enable services 2025-09-06 11:29:17 +08:00
chn
67bf92e772 devices.srv3: drop 2025-09-06 09:03:12 +08:00
chn
5054b557bf modules.services.mariadb: allow mount from configurable location 2025-09-06 08:26:07 +08:00
chn
c07d104f44 modules.services.postgresql: allow mount from arbitrary location 2025-09-06 08:22:46 +08:00
chn
4b0e7e2e5e devices.nas: add ssd partitions 2025-09-06 08:17:47 +08:00
chn
b7469542eb devices.nas: fix 2025-09-05 09:02:07 +08:00
chn
6114a8b0ca modules.system.kernel: set btrfs read policy 2025-09-05 08:49:19 +08:00
chn
a8351c6088 devices.nas: set pl0 2025-09-04 17:23:27 +08:00
chn
092885fce9 devices.srv2: enable desktop for all 2025-09-04 16:03:00 +08:00
chn
2afc42229f modules.system.fileSystems.nfs: improve mount options 2025-09-03 09:31:07 +08:00
chn
554a777637 modules.system.kernel: fix 2025-09-02 20:46:48 +08:00
chn
8c685cf593 Merge branch 'nas-install' into production 2025-09-02 18:47:40 +08:00
chn
0741b1712a devices.nas: add root3 and root4 2025-09-02 18:47:12 +08:00
chn
3f471d64f0 Revert "devices.nas: generic build" 
This reverts commit 898f5cd3f5.
 2025-09-02 12:08:30 +08:00
chn
898f5cd3f5 devices.nas: generic build 2025-09-01 20:46:23 +08:00
chn
7c34f06866 Revert "devices.nas: switch to minimal, since build difficulties" 
This reverts commit 5100a482cf.
 2025-09-01 20:42:30 +08:00
chn
40d4dbbaed modules.system.font: add fonts 2025-09-01 17:51:04 +08:00
chn
5100a482cf devices.nas: switch to minimal, since build difficulties 2025-09-01 16:34:54 +08:00
chn
0b270cb9c2 devices.nas: enable btrfs patch 2025-09-01 12:57:59 +08:00
chn
1089ac48a3 modules.system.kernel: add btrfs patch 2025-09-01 12:57:55 +08:00
chn
2ac5d01af4 Revert "modules.system.gui: disable pgo of firefox for server" 
This reverts commit e5c3eaa8a5.
 2025-09-01 07:40:14 +08:00
chn
e5c3eaa8a5 modules.system.gui: disable pgo of firefox for server 2025-09-01 07:36:31 +08:00
chn
6b5067e2fd flake.lib.buildNixpkgsConfig: remove alderlake specific fix 2025-09-01 07:31:02 +08:00
chn
62b1926ab1 Merge branch 'nas-install' into production 2025-08-31 19:47:52 +08:00
chn
454463cd63 modules.system.kernel: add kernel modules for nas 2025-08-31 19:44:58 +08:00
chn
ff80a7ce49 fix alderlake build 2025-08-31 10:27:42 +08:00
chn
dac39597cc flake.lib.buildNixpkgsConfig: fix alderlake build 2025-08-30 10:27:33 +08:00
chn
7a19c017d4 devices.nas: switch to alderlake 2025-08-29 15:11:39 +08:00
chn
7fe7b2382c devices.pc: add alderlake support 2025-08-29 14:49:52 +08:00
chn
806666b53c typo 2025-08-28 15:39:45 +08:00
chn
bb0207cae6 devices.srv2-node0: enable dnsmasq on eno1 2025-08-28 15:37:19 +08:00
chn
292dc56aa9 devices.pc: allow xray dnsmasq listen on wifi interface 2025-08-28 15:29:11 +08:00
chn
934162ac8f update doc 2025-08-28 15:27:32 +08:00
chn
7db2b38ca5 modules.packages.desktop: add activitywatch 2025-08-27 20:14:43 +08:00
chn
80f32d8d4e modules.system.fileSystems: fix btrfs mount 2025-08-27 18:05:36 +08:00
chn
313b12364f devices.pc: add tigerlake cpu support 2025-08-26 15:30:40 +08:00
chn
5765835b87 devices.nas: enable nix-serve 2025-08-25 19:08:32 +08:00
chn
bb5da73734 device.vps6: do not proxy some sites 2025-08-24 20:01:49 +08:00
chn
9e22ca65c3 Revert "devices.nas: rescue" 
This reverts commit d9d78424fc.
 2025-08-24 19:54:19 +08:00
chn
d9d78424fc devices.nas: rescue 2025-08-24 14:47:59 +08:00
chn
5c0b5ca78e modules.system.fileSystems.rollingRootfs: add mount options 2025-08-24 14:47:13 +08:00
chn
94b67b308e devices.nas: rename root 2025-08-24 14:45:41 +08:00
chn
cdad2d0381 modules.packages.desktop: disable for server 2025-08-23 19:53:45 +08:00
chn
668b18d525 modules.package.extra: init 2025-08-23 19:51:45 +08:00
chn
188c352cb6 modules.packages: merge small modules 2025-08-23 13:24:12 +08:00
chn
0ef84c6c79 modules.packages.vscode: only enable on desktop 2025-08-21 21:38:11 +08:00
chn
fa396bd0ed modules.packages.chromium: only enable on desktop 2025-08-21 21:28:12 +08:00
chn
e718ccbae2 modules.packages.winapps: disable by default 2025-08-21 21:27:05 +08:00
chn
4012bc95d4 modules.system.nix: disable keep-outputs 2025-08-21 08:11:25 +08:00
chn
043050a491 modules.services.peerBanHelper: init 2025-08-21 08:10:30 +08:00
chn
38641ff593 devices.pc: remove searx 2025-08-19 17:13:55 +08:00
chn
fbfad2b2a3 devices.pc: remove unused march 2025-08-19 17:12:03 +08:00
chn
b7d64b6d2f devices.pc: remove nspawn 2025-08-19 17:12:03 +08:00
chn
ba7db8d042 devices.pc: remove lumerical and android-studio 2025-08-19 17:11:58 +08:00
chn
cb9604bb06 packages.sbatch-tui: add fdtd support 2025-08-18 13:20:28 +08:00
chn
90bd7bf0f8 packages.sbatch-tui: fix 2025-08-18 12:34:36 +08:00
chn
338f9072b3 packages.biu: fix exec stdio 2025-08-18 12:18:20 +08:00
chn
b56b6a8fcd Merge branch 'sbatch-tui' into production 2025-08-18 10:43:41 +08:00
chn
b0cbaf7a46 modules.system.fileSystems.impermanence: disable .vscode persist 2025-08-18 09:55:25 +08:00
chn
70caf942de modules.packages.vscode: use nix4vscode instead of nix-vscode-extensions 2025-08-17 14:22:51 +08:00
chn
66111e1dec packages.biu/hpcstat: fix build 2025-08-15 13:17:32 +08:00
chn
f39285ff0e devices.r2s: finalize install 2025-08-13 11:17:21 +08:00
chn
9d5807d52a fix aarch64 build 2025-08-13 09:06:00 +08:00
chn
e1e665d7f1 modules.system.kernel: fix default kernel variant for aarch64 2025-08-13 08:57:12 +08:00
chn
9874e9dce7 modules.system.nix: fix build on aarch64 2025-08-13 08:54:33 +08:00
chn
6b76ce497a modules.system.kernel: fix aarch64 build 2025-08-13 08:13:33 +08:00
chn
eda474f7d6 fix aarch64 build 2025-08-12 15:59:58 +08:00
chn
457bd2571c modules.system.nix-ld: disable for non-x86 2025-08-12 09:49:54 +08:00
chn
599b1e7ac0 modules.packages.minimal: disable rar on non-x86_64 2025-08-12 09:48:17 +08:00
chn
bcafae7509 modules.hardware.cpu: allow null 2025-08-12 09:41:41 +08:00
chn
86ff4c3feb flake.nixos: add r2s 2025-08-12 09:40:22 +08:00
chn
d3e11bae79 update synapse 2025-08-12 09:06:20 +08:00
chn
d6a63ed7e5 init aarch64 support 2025-08-11 12:26:57 +08:00
chn
8fb107b071 modules.system.grub: allow disable grub 2025-08-11 11:42:24 +08:00
chn
c0eed934c7 flake.nixos: add aarch64 support 2025-08-10 22:45:10 +08:00
chn
53f596508e packages.sbatch-tui: correctly escape shell args 2025-07-22 18:32:03 +08:00
127 changed files with 2643 additions and 1753 deletions
Expand all files Collapse all files

12
.sops.yaml
View File

@@ -4,13 +4,11 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &srv3 age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
- &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
- &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
- &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
@@ -23,8 +21,6 @@ creation_rules:
key_groups: [{ age: [ *chn, *vps6 ] }]
- path_regex: devices/nas/.*$
key_groups: [{ age: [ *chn, *nas ] }]
- path_regex: devices/one/.*$
key_groups: [{ age: [ *chn, *one ] }]
- path_regex: devices/srv1/secrets/.*$
key_groups: [{ age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ] }]
- path_regex: devices/srv1/node0/.*$
@@ -39,8 +35,6 @@ creation_rules:
key_groups: [{ age: [ *chn, *srv2-node0 ] }]
- path_regex: devices/srv2/node1/.*$
key_groups: [{ age: [ *chn, *srv2-node1 ] }]
- path_regex: devices/srv3/.*$
key_groups: [{ age: [ *chn, *srv3 ] }]
- path_regex: devices/test/.*$
key_groups: [{ age: [ *chn, *test ] }]
- path_regex: devices/test-pc/.*$
@@ -49,8 +43,8 @@ creation_rules:
key_groups: [{ age: [ *chn, *test-pc-vm ] }]
- path_regex: devices/cross/secrets/default.yaml$
key_groups:
- age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*srv3, *test, *test-pc, *test-pc-vm]
- age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
*test, *test-pc, *test-pc-vm]
- path_regex: devices/cross/secrets/chn.yaml$
key_groups:
- age: [ *chn, *pc, *one, *nas ]
- age: [ *chn, *pc, *nas ]

13
devices/cross/luks-manual/default.nix
View File

@@ -3,17 +3,16 @@ let devices =
{
nas =
{
"/dev/disk/by-partlabel/nas-root3".mapper = "root3";
"/dev/disk/by-partlabel/nas-root4".mapper = "root4";
"/dev/disk/by-partlabel/nas-root1".mapper = "root1";
"/dev/disk/by-partlabel/nas-root2".mapper = "root2";
"/dev/disk/by-partlabel/nas-root3" = { mapper = "root3"; ssd = true; };
"/dev/disk/by-partlabel/nas-root4" = { mapper = "root4"; ssd = true; };
"/dev/disk/by-partlabel/nas-swap" = { mapper = "swap"; ssd = true; };
"/dev/disk/by-partlabel/nas-ssd1" = { mapper = "ssd1"; ssd = true; };
"/dev/disk/by-partlabel/nas-ssd2" = { mapper = "ssd2"; ssd = true; };
};
vps4."/dev/disk/by-uuid/bf7646f9-496c-484e-ada0-30335da57068" = { mapper = "root"; ssd = true; };
vps6."/dev/disk/by-uuid/961d75f0-b4ad-4591-a225-37b385131060" = { mapper = "root"; ssd = true; };
srv3 =
{
"/dev/disk/by-partlabel/srv3-root1" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-partlabel/srv3-swap" = { mapper = "swap"; ssd = true; };
};
};
in
{

11
devices/cross/secrets/default.yaml
View File

@@ -21,13 +21,6 @@ users:
GROUPIII-3: ENC[AES256_GCM,data:c+HRdDZPugIVI2vmuOlorhjZzxS11c6CJiZ3ZEwFFHfIoIUmGsXoRPGraJ0BjI3W+XZbI6qk211yufTgXLVj7nOVi0PW/9mteg==,iv:H8DlkTjkL/f6Oa2LG3dHRsJuWkEqokUJ/mjMyDnEAc4=,tag:0QmUyfAbYnn7vs4AdwQtYw==,type:str]
#ENC[AES256_GCM,data:F347rPlEQZyz,iv:VlbVlc/tFmmoe8lVDza7ZJgHavZ/1NM9mK3KZNVrpbk=,tag:iRdvv0ajtgrJgMe87vBFfA==,type:comment]
zzn: ENC[AES256_GCM,data:P76cGOGJK3B7Z3nxZ9BlvvyegJ+4JX25kax7/Bj/0VKsH1cGEfyvNbPH8qYUZqm+zUvqEoFNZKWM4+IQKO7Zo9IXCJhGItL1Nw==,iv:e9lnHecgzSrHJkxumRpKGHzGlYbM5Yov4F4Dd4fIqrc=,tag:G7Cr7d1KZfldzYNRL1eSpA==,type:str]
aleksana: ENC[AES256_GCM,data:xRqQLPpcv0Ymz7wV0jDDz1i6eKIZKEXvqofO58VSHEC9aVSTLV7aXLw2kQ8PrAPo4FAkne2F6MYQGRwZFIHOjxfhw+ncXVDHxg==,iv:OSbT/f2LRUFY3DEyCCbWkPzwsrsNdVz6ah5ITRt+Kjc=,tag:00z36RTe76p1uxFCchGcpg==,type:str]
#ENC[AES256_GCM,data:xAGWajpTpg2keMthwQ==,iv:sQreB2mExZlWgVsig7885zf4LI6RFSitYUnD4ngvhfQ=,tag:viEY1wUVlDCqKm5ucQWzsA==,type:comment]
alikia: ENC[AES256_GCM,data:N4lyS8XZSxP3su+Frz00BPU+II+N6nosu4yOLPSG7zxefcJoG7i5bG3bzb1OQLc/x4fTuD2Wd6mEy6q66cizBkGn3xQHZIaW2w==,iv:FO64ACjOS6+UzWKP5WdcFOGZTzslfetX/VAxyUPZ3ds=,tag:6Kf0MCRUj9cbxyk4TsH8iA==,type:str]
#ENC[AES256_GCM,data:1br5bc3q0jBn4WrJzQ==,iv:YmIFhDd9Wl4dcKJLBC6A3v7oUXhBin6ZOuJknSiaYfw=,tag:8gtEBug4vHQkxN/9tLjqSw==,type:comment]
pen: ENC[AES256_GCM,data:XOKXV0YSFbHC3I3xO8fpWvYerNfVFg2afs+CUp2MZB+yt9KR5bTJdVOfUGldLbWH5CR4v5FxTrTujv24wJ710Rfyugxh9aFJ/w==,iv:tHLoO+XpdUk8S56QUiJQOpVO9C5epam9PMubMN+8fHw=,tag:H0srWRigNUedQMIAfJlfjg==,type:str]
#ENC[AES256_GCM,data:K6O0TIYYGZmM8iOwsQ==,iv:xtT8Psnoy51V9gsRo335+VT56FXTcMQ3d4/tnuWouew=,tag:k8irtZ33G3UFK++rzcmyiw==,type:comment]
reonokiy: ENC[AES256_GCM,data:fPKdOPAKbXUvK5Jj08T0iSD23mhhkTXCexgB5q3v5JS4c6V4S+W14WOkS4UHrMQls/rHslw0NyMzS5G27A+5vN+EN+xJZfuRGg==,iv:tSdNOgs61tyt7/hUKt8bfKvpq9qOQU14ligdxBs/ATs=,tag:6IoS/p2StKtFREIpxsWkdg==,type:str]
#ENC[AES256_GCM,data:cZznknXjlWF6eoEaTA==,iv:tdw/54W2evO1o5sq1syz3k0DZrm/rjflxqJpB9LZgvg=,tag:d60Ctc5YeSmhZJUURUmeSg==,type:comment]
zqq: ENC[AES256_GCM,data:iFtM0pxIvXPHBnLEfHdmYGVWXuroDLgUaAKF+DmuBdq1NY+pr33oXNJzckFZfWgpIOuCm4cNg5j5R6nsG+zk2VWdi2vuITT4jA==,iv:qfBC/D1gJYXOZ0Fy2DkAb+ImDgXZWU6R/Z50hbVDR98=,tag:eCr6lbSieWDCNaTYzoQ0qQ==,type:str]
zgq: ENC[AES256_GCM,data:cHYFToQ5ulEcb741Gg3X4lKj8ZJy1zcLHpkVQjQXt5hRAQtPsiPlegi2a1nUIAUb6sI//4ffcytlXpdK2sXewFe3ZiIXy3UVjQ==,iv:fKaPxpfh5ssOwAbmEsAPaQ45KrNtkHZb96IzWc6pD9s=,tag:Vt91B77SjxYaZ/HvWVBufA==,type:str]
@@ -176,7 +169,7 @@ sops:
UnR5Y24rSTk3WUV1VUgvQUFCVUxPZUEKv/lTy02gZYn4jF1uGtm+LhJd0m59Xe99
+unmqUDh0ZqAhJU8o0jrBiWs1lXOHU7CkIom7tGEMHGUxHkS+Z/6GQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-13T00:27:59Z"
mac: ENC[AES256_GCM,data:iBBMsGOD7nDpXDPDlB/ml06y4WVe0uq7dptn5VZSppoxGA7BmRfWq9OKueXykmgfueqC3N45KVeRh3/b+FrsIRuTl1iyKnT3pd/naGTguQBfFewhrbqNc6UaDadpEVSgYiS76A5JwEoemePPHVUboDOSe0ru3uzNk1nDh/85jRg=,iv:8/GpDArKPYPG2O41p97oQZHkmIgIVdB7OWLvMrDXlaI=,tag:sq3B5Zo7XoA151WmgtvMMw==,type:str]
lastmodified: "2025-09-06T01:03:09Z"
mac: ENC[AES256_GCM,data:9pJpUNzMogdijzFpjkCw4wEuOGn8B6Q/sKqzA6Pq73fp42t59BbdtK6ClTWqDRUG5MMmLVXYqdlrjPeHeRtXuQ0USNNFY6jC/p35/gB/+Gh+qqLY48YtBPjsV7aYkF8bVhC8EeDZPXvw6Hz5r+e1crVxcbOjk1uFXFVdoDGgsuQ=,iv:0QKuxk9WvCgLMJCNkX0/S/YonY/bmTvvN27DKcZGzv4=,tag:S9S/J57/GHjmVLJhtLDqDw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

9
devices/cross/ssh.nix
View File

@@ -17,8 +17,8 @@ let
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
extraAccess = [ "ssh.git" ];
};
one.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIC5i2Z/vK0D5DBRg3WBzS2ejM0U+w3ZPDJRJySdPcJ5d";
pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
srv1-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; };
@@ -40,13 +40,6 @@ let
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
proxyJump = "srv2";
};
srv3 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIg2wuwWqIOWNx1kVmreF6xTrGaW7rIaXsEPfCMe+5P9";
initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIPW7XPhNsIV0ZllaueVMHIRND97cHb6hE9O21oLaEdCX";
# 默认仅包括wireguard访问的域名和直接访问的域名这里写额外的域名
extraAccess = [ "ssh.git" ];
};
};
in
{

