chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 12:39:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:test-nebula
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:docker
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

80 Commits
test-nebul ... docker

Author SHA1 Message Date
chn
a069e7b15e 暂存 2023-09-17 23:12:38 +08:00
chn
beffb2bb95 暂存 2023-09-17 12:48:06 +08:00
chn
77ecc9787c nginx: remove unnecessary acme path 2023-09-16 17:50:45 +08:00
chn
f087027c6b misskey: fix mount options 2023-09-16 16:26:23 +08:00
chn
aad3849ee1 整理 frp 2023-09-16 16:01:23 +08:00
chn
f48a494e4f nginx: httpProxy add rewriteHttps option 
nginx: httpProxy add locations support
vaultwarden: init
 2023-09-16 15:34:27 +08:00
chn
4463cab071 nginx: fix streamProxy rewriteHttps 2023-09-16 00:22:17 +08:00
chn
286967f7fe meilisearch: remove some IO limits 2023-09-15 22:53:20 +08:00
chn
fc6fa4b1db drop unused machines 2023-09-15 21:52:21 +08:00
chn
a21d4258f2 nginx: fix resolver 2023-09-15 21:21:33 +08:00
chn
4387adde3f nginx: add streamProxy 
vps6: enable nginx streamProxy
 2023-09-15 20:59:18 +08:00
chn
bb456479b0 disable avx2 for cryptonie 2023-09-15 13:48:48 +08:00
chn
9efc93db49 nas: add user zem, yjq, yxy 2023-09-14 19:11:33 +08:00
chn
2130ded160 nas: enable user xll 2023-09-14 18:50:03 +08:00
chn
d51a8177d6 sshd: allow password authentication 2023-09-14 18:38:10 +08:00
chn
0eb722dab1 整理samba 2023-09-13 23:52:49 +08:00
chn
25995e7dd8 fix permission 2023-09-13 23:32:10 +08:00
chn
da1a328165 users: fix home-manager for xll 2023-09-13 22:27:40 +08:00
chn
040352d30a groupshare: fix permissions 2023-09-13 22:21:16 +08:00
chn
544b071081 fix 2023-09-13 21:21:13 +08:00
chn
f5ff5c3a9e xrdp: allow multiple hostnames 2023-09-13 21:19:08 +08:00
chn
9847e21bff acme: allow multiple domains 2023-09-13 21:13:13 +08:00
chn
4ad8abda21 nas: enable some services 2023-09-13 19:26:56 +08:00
chn
0e7385c408 nas: enable xrayClient 2023-09-13 19:12:32 +08:00
chn
ef7fe907a6 chn: nas use office.chn.moe 2023-09-13 19:05:16 +08:00
chn
48b1480206 programs: fix gpg 2023-09-13 13:51:30 +08:00
chn
eccdd913ed fileSystems: disable acl for vfat 2023-09-13 13:27:35 +08:00
chn
4eaa4f8df2 pc: enable nebula relay 
nas: enable nebula relay
 2023-09-13 10:25:42 +08:00
chn
1e631be14d nebula: fix firewall rules, allow relay 2023-09-13 10:23:00 +08:00
chn
01213d9eff nebula: use relay 2023-09-13 02:12:52 +08:00
chn
b8dcfa0fd6 groupshare: fix 2023-09-13 02:12:41 +08:00
chn
53be0e13c4 add groupshare (currently not working) 2023-09-12 23:08:35 +08:00
chn
716a4cbfcf fileSystems: set all file systems to neededForBoot 2023-09-12 21:37:47 +08:00
chn
d2c547ca46 nas: install system to ssd 2023-09-12 21:34:48 +08:00
chn
3f917a0cd1 nas: enable xrdp 2023-09-12 20:56:58 +08:00
chn
a1e0e17543 disable baloo for all user 2023-09-12 20:52:41 +08:00
chn
128ce69ce3 nas: enable nebula 2023-09-12 16:38:14 +08:00
chn
58e862661f 整理 users 2023-09-12 16:31:20 +08:00
chn
84effe92c6 nebula: bypass xray client transparent proxy 2023-09-12 12:27:22 +08:00
chn
f5ae7b00f9 add vlc 2023-09-11 20:33:49 +08:00
chn
e7fd01b42f update openexr 2023-09-11 10:23:36 +08:00
chn
6215e59f74 workstation: add gcc13Stdenv to prebuildPackages 2023-09-10 22:58:24 +08:00
chn
228a538819 fix concurrencpp include path 2023-09-10 21:53:18 +08:00
chn
a08c325d86 add concurrencpp 2023-09-10 21:23:22 +08:00
chn
007438ba1f pe: add deploy 2023-09-10 18:09:48 +08:00
chn
9b03c80b9a nas: enable gui 2023-09-10 17:03:26 +08:00
chn
eef8b0f312 set gcc flags for unstablePackages 2023-09-10 16:40:19 +08:00
chn
dfcd4582ba nas: enable deploy 2023-09-10 15:32:32 +08:00
chn
0fc95d4abf ssh: fix authorized_keys 2023-09-10 15:31:39 +08:00
chn
32712534e4 set nas ip 2023-09-10 15:26:34 +08:00
chn
e7df638e35 nas: final setup 2023-09-10 15:07:19 +08:00
chn
eba953b7ad waydroid use unstablePackages 2023-09-10 14:35:08 +08:00
chn
b286d9c8dc update nixpkgs 2023-09-10 12:05:08 +08:00
chn
14d61eb3a7 pe: enable kvmGuest 2023-09-10 11:20:33 +08:00
chn
77b8330ed5 Revert "nixpkgs: use generic haskellPackages" 
This reverts commit fd13864f48.
 2023-09-10 01:51:40 +08:00
chn
fd13864f48 nixpkgs: use generic haskellPackages 2023-09-10 00:31:00 +08:00
chn
b4792327e6 Revert "nixpkgs: use generic pandoc" 
This reverts commit 558a61a0f1.
 2023-09-10 00:26:51 +08:00
chn
558a61a0f1 nixpkgs: use generic pandoc 2023-09-10 00:23:53 +08:00
chn
87db616f7e add krita 2023-09-09 21:38:53 +08:00
chn
96271f7ac6 fileSystems: fix mdadm 2023-09-09 21:22:56 +08:00
chn
bc9c2a45d4 pc 基本上编译通过 2023-09-09 14:15:57 +08:00
chn
40dec0e342 Merge branch 'main' into stable 2023-09-09 11:11:53 +08:00
chn
812d646adc systemd: fix coredump 2023-09-09 00:40:39 +08:00
chn
6f166dcb80 update nur 2023-09-08 10:28:18 +08:00
chn
3ea27ee691 Revert "misskey: fix systemd shutdown" 
This reverts commit 6d2c08e434.
 2023-09-08 08:40:52 +08:00
chn
2615ed6437 暂存 2023-09-08 05:49:52 +08:00
chn
7c674ebbf9 update everything 2023-09-07 11:43:05 +08:00
chn
6d2c08e434 misskey: fix systemd shutdown 2023-09-07 04:17:24 +08:00
chn
6d1266b2b4 restart misskey everyday 2023-09-07 03:58:02 +08:00
chn
b402bff18b add v_sim 2023-09-06 20:04:23 +08:00
chn
eceb956c5e add huginn 2023-09-06 17:58:46 +08:00
chn
6aca2d605d update cjktty 2023-09-06 16:50:31 +08:00
chn
42879f22cb add bundix 2023-09-06 16:44:55 +08:00
chn
04bf86f89e kernel: update 2023-09-06 13:06:02 +08:00
chn
d5cd5d256e vasp: use openmpi without cuda support 2023-09-06 02:14:56 +08:00
chn
12705172fb Revert "disable nix-ld" 
This reverts commit c146f56df5.
 2023-09-06 01:43:16 +08:00
chn
865f2c3c78 vesta: fix build 2023-09-06 01:43:02 +08:00
chn
c146f56df5 disable nix-ld 2023-09-06 01:22:42 +08:00
chn
c5a9da5a4b add openbox 2023-09-06 00:19:19 +08:00
chn
63ee2ce5d9 slack: use stablePackages 2023-09-06 00:18:50 +08:00
44 changed files with 1521 additions and 977 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@@ -5,6 +5,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
- &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
creation_rules:
- path_regex: secrets/pc\.yaml$
key_groups:
@@ -29,6 +30,7 @@ creation_rules:
key_groups:
- age:
- *chn
- *nas
- path_regex: secrets/xmupc1\.yaml$
key_groups:
- age:

