chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: chn:test-nebula
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire
...
pull from: chn:nas-beesd
Branches Tags
chn:production chn:next chn:legacy-2505 chn:archive chn:edge chn:a30 chn:hpcstat chn:rocm chn:nas-alderlake chn:one-fprint chn:rog-x chn:sbatch-add-fdtd chn:r2s chn:steamdeck chn:biu chn:sbatch-tui chn:sops chn:srv1 chn:srv1-archive chn:srv1-add-zgq chn:switch-srv2 chn:xray-debug chn:srv2-debug chn:srv2-notice chn:temp chn:staging chn:debug chn:wannier-tools chn:next-pc chn:fix-libvirt chn:add-pen chn:libvirt-cow chn:test-nfs chn:wg-stage chn:hdf5-slurm chn:vasp-debug chn:container chn:debug-nfs chn:test-impermanence chn:xmuserver chn:pc chn:test-motd chn:nvhpc chn:root chn:srv-archive chn:xmuserver-archive chn:python chn:test-bindmount chn:test-keyd chn:srv chn:vasp chn:ufo chn:ip-debug chn:nex chn:blog chn:fcitx5 chn:winjob chn:winjob-old-design chn:ollama chn:server chn:vps6 chn:chn-bsub chn:test-nvidia chn:bug chn:next-debug chn:krfb chn:xray chn:split-desktop-server chn:pi chn:envfs chn:main chn:dae chn:xmupc2 chn:xrdp chn:ipfs chn:xmupc1 chn:mumax chn:slurm chn:blas chn:firefox chn:color chn:gpu chn:nvidia chn:xanmod chn:rsshub chn:ttyd chn:fix-efishell chn:device chn:misskey chn:power chn:native chn:meilisearch-migration chn:nixos-23.05 chn:nginx chn:ua chn:vps7-freshrss chn:nvme-bug chn:yoga chn:kernel-lts chn:nas-beesd chn:vps7-beesd chn:vps6-beesd chn:phonopy chn:tested chn:docker chn:test-nebula chn:test-nebula-nas chn:stable chn:benchmark chn:ccache-bug-report
chn:try-to-fix-rtkit-pipewire

180 Commits
test-nebul ... nas-beesd

Author SHA1 Message Date
chn
27515d37fe nas: enable beesd 2023-10-05 19:16:12 +08:00
chn
66bcb54311 prepare beesd for nas 2023-10-02 16:21:18 +08:00
chn
a0ef3198c2 fix remote-decrypt 2023-10-02 14:20:21 +08:00
chn
68b94f7216 nas: add networking driver into initrd 2023-10-02 14:10:23 +08:00
chn
b533b80f31 nas: enable sshd in initrd 2023-10-02 13:55:40 +08:00
chn
a7315cd8b5 fix initrd.nas.chn.moe 2023-10-02 13:52:32 +08:00
chn
0a6a8fdd7b fix remote-decrypt 2023-10-02 13:49:26 +08:00
chn
d6d0a0e230 nas: enable remote decryption 2023-10-02 13:36:27 +08:00
chn
8d583b626f nas.snapper: disable 2023-10-02 11:41:04 +08:00
chn
14ef69b54a pc.services.snapper: enable 
pc.services.beesd: adjust
 2023-10-02 09:54:58 +08:00
chn
b69d4648b5 Revert "services.beesd: use 4 threads" 
This reverts commit 70e6430750.