412
devices/cross/wireguard.nix
View File

@@ -6,240 +6,208 @@ let
vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY=";
one = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ=";
srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww=";
srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo=";
srv2-node0 = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
srv2-node1 = "wc+DkY/WlGkLeI8cMcoRHcCcITNqX26P1v5JlkQwWSc=";
srv3 = "a1pUi12SN6fIFiHA9W0N1ycuSz1fWUSpZnjz20OPaBk=";
};
dns = inputs.topInputs.self.config.dns.wireguard;
networks = # 对于每个网络,只需要设置每个设备的 listenPort以及每个设备的每个 peer 的 publicKey endpoint allowedIPs
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
listenPort =
{
# 星形网络,所有流量通过 vps6 中转
wg0 = let vps6ListenIp = "144.34.225.59"; in
{
devices =
{
vps6 =
{
listenPort = 51820;
peer = builtins.listToAttrs (builtins.map
(peerName:
{
name = peerName;
value =
{
publicKey = publicKey.${peerName};
allowedIPs = [ "192.168.${builtins.toString dns.net.wg0}.${builtins.toString dns.peer.${peerName}}" ];
};
})
(inputs.lib.remove "vps6" (builtins.attrNames publicKey)));
};
}
// (builtins.listToAttrs (builtins.map
(deviceName:
{
name = deviceName;
value.peer.vps6 =
{
publicKey = publicKey.vps6;
endpoint = "${vps6ListenIp}:51820";
allowedIPs = [ "192.168.${builtins.toString dns.net.wg0}.0/24" ];
};
})
(inputs.lib.remove "vps6" (builtins.attrNames publicKey))));
};
# 两两互连
wg0 = builtins.listToAttrs (builtins.map
(name: inputs.lib.nameValuePair name 51820)
(builtins.attrNames publicKey));
wg1 = builtins.listToAttrs (builtins.map
(name: inputs.lib.nameValuePair name (51820 + dns.peer.${name}))
(builtins.attrNames publicKey));
};
subnet = # 设备之间可以直接连接的子网。若一个设备可以主动接受连接,则设置它接受连接的 ip否则设置为 null
{
wg0 =
[
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
(builtins.listToAttrs
(
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
++ (builtins.map
(n: { name = n; value = null; })
(inputs.lib.subtractLists [ "vps4" "vps6" ] (builtins.attrNames publicKey)))
))
];
wg1 =
let
inherit (inputs.topInputs.self.config.dns."chn.moe") getAddress;
# 设备之间可以直接连接的子网
# 若一个设备可以主动接受连接,则设置它接受连接的 ip否则设置为 null
subnet =
[
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
(builtins.listToAttrs
(
(builtins.map (n: { name = n; value = getAddress n; }) [ "vps4" "vps6" "srv3" ])
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ])
))
# 校内网络
(builtins.listToAttrs
(
(builtins.map (n: { name = n; value = getAddress n; }) [ "srv1-node0" "srv2-node0" ])
++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" ])
))
# 办公室或者宿舍局域网
(builtins.listToAttrs (builtins.map (n: { name = n; value = getAddress n; }) [ "pc" "nas" "one" ]))
# 集群内部网络
(builtins.listToAttrs (builtins.map
(n: { name = "srv1-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; })
(builtins.genList (n: n) 3)))
(builtins.listToAttrs (builtins.map
(n: { name = "srv2-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; })
(builtins.genList (n: n) 2)))
];
# 给定起止点,返回最短路径的第一跳的目的地
# 如果两个设备不能连接,返回 null;
# 如果可以直接、主动连接,返回 { ip = 地址; };如果可以直接连接但是被动连接,返回 { ip = null; }
# 如果需要中转,返回 { jump = 下一跳; }
connection =
let
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
netToEdges = subnet:
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
in inputs.lib.unique (builtins.concatLists (builtins.map
(dev1: builtins.map
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
devWithAddress));
# 在一个图中加入一个边current 的结构是from.to = null or { ip = "" or null; length = l; jump = ""; }
addEdge = current: newEdge: builtins.mapAttrs
(nameFrom: valueFrom: builtins.mapAttrs
(nameTo: valueTo:
# 忽略自己到自己的路
if nameFrom == nameTo then null
# 如果要加入的边包含起点
else if newEdge ? "${nameFrom}" then
# 如果要加入的边包含终点,那么这两个点可以直连
if newEdge ? "${nameTo}" then { ip = newEdge.${nameTo}; length = 1; }
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
# 如果边的另外一个点到终点可以连接
if current.${edgePoint2}.${nameTo} != null then
# 如果之前不能连接,则使用新的连接
if current.${nameFrom}.${nameTo} == null then
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
# 如果之前可以连接,且新连接更短,同样更新连接
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边包不包含起点但包含终点
else if newEdge ? "${nameTo}" then
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
# 如果起点与另外一个点可以相连
if current.${nameFrom}.${edgePoint2} != null then
# 如果之前不能连接,则使用新的连接
if current.${nameFrom}.${nameTo} == null then
{
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
length = current.${nameFrom}.${edgePoint2}.length + 1;
}
# 如果之前可以连接,且新连接更短,同样更新连接
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
{
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
length = current.${nameFrom}.${edgePoint2}.length + 1;
}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果起点与另外一个点不可以相连,则不改变连接
[
# 所有设备都可以连接到公网,但只有有公网 ip 的设备可以接受连接
(builtins.listToAttrs
(
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "vps4" "vps6" ])
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" "srv1-node0" "srv2-node0" ])
))
# 校内网络
(builtins.listToAttrs
(
(builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "srv1-node0" "srv2-node0" ])
++ (builtins.map (n: inputs.lib.nameValuePair n null) [ "pc" "nas" ])
))
# 办公室或者宿舍局域网
(builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n (getAddress n)) [ "pc" "nas" ]))
# 集群内部网络
(builtins.listToAttrs (builtins.map
(n: inputs.lib.nameValuePair "srv1-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
(builtins.genList (n: n) 3)))
(builtins.listToAttrs (builtins.map
(n: inputs.lib.nameValuePair "srv2-node${builtins.toString n}" "192.168.178.${builtins.toString (n + 1)}")
(builtins.genList (n: n) 2)))
];
};
# 给定起止点,返回最短路径的第一跳的目的地
# 如果两个设备不能连接,返回 null;
# 如果可以直接、主动连接,返回 { address = xx; port = xx; };如果可以直接连接但是被动连接,返回 { address = null; }
# 如果需要中转,返回 { jump = 下一跳; }
connection =
let
# 将给定子网翻译成一列边,返回 [{ dev1 = null or ip; dev2 = null or ip; }]
# 边中至少有一个端点是可以接受连接的
netToEdges = subnet:
let devWithAddress = builtins.filter (n: subnet.${n} != null) (builtins.attrNames subnet);
in inputs.lib.unique (builtins.concatLists (builtins.map
(dev1: builtins.map
(dev2: { "${dev1}" = subnet."${dev1}"; "${dev2}" = subnet."${dev2}"; })
(inputs.lib.remove dev1 (builtins.attrNames subnet)))
devWithAddress));
# 在一个图中加入一个边
# current 的结构是from.to = null or { address = xxx or null; length = l; jump = ""; }
addEdge = current: newEdge: builtins.mapAttrs
(nameFrom: valueFrom: builtins.mapAttrs
(nameTo: valueTo:
# 不处理自己到自己的路
if nameFrom == nameTo then null
# 如果要加入的边包含起点
else if newEdge ? "${nameFrom}" then
# 如果要加入的边包含终点,那么这两个点可以直连
if newEdge ? "${nameTo}"
then { address = newEdge.${nameTo}; length = 1; }
else let edgePoint2 = builtins.head (inputs.lib.remove nameFrom (builtins.attrNames newEdge)); in
# 如果边的另外一个点到终点可以连接
if current.${edgePoint2}.${nameTo} != null then
# 如果之前不能连接,则使用新的连接
if current.${nameFrom}.${nameTo} == null then
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
# 如果之前可以连接,且新连接更短,同样更新连接
else if current.${nameFrom}.${nameTo}.length > 1 + current.${edgePoint2}.${nameTo}.length then
{ jump = edgePoint2; length = 1 + current.${edgePoint2}.${nameTo}.length; }
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边不包含起点和终点
else
let
edgePoints = builtins.attrNames newEdge;
p1 = builtins.elemAt edgePoints 0;
p2 = builtins.elemAt edgePoints 1;
in
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
# 如果之前不能连接,则新连接必然是唯一的连接,使用新连接
if current.${nameFrom}.${nameTo} == null then
{
jump = current.${nameFrom}.${p1}.jump or p1;
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
}
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
else builtins.head (inputs.lib.sort
(a: b: if a == null then false else if b == null then true else a.length < b.length)
[
# 原先的连接
current.${nameFrom}.${nameTo}
# 正着连接
{
jump = current.${nameFrom}.${p1}.jump or p1;
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
}
# 反着连接
{
jump = current.${nameFrom}.${p2}.jump or p2;
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
}
])
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边包不包含起点但包含终点
else if newEdge ? "${nameTo}" then
let edgePoint2 = builtins.head (inputs.lib.remove nameTo (builtins.attrNames newEdge)); in
# 如果起点与另外一个点可以相连
if current.${nameFrom}.${edgePoint2} != null then
# 如果之前不能连接,则使用新的连接
if current.${nameFrom}.${nameTo} == null then
{
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
length = current.${nameFrom}.${edgePoint2}.length + 1;
}
# 如果之前可以连接,且新连接更短,同样更新连接
else if current.${nameFrom}.${nameTo}.length > current.${nameFrom}.${edgePoint2}.length + 1 then
{
jump = current.${nameFrom}.${edgePoint2}.jump or edgePoint2;
length = current.${nameFrom}.${edgePoint2}.length + 1;
}
# 否则,不更新连接
else current.${nameFrom}.${nameTo}
# 如果起点与另外一个点不可以相连,则不改变连接
else current.${nameFrom}.${nameTo}
# 如果要加入的边不包含起点和终点
else
let
edgePoints = builtins.attrNames newEdge;
p1 = builtins.elemAt edgePoints 0;
p2 = builtins.elemAt edgePoints 1;
in
# 如果起点与边的第一个点可以连接、终点与边的第二个点可以连接
if current.${nameFrom}.${p1} != null && current.${p2}.${nameTo} != null then
# 如果之前不能连接,则新连接必然是唯一的连接,使用连接
if current.${nameFrom}.${nameTo} == null then
{
jump = current.${nameFrom}.${p1}.jump or p1;
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
}
# 如果之前可以连接,那么反过来一定也能连接,选取三种连接中最短的
else builtins.head (inputs.lib.sort
(a: b: if a == null then false else if b == null then true else a.length < b.length)
[
# 原先的连接
current.${nameFrom}.${nameTo}
# 正着连接
{
jump = current.${nameFrom}.${p1}.jump or p1;
length = current.${nameFrom}.${p1}.length + 1 + current.${p2}.${nameTo}.length;
}
# 反着连接
{
jump = current.${nameFrom}.${p2}.jump or p2;
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
}
# 如果正着连接、反向连接都不行,那么就不更新连接
else current.${nameFrom}.${nameTo})
valueFrom)
current;
# 初始时,所有点之间都不连接
init = builtins.listToAttrs (builtins.map
(dev1:
{
name = dev1;
value = builtins.listToAttrs (builtins.map
(dev2: { name = dev2; value = null; })
(builtins.attrNames publicKey));
})
(builtins.attrNames publicKey));
in builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges subnet));
in
])
# 如果正着不能连接、反过来可以连接,那么反过来连接一定是唯一的通路,使用反向的连接
else if current.${nameFrom}.${p2} != null && current.${p1}.${nameTo} != null then
{
jump = current.${nameFrom}.${p2}.jump or p2;
length = current.${nameFrom}.${p2}.length + 1 + current.${p1}.${nameTo}.length;
}
# 如果正着连接、反向连接都不行,那么就不更新连接
else current.${nameFrom}.${nameTo})
valueFrom)
current;
# 初始时,所有点之间都不连接
init = builtins.listToAttrs (builtins.map
(dev1:
{
name = dev1;
value = builtins.listToAttrs (builtins.map
(dev2: { name = dev2; value = null; })
(builtins.attrNames publicKey));
})
(builtins.attrNames publicKey));
in builtins.mapAttrs (_: v: builtins.foldl' addEdge init (builtins.concatLists (builtins.map netToEdges v))) subnet;
networks = builtins.mapAttrs
(n: v: builtins.listToAttrs (builtins.map
(deviceName: inputs.lib.nameValuePair deviceName
{
devices = builtins.listToAttrs (builtins.map
(deviceName:
{
name = deviceName;
value =
{
listenPort = 51820 + dns.peer.${deviceName};
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
(peerName:
# 如果不能直连,就不用加 peer
inputs.lib.optionals (connection.${deviceName}.${peerName} ? ip)
[{
name = peerName;
value =
{
publicKey = publicKey.${peerName};
allowedIPs =
[ "192.168.${builtins.toString dns.net.wg1}.${builtins.toString dns.peer.${peerName}}" ]
++ builtins.map
(destination:
"192.168.${builtins.toString dns.net.wg1}.${builtins.toString dns.peer.${destination}}")
(builtins.filter
(destination: connection.${deviceName}.${destination}.jump or null == peerName)
(builtins.attrNames publicKey));
}
// inputs.lib.optionalAttrs (connection.${deviceName}.${peerName}.ip != null)
{
endpoint = "${connection.${deviceName}.${peerName}.ip}:"
+ builtins.toString (51820 + dns.peer.${peerName});
};
}])
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
};
})
(builtins.attrNames publicKey));
};
};
in
{
config.nixos.services.wireguard = inputs.lib.mkMerge (builtins.map
(network:
let inherit (inputs.config.nixos.model) hostname;
in inputs.lib.optionalAttrs (network.value.devices ? ${hostname}) { ${network.name} =
network.value.devices.${hostname}
// {
ip = "192.168.${builtins.toString dns.net.${network.name}}.${builtins.toString dns.peer.${hostname}}";
};})
(inputs.localLib.attrsToList networks));
}
ip = "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${deviceName}}";
listenPort = listenPort.${n}.${deviceName};
peer = builtins.listToAttrs (builtins.concatLists (builtins.map
(peerName:
# 如果不能直连,就不用加 peer
inputs.lib.optionals (v.${deviceName}.${peerName} ? address)
[{
name = peerName;
value =
{
publicKey = publicKey.${peerName};
allowedIPs =
[ "192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${peerName}}" ]
++ builtins.map
(destination:
"192.168.${builtins.toString dns.net.${n}}.${builtins.toString dns.peer.${destination}}")
(builtins.filter
(destination: v.${deviceName}.${destination}.jump or null == peerName)
(builtins.attrNames publicKey));
}
// inputs.lib.optionalAttrs (v.${deviceName}.${peerName}.address != null)
{
endpoint = "${v.${deviceName}.${peerName}.address}:"
+ builtins.toString (listenPort.${n}.${peerName});
};
}])
(inputs.lib.remove deviceName (builtins.attrNames publicKey))));
})
(builtins.attrNames publicKey))
)
connection;
in { config.nixos.services.wireguard = builtins.mapAttrs (_: v: v.${inputs.config.nixos.model.hostname}) networks; }

20
devices/jykang.xmuhpc/default.nix
View File

@@ -2,15 +2,23 @@
# sudo nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' -qR ./result | grep -Fxv -f <(ssh jykang find .nix/store -maxdepth 1 -exec realpath '{}' '\;') | sudo xargs nix-store --store 'local?store=/data/gpfs01/jykang/.nix/store&state=/data/gpfs01/jykang/.nix/state&log=/data/gpfs01/jykang/.nix/log' --export | xz -T0 | pv > jykang.nar.xz
# cat data.nar | nix-store --import
{ inputs, localLib }:
let pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = "haswell"; cuda = null; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
});
let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = "haswell"; nixRoot = "/data/gpfs01/jykang/.nix"; nixos = false; };
});
python-lyj =
let python = pkgs.pkgs-2411.python310.withPackages (_: [ pkgs.localPackages.pybinding ]);
in pkgs.runCommand "python-lyj" { }
''
mkdir -p $out/bin
ln -s ${python}/bin/python3 $out/bin/python-lyj
'';
in pkgs.symlinkJoin
{
name = "jykang";
paths = with pkgs; [ hello iotop gnuplot localPackages.vaspkit pv btop ];
paths = with pkgs; [ gnuplot localPackages.vaspkit pv python-lyj ];
postBuild = "echo ${inputs.self.rev or "dirty"} > $out/.version";
passthru = { inherit pkgs; };
}

55
devices/nas/default.nix
View File

@@ -11,15 +11,26 @@ inputs:
{
mount =
{
vfat."/dev/disk/by-uuid/627D-1FAA" = "/boot";
btrfs."/dev/mapper/root3" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
vfat."/dev/disk/by-partlabel/nas-boot" = "/boot";
btrfs =
{
"/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
"/dev/mapper/ssd1"."/nix/ssd" = "/nix/ssd";
};
};
swap = [ "/dev/mapper/swap" ];
rollingRootfs.waitDevices = [ "/dev/mapper/root4" ];
# TODO: snapshot should take place just before switching root
rollingRootfs.waitDevices =
[ "/dev/mapper/root2" "/dev/mapper/root3" "/dev/mapper/root4" "/dev/mapper/ssd1" "/dev/mapper/ssd2" ];
};
initrd.sshd = {};
nixpkgs.march = "silvermont";
network = {};
nixpkgs.march = "alderlake";
network =
{
bridge.nixvirt.interfaces = [ "enp3s0" ];
static.nixvirt = { ip = "192.168.1.2"; mask = 24; gateway = "192.168.1.1"; dns = "192.168.1.1"; };
};
kernel.patches = [ "btrfs" ];
};
hardware.gpu.type = "intel";
services =
@@ -27,13 +38,43 @@ inputs:
sshd = {};
xray =
{
client.dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.nas.chn.moe" = "127.0.0.1"; };
client =
{
xray.serverName = "xserver2.vps4.chn.moe";
dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
};
xmuServer = {};
server.serverName = "xservernas.chn.moe";
};
beesd."/" = { hashTableSizeMB = 10 * 128; threads = 4; };
nfs."/" = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc")];
nix-serve.hostname = "nix-store.nas.chn.moe";
postgresql.mountFrom = "ssd";
mariadb.mountFrom = "ssd";
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden = {};
photoprism = {};
nextcloud = {};
freshrss = {};
send = {};
huginn = {};
httpapi = {};
gitea = {};
grafana = {};
podman = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
# open-webui.ollamaHost = "192.168.83.3";
nixvirt = {};
};
};
systemd.tmpfiles.rules =
[ "w /sys/class/powercap/intel-rapl/intel-rapl:0/constraint_0_power_limit_uw - - - - 10000000" ];
};
}

79
devices/nas/secrets.yaml
View File

@@ -7,6 +7,81 @@ xray-server:
#ENC[AES256_GCM,data:gToh4rgMOQ==,iv:A14sSC7ExbSZNOzzz6mOmWalSz9K6ROoSYgCqdF7j4U=,tag:1Jr2FfVQ9L2w+bWHh/NekQ==,type:comment]
user4: ENC[AES256_GCM,data:/ZrgvlpwDlKhcHqkBRsdqqJsNUxtb3ZnC36mc8qlJ+HP4mY3,iv:R5QzXY0mC72TDB0OcF4fJt3bc5L1Z96Q+n9kNbZP7m4=,tag:tjWSEcsG0udvQZZJ/RMTJw==,type:str]
private-key: ENC[AES256_GCM,data:34FOslwr3AZNDg4YrS95S20agGXwGJRNGnpogMR7utbt1ELUxfQkiAU1qw==,iv:4fiJCi6TJM+NIlfI1qFX/eCNhcVaCWGsLA7iMjQpATw=,tag:eLz8HlQMprQNryk5saqyVQ==,type:str]
store:
signingKey: ENC[AES256_GCM,data:zr02XBgQ4H5jRnjpLtp9rjcysXP9qI7McOiBwaWhdylu5GevKmxlCd4h3pEUO74k+gJT88BzJ+S59P+6DS76Y5nlKqextGMzGjdq5XPkdDkSkKZBai2kkqBSyko=,iv:hyhroaDazMLFeLMGruiFeokZ2Tz3xKj+xCsiEUJ5faQ=,tag:w3805eqo6Y1pw65mjoRgOg==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:5kGvlFB332xf+PQCDmJ+EA==,iv:/BQI83lMdzmycQCe0k6Y8bwqV4Ma9vqgvgPWWqVAr1g=,tag:61AhVVNUx8+b55DkIjVifQ==,type:str]
led: ENC[AES256_GCM,data:XFlK2jjo,iv:rTCHmoFU4S++eBywCa7NXsAmSqcSgCFXxnW0RyFA2a0=,tag:aK5IejgS060FrxQfmdxohw==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:r2O88tXccKZw68Jg5tvUcpwf6y8Vs1kcZ7XbAReJ7aGyGH4MH3jTO72Hs7vh7185IUygXri0M2C6Ko2CY3gaLg==,iv:ZYbSqlcnga+JnC5Dxt2cTHiGTlkndSAB550ilSO+P1U=,tag:PgrW6H276sSvYe3NA6o/vA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:Up0Q/4MjyCdXyL1EVoXbmW0J3QJCx1PlhClXSc2WpBNwpSfgmoJceLoXRbIs009JVjhn5tt7LO6EmwKiNc6yTA==,iv:myWj8+exXtg+t7Fs+ZPOLJXWtKEu0PyhTw68i7rnuTQ=,tag:WMpj06Swj3pMbSXgM0bNuQ==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:yLVCQaElMWBdVnKa9hBNEnSxfOx/582SoCDpQM9QjEgWzYOmPIVoRsTAs10Gsw3PezJW54S+AUrNg1mV0f8Nwg==,iv:xYXQt2CsZyymdKMIoqKLzLeTMNff7RwGzBGDfBOoxlM=,tag:L3V+AZZyOJow/Sf1RzD38A==,type:str]
nextcloud: ENC[AES256_GCM,data:/wv5hG7cmHz8S3d411cGxFY87MNmo/6V/vXJsWqYr4afoVLMlqUgpf6ZkSPcj2PKBmB/X+RR1s/Mus9RIJKpzw==,iv:WMdKp63LsMyOGheurm6bM4qUUNVe3/WmkvCQ8PWxqoo=,tag:PHjeJ052LtCqerED4bgACQ==,type:str]
send: ENC[AES256_GCM,data:5y0GGNdmVzl1Ro4bv8rab9dgmIOgNQBPPF02HfpOn/ctbSBzi9c96TJeIbDJVS2tN4P2+hSgP/XOR+hoM9prxw==,iv:4xf0b1/1f9vyVlQtIGmX5Ea/xNPyjXmA5/vazf5sOZA=,tag:b2211wLiDTvPKqRA3IpzOA==,type:str]
synapse-synapse: ENC[AES256_GCM,data:3lSmLz+sO9fwomeb/NCTlSRwpbegH6g1vp0qKg4G/hnWsKCu2mK6TDhQbLCSDQEagw4oBDN68yEBQ0C0tvmd3w==,iv:9rrv3XvB4ELcZhdi2KNxnYFw+XH96U4SM0X9ZSGp0KA=,tag:Qn8FdMMOaDeB9Wb11F44xA==,type:str]
synapse-matrix: ENC[AES256_GCM,data:NqDKomSPI6UcRDAjqVapBlmXXFHdHYS0w3jvJ4oQCvoeqYvNalkD009A6E6Br3w0/FGEKJQeTBI2MkYLlHAWcg==,iv:o8TDqzRDQCi4+Kv82BSTRyB4Y7mKhxM3c49hEbQuQmw=,tag:6RCKWwxC5Fw5N1QD/5UktQ==,type:str]
peertube: ENC[AES256_GCM,data:zzRRyCbXsqVVxDvS8kpBbOyozqi24d6G9K++/ToLQyt3TumefTssNehljNsb0oqsmZBLgLhND0T4WDhMf9//Ng==,iv:yDM/LREKnBW8noRzHPIdqg0TvmWAfxmVOplZkY8MSro=,tag:19uoxbEdGPOIzcQqm31H5Q==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:mcJM5hgd6Y6MjphFuH20QHU1zxPVnrd5CG3rwX3CekxpM4NzElhkD0pcWM0eTxbNQCM4V+lmjAvaQzBS8T9Mzg==,iv:eC2/GyNcZK31jxLYfRRw4l0aNhz1kcsjE/w4Y/P6ydQ=,tag:hNC2Fj327+O8/4/5/riTYw==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:z4C8J2dAu6OhtRzkHGLb1u3pUGeRuTF1EHzjduO45zF9cpMufIs52u8vhzwmrEXm7bJP2lomyFtQRWNPqtPkVw==,iv:QA56d2wcAseFuhI+lgR5Op0TbKrzs+1Cd5v8/0i8/gE=,tag:Df63HfuHZhDn/0SL2/6fdA==,type:str]
synapse_synapse: ENC[AES256_GCM,data:4Em7JbATF0Rs8pLjrVT9ZIxPaqecqxCGUtQPie69XWZIVuB/4AsmhPe4WmyJ2jPPmHBdzPHHLwQbd3ryusMzsg==,iv:49JsSMnsZzROuH5mXxMVEbkFOp0uf8gsps02vAH1Ovo=,tag:63LjUCFcnhqUsWqn/hDijQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:qP5i100QGGHbYLbmgI29eU1vjx3S9zAAJ6SuahykqehFcowJMG/x9L4VCfw8nMmvoDZDUDvOKsE/8XH6tJ8c8g==,iv:f+yahEvIwdchADrtQsX0EllR6jGzqLA5zwnnAaUjnck=,tag:Iy5JbgktJSoUPszcinb9vQ==,type:str]
nextcloud: ENC[AES256_GCM,data:XBsqWgTwAMMQ+aZVf91w343yqL7a1xEswc8CeC0NWsM/ZwabQfYeToVDKlQEGnItuyBRZfhSzH+EUsF7pXDB9Q==,iv:OEoqECAOuyJ0wjsaof8GFYaftEv8z7vH64RWlGHU9XI=,tag:nFoMasHkPawFxiLvclsP6w==,type:str]
gitea: ENC[AES256_GCM,data:7afp3qF0jU+aGOktymlk4iDaK2EuYjLD0QcMQA2Nkxf+ac4PQFb1g4rsaPcxuNLn5ZFueq6QXCVUTPNdEeCJNA==,iv:OjNWbhRoi5fvVY8dtkoHWIPO1frXsmI8cuBxKgDHPmo=,tag:1s3+L08McDetU2BTMXWP+g==,type:str]
grafana: ENC[AES256_GCM,data:jsKB0+FFRGDfCG/alFwQF1fvI+TOFAUN6gc3zraMkCsRzn6SBzPsyuOiDthTCyS2dx0+arwmn93TzX1fm/vKuQ==,iv:Vl7IsQRuP8TBTDfwJSU/QrHTSowukXtGPG38fu3QcnA=,tag:L5G8sN6ZcOWyoeQgvTYGrg==,type:str]
synapse_matrix: ENC[AES256_GCM,data:uyV13dMgUzPLGmSGN3Hoi6u1tY9rMU186VUSl7HspZXFqhs+OmRGL86cf91o/owvz15WijIw4wuAP++T8MY4LA==,iv:TG7Fi3ETAvmrOxv8ZahnrOR7Z90Vf5YgHcOtPkzueJI=,tag:uH10mk1m0q3a0fGcDbH9HQ==,type:str]
peertube: ENC[AES256_GCM,data:J/qNYYuOhENTVFU+6Iz9P8Cy1FcHlD6xpPADDzdYDZuce9DEsnFq28d+tTJ7Z71IvOKvNySly7ru/R+Tu7rqpQ==,iv:sV34o2Zf7yLUovdVND7wh+rcoGglz4llc3xfSEllHNM=,tag:c9wzEAlWMINTN8TEZhDIRw==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:PVWacd0SAg2n76ExpQy5Hdg2WK2IdokhnZ0PoY7rNz7pLkBjlrMjbtCenQ==,iv:wPCVw0VVL4b/9TLvGd3fU+dDr/gIlSyUOO5pKF3CuzM=,tag:HgUrPEOCZK9DYsyowi55Ag==,type:str]
youtube-key: ENC[AES256_GCM,data:XOPAZPIE8Hd3vKWAR8tlaXQp/FGeH2pIBmwym8h7TXUf+MGTGQko,iv:mv1csjmeKi/ZQIiuhzPIr3DPyygjWevhFGSK+URaQiA=,tag:yh4Zr9MpINU8O0eeH9+z3A==,type:str]
youtube-client-id: ENC[AES256_GCM,data:HEJQeFtoyXaSQqprbpGY7qvYYsq1u23CMM5kGvgGsoP1xvEMcwRa3Lza8OhL/lk0MtKH0krojDyUMzWPZtohG9U3ad/t18YQPg==,iv:vT4V3VZU4lJx2djtjIOow/xuER2LQ4reQUOgCPeW+9Y=,tag:MFvBv/3hs2H6BQWGU9eeFg==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:7++nVoYfFxv304u9fxmk5W+38tP6Z+mMS/nh7adolhyfDXI=,iv:WlYBfwCz7//qM02ljM1prc/YnBwLOb60ATcUlnBK9ik=,tag:erwi1hRaSaUQ2cLp+S9QOw==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:o9KEBZ18h+taPc3WoQ4EsbR/WbFn3wRhgdvLAz7dmM05Cktf9pgZ8iI1idWQZCJ0ehYL5VyizNhHrmkocXsHzCJ6i79J3uBl5vggWZ4v6/5cUBtNZXq5DYYG/EVN2RXjOdrkzYZnQA==,iv:CQzgvwhofMljnhNXYh+t6BkPJ3OO4GRPOSFZOVXe7TY=,tag:/1i73kP+RrkP76Tho27wkA==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:2OM7aZZYuE1A3aQMsDia5yy2cGVmaT7L3QljZ3J8IixA9zaJdFwu6w==,iv:vcc80V5PMqZk7lcvoyfl+XtoIhZ7g951OSRnXPywtao=,tag:EVL2NIiDTS5EHU8MxIZjpA==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:PoylF8gAs3dpRSdV6ClpaV9J6jRqRIsAYPlv1NiWy43hHmvEQac1tVrQfm0WHsxV3SfEaphyVH18bgwAcWnkWHbMTzKTWtzsJ74WrihRgksPiuttUm0JkTTr16g0jUtF8kSJiajQfDKmL0pEY9k3mnGnLltjIfntnqbH6dM11FRFy0Ixg0USUPiPz+uFMpJ7x6RHp+ypfhvMYsi5uuCiloCYMV4cUcr65gGym7a72S74vPdPQRzuGoz9fsJn/aPGPlhZR9L2k98TzQjp2jz5lbbGLEH6O1AH/aW9QlDuooF1ki9SvanQ,iv:nO6Adc002Twmw4Qov+EkhVu2TBN0NUEgaCoWOaTu7hE=,tag:cHG00fvDaTR7kAYIMPsICw==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:88obR6OzMhO07UM4Mqr928ik/LY8wjjuYRVJdFFJNwiq+q05DfKprrX0oh5barTBqWduZ/PZZzOswh8OgzyeVpRZwBLIz63AJSv+Zui6wV/KODITZs/iDC+UiEnGkh0kf93p3g/TUvxWDGwe7beydGiDXUZrvaQ2nKB7NBGAoohdsx3cXb+TPruj0U8G1GaqRscSjqoYJFhj30EJBH7Jqb687/Zms0oetgXi6KZ8Mw==,iv:tYjHMC7FVxQJ4mhst6pttxivCoSxVyv8qUPmXXDoqzs=,tag:c3UHpyGKvD48qi0rBlfyjA==,type:str]
mail:
bot: ENC[AES256_GCM,data:redeWqYAJlHVivVtywOD+Q==,iv:mDZ+4K4aj+05/KRij0oH+v7/JiBxs7y/x08Nz7U1sSQ=,tag:2FRwDxmN/mIuBjE39jl/Ng==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:IAgJ3Lni1s/AGQxz2Tt0EpFoIwRZ7Y9TtDHsm7fyCcfDLNvwhNorTod5MSgiqFtHhWLzXf/iqh3/cWitIeuxAg==,iv:QUGCkeFMO+CA3tAXbM8h4KALFic6XbnW5pCxtPtJyb8=,tag:dq6qECRfcyUvJX5EwCPDvQ==,type:str]
registration: ENC[AES256_GCM,data:HV4DXfW6h1Z/OaW73jXJ4oXs/FOJf4EXWrWlXsnqbOJyzhCszBOiGFAw/i+wx9sSB+k=,iv:8VIXG3Xqug8dYaw2Log9IrGpxqAXwXFk4MJ4JuzQsBY=,tag:3Ra69sIFOxtX4Wzehvz+lQ==,type:str]
macaroon: ENC[AES256_GCM,data:ilCgbQjqIALJd+rz0XmEo6TLqO44NCBBG2vKv8QITLntZ80bgedKACXZogfMVCv7pTI=,iv:LQG1/agu05i7kFL2vWFnSCttivD7yyDijhWFfq50Xq4=,tag:2VfNhZA5OogXI/RaWohDag==,type:str]
form: ENC[AES256_GCM,data:0NdGdzjSF1/Xo7jz+Y3sGK/szDlhgg6kWLCoBiqDmBSARZX8SnW9W5zlPKM4Xa0sG+o=,iv:XVxnFBK2f2tvhIshzQLqLeUMcO28MyLrrF5QZMUeUr8=,tag:5frMH5KQt1hL1u2ltDpApw==,type:str]
signing-key: ENC[AES256_GCM,data:JPjrh78ySJwmfL7l5C2OT6pelzMfqaWRQK7MoMv3lQ3VXcWKrVsJZlfRQaTJbaEgK+qSiHh0T99LGA==,iv:DFefjxW8U9YK3kCQUPyxOHsh+ZhUYEj5DfOlKVZePxA=,tag:u7oyKnuVDqkyvzwvsyfV/A==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:ecDAOVKq9+tJklCJK3ktiWQ6Ky+O5fjr9zS3b3PjwJUyCpIADvVhWBTmFeaVy2ApfuWbugGw8d5wCscpOOy/aw==,iv:p9l9X0UBK2mDpkR9+OX/j+ETYxMdzZhjowzOvA6Uk/Q=,tag:5IC3IsfXg4JmJ+m9F4ehPA==,type:str]
registration: ENC[AES256_GCM,data:YnDk7rqVPi3uyzNSBvWLQPb2ZaayNzgubs4Hf0i/CN0hW4ha49AZtkcNka/hVtwTGMI=,iv:Zs7SpAecN8r2Sg7Ih190SUlbH5SLu19BDCUPX9ywYzw=,tag:RLZ6jIgOeFCDwzAu0008yA==,type:str]
macaroon: ENC[AES256_GCM,data:YmEJKAZ6dyjBVyvK3Xi68TZtJHUuljAQMhlR6I8vNUOxuP766XYkU/z/YaH3R2rVv9Y=,iv:1/C8Fm2CIpo6Y+YnE80EtWvHfG6cQu/mYd10XjagJdg=,tag:QmtfqZ/3as+4gdF/b2OuxA==,type:str]
form: ENC[AES256_GCM,data:rGLJQUMVpOBTCQEqQtiUk3SWitLL1tijBFqVDbohrUspUhTXgRmCQ/0eodhku3RiwcA=,iv:GSxZtwo4/FDRn/dA+L/NQFWcj45KEUSaV2sUL09vqe0=,tag:4dvt57c3Q73B6O/9/UsbNQ==,type:str]
signing-key: ENC[AES256_GCM,data:mUY9Fn7TcBPs4HhSpRkj1weFezAzr5ld1xYE8kZcjRNU05MCGLTbPa+av6pYr0HoAaSyzBXmKBBZMQ==,iv:wX092d4eAJ2jLce6Y1EfewxGZsLnwOSce5RJoikCiRg=,tag:Uegzv54CvAI8d0NTz3UesQ==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:wbKsGwBKrJYagX1AvY0o5FHXxOhrfjZ/+crasAh52uOFYGd0P8A7NnyF6JvNgH749dAT9H47DXRKBAclVVSqWPc=,iv:TZgJ7pwyGBpf7S4g7CL2dync2sGNzQ9369atAvLwFJ8=,tag:sxtkPHOmrjUb13zeWPBdng==,type:comment]
admin_token: ENC[AES256_GCM,data:TrgqQwXBoCdsLeWQYkur4zS+Z4nCoDDoePnN5vm+AIcgYXVwjxcf/0AwXQIxVNEypYysPpoHKOigwhkf5kLazAMiBZ0goAflJT/S4nOLo90s+9kDCADXWnCeHNhBUg8fUulNPBbpqdfFKCJgJCD2WTI+V5yFLQ==,iv:maKU6pcxis7Cyrx9x26cUTBzA6ZKcKJWSP23w+MDehw=,tag:GYpPHp2slC6V8aKA1FHFAg==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:h7TQh5ScGM30e42VSEg6AynwRUPHMRHddJcJotQtDbkFVgmfjHmAHTY22U5jWqjq4KXPN5ItRETLOMw9k9yOgg==,iv:jFTPaXortmiU+8m/NBTYjAXRXHCpD+UE5oeveH7/znk=,tag:3OOUUyHLQJROh5rZcX8bAg==,type:str]
freshrss: ENC[AES256_GCM,data:Qjg5GIX13ccZi/DuqtWK0qzr2GK0GzzUdEZWXDhUhGxFWzgosADxDCc8wfOchItaJFefnVrpPxdAPvT+4TEH0g==,iv:oGii3o6sJYVc11kdQMh0Pa3GUbWqttFgjvSVEbTycZc=,tag:8GWWwuJjQBwDFl9pJvg90g==,type:str]
huginn: ENC[AES256_GCM,data:/hFQdG/RGrX75qd0+WgwhnwR7p/CEVx1vPksRSudxmc1m4VO/AVzgMCWAz4310ctTEnn4GZinvD6QGFta5IOSA==,iv:mrPDZA6Bnw+SPVDDe64tivvvQtHWvCsPJbEnPqm12g4=,tag:ihXbIJwwtQ0RfaNfcaop4Q==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:QXrDNGSKdRZxc4mfwIhR5cmmmJysGV3cThSFlng3mEviaq0p+BvOa5Thtgw0CxQXdpgjrkui+837NJ/FxPUYvg==,iv:EkutxeDDWfSOVD9p1Ari/rkgf7EwTutDymZQ1uNm6FA=,tag:r3gXuefnIQ+5pPtGZajnZg==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:DJK+u19VP9cFvq4/P0+f7erXxZkRWI4NRrX9HdHO96xy9wZMtB+hEDN3zLQnkTTtmd2ZLs9+c9BsUNXZperGDQ==,iv:zX8Nxt5+O/mGVt5l1j8IojBkgxg5oDae6KWTXYz0hRE=,tag:MRyMx0OXYTCmtaySP/umNw==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:wwHntnMeiGZ5v8CE7CGV,iv:snIdYdFpvv5HvcR5qucD2pZXXef3dhSU+2wK5SPrDjw=,tag:2RnujKKkQSoxvSNZPLS9Pg==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:E8rEdAfUQX9oJEnvxVF5PmYFMd9PN8+K,iv:gZtUf+AkICLHD4h2beHbEfyoL4bcoOv0sivDFDB3vVY=,tag:4tlsPuED6jCXNE0iOayXsg==,type:str]
grafana:
secret: ENC[AES256_GCM,data:O2L0+R9QvOMJLKa941nxn+FeuZ5nOAm1iDlKW2vvk5Dyod0XLdGL1seWuYzpx+NL16qmC1u8jydDcBfUT+PAeA==,iv:Pqsr+POPAr8djdVMK5U4PiS1zUnZXLH3q588D/jOMys=,tag:QziP0kKT5oyI/RHaYHr2mw==,type:str]
chn: ENC[AES256_GCM,data:xMwWBYChRIxw5KDjgCYBJWkbRRo5FUtyhZ0+SVRIgjQ=,iv:EIjECQHx3/2t+oMC16B1Xfwa8guiST2pdIKM1hNcuFA=,tag:BP8ElnMevqF6urDgBP/UAg==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:9pm5hD8FdbmFIRZZX5+C0NyXn8qdt0OIlecu79xjVrWd8C6H7C01Uriw5M1qifTIJLDMvJC36Trci0/eniDsEA==,iv:iZ/KiwgFm5TyZBZxo8n9k3Lr3o3Vk+c4zFn9efPtJYw=,tag:HGgoRL1C3Nm/KTHGfq2Ejg==,type:str]
password: ENC[AES256_GCM,data:PNrcz2PnGF6WGa7vL5PBWiM03xsA2B2imPiwHpU0IMPN/CMh77eMVtwmoxtl6QkGl1UKb12975NJsfJwJPg9gg==,iv:vjFl6SFNqZhTHmmxRckYAj8nZ1IbFtTfTAxYkdSf/lI=,tag:K2PpVnu+919MddGl5qJn+w==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:E8/Szd4ZFat/R4UW6F4qVEvKmq55sT7mpY6hK274JDCYJgjfQdtJ3gY=,iv:Ryxy19pQsY9pFfz/E4SbBfxYx0N5BXqZtR/Kv9E+0uM=,tag:GEd5+N/ziOncF1UhrwgngQ==,type:str]
webui: ENC[AES256_GCM,data:6rpvA80i+HXkDQgYCDIHbXwDfxHq/5tXQRK4piI=,iv:vVIBHf/9LnY1z4zVZGB0ZRBRwLpdXKvNhsYWySxhsiY=,tag:JmbDJKlZ2dH13+drXyXXPg==,type:str]
nixvirt:
yumieko: ENC[AES256_GCM,data:tO+67mdCFH8=,iv:vl+PLSBfMDk7rGmpjuZ8TnEC1B8tni2pphC7cTmxQU0=,tag:RVW5UaUD0g0HDpoGp2/mAA==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
@@ -27,7 +102,7 @@ sops:
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-06T04:33:54Z"
mac: ENC[AES256_GCM,data:DMLcRc1hDS0x5Gt0WA/6kfEi7KKogeKHBfuW9gndj7fPqCyyYFzW9Mn8mZ3UhWB68c25GtKyLdo9T5yFivS90JB74kEWrQn/Nfdy0wW18BOloiRwLdSipoADwYwpJtr+JGNs9R6AqIAoDcbVJrr4q6kZh/Cjue6TJiyBdI4uirU=,iv:YOn7XzKAKtzucq6h0yAgj+Ee6L3srscnvieCOmZjBeo=,tag:lnAfv2pWVf5czeTgL4donQ==,type:str]
lastmodified: "2025-09-07T00:23:06Z"
mac: ENC[AES256_GCM,data:Vmcv7Hof4ZR8uXOwbk8zeKSfVldCxJQ696m3mCe6ar5FKpGja0f2XbW8a7tpuYqfwNa5Z7OCovku40PZ/TSmq91hQlZ+zbXe66nPx3/ybbQUSu1rvujprv36kvp1BQwK5A2clLEX7Vo7fGsTq1jX1AFrNM7zTJABrET/7yqVdTE=,iv:IkODPE4AMMLpBNbgwbOpYLWpG7IkRPKVBiLfxKASmPs=,tag:9xfwdCvaWvVey24dLmkFSQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