281
flake.lock generated
View File

@@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1691174970,
"narHash": "sha256-8QpyT2OXYcXSdj8hM9uSSnApTOpzhndzNF+9a5pYuA0=",
"lastModified": 1693886279,
"narHash": "sha256-oVCA5yz6zcsFzGCCwRpVDuDml7Z0sWQqW1fEWWcC0xM=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "79ee3b5d776cb268e481d4d2ad5960b92e3e61a6",
"rev": "8fc45fabbedef44a481c3bcabd9512732c0ade91",
"type": "github"
},
"original": {
@@ -30,11 +30,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"lastModified": 1694158470,
"narHash": "sha256-yWx9eBDHt6WR3gr65+J85KreHdMypty/P6yM35tIYYM=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"rev": "d0cfc042eba92eb206611c9e8784d41a2c053bab",
"type": "github"
},
"original": {
@@ -165,11 +165,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@@ -226,6 +226,22 @@
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@@ -269,11 +285,11 @@
]
},
"locked": {
"lastModified": 1690933134,
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"type": "github"
},
"original": {
@@ -307,7 +323,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
@@ -346,7 +362,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1685518550,
@@ -363,15 +379,12 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@@ -382,7 +395,7 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
"systems": "systems_4"
},
"locked": {
"lastModified": 1689068808,
@@ -400,7 +413,7 @@
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
"systems": "systems_5"
},
"locked": {
"lastModified": 1681202837,
@@ -417,15 +430,12 @@
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
@@ -436,14 +446,14 @@
},
"flake-utils_7": {
"inputs": {
"systems": "systems_9"
"systems": "systems_6"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1692799911,
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
"type": "github"
},
"original": {
@@ -454,7 +464,7 @@
},
"flake-utils_8": {
"inputs": {
"systems": "systems_10"
"systems": "systems_7"
},
"locked": {
"lastModified": 1685518550,
@@ -490,7 +500,7 @@
"inputs": {
"flake-parts": "flake-parts_4",
"haskell-flake": "haskell-flake",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1688568579,
@@ -538,16 +548,16 @@
]
},
"locked": {
"lastModified": 1691506824,
"narHash": "sha256-Z2Ms7036CCEAfCmDBDy+sFauO6/7fx2UN3aoPCpp4tA=",
"lastModified": 1693208669,
"narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7b8d43fbaf8450c30caaed5eab876897d0af891b",
"rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
@@ -630,11 +640,11 @@
]
},
"locked": {
"lastModified": 1672245824,
"narHash": "sha256-i596lbPiA/Rfx3DiJiCluxdgxWY7oGSgYMT7OmM+zik=",
"lastModified": 1693989153,
"narHash": "sha256-gx39Y3opGB25+44OjM+h1bdJyzgLD963va8ULGYlbhM=",
"owner": "nix-community",
"repo": "napalm",
"rev": "7c25a05cef52dc405f4688422ce0046ca94aadcf",
"rev": "a8215ccf1c80070f51a92771f3bc637dd9b9f7ee",
"type": "github"
},
"original": {
@@ -678,11 +688,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1690903419,
"narHash": "sha256-ciRzOsKNtAZDahTn0Y0zW7AgyrVh+b1WaW+sBDiV5PA=",
"lastModified": 1693880502,
"narHash": "sha256-krCRVLNdlCI7l7F1Bb2ovkgac8hoz015LyYvm/+aYZw=",
"owner": "thiagokokada",
"repo": "nix-alien",
"rev": "e1c6e6015e3c9a07d20c1e598dfea539b6337150",
"rev": "0fbd284930bcf1a5d1e3d07f2973e6f1738505cc",
"type": "github"
},
"original": {
@@ -698,11 +708,11 @@
]
},
"locked": {
"lastModified": 1691292840,
"narHash": "sha256-NA+o/NoOOQhzAQwB2JpeKoG+iYQ6yn/XXVxaGd5HSQI=",
"lastModified": 1693711723,
"narHash": "sha256-5QmlVzskLciJ0QzYmZ6ULvKA7bP6pgV9wwrLBB0V3j0=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "6c626d54d0414d34c771c0f6f9d771bc8aaaa3c4",
"rev": "aca56a79afb82208af2b39d8459dd29c10989135",
"type": "github"
},
"original": {
@@ -720,11 +730,11 @@
]
},
"locked": {
"lastModified": 1693444987,
"narHash": "sha256-XzFFVOCtOTmaKtnE3Y/iOC0i3ZAj2tdO5aWOa6J7IDc=",
"lastModified": 1694222210,
"narHash": "sha256-PzfwrGQMEpJk4lMK2a47bFbJpJFlAG/ihvZsL9U1Lik=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "f878309889d6d91867f4455d223df0f521e2a6d1",
"rev": "5a63908466573a4a1c0466e38f33c42c73ec5136",
"type": "github"
},
"original": {
@@ -736,7 +746,9 @@
"nixd": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1693052712,
@@ -782,11 +794,11 @@
]
},
"locked": {
"lastModified": 1692283173,
"narHash": "sha256-6bt+X2PpoyUAtEDWJM0XT0Z54JA2YHw62VoZRTRkz7s=",
"lastModified": 1694192131,
"narHash": "sha256-nt5ypVXKh65lQFqKqWgytEzI841yUhpl6E291Briu+g=",
"owner": "nixpak",
"repo": "nixpak",
"rev": "eef08f1a7e871e3017edbc54d0374292a9b6f67a",
"rev": "16bd2860238c53bb7a31f745693d7d3c33a1490c",
"type": "github"
},
"original": {
@@ -879,29 +891,29 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"nixpkgs-unstable": {
"locked": {
"lastModified": 1691421349,
"narHash": "sha256-RRJyX0CUrs4uW4gMhd/X4rcDG8PTgaaCQM5rXEJOx6g=",
"owner": "NixOS",
"lastModified": 1694398355,
"narHash": "sha256-pUthVGI70SDT4M7FDihBuu4PDOmfySaUSjfY/QI6Y3Y=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "011567f35433879aae5024fc6ec53f2a0568a6c4",
"rev": "4944d71d43387083e6b7c7530caf3b1902c5eb27",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"owner": "CHN-beta",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1689352711,
"narHash": "sha256-xWYFt8vWnstDIVsZ26y9mf6h3714lVmXd6l+hTQz6tw=",
"lastModified": 1692007866,
"narHash": "sha256-X8w0vPZjZxMm68VCwh/BHDoKRGp+BgzQ6w7Nkif6IVM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2047c642ce0f75307e8a0f2ec94715218c481184",
"rev": "de2b8ddf94d6cc6161b7659649594c79bd66c13b",
"type": "github"
},
"original": {
@@ -912,22 +924,6 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1686398752,
"narHash": "sha256-nGWNQVhSw4VSL+S0D0cbrNR9vs9Bq7rlYR+1K5f5j6w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a30520bf8eabf8a5c37889d661e67a2dbcaa59e6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1688322751,
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
@@ -943,29 +939,29 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1693843185,
"narHash": "sha256-/huFNnA50JSUyEg68v9uiC4xl8shVsS5LgtNRlzZvHo=",
"lastModified": 1694926133,
"narHash": "sha256-WhYl7OMx0+QBzavtLQwghN1cZGmqfeWsZpmk9zJLkjs=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "e7e8dca748d5fa1a29b5bb231bf8aa727c29b89c",
"rev": "92dee91f11ade35b4f668c9d604e6375d15978d8",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"ref": "nixos-unstable",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1691559855,
"narHash": "sha256-UkXcNHsasO0sr8W8X8wGeM1bBuLC5tHEueryGSLaE+E=",
"lastModified": 1694237951,
"narHash": "sha256-6gql7EJIWwn3mUvG/RHf1iGUA3Ptfmalz9WdgX3noSY=",
"owner": "nix-community",
"repo": "NUR",
"rev": "c987eac4f579d9e989d5a0cde93d688592bda990",
"rev": "19674a713837dcfbef704a16815a4bbc462cd57a",
"type": "github"
},
"original": {
@@ -980,14 +976,15 @@
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
],
"nvfetcher": "nvfetcher"
},
"locked": {
"lastModified": 1691561203,
"narHash": "sha256-GmujZtR1vlTkBMahLXLp3BXYYfC0vIczxkcd9XVt6/E=",
"lastModified": 1694239804,
"narHash": "sha256-C5ERSMRp8kQEqyKS2yggXSqaKZUgnNyQD+zjy6iqXm0=",
"owner": "xddxdd",
"repo": "nur-packages",
"rev": "52a85ab474601e3661f30796aa0d7fe995fc0122",
"rev": "ce48d1df62cab988a5e8eefdf97bec8bdc46392f",
"type": "github"
},
"original": {
@@ -1014,6 +1011,32 @@
"type": "github"
}
},
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-utils": [
"nur-xddxdd",
"flake-utils"
],
"nixpkgs": [
"nur-xddxdd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1693539235,
"narHash": "sha256-ACmCq1+RnVq+EB7yeN6fThUR3cCJZb6lKEfv937WG84=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "2bcf73dea96497ac9c36ed320b457caa705f9485",
"type": "github"
},
"original": {
"owner": "berberman",
"repo": "nvfetcher",
"type": "github"
}
},
"pnpm2nix-nzbr": {
"inputs": {
"flake-utils": "flake-utils_8",
@@ -1042,11 +1065,11 @@
]
},
"locked": {
"lastModified": 1691502026,
"narHash": "sha256-wGwoeLradgB38MqaUZrKQJIP5iPs4T15SxrVVtgORNo=",
"lastModified": 1693829707,
"narHash": "sha256-nBFIF+a1aqDIzmi+1Hue3zVXI4V4tK5R4aW2lyNXIXs=",
"owner": "Nix-QChem",
"repo": "NixOS-QChem",
"rev": "a03be624e055fc80d3b44619c9c179b4f96ab45a",
"rev": "ac7ffea07370d0df2c2b934ea582f0cc8acd0ae1",
"type": "github"
},
"original": {
@@ -1070,8 +1093,8 @@
"nixd": "nixd",
"nixos-cn": "nixos-cn",
"nixpak": "nixpak",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"nur-xddxdd": "nur-xddxdd",
"pnpm2nix-nzbr": "pnpm2nix-nzbr",
@@ -1086,15 +1109,15 @@
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
"nixpkgs"
]
},
"locked": {
"lastModified": 1690199016,
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
"lastModified": 1693898833,
"narHash": "sha256-OIrMAGNYNeLs6IvBynxcXub7aSW3GEUvWNsb7zx6zuU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
"rev": "faf21ac162173c2deb54e5fdeed002a9bd6e8623",
"type": "github"
},
"original": {
@@ -1135,21 +1158,6 @@
"type": "github"
}
},
"systems_10": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@@ -1240,36 +1248,6 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"touchix": {
"inputs": {
"nixpkgs": [
@@ -1291,15 +1269,12 @@
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@@ -1310,7 +1285,7 @@
},
"utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1689068808,