 2023-10-02 00:28:47 +08:00
chn
2efb0afcfe system.kernel: update to 6.4.15 2023-10-01 23:41:31 +08:00
chn
70e6430750 services.beesd: use 4 threads 2023-10-01 23:35:50 +08:00
chn
3dc8a2d73a bugs: add nvme 2023-10-01 23:12:34 +08:00
chn
795d55baee services.beesd: use 8 threads 2023-10-01 22:46:56 +08:00
chn
705d279a94 system.fileSystems.rollingRootfs: fix 2023-10-01 22:46:11 +08:00
chn
d88610f3b7 services.beesd: more threads 2023-10-01 19:54:14 +08:00
chn
e832412f3b system.fileSystems.rollingRootFs: make old rootfs readonly 2023-10-01 19:15:32 +08:00
chn
78b27d3ae5 system.impermanence: kvm image save to nodatacow 2023-10-01 18:29:27 +08:00
chn
a694ada2ee Revert "pc.services.beesd: disable" 
This reverts commit bacfb9ccf2.
 2023-10-01 18:01:40 +08:00
chn
bacfb9ccf2 pc.services.beesd: disable 
pc.services.snapper: enable
 2023-10-01 17:49:09 +08:00
chn
fbe4c21e9a Revert "services.beesd: adjust thread count" 
This reverts commit 4340106787.
 2023-10-01 17:45:38 +08:00
chn
4340106787 services.beesd: adjust thread count 2023-10-01 17:33:21 +08:00
chn
f42e1df555 services.snapper: remove patch 2023-10-01 17:08:11 +08:00
chn
63664f4fc7 pc.services.beesd: larger hash table size 
pc.snapper: disable
 2023-10-01 17:04:04 +08:00
chn
33b96bd46f pc: enable beesd 2023-10-01 16:25:25 +08:00
chn
106112d16f local.pkgs.misskey: fix 2023-10-01 16:11:46 +08:00
chn
38b6378160 services.beesd: disable 2023-10-01 09:22:08 +08:00
chn
33f7702330 packages: fix octave gui 2023-09-30 15:50:11 +08:00
chn
556ac1994d local.pkgs.misskey: 2023.9.1 -> 2023.9.3 2023-09-30 10:59:38 +08:00
chn
99aa6ecbf7 Revert "local.pkgs.misskey: use symlink for pnpm store" 
This reverts commit fde802ebfc.
 2023-09-30 10:54:41 +08:00
chn
fde802ebfc local.pkgs.misskey: use symlink for pnpm store 2023-09-30 10:51:37 +08:00
chn
1118e86d62 services.beesd: do not deduplicate snapshots 2023-09-30 10:45:57 +08:00
chn
ca59f06646 services.beesd: disable for boot 2023-09-29 18:33:35 +08:00
chn
9eec3611d4 services.beesd: set hashTableSizeMB 2023-09-29 10:52:14 +08:00
chn
3f54c4256c services.beesd: use only one thread 2023-09-29 09:38:44 +08:00
chn
91d7ab5b8f services.beesd: lower io priority 2023-09-29 01:02:39 +08:00
chn
dcf7f8ace0 system.nix: disable auto-optimise-store 2023-09-29 00:33:31 +08:00
chn
b7d524671a enable beesd for all machines 2023-09-29 00:32:48 +08:00
chn
f9a5581410 add beesd 2023-09-28 23:44:04 +08:00
chn
8c70c96d8e add nameof 2023-09-28 11:17:50 +08:00
chn
1957d68247 add eigen 2023-09-28 10:06:06 +08:00
chn
ceb91a8ed8 add btrfs-assistant 2023-09-28 00:41:49 +08:00
chn
093b27a225 system.networking.nebula: try to fix nebula at boot 2023-09-26 17:49:36 +08:00
chn
79cad7f58a users.yxy: add yxy_id_rsa.pub 2023-09-26 17:47:49 +08:00
chn
84ad6e3ae4 packages: prebuild unstablePackages.gcc13Stdenv 2023-09-26 13:52:38 +08:00