35
devices/one/default.nix
View File

@@ -1,35 +0,0 @@
inputs:
{
config =
{
nixos =
{
model = { type = "desktop"; private = true; };
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/one-boot" = "/boot";
btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; };
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root"; offset = 4728064; };
};
nixpkgs.march = "tigerlake";
};
hardware.gpu.type = "intel";
services =
{
xray.client = {};
beesd."/".hashTableSizeMB = 64;
sshd = {};
waydroid = {};
};
bugs = [ "xmunet" ];
};
specialisation.niri.configuration.nixos.system.gui.implementation = "niri";
};
}

32
devices/one/secrets.yaml
View File

@@ -1,32 +0,0 @@
xray-client:
uuid: ENC[AES256_GCM,data:GmfSlDQjO4aBq3u50jnFjOR9VxamYHzokUrO9IpIGuBx0j8e,iv:++O2wBUCnHDPowRgtxPQJQePXP2Cda74WXQvlKHbHNw=,tag:XDWhiXwT718RgrBw7L5yzw==,type:str]
wireguard: ENC[AES256_GCM,data:OuduClOu9y9adCcV1+U/NLp/t1yWPkuyptproTJv4beImptrLOVGbhb5fb8=,iv:qa1jpzAlUEhPBznZw6j4CYquTCpmNZ+uNbyHjH2qGy4=,tag:+5I2CRuyCAMSy74xVtdJGA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOUJWMm5xT040cEoxQit5
ZnhhQWVyWjlnejhzQlEvVVg3ZGVJb05iL1hjCnF5bzFTUTZFYkNQR0k5U0xmOW1t
TXhsRHFIeVBBSXc1UURON2M4MDlTMEUKLS0tIGdSbTdZdmdjY0dmNjkrRjd0VkhK
eWV6SDJqT1B2MEp1MURkV0E4S3Z0Zm8KX9lEjG4u2QRe1zH+13rbedCWl1B7vvl8
2iMHj1qQ4JkCeq83llEH5IuDXKYnKKXSi8l3nU/l6Aw6yx/KHDFK/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2K3VKTVJqMTl2cWxUZHhM
OVg5ZjN0VGNpVXQ5M1FKZHloZ0ZnWTZ2ZWowCjJIYTlhRU8wd1JienlUTHIwWXYw
eFY1d2MxeStBd013VmszbTUzTkF6U2cKLS0tIDdDNXp4OTdQRjN0MGdIOS9oSldU
ZW5PT3VYZWhDMkZUeHViZE41eUhna2sKc8J8mJ8ge9KMb5p6Xi/vRIIXZMEj6Ih+
LjLKsgDfMbqNqKaQXSvC3tbvI/dDoiStyCsf4rkTY9QOkyEI80MtXg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-10T10:44:01Z"
mac: ENC[AES256_GCM,data:Sso6g9UEH7faygbcrypsnB/4h8cIwveLdVI+YgDDfTHMC5nxXj+xtfFHhzao1pkyvF0avUVjsMVXLRcB48eDcbZdXwBvoNKg0mpL7VAeOnDuwElI6GGpRVTaOsZC9LT9d1kuGkmavMljCvmaA3sPLZsvW3Hqjdicj+suMoQJ/nE=,iv:DYf0m9PfJ1qx3gI/6T6ByxJWHrdVGgiNMCVhcBOrgBw=,tag:Ddw2HFuCmk6PFnxF4G13hQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

BIN
devices/pc/bios/Bootx64.efi
View File

Binary file not shown.

BIN
devices/pc/bios/DisplayEngine.efi
View File

Binary file not shown.

BIN
devices/pc/bios/SetupBrowser.efi
View File

Binary file not shown.

BIN
devices/pc/bios/UiApp.efi
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Default.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_Native_HDR.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_REC709.icm
View File

Binary file not shown.

BIN
devices/pc/color/TPLCD_161B_sRGB.icm
View File

Binary file not shown.

128
devices/pc/default.nix
View File

@@ -11,53 +11,32 @@ inputs:
{
mount =
{
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
btrfs."/dev/mapper/root1" =
{
"/nix" = "/nix";
"/nix/rootfs/current" = "/";
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
};
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.nas"}:/" =
{ mountPoint = "/nix/remote/nas"; hard = false; };
vfat."/dev/disk/by-partlabel/pc-boot" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
luks.auto =
{
"/dev/disk/by-uuid/4c73288c-bcd8-4a7e-b683-693f9eed2d81" = { mapper = "root1"; ssd = true; };
"/dev/disk/by-uuid/4be45329-a054-4c20-8965-8c5b7ee6b35d" =
{ mapper = "swap"; ssd = true; before = [ "root1" ]; };
};
swap = [ "/dev/mapper/swap" ];
luks.auto."/dev/disk/by-partlabel/pc-root1" = { mapper = "root1"; ssd = true; };
swap = [ "/nix/swap/swap" ];
resume = { device = "/dev/mapper/root1"; offset = 131605760; };
};
grub.windowsEntries."08D3-10DE" = "Windows";
nix =
{
marches =
[
"znver2" "znver3" "znver4"
# FXSR SAHF XSAVE
"sandybridge"
# FXSR PREFETCHW RDRND SAHF
"silvermont"
# SAHF FXSR XSAVE RDRND LZCNT HLE
"haswell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX MOVDIRI MOVDIR64B AVX512VP2INTERSECT KEYLOCKER
"tigerlake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT MOVDIR64B MOVDIRI PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
];
remote.master.host.srv2-node0 = [ "skylake" ];
};
nixpkgs = { march = "znver4"; cuda.capabilities = [ "8.9" ]; };
nix.marches =
[
"znver2" "znver3" "znver4" "znver5"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF XSAVE
"broadwell"
# FXSR HLE LZCNT PREFETCHW RDRND SAHF SGX XSAVE
"skylake" "cascadelake"
# AVX-VNNI CLDEMOTE GFNI-SSE HRESET KL LZCNT PCONFIG PREFETCHW PTWRITE RDRND
# SERIALIZE SGX WAITPKG WIDEKL XSAVE XSAVEOPT
"alderlake"
# SAHF FXSR XSAVE RDRND LZCNT HLE PREFETCHW SGX PCONFIG
"icelake-server"
];
nixpkgs = { march = "znver5"; rocm = true; };
sysctl.laptop-mode = 5;
kernel = { variant = "cachyos"; patches = [ "btusb" ]; };
};
hardware = { gpu = { type = "nvidia"; nvidia.dynamicBoost = true; }; legion = {}; };
hardware = { gpu.type = "amd"; asus = {};};
services =
{
samba =
@@ -72,16 +51,15 @@ inputs:
};
};
sshd = {};
xray =
xray.client.dnsmasq =
{
client.dnsmasq.hosts = builtins.listToAttrs
hosts = builtins.listToAttrs
(
(builtins.map
(name: { inherit name; value = "144.34.225.59"; })
[ "mirism.one" "beta.mirism.one" "ng01.mirism.one" "initrd.vps6.chn.moe" ])
)
// { "4006024680.com" = "192.168.199.1"; };
xmuClient = {};
);
extraInterfaces = [ "wlo1" ];
};
nix-serve = {};
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
@@ -95,60 +73,32 @@ inputs:
name = "pc"; address = "127.0.0.1";
cpu = { sockets = 2; cores = 8; threads = 2; };
memoryGB = 80;
gpus."4060" = 1;
};
partitions.localhost = [ "pc" ];
tui =
{
cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
gpuQueues = [{ name = "localhost"; gpuIds = [ "4060" ]; }];
};
tui.cpuQueues = [{ mpiThreads = 4; openmpThreads = 4; memoryGB = 56; }];
};
ollama = {};
podman = {};
ananicy = {};
keyd = {};
lumericalLicenseManager = { macAddress = "74:5d:22:c7:d2:97"; autoStart = false; };
searx = {};
kvm.aarch64 = true;
nspawn = [ "arch" "ubuntu-22.04" "fedora" ];
nfs."/" = [ "192.168.84.0/24" ];
peerBanHelper = {};
mariadb.mountFrom = "nodatacow";
lumericalLicenseManager.macAddress = "10:5f:ad:10:3e:ca";
waydroid = {};
};
bugs = [ "xmunet" "backlight" "amdpstate" "iwlwifi" ];
packages = { mathematica = {}; vasp = {}; android-studio = {}; lumerical = {}; };
bugs = [ "xmunet" "amdpstate" "iwlwifi" ];
packages = { mathematica = {}; vasp = {}; lumerical = {}; };
user.users = [ "chn" "xly" ];
};
boot.loader.grub =
{
extraFiles =
{
"DisplayEngine.efi" = ./bios/DisplayEngine.efi;
"SetupBrowser.efi" = ./bios/SetupBrowser.efi;
"UiApp.efi" = ./bios/UiApp.efi;
"EFI/Boot/Bootx64.efi" = ./bios/Bootx64.efi;
"nixos.iso" = inputs.topInputs.self.src.iso.nixos;
};
extraEntries =
''
menuentry 'Advanced UEFI Firmware Settings' {
insmod fat
insmod chain
chainloader @bootRoot@/EFI/Boot/Bootx64.efi
}
menuentry 'Live ISO' {
set iso_path=@bootRoot@/nixos.iso
export iso_path
search --set=root --file "$iso_path"
loopback loop "$iso_path"
root=(loop)
configfile /boot/grub/loopback.cfg
loopback --delete loop
}
'';
};
# 禁止鼠标等在睡眠时唤醒
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
# 允许kvm读取物理硬盘
users.users.qemu-libvirtd.extraGroups = [ "disk" ];
services.colord.enable = true;
# 禁止鼠标等在睡眠时唤醒
services.udev.extraRules = ''ACTION=="add", ATTR{power/wakeup}="disabled"'';
# 解决有时蓝牙不能使用的问题
boot.kernelParams = [ "mt7925e.disable_aspm=1" ];
specialisation.niri.configuration.nixos.system.gui.implementation = "niri";
nixos.services.xray.client.xray.serverName = "xserver2.vps4.chn.moe";
};
}

30
devices/r2s/default.nix Normal file
View File

@@ -0,0 +1,30 @@
inputs:
{
config =
{
nixos =
{
model.arch = "aarch64";
system =
{
fileSystems =
{
mount.btrfs."/dev/disk/by-partlabel/r2s-root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
swap = [ "/nix/swap/swap" ];
};
network = {};
# uboot 起始位置 0x8000 字节这个地方还在分区表内部除此以外还需要预留一些空间预留32M足够。
uboot.buildArgs =
{
defconfig = "nanopi-r2s-rk3328_defconfig";
filesToInstall = [ "u-boot-rockchip.bin" ];
env.BL31 = "${inputs.pkgs.armTrustedFirmwareRK3328}/bl31.elf";
};
};
services =
{
sshd = {};
};
};
};
}

3
devices/srv1/default.nix
View File

@@ -59,8 +59,9 @@ inputs:
{ name = "n1"; mpiThreads = 8; openmpThreads = 4; }
];
};
mariadb.mountFrom = "nodatacow";
};
packages = { vasp = {}; lumerical = {}; };
packages.vasp = {};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "GROUPIII-1" "GROUPIII-2" "GROUPIII-3" "zgq" ];
};
};

8
devices/srv1/node0/default.nix
View File

@@ -27,8 +27,12 @@ inputs:
xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
};
packages.packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
packages =
{
desktop = {};
packages._prebuildPackages =
[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
};
};
};
}

7
devices/srv2/default.nix
View File

@@ -12,8 +12,6 @@ inputs:
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
nfs."${inputs.topInputs.self.config.dns."chn.moe".getAddress "wg1.pc"}:/" =
{ mountPoint = "/nix/remote/pc"; hard = false; };
};
nixpkgs.cuda.capabilities =
[
@@ -74,12 +72,13 @@ inputs:
];
};
};
mariadb.mountFrom = "nodatacow";
};
packages.vasp = {};
packages = { vasp = {}; desktop = {}; lumerical = {}; };
user.users =
[
# 组内
"chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "qmx"
"chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "qmx" "xly"
# 组外
"yxf" # 小芳同志
"hss" # 还没见到本人

13
devices/srv2/node0/default.nix
View File

@@ -15,11 +15,19 @@ inputs:
trust = [ "eno2" ];
};
nix.remote.slave = {};
fileSystems.swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
fileSystems =
{
swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ];
mount.btrfs."/dev/disk/by-partlabel/srv2-node0-root1" =
{
"/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix";
"/nix/remote/xmuhk" = "/public/home/xmuhk/.nix";
};
};
};
services =
{
xray.client = { dnsmasq = { extraInterfaces = [ "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; }; };
xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; };
beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; };
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
@@ -28,6 +36,7 @@ inputs:
ollama = {};
sshd = { groupBanner = true; motd = true; };
speedtest = {};
lumericalLicenseManager.macAddress = "70:20:84:09:a3:52";
};
};
};

6
devices/srv2/node1/default.nix
View File

@@ -15,7 +15,11 @@ inputs:
};
fileSystems.swap = [ "/nix/swap/swap" ];
};
services.beesd."/".hashTableSizeMB = 64;
services =
{
beesd."/".hashTableSizeMB = 64;
lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07";
};
};
services.hardware.bolt.enable = true;
};

101
devices/srv3/README.md
View File

@@ -1,101 +0,0 @@
# 定价与配置
售卖两类 kvm 虚拟机。它们都按照需求的内存和硬盘定价。
## 普通虚拟机
* 硬盘每 10 GB 0.056 美元每月;内存每 128 MB 0.044 美元每月。每 1G 内存附带 1 核心 CPU内存不够 1G 的给 1 核心 CPU。
* 例如4C4G/100G 的配置,每月 2 美元。
* 这个价格相当于母鸡价格的 70% 。
* 适合绝大多数轻度负载。不适合的情况包括:
* 硬盘需要禁用 CoW 以获得尽可能高的 IOPS例如较大的、繁忙的数据库例如大型 mastodon/misskey 实例)。
* 希望内存中的数据一直驻留在内存中(而不是被交换到 swap 中)。
* **可能会超售**,但我凭良心保证,当你需要时,仍然可以占满内存和硬盘;长期占满硬盘和内存不算滥用。
* 前期肯定不会超售(笑死,根本没有那么多用户)。
* 永远不会滥售;但后期可能会视情况调整价格。如果涨价,会延迟三个月生效。如果降价则立即生效。
* 万一出现卖超太多了、不够用的情况,我会自掏腰包增加母鸡配置。
* 实现细节:
* 硬盘会使用 raw 格式,放置在启用 CoW 的 btrfs 子卷中;不预先分配,用到时再分配。
* 内存会允许交换到 swap 中,并开启 KSM。
* 限购:
* 每台内存不能超过 8 GB硬盘不能超过 200 GB。有更大的需求请买下一个配置。
* 每个用户只能购买一台。
* 这个限购措施是为了防止有人和我抬杠,花 70% 的价格把整个母鸡买下来。并不是营销手段。合理需求的情况都可以谈。
* 宿主机会自动创建快照,需要时可以回滚到几个小时或几天前的状态。
## 独立虚拟机(资源独立分配)
* 按照母鸡价格的 1 倍定价。也就是:硬盘每 100 GB 0.8 美元每月;每 5G 内存/2 CPU 2.5 美元每月。
* 实现细节:
* 硬盘会使用 raw 格式,放置在禁用 CoW 的 btrfs 子卷中;预先分配所有容量。
* 内存会锁定在物理内存中。
* CPU 会隔离/锁定在物理 CPU 上。
* 宿主机不会创建硬盘的快照。
* 两类资源可以混合购买。比如可以硬盘按照独立虚拟机的价格购买,内存/CPU 按照普通虚拟机的价格购买。
## 其它细节
* 无论哪个方案,硬盘/内存长时间占满都不算滥用。对于第一个方案CPU 是共享的,请不要长时间占满。
* 暂不限制带宽,合理使用即可。
* 默认共享 IPv4支持端口转发详见下文说明。独立的 IPv4 每个每月 2 美元。
独立的 IPv6 免费,但暂不支持(技术上没有准备好,如果有人有需要我就去准备)。
* 只卖朋友和朋友的朋友(总之得有人保证别拿去做坏事)。
若此定价对您来说仍然难以接受,可以联系我,打五折或者免费。
* 此价格 2025 年 9 月 17 日前有效。之后大概率也不会调整,但保留调整的权利。
* 预计收入无法覆盖成本。如果某个月的收入高于成本,承诺会将多出的部分捐出去。
* 非 kvm 虚拟机的服务(例如,只跑一个 podman 容器,只跑某一个服务)定价私聊,大致上是上方价格再加上我的工作成本(事少的免费,事多的就要实收了)。
* 配置随时可以调整。所以按照自己这个月够用的来就行,不需要为未来留余量。但每次调整都需要重启虚拟机。
* 母鸡价格 40 美元每月,配置在下方列出。
* 机房: LAX3 IPsrv3.chn.moe
* CPU: Intel® Xeon E5-2650L v3 (12 Cores 24 Threads)
* Memory: 64GB ECC DDR4
* Storage: 1TB NVMe (可加8 美元/TB另有 NFS 3 美元/TB)
* Network: 1Gbps, 1x IPv4 (可加2 美元/IPv4), 8TB/month
# 操作
我不提供网页端的控制面板(因为懒得搞,要是有人想替我搞的话那就提供)。
在确认购买后,我会给你一个 VNC 端口和密码。虚拟机会首先启动到 netboot.xyz你需要登陆 VNC 选择自己喜欢的发行版并安装。
安装好系统之后VNC 连接仍然可以使用,你可以使用它来重装系统等。如果你担心安全性,也可以告知我,将它关闭。
此外我还可以提供一个宿主机的账户SSH 连接),用于强制重启虚拟机等(会做好权限的分隔的)。若有需要请告知我。
# 共享 IP
支持多种转发策略。
* TCP/UDP 端口转发,就是最普通的转发。
这个方法只有一个坏处,就是多个虚拟机不能共享同一个公网 IP 的同一个端口。
这导致用户在访问时往往需要明确端口号而不能使用默认端口(因为默认端口已经被占用了),
例如需要使用 https://srv3.chn.moe:4321 而不是 https://srv3.chn.moe。
建议不面向普通用户的服务使用这个方法例如sshcoturn
* 利用 Nginx根据一些信息分流再转发给虚拟机。这可以做到多个虚拟机共享同一个端口但也有缺陷。具体来说它有很多种方法
* 依据 SNI 分流,并透明代理到虚拟机。
这个办法的缺点是,只支持 TLS 连接(例如 https同时服务端看到的用户侧端口会变化通常情况下不影响什么
只要这两个缺点不是问题,就建议用这个方法。
* 依据 SNI 分流并使用代理协议proxy protocol转发给虚拟机。
相比于上一个方法,这个方法可以正确传递用户侧端口号,但需要虚拟机的服务端支持 proxy protocol。
* Nginx 依据 http 的 host 头分流,再发给虚拟机。
这个方法的缺点有很多,例如我需要修改你的域名的 DNS用来申请证书母鸡到虚拟机的连接不加密只支持 http/https等。
这个方法唯一的好处是,如果你不会配置 nginx可以在宿主机上配置好虚拟机只要跑后端的服务就行了。
* 别转发了,直接在宿主机上处理。例如 80 到 443 的跳转。以及如果你想要 host 一个小的、不常改动的静态网站,等。
# 杂项
**如何调整虚拟机启动顺序(重启到 iso 而不是硬盘)?**
先重启虚拟机,然后马上连接 VNC可以看到“Tiano Core”的提示。这个提示只会停留 15 秒,所以重启虚拟机后要迅速连接 VNC。
在这个界面按 ESC 就可以进入虚拟机的 BIOS在这里可以修改虚拟机的一些设置就像实体机的 BIOS 那样)。
如果只是想临时从 ISO 启动可以在这里选择“Boot Manager”然后选择带 “CDROM” 那一项就可以了。
**如何调整硬盘大小?**
* 扩容:你需要在扩容**后**将分区和文件系统调整大(占用虚拟磁盘在末尾新增的空间)。
* 缩容:你需要在缩容**前**将分区和文件系统调整小(在虚拟磁盘的末尾预留出要缩容的空间)。
这些事情都最好你自己来做。我可以尝试帮忙,但不保证数据安全。
**如何强制重启虚拟机/关机后如何开机?**
登陆宿主机后,使用 `vm` 命令,不加任何参数,即可看到提示,按提示操作。