212
flake.nix
View File

@@ -3,13 +3,13 @@
inputs =
{
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
{
url = "github:Mic92/sops-nix";
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; };
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
};
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -21,7 +21,7 @@
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
nixd.url = "github:nix-community/nixd";
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -40,7 +40,7 @@
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
(builtins.concatStringsSep "\n" (builtins.map
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ]));
[ "pc" "vps6" "vps7" "nas" "yoga" ]));
}
// (
builtins.listToAttrs (builtins.map
@@ -49,7 +49,7 @@
name = system;
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
})
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ])
[ "pc" "vps6" "vps7" "nas" "yoga" ])
);
nixosConfigurations = builtins.listToAttrs (builtins.map
(system:
@@ -62,8 +62,8 @@
modules = localLib.mkModules
(
[
(inputs: { config.nixpkgs.overlays = [(final: prev: { localPackages =
(import ./local/pkgs { inherit (inputs) lib; pkgs = final; });})]; })
(inputs: { config.nixpkgs.overlays = [(final: prev:
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
./modules
]
++ system.value
@@ -122,14 +122,15 @@
keepOutputs = true;
};
nixpkgs = { march = "alderlake"; cudaSupport = true; };
gui.enable = true;
gui = { enable = true; preferred = true; };
kernel =
{
patches = [ "cjktty" "preempt" ];
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
impermanence.enable = true;
networking = { hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
networking =
{ hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
@@ -210,6 +211,7 @@
nginx = { enable = true; transparentProxy.enable = false; };
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
huginn.enable = true;
};
bugs =
[
@@ -273,8 +275,16 @@
{
"ng01.mirism.one" = 7411;
"beta.mirism.one" = 9114;
"nix-store.chn.moe" = 7676;
"direct.xn--qbtm095lrg0bfka60z.chn.moe" = 7676;
};
};
streamProxy =
{
enable = true;
map =
{
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe"; rewriteHttps = true; };
"anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
};
};
};
@@ -285,52 +295,7 @@
};
coturn.enable = true;
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
};
};})
];
"vps4" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver3";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "vps4";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
packages.packageSet = "server";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
vaultwarden-proxy = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
};
};})
];
@@ -389,6 +354,9 @@
synapse.enable = true;
synapse-proxy."synapse.chn.moe" = {};
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
vaultwarden.enable = true;
vaultwarden-proxy.enable = true;
# huginn.enable = true;
};
};})
];
@@ -402,40 +370,71 @@
{
mount =
{
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root1" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
};
};
};
decrypt.manual =
decrypt.auto =
{
enable = true;
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "nas";
networking =
{ hostname = "nas"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
gui.enable = true;
};
packages.packageSet = "server";
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
};
packages.packageSet = "desktop";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares =
{
home.path = "/home";
root.path = "/";
};
};
sshd = { enable = true; passwordAuthentication = true; };
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
smartd.enable = true;
};
users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
};})
];
"xmupc1" =
@@ -620,63 +619,6 @@
};
};})
];
"pe" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/A0F1-74E5" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/a7546428-1982-4931-a61f-b7eabd185097"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/0b800efa-6381-4908-bd63-7fa46322a2a9" =
{ mapper = "root"; ssd = true; };
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efiRemovable";
gui.enable = true;
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "pe";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop";
virtualization.docker.enable = true;
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
smartd.enable = true;
};
};})
];
}));
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
# nix-serve -p 5000
@@ -713,7 +655,7 @@
inputs.self.nixosConfigurations.${node};
};
})
[ "vps6" "vps4" "vps7" ]);
[ "vps6" "vps7" "nas" ]);
};
};
}

18
local/pkgs/concurrencpp/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec
{
pname = "concurrencpp";
version = "0.1.7";
src = fetchFromGitHub
{
owner = "David-Haim";
repo = "concurrencpp";
rev = "v.${version}";
sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
};
nativeBuildInputs = [ cmake ];
postInstall =
''
mv $out/include/concurrencpp-${version}/concurrencpp $out/include
rm -rf $out/include/concurrencpp-${version}
'';
}

9
local/pkgs/default.nix
View File

@@ -16,7 +16,14 @@
# intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
# ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
# };
vasp = callPackage ./vasp { openmp = llvmPackages.openmp; };
vasp = callPackage ./vasp
{
openmp = llvmPackages.openmp;
openmpi = pkgs.openmpi.override { cudaSupport = false; };
};
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
# "12to11" = callPackage ./12to11 {};
huginn = callPackage ./huginn {};
v_sim = callPackage ./v_sim {};
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
}

29
local/pkgs/huginn/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, stdenv, bundlerEnv, fetchFromGitHub }:
let
pname = "huginn";
version = "20230723";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "huginn";
rev = "a02977ad420a01b6460634af19f714db4a8f8f36";
hash = "sha256-Ty2EDCIjbvcf3PzPupcV4s7ZfAFTuYEjSfy0m+Yt3j4=";
};
gems = bundlerEnv
{
name = "${pname}-${version}-gems";
gemdir = "${src}";
gemfile = "${src}/Gemfile";
lockfile = "${src}/Gemfile.lock";
gemset = "${src}/gemset.nix";
copyGemFiles = true;
};
in stdenv.mkDerivation
{
inherit pname version src;
buildInputs = [ gems gems.wrappedRuby ];
installPhase =
''
false
'';
}

28
local/pkgs/v_sim/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
stdenv, lib, fetchFromGitLab,
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
glib, gtk3, epoxy, libyaml
}:
stdenv.mkDerivation
{
pname = "v_sim";
version = "3.8.0_p20230824";
src = fetchFromGitLab
{
owner = "l_sim";
repo = "v_sim";
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
};
buildInputs = [ glib gtk3 epoxy libyaml ];
nativeBuildInputs =
[
autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
gtk-doc gfortran libxslt.bin
];
enableParallelBuilding = true;
postPatch =
''
./autogen.sh
'';
}

12
local/pkgs/vesta/default.nix
View File

@@ -1,5 +1,5 @@
{
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook,
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook, makeWrapper,
glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
}:
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
};
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook ];
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook makeWrapper ];
buildInputs = [ glib gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst ];
unpackPhase = "tar -xf ${src}";
@@ -35,13 +35,7 @@ stdenv.mkDerivation rec
cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
mkdir -p $out/bin
tee $out/bin/vesta << EOF
#!${stdenv.shell}
export XDG_DATA_DIRS=$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
export PATH="\$PATH\''${PATH:+:}${xdg-utils}/bin"
$out/opt/VESTA-gtk3/VESTA "\$@"
EOF
chmod +x $out/bin/vesta
makeWrapper $out/opt/VESTA-gtk3/VESTA $out/bin/vesta
patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
'';

2
modules/hardware/default.nix
View File

@@ -101,7 +101,7 @@ inputs:
let
packages =
{
intel = [ intel-compute-runtime intel-media-driver intel-vaapi-driver libvdpau-va-gl ];
intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
nvidia = [ vaapiVdpau ];
};
in

185
modules/packages/default.nix
View File

@@ -48,7 +48,7 @@ inputs:
# file manager
tree exa trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz rar upx unzip inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.zip lzip p7zip
pigz rar upx unzip zip lzip p7zip
# file system management
sshfs e2fsprogs adb-sync duperemove compsize
# disk management
@@ -116,6 +116,128 @@ inputs:
];
allowUnfree = true;
};
home-manager =
{
useGlobalPkgs = true;
useUserPackages = true;
sharedModules =
[{
home.stateVersion = "22.11";
programs =
{
zsh =
{
enable = true;
initExtraBeforeCompInit =
''
# p10k instant prompt
typeset -g POWERLEVEL9K_INSTANT_PROMPT=off
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
function br
{
local cmd cmd_file code
cmd_file=$(mktemp)
if broot --outcmd "$cmd_file" "$@"; then
cmd=$(<"$cmd_file")
command rm -f "$cmd_file"
eval "$cmd"
else
code=$?
command rm -f "$cmd_file"
return "$code"
fi
}
alias todo="todo.sh"
'';
plugins =
[
{
file = "powerlevel10k.zsh-theme";
name = "powerlevel10k";
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
}
{
file = "p10k.zsh";
name = "powerlevel10k-config";
src = ./p10k-config;
}
{
name = "zsh-lsd";
src = inputs.pkgs.fetchFromGitHub
{
owner = "z-shell";
repo = "zsh-lsd";
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
};
}
];
history =
{
extended = true;
save = 100000000;
size = 100000000;
share = true;
};
};
direnv = { enable = true; nix-direnv.enable = true; };
git =
{
enable = true;
lfs.enable = true;
extraConfig =
{
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
advice.detachedHead = false;
merge.conflictstyle = "diff3";
diff.colorMoved = "default";
};
package = inputs.pkgs.gitFull;
delta =
{
enable = true;
options =
{
side-by-side = true;
navigate = true;
syntax-theme = "GitHub";
light = true;
zero-style = "syntax white";
line-numbers-zero-style = "#ffffff";
};
};
};
ssh =
{
enable = true;
controlMaster = "auto";
controlPersist = "1m";
compression = true;
};
vim =
{
enable = true;
defaultEditor = true;
packageConfigurable = inputs.config.programs.vim.package;
settings =
{
number = true;
expandtab = false;
shiftwidth = 2;
tabstop = 2;
};
extraConfig =
''
set clipboard=unnamedplus
colorscheme evening
'';
};
};
}];
};
}
# >= desktop
(
@@ -142,11 +264,11 @@ inputs:
# download
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
# office
crow-translate zotero pandoc
unstablePackages.crow-translate zotero pandoc
# development
scrcpy
# media
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
# text editor
localPackages.typora
# themes
@@ -155,7 +277,7 @@ inputs:
# news
fluent-reader rssguard
# davinci-resolve playonlinux
weston cage
weston cage openbox krita
genymotion
(
vscode-with-extensions.override
@@ -202,7 +324,7 @@ inputs:
languagePacks = [ "zh-CN" "en-US" ];
nativeMessagingHosts.firefoxpwa = true;
};
vim.package = inputs.pkgs.vim-full;
vim.package = inputs.pkgs.genericPackages.vim-full;
};
nixpkgs.config.packageOverrides = pkgs:
{
@@ -212,6 +334,48 @@ inputs:
});
};
services.pcscd.enable = true;
home-manager.sharedModules =
[{
programs =
{
chromium =
{
enable = true;
extensions =
[
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
];
};
obs-studio =
{
enable = true;
plugins = with inputs.pkgs.obs-studio-plugins;
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
};
};
home.file.".config/baloofilerc".text =
''
[Basic Settings]
Indexing-Enabled=false
'';
}];
}
)
# >= workstation
@@ -224,7 +388,7 @@ inputs:
[
# nix tools
nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
nix-prefetch-docker pnpm-lock-export
nix-prefetch-docker pnpm-lock-export bundix
# instant messager
zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack # jail
# office
@@ -238,8 +402,8 @@ inputs:
# text editor
appflowy notion-app-enhanced joplin-desktop standardnotes
# math, physics and chemistry
mathematica octave root ovito paraview localPackages.vesta qchem.quantum-espresso # vsim
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit
mathematica octave root ovito paraview localPackages.vesta qchem.quantum-espresso
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit jmol localPackages.v_sim
# news
newsflash newsboat
];
@@ -247,7 +411,10 @@ inputs:
[
phonopy tensorflow keras openai scipy scikit-learn
])];
_prebuildPackages = [ httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2 ];
_prebuildPackages =
[
httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2 gcc13Stdenv
];
};
programs =
{

0
modules/users/p10k-config/p10k.zsh → modules/packages/p10k-config/p10k.zsh
View File