chn
6318b938c2 concurrencpp: fix cmake 2023-09-26 12:40:32 +08:00
chn
e21c7a916a add zpp-bits 2023-09-25 21:26:20 +08:00
chn
bdd8e82b4c services.misskey: fix version and add passthru 2023-09-25 16:33:18 +08:00
chn
e967a2511f services: misskey: update 2023-09-25 16:31:22 +08:00
chn
b509fd7a51 ssh: fix hpc ls color 2023-09-25 15:46:18 +08:00
chn
0259ee11ec services: misskey: fix build 2023-09-24 23:23:35 +08:00
chn
473c4f4d17 services: misskey: update 2023-09-24 21:42:40 +08:00
chn
469b765f99 meilisearch: add io limit 2023-09-24 20:47:46 +08:00
chn
ad7be5bc2b matplotplusplus: fix build 2023-09-23 18:44:19 +08:00
chn
fefd22a7eb matplotplusplus: fix build 2023-09-23 18:20:59 +08:00
chn
e4076219e1 add matplotplusplus 2023-09-23 17:33:17 +08:00
chn
8dc5b34cc1 packages: fix p10k instant prompt 2023-09-22 16:48:26 +08:00
chn
4f39c1a1f3 virtualisation: kvmHost: parallel shutdown 2023-09-21 15:46:58 +08:00
chn
cf6e8dff66 packages: update rsshub 2023-09-21 15:33:44 +08:00
chn
cb9665bbb6 Merge branch 'next' 2023-09-21 15:31:19 +08:00
chn
a419838515 ready to merge into main 2023-09-21 15:28:19 +08:00
chn
164c5737d2 packages: zsh: p10k instant prompt set to quiet 2023-09-21 14:06:05 +08:00
chn
91ba3d8ec2 openexr: fix build 2023-09-21 14:03:06 +08:00
chn
9fd8c2d7c6 system: impermanence: clear /home/chn/.cache 2023-09-21 00:10:52 +08:00
chn
11efee5bb3 packages: phonopy: update 2023-09-20 21:36:57 +08:00
chn
677e8111bf flake: default package do not build yoga 2023-09-20 16:52:45 +08:00
chn
d48beec819 system: networking: nebula: always restart 2023-09-20 16:51:46 +08:00
chn
6bf6eabaa3 meilisearch: allow to use 16G memory 2023-09-20 09:18:45 +08:00
chn
273fcbb7c5 packages: enable p10k instant prompt 2023-09-19 21:36:30 +08:00
chn
22aadba0da packages: add eigengdb 2023-09-19 19:47:42 +08:00
chn
5555396f5d vscode: add native debugger 2023-09-19 19:05:40 +08:00
chn
d935330515 lock: downgrade nix-vscode-extensions 2023-09-19 18:51:36 +08:00
chn
a215b50761 vscode: use stable version 2023-09-19 18:44:03 +08:00
chn
52fd57469e packages: update vscode 2023-09-19 18:36:49 +08:00
chn
b003a1be43 packages: add gdb 2023-09-19 16:52:49 +08:00
chn
4bd0b01d9b nixpkgs: currently do not use ccache 2023-09-19 14:29:33 +08:00
chn
c3901eeeb8 packages: add hdfview 2023-09-19 13:15:58 +08:00
chn
77c4a604e9 nixpkgs: enable ccache 2023-09-19 12:33:08 +08:00
chn
7c361dab09 chromium: enable ccache 2023-09-19 12:31:05 +08:00
chn
b9efd5eb70 update everything 2023-09-19 00:41:46 +08:00
chn
1a2d11cef8 nix-store: fix 2023-09-18 23:45:11 +08:00
chn
bfec0e24a0 nginx: externalIp allow multiple ips 2023-09-18 23:33:40 +08:00
chn
de9945635b pc: enable nginx transparent proxy 2023-09-18 23:29:41 +08:00
chn
915fcc348d vps7: enable fontconfig 2023-09-18 21:30:02 +08:00