125
devices/srv3/default.nix
View File

@@ -1,125 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-partlabel/srv3-boot" = "/boot";
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/dev/mapper/swap" ];
};
nixpkgs.march = "haswell";
initrd.sshd = {};
network =
{
bridge.nixvirt.interfaces = [ "eno1" ];
static.nixvirt =
{
ip = "23.135.236.216";
mask = 24;
gateway = "23.135.236.1";
dns = "8.8.8.8";
};
};
};
services =
{
beesd."/" = { hashTableSizeMB = 128; threads = 4;};
sshd = {};
nixvirt.instance =
{
pen =
{
memory.sizeMB = 512;
cpu.count = 1;
network =
{
address = 3;
portForward =
{
tcp =
[
{ host = 5690; guest = 22; }
{ host = 5691; guest = 80; }
{ host = 5692; guest = 443; }
{ host = 22000; guest = 22000; }
];
udp = [{ host = 22000; guest = 22000; }];
web = { httpsProxy = [ "natsume.nohost.me" ]; httpProxy = [ "natsume.nohost.me" ]; };
};
};
};
test =
{
owner = "chn";
memory.sizeMB = 4096;
cpu.count = 4;
network =
{
address = 4;
vnc.openFirewall = false;
portForward =
{
tcp = [{ host = 5693; guest = 22; }];
web = { httpsProxy = [ "example.chn.moe" ]; httpProxy = [ "example.chn.moe" ]; };
};
};
};
reonokiy =
{
memory.sizeMB = 4 * 1024;
cpu.count = 4;
network = { address = 5; portForward.tcp = [{ host = 5694; guest = 22; }]; };
};
yumieko =
{
memory.sizeMB = 8 * 1024;
cpu.count = 8;
network =
{
address = 6;
portForward =
{
tcp = [{ host = 5695; guest = 22; }];
web = { httpsProxy = [ "littlewing.yumieko.com" ]; httpProxy = [ "littlewing.yumieko.com" ]; };
};
};
storage.iso = "${inputs.topInputs.self.src.guix}";
};
};
rsshub = {};
misskey.instances =
{ misskey.hostname = "xn--s8w913fdga.chn.moe"; misskey-old = { port = 9727; redis.port = 3546; }; };
synapse.instances =
{
synapse.matrixHostname = "synapse.chn.moe";
matrix = { port = 8009; redisPort = 6380; };
};
vaultwarden = {};
photoprism = {};
nextcloud = {};
freshrss = {};
send = {};
huginn = {};
httpapi = {};
gitea = {};
grafana = {};
fail2ban = {};
xray = { server = {}; xmuPersist = {}; };
podman = {};
peertube = {};
nginx.applications.webdav.instances."webdav.chn.moe" = {};
open-webui.ollamaHost = "192.168.83.3";
};
user.users = [ "chn" "aleksana" "alikia" "pen" "reonokiy" "yumieko" ];
};
};
}

112
devices/srv3/secrets.yaml
View File

@@ -1,112 +0,0 @@
wireguard: ENC[AES256_GCM,data:Coe4iIEnJVDb4a9KUVTRkXl4kng5Zo6x1Iyr0ErgR2b9bN287mvO6jPUPSc=,iv:fiNUUKobJjitcoxBemIah5Cl5+dSz2Q7sbiOT8bDrRM=,tag:rHfNeRGTxnyVYAu8P/2ewA==,type:str]
nixvirt:
pen: ENC[AES256_GCM,data:okvzUul3UXk=,iv:hcBhsUMP8jdhhKuKdHD1lZi8ixNAC729HfMQ79UzyNk=,tag:SRRav39ScHn0O/sf86CIOw==,type:str]
test: ENC[AES256_GCM,data:MYlMmzgbW9c=,iv:q1qPAwFTh0fj2IHBIlnrOMbTU2BnwIYzOFUHVqWCY/Q=,tag:Mb2bJJemg/LxpKI5whNvQw==,type:str]
reonokiy: ENC[AES256_GCM,data:J/ZM0Vavmnk=,iv:ZT1cMF/JWLWmXyBx331XkBQerOhLJeOd0a53jcSC4S4=,tag:/WCwzOg5LlAS5ZaiI5DSIw==,type:str]
yumieko: ENC[AES256_GCM,data:Nugm6tP4jxg=,iv:HweUreniPs3eDs1ucu/G/P/JZ4jfSaOAiLD2o5WeOUo=,tag:eoc1cVG7CD5WFoawDUUpnw==,type:str]
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:cek6iIlJXgU191uzq44rTw==,iv:r7aMj5UzH1sbKkxvS8oyw6kpIcpRygD4ype8qkmnNa0=,tag:x2jWZnnFCO0sHj/OS2BQbA==,type:str]
led: ENC[AES256_GCM,data:JiCmbknE,iv:Z2RFOWIPUk2jaR6qd4PgRb7LwwHSKNapPQq996Mx+yI=,tag:mq6Vtwjw31DKig3Dl4xU+w==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:+wEclSJGMLBMt7Ss2fMlUgq5kRyNiOheQnRvVtbW47eG2mFODBaw04Qftb80aaSE6YpCTNslBGdIjcpIC7FTUA==,iv:6Caod/1AnUxEEC7ZwVrtDZ1kP6Qu50R+9I3eda/p0pk=,tag:/EYXZ6yl3QupVrzIHQMdbA==,type:str]
misskey-misskey: ENC[AES256_GCM,data:nCrH0B3A5B6yMAgTd5TA56PKqJUxwtHeS6BvuUseyKAVbqH581TGsO80mNQ0AJRjviw5o3ftTay79nJnmGld6Q==,iv:fhGcgbpNBo9yUpFDWtuzMos2iPhMdWyc88S0fZDxGao=,tag:QIZ72z5VBqd5pFgaEvMTZg==,type:str]
misskey-misskey-old: ENC[AES256_GCM,data:WS+SVmxYs3cNc/+sJQLNYDO0ZkZvmqzW9hCGdDae/N06KGicgiGOKV8LDe1UviGGGzXzB5VG0YvAprEGhUURcQ==,iv:6Ur9FL2+RzU4tfK2V4TaaCpempS1JSSMHz6ebg3mp7c=,tag:qCNqJ3SauPdpxo3f4NVg2g==,type:str]
nextcloud: ENC[AES256_GCM,data:pwxtefU7CjTxyogcpPpvQxvdnYIpggaBHZ+/PaT9lhVfvFcNtBBZ1eeOGbUXMZc7BnkFAUDVTVjr5KV75CeX6Q==,iv:65K3PsNfesaAJ7rSRI66o5UEM3SW5KdUnGc4h9WMkUE=,tag:e2nx9vTlkGekvhm8lYsMkg==,type:str]
send: ENC[AES256_GCM,data:QCfqbGYuBrlwfuHiSsZIZ1OBVnSO9QjhlPWGVRysKbQK+As/RGbJ5QYtPOyKfRg2L1d5Irfu1aGRoVrzpA8O1Q==,iv:MWzJP+JBwf131X030MnzNKMJ3d4Fq/GtbHpuan4N53Y=,tag:z29HS/FQXTvgN1e1HZFJkg==,type:str]
synapse-synapse: ENC[AES256_GCM,data:C6eXXK6SvMmvIa8dVjttorYBScC1SfILqXPMYDCpewVyJCUFzQK3NB8KUz9TMov4P5n+Lm5YItjrUgnhNJA5jQ==,iv:ziJ5JK/+M9d+R6/O/4hQy5DPBw/4XSZVQvIcy55aHRY=,tag:nv0rre2/kyhKu4C5JSE5dg==,type:str]
synapse-matrix: ENC[AES256_GCM,data:E72t568kxMjz+x+nC0kIJJFfgt6njlW8Wx6RuqnI736vW7IaA7scNVQ03lXpqZlKS1M7wUhb1QRPowJxNjSK7A==,iv:5qGHIWb7XXrnbjPQVWt+EcX/yDEV4Ny+TIo5OaRHwOk=,tag:O+SQBmZ7xpToSJYmcSCRWA==,type:str]
peertube: ENC[AES256_GCM,data:lxf5JtlGfDsYY2kzqaas8zPmS3u7Xch6onLVe2yoQZL6Eeb94V8yncqezGFcsGv1k3Xfr4ncoEraupO3RtKYSw==,iv:VM3SAORs2Ol/WKYCffLlHNPAzA37Kp2fgToM1faS7Ew=,tag:gwI80Kn00QOU+9vRsUKchQ==,type:str]
postgresql:
misskey_misskey: ENC[AES256_GCM,data:BUHwrGGcniD/7+hSHkXegopgG1bRGSt+OXJxKdMOEyeawAkG96af+njJ+WgcZ6KAzQdWtqJATdiTOxpznkvKfA==,iv:9hF/jcGyWFNPzzqVyaVXEabeaGDE92bpVYq1oxvQGOY=,tag:nZObCyAfuMr+B+rlUhCMMA==,type:str]
misskey_misskey_old: ENC[AES256_GCM,data:saLuu3wFcqRW2yNF9aZZ4zc6njm6pqqcUUqRTbijXELvZwMy+G+OMKuvgsh71NLDJiNDZdOBAOdUUXlC+okBFQ==,iv:kcHjlpndXENhASkenLN8fNLJjHmcuLN+i7+a+fLjxyU=,tag:Sbr74hl4GsCts2Diw8veRw==,type:str]
synapse_synapse: ENC[AES256_GCM,data:NfXD6BHV9za79NW1kLvJjdOLeHjtcrzx9O9W65jgHYneEmUNKO1nuBgs3PrI8tkBPkmn55UdC+4v2WFjHWXrkQ==,iv:YdF0liKfIBT3CHCr1ufguu9qqYpfXfjOhJY5BO79orE=,tag:OWyN3Zh6uvm10LmCBipJ4w==,type:str]
vaultwarden: ENC[AES256_GCM,data:4thZ0nGnbprVntYH2wG2PAgAJcAYuexQPOJBSpC1ivQgNbmn89L5pSANx5fvYewa834mlqSWHWeSqIw/81tDqg==,iv:d6gARu6yGzALNZrgpvaxWqM1cdkalA17GZ4EVWHqYUc=,tag:guYaW+Ds1TylCLw/naD2mA==,type:str]
nextcloud: ENC[AES256_GCM,data:jeJSAF+oeEXL2BqKbzngnSVvpxE5yuzRq2LLu6EyKT76xHP/whP7QuRxns23dsJnUr55qaRUzDunvoFco8MCZw==,iv:0lxolTDXskNvrVEAC4dV/mIgCMi3B0xH+xVT40Brii0=,tag:YvUtW172rmKK6pY/+4WhXQ==,type:str]
gitea: ENC[AES256_GCM,data:D+WDCVPTAcOg/gpxlcaNHFVHBC8uKOs5VZKQYuF0qNZQn0H0dWQS89K3DsgjBKck7ugiZOyXKUHISBVrfBn+VQ==,iv:qkahWBx8q1g6wlzXKM5Bl1PqxwkprCZzzCq1vGWaj7E=,tag:hWX9jF2qx60QrOForU7LLw==,type:str]
grafana: ENC[AES256_GCM,data:Hm92Qnz5QVWwk6P61vrnnxDFLtdVx2vOMKwy3sRSv+KDnNSYvRNyLQUkyuf7Nh0S167XgAxDPTZQb9k6AjO36g==,iv:oXmfVDr63NGv4rRBb12V9l9dNXxQK7Se/2fbK40d2a0=,tag:DNeeRwEShxUhowkIfr1feg==,type:str]
synapse_matrix: ENC[AES256_GCM,data:HdhB5WAxBa+BaFBVoIo6RwhOxhN5WrTLR11kah9H1sBS5GDPldDw0H274faWFwE/UwXO2ggBEAYvACXr/rXkvQ==,iv:NxOsZqxsP9BSgdlW43AuQGw0VjSGx77wygjdDcINf8s=,tag:CtbG4zcXG2QFFP4dGgOxzg==,type:str]
peertube: ENC[AES256_GCM,data:6P8muSWzJ+A71nZZKlCXRCRwr1HWu7yrSw5bkeHg5As917frrbOMmDCpf21H0q+eagx/ZrRIWod2JXc2YGKCfg==,iv:G/zZeYbDCHffACCvhJlKlJ1cUCkw0+raq5G1ubqIRAg=,tag:HeQA3ueNo/t+8JR9jVUUPQ==,type:str]
rsshub:
pixiv-refreshtoken: ENC[AES256_GCM,data:3nQdmn5RAaeqeI7S/0gPUGOzt7rkizpk3Ouz+pXwbqKBpikXKm4amvwg1Q==,iv:sze0u8un0xyumqHj0YeKcBD9xKZRW77rQdQn7auIf8I=,tag:bWqg+/pBaQJ2J3hjx05hlw==,type:str]
youtube-key: ENC[AES256_GCM,data:NZPG5iYrkOof+L3SKp9SqXmXOt37hvqCxTTibkzXv5TBPcCjPhCe,iv:Re6966w0oRtvHDCt9eYvswDMLNKcM+stIAA+P1qpWbg=,tag:0jNqPlGoXr0bHGMgHUZXCA==,type:str]
youtube-client-id: ENC[AES256_GCM,data:7BOIrxA5FIUo/31p3yqrLJKJhV9IUB25//w343eBoAnr3uD6J9zeLO3nIQv99vItioqFA1RmygCeer9pG7j/FI/MmmT8nGzPcw==,iv:mzKY2XghoXhKTTkO6EiG+ZJFsM39TX6UXJbzh0UA7vc=,tag:w7oiCvURV8yFxxoFR2P/jw==,type:str]
youtube-client-secret: ENC[AES256_GCM,data:JCyNb9biROLSx0RHkr0FqZ26nhU/LRBEnzfx91mmq+Ux0/A=,iv:fEMmanWtWaKBVUJVIeMSu+XV3v8xeccDY3DTJr4LOsk=,tag:bT+XedAZu94h053/1zr7Ow==,type:str]
youtube-refresh-token: ENC[AES256_GCM,data:TXNvLTfF4K5RT4D0anzXds/fcdPy3FXddGt5xxLIaxbKIqCAtsQyLEhA+SfQXaBk6T/yKIhtd/H/BLu1jOkiZsFL/8i5GSRSIXyagFrCfh/7tEqhCB0u52Hz5Xy4pkZiqd/AXx84Og==,iv:s+q2ffpJP/rcKu/Pw4KosM5/7boFPArJxgbqL0f1ZkI=,tag:chUtPpJbYuhjv09lRdXHMw==,type:str]
twitter-auth-token: ENC[AES256_GCM,data:scLoap0kDJW8Q9+h9S/JKYafyCUgx75RV7akHY/BYEmFhRNRq5Z2Lg==,iv:GhP3nyaK18PDcoHc18zhuuPAPnfEWgUagBrZNDY3toQ=,tag:qsE2rIgrmlxBW8D3i10KUw==,type:str]
bilibili-cookie: ENC[AES256_GCM,data:fdAX5CpbJZv3fxRdA5SpFwNUZ0jYgYuv8SyKfbJzm5toQ8S5TrQ9WnQk6Jwweqmg3VDRD5l6l/irGsRlLdjt3p7fyAJy0wtzY0jD1xGw8XhdKWevMTysg1YQcMijkJSI0oHpofis975M6EDjcURPWwlR6GqW6POOpMep97siOxiNyBi32TbZHqvIWa1YfyuMcngYMEsShpzWAZCCvLYXoBINXebG1JPHU2xua7EHMO+VH7UFNVCyBYmOw4iXBJ4YFaXqxjQTBza4GDDZ/RVBvO5Egdjovjpj1DR/hOEG4xJHpg6xTsFw,iv:WQTVuovkZjzuu5w743GkMcWqu2p7dmPr9sKHemkbxG4=,tag:eszbpreVfC4LtxnRte241Q==,type:str]
zhihu-cookies: ENC[AES256_GCM,data:ssemzXs7ub4z7pw4hWGSfzBfKH/xzv8bhtqC1dDbZJCnwZ4D4/U9ES9QDrPeKT5AjbdLV/WBvJqWKcwTQjGnRhMrgK2MU2/8Et61mur5WE5GPQjwhWV5JaTMhSxKS3pZtpyvIgy+0iwOj8QQS6mbujHnpb/y0fhszlmUQPBL4eIxm269/FyjBLeRivrJvSmMpLQxxwh2/GTojMPH2F3bclsdMHgZhvYGdJ65hSWn2Q==,iv:PffeWFhC+dYkLSDQKuIHRRDjqE7By/ZIuZIhkjCGDig=,tag:p4iJwqLfqkiKOi/KnoyfQA==,type:str]
mail:
bot: ENC[AES256_GCM,data:XngvO9b98ccRoW9WgfX/Pg==,iv:SE8SK49zhYhDxl6f2UonCzTPcKg23CzbI5V/fOh5zOA=,tag:IXGwnSU+Vx0BQxjgvyBnCQ==,type:str]
synapse:
synapse:
coturn: ENC[AES256_GCM,data:TQqNzjJV8iM46JZQOKqkydkSrDFH2El4EE1ZCjUPpZ6EM7UHfjjxP536sm7c7adxIZzrj2TlzKufhlGFYfZ8xQ==,iv:OVguyW8sQzfczVHMaMTg6+J0wzTzeTb2zZkXnMEZ4Jk=,tag:dYLMU2bHyg/IR1oyujsoRQ==,type:str]
registration: ENC[AES256_GCM,data:MXlRld2ugF3qDVPbrd3TGiwdFhJEcxKDsvmEV4P9Qap/zp1WcMzfo+wAeXtq18MV7Fw=,iv:ztN6q+1ql9b4NMiyuDEmWbnpWeOPmbEftymMDQ3C53M=,tag:+BI9t1jSNNcfrIU6AaDOXw==,type:str]
macaroon: ENC[AES256_GCM,data:hVkFqtfaOL64qNGjIfmSORm0D8lOvA/H3Mrm11Glrgy11ACjh+zI1CSglQC0SmaKSP0=,iv:ydNz3kXOelPxSFKshjH9+iYw4OItm6QoNGuks8kSDow=,tag:TCHyMXc+gT+fxVyd7HexMQ==,type:str]
form: ENC[AES256_GCM,data:lykxrVPMWz1sBk5GoMRHfHhsVxcT7txvLJ9GM48Jyff5HXh1z4IWuZzOu8HkrELkJrA=,iv:QGV8vqor+wByS9z37sF/iPfrNaL/0jU/yUGiphEl4Fw=,tag:Mg/Oz5hI+oDnp58aQF6Rew==,type:str]
signing-key: ENC[AES256_GCM,data:Ov+ly2t3abRunse65ccPpQgqKzDrF8B2wMaCJt3Bxa+QDu6WwD8DD4E+pcQK5/HaTdsQte8Z/3f2Kw==,iv:SSMjSTrhgHt6iz+oyHe0sHm3Eb82ks5z8DR1Puc1raE=,tag:9X+T4n/6Vl4tUbVM0LJySA==,type:str]
matrix:
coturn: ENC[AES256_GCM,data:BmnF4oyUdbESzOwlqQ5SXYgeUnWgyFE0pdBox33JmaMcOvRPtckD9p38UeMTxp8Pccarmx6f83rdHsifeoiWaw==,iv:1bb3Tn67HTHVNR9ohH1HtqS8wh6t7qtTEl5MNbwn7h8=,tag:xlxMZtqew4pTc9ztY74cHg==,type:str]
registration: ENC[AES256_GCM,data:LB5tWjoAsftqszYZGOXtqLFXa0HyU1b6lVUrBup5SJJdB2ZOnPsNtcgEkZLtMUlQ//M=,iv:jvLEwPv4iKuKfOPV08sPb9Z2XMnN+074DCQX+ARDPf4=,tag:4QxCLcOSQ30dU2Z+0OzGYg==,type:str]
macaroon: ENC[AES256_GCM,data:JSlovYowIe0C2jEFsIJci6+M1GYgbINdp0XkY58oOk1/ztyMnABSXcgZ73pEpLeUCvY=,iv:r2d5COTXL3gz9pb4GxuFQjM5DHsmwAfDy/eqlZyZJoM=,tag:yRn/OBcy1IqMvJQYD9sA6Q==,type:str]
form: ENC[AES256_GCM,data:sN24Yj5miXmUsvEmeSDOxFJxAetQdEJw+kEPNq+iMXyEexqEgoYBseH6kbFZwZAVrBo=,iv:ZtRkme3U1ofUBzT2J9SeRov1+rN5CrSi/ExKX7S5DNY=,tag:gGj8l5JXlzX+2sdHsLfQAg==,type:str]
signing-key: ENC[AES256_GCM,data:nmP8lwTAYGHc0LYcEj2AJE1XwSJBfA/NK+K6/0KGsufxwS1VhCXUWX9s3oEUPwuteTGZesaDVep1Qg==,iv:NcJEhlz6WgorViN2oiUG7kLy8N5kUzr5cD7Z4PRGdTg=,tag:WiWhIKaE5UQwEXunUokaNQ==,type:str]
vaultwarden:
#ENC[AES256_GCM,data:rD0YOnSNf23ZjJhRWWia3+Zbpl6/cynCKlQQFhzaWIclHBk7YU3Z4E9J+YuWzlO8BM0bbp+zMxFGEFvbMrSHEHQ=,iv:PzQOCpSrjFb/aYn70oKrpb3jDy8rtZKPkLQ8qv0GMyE=,tag:wRfa4oHzAKD3BNYghIjZKA==,type:comment]
admin_token: ENC[AES256_GCM,data:oEIaHRqRIVQh+lSv+4p6G26bIKCtAQiw3t/C24C465THrwVa05D2Sax1IZ1JaHKgOmLzo8vxteBmJarARyC4kAnw2vb5bDPT1KCO/6u99mXhQyF3NY3FjmDwWHqTHHZT29dwAmtdFRz7rJQowLVqhBVQzNePdQ==,iv:QVAZ9JwwebqD7zxS8+Ai3K5V60bQbe+ewDc+JBXDMuM=,tag:vUYNlVf7ccooiBIXQWQC0g==,type:str]
mariadb:
photoprism: ENC[AES256_GCM,data:JWeUPE1mb79IzyIsJime2yaBH+/yno2vbXAXO5E6Tx+al7bUlEH5JzYqz8+g8Jkiz3HhRNI4tcGUcVE7kkLgfA==,iv:ZJlIUGbEL/mGLWzjNEwgvzuzZZZrTy5D7e0eZ5+Ouvg=,tag:WY7/sUd2p2viKKDKsj1TLg==,type:str]
freshrss: ENC[AES256_GCM,data:/qt890Ly7zvuZB4Zn5xHLflc3L6Ex9JDa1BAinbG7OOkPGpnC83g8ivaQA3xL/CU1FRsm9V1OW4Bv2eN7VDhrQ==,iv:xQG5j3e4C7HWGct6gAET9uVUhGFv0BYVMLdL/1sj664=,tag:YaqjUNk7ybjfitrRpreQwQ==,type:str]
huginn: ENC[AES256_GCM,data:vbXI6k3IvTDgQNtKNX9VVJmanO6l+mLoOTq6djEuKfSQAO5UKMq9Xec2rsAibq4reKh503C4too3n2GU1Wo+FA==,iv:rSHmytVa2QWiZ1HH+8AOTOgimYcmPwo4fXgSSq7o+fQ=,tag:5DkdG0TarAs3cSsgPfFNJw==,type:str]
photoprism:
adminPassword: ENC[AES256_GCM,data:X9af31Z4xGu8XJjMfsf3+whEdx96KHMyfJKO+5Q4q1nlnZD+cLjO8Lza2soO1fFndXcowRYsReUAzmXjH8Ffvg==,iv:LmH+JDA3YwydSNr8KbePPDga5ukGFol/BGrHNOZUxPg=,tag:T2HbUNcHnYD5c3GR5rnRmA==,type:str]
nextcloud:
admin: ENC[AES256_GCM,data:mhTb6UPo3fIGlKPpER+Lcr2Jyv1nMk5jbQtxoN4txGJAFaJIhK+iAiZDZXBtOiysYqatcC2orJdgt9je8BAVWQ==,iv:G/uDlOGUt/F1GgxpIMGvVuFjcagVnHBudSGXZi3rrXY=,tag:hdE3Pf3G/xrnKaUkYO1WsA==,type:str]
freshrss:
chn: ENC[AES256_GCM,data:Z4UmsXv1KiVfZMIQOEHH,iv:pF5lQLggkxm9y7taDVcp366JKp8U+8akNEdPA+Nf9Uo=,tag:0TajgUI/VgM3FxG1j6c/jA==,type:str]
huginn:
invitationCode: ENC[AES256_GCM,data:JDN913i+zf6+obWxrNAbgx1NJGPyewRm,iv:lqnjbSk46J0ZJN6ccbbiCiOK92W8fj2mWRwQHKqy2dc=,tag:UYZesryRlfAMo7xhKQ7zgw==,type:str]
grafana:
secret: ENC[AES256_GCM,data:1Wfq8QmhzKBObdktheFPySzXYlOJzHWbYYQXgn3beLOwSlW9f7bUn+wIrRoj1e8WlFJkAU2xywzjzzy/UwpSYA==,iv:/0YoHTs54O+cT6VVt1U5CYXr2qEdY2kijOlnMZMW4d0=,tag:SD/IELlcgfS7p9NBEa6D/g==,type:str]
chn: ENC[AES256_GCM,data:8R92k7RH1491u6lfQdM0U3SG8TPi3vWhZyj810XSjnA=,iv:8v6ijLHgoTPT6MGoP/lWB+UEZCCgOpvfskWCJJ63Udo=,tag:k9SHzJ9d54Rny3n8EbksOw==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:RIih,iv:1KQsPDpbG1A0NFT72tO6sSuQ84vfW07DST+/XzpNZvY=,tag:D3AHUPlCJGyVBbDalTHobQ==,type:comment]
user0: ENC[AES256_GCM,data:n6gIZGYdT6wEfKgizFvIE802AkpR8BpSPSZrQ5WP/aZWzLUL,iv:AxnwFOzmIRm3nTLpi8/4lkv+TjO4y4RZQtHO0GriD8o=,tag:nllDCaLZd6JNS2JqwvgVyg==,type:str]
#ENC[AES256_GCM,data:uhAauqQ1oQ==,iv:0Sr6YjarjkLmBq5H1ELb3SYBzrTVhqIE6qPxc9HYeKY=,tag:NvGGSY99Y7d3OTnpOr2p2g==,type:comment]
user1: ENC[AES256_GCM,data:EcEySx/n52rN5REPEWNjCuWywokvOetadbljqPpDPADTeeSk,iv:7r3CdvHJT1iZvx1Xn53It1ZxIkdLVIeQ+Q03zISm94k=,tag:8cIGZUlIhVgRc2FeU931kQ==,type:str]
#ENC[AES256_GCM,data:KuuPQQ==,iv:LGGqLFV4CnUMLWaNbHj6bRseetvdMdSOefV1FeYlJSA=,tag:wXlqKM2BuoMRZAwYbv5eOg==,type:comment]
user5: ENC[AES256_GCM,data:T5p0POx9Cnqdlp0blEYvAnRNIDOCNVdpOBR4rVQ1/07/rOCX,iv:EZx6ToeORzHoG+aEPi9oiTcwp4bOIAJpPUvemhYM96Q=,tag:aSS+RY5rEzr62mbE+JDanw==,type:str]
private-key: ENC[AES256_GCM,data:xz7xFt/g++E79bIl6AeBWATHDB+gHBIoXo5vdWTeyrAT1RtllgYie9k3Fg==,iv:x7fdmSINQA+F7a08jpuvCAg7vIZpsYaoX+EnitJMUCk=,tag:GAb/RRdAOlteIQPxeIMAXQ==,type:str]
peertube:
secrets: ENC[AES256_GCM,data:OR3OA8qJsq1gAYiv1rShNa8eODzIxPOpVbqbnseSCMUNx4+FeOgReTLl7cXHPxbBkrJbsfEq5XYm1QtRtxotdw==,iv:6vz0ezsFuCNsBduNhm4VQ+it6oEJF/eMxktVFhdXgug=,tag:hmW7BwF9C53SAHhu2HBLYg==,type:str]
password: ENC[AES256_GCM,data:OaoqvUzWZz4LvVwZMbOSeq0mZyTqWT/E1Dt/N0XwEGwn9LLtarG/LrzV24BMS503N7NIxePVBK0jJCdbO7sI3Q==,iv:aaInNy3UmdF+aOu+Lzo7F0FvEVRbsn2XDwmYLNtYaFE=,tag:l/ONyeZJtZjS6IqwQgMs7A==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:5B1wPAOx3GsLDoYBKHWFzoyXFmn93fdcq6UC2rCt/P5zYLA4VNzfsp0=,iv:Y2gTLCmwB5wY4dhN73HRvTqSMVXbAEd+RjRbgUEuTeE=,tag:vcfNhXpG0C3twFBsm7PHwA==,type:str]
webui: ENC[AES256_GCM,data:Lg32DZ5GC+AYzWc4WloNMQlnpsqW67s5/kXzYwE=,iv:ECncgdYoLkX9GUOX26MXFSO8JOZahUDjTdKV87IRNJ8=,tag:J/5tTR3MI0iGIVDrlacYEg==,type:str]
xray-xmu-client:
cookie: ENC[AES256_GCM,data:z1KI3CUfPqyiI/B/qgrNhg==,iv:QEjUlMkkF/fdwwEIGiJJ5UxFGw869qAnpApmWaRn3GY=,tag:EbdJsYEslwJbARxDoEWrDA==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaURzWlFQNUpObmtvaUd2
bVc2UXRHajFPeXR5eTNqQnBhaWVOTXRDSEhVCjJVREN5MzF2MXhMSGIvNlM0endj
ZGVhTUFrTXVXRTlvYThaRVZBWmwxd2sKLS0tIDNTME1EaHFKY2J2SWxrRWFpaVJ4
Sm5xUlU2TXpyMUJQWVpoRUdlTnVjOFkKZErjPuX3nNFc3jFPBX462qs9hwguyxUD
POxmT4DMCPAaEz+lNB+Qa03P3TYFJ3LfqTsO7QXO2f9113wFqF2lFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n4lhfwv7g0vhx54exmwx9yv2z04m3h2lunzpa5zdzgtcvjjuf5nqc36g8a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxd2RzNEttTzk5cXVhc2RK
R3hxM1N4TmkyNGp0Z2ZwODZBL0RuMW1qNjFjCkI0N2FMUkd0eENPK0w4MWVJY2d4
NWlvUFdQbUh3SFIycDczZlg0ZEJMalkKLS0tIGs4dHlocTRseXRWYVFxMkdrV2x2
d0h3aDh5QXFZYWJFdmNVYnJxQ3pBeVUKTl0XVvtwJcz+RpSylgDPl/R8msInxvWX
eQGmrDHibeE1V+KSDiuNzC4MVRIrOnh1beHrhnVQ86HwPVgJqs2FoQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-01T05:55:35Z"
mac: ENC[AES256_GCM,data:MEgCbEJ/bwx3EVWVYQjb1RbNx8OlJkqelHPbMG5DzSRgcBcllptTFCanLIPZrg4FihkHx3b41Q5xsCXbras1njh4R1FeyLVVGZH7pYjZaPF2MRaD8nYeCHKlItWUVvHQTf5bRrTOOQoo4Kmn2by/xdMWwZlZwt0aBoGnEYBxGf0=,iv:lrPlg8cM5qPgQPpIUHF6WBVglTe9YQtI28hfJSgJ1vU=,tag:tjucRsf+tt9F03Mhjf+jeg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