39
modules/services/acme.nix Normal file
View File

@@ -0,0 +1,39 @@
inputs:
{
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
certs = mkOption
{
type = types.listOf (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
default = [];
};
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) acme;
inherit (builtins) map listToAttrs;
in mkIf acme.enable
{
security.acme =
{
acceptTerms = true;
defaults.email = "chn@chn.moe";
certs = listToAttrs (map
(cert:
{
name = if builtins.typeOf cert == "string" then cert else builtins.elemAt cert 0;
value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
extraDomainNames = if builtins.typeOf cert == "string" then [] else builtins.tail cert;
};
})
acme.certs);
};
sops.secrets."acme/cloudflare.ini" = {};
};
}

262
modules/services/default.nix
View File

@@ -13,7 +13,14 @@ inputs:
./synapse.nix
./phpfpm.nix
./xrdp.nix
# ./docker.nix
./groupshare.nix
./acme.nix
./samba.nix
./sshd.nix
./vaultwarden.nix
./frp.nix
./docker.nix
./huginn.nix
];
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
@@ -24,54 +31,7 @@ inputs:
};
kmscon.enable = mkOption { type = types.bool; default = false; };
fontconfig.enable = mkOption { type = types.bool; default = false; };
samba =
{
enable = mkOption { type = types.bool; default = false; };
wsdd = mkOption { type = types.bool; default = false; };
private = mkOption { type = types.bool; default = false; };
hostsAllowed = mkOption { type = types.str; default = "127."; };
shares = mkOption
{
type = types.attrsOf (types.submodule { options =
{
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
path = mkOption { type = types.nonEmptyStr; };
};});
default = {};
};
};
sshd.enable = mkOption { type = types.bool; default = false; };
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
acme =
{
enable = mkOption { type = types.bool; default = false; };
certs = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
frpClient =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
user = mkOption { type = types.nonEmptyStr; };
tcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
};
}));
default = {};
};
};
frpServer =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
};
nix-serve =
{
enable = mkOption { type = types.bool; default = false; };
@@ -137,7 +97,7 @@ inputs:
fonts =
{
fontDir.enable = true;
packages = with inputs.pkgs;
fonts = with inputs.pkgs;
[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
fontconfig.defaultFonts =
{
@@ -149,204 +109,7 @@ inputs:
};
}
)
(
mkIf services.samba.enable
{
# make shares visible for windows 10 clients
services =
{
samba-wsdd.enable = services.samba.wsdd;
samba =
{
enable = true;
openFirewall = !services.samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${services.samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
(share:
{
name = share.name;
value =
{
comment = if share.value.comment != null then share.value.comment else share.name;
path = share.value.path;
browseable = true;
writeable = true;
"create mask" = "664";
"force create mode" = "644";
"directory mask" = "2755";
"force directory mode" = "2755";
};
})
(attrsToList services.samba.shares));
};
};
}
)
(
mkIf services.sshd.enable
{
services.openssh =
{
enable = true;
settings =
{
X11Forwarding = true;
TrustedUserCAKeys = builtins.toString ./ca.pub;
ChallengeResponseAuthentication = false;
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
UsePAM = true;
};
};
}
)
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
(
mkIf services.acme.enable
{
security.acme =
{
acceptTerms = true;
defaults.email = "chn@chn.moe";
certs = listToAttrs (map
(name:
{
name = name; value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
};
})
services.acme.certs);
};
sops.secrets."acme/cloudflare.ini" = {};
}
)
(
mkIf (services.frpClient.enable)
{
systemd.services.frpc =
let
frpc = "${inputs.pkgs.frp}/bin/frpc";
config = inputs.config.sops.templates."frpc.ini";
in
{
description = "Frp Client Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "always";
RestartSec = "5s";
ExecStart = "${frpc} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frpc.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
(
{
common =
{
server_addr = services.frpClient.serverName;
server_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
user = services.frpClient.user;
tls_enable = true;
};
}
// (listToAttrs (map
(tcp:
{
name = tcp.name;
value =
{
type = "tcp";
local_ip = tcp.value.localIp;
local_port = tcp.value.localPort;
remote_port = tcp.value.remotePort;
use_compression = true;
};
})
(attrsToList services.frpClient.tcp))
)
);
};
secrets."frp/token" = {};
};
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
}
)
(
mkIf (services.frpServer.enable)
{
systemd.services.frps =
let
frps = "${inputs.pkgs.frp}/bin/frps";
config = inputs.config.sops.templates."frps.ini";
in
{
description = "Frp Server Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${frps} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frps.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
{
common = let cert = inputs.config.security.acme.certs.${services.frpServer.serverName}.directory; in
{
bind_port = 7000;
bind_udp_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
tls_cert_file = "${cert}/full.pem";
tls_key_file = "${cert}/key.pem";
tls_only = true;
user_conn_timeout = 30;
};
};
};
secrets."frp/token" = {};
};
nixos.services.acme = { enable = true; certs = [ services.frpServer.serverName ]; };
security.acme.certs.${services.frpServer.serverName}.group = "frp";
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
networking.firewall.allowedTCPPorts = [ 7000 ];
}
)
(
mkIf services.nix-serve.enable
{
@@ -357,7 +120,8 @@ inputs:
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
};
sops.secrets."store/signingKey" = {};
nixos.services.nginx.httpProxy.${services.nix-serve.hostname}.upstream = "http://127.0.0.1:5000";
nixos.services.nginx.httpProxy.${services.nix-serve.hostname} =
{ rewriteHttps = true; locations."/".upstream = "http://127.0.0.1:5000"; };
}
)
(mkIf services.smartd.enable { services.smartd.enable = true; })
@@ -444,8 +208,8 @@ inputs:
enable = true;
httpProxy."wallabag.chn.moe" =
{
upstream = "http://127.0.0.1:4398";
setHeaders.Host = "wallabag.chn.moe";
rewriteHttps = true;
locations."/" = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
};
};
postgresql.enable = true;

154
modules/services/docker.nix
View File

@@ -1,13 +1,13 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.attrsOf (types.submodule (inputs: { options =
{
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
image = mkOption { type = types.package; };
imageName =
mkOption { type = types.nonEmptyStr; default = with inputs.image; (imageName + ":" + imageTag); };
# imageName =
# mkOption { type = types.nonEmptyStr; default = with inputs.config.image; (imageName + ":" + imageTag); };
ports = mkOption
{
type = types.listOf (types.oneOf
@@ -29,75 +29,125 @@ inputs:
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.lib) mkIf;
inherit (builtins) listToAttrs map concatLists;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) docker;
in mkMerge
[
users = inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker));
in mkIf (docker != {})
{
nixos.virtualization.docker.enable = true;
users =
{
virtualisation.oci-containers.containers = listToAttrs (map
(container:
users = listToAttrs (map
(user:
{
name = "${container.name}";
name = user;
value =
{
image = container.value.imageName;
imageFile = container.value.image;
ports = map
(port:
(
if builtins.typeOf port == "int" then "127.0.0.1::${toString port}"
else ("${port.value.hostIp}:${toString port.value.hostPort}"
+ ":${toString port.value.containerPort}/${port.value.protocol}")
))
container.value.ports;
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles =
if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
then [ inputs.config.sops.templates."${container.name}/env".path ]
else if builtins.typeOf container.value.environmentFile == "bool" then []
else [ container.value.environmentFile ];
isSystemUser = true;
group = user;
autoSubUidGidRange = true;
home = "/run/docker-rootless/${user}";
};
})
(attrsToList docker));
systemd.services = listToAttrs (concatLists (map
(container:
[
users);
groups = listToAttrs (map (user: { name = user; value = {}; }) users);
};
systemd =
{
tmpfiles.rules = map (user: "d /run/docker-rootless/${user} 0755 ${user} ${user}") users;
services = listToAttrs
(
(map
(user:
{
name = "docker-${container.value.user}-daemon";
value =
name = "docker-${user}-daemon";
value = let originalService = inputs.config.systemd.user.services.docker; in
{
wantedBy = [ "multi-user.target" ];
inherit (inputs.systemd.user.services.docker) description path;
serviceConfig = inputs.systemd.user.services.docker.serviceConfig //
inherit (originalService) description path;
environment.XDG_RUNTIME_DIR = "/run/docker-rootless/${user}";
serviceConfig = originalService.serviceConfig //
{
User = container.value.user;
Group = container.value.user;
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
ExecStart = inputs.systemd.user.services.docker.serviceConfig.ExecStart
+ " -H unix:///var/run/docker-rootless/${container.value.user}.sock";
User = user;
Group = user;
# from https://www.reddit.com/r/NixOS/comments/158azri/changing_user_slices_cgroup_controllers
Delegate = "memory pids cpu cpuset";
ExecStart = originalService.serviceConfig.ExecStart
+ " -H unix:///var/run/docker-rootless/${user}/docker.sock";
};
unitConfig = { inherit (inputs.systemd.user.services.docker.unitConfig) StartLimitInterval; };
unitConfig = { inherit (originalService.unitConfig) StartLimitInterval; };
};
}
})
users)
++ (map
(container:
{
name = "docker-${container.name}";
value =
{
requires = [ "docker-${container.value.user}-daemon.service" ];
after = [ "docker-${container.value.user}-daemon.service" ];
environment.DOCKER_HOST = "unix:///var/run/docker-rootless/${container.value.user}.sock";
serviceConfig = { User = container.value.user; Group = container.value.user; };
wantedBy = [ "multi-user.target" ];
path = [ inputs.config.virtualisation.docker.rootless.package ];
environment =
{
XDG_RUNTIME_DIR = "/run/docker-rootless/${container.value.user}";
DOCKER_HOST = "unix:///run/docker-rootless/${container.value.user}/docker.sock";
};
serviceConfig =
{
Type = "simple";
RemainAfterExit = true;
User = container.value.user;
Group = container.value.user;
ExecStart = inputs.pkgs.writeShellScript "docker-${container.name}.start"
''
docker rm -f ${container.name} || true
echo "loading image"
docker load -i ${container.value.image}
echo "load finish"
docker image ls
${
builtins.concatStringsSep " \\\n"
(
[
"docker run --rm --name=${container.name}"
"--add-host=host.docker.internal:host-gateway"
]
++ (
if (builtins.typeOf container.value.environmentFile) == "string"
then [ "--env-file ${container.value.environmentFile}" ]
else if container.value.environmentFile
then [ "--env-file ${inputs.config.sops.templates."${container.name}.env".path}" ]
else []
)
++ (map
(port: "-p ${port}")
(map
(port:
if builtins.typeOf port == "int" then toString port
else "${port.value.hostIp}:${toString port.value.hostPort}"
+ ":${toString port.value.containerPort}/${port.value.protocol}"
)
container.value.ports))
++ [ "${container.value.image.imageName}:${container.value.image.imageTag}" ]
)
}
'';
ExecStop = inputs.pkgs.writeShellScript "docker-${container.name}.stop"
''
docker stop ${container.name}
docker system prune --volumes --force
'';
# CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
# AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
};
};
}
])
(attrsToList docker)));
}
(mkIf (docker != {})
{
systemd.tmpfiles.rules = [ "d /var/run/docker-rootless 0777" ];
nixos.virtualization.docker.enable = true;
})
];
})
(attrsToList docker))
);
};
};
}