chn
91475e40d3 security: disable u2f auth for backup key 2023-09-18 20:59:50 +08:00
chn
565b7dd6bc sshd: use key without fido2 pin 2023-09-18 20:46:49 +08:00
chn
5a2b46898d sshd: remove ca key support 2023-09-18 20:25:17 +08:00
chn
3850b9bc05 删除 docker huginn linger 
太难搞了,一年之内不再搞
 2023-09-18 20:02:33 +08:00
chn
fb8c3cf89d add docker 2023-09-18 19:21:04 +08:00
chn
df5be06957 users: enable linger 2023-09-18 19:08:04 +08:00
chn
894607b933 users: root: enable autoSubUidGidRange 2023-09-18 14:03:17 +08:00
chn
aec4d38497 清理,放弃使用 rootless docker 2023-09-18 14:02:05 +08:00
chn
2312a8398c temp 2023-09-18 06:47:49 +08:00
chn
2e4a542c06 system: set home-manager state version 2023-09-18 05:45:56 +08:00
chn
69c7177b73 users: minor fix 2023-09-18 05:40:04 +08:00
chn
981643af44 users: add linger option 2023-09-18 05:35:56 +08:00
chn
5f88cd5cf5 users: manually import sharedModules 2023-09-18 05:28:02 +08:00
chn
a519053c2a 整理 users 2023-09-18 05:16:38 +08:00
chn
34c0ee6ced add wine-staging 2023-09-17 18:50:42 +08:00
chn
bdc7945e71 Revert "暂存" 
This reverts commit beffb2bb95.
 2023-09-17 12:48:11 +08:00
chn
beffb2bb95 暂存 2023-09-17 12:48:06 +08:00
chn
77ecc9787c nginx: remove unnecessary acme path 2023-09-16 17:50:45 +08:00
chn
f087027c6b misskey: fix mount options 2023-09-16 16:26:23 +08:00
chn
aad3849ee1 整理 frp 2023-09-16 16:01:23 +08:00
chn
f48a494e4f nginx: httpProxy add rewriteHttps option 
nginx: httpProxy add locations support
vaultwarden: init
 2023-09-16 15:34:27 +08:00
chn
4463cab071 nginx: fix streamProxy rewriteHttps 2023-09-16 00:22:17 +08:00
chn
286967f7fe meilisearch: remove some IO limits 2023-09-15 22:53:20 +08:00
chn
fc6fa4b1db drop unused machines 2023-09-15 21:52:21 +08:00
chn
a21d4258f2 nginx: fix resolver 2023-09-15 21:21:33 +08:00
chn
4387adde3f nginx: add streamProxy 
vps6: enable nginx streamProxy
 2023-09-15 20:59:18 +08:00
chn
bb456479b0 disable avx2 for cryptonie 2023-09-15 13:48:48 +08:00
chn
9efc93db49 nas: add user zem, yjq, yxy 2023-09-14 19:11:33 +08:00
chn
2130ded160 nas: enable user xll 2023-09-14 18:50:03 +08:00
chn
d51a8177d6 sshd: allow password authentication 2023-09-14 18:38:10 +08:00
chn
0eb722dab1 整理samba 2023-09-13 23:52:49 +08:00
chn
25995e7dd8 fix permission 2023-09-13 23:32:10 +08:00
chn
da1a328165 users: fix home-manager for xll 2023-09-13 22:27:40 +08:00
chn
040352d30a groupshare: fix permissions 2023-09-13 22:21:16 +08:00
chn
544b071081 fix 2023-09-13 21:21:13 +08:00
chn
f5ff5c3a9e xrdp: allow multiple hostnames 2023-09-13 21:19:08 +08:00
chn
9847e21bff acme: allow multiple domains 2023-09-13 21:13:13 +08:00
chn
4ad8abda21 nas: enable some services 2023-09-13 19:26:56 +08:00
chn
0e7385c408 nas: enable xrayClient 2023-09-13 19:12:32 +08:00
chn
ef7fe907a6 chn: nas use office.chn.moe 2023-09-13 19:05:16 +08:00