8
devices/vps4/default.nix
View File

@@ -27,7 +27,13 @@ inputs:
{
sshd = {};
fail2ban = {};
xray.server = {};
xray.server.serverName = "xserver2.vps4.chn.moe";
nginx.streamProxy.map = builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.nas.chn.moe"; })
[
"xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden"
"photoprism" "nextcloud" "freshrss" "huginn" "api" "webdav" "chat"
]);
};
};
};

45
devices/vps6/default.nix
View File

@@ -38,10 +38,7 @@ inputs:
}
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.pc.chn.moe"; })
[ "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "wg0.srv3.chn.moe"; })
[ "xn--s8w913fdga" "misskey" "synapse" "matrix" "send" "api" "git" "grafana" "peertube" ]));
[ "xn--qbtm095lrg0bfka60z" ]));
applications =
{
element.instances."element.chn.moe" = {};
@@ -59,29 +56,33 @@ inputs:
mirism = {};
fail2ban = {};
beesd."/" = {};
bind = {};
# bind = {};
};
};
networking.nftables.tables.forward =
{
family = "inet";
content = let srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0"; in
''
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
}
chain output {
type nat hook output priority dstnat; policy accept;
# gid nginx
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} tcp dport 7011 fib daddr type local \
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname wg0 meta mark & 4 == 4 counter masquerade
}
'';
content =
let
srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "wg0.srv2-node0";
in
''
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
}
chain output {
type nat hook output priority dstnat; policy accept;
# gid nginx
meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
tcp dport 7011 fib daddr type local \
counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname wg0 meta mark & 4 == 4 counter masquerade
}
'';
};
};
}

2
devices/xmuhk/default.nix
View File

@@ -3,7 +3,7 @@ let
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = "/public/home/xmuhk/.nix"; nixos = false; };
nixpkgs = { march = null; nixRoot = "/public/home/xmuhk/.nix"; nixos = false; };
});
lumericalLicenseManager =
let

2
doc/branch.md Normal file
View File

@@ -0,0 +1,2 @@
* archive: archive
* one-fprint: test fingerpint on one

6
doc/todo.md
View File

@@ -1,14 +1,10 @@
* 测试 huggin rsshub
* 打包 intel 编译器
* 切换到 niri清理 plasma
* 调整其它用户的 zsh 配置
* 调整 motd
* 找到 wg1 不能稳定工作的原因;确定 persistentKeepalive 发包的协议、是否会被正确 NAT。
* 备份系统
* 备份数据
* 清理 mariadb移动到 persistent
* 清理多余文件
* 移动日志到 persistent
* 更新 srv1
* 告知将代理改到 xserver2
* 准备单独一个的 archive
* 测试透明代理代理其它机器的情况

651
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

29
flake.nix
View File

@@ -3,20 +3,15 @@
inputs =
{
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
nixpkgs-2505.url = "github:CHN-beta/nixpkgs/nixos-25.05";
nixpkgs-2411.url = "github:CHN-beta/nixpkgs/nixos-24.11";
nixpkgs-2311.url = "github:CHN-beta/nixpkgs/nixos-23.11";
nixpkgs-2305.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:CHN-beta/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-index-database = { url = "github:Mic92/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions =
{
url = "github:nix-community/nix-vscode-extensions?ref=4a7f92bdabb365936a8e8958948536cc2ceac7ba";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:CHN-beta/impermanence";
plasma-manager =
{
@@ -25,13 +20,20 @@
};
nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
chaotic =
{
url = "github:chaotic-cx/nyx";
inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
};
catppuccin = { url = "github:catppuccin/nix"; inputs.nixpkgs.follows = "nixpkgs"; };
bscpkgs = { url = "github:CHN-beta/bscpkgs"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
winapps = { url = "github:winapps-org/winapps/feat-nix-packaging"; inputs.nixpkgs.follows = "nixpkgs"; };
nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; };
niri.url = "github:sodiboo/niri-flake";
niri = { url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; };
nix4vscode = { url = "github:nix-community/nix4vscode"; inputs.nixpkgs.follows = "nixpkgs"; };
dankmaterialshell = { url = "github:AvengeMedia/DankMaterialShell"; inputs.nixpkgs.follows = "nixpkgs"; };
misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };
@@ -45,13 +47,13 @@
v-sim = { url = "gitlab:l_sim/v_sim/master"; flake = false; };
rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
mumax = { url = "github:CHN-beta/mumax"; flake = false; };
mumax = { url = "github:mumax/3"; flake = false; };
openxlsx = { url = "github:troldal/OpenXLSX?rev=f85f7f1bd632094b5d78d4d1f575955fc3801886"; flake = false; };
sqlite-orm = { url = "github:fnc12/sqlite_orm"; flake = false; };
nc4nix = { url = "github:helsinki-systems/nc4nix"; flake = false; };
hextra = { url = "github:imfing/hextra"; flake = false; };
nu-scripts = { url = "github:nushell/nu_scripts"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp"; flake = false; };
py4vasp = { url = "github:vasp-dev/py4vasp?ref=v0.10.2"; flake = false; };
pocketfft = { url = "github:mreineck/pocketfft"; flake = false; };
blog = { url = "git+https://git.chn.moe/chn/blog-public.git?lfs=1"; flake = false; };
nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git?lfs=1"; flake = false; };
@@ -60,9 +62,10 @@
stickerpicker = { url = "github:maunium/stickerpicker"; flake = false; };
fancy-motd = { url = "github:CHN-beta/fancy-motd"; flake = false; };
mac-style = { url = "github:SergioRibera/s4rchiso-plymouth-theme?lfs=1"; flake = false; };
phono3py = { url = "github:phonopy/phono3py"; flake = false; };
phono3py = { url = "github:phonopy/phono3py/v3.15.1"; flake = false; };
sticker = { url = "git+https://git.chn.moe/chn/sticker.git?lfs=1"; flake = false; };
speedtest = { url = "github:librespeed/speedtest"; flake = false; };
pybinding = { url = "git+https://github.com/dean0x7d/pybinding?submodules=1"; flake = false; };
};
outputs = inputs: let localLib = import ./flake/lib inputs.nixpkgs.lib; in

7
flake/dev.nix
View File

@@ -48,4 +48,11 @@
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
xinli = pkgs.mkShell.override { stdenv = pkgs.clang18Stdenv; }
{
inputsFrom = [ pkgs.localPackages.xinli ];
packages = [ pkgs.clang-tools_18 ];
CMAKE_EXPORT_COMPILE_COMMANDS = "1";
hardeningDisable = [ "all" ];
};
}

25
flake/dns/config/chn.moe.nix
View File

@@ -2,39 +2,40 @@ localLib:
let
cname =
{
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" ];
nas = [ "initrd.nas" ];
office = [ "srv2-node0" "xserverxmu" ];
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
vps4 =
[
"initrd.vps4" "xserver2.vps4"
# to nas
"git" "grafana" "matrix" "peertube" "send" "vikunja" "" "xservernas" "chat" "freshrss" "huginn" "nextcloud"
"photoprism" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api"
];
vps6 =
[
"blog" "catalog" "coturn" "element" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
"ua" "xserver2" "xserver2.vps6" "" "xservernas"
"blog" "catalog" "coturn" "element" "initrd.vps6" "sticker" "synapse-admin" "tgapi" "ua" "xserver2"
"xserver2.vps6"
# to pc
""
];
"xlog.autoroute" = [ "xlog" ];
"wg0.srv1-node0" = [ "wg0.srv1" ];
"wg0.srv2-node0" = [ "wg0.srv2" ];
srv3 =
[
"chat" "freshrss" "huginn" "initrd.srv3" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
"xserver2.srv3" "example"
];
srv1-node0 = [ "srv1" ];
srv2-node0 = [ "srv2" ];
"wg1.pc" = [ "nix-store" ];
"wg1.nas" = [ "nix-store.nas" ];
"wg0.nas" = [ "ssh.git" ];
};
a =
{
nas = "192.168.1.2";
pc = "192.168.1.3";
one = "192.168.1.4";
office = "210.34.16.20";
office = "210.34.16.21";
srv1-node0 = "59.77.36.250";
vps4 = "104.234.37.61";
vps6 = "144.34.225.59";
search = "127.0.0.1";
srv3 = "23.135.236.216";
srv1-node1 = "192.168.178.2";
srv1-node2 = "192.168.178.3";
srv2-node1 = "192.168.178.2";

2
flake/dns/config/wireguard.nix
View File

@@ -6,12 +6,10 @@
vps6 = 1;
pc = 3;
nas = 4;
one = 5;
srv1-node0 = 9;
srv1-node1 = 6;
srv1-node2 = 8;
srv2-node0 = 7;
srv2-node1 = 10;
srv3 = 11;
};
}

146
flake/lib/buildNixpkgsConfig/default.nix
View File

@@ -1,14 +1,14 @@
# inputs = { lib, topInputs, ...}; nixpkgs = { march, cuda, nixRoot, nixos };
# inputs = { lib, topInputs, ...}; nixpkgs = { march, cuda, nixRoot, nixos, arch, rocm };
{ inputs, nixpkgs }:
let
platformConfig =
if nixpkgs.march == null then { system = "x86_64-linux"; }
if nixpkgs.march == null then { system = "${nixpkgs.arch or "x86_64"}-linux"; }
else
{
${if nixpkgs.nixos then "hostPlatform" else "localSystem"} =
{ system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
{ system = "${nixpkgs.arch or "x86_64"}-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
};
cudaConfig = inputs.lib.optionalAttrs (nixpkgs.cuda != null)
cudaConfig = inputs.lib.optionalAttrs (nixpkgs.cuda or null != null)
(
{ cudaSupport = true; }
// (inputs.lib.optionalAttrs (nixpkgs.cuda.capabilities != null)
@@ -16,8 +16,9 @@ let
// (inputs.lib.optionalAttrs (nixpkgs.cuda.forwardCompat != null)
{ cudaForwardCompat = nixpkgs.cuda.forwardCompat; })
);
rocmConfig = inputs.lib.optionalAttrs (nixpkgs.rocm or false) { rocmSupport = true; };
allowInsecurePredicate = p: inputs.lib.warn "Allowing insecure package ${p.name or "${p.pname}-${p.version}"}" true;
config = cudaConfig
config = cudaConfig // rocmConfig
// {
inherit allowInsecurePredicate;
allowUnfree = true;
@@ -26,11 +27,11 @@ let
}
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
{
oneapiArch = let match = {}; in match.${nixpkgs.march} or nixpkgs.march;
oneapiArch = let match.znver5 = "znver4"; in match.${nixpkgs.march} or nixpkgs.march;
nvhpcArch = nixpkgs.march;
# contentAddressedByDefault = true;
})
// (inputs.lib.optionalAttrs (nixpkgs.nixRoot != null)
// (inputs.lib.optionalAttrs (nixpkgs.nixRoot or null != null)
{ nix = { storeDir = "${nixpkgs.nixRoot}/store"; stateDir = "${nixpkgs.nixRoot}/state"; }; });
in platformConfig //
{
@@ -39,11 +40,11 @@ in platformConfig //
[
inputs.topInputs.aagl.overlays.default
inputs.topInputs.nur-xddxdd.overlays.inSubTree
inputs.topInputs.nix-vscode-extensions.overlays.default
inputs.topInputs.buildproxy.overlays.default
inputs.topInputs.nix4vscode.overlays.default
inputs.topInputs.bscpkgs.overlays.default
(final: prev:
{
inherit (inputs.topInputs.nix-vscode-extensions.overlays.default final prev) nix-vscode-extensions;
nur-linyinfeng = (inputs.topInputs.nur-linyinfeng.overlays.default final prev).linyinfeng;
firefox-addons = (import "${inputs.topInputs.rycee}" { inherit (prev) pkgs; }).firefox-addons;
})
@@ -63,87 +64,114 @@ in platformConfig //
};
libvirt = (prev.libvirt.override { iptables = final.nftables; }).overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
podman = prev.podman.override { iptables = final.nftables; };
root = (prev.root.override { stdenv = final.gcc13Stdenv; }).overrideAttrs (prev:
{
patches = prev.patches or [] ++ [ ./root.patch ];
cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ];
});
root = prev.root.overrideAttrs (prev: { cmakeFlags = prev.cmakeFlags ++ [ "-DCMAKE_CXX_STANDARD=23" ]; });
boost188 = prev.boost188.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./boost188.patch ]; });
inherit (final.pkgs-2411) iio-sensor-proxy;
inherit (final.pkgs-unstable) bees;
chromium = prev.chromium.override (prev:
{ commandLineArgs = prev.commandLineArgs or "" + " --disable-features=GlobalShortcutsPortal"; });
google-chrome = prev.google-chrome.override (prev:
{ commandLineArgs = prev.commandLineArgs or "" + " --disable-features=GlobalShortcutsPortal"; });
}
// (
let
marchFilter = version:
# old version of nixpkgs does not recognize znver5, use znver4 instead
inputs.lib.optionalAttrs (inputs.lib.versionOlder version "25.05") { znver5 = "znver4"; };
source =
{
pkgs-2305 = "nixpkgs-2305";
pkgs-2311 = "nixpkgs-2311";
pkgs-2411 = { source = "nixpkgs-2411"; overlay = inputs.topInputs.bscpkgs.overlays.default; };
pkgs-unstable =
pkgs-2411 =
{
source = "nixpkgs-unstable";
overlay = inputs.topInputs.self.overlays.default;
source = "nixpkgs-2411";
overlays =
[
(final: prev: inputs.lib.optionalAttrs (nixpkgs.march != null)
{
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
{
sphinx = prev.sphinx.overridePythonAttrs (prev:
{ disabledTests = prev.disabledTests or [] ++ [ "test_xml_warnings" ]; });
})];
})
];
};
# pkgs-unstable =
# {
# source = "nixpkgs-unstable";
# overlays =
# [
# inputs.topInputs.self.overlays.default
# (_: _:
# {
# genericPackages = import inputs.topInputs.nixpkgs-unstable
# { inherit system; config = { allowUnfree = true; inherit allowInsecurePredicate; }; };
# })
# ];
# };
};
packages = name: import inputs.topInputs.${source.${name}.source or source.${name}}
{
localSystem = platformConfig.hostPlatform or platformConfig.localSystem or platformConfig;
inherit config;
overlays = [(source.${name}.overlay or (_: _: {}))];
};
packages = name:
let flakeSource = inputs.topInputs.${source.${name}.source or source.${name}};
in import flakeSource
{
localSystem =
if nixpkgs.march == null then { system = "${nixpkgs.arch or "x86_64"}-linux"; }
else
let march = (marchFilter flakeSource.lib.version).${nixpkgs.march} or nixpkgs.march;
in { system = "${nixpkgs.arch or "x86_64"}-linux"; gcc = { arch = march; tune = march; }; };
inherit config;
overlays = source.${name}.overlays or [(_: _: {})];
};
in builtins.listToAttrs (builtins.map
(name: { inherit name; value = packages name; }) (builtins.attrNames source))
)
// (inputs.lib.optionalAttrs (prev.stdenv.hostPlatform.avx512Support)
{ gsl = prev.gsl.overrideAttrs { doCheck = false; }; })
// (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx512Support)
{ libhwy = prev.libhwy.override { stdenv = final.genericPackages.stdenv; }; })
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx512Support)
# { libhwy = prev.libhwy.override { stdenv = final.genericPackages.stdenv; }; })
// (inputs.lib.optionalAttrs (nixpkgs.march != null)
{
libinsane = prev.libinsane.overrideAttrs (prev:
{ nativeCheckInputs = builtins.filter (p: p.pname != "valgrind") prev.nativeCheckInputs; });
assimp = prev.assimp.override { stdenv = final.genericPackages.stdenv; };
redis = prev.redis.overrideAttrs (prev: { doCheck = false; });
wannier90 = prev.wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; };
xen = prev.xen.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./xen.patch ]; });
# libinsane = prev.libinsane.overrideAttrs (prev:
# { nativeCheckInputs = builtins.filter (p: p.pname != "valgrind") prev.nativeCheckInputs; });
lib2geom = prev.lib2geom.overrideAttrs (prev: { doCheck = false; });
libreoffice-qt6-fresh = prev.libreoffice-qt6-fresh.override (prev:
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
''
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
'';});});
libreoffice-still = prev.libreoffice-still.override (prev:
{ unwrapped = prev.unwrapped.overrideAttrs (prev: { postPatch = prev.postPatch or "" +
''
sed -i '/CPPUNIT_TEST.testDubiousArrayFormulasFODS/d' sc/qa/unit/functions_array.cxx
'';});});
opencolorio = prev.opencolorio.overrideAttrs (prev: { doCheck = false; });
openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
# openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
valkey = prev.valkey.overrideAttrs { doCheck = false; };
# -march=xxx cause embree build failed
# https://github.com/embree/embree/issues/115
# valkey = prev.valkey.overrideAttrs { doCheck = false; };
embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };
simde = prev.simde.override { stdenv = final.genericPackages.stdenv; };
ctranslate2 = prev.ctranslate2.overrideAttrs (prev:
{ cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
# ctranslate2 = prev.ctranslate2.overrideAttrs (prev:
# { cmakeFlags = prev.cmakeFlags or [] ++ [ "-DENABLE_CPU_DISPATCH=OFF" ]; });
pythonPackagesExtensions = prev.pythonPackagesExtensions or [] ++ [(final: prev:
(
{
scipy = prev.scipy.overridePythonAttrs (prev:
{ disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
rich = prev.rich.overridePythonAttrs (prev:
{ disabledTests = prev.disabledTests or [] ++ [ "test_brokenpipeerror" ]; });
}
// (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx2Support)
{
numcodecs = prev.numcodecs.overridePythonAttrs (prev:
{
disabledTests = prev.disabledTests or []
++ [ "test_encode_decode" "test_partial_decode" "test_blosc" ];
});
})
{ picosvg = prev.picosvg.overridePythonAttrs { doCheck = false; }; }
# {
# scipy = prev.scipy.overridePythonAttrs (prev:
# { disabledTests = prev.disabledTests or [] ++ [ "test_hyp2f1" ]; });
# rich = prev.rich.overridePythonAttrs (prev:
# { disabledTests = prev.disabledTests or [] ++ [ "test_brokenpipeerror" ]; });
# }
# // (inputs.lib.optionalAttrs (nixpkgs.march != null && !prev.stdenv.hostPlatform.avx2Support)
# {
# numcodecs = prev.numcodecs.overridePythonAttrs (prev:
# {
# disabledTests = prev.disabledTests or []
# ++ [ "test_encode_decode" "test_partial_decode" "test_blosc" ];
# });
# })
))];
inherit (final.pkgs-2411) intelPackages_2023;
# inherit (final.pkgs-2411) intelPackages_2023;
})
// (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
{ c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
# // (inputs.lib.optionalAttrs (nixpkgs.march == "silvermont")
# { c-blosc = prev.c-blosc.overrideAttrs { doCheck = false; }; })
# // (inputs.lib.optionalAttrs (nixpkgs.arch or null == "aarch64") { nix = final.nixVersions.nix_2_29; })
)];
}