154
modules/services/frp.nix Normal file
View File

@@ -0,0 +1,154 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
frpClient =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
user = mkOption { type = types.nonEmptyStr; };
tcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
};
}));
default = {};
};
};
frpServer =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) frpClient frpServer;
inherit (builtins) map listToAttrs;
in mkMerge
[
(
mkIf frpClient.enable
{
systemd.services.frpc =
let
frpc = "${inputs.pkgs.frp}/bin/frpc";
config = inputs.config.sops.templates."frpc.ini";
in
{
description = "Frp Client Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "always";
RestartSec = "5s";
ExecStart = "${frpc} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frpc.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
(
{
common =
{
server_addr = frpClient.serverName;
server_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
user = frpClient.user;
tls_enable = true;
};
}
// (listToAttrs (map
(tcp:
{
name = tcp.name;
value =
{
type = "tcp";
local_ip = tcp.value.localIp;
local_port = tcp.value.localPort;
remote_port = tcp.value.remotePort;
use_compression = true;
};
})
(attrsToList frpClient.tcp))
)
);
};
secrets."frp/token" = {};
};
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
}
)
(
mkIf frpServer.enable
{
systemd.services.frps =
let
frps = "${inputs.pkgs.frp}/bin/frps";
config = inputs.config.sops.templates."frps.ini";
in
{
description = "Frp Server Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${frps} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frps.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
{
common = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
{
bind_port = 7000;
bind_udp_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
tls_cert_file = "${cert}/full.pem";
tls_key_file = "${cert}/key.pem";
tls_only = true;
user_conn_timeout = 30;
};
};
};
secrets."frp/token" = {};
};
nixos.services.acme = { enable = true; certs = [ frpServer.serverName ]; };
security.acme.certs.${frpServer.serverName}.group = "frp";
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
networking.firewall.allowedTCPPorts = [ 7000 ];
}
)
];
}

37
modules/services/groupshare.nix Normal file
View File

@@ -0,0 +1,37 @@
inputs:
{
options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
# hard to read value from inputs.config.users.users.xxx.home, causing infinite recursion
mountPoints = mkOption { type = types.listOf types.str; default = []; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (builtins) listToAttrs map concatLists;
inherit (inputs.config.nixos.services) groupshare;
users = inputs.config.users.groups.groupshare.members;
in mkIf groupshare.enable
{
users.groups.groupshare = {};
systemd.tmpfiles.rules = [ "d /var/lib/groupshare" ]
++ (concatLists (map
(user:
[
"d /var/lib/groupshare/${user} 2750 ${user} groupshare"
# systemd 253 does not support 'X' bit, it should be manually set
# sudo setfacl -m 'xxx' dir
# ("a /var/lib/groupshare/${user} - - - - "
# + "d:u:${user}:rwX,u:${user}:rwX,d:g:groupshare:r-X,g:groupshare:r-X,d:o::---,o::---,d:m::r-x,m::r-x")
])
users));
fileSystems = listToAttrs (map
(mountPoint:
{
name = mountPoint;
value = { device = "/var/lib/groupshare"; options = [ "bind" ]; depends = [ "/home" "/var/lib" ]; };
})
groupshare.mountPoints);
};
}

61
modules/services/huginn.nix
View File

@@ -1,23 +1,58 @@
inputs:
{
options.nixos.services.huginn.enable = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
config = inputs.lib.mkIf inputs.config.nixos.services.huginn.enable
options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
{
nixos.services =
enable = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) huginn;
inherit (builtins) listToAttrs;
in mkIf huginn.enable
{
docker.huginn =
nixos.services =
{
image = inputs.pkgs.dockerTools.pullImage
docker.huginn =
{
imageName = "huginn/huginn";
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
sha256 = "0ls97k8ic7w5j54jlpwh8rrvj1y4pl4106j9pyap105r6p7dziiz";
finalImageName = "huginn/huginn";
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
image = inputs.pkgs.dockerTools.pullImage
{
imageName = "huginn/huginn";
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
sha256 = "sha256-P8bfzjW5gHCVv0kaEAi9xAe5c0aQXypJkYUfFtE8SVM=";
finalImageName = "huginn/huginn";
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
};
ports = [ 3000 ];
environmentFile = true;
};
ports = [ 3000 ];
environmentFile = true;
postgresql = { enable = true; instances.huginn = {}; };
};
sops =
{
templates."huginn.env" =
{
content = let placeholder = inputs.config.sops.placeholder; in
''
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
HUGINN_DATABASE_NAME=huginn
HUGINN_DATABASE_USERNAME=huginn
HUGINN_DATABASE_PASSWORD=${placeholder."postgresql/huginn"}
DOMAIN=huginn.chn.moe
RAILS_ENV=production
FORCE_SSL=true
INVITATION_CODE=${placeholder."huginn/invitation_code"}
SMTP_DOMAIN=mail.chn.moe
SMTP_USER_NAME=bot@chn.moe
SMTP_PASSWORD="${placeholder."mail/bot"}"
SMTP_SERVER=mail.chn.moe
SMTP_SSL=true
EMAIL_FROM_ADDRESS=bot@chn.moe
TIMEZONE=Beijing
'';
owner = inputs.config.users.users.huginn.name;
};
secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "huginn/invitation_code" "mail/bot" ]);
};
};
};
}

4
modules/services/meilisearch.nix
View File

@@ -37,7 +37,7 @@ inputs:
Group = inputs.config.users.users.${instance.value.user}.group;
ExecStart =
let
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
meilisearch = inputs.pkgs.unstablePackages.meilisearch.overrideAttrs (prev:
{
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
++ (
@@ -58,8 +58,6 @@ inputs:
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
IOReadBandwidthMax = "/dev/mapper/root 20M";
IOWriteBandwidthMax = "/dev/mapper/root 20M";
Nice = 19;
Slice = "-.slice";
};

18
modules/services/misskey.nix
View File

@@ -54,6 +54,8 @@ inputs:
ExecStart = "${WorkingDirectory}/bin/misskey";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
Restart = "always";
RuntimeMaxSec = "1d";
};
};
tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
@@ -63,12 +65,12 @@ inputs:
"/var/lib/misskey/work" =
{
device = "${inputs.pkgs.localPackages.misskey}";
options = [ "bind" ];
options = [ "bind" "private" "x-gvfs-hide" ];
};
"/var/lib/misskey/work/files" =
{
device = "/var/lib/misskey/files";
options = [ "bind" ];
options = [ "bind" "private" "x-gvfs-hide" ];
};
};
sops.templates."misskey/default.yml" =
@@ -138,10 +140,14 @@ inputs:
name = hostname;
value =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
rewriteHttps = true;
locations."/" =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList misskey-proxy));

152
modules/services/nginx.nix
View File

@@ -13,16 +13,40 @@ inputs:
{
type = types.attrsOf (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
rewriteHttps = mkOption { type = types.bool; default = false; };
websocket = mkOption { type = types.bool; default = false; };
http2 = mkOption { type = types.bool; default = true; };
setHeaders = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
addAuth = mkOption { type = types.bool; default = false; };
detectAuth = mkOption { type = types.bool; default = false; };
locations = mkOption
{
type = types.attrsOf (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
websocket = mkOption { type = types.bool; default = false; };
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
};});
};
};});
default = {};
};
streamProxy =
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 5575; };
map = mkOption
{
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
rewriteHttps = mkOption { type = types.bool; default = false; };
};})
]);
default = {};
};
};
};
config =
let
@@ -65,37 +89,38 @@ inputs:
value =
{
serverName = site.name;
listen =
[
{ addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; }
{ addr = "0.0.0.0"; port = 80; }
];
listen = [ { addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; } ]
++ (if site.value.rewriteHttps then [ { addr = "0.0.0.0"; port = 80; } ] else []);
useACMEHost = site.name;
locations."/" =
{
proxyPass = site.value.upstream;
proxyWebsockets = site.value.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
basicAuthFile =
if site.value.detectAuth then
inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
else null;
extraConfig = concatStringsSep "\n"
(
(map
(header: "proxy_set_header ${header.name} ${header.value};")
(attrsToList site.value.setHeaders))
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
++ (
if site.value.addAuth then
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
else [])
);
};
addSSL = true;
locations = listToAttrs (map
(location:
{
inherit (location) name;
value =
{
proxyPass = location.value.upstream;
proxyWebsockets = location.value.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
extraConfig = concatStringsSep "\n"
(
(map
(header: ''proxy_set_header ${header.name} "${header.value}";'')
(attrsToList location.value.setHeaders))
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
++ (
if site.value.addAuth then
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
else [])
);
};
})
(attrsToList site.value.locations));
forceSSL = site.value.rewriteHttps;
http2 = site.value.http2;
basicAuthFile =
if site.value.detectAuth then inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
else null;
};
})
(attrsToList nginx.httpProxy));
@@ -123,6 +148,16 @@ inputs:
in
(inputs.pkgs.nginxMainline.override (prev: { modules = prev.modules ++ [ nginx-geoip2 ]; }))
.overrideAttrs (prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
streamConfig =
''
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
{
$geoip2_data_country_code country iso_code;
}
resolver 8.8.8.8;
'';
# todo: use host dns
resolver.addresses = [ "8.8.8.8" ];
};
geoipupdate =
{
@@ -178,13 +213,9 @@ inputs:
{
services.nginx.streamConfig =
''
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
{
$geoip2_data_country_code country iso_code;
}
log_format stream '[$time_local] $remote_addr-$geoip2_data_country_code "$ssl_preread_server_name"->$backend $bytes_sent $bytes_received';
access_log syslog:server=unix:/dev/log stream;
map $ssl_preread_server_name $backend
log_format transparent_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
'"$ssl_preread_server_name"->$transparent_proxy_backend $bytes_sent $bytes_received';
map $ssl_preread_server_name $transparent_proxy_backend
{
${concatStringsSep "\n" (map
(x: '' "${x.name}" 127.0.0.1:${toString x.value};'')
@@ -202,10 +233,11 @@ inputs:
listen ${nginx.transparentProxy.externalIp}:443;
ssl_preread on;
proxy_bind $remote_addr transparent;
proxy_pass $backend;
proxy_pass $transparent_proxy_backend;
proxy_connect_timeout 1s;
proxy_socket_keepalive on;
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log transparent_proxy;
}
'';
networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -260,5 +292,47 @@ inputs:
wantedBy= [ "multi-user.target" ];
};
})
(mkIf nginx.streamProxy.enable
{
services.nginx =
{
streamConfig =
''
log_format stream_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
'"$ssl_preread_server_name"->$stream_proxy_backend $bytes_sent $bytes_received';
map $ssl_preread_server_name $stream_proxy_backend
{
${concatStringsSep "\n" (map
(x: '' "${x.name}" "${x.value.upstream or x.value}";'')
(attrsToList nginx.streamProxy.map))}
}
server
{
listen 127.0.0.1:${toString nginx.streamProxy.port};
ssl_preread on;
proxy_pass $stream_proxy_backend;
proxy_connect_timeout 10s;
proxy_socket_keepalive on;
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log stream_proxy;
}
'';
virtualHosts = listToAttrs (map
(site:
{
inherit (site) name;
value =
{
serverName = site.name;
listen = [ { addr = "0.0.0.0"; port = 80; } ];
locations."/".return = "301 https://${site.name}$request_uri";
};
})
(filter (site: site.value.rewriteHttps or false) (attrsToList nginx.streamProxy.map)));
};
nixos.services.nginx.transparentProxy.map = listToAttrs (map
(site: { name = site.name; value = nginx.streamProxy.port; })
(attrsToList nginx.streamProxy.map));
})
];
}