chn
48b1480206 programs: fix gpg 2023-09-13 13:51:30 +08:00
chn
eccdd913ed fileSystems: disable acl for vfat 2023-09-13 13:27:35 +08:00
chn
4eaa4f8df2 pc: enable nebula relay 
nas: enable nebula relay
 2023-09-13 10:25:42 +08:00
chn
1e631be14d nebula: fix firewall rules, allow relay 2023-09-13 10:23:00 +08:00
chn
01213d9eff nebula: use relay 2023-09-13 02:12:52 +08:00
chn
b8dcfa0fd6 groupshare: fix 2023-09-13 02:12:41 +08:00
chn
53be0e13c4 add groupshare (currently not working) 2023-09-12 23:08:35 +08:00
chn
716a4cbfcf fileSystems: set all file systems to neededForBoot 2023-09-12 21:37:47 +08:00
chn
d2c547ca46 nas: install system to ssd 2023-09-12 21:34:48 +08:00
chn
3f917a0cd1 nas: enable xrdp 2023-09-12 20:56:58 +08:00
chn
a1e0e17543 disable baloo for all user 2023-09-12 20:52:41 +08:00
chn
128ce69ce3 nas: enable nebula 2023-09-12 16:38:14 +08:00
chn
58e862661f 整理 users 2023-09-12 16:31:20 +08:00
chn
84effe92c6 nebula: bypass xray client transparent proxy 2023-09-12 12:27:22 +08:00
chn
f5ae7b00f9 add vlc 2023-09-11 20:33:49 +08:00
chn
e7fd01b42f update openexr 2023-09-11 10:23:36 +08:00
chn
6215e59f74 workstation: add gcc13Stdenv to prebuildPackages 2023-09-10 22:58:24 +08:00
chn
228a538819 fix concurrencpp include path 2023-09-10 21:53:18 +08:00
chn
a08c325d86 add concurrencpp 2023-09-10 21:23:22 +08:00
chn
007438ba1f pe: add deploy 2023-09-10 18:09:48 +08:00
chn
9b03c80b9a nas: enable gui 2023-09-10 17:03:26 +08:00
chn
eef8b0f312 set gcc flags for unstablePackages 2023-09-10 16:40:19 +08:00
chn
dfcd4582ba nas: enable deploy 2023-09-10 15:32:32 +08:00
chn
0fc95d4abf ssh: fix authorized_keys 2023-09-10 15:31:39 +08:00
chn
32712534e4 set nas ip 2023-09-10 15:26:34 +08:00
chn
e7df638e35 nas: final setup 2023-09-10 15:07:19 +08:00
chn
eba953b7ad waydroid use unstablePackages 2023-09-10 14:35:08 +08:00
chn
b286d9c8dc update nixpkgs 2023-09-10 12:05:08 +08:00
chn
14d61eb3a7 pe: enable kvmGuest 2023-09-10 11:20:33 +08:00
chn
77b8330ed5 Revert "nixpkgs: use generic haskellPackages" 
This reverts commit fd13864f48.
 2023-09-10 01:51:40 +08:00
chn
fd13864f48 nixpkgs: use generic haskellPackages 2023-09-10 00:31:00 +08:00
chn
b4792327e6 Revert "nixpkgs: use generic pandoc" 
This reverts commit 558a61a0f1.
 2023-09-10 00:26:51 +08:00
chn
558a61a0f1 nixpkgs: use generic pandoc 2023-09-10 00:23:53 +08:00
chn
87db616f7e add krita 2023-09-09 21:38:53 +08:00
chn
96271f7ac6 fileSystems: fix mdadm 2023-09-09 21:22:56 +08:00
chn
bc9c2a45d4 pc 基本上编译通过 2023-09-09 14:15:57 +08:00
chn
40dec0e342 Merge branch 'main' into stable 2023-09-09 11:11:53 +08:00
chn
812d646adc systemd: fix coredump 2023-09-09 00:40:39 +08:00
chn
6f166dcb80 update nur 2023-09-08 10:28:18 +08:00
chn
3ea27ee691 Revert "misskey: fix systemd shutdown" 
This reverts commit 6d2c08e434.