22
flake/lib/buildNixpkgsConfig/root.patch
View File

@@ -1,22 +0,0 @@
From ab80270dd50f4ae08e452daa3fd0eccc7f9f96ee Mon Sep 17 00:00:00 2001
From: Danilo Piparo <danilo.piparo@cern.ch>
Date: Sat, 14 Dec 2024 07:45:22 +0100
Subject: [PATCH 1/2] [CMake] Allow to process cxx23 option
---
cmake/modules/CheckCompiler.cmake | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/modules/CheckCompiler.cmake b/cmake/modules/CheckCompiler.cmake
index 883bf0e2daed1..c2ac5df869797 100644
--- a/cmake/modules/CheckCompiler.cmake
+++ b/cmake/modules/CheckCompiler.cmake
@@ -161,7 +161,7 @@ set(CMAKE_CXX_STANDARD ${CXX_STANDARD_STRING} CACHE STRING "")
set(CMAKE_CXX_STANDARD_REQUIRED TRUE)
set(CMAKE_CXX_EXTENSIONS FALSE CACHE BOOL "")
-if(NOT CMAKE_CXX_STANDARD MATCHES "17|20")
+if(NOT CMAKE_CXX_STANDARD MATCHES "17|20|23")
message(FATAL_ERROR "Unsupported C++ standard: ${CMAKE_CXX_STANDARD}. Supported standards are: 17, 20.")
endif()

15
flake/lib/buildNixpkgsConfig/xen.patch Normal file
View File

@@ -0,0 +1,15 @@
diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile
index d45787665907..80c32163fbbd 100644
--- a/xen/arch/x86/boot/Makefile
+++ b/xen/arch/x86/boot/Makefile
@@ -40,8 +40,8 @@ LD32 := $(LD) $(subst x86_64,i386,$(LDFLAGS_DIRECT))
# are affected by both text_diff and text_gap. Ensure the sum of gap and diff
# is greater than 2^16 so that any 16bit relocations if present in the object
# file turns into a build-time error.
-text_gap := 0x010200
-text_diff := 0x408020
+text_gap := 0x010240
+text_diff := 0x608040
$(obj)/build32.base.lds: AFLAGS-y += -DGAP=$(text_gap) -DTEXT_DIFF=$(text_diff)
$(obj)/build32.offset.lds: AFLAGS-y += -DGAP=$(text_gap) -DTEXT_DIFF=$(text_diff) -DAPPLY_OFFSET

6
flake/nixos.nix
View File

@@ -1,6 +1,6 @@
{ inputs, localLib }:
let
singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" ];
singles = [ "nas" "pc" "vps4" "vps6" "r2s" ];
cluster = { srv1 = 3; srv2 = 2; };
deviceModules = builtins.listToAttrs
(
@@ -25,9 +25,9 @@ let
(localLib.attrsToList cluster)))
);
in builtins.mapAttrs
(_: v: inputs.nixpkgs.lib.nixosSystem
(n: v: inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
system = null;
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules v;
})

2
flake/packages.nix
View File

@@ -3,7 +3,7 @@
pkgs = import inputs.nixpkgs (localLib.buildNixpkgsConfig
{
inputs = { inherit (inputs.nixpkgs) lib; topInputs = inputs; };
nixpkgs = { march = null; cuda = null; nixRoot = null; nixos = false; };
nixpkgs = { march = null; nixos = false; };
});
hpcstat =
let

16
flake/src.nix
View File

@@ -29,7 +29,7 @@
netboot = pkgs.fetchurl
{
url = "https://boot.netboot.xyz/ipxe/netboot.xyz.iso";
sha256 = "01hlslbi2i3jkzjwn24drhd2lriaqiwr9hb83r0nib9y1jvr3k5p";
sha256 = "6GeOcugqElGPoPXeaWVpjcV5bCFxNLShGgN/sjsVzuI=";
};
};
vasp =
@@ -128,7 +128,7 @@
mirism-old = pkgs.requireFile
{
name = "mirism";
sha256 = "0f50pvdafhlmrlbf341mkp9q50v4ld5pbx92d2w1633f18zghbzf";
sha256 = "1zhhzwi325g21kqdip7zzw1i9b354h1wpzd4zhzb1ql9kjdh87q3";
hashMode = "recursive";
message = "Source file not found.";
};
@@ -204,4 +204,16 @@
name = "guix.iso";
sha256 = "0xqabnay8wwqc1a96db8ix1a6bhvgm84s5is1q67rr432q7gqgd4";
};
peerBanHelper =
{
image = "ghostchu/peerbanhelper:v8.0.12";
imageFile = pkgs.dockerTools.pullImage
{
imageName = "ghostchu/peerbanhelper";
imageDigest = "sha256:fce7047795fe1e6d730ea2583b390ccc336e79eb2d8dae8114f4f63f00208879";
hash = "sha256-7Z2ewDpGFXyvCze9HZ7KwFwn9o9R6Y4pjJDcr5Wmy1g=";
finalImageName = "ghostchu/peerbanhelper";
finalImageTag = "v8.0.12";
};
};
}

7
modules/default.nix
View File

@@ -7,21 +7,22 @@ inputs: let inherit (inputs) topInputs; in
topInputs.nix-index-database.nixosModules.nix-index
topInputs.impermanence.nixosModules.impermanence
topInputs.nix-flatpak.nixosModules.nix-flatpak
topInputs.chaotic.nixosModules.default
{ config.chaotic.nyx.overlay.onTopOf = "user-pkgs"; }
topInputs.catppuccin.nixosModules.catppuccin
topInputs.aagl.nixosModules.default
topInputs.nixvirt.nixosModules.default
topInputs.niri.nixosModules.niri
{ config.niri-flake.cache.enable = false; }
# TODO: Remove after next release
"${topInputs.nixpkgs-unstable}/nixos/modules/services/hardware/lact.nix"
(inputs:
{
config =
{
home-manager.sharedModules =
[
topInputs.plasma-manager.homeManagerModules.plasma-manager
topInputs.plasma-manager.homeModules.plasma-manager
topInputs.catppuccin.homeModules.catppuccin
topInputs.dankmaterialshell.homeModules.dankMaterialShell
];
};
})

10
modules/hardware/asus.nix Normal file
View File

@@ -0,0 +1,10 @@
inputs:
{
options.nixos.hardware.asus = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.hardware) asus; in inputs.lib.mkIf (asus != null)
{
services.asusd = { enable = true; enableUserService = true; };
programs.rog-control-center.enable = true;
};
}

2
modules/hardware/cpu.nix
View File

@@ -2,7 +2,7 @@ inputs:
{
options.nixos.hardware.cpu = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.enum [ "intel" "amd" ];
type = types.nullOr (types.enum [ "intel" "amd" ]);
default = let inherit (inputs.config.nixos.system.nixpkgs) march; in
if march == null then null
else if inputs.lib.hasPrefix "znver" march then "amd"

46
modules/hardware/gpu.nix
View File

@@ -2,25 +2,10 @@ inputs:
{
options.nixos.hardware.gpu = let inherit (inputs.lib) mkOption types; in
{
type = mkOption
{
type = types.nullOr (types.enum
[
# single gpu
"intel" "nvidia" "amd"
# hibrid gpu: use nvidia prime offload mode
"intel+nvidia" "amd+nvidia"
]);
default = null;
};
type = mkOption { type = types.nullOr (types.enum [ "intel" "nvidia" "amd" ]); default = null; };
nvidia =
{
dynamicBoost = mkOption { type = types.bool; default = false; };
prime =
{
mode = mkOption { type = types.enum [ "offload" "sync" ]; default = "offload"; };
busId = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
driver = mkOption { type = types.enum [ "production" "latest" "beta" ]; default = "production"; };
open = mkOption { type = types.bool; default = true; };
};
@@ -34,13 +19,11 @@ inputs:
boot =
{
initrd.availableKernelModules =
let modules =
{
intel = [ "i915" ];
nvidia = []; # early loading breaks resume from hibernation
amd = [];
};
in builtins.concatLists (builtins.map (gpu: modules.${gpu}) gpus);
}.${gpu.type};
blacklistedKernelModules = [ "nouveau" ];
};
hardware =
@@ -57,9 +40,9 @@ inputs:
nvidia = [ vaapiVdpau ];
amd = [];
};
in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
in packages.${gpu.type};
};
nvidia = inputs.lib.mkIf (builtins.elem "nvidia" gpus)
nvidia = inputs.lib.mkIf (gpu.type == "nvidia")
{
modesetting.enable = true;
powerManagement.enable = true;
@@ -72,7 +55,7 @@ inputs:
};
services.xserver.videoDrivers =
let driver = { intel = "modesetting"; amd = "amdgpu"; nvidia = "nvidia"; };
in builtins.map (gpu: driver.${gpu}) gpus;
in [ driver.${gpu.type} ];
nixos.packages.packages._packages =
let packages = with inputs.pkgs;
{
@@ -80,8 +63,8 @@ inputs:
nvidia = [ nvtopPackages.full ];
amd = [];
};
in builtins.concatLists (builtins.map (gpu: packages.${gpu}) gpus);
environment.etc."nvidia/nvidia-application-profiles-rc.d/vram" = inputs.lib.mkIf (builtins.elem "nvidia" gpus)
in packages.${gpu.type};
environment.etc."nvidia/nvidia-application-profiles-rc.d/vram" = inputs.lib.mkIf (gpu.type == "nvidia")
{
source = inputs.pkgs.writeText "save-vram" (builtins.toJSON
{
@@ -91,21 +74,6 @@ inputs:
};
}
)
# nvidia prime offload
(
inputs.lib.mkIf (inputs.lib.strings.hasSuffix "+nvidia" gpu.type) { hardware.nvidia =
{
prime =
{
offload = inputs.lib.mkIf (gpu.nvidia.prime.mode == "offload") { enable = true; enableOffloadCmd = true; };
sync = inputs.lib.mkIf (gpu.nvidia.prime.mode == "sync") { enable = true; };
}
// builtins.listToAttrs (builtins.map
(gpu: { name = "${if gpu.name == "amd" then "amdgpu" else gpu.name}BusId"; value = "PCI:${gpu.value}"; })
(inputs.localLib.attrsToList gpu.nvidia.prime.busId));
powerManagement.finegrained = inputs.lib.mkIf (gpu.nvidia.prime.mode == "offload") true;
};}
)
# amdgpu
(
inputs.lib.mkIf (inputs.lib.strings.hasPrefix "amd" gpu.type) { hardware.amdgpu =

10
modules/hardware/legion.nix
View File

@@ -1,10 +0,0 @@
inputs:
{
options.nixos.hardware.legion = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.hardware) legion; in inputs.lib.mkIf (legion != null)
{
environment.systemPackages = [ inputs.pkgs.lenovo-legion ];
boot.extraModulePackages = [ inputs.config.boot.kernelPackages.lenovo-legion-module ];
};
}

1
modules/model.nix
View File

@@ -3,6 +3,7 @@ inputs:
options.nixos.model = let inherit (inputs.lib) mkOption types; in
{
hostname = mkOption { type = types.nonEmptyStr; };
arch = mkOption { type = types.nonEmptyStr; default = "x86_64"; };
type = mkOption { type = types.enum [ "minimal" "desktop" "server" ]; default = "minimal"; };
private = mkOption { type = types.bool; default = false; };
cluster = mkOption

9
modules/packages/android-studio.nix
View File

@@ -1,9 +0,0 @@
inputs:
{
options.nixos.packages.android-studio = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) android-studio; in inputs.lib.mkIf (android-studio != null)
{
nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ];
};
}

2
modules/packages/chromium.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.chromium = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
};
config = let inherit (inputs.config.nixos.packages) chromium; in inputs.lib.mkIf (chromium != null)
{

80
modules/packages/default.nix
View File

@@ -1,25 +1,63 @@
inputs:
{
imports = inputs.localLib.findModules ./.;
options.nixos.packages.packages = let inherit (inputs.lib) mkOption types; in
{
_packages = mkOption { type = types.listOf types.unspecified; default = []; };
_pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
_prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
_pythonEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
_vscodeEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
config =
{
environment.systemPackages = with inputs.config.nixos.packages.packages;
_packages
++ [
(
(inputs.pkgs.python3.withPackages (pythonPackages:
builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages) _pythonPackages)))
.override (prev: { makeWrapperArgs = prev.makeWrapperArgs or [] ++ _pythonEnvFlags; }))
(inputs.pkgs.writeTextDir "share/prebuild-packages"
(builtins.concatStringsSep "\n" (builtins.map builtins.toString _prebuildPackages)))
];
};
options.nixos.packages =
let
inherit (inputs.lib) mkOption types;
simpleSubmodule = mkOption { type = types.nullOr (types.submodule {}); default = null; };
in
{
packages =
{
_packages = mkOption { type = types.listOf types.unspecified; default = []; };
_pythonPackages = mkOption { type = types.listOf types.unspecified; default = []; };
_prebuildPackages = mkOption { type = types.listOf types.unspecified; default = []; };
_pythonEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
_vscodeEnvFlags = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
}
// (builtins.listToAttrs (builtins.map (n: inputs.lib.nameValuePair n simpleSubmodule)
[ "vasp" "mathematica" "lumerical" "flatpak" "android-studio" ]));
config = inputs.lib.mkMerge
[
{
environment.systemPackages = with inputs.config.nixos.packages.packages;
_packages
++ [
(
(inputs.pkgs.python3.withPackages (pythonPackages:
builtins.concatLists (builtins.map (packageFunction: packageFunction pythonPackages) _pythonPackages)))
.override (prev: { makeWrapperArgs = prev.makeWrapperArgs or [] ++ _pythonEnvFlags; }))
(inputs.pkgs.writeTextDir "share/prebuild-packages"
(builtins.concatStringsSep "\n" (builtins.map builtins.toString _prebuildPackages)))
];
}
(inputs.lib.mkIf (inputs.config.nixos.packages.vasp != null)
{
nixos.packages.packages = with inputs.pkgs;
{
_packages =
[
localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.vasp.nvidia else emptyDirectory)
localPackages.atomkit (inputs.lib.mkAfter localPackages.atat)
];
_pythonPackages = [(_: [ localPackages.py4vasp ])];
};
})
(inputs.lib.mkIf (inputs.config.nixos.packages.mathematica != null)
{ nixos.packages.packages._packages = [ inputs.pkgs.mathematica ]; })
(inputs.lib.mkIf (inputs.config.nixos.packages.lumerical != null)
{
nixos =
{
packages.packages._packages = [ inputs.pkgs.localPackages.lumerical.lumerical.cmd ];
services.lumericalLicenseManager = {};
};
})
(inputs.lib.mkIf (inputs.config.nixos.packages.flatpak != null)
{ services.flatpak = { enable = true; uninstallUnmanaged = true; }; })
(inputs.lib.mkIf (inputs.config.nixos.packages.android-studio != null)
{ nixos.packages.packages._packages = with inputs.pkgs; [ androidStudioPackages.stable.full ]; })
];
}

56
modules/packages/desktop.nix
View File

@@ -3,7 +3,7 @@ inputs:
options.nixos.packages.desktop = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
};
config = let inherit (inputs.config.nixos.packages) desktop; in inputs.lib.mkIf (desktop != null)
{
@@ -16,7 +16,7 @@ inputs:
# system management
# TODO: module should add yubikey-touch-detector into path
gparted wayland-utils clinfo glxinfo vulkan-tools dracut yubikey-touch-detector btrfs-assistant snapper-gui
kdePackages.qtstyleplugin-kvantum ventoy-full cpu-x wl-mirror geekbench xpra
kdePackages.qtstyleplugin-kvantum cpu-x wl-mirror geekbench xpra
(
writeShellScriptBin "xclip"
''
@@ -30,34 +30,28 @@ inputs:
remmina putty mtr-gui
# media
mpv nomacs simplescreenrecorder imagemagick gimp-with-plugins netease-cloud-music-gtk qcm
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio
waifu2x-converter-cpp blender paraview vlc whalebird spotify obs-studio subtitleeditor
(inkscape-with-extensions.override { inkscapeExtensions = null; })
# terminal
warp-terminal
# development
adb-sync scrcpy dbeaver-bin cling aircrack-ng
weston cage openbox krita fprettify # jetbrains.clion
# desktop sharing
rustdesk-flutter
# password and key management
yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui bitwarden hashcat
electrum jabref john crunch
yubikey-manager bitwarden hashcat yubikey-personalization
# download
qbittorrent nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
qbittorrent
# editor
typora appflowy notion-app-enhanced joplin-desktop standardnotes logseq obsidian code-cursor
typora standardnotes
# news
fluent-reader rssguard newsflash newsboat follow
fluent-reader rssguard newsflash newsboat folo
# nix tools
nixpkgs-fmt appimage-run nixd nix-serve node2nix nix-prefetch-github prefetch-npm-deps nix-prefetch-docker
nix-template nil bundix
# instant messager
element-desktop telegram-desktop discord zoom-us slack nheko hexchat halloy
fluffychat signal-desktop qq nur-xddxdd.wechat-uos-sandboxed cinny-desktop
element-desktop telegram-desktop discord zoom-us slack nheko
# browser
google-chrome tor-browser
# office
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain davinci-resolve
crow-translate zotero pandoc texliveFull poppler_utils pdftk pdfchain
ydict texstudio panoply pspp libreoffice-qt6-fresh ocrmypdf typst # paperwork
# required by ltex-plus.vscode-ltex-plus
ltex-ls ltex-ls-plus
@@ -65,37 +59,21 @@ inputs:
pkgs-2311.gnuplot
# math, physics and chemistry
octaveFull ovito localPackages.vesta localPackages.v-sim jmol mpi geogebra6 localPackages.ufo
(quantum-espresso.override
{
stdenv = gcc14Stdenv;
gfortran = gfortran14;
wannier90 = wannier90.overrideAttrs { buildFlags = [ "dynlib" ]; };
})
(quantum-espresso.override { stdenv = gcc14Stdenv; gfortran = gfortran14; })
pkgs-2311.hdfview numbat qalculate-qt
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.mumax else emptyDirectory)
(if inputs.config.nixos.system.nixpkgs.cuda != null
then (lammps.override { stdenv = cudaPackages.backendStdenv; }).overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags ++
[ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
nativeBuildInputs = prev.nativeBuildInputs ++ [ cudaPackages.cudatoolkit ];
buildInputs = prev.buildInputs ++ [ mpi ];
})
else lammps-mpi)
# virtualization
virt-viewer bottles wineWowPackages.stagingFull genymotion playonlinux
# media
nur-xddxdd.svp
# for kdenlive auto subtitle
openai-whisper
# daily management
activitywatch
]
++ (builtins.filter (p: !((p.meta.broken or false) || (builtins.elem p.pname or null [ "falkon" "kalzium" ])))
(builtins.filter inputs.lib.isDerivation (builtins.attrValues kdePackages.kdeGear)));
_pythonPackages = [(pythonPackages: with pythonPackages;
[
phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py
tensorflow keras numpy
])];
[ phonopy scipy scikit-learn jupyterlab autograd inputs.pkgs.localPackages.phono3py numpy ])];
};
user.sharedModules =
[{
@@ -147,18 +125,14 @@ inputs:
adb.enable = true;
wireshark = { enable = true; package = inputs.pkgs.wireshark; };
yubikey-touch-detector.enable = true;
kdeconnect.enable = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde") true;
kde-pim = inputs.lib.mkIf (inputs.config.nixos.system.gui.implementation == "kde")
{ enable = true; kmail = true; };
kdeconnect.enable = true;
kde-pim = { enable = true; kmail = true; };
coolercontrol =
{
enable = true;
nvidiaSupport = if inputs.config.nixos.hardware.gpu.type == null then false
else inputs.lib.hasSuffix "nvidia" inputs.config.nixos.hardware.gpu.type;
};
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
alvr = { enable = true; openFirewall = true; };
localsend.enable = true;
};

25
modules/packages/extra.nix Normal file
View File

@@ -0,0 +1,25 @@
inputs:
{
options.nixos.packages.extra = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) extra; in inputs.lib.mkIf (extra != null)
{
nixos.packages.packages._packages = with inputs.pkgs;
[
ventoy-full
davinci-resolve
fluffychat signal-desktop qq nur-xddxdd.wechat-uos-sandboxed cinny-desktop hexchat halloy
appflowy notion-app-enhanced joplin-desktop logseq obsidian code-cursor
warp-terminal
rustdesk-flutter
yubikey-manager-qt yubikey-personalization-gui electrum jabref john crunch
nur-xddxdd.baidupcs-go wgetpaste onedrive onedrivegui rclone
];
programs =
{
anime-game-launcher = { enable = true; package = inputs.pkgs.anime-game-launcher; };
honkers-railway-launcher = { enable = true; package = inputs.pkgs.honkers-railway-launcher; };
sleepy-launcher = { enable = true; package = inputs.pkgs.sleepy-launcher; };
};
};
}

12
modules/packages/flatpak.nix
View File

@@ -1,12 +0,0 @@
inputs:
{
options.nixos.packages.flatpak = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
config = let inherit (inputs.config.nixos.packages) flatpak; in inputs.lib.mkIf (flatpak != null)
{
services.flatpak = { enable = true; uninstallUnmanaged = true; };
};
}

4
modules/packages/git.nix
View File

@@ -7,7 +7,8 @@ inputs:
programs.git =
{
enable = true;
package = inputs.pkgs.gitFull;
# do not use gitFull, otherwise it will use its own ssh
# package = inputs.pkgs.gitFull;
lfs = { enable = true; enablePureSSHTransfer = true; };
config =
{
@@ -16,6 +17,7 @@ inputs:
lfs.ssh.automultiplex = false; # 避免 lfs 一直要求触摸 yubikey
receive.denyCurrentBranch = "warn"; # 允许 push 到非 bare 的仓库
merge.ours.driver = true; # 允许 .gitattributes 中设置的 merge=ours 生效
advice.addIgnoredFile = false; # 关闭 add 忽略文件时的提示
};
};
};

13
modules/packages/lumerical.nix
View File

@@ -1,13 +0,0 @@
inputs:
{
options.nixos.packages.lumerical = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) lumerical; in inputs.lib.mkIf (lumerical != null)
{
nixos =
{
packages.packages._packages = [ inputs.pkgs.localPackages.lumerical.lumerical.cmd ];
services.lumericalLicenseManager = {};
};
};
}

7
modules/packages/mathematica.nix
View File

@@ -1,7 +0,0 @@
inputs:
{
options.nixos.packages.mathematica = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) mathematica; in inputs.lib.mkIf (mathematica != null)
{ nixos.packages.packages._packages = [ inputs.pkgs.mathematica ]; };
}

21
modules/packages/minimal.nix
View File

@@ -22,11 +22,13 @@ inputs:
# file manager
tree eza trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz upx unzip zip lzip p7zip rar
pigz upx unzip zip lzip p7zip
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then rar else emptyDirectory)
# file system management
sshfs e2fsprogs compsize exfatprogs
# disk management
smartmontools hdparm gptfdisk megacli
smartmontools hdparm gptfdisk
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then megacli else emptyDirectory)
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool libfido2
# networking
@@ -35,12 +37,25 @@ inputs:
# nix tools
nix-output-monitor nix-tree ssh-to-age nix-inspect
# development
gdb try rr hexo-cli gh nix-init hugo
gdb try rr hexo-cli gh hugo
# build failed on aarch64
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then nix-init else emptyDirectory)
(octodns.withProviders (_: with octodns-providers; [ cloudflare ]))
# stupid things
toilet lolcat localPackages.stickerpicker graph-easy
# office
pdfgrep ffmpeg-full hdf5
# scientific computing
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.mumax else emptyDirectory)
(if inputs.config.nixos.system.nixpkgs.cuda != null
then (lammps.override { stdenv = cudaPackages.backendStdenv; }).overrideAttrs (prev:
{
cmakeFlags = prev.cmakeFlags ++
[ "-DPKG_GPU=on" "-DGPU_API=cuda" "-DCMAKE_POLICY_DEFAULT_CMP0146=OLD" ];
nativeBuildInputs = prev.nativeBuildInputs ++ [ cudaPackages.cudatoolkit ];
buildInputs = prev.buildInputs ++ [ mpi ];
})
else lammps-mpi)
]
++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ])
++ (inputs.lib.optionals (inputs.config.nixos.system.gui.implementation == "kde")

2
modules/packages/root.nix
View File

@@ -12,7 +12,7 @@ inputs:
displayName = "ROOT";
language = "c++";
argv = [ "/run/current-system/sw/bin/python3" "-m" "JupyROOT.kernel.rootkernel" "-f" "{connection_file}" ];
logo64 = "${root}/etc/root/notebook/kernels/root/logo-64x64.png";
logo64 = "${root}/etc/notebook/kernels/root/logo-64x64.png";
logo32 = inputs.pkgs.runCommand "logo-32x32.png" {}
"${inputs.pkgs.imagemagick}/bin/convert ${logo64} -resize 32x32 $out";
};};