5
modules/services/rsshub.nix
View File

@@ -62,8 +62,9 @@ inputs:
enable = true;
httpProxy.${rsshub.hostname} =
{
upstream = "http://127.0.0.1:${toString rsshub.port}";
setHeaders.Host = rsshub.hostname;
rewriteHttps = true;
locations."/" =
{ upstream = "http://127.0.0.1:${toString rsshub.port}"; setHeaders.Host = rsshub.hostname; };
};
};
};

67
modules/services/samba.nix Normal file
View File

@@ -0,0 +1,67 @@
inputs:
{
options.nixos.services.samba = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
wsdd = mkOption { type = types.bool; default = false; };
private = mkOption { type = types.bool; default = false; };
hostsAllowed = mkOption { type = types.str; default = "127."; };
shares = mkOption
{
type = types.attrsOf (types.submodule { options =
{
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
path = mkOption { type = types.nonEmptyStr; };
};});
default = {};
};
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) samba;
inherit (builtins) map listToAttrs;
in mkIf samba.enable
{
services =
{
# make shares visible for windows 10 clients
samba-wsdd.enable = samba.wsdd;
samba =
{
enable = true;
# TCP 139 445 UDP 137 138
openFirewall = !samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
(share:
{
name = share.name;
value =
{
comment = if share.value.comment != null then share.value.comment else share.name;
path = share.value.path;
browseable = true;
writeable = true;
"create mask" = "644";
"force create mode" = "644";
"directory mask" = "2755";
"force directory mode" = "2755";
};
})
(attrsToList samba.shares));
};
};
};
}

0
modules/services/ca.pub → modules/services/ssh-ca.pub
View File

35
modules/services/sshd.nix Normal file
View File

@@ -0,0 +1,35 @@
inputs:
{
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
passwordAuthentication = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) sshd;
in mkIf sshd.enable
{
services.openssh =
{
enable = true;
settings =
{
X11Forwarding = true;
TrustedUserCAKeys = "${./ssh-ca.pub}";
ChallengeResponseAuthentication = false;
PasswordAuthentication = sshd.passwordAuthentication;
KbdInteractiveAuthentication = false;
UsePAM = true;
};
extraConfig =
''
Match User root
PasswordAuthentication no
Match User chn
PasswordAuthentication no
'';
};
};
}

12
modules/services/synapse.nix
View File

@@ -133,10 +133,14 @@ inputs:
name = hostname;
value =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
rewriteHttps = true;
locations."/" =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList synapse-proxy));

117
modules/services/vaultwarden.nix Normal file
View File

@@ -0,0 +1,117 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
vaultwarden =
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
hostname = mkOption { type = types.str; default = "vaultwarden.chn.moe"; };
};
vaultwarden-proxy =
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
};})];
default = {};
};
};
};
config =
let
inherit (inputs.config.nixos.services) vaultwarden vaultwarden-proxy;
inherit (builtins) listToAttrs;
inherit (inputs.lib) mkIf mkMerge;
in mkMerge
[
(
mkIf vaultwarden.enable
{
services.vaultwarden =
{
enable = true;
dbBackend = "postgresql";
config =
{
DATA_FOLDER = "/var/lib/vaultwarden";
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
ROCKET_PORT = vaultwarden.port;
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
SIGNUPS_VERIFY = true;
DOMAIN = "https://${vaultwarden.hostname}";
SMTP_HOST = "mail.chn.moe";
SMTP_FROM = "bot@chn.moe";
SMTP_FROM_NAME = "vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "bot@chn.moe";
};
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
};
sops =
{
templates."vaultwarden.env" =
let
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
placeholder = inputs.config.sops.placeholder;
in
{
owner = serviceConfig.User;
group = serviceConfig.Group;
content =
''
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
SMTP_PASSWORD=${placeholder."mail/bot"}
'';
};
secrets = listToAttrs (map
(secret: { name = secret; value = {}; })
[ "vaultwarden/admin_token" "mail/bot" ]);
};
systemd.services.vaultwarden =
{
enable = vaultwarden.autoStart;
after = [ "postgresql.service" ];
};
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
}
)
(
mkIf vaultwarden-proxy.enable
{
nixos.services.nginx =
{
enable = true;
httpProxy."${vaultwarden-proxy.hostname}" =
{
rewriteHttps = true;
locations = let upstream = vaultwarden-proxy.upstream; in (listToAttrs (map
(location: { name = location; value =
{
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
setHeaders = { Host = vaultwarden-proxy.hostname; Connection = ""; };
};})
[ "/" "/notifications/hub/negotiate" ]))
// { "/notifications/hub" =
{
upstream =
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
websocket = true;
setHeaders.Host = vaultwarden-proxy.hostname;
};};
};
};
}
)
];
}

6
modules/services/xray.nix
View File

@@ -269,6 +269,12 @@ inputs:
${iptables} -t mangle -N v2ray_mark -w
${iptables} -t mangle -A OUTPUT -j v2ray_mark -w
${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u v2ray) -j RETURN -w
${
if inputs.config.nixos.system.networking.nebula.enable then
let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User; in
"${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u ${user}) -j RETURN -w"
else ""
}
${iptables} -t mangle -A v2ray_mark -m set --match-set noproxy_src_net src -j RETURN -w
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1 -w
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1 -w

26
modules/services/xrdp.nix
View File

@@ -4,14 +4,16 @@ inputs:
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 3389; };
hostname = mkOption { type = types.nullOr types.str; default = null; };
hostname = mkOption
{
type = types.nullOr (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
default = null;
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos.services) xrdp;
inherit (builtins) map listToAttrs concatStringsSep toString filter attrValues;
in mkIf xrdp.enable (mkMerge
[
{
@@ -25,12 +27,18 @@ inputs:
}
(
mkIf (xrdp.hostname != null)
{
services.xrdp = let keydir = inputs.config.security.acme.certs.${xrdp.hostname}.directory; in
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
security.acme.certs.${xrdp.hostname}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
}
(
let
mainDomain = if builtins.typeOf xrdp.hostname == "string" then xrdp.hostname
else builtins.elemAt xrdp.hostname 0;
in
{
services.xrdp = let keydir = inputs.config.security.acme.certs.${mainDomain}.directory; in
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
security.acme.certs.${mainDomain}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
}
)
)
]);
}

1
modules/system/default.nix
View File

@@ -61,6 +61,7 @@ inputs:
defaultLocale = "C.UTF-8";
supportedLocales = [ "zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8" ];
};
users.mutableUsers = false;
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";

11
modules/system/fileSystems.nix
View File

@@ -79,7 +79,11 @@ inputs:
# mount.vfat
{
fileSystems = listToAttrs (map
(device: { name = device.value; value = { device = device.name; fsType = "vfat"; }; })
(device:
{
name = device.value;
value = { device = device.name; fsType = "vfat"; neededForBoot = true; };
})
(attrsToList fileSystems.mount.vfat));
}
# mount.btrfs
@@ -106,7 +110,8 @@ inputs:
# zstd:15 5m33s 7.16G
# zstd:8 54s 7.32G
# zstd:3 17s 7.52G
options = [ "compress-force=zstd" "subvol=${subvol.name}" ];
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" ];
neededForBoot = true;
};
}
)
@@ -198,7 +203,7 @@ inputs:
# mdadm
(
mkIf (fileSystems.mdadm != null)
{ boot.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
)
# swap
{ swapDevices = map (device: { device = device; }) fileSystems.swap; }

1
modules/system/gui.nix
View File

@@ -3,6 +3,7 @@ inputs:
options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
preferred = mkOption { type = types.bool; default = false; };
};
config =
let

10
modules/system/kernel.nix
View File

@@ -36,10 +36,10 @@ inputs:
owner = "xanmod";
repo = "linux";
rev = modDirVersion;
sha256 = "sha256-rvSQJb9MIOXkGEjHOPt3x+dqp1AysvQg7n5yYsg95fk=";
hash = "sha256-EugTfBbeH9VTpIg1aDNfaY57NDCA70QIdsOfzxWMSeA=";
};
version = "6.4.12";
modDirVersion = "6.4.12-xanmod1";
version = "6.4.14";
modDirVersion = "6.4.14-xanmod1";
});
kernelPatches =
let
@@ -49,8 +49,8 @@ inputs:
{
patch = inputs.pkgs.fetchurl
{
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.3.patch";
sha256 = "sha256-QnsWruzhtiZnqzTUXkPk9Hb19Iddr4VTWXyV4r+iLvE=";
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.4.patch";
sha256 = "1kvmddg18pw22valbgx2vlxiasgxvszzm5lzkz096xm51sz72rm0";
};
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };

11
modules/system/networking/nebula/default.nix
View File

@@ -3,8 +3,9 @@ inputs:
options.nixos.system.networking.nebula = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
# null: is lighthouse, non-empty string: is not lighthouse, and use this string as lighthouse address.
# null: is lighthouse; non-empty string: is not lighthouse, and use this string as lighthouse address.
lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
useRelay = mkOption { type = types.bool; default = false; };
};
config =
let
@@ -17,18 +18,19 @@ inputs:
{
enable = true;
ca = ./ca.crt;
# nebula-cert sign -name 1p9p -ip 192.168.82.4/24
cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
key = inputs.config.sops.templates."nebula/key-template".path;
firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];
}
// (
if nebula.lighthouse == null then { isLighthouse = true; }
if nebula.lighthouse == null then { isLighthouse = true; isRelay = true; }
else
{
lighthouses = [ "192.168.82.1" ];
relays = if nebula.useRelay then [ "192.168.82.1" ] else [];
staticHostMap."192.168.82.1" = [ "${nebula.lighthouse}:4242" ];
listen.port = 0;
}
);
sops =
@@ -46,7 +48,6 @@ inputs:
};
secrets."nebula/key" = {};
};
networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
// (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
};
}

6
modules/system/networking/nebula/nas.crt Normal file
View File

@@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE-----
CmEKA25hcxIKhKShhQyA/v//DyiRxoCoBjCv/sW2BjoghACiJywxa2n7Aki9/HEU
q2KpxFE+1Eshcgiy09UagFxKICju+bVGfbNKKrhV7SCNXhazgyVZYigGrzfpvHza
nafWEkDfhP5lh+/rFLPZslxaU+jy1swpr+oipToAnZ9Lw5Wlefpmxo/8mTBb4a8T
0jhdUC8x4ETwta6LbtWfo7uPinAJ
-----END NEBULA CERTIFICATE-----

25
modules/system/nixpkgs.nix
View File

@@ -22,8 +22,12 @@ inputs:
{
config.allowUnfree = true;
config.cudaSupport = nixpkgs.cudaSupport;
overlays = [(final: prev: { genericPackages =
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };})];
overlays = [(final: prev:
{
genericPackages =
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
waydroid = final.unstablePackages.waydroid;
})];
};
}
(
@@ -33,6 +37,14 @@ inputs:
{
hostPlatform = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
config = { qchem-config.optArch = nixpkgs.march; oneapiArch = nixpkgs.oneapiArch; };
overlays = [(final: prev:
{
unstablePackages = import inputs.topInputs.nixpkgs-unstable
{
localSystem = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
config.allowUnfree = true;
};
})];
};
boot.kernelPatches =
[{
@@ -56,7 +68,14 @@ inputs:
};
}];
}
{ nixpkgs.hostPlatform = "x86_64-linux"; }
{
nixpkgs =
{
hostPlatform = "x86_64-linux";
overlays = [(final: prev: { unstablePackages = import inputs.topInputs.nixpkgs-unstable
{ localSystem.system = "x86_64-linux"; config.allowUnfree = true; }; })];
};
}
)
];
}

2
modules/system/systemd.nix
View File

@@ -14,6 +14,6 @@ inputs: { config =
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
# do not clean /tmp
timers.systemd-tmpfiles-clean.enable = false;
coredump.enable = false;
coredump = { enable = true; extraConfig = "Storage=none"; };
};
};}

443
modules/users/default.nix
View File

@@ -1,276 +1,199 @@
inputs:
{
config =
let
inherit (inputs.lib) listToAttrs mkMerge;
inherit (builtins) map;
inherit (inputs.localLib) stripeTabs;
in mkMerge
[
let
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf mkOption types;
users =
{
root =
{
users =
users.users.root =
{
users =
shell = inputs.pkgs.zsh;
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
openssh.authorizedKeys.keys =
[
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
];
};
home-manager.users.root.programs.git =
{
extraConfig.core.editor = inputs.lib.mkForce "vim";
userName = "chn";
userEmail = "chn@chn.moe";
};
};
chn =
{
users.users.chn =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
(builtins.attrNames inputs.config.users.groups);
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
openssh.authorizedKeys.keys =
[
(builtins.concatStringsSep ""
[
"sk-ssh-ed25519@openssh.com "
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh+Vso8FsUNFwPXFAAAABHNzaDo= "
"chn@chn.moe"
])
];
};
home-manager.users.chn.programs =
{
git =
{
root =
userName = "chn";
userEmail = "chn@chn.moe";
};
ssh.matchBlocks = builtins.listToAttrs
(
(map
(host:
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
}))
++ (map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
shell = inputs.pkgs.zsh;
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
openssh.authorizedKeys.keys =
[
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
];
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
chn =
nas =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" ]
(builtins.attrNames inputs.config.users.groups);
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
host = "nas";
hostname = "office.chn.moe";
user = "chn";
port = 5440;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
};
};
mutableUsers = false;
};
}
# (mkMerge (map (user:
# {
# sops.secrets."password/${user}".neededForUsers = true;
# users.users.${user}.passwordFile = inputs.config.sops.secrets."password/${user}".path;
# }) [ "root" "chn" ]))
nixos.services.groupshare.mountPoints = [ "/home/chn/groupshare" ];
};
xll =
{
home-manager =
users.users.xll =
{
useGlobalPkgs = true;
useUserPackages = true;
users =
let
normal = { gui ? false }: { pkgs, ...}:
{
home.stateVersion = "22.11";
programs =
{
zsh =
{
enable = true;
initExtraBeforeCompInit =
''
# p10k instant prompt
typeset -g POWERLEVEL9K_INSTANT_PROMPT=off
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
function br
{
local cmd cmd_file code
cmd_file=$(mktemp)
if broot --outcmd "$cmd_file" "$@"; then
cmd=$(<"$cmd_file")
command rm -f "$cmd_file"
eval "$cmd"
else
code=$?
command rm -f "$cmd_file"
return "$code"
fi
}
alias todo="todo.sh"
'';
plugins =
[
{
file = "powerlevel10k.zsh-theme";
name = "powerlevel10k";
src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
}
{
file = "p10k.zsh";
name = "powerlevel10k-config";
src = ./p10k-config;
}
{
name = "zsh-lsd";
src = pkgs.fetchFromGitHub
{
owner = "z-shell";
repo = "zsh-lsd";
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
};
}
];
history =
{
extended = true;
save = 100000000;
size = 100000000;
share = true;
};
};
direnv = { enable = true; nix-direnv.enable = true; };
git =
{
enable = true;
lfs.enable = true;
userEmail = "chn@chn.moe";
userName = "chn";
extraConfig =
{
core.editor = if gui then "code --wait" else "vim";
advice.detachedHead = false;
merge.conflictstyle = "diff3";
diff.colorMoved = "default";
};
package = pkgs.gitFull;
delta =
{
enable = true;
options =
{
side-by-side = true;
navigate = true;
syntax-theme = "GitHub";
light = true;
zero-style = "syntax white";
line-numbers-zero-style = "#ffffff";
};
};
};
ssh =
{
enable = true;
controlMaster = "auto";
controlPersist = "1m";
compression = true;
matchBlocks = builtins.listToAttrs
(
(map
(host:
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
nas = "192.168.1.188";
}))
++ (map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
};
};
};
vim =
{
enable = true;
defaultEditor = true;
settings =
{
number = true;
expandtab = false;
shiftwidth = 2;
tabstop = 2;
};
extraConfig =
''
set clipboard=unnamedplus
colorscheme evening
'';
};
chromium =
{
package = inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.chromium;
enable = inputs.config.programs.chromium.enable && gui;
extensions =
[
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
];
};
obs-studio =
{
enable = true;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
};
};
};
in
{
root = normal { gui = false; };
chn = normal { gui = inputs.config.nixos.system.gui.enable; };
};
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/xll".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./xll_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
}
];
}
home-manager.users.xll = {};
sops.secrets."users/xll".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
};
zem =
{
users.users.zem =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/zem".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./zem_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.zem = {};
sops.secrets."users/zem".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
};
yjq =
{
users.users.yjq =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/yjq".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./yjq_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yjq = {};
sops.secrets."users/yjq".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
};
yxy =
{
users.users.yxy =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/yxy".path;
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yxy = {};
sops.secrets."users/yxy".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
};
};
in
{
options.nixos.users = mkOption { type = types.listOf (types.enum (attrNames users)); default = [ "root" "chn" ]; };
config = mkMerge (map (user: mkIf (builtins.elem user inputs.config.nixos.users) users.${user}) (attrNames users));
}
# environment.persistence."/impermanence".users.chn =
# {

1
modules/users/xll_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@chn-PC

1
modules/users/yjq_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@chn-PC

1
modules/users/zem_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@chn-PC

2
modules/virtualization/default.nix
View File

@@ -31,6 +31,8 @@ inputs:
{
features.buildkit = true;
dns = [ "1.1.1.1" ];
# storage-driver = "overlay2";
storage-driver = "fuse-overlayfs";
};
};
enableNvidia = builtins.elem "nvidia" inputs.config.nixos.hardware.gpus;