 2023-09-08 08:40:52 +08:00
chn
2615ed6437 暂存 2023-09-08 05:49:52 +08:00
chn
7c674ebbf9 update everything 2023-09-07 11:43:05 +08:00
chn
6d2c08e434 misskey: fix systemd shutdown 2023-09-07 04:17:24 +08:00
chn
6d1266b2b4 restart misskey everyday 2023-09-07 03:58:02 +08:00
chn
b402bff18b add v_sim 2023-09-06 20:04:23 +08:00
chn
eceb956c5e add huginn 2023-09-06 17:58:46 +08:00
chn
6aca2d605d update cjktty 2023-09-06 16:50:31 +08:00
chn
42879f22cb add bundix 2023-09-06 16:44:55 +08:00
chn
04bf86f89e kernel: update 2023-09-06 13:06:02 +08:00
chn
d5cd5d256e vasp: use openmpi without cuda support 2023-09-06 02:14:56 +08:00
chn
12705172fb Revert "disable nix-ld" 
This reverts commit c146f56df5.
 2023-09-06 01:43:16 +08:00
chn
865f2c3c78 vesta: fix build 2023-09-06 01:43:02 +08:00
chn
c146f56df5 disable nix-ld 2023-09-06 01:22:42 +08:00
chn
c5a9da5a4b add openbox 2023-09-06 00:19:19 +08:00
chn
63ee2ce5d9 slack: use stablePackages 2023-09-06 00:18:50 +08:00
64 changed files with 1896 additions and 1238 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@@ -5,6 +5,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &yoga age1qrea4twxdhd7fnvlq5v45528c90qy6hp2wa55kghsxzgut6n6fxs7w6u42
- &pe age1cahahn9hp265dkhduaec65vugk8fct2vt9ur6y54m4mgmyx4v4fq0etjhv
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
creation_rules:
- path_regex: secrets/pc\.yaml$
key_groups:
@@ -29,6 +30,7 @@ creation_rules:
key_groups:
- age:
- *chn
- *nas
- path_regex: secrets/xmupc1\.yaml$
key_groups:
- age:

294
flake.lock generated
View File

@@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1691174970,
"narHash": "sha256-8QpyT2OXYcXSdj8hM9uSSnApTOpzhndzNF+9a5pYuA0=",
"lastModified": 1693886279,
"narHash": "sha256-oVCA5yz6zcsFzGCCwRpVDuDml7Z0sWQqW1fEWWcC0xM=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "79ee3b5d776cb268e481d4d2ad5960b92e3e61a6",
"rev": "8fc45fabbedef44a481c3bcabd9512732c0ade91",
"type": "github"
},
"original": {
@@ -30,11 +30,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"lastModified": 1695052866,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github"
},
"original": {
@@ -165,11 +165,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@@ -226,6 +226,22 @@
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@@ -269,11 +285,11 @@
]
},
"locked": {
"lastModified": 1690933134,
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"type": "github"
},
"original": {
@@ -307,7 +323,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
@@ -346,7 +362,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1685518550,
@@ -363,15 +379,12 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@@ -382,7 +395,7 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
"systems": "systems_4"
},
"locked": {
"lastModified": 1689068808,
@@ -400,7 +413,7 @@
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
"systems": "systems_5"
},
"locked": {
"lastModified": 1681202837,
@@ -417,15 +430,12 @@
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
@@ -436,14 +446,14 @@
},
"flake-utils_7": {
"inputs": {
"systems": "systems_9"
"systems": "systems_6"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@@ -454,7 +464,7 @@
},
"flake-utils_8": {