11
modules/packages/ssh.nix
View File

@@ -37,9 +37,7 @@ inputs:
config.programs.ssh =
{
enable = true;
controlMaster = "auto";
controlPersist = "1m";
compression = true;
enableDefaultConfig = false;
matchBlocks = builtins.listToAttrs (builtins.map
(host:
{
@@ -64,6 +62,13 @@ inputs:
extraOptions.AddKeysToAgent = "yes";
};
"wg0.jykang" = jykang // { host = "wg0.jykang"; proxyJump = "wg0.srv2"; };
"*" =
{
controlMaster = "auto";
controlPersist = "1m";
compression = true;
controlPath = "~/.ssh/master-%r@%n:%p";
};
};
};
})];

18
modules/packages/vasp.nix
View File

@@ -1,18 +0,0 @@
inputs:
{
options.nixos.packages.vasp = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) vasp; in inputs.lib.mkIf (vasp != null)
{
nixos.packages.packages = with inputs.pkgs;
{
_packages =
[
localPackages.vasp.intel localPackages.vasp.vtst localPackages.vaspkit wannier90
(if inputs.config.nixos.system.nixpkgs.cuda != null then localPackages.vasp.nvidia else emptyDirectory)
localPackages.atomkit (inputs.lib.mkAfter localPackages.atat)
];
_pythonPackages = [(_: [ localPackages.py4vasp ])];
};
};
}

400
modules/packages/vscode.nix
View File

@@ -3,84 +3,336 @@ inputs:
options.nixos.packages.vscode = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
default = if inputs.config.nixos.model.type == "desktop" then {} else null;
};
config = let inherit (inputs.config.nixos.packages) vscode; in inputs.lib.mkIf (vscode != null)
{
nixos.packages.packages = with inputs.pkgs;
{
_packages =
[(
vscode-with-extensions.override
nixos.user.sharedModules =
[(hmInputs: {
config.programs.vscode = inputs.lib.mkIf (hmInputs.config.home.username != "root")
{
enable = true;
package = inputs.pkgs.vscode.overrideAttrs (prev: { preFixup = prev.preFixup +
''
gappsWrapperArgs+=(
${builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags}
)
'';});
profiles.default =
{
vscodeExtensions =
let extensions = builtins.listToAttrs (builtins.map
(set:
enableExtensionUpdateCheck = false;
enableUpdateCheck = false;
extensions = inputs.pkgs.nix4vscode.forVscode
[
"github.copilot" "github.copilot-chat" "github.github-vscode-theme"
"intellsmi.comment-translate"
"ms-vscode.cmake-tools" "ms-vscode.cpptools-extension-pack" "ms-vscode.hexeditor"
"ms-vscode.remote-explorer"
"ms-vscode-remote.remote-ssh"
"donjayamanne.githistory" "fabiospampinato.vscode-diff"
"llvm-vs-code-extensions.vscode-clangd" "ms-ceintl.vscode-language-pack-zh-hans"
"oderwat.indent-rainbow"
"guyutongxue.cpp-reference" "thfriedrich.lammps" "leetcode.vscode-leetcode" # "znck.grammarly"
"james-yu.latex-workshop" "bbenoist.nix" "jnoortheen.nix-ide" "ccls-project.ccls"
"brettm12345.nixfmt-vscode"
"gruntfuggly.todo-tree"
# restrctured text
"lextudio.restructuredtext" "trond-snekvik.simple-rst" "swyddfa.esbonio" "chrisjsewell.myst-tml-syntax"
# markdown
"yzhang.markdown-all-in-one" "shd101wyy.markdown-preview-enhanced"
# vasp
"mystery.vasp-support"
"yutengjing.open-in-external-app"
# git graph
"mhutchie.git-graph"
# python
"ms-python.python"
# theme
"pkief.material-icon-theme"
# direnv
"mkhl.direnv"
# svg viewer
"vitaliymaz.vscode-svg-previewer"
# draw
"pomdtr.excalidraw-editor"
# typst
"myriad-dreamin.tinymist"
# grammaly alternative
"ltex-plus.vscode-ltex-plus"
# jupyter
"ms-toolsai.jupyter" "ms-toolsai.jupyter-keymap" "ms-toolsai.jupyter-renderers"
"ms-toolsai.vscode-jupyter-cell-tags" "ms-toolsai.vscode-jupyter-slideshow"
"ms-toolsai.datawrangler"
];
keybindings =
[
# use alt+a to complete inline suggestions, instead of tab or ctrl+enter
{
key = "alt+a";
command = "editor.action.inlineSuggest.commit";
when = "inlineSuggestionVisible";
}
{
key = "tab";
command = "-editor.action.inlineSuggest.commit";
}
{
key = "ctrl+enter";
command = "-editor.action.inlineSuggest.commit";
}
# use ctrl+j to jump to pdf in latex
{
key = "ctrl+alt+j";
command = "-latex-workshop.synctex";
}
{
key = "ctrl+j";
command = "-workbench.action.togglePanel";
}
{
key = "ctrl+j";
command = "latex-workshop.synctex";
when = "editorTextFocus && editorLangId == 'latex'";
}
{
key = "ctrl+l alt+j";
command = "-latex-workshop.synctex";
}
# use ctrl+j=b to build latex
{
key = "ctrl+b";
command = "-workbench.action.toggleSidebarVisibility";
}
{
key = "ctrl+b";
command = "latex-workshop.build";
when = "editorLangId =~ /^latex$|^latex-expl3$|^rsweave$|^jlweave$|^pweave$/";
}
{
key = "ctrl+l alt+b";
command = "-latex-workshop.build";
}
# use alt+t to cd to current dir
{
key = "alt+t";
command = "workbench.action.terminal.sendSequence";
args.text = "cd '\${fileDirname}'\n";
}
];
userSettings =
{
"security.workspace.trust.enabled" = false;
"editor.fontFamily" = "'FiraCode Nerd Font Mono', 'Noto Sans Mono CJK SC', 'Droid Sans Mono', 'monospace', monospace, 'Droid Sans Fallback'";
"editor.fontLigatures" = true;
"workbench.iconTheme" = "material-icon-theme";
"cmake.configureOnOpen" = true;
"editor.mouseWheelZoom" = true;
"extensions.ignoreRecommendations" = true;
"editor.smoothScrolling" = true;
"editor.cursorSmoothCaretAnimation" = "on";
"workbench.list.smoothScrolling" = true;
"files.hotExit" = "off";
"editor.wordWrapColumn" = 120;
"window.restoreWindows" = "none";
"editor.inlineSuggest.enabled" = true;
"github.copilot.enable"."*" = true;
"editor.acceptSuggestionOnEnter" = "off";
"terminal.integrated.scrollback" = 10000;
"editor.rulers" = [ 120 ];
"indentRainbow.ignoreErrorLanguages" = [ "*" ];
"markdown.extension.completion.respectVscodeSearchExclude" = false;
"markdown.extension.print.absoluteImgPath" = false;
"editor.tabCompletion" = "on";
"workbench.colorTheme" = "GitHub Light";
"workbench.startupEditor" = "none";
"debug.toolBarLocation" = "docked";
"search.maxResults" = 100000;
"editor.action.inlineSuggest.commit" = "Ctrl+Space";
"window.dialogStyle" = "custom";
"redhat.telemetry.enabled" = true;
"[xml]"."editor.defaultFormatter" = "DotJoshJohnson.xml";
"git.ignoreLegacyWarning" = true;
"git.confirmSync" = false;
"cmake.configureArgs" = [ "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" "-DCMAKE_EXPORT_COMPILE_COMMANDS=1" ];
"editor.wordWrap" = "wordWrapColumn";
"files.associations" = { "POSCAR" = "poscar"; "*.mod" = "lmps"; "*.vasp" = "poscar"; };
"editor.stickyScroll.enabled" = true;
"editor.minimap.showSlider" = "always";
"editor.unicodeHighlight.allowedLocales" = { "zh-hans" = true; "zh-hant" = true; };
"hexeditor.columnWidth" = 64;
"latex-workshop.synctex.afterBuild.enabled" = true;
"hexeditor.showDecodedText" = true;
"hexeditor.defaultEndianness" = "little";
"hexeditor.inspectorType" = "aside";
"commentTranslate.hover.concise" = true;
"commentTranslate.targetLanguage" = "en";
"[python]"."editor.formatOnType" = true;
"editor.minimap.renderCharacters" = false;
"update.mode" = "none";
"editor.tabSize" = 2;
"nix.enableLanguageServer" = true;
"nix.serverPath" = "nil";
"nix.formatterPath" = "nixpkgs-fmt";
"nix.serverSettings"."nil" =
{
"diagnostics"."ignored" = [ "unused_binding" "unused_with" ];
"formatting"."command" = [ "nixpkgs-fmt" ];
};
"xmake.envBehaviour" = "erase";
"git.openRepositoryInParentFolders" = "never";
"todo-tree.regex.regex" = "(//|#|<!--|;|/\\*|^|%|^[ \\t]*(-|\\d+.))\\s*($TAGS)";
"latex-workshop.latex.recipes" =
[
{
name = set;
value =
# provided by nixpkgs
vscode-extensions.${set} or {}
# provided by nix-vscode-extensions, including pre-release versions, but prefer stable version
// nix-vscode-extensions.vscode-marketplace.${set} or {}
// nix-vscode-extensions.vscode-marketplace-release.${set} or {}
# some versions are too high for the current vscode, use old version from here to override it
// (nix-vscode-extensions.forVSCodeVersion inputs.pkgs.vscode.version)
.vscode-marketplace-release.${set} or {};
})
(inputs.lib.unique
(
(builtins.attrNames vscode-extensions)
++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace)
++ (builtins.attrNames nix-vscode-extensions.vscode-marketplace-release)
)));
in with extensions;
(with github; [ copilot copilot-chat github-vscode-theme ])
++ (with intellsmi; [ comment-translate ])
++ (with ms-vscode; [ cmake-tools cpptools-extension-pack hexeditor remote-explorer ])
++ (with ms-vscode-remote; [ remote-ssh ])
++ [
donjayamanne.githistory fabiospampinato.vscode-diff
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference thfriedrich.lammps leetcode.vscode-leetcode # znck.grammarly
james-yu.latex-workshop bbenoist.nix jnoortheen.nix-ide ccls-project.ccls
brettm12345.nixfmt-vscode
gruntfuggly.todo-tree
# restrctured text
lextudio.restructuredtext trond-snekvik.simple-rst swyddfa.esbonio chrisjsewell.myst-tml-syntax
# markdown
yzhang.markdown-all-in-one shd101wyy.markdown-preview-enhanced
# vasp
mystery.vasp-support
yutengjing.open-in-external-app
# git graph
mhutchie.git-graph
# python
ms-python.python
# theme
pkief.material-icon-theme
# direnv
mkhl.direnv
# svg viewer
vitaliymaz.vscode-svg-previewer
# draw
pomdtr.excalidraw-editor
# typst
myriad-dreamin.tinymist
# grammaly alternative
ltex-plus.vscode-ltex-plus
]
# jupyter
# TODO: pick all extensions from nixpkgs or nix-vscode-extensions, explicitly
++ (with vscode-extensions.ms-toolsai;
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
datawrangler
]);
extraFlags = builtins.concatStringsSep " " inputs.config.nixos.packages.packages._vscodeEnvFlags;
}
)];
};
name = "xelatex";
tools = [ "xelatex" "bibtex" "xelatex" "xelatex" ];
}
{
name = "latexmk";
tools = [ "latexmk" ];
}
{
name = "latexmk (latexmkrc)";
tools = [ "latexmk_rconly" ];
}
{
name = "latexmk (lualatex)";
tools = [ "lualatexmk" ];
}
{
name = "latexmk (xelatex)";
tools = [ "xelatexmk" ];
}
{
name = "pdflatex -> bibtex -> pdflatex * 2";
tools = [ "pdflatex" "bibtex" "pdflatex" "pdflatex" ];
}
];
"latex-workshop.latex.recipe.default" = "xelatex";
"latex-workshop.bind.altKeymap.enabled" = true;
"latex-workshop.latex.autoBuild.run" = "never";
"cmake.showOptionsMovedNotification" = false;
"markdown.extension.toc.plaintext" = true;
"markdown.extension.katex.macros" = {};
"markdown-preview-enhanced.mathRenderingOption" = "MathJax";
"mesonbuild.downloadLanguageServer" = false;
"genieai.openai.model" = "gpt-3.5-turbo-instruct";
"codeium.enableConfig" = { "*" = true; "Log" = true; };
"fortran.notifications.releaseNotes" = false;
"markdown-preview-enhanced.enablePreviewZenMode" = true;
"ccls.misc.compilationDatabaseDirectory" = "build";
"C_Cpp.intelliSenseEngine" = "disabled";
"clangd.arguments" = [ "-header-insertion=never" ];
"cmake.ctestDefaultArgs" = [ "-T" "test" "--output-on-failure" "--verbose" ];
"terminal.integrated.mouseWheelZoom" = true;
"notebook.lineNumbers" = "on";
"editor.codeActionsOnSave" = {};
"jupyter.notebookFileRoot" = "\${workspaceFolder}";
"svg.preview.transparencyGrid" = false;
"svg.preview.boundingBox" = false;
"latex-workshop.latex.tools" =
[
{
name = "xelatex";
command = "xelatex";
args = [ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "%DOC%" ];
env = {};
}
{
name = "latexmk";
command = "latexmk";
args = [ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "-pdf" "-outdir=%OUTDIR%" "%DOC%" ];
env = {};
}
{
name = "lualatexmk";
command = "latexmk";
args =
[ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "-lualatex" "-outdir=%OUTDIR%" "%DOC%" ];
env = {};
}
{
name = "xelatexmk";
command = "latexmk";
args =
[ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "-xelatex" "-outdir=%OUTDIR%" "%DOC%" ];
env = {};
}
{
name = "latexmk_rconly";
command = "latexmk";
args = [ "%DOC%" ];
env = {};
}
{
name = "pdflatex";
command = "pdflatex";
args = [ "-synctex=1" "-interaction=nonstopmode" "-file-line-error" "%DOC%" ];
env = {};
}
{
name = "bibtex";
command = "bibtex";
args = [ "%DOCFILE%" ];
env = {};
}
{
name = "rnw2tex";
command = "Rscript";
args = [ "-e" "knitr::opts_knit$set(concordance = TRUE); knitr::knit('%DOCFILE_EXT%')" ];
env = {};
}
{
name = "jnw2tex";
command = "julia";
args = [ "-e" "using Weave; weave(\"%DOC_EXT%\", doctype=\"tex\")" ];
env = {};
}
{
name = "jnw2texminted";
command = "julia";
args = [ "-e" "using Weave; weave(\"%DOC_EXT%\", doctype=\"texminted\")" ];
env = {};
}
{
name = "pnw2tex";
command = "pweave";
args = [ "-f" "tex" "%DOC_EXT%" ];
env = {};
}
{
name = "pnw2texminted";
command = "pweave";
args = [ "-f" "texminted" "%DOC_EXT%" ];
env = {};
}
{
name = "tectonic";
command = "tectonic";
args = [ "--synctex" "--keep-logs" "--print" "%DOC%.tex" ];
env = {};
}
];
"todo-tree.general.tags" = [ "BUG" "HACK" "FIXME" "TODO" ];
"ltex.additionalRules.motherTongue" = "zh-CN";
"ltex.ltex-ls.path" = "/run/current-system/sw";
"cmake.ignoreCMakeListsMissing" = true;
"[nix]"."editor.defaultFormatter" = "jnoortheen.nix-ide";
"todo-tree.filtering.excludedWorkspaces" = [ "/nix/remote/**" ];
"dataWrangler.outputRenderer.enabledTypes" =
{
"numpy.ndarray" = true;
"builtins.list" = true;
"builtins.dict" = true;
};
"ltex.language" = "auto";
# maybe this could fix typst preview freezing on large project
"tinymist.preview.partialRendering" = false;
"tinymist.preview.refresh" = "onSave";
"workbench.secondarySideBar.defaultVisibility" = "hidden";
};
};
};
})];
};
}

5
modules/packages/winapps/default.nix
View File

@@ -1,10 +1,7 @@
inputs:
{
options.nixos.packages.winapps = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule {});
default = if builtins.elem inputs.config.nixos.model.type [ "desktop" "server" ] then {} else null;
};
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.packages) winapps; in inputs.lib.mkIf (winapps != null)
{
nixos.packages.packages._packages =

90
modules/services/gitea.nix
View File

@@ -15,41 +15,56 @@ inputs:
};
config = let inherit (inputs.config.nixos.services) gitea; in inputs.lib.mkIf (gitea != null)
{
services.gitea =
services =
{
enable = true;
lfs.enable = true;
mailerPasswordFile = inputs.config.nixos.system.sops.secrets."gitea/mail".path;
database =
gitea =
{
createDatabase = false;
type = "postgres";
passwordFile = inputs.config.nixos.system.sops.secrets."gitea/db".path;
enable = true;
lfs.enable = true;
mailerPasswordFile = inputs.config.nixos.system.sops.secrets."gitea/mail".path;
database =
{
createDatabase = false;
type = "postgres";
passwordFile = inputs.config.nixos.system.sops.secrets."gitea/db".path;
};
settings =
{
session.COOKIE_SECURE = true;
server =
{
ROOT_URL = "https://${gitea.hostname}";
DOMAIN = gitea.hostname;
HTTP_PORT = 3002;
SSH_DOMAIN = gitea.ssh.hostname;
SSH_PORT = inputs.lib.mkIf (gitea.ssh.port != null) gitea.ssh.port;
LFS_ALLOW_PURE_SSH = true;
};
mailer =
{
ENABLED = true;
FROM = "bot@chn.moe";
PROTOCOL = "smtps";
SMTP_ADDR = "mail.chn.moe";
SMTP_PORT = 465;
USER = "bot@chn.moe";
};
service.DISABLE_REGISTRATION = true;
security.LOGIN_REMEMBER_DAYS = 365;
"git.timeout" = builtins.listToAttrs (builtins.map (n: { name = n; value = 3600 * 8; })
[ "DEFAULT" "MIGRATE" "MIRROR" "CLONE" "PULL" "GC" ]);
"cron.git_gc_repos" = { ENABLED = true; SCHEDULE = "@monthly"; TIMEOUT = "2h"; };
"cron.gc_lfs" = { ENABLED = true; SCHEDULE = "@monthly"; NUMBER_TO_CHECK_PER_REPO = 0; };
};
};
settings =
anubis.instances.gitea.settings =
{
session.COOKIE_SECURE = true;
server =
{
ROOT_URL = "https://${gitea.hostname}";
DOMAIN = gitea.hostname;
HTTP_PORT = 3002;
SSH_DOMAIN = gitea.ssh.hostname;
SSH_PORT = inputs.lib.mkIf (gitea.ssh.port != null) gitea.ssh.port;
};
mailer =
{
ENABLED = true;
FROM = "bot@chn.moe";
PROTOCOL = "smtps";
SMTP_ADDR = "mail.chn.moe";
SMTP_PORT = 465;
USER = "bot@chn.moe";
};
service.DISABLE_REGISTRATION = true;
security.LOGIN_REMEMBER_DAYS = 365;
"git.timeout" = builtins.listToAttrs (builtins.map (n: { name = n; value = 1800; })
[ "DEFAULT" "MIGRATE" "MIRROR" "CLONE" "PULL" "GC" ]);
OG_PASSTHROUGH = true;
TARGET = "http://127.0.0.1:3002";
BIND_NETWORK = "tcp";
BIND = "127.0.0.1:3003";
WEBMASTER_EMAIL = "chn@chn.moe";
SERVE_ROBOTS_TXT = true;
};
};
nixos =
@@ -62,19 +77,10 @@ inputs:
};
services =
{
nginx.https.${gitea.hostname}.location =
{
"/".proxy.upstream = "http://127.0.0.1:3002";
"/robots.txt".static.root =
let robotsFile = inputs.pkgs.fetchurl
{
url = "https://gitea.com/robots.txt";
sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
};
in "${inputs.pkgs.runCommand "robots.txt" {} "mkdir -p $out; cp ${robotsFile} $out/robots.txt"}";
};
nginx.https.${gitea.hostname}.location."/".proxy.upstream = "http://127.0.0.1:3003";
postgresql.instances.gitea = {};
};
};
systemd.services.gitea.path = [ inputs.pkgs.git-lfs-transfer ];
};
}

20
modules/services/lumericalLicenseManager/default.nix
View File

@@ -4,12 +4,7 @@ inputs:
{
type = types.nullOr (types.submodule { options =
{
macAddress = mkOption
{
type = types.str;
default = if inputs.config.nixos.system.network != null then "00:01:23:45:67:89" else null;
};
createFakeInterface = mkOption { type = types.bool; default = inputs.config.nixos.system.network != null; };
macAddress = mkOption { type = types.str; };
autoStart = mkOption { type = types.bool; default = true; };
};});
default = null;
@@ -28,16 +23,7 @@ inputs:
in [ "${license}:/home/ansys_inc/shared_files/licensing/license_files/ansyslmd.lic" ];
};
nixos.services.podman = {};
systemd =
{
network = inputs.lib.mkIf lumericalLicenseManager.createFakeInterface
{
netdevs.ensFakeLumerical.netdevConfig = { Kind = "dummy"; Name = "ensFakeLumerical"; };
networks."10-ensFakeLumerical" =
{ matchConfig.Name = "ensFakeLumerical"; linkConfig.MACAddress = lumericalLicenseManager.macAddress; };
};
services.podman-lumericalLicenseManager.wantedBy =
inputs.lib.mkIf (!lumericalLicenseManager.autoStart) (inputs.lib.mkForce []);
};
systemd.services.podman-lumericalLicenseManager.wantedBy =
inputs.lib.mkIf (!lumericalLicenseManager.autoStart) (inputs.lib.mkForce []);
};
}

10
modules/services/mariadb.nix
View File

@@ -13,6 +13,7 @@ inputs:
};}));
default = {};
};
mountFrom = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
config = let inherit (inputs.config.nixos.services) mariadb; in inputs.lib.mkIf mariadb.enable
{
@@ -30,7 +31,7 @@ inputs:
};
mysqlBackup =
{
enable = true;
enable = mariadb.mountFrom == "nodatacow";
singleTransaction = true;
databases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList mariadb.instances);
};
@@ -49,7 +50,10 @@ inputs:
nixos.system.sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList mariadb.instances)));
environment.persistence."/nix/nodatacow".directories =
[{ directory = "/var/lib/mysql"; user = "mysql"; group = "mysql"; mode = "0750"; }];
environment.persistence = inputs.lib.mkIf (mariadb.mountFrom != null)
{
"/nix/${mariadb.mountFrom}".directories =
[{ directory = "/var/lib/mysql"; user = "mysql"; group = "mysql"; mode = "0750"; }];
};
};
}

3
modules/services/nginx/default.nix
View File

@@ -51,9 +51,10 @@ inputs:
# allow realip module to set ip
set_real_ip_from 0.0.0.0/0;
real_ip_header proxy_protocol;
# gitea needs long time to upload/download large files over ssh
client_body_timeout 1h;
'';
proxyTimeout = "1d";
recommendedZstdSettings = true;
recommendedTlsSettings = true;
# do not set Host header
recommendedProxySettings = false;

2
modules/services/nginx/http.nix
View File

@@ -66,6 +66,8 @@ inputs:
{
proxyPass = v.proxy.upstream;
proxyWebsockets = v.proxy.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
extraConfig = builtins.concatStringsSep "\n" (inputs.lib.mapAttrsToList
(n: v: ''proxy_set_header ${n} "${v}";'')
v.proxy.setHeaders);

7
modules/services/nginx/https.nix
View File

@@ -66,7 +66,6 @@ inputs:
inherit (genericOptions) detectAuth;
upstream = mkOption { type = types.nonEmptyStr; };
websocket = mkOption { type = types.bool; default = false; };
grpc = mkOption { type = types.bool; default = false; };
setHeaders = mkOption
{ type = types.attrsOf types.str; default.Host = siteSubmoduleInputs.config._module.args.name; };
# echo -n "username:password" | base64
@@ -235,10 +234,12 @@ inputs:
proxy =
{
proxyWebsockets = location.value.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
proxyPass = location.value.upstream;
extraConfig = builtins.concatStringsSep "\n"
(
[ "${if location.value.grpc then "grpc" else "proxy"}_pass ${location.value.upstream};" ]
++ (inputs.lib.mapAttrsToList (n: v: ''proxy_set_header ${n} "${v}";'')
(inputs.lib.mapAttrsToList (n: v: ''proxy_set_header ${n} "${v}";'')
location.value.setHeaders)
++ (inputs.lib.optionals
(location.value.detectAuth != null || site.value.global.detectAuth != null)

10
modules/services/nixvirt.nix
View File

@@ -21,7 +21,7 @@ inputs:
storage =
{
name = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
nodatacow = mkOption { type = types.bool; default = false; };
mountFrom = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
iso = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
memory =
@@ -199,8 +199,12 @@ inputs:
type = "file";
device = "disk";
driver = { name = "qemu"; type = "raw"; cache = "writeback"; discard = "unmap"; };
source.file = "${if v.storage.nodatacow then "/nix/nodatacow" else ""}/var/lib/libvirt/images/"
+ "${v.storage.name}.img";
source.file = builtins.concatStringsSep ""
[
(if (v.storage.mountFrom != null) then "/nix/${v.storage.mountFrom}" else "")
"/var/lib/libvirt/images/"
"${v.storage.name}.img"
];
target = { dev = "vda"; bus = "virtio"; };
boot.order = 1;
}

16
modules/services/peerBanHelper.nix Normal file
View File

@@ -0,0 +1,16 @@
inputs:
{
options.nixos.services.peerBanHelper = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) peerBanHelper; in inputs.lib.mkIf (peerBanHelper != null)
{
virtualisation.oci-containers.containers.peerBanHelper =
{
inherit (inputs.topInputs.self.src.peerBanHelper) image imageFile;
volumes = [ "peerBanHelper:/app/data" ];
ports = [ "9898:9898/tcp" ];
environment = { PUID = "0"; PGID = "0"; TZ = "UTC"; };
};
nixos.services.podman = {};
};
}

4
modules/services/photoprism.nix
View File

@@ -21,8 +21,8 @@ inputs:
};
systemd.services.photoprism =
{
after = [ "mariadb.service" ];
requires = [ "mariadb.service" ];
after = [ "mysql.service" ];
requires = [ "mysql.service" ];
serviceConfig.EnvironmentFile = inputs.config.nixos.system.sops.templates."photoprism/env".path;
};
nixos =