34
secrets/nas.yaml
View File

@@ -1,5 +1,14 @@
xray-client:
uuid: ENC[AES256_GCM,data:0q37D3FVH95eSmw1KPuQSbt6zgzdt9iyO6Mnsk/CiDtp36BR,iv:V0sZLD4VAPF6LQg+mrWxpvnKfkCwQlmwGuJ86XEe8Ik=,tag:UEQAcpkv1LmuIBF50PL0lQ==,type:str]
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
nebula:
key: ENC[AES256_GCM,data:zWLXEH628ZVDZk7U/9zEXocJatCJr7hZrCmh/pifPlxVvVud5RQxLvgRvhQ=,iv:YFn7spiIcaW/l8dQZvGhsERi81L2RKLUE/55Bht0TMQ=,tag:fVdIRCMeT6o0lrGVDjCVlA==,type:str]
acme:
cloudflare.ini: ENC[AES256_GCM,data:/LpP1qoVS+CG+5ska6vtmagHNrhcgr5e1QRzDdbdCYGnDB8Nca/GmIogzHCXsogQY/rwGTCZoXLKKEGToYiThwk=,iv:R++I0ued2wrVsmM/vYvBVMOp9M7HyZIfDOVOlg7GALE=,tag:gYchPuh8MHk3EEnGb9g4WA==,type:str]
users:
xll: ENC[AES256_GCM,data:XLSsz6fZ23PPaJS1Y5C3FAOks3wzb2f+Pv8TgyKrDBfMeoLk1M37A00OGJ2wsYxkuR0JV6Uoh+hhRpTUjOQnmLfQrBxPxxP8DA==,iv:jxEZX/flxxduM1sdrYfGHfMtFMYduMg0Lr6hY1pkAPg=,tag:CYy0y1e2S2Txz1OSh+XDHA==,type:str]
zem: ENC[AES256_GCM,data:VCVLfGO9a06XhAOBciFf1u7A5jaQikAt2wZf+dCAi1BglXpM6Hof1yAunadYOwLOBFgGlP19kX53CBBlZtaqZFL2GRDzXP0woQ==,iv:AFYtHCCkzNrllN/fjQ8GKYs2TyV3uj3BsU5n1tBQAmM=,tag:5dP7c5N4yG2NS4T+Vg0Zpg==,type:str]
yjq: ENC[AES256_GCM,data:yn6eGrySCxlRsFioaE2p1qlTHkIGC9l64+edjuDvt232xc+iFeD03EYfuulyr0GxYFwnlAwtaJnyMi5eOrSd1W6HeV3Canzdbw==,iv:qTc6vA8uQza8CB+BvffEN9GqHkiwNM4h9RkqQR14ylk=,tag:UZ2GYCJLjcWLuVXlscLviw==,type:str]
yxy: ENC[AES256_GCM,data:71vjvwr29lfPCarnblpbW3WVyJK8EMV+cR4prc4AM3r0PG4z88P6i0IrzSy8XwkVPrEasfYXxn+vDbzXyi7kIWaWXrkjcyGTxg==,iv:LfkinvbIhchvgfgixIY8Wg6esrc+TOS4YWqRTJ0qfvw=,tag:mLPw6z8DOPrHsRpUHn3/gw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -9,14 +18,23 @@ sops:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbFR2bHMrRmdXWVVHTTlJ
VVFoMXNBWUU0MGkrOWl0bEphb3JlSTlsN25nCjE1NTZwTHM1b09ZeS9GQ09pRFB0
TFRPcW5MTGI1dTk0YXFsVmI1ZmVnTlUKLS0tIEpZNW1YMi9Gc0laRkxYbEw2TGd2
MVRPMDVCeHVlOTBnWVNJZ21kcmlBTFkKKbyR6MGaKRvk23toLEdD9s7deQN2Dp9U
fYn/X4SC7Wfm4atiDbLR3Jz6FhjRAN+s//lrojRb4yqoipa2AN5tPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-23T12:21:23Z"
mac: ENC[AES256_GCM,data:sUfKYYu4aQYa2hO09aRXDdlrxY9T8ePb4sMTf8hfHHZLRaxLubWy7JkzVdxlTDpCHEZIW5J5zpbcjpvE8ZC5G/m45iCLwJIqAM5teSoG5FW/hR2uzfSuRsF/5vh1xFREsGtMLYskBobvf9mssBwRXgaKOv4zAHzlBmEhTLTBFLg=,iv:TmjRAHISDSK1+M1WtrMYF20cdCPCqu05VhHl6/ipKB4=,tag:jwMdzZoFu1IOB3sg2/kxlg==,type:str]
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-14T11:09:58Z"
mac: ENC[AES256_GCM,data:f6D4N+He7Zz0VA2FxUzTARfckidgVlDHE1hZrYW6jDf+v9ZK/c/JAj12zLNiCy9aG6rBz5K0jdWpnTsguMlTYCKUjLcD8MSW4KJErYmeVFLpfuiSBMr0+pcSVA9DpEmekaYl0GbnxrgQKrfEL0dthR6+9m5CsP/1bvEs34XcKGk=,iv:0YVxL5iVOvmFzThk7fua2Cqpty9lTX/tdKNii5gY/UA=,tag:d+NwYbpeDziniYXwQYVCdg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

9
secrets/pc.yaml
View File

@@ -12,12 +12,17 @@ nginx:
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
postgresql:
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
huginn: ENC[AES256_GCM,data:Hb3Lkg==,iv:jhYobzvZUhIF4qzD7bzH0M78HtoQiTUuxqULMkk/i1w=,tag:MKqehVphO+jKb1L6E0c6NQ==,type:str]
redis:
misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
nebula:
key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
huginn:
invitation_code: ENC[AES256_GCM,data:RVvK+w==,iv:lv/d3J2Ua1CcZiMugsbuHsSKHlXt6t7HmeTB+Szk91U=,tag:n3mgg6FabiLxvMIGeOgHIA==,type:str]
mail:
bot: ENC[AES256_GCM,data:+0C08g==,iv:V5BvmArE5+CkhK+yECLQwV4Nxpd/SiUVLj9iTF+kV0s=,tag:58dXyIZx43FOi51jSpWNkA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -42,8 +47,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:51:32Z"
mac: ENC[AES256_GCM,data:PlBRhBHJ067MzX77ZaG7XzQviTixWWEZboFM8h1ezmei+Pf2PY4oDxRfmEgAodXD2EpM0x4cao3NPzMeAYtJK0YUViZRzdSbya/60W6Xzv0nrbJHh3xvvJmLVsMXyD3KKMcafTOrBsxnCg0gRro778Z63XkN/S9tA2tZfdZLLcY=,iv:9N223T+lBjYt0WLvvERbAFE1Z30ejWwZNDjByFjlW98=,tag:iTD7+P5uFlwe/xEX80QgMg==,type:str]
lastmodified: "2023-09-16T11:06:32Z"
mac: ENC[AES256_GCM,data:hZCeW25Tp5+f0pdnysxGIYMBDHC+/nFJTBFvWDrL3s86cyjsrQRcEI8levSHAayEL7eFSD7t1syNSmwD13H74xiWwqroQfRKUfURze1mg8GLkT/sBoL8aw2cZdboE5OE8jfQxGYgovZUuBEtfgVCi6QDR+Q21uXtsDhp3MnwOI0=,iv:shA2SmoVv9LqP5fRvCUNq3Ts8gvuAcOyIARwsXhUPKw=,tag:BEOMEzyeuCAZrCRTxxz8Kg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

13
secrets/vps7.yaml
View File

@@ -1,9 +1,6 @@
acme:
cloudflare.ini: ENC[AES256_GCM,data:PJ3JhdSPCyxzdcRI4UFdESWgyAjIYGyuVaU9l0R3s8mJidtgavvSSMy0hC0G/2fauLB/Eqc3L3NppXFjlKVywVE=,iv:lZVlOf7P/Vs/+u/5YPKFXmdeYV9NP9kcVWd00w1OjB4=,tag:LfWZTvPQH4QPrNrYfZ/Z6Q==,type:str]
nginx:
#ENC[AES256_GCM,data:BwkND2sU5FkdN72C,iv:DNIdyY35BfBYtlJijfI17s7aP8zj5Y/kUAieAYSTr3w=,tag:016xmeOvZC3Grc8JLGcVaQ==,type:comment]
#ENC[AES256_GCM,data:NX8myRAMhMS7qx0T+471E9Wz//AKXt7FoY7P8cUOvJ/Xz+AKkB2VfP45gyPvds6zwwKuYtRLqvPD84afjE/mf2wAij3VEkprJKd5VMl+RQ==,iv:LYdigyW2VUlqo/3IvC7CRaiFsnxMyQIryHf2yFMJ+Yw=,tag:ttNAzJRCz/owZSe/V3eOPw==,type:comment]
#ENC[AES256_GCM,data:Ss47U7TQO6OS21/eLVnLGO/Gpz7V7I1mlQS2SC/6DQk3bySZK0Omyd3Nyctz7FX+ix1RbeRd7//JKNc8Dtj19jpicBFQpZMV,iv:j9QD7TmRvfzFLkLLlRcwrAHcklfGJ0R6Z3cpbli97vk=,tag:lhEkAmm/AV0gTLItdVcZ4A==,type:comment]
maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
@@ -13,6 +10,8 @@ postgresql:
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
huginn: ENC[AES256_GCM,data:s9Y9VGq4UYZael28LEwA0fF97HVZd7neM45zXxZUsRj75WCjif0jcl8nc2cLHhys7yfsZNxNgsDuOmLWX1l8mA==,iv:Hnx8Py6NELPkj0mVn4OQaU8+CIq3FMC/UZElY4WsB08=,tag:+5+Nyqvr2udUprIBm9dsaw==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
rsshub:
@@ -32,6 +31,10 @@ synapse:
signing-key: ENC[AES256_GCM,data:ZCayvU2lElUnuyVDL05XjO3v2P78ha9i9PEcLvpBLgNeYkh7nH9Z4kIAP6Pmbw39ufaSJuo5tZZPmA==,iv:CfxqL7dJbmG/jEcdDe+Su8uxsA4dkOq/CCOGlb3EDIk=,tag:9728QS3GLnTcerzDgtQEWw==,type:str]
nebula:
key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
vaultwarden:
admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
huginn:
invitation_code: ENC[AES256_GCM,data:8YxfbtlHhzaQpEXpFua81W/Uifd9b2Pv,iv:7BfoOxA1B0ZzRrhoKG1R1f1nT5GkNqGB/gpgl7oa2oQ=,tag:cKoWVqCuaiwEuQdYUDgbSg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -56,8 +59,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:51:12Z"
mac: ENC[AES256_GCM,data:PKxrr1uONIi4ljjS6FFLApcvjVEda4lnsh005Ukmi4NF4fj5/Tyg/4+j85S3UGjgKlHUJsda9qit/23sZjb1IMGgQyL3HakOhEGc1JgbvlibcGm8ZE5LCznu9sp7BQ6hDnYmV1rAyWBDmO6zjNwdjT6NikZUY5o+KiXptLWaUYo=,iv:Gw07qLy4QijtdJa3e15YsbP9UhCS+hpJuApvkvIDc7c=,tag:zit2ySLqpJ7si+YrGINFmg==,type:str]
lastmodified: "2023-09-16T10:57:23Z"
mac: ENC[AES256_GCM,data:FXdxVeb2r36ONCfNBUcOOjjcnAx+uIlf1bIDpYdOZHKdVOEx1PMUMgBngnMgzuiMXIILOeH9tFE6gerkaaKnSao1RUE65UScLnqwzpRFlgwqI+gFS+Ng8gWUaZO3qVCr2lQCegYBtevqhAy8+Dmew4EkYEiD0MTIomZgnlPu5+I=,iv:wKqLmD4Vjr5mtA59e3O2dMYMK0LANBODVHAN2R8CEsY=,tag:dFUhQe09u0AAz15CWtiXkQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3