1
modules/services/podman.nix
View File

@@ -18,6 +18,7 @@ inputs:
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
extraPackages = [ inputs.pkgs.nftables ];
};
};
hardware.nvidia-container-toolkit.enable = inputs.lib.mkIf (inputs.config.nixos.system.nixpkgs.cuda != null) true;

23
modules/services/postgresql.nix
View File

@@ -14,7 +14,7 @@ inputs:
};}));
default = {};
};
nodatacow = mkOption { type = types.bool; default = false; };
mountFrom = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
config = let inherit (inputs.config.nixos.services) postgresql; in inputs.lib.mkIf postgresql.enable
{
@@ -52,13 +52,13 @@ inputs:
};
postgresqlBackup =
{
enable = postgresql.nodatacow;
enable = postgresql.mountFrom == "nodatacow";
pgdumpOptions = "-Fc";
compression = "none";
databases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList postgresql.instances);
};
};
systemd.services.postgresql.postStart = inputs.lib.mkAfter (builtins.concatStringsSep "\n" (builtins.map
systemd.services.postgresql-setup.script = inputs.lib.mkAfter (builtins.concatStringsSep "\n" (builtins.map
(db:
let
passwordFile =
@@ -73,22 +73,25 @@ inputs:
else "";
in
# create database if not exist
"$PSQL -tAc \"SELECT 1 FROM pg_database WHERE datname = '${db.value.database}'\" | grep -q 1"
+ " || $PSQL -tAc 'CREATE DATABASE \"${db.value.database}\"${initializeFlag}'"
"psql -tAc \"SELECT 1 FROM pg_database WHERE datname = '${db.value.database}'\" | grep -q 1"
+ " || psql -tAc 'CREATE DATABASE \"${db.value.database}\"${initializeFlag}'"
# set user password
+ "\n"
+ "$PSQL -tAc \"ALTER USER ${db.value.user} with encrypted password '$(cat ${passwordFile})'\""
+ "psql -tAc \"ALTER USER ${db.value.user} with encrypted password '$(cat ${passwordFile})'\""
# set db owner
+ "\n"
+ "$PSQL -tAc \"select pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d"
+ "psql -tAc \"select pg_catalog.pg_get_userbyid(d.datdba) FROM pg_catalog.pg_database d"
+ " WHERE d.datname = '${db.value.database}' ORDER BY 1\""
+ " | grep -E '^${db.value.user}$' -q"
+ " || $PSQL -tAc \"ALTER DATABASE ${db.value.database} OWNER TO ${db.value.user}\"")
+ " || psql -tAc \"ALTER DATABASE ${db.value.database} OWNER TO ${db.value.user}\"")
(inputs.localLib.attrsToList postgresql.instances)));
nixos.system.sops.secrets = builtins.listToAttrs (builtins.map
(db: { name = "postgresql/${db.value.user}"; value.owner = inputs.config.users.users.postgres.name; })
(builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList postgresql.instances)));
environment.persistence."/nix/nodatacow".directories = inputs.lib.mkIf postgresql.nodatacow
[{ directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }];
environment.persistence = inputs.lib.mkIf (postgresql.mountFrom != null)
{
"/nix/${postgresql.mountFrom}".directories =
[{ directory = "/var/lib/postgresql"; user = "postgres"; group = "postgres"; mode = "0750"; }];
};
};
}

13
modules/services/slurm.nix
View File

@@ -282,6 +282,19 @@ inputs:
};
})
slurm.tui.cpuQueues;
Fdtd.Queue = builtins.map
(queue:
{
Name = queue.name;
Recommended =
{
Cpus =
if queue.allocateCpus != null then queue.allocateCpus
else queue.mpiThreads * queue.openmpThreads;
Memory = queue.memoryGB;
};
})
slurm.tui.cpuQueues;
}
// (if slurm.tui.gpuQueues == null then {} else rec
{

14
modules/services/xray/client.nix
View File

@@ -49,7 +49,7 @@ inputs:
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content = let chinaDns = "223.5.5.5"; foreignDns = "8.8.8.8"; in builtins.toJSON
content = builtins.toJSON
{
log.loglevel = "warning";
dns =
@@ -59,19 +59,19 @@ inputs:
# 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
[
{
address = chinaDns;
address = "https://1.12.12.12/dns-query";
domains = [ "geosite:geolocation-cn" ];
expectIPs = [ "geoip:cn" ];
skipFallback = true;
}
{
address = foreignDns;
address = "8.8.8.8";
domains = [ "geosite:geolocation-!cn" ];
expectIPs = [ "geoip:!cn" ];
skipFallback = true;
}
{ address = chinaDns; expectIPs = [ "geoip:cn" ]; }
{ address = foreignDns; }
{ address = "https://1.12.12.12/dns-query"; expectIPs = [ "geoip:cn" ]; }
{ address = "8.8.8.8"; }
];
disableCache = true;
queryStrategy = "UseIPv4";
@@ -153,8 +153,8 @@ inputs:
rules = builtins.map (rule: rule // { type = "field"; })
[
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
{ inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
{ inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "dns-internal" ]; ip = [ "1.12.12.12" ]; outboundTag = "direct"; }
{ inboundTag = [ "dns-internal" ]; ip = [ "8.8.8.8" ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }

2
modules/services/xray/xmuServer.nix
View File

@@ -60,6 +60,6 @@ inputs:
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
nixos.services.nginx.https.${xmuServer.hostname}.location =
{ "/".return.return = "400"; "/xsession".proxy = { upstream = "127.0.0.1:4727"; grpc = true; }; };
{ "/".return.return = "400"; "/xsession".proxy.upstream = "http://127.0.0.1:4727"; };
};
}

1
modules/system/default.nix
View File

@@ -59,5 +59,6 @@ inputs:
configurationRevision = inputs.topInputs.self.rev or "dirty";
nixos = { versionSuffix = inputs.lib.mkForce ""; tags = [ inputs.topInputs.self.config.branch ]; };
};
chaotic.nyx.cache.enable = false;
};
}

48
modules/system/fileSystems/cluster.nix
View File

@@ -11,29 +11,35 @@ inputs:
config = inputs.lib.mkMerge
[
# 将一部分由 home-manager 生成软链接的文件改为直接挂载,以兼容集群的设置
(let files = [ ".zshrc" ".zshenv" ".profile" ".bashrc" ".bash_profile" ".zlogin" ]; in
{
home-manager.users = builtins.listToAttrs (builtins.map
(user:
{
name = user;
value.config.home.file =
builtins.listToAttrs (builtins.map (file: { name = file; value.enable = false; }) files);
})
inputs.config.nixos.user.users);
systemd.mounts = builtins.concatLists (builtins.map
(user: builtins.map
(file:
(
let files = user:
[
"/home/${user}/.zshrc" "/home/${user}/.zshenv" "/home/${user}/.zlogin"
".profile" ".bashrc" ".bash_profile"
];
in
{
home-manager.users = builtins.listToAttrs (builtins.map
(user: inputs.lib.nameValuePair user
{
what = "${inputs.config.home-manager.users.${user}.home.file.${file}.source}";
where = "/home/${user}/${file}";
options = "bind";
wantedBy = [ "local-fs.target" ];
config.home.file = builtins.listToAttrs (builtins.map
(file: inputs.lib.nameValuePair "${file}" { enable = false; }) (files user));
})
files
)
inputs.config.nixos.user.users);
})
inputs.config.nixos.user.users);
systemd.mounts = builtins.concatLists (builtins.map
(user: builtins.map
(file:
{
what = "${inputs.config.home-manager.users.${user}.home.file.${file}.source}";
where = if inputs.lib.strings.hasPrefix "/home" file then file else "/home/${user}/${file}";
options = "bind";
wantedBy = [ "local-fs.target" ];
})
(files user)
)
inputs.config.nixos.user.users);
}
)
(
let
fsCluster = inputs.config.nixos.system.fileSystems.cluster;

6
modules/system/fileSystems/default.nix
View File

@@ -61,9 +61,13 @@ inputs:
# zstd:15 5m33s 7.16G
# zstd:8 54s 7.32G
# zstd:3 17s 7.52G
"compress-force=zstd"
# use compress instead of compress-force, since compress-force force all data trunk to be < 128K
# https://github.com/Zygo/bees/issues/298#issuecomment-3085228968
"compress=zstd"
# large btrfs volume need more time to mount (default 90s might not be enough)
"x-systemd.mount-timeout=300s"
# default noflushoncommit can cause data loss, especially working with beesd, when power lost
"flushoncommit"
];
neededForBoot = true;
};

2
modules/system/fileSystems/impermanence.nix
View File

@@ -67,7 +67,7 @@ inputs:
"/nix/persistent".users.chn.directories =
[
"bin" "Desktop" "Documents" "Downloads" "Music" "Pictures" "repo" "share" "Public" "Videos" ".config"
".local/share" ".ecdata" { directory = ".mozilla/firefox/default"; mode = "0700"; } ".steam" ".vscode" ".zotero"
".local/share" ".ecdata" { directory = ".mozilla/firefox/default"; mode = "0700"; } ".steam" ".zotero"
"Zotero"
];
})

7
modules/system/fileSystems/nfs.nix
View File

@@ -29,8 +29,11 @@ inputs:
neededForBoot = device.value.hard or true;
options = builtins.concatLists
[
# sync every seconds
[ "actimeo=1" "noatime" ]
[
"actimeo=1" # sync every seconds
"noatime"
"x-gvfs-hide" # hide in file managers (e.g. dolphin)
]
# when try to mount at startup, wait 15 minutes before giving up
(inputs.lib.optionals (device.value.hard or true) [ "retry=15" "x-systemd.device-timeout=15min" ])
# do not fail, just try continuously in background

4
modules/system/fileSystems/rollingRootfs.nix
View File

@@ -37,11 +37,10 @@ inputs:
in
''
# wait for device to be available
while ! lsmod | grep -q btrfs; do sleep 1; done
${waitDevice}
# mount device
mount ${device} /mnt -m
mount ${device} /mnt -m -o noatime
# move old rootfs, create new one
if [ -f /mnt/nix/rootfs/current/.timestamp ]
@@ -52,7 +51,6 @@ inputs:
btrfs property set -ts /mnt/nix/rootfs/$timestamp-$subvolid ro true
fi
[ -d /mnt/nix/rootfs/current ] || btrfs subvolume create /mnt/nix/rootfs/current
chattr +C /mnt/nix/rootfs/current
echo $(date '+%Y%m%d%H%M%S') > /mnt/nix/rootfs/current/.timestamp
# make systemd happy

2
modules/system/font.nix
View File

@@ -10,6 +10,8 @@ inputs:
noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono hack-font inter
noto-fonts-color-emoji roboto sarasa-gothic source-han-mono wqy_microhei wqy_zenhei noto-fonts-cjk-sans
noto-fonts-emoji corefonts vistafonts vistafonts-chs dejavu_fonts nerd-fonts.fira-code
# needed by typst may template
lxgw-wenkai libertinus
];
fontconfig.defaultFonts =
{

136
modules/system/grub.nix
View File

@@ -1,80 +1,86 @@
inputs:
{
options.nixos.system.grub = let inherit (inputs.lib) mkOption types; in
options.nixos.system.grub = let inherit (inputs.lib) mkOption types; in mkOption
{
timeout = mkOption { type = types.int; default = 15; };
windowsEntries = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
# "efi" using efi, "efiRemovable" using efi with install grub removable, or dev path like "/dev/sda" using bios
installDevice = mkOption { type = types.str; default = "efi"; };
type = types.nullOr (types.submodule { options =
{
timeout = mkOption { type = types.int; default = 15; };
windowsEntries = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
# "efi" using efi, "efiRemovable" using efi with install grub removable, or dev path like "/dev/sda" using bios
installDevice = mkOption { type = types.str; default = "efi"; };
};});
default = { x86_64 = {}; aarch64 = null; }.${inputs.config.nixos.model.arch};
};
config = let inherit (inputs.config.nixos.system) grub; in inputs.lib.mkMerge
[
# general settings
{ boot.loader.grub = { enable = true; useOSProber = false; }; }
# grub timeout
{ boot.loader.timeout = grub.timeout; }
# grub install
{
boot.loader =
config = let inherit (inputs.config.nixos.system) grub; in inputs.localLib.mkConditional (grub != null)
(inputs.lib.mkMerge
[
# general settings
{ boot.loader.grub = { enable = true; useOSProber = false; }; }
# grub timeout
{ boot.loader.timeout = grub.timeout; }
# grub install
{
grub =
boot.loader =
{
device = if builtins.elem grub.installDevice [ "efi" "efiRemovable" ] then "nodev" else grub.installDevice;
efiSupport = builtins.elem grub.installDevice [ "efi" "efiRemovable" ];
efiInstallAsRemovable = grub.installDevice == "efiRemovable";
grub =
{
device = if builtins.elem grub.installDevice [ "efi" "efiRemovable" ] then "nodev" else grub.installDevice;
efiSupport = builtins.elem grub.installDevice [ "efi" "efiRemovable" ];
efiInstallAsRemovable = grub.installDevice == "efiRemovable";
};
efi.canTouchEfiVariables = grub.installDevice == "efi";
};
efi.canTouchEfiVariables = grub.installDevice == "efi";
};
}
# extra grub entries
{
boot.loader.grub =
}
# extra grub entries
{
memtest86.enable = true;
extraFiles = inputs.lib.mkIf (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
{ "shell.efi" = "${inputs.pkgs.genericPackages.edk2-uefi-shell}/shell.efi"; };
extraEntries = inputs.lib.mkMerge (builtins.concatLists
[
(builtins.map
(system:
''
menuentry "${system.value}" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root ${system.name}
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'')
(inputs.localLib.attrsToList grub.windowsEntries))
boot.loader.grub =
{
memtest86.enable = true;
extraFiles = inputs.lib.mkIf (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
{ "shell.efi" = "${inputs.pkgs.genericPackages.edk2-uefi-shell}/shell.efi"; };
extraEntries = inputs.lib.mkMerge (builtins.concatLists
[
''
menuentry "System shutdown" {
echo "System shutting down..."
halt
}
menuentry "System restart" {
echo "System rebooting..."
reboot
}
''
(
inputs.lib.optionalString (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
(builtins.map
(system:
''
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
menuentry "UEFI Shell" {
menuentry "${system.value}" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
chainloader @bootRoot@/shell.efi
search --fs-uuid --set=root ${system.name}
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'')
(inputs.localLib.attrsToList grub.windowsEntries))
[
''
menuentry "System shutdown" {
echo "System shutting down..."
halt
}
menuentry "System restart" {
echo "System rebooting..."
reboot
}
''
)
]
]);
};
}
];
(
inputs.lib.optionalString (builtins.elem grub.installDevice [ "efi" "efiRemovable" ])
''
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
fwsetup
}
menuentry "UEFI Shell" {
insmod fat
insmod chain
chainloader @bootRoot@/shell.efi
}
''
)
]
]);
};
}
])
{ boot.loader.grub.enable = false; };
}

42
modules/system/gui.nix
View File

@@ -19,7 +19,7 @@ inputs:
let sessionData = "${inputs.config.services.displayManager.sessionData.desktops}/share";
in builtins.concatStringsSep " "
[
"${inputs.pkgs.greetd.tuigreet}/bin/tuigreet"
"${inputs.pkgs.tuigreet}/bin/tuigreet"
"--sessions ${sessionData}/wayland-sessions --xsessions ${sessionData}/xsessions"
"--time --asterisks --remember --remember-user-session"
(inputs.lib.optionalString (gui.implementation == "kde") "--cmd startplasma-wayland")
@@ -43,17 +43,21 @@ inputs:
programs.dconf.enable = true;
nixos.user.sharedModules = [(hmInputs:
{
config.gtk =
config =
{
enable = true;
theme.name = "Breeze";
gtk2 =
gtk =
{
extraConfig = ''gtk-im-module="fcitx"'';
configLocation = "${hmInputs.config.xdg.configHome}/gtk-2.0/gtkrc";
enable = true;
theme.name = "Breeze";
gtk2 =
{
extraConfig = ''gtk-im-module="fcitx"'';
configLocation = "${hmInputs.config.xdg.configHome}/gtk-2.0/gtkrc";
force = true;
};
gtk3.extraConfig.gtk-im-module = "fcitx";
gtk4.extraConfig.gtk-im-module = "fcitx";
};
gtk3.extraConfig.gtk-im-module = "fcitx";
gtk4.extraConfig.gtk-im-module = "fcitx";
};
})];
})
@@ -67,6 +71,26 @@ inputs:
(inputs.lib.mkIf (gui.implementation == "niri")
{
programs.niri.enable = true;
nixos.user.sharedModules = [(hmInputs:
{
config.programs.dankMaterialShell = { enable = true; enableKeybinds = true; enableSystemd = true; };
})];
# niri module will auto enable this, disable it to avoid conflict with system ssh-agent and kwallet
services.gnome = { gcr-ssh-agent.enable = false; gnome-keyring.enable = inputs.lib.mkForce false; };
})
# niri setup kwallet
(inputs.lib.mkIf (gui.implementation == "niri")
{
nixos.packages.packages._packages = with inputs.pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
xdg.portal.extraPortals = [ inputs.pkgs.kdePackages.kwallet ];
security.pam.services.login.kwallet = { enable = true; package = inputs.pkgs.kdePackages.kwallet-pam; };
services.dbus.packages = inputs.lib.singleton
(inputs.pkgs.writeTextDir "share/dbus-1/services/org.freedesktop.secrets.service"
''
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=${inputs.pkgs.kdePackages.kwallet}/bin/kwalletd6
'');
})
];
}

74
modules/system/kernel/btusb.patch Normal file
View File

@@ -0,0 +1,74 @@
Message-Id: <20250606-btusb-mt7925-add-v1-1-9b64bfa86ea4@hexchain.org>
Date: Fri, 06 Jun 2025 23:33:03 +0800
From: Haochen Tong via B4 Relay <devnull+i.hexchain.org@...nel.org>
To: Marcel Holtmann <marcel@...tmann.org>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>
Cc: linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] Bluetooth: btusb: Add a new VID/PID 2c7c/7009 for MT7925
From: Haochen Tong <i@...chain.org>
Adds a new entry with VID 2c7c and PID 7009 for MediaTek MT7925
Bluetooth chip.
The device information from /sys/kernel/debug/usb/devices is provided
below.
T: Bus=03 Lev=01 Prnt=01 Port=04 Cnt=02 Dev#= 3 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=7009 Rev= 1.00
S: Manufacturer=MediaTek Inc.
S: Product=Wireless_Device
S: SerialNumber=000000000
C:* #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=100mA
A: FirstIf#= 0 IfCount= 3 Cls=e0(wlcon) Sub=01 Prot=01
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=125us
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
I: If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 63 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 63 Ivl=1ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=8a(I) Atr=03(Int.) MxPS= 64 Ivl=125us
E: Ad=0a(O) Atr=03(Int.) MxPS= 64 Ivl=125us
I: If#= 2 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=8a(I) Atr=03(Int.) MxPS= 512 Ivl=125us
E: Ad=0a(O) Atr=03(Int.) MxPS= 512 Ivl=125us
Signed-off-by: Haochen Tong <i@...chain.org>
---
drivers/bluetooth/btusb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 9ab661d2d1e69028061fa3accd5106f481094100..e4a45596762f8c7d8ba10b4107d6e6f2203188e2 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -725,6 +725,8 @@ static const struct usb_device_id quirks_table[] = {
BTUSB_WIDEBAND_SPEECH },
{ USB_DEVICE(0x13d3, 0x3630), .driver_info = BTUSB_MEDIATEK |
BTUSB_WIDEBAND_SPEECH },
+ { USB_DEVICE(0x2c7c, 0x7009), .driver_info = BTUSB_MEDIATEK |
+ BTUSB_WIDEBAND_SPEECH },
/* Additional Realtek 8723AE Bluetooth devices */
{ USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },

40
modules/system/kernel/default.nix
View File

@@ -4,8 +4,8 @@ inputs:
{
variant = mkOption
{
type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" ]);
default = "xanmod-lts";
type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" "cachyos" ]);
default = { x86_64 = "xanmod-lts"; aarch64 = "nixos"; }.${inputs.config.nixos.model.arch};
};
patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
@@ -34,24 +34,50 @@ inputs:
# network for srv3
"igb"
# touchscreen for one
"pinctrl-tigerlake" "i2c-hid-acpi"
"i2c-hid-acpi"
# bridge network
"bridge"
# disk for nas
"ahci" "nvme" "igc"
]
++ (inputs.lib.optionals (kernel.variant != "nixos") [ "crypto_simd" ]);
extraModulePackages = with inputs.config.boot.kernelPackages; [ v4l2loopback zenpower ];
# touchscreen for one
++ (inputs.lib.optionals (inputs.config.nixos.model.arch == "x86_64") [ "pinctrl-tigerlake" ]);
extraModulePackages = with inputs.config.boot.kernelPackages;
[
v4l2loopback
(if inputs.pkgs.stdenv.hostPlatform.linuxArch == "x86_64" then zenpower else inputs.pkgs.emptyDirectory)
];
# force i2c-hid-acpi to load after pinctrl-tigerlake
extraModprobeConfig = "softdep i2c-hid-acpi pre: pinctrl-tigerlake";
kernelParams = [ "delayacct" ];
kernelParams = inputs.lib.mkMerge
[
[ "delayacct" ]
(inputs.lib.mkIf (builtins.elem "btrfs" kernel.patches) [ "btrfs.read_policy=queue" ])
];
kernelPackages = inputs.lib.mkIf (kernel.variant != null)
{
nixos = inputs.pkgs.linuxPackages;
xanmod-lts = inputs.pkgs.linuxPackages_xanmod;
xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest;
xanmod-unstable = inputs.pkgs.pkgs-unstable.linuxPackages_xanmod_latest;
cachyos = inputs.pkgs.linuxPackages_cachyos-gcc;
}.${kernel.variant};
kernelPatches =
let patches.hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
let patches =
{
hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];
btrfs =
[{
name = "btrfs";
patch = inputs.pkgs.fetchurl
{
url = "https://github.com/kakra/linux/pull/36.patch";
sha256 = "0wimihsvrxib6g23jcqdbvqlkqk6nbqjswfx9bzmpm1vlvzxj8m0";
};
structuredExtraConfig.BTRFS_EXPERIMENTAL = inputs.lib.kernel.yes;
}];
btusb = [{ name = "btusb"; patch = ./btusb.patch; }];
};
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
};

5
modules/system/nix-ld.nix
View File

@@ -1,7 +1,10 @@
inputs:
{
options.nixos.system.nix-ld = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
{
type = types.nullOr (types.submodule {});
default = if inputs.config.nixos.model.arch == "x86_64" then {} else null;
};
config = let inherit (inputs.config.nixos.system) nix-ld; in inputs.lib.mkIf (nix-ld != null)
{
programs.nix-ld =

3
modules/system/nix.nix
View File

@@ -33,7 +33,8 @@ inputs:
max-jobs = 4;
cores = 0;
keep-going = true;
keep-outputs = true;
# do not keep unused outputs, backup it manually on nas
keep-outputs = false;
connect-timeout = 5;
};
systemd.services.nix-daemon = { serviceConfig.CacheDirectory = "nix"; environment.TMPDIR = "/var/cache/nix"; };

10
modules/system/nixpkgs.nix
View File

@@ -12,17 +12,21 @@ inputs:
};});
default = null;
};
rocm = mkOption { type = types.bool; default = false; };
};
config = let inherit (inputs.config.nixos.system) nixpkgs; in
{
nixpkgs = inputs.localLib.buildNixpkgsConfig
{ inherit inputs; nixpkgs = nixpkgs // { nixRoot = null; nixos = true; }; };
{
inherit inputs;
nixpkgs = nixpkgs // { nixos = true; inherit (inputs.config.nixos.model) arch; };
};
boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
[{
name = "native kernel";
patch = null;
extraStructuredConfig =
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; };
structuredExtraConfig =
let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; znver5 = "MZEN5"; };
in
{
GENERIC_CPU = inputs.lib.kernel.no;

10
modules/system/systemd.nix
View File

@@ -6,11 +6,11 @@ inputs:
services.journald.extraConfig = "MaxRetentionSec=7d";
systemd =
{
extraConfig =
''
DefaultTimeoutStopSec=10s
DefaultLimitNOFILE=1048576:1048576
'';
settings.Manager =
{
DefaultTimeoutStopSec = "10s";
DefaultLimitNOFILE = "1048576:1048576";
};
user.extraConfig = "DefaultTimeoutStopSec=10s";
services =
{

19
modules/system/uboot.nix Normal file
View File

@@ -0,0 +1,19 @@
inputs:
{
options.nixos.system.uboot = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule (submoduleInputs: { options =
{
buildArgs = mkOption { type = types.attrsOf types.anything; };
package = mkOption
{
type = types.package;
readOnly = true;
default = inputs.pkgs.buildUBoot submoduleInputs.config.buildArgs;
};
};}));
default = { x86_64 = null; aarch64 = {}; }.${inputs.config.nixos.model.arch};
};
config = let inherit (inputs.config.nixos.system) uboot; in inputs.lib.mkIf (uboot != null)
{ boot.loader.generic-extlinux-compatible.enable = true; };
}

5
modules/user/aleksana/default.nix
View File

@@ -1,5 +0,0 @@
inputs:
{
config = let inherit (inputs.config.nixos) user; in inputs.lib.mkIf (builtins.elem "aleksana" user.users)
{ users.users.aleksana.extraGroups = inputs.lib.mkIf (inputs.config.nixos.model.hostname == "srv3") [ "wheel" ]; };
}

1
modules/user/aleksana/id_ed25519.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfnbbQUshhe86KNshwZQNdKEbBWs8u5hurJdLkIsSYV

1
modules/user/alikia/id_ed25519.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnzvCcneAdb8lLDaCTFC0TunEfE5I0X1t1hXEFl7qgN

1
modules/user/chn/git.nix
View File

@@ -5,7 +5,6 @@ inputs:
home-manager.users.chn.config.programs.git =
{
enable = true;
package = inputs.pkgs.gitFull;
extraConfig =
{
core.editor = if inputs.config.nixos.model.type == "desktop" then "code --wait" else "hx";

Some files were not shown because too many files have changed in this diff Show More