"inputs": {
"systems": "systems_10"
"systems": "systems_7"
},
"locked": {
"lastModified": 1685518550,
@@ -490,7 +500,7 @@
"inputs": {
"flake-parts": "flake-parts_4",
"haskell-flake": "haskell-flake",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1688568579,
@@ -538,27 +548,27 @@
]
},
"locked": {
"lastModified": 1691506824,
"narHash": "sha256-Z2Ms7036CCEAfCmDBDy+sFauO6/7fx2UN3aoPCpp4tA=",
"lastModified": 1694465129,
"narHash": "sha256-8BQiuobMrCfCbGM7w6Snx+OBYdtTIm0+cGVaKwQ5BFg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7b8d43fbaf8450c30caaed5eab876897d0af891b",
"rev": "9787dffff5d315c9593d3f9fb0f9bf2097e1b57b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1690797372,
"narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=",
"lastModified": 1694622745,
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851",
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
"type": "github"
},
"original": {
@@ -630,11 +640,11 @@
]
},
"locked": {
"lastModified": 1672245824,
"narHash": "sha256-i596lbPiA/Rfx3DiJiCluxdgxWY7oGSgYMT7OmM+zik=",
"lastModified": 1693989153,
"narHash": "sha256-gx39Y3opGB25+44OjM+h1bdJyzgLD963va8ULGYlbhM=",
"owner": "nix-community",
"repo": "napalm",
"rev": "7c25a05cef52dc405f4688422ce0046ca94aadcf",
"rev": "a8215ccf1c80070f51a92771f3bc637dd9b9f7ee",
"type": "github"
},
"original": {
@@ -678,11 +688,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1690903419,
"narHash": "sha256-ciRzOsKNtAZDahTn0Y0zW7AgyrVh+b1WaW+sBDiV5PA=",
"lastModified": 1693880502,
"narHash": "sha256-krCRVLNdlCI7l7F1Bb2ovkgac8hoz015LyYvm/+aYZw=",
"owner": "thiagokokada",
"repo": "nix-alien",
"rev": "e1c6e6015e3c9a07d20c1e598dfea539b6337150",
"rev": "0fbd284930bcf1a5d1e3d07f2973e6f1738505cc",
"type": "github"
},
"original": {
@@ -698,11 +708,11 @@
]
},
"locked": {
"lastModified": 1691292840,
"narHash": "sha256-NA+o/NoOOQhzAQwB2JpeKoG+iYQ6yn/XXVxaGd5HSQI=",
"lastModified": 1694921880,
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "6c626d54d0414d34c771c0f6f9d771bc8aaaa3c4",
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2",
"type": "github"
},
"original": {
@@ -720,30 +730,33 @@
]
},
"locked": {
"lastModified": 1693444987,
"narHash": "sha256-XzFFVOCtOTmaKtnE3Y/iOC0i3ZAj2tdO5aWOa6J7IDc=",
"lastModified": 1693358717,
"narHash": "sha256-OYGe2Yay1QoodZZmvPYBFGAoTrRfyKLzFs2vON4gRek=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "f878309889d6d91867f4455d223df0f521e2a6d1",
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "50c4bce16b93e7ca8565d51fafabc05e9f0515da",
"type": "github"
}
},
"nixd": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1693052712,
"narHash": "sha256-7wrP6s4OEuR7BUasy76n7j+c09rp7wyOq7YVYviXw9s=",
"lastModified": 1694400214,
"narHash": "sha256-QHESodq9FQpjWshfxmdYePnEAPaNPsYEd3iBe/JYjqk=",
"owner": "nix-community",
"repo": "nixd",
"rev": "f88accc8a8231efdae900ff6a14cb6301a73cff9",
"rev": "69b533e8d643c5dcbda7962d4dff808d72165783",
"type": "github"
},
"original": {
@@ -782,11 +795,11 @@
]
},
"locked": {
"lastModified": 1692283173,
"narHash": "sha256-6bt+X2PpoyUAtEDWJM0XT0Z54JA2YHw62VoZRTRkz7s=",
"lastModified": 1694664321,
"narHash": "sha256-NLuFP5JW2LRJTUg0zpeYXS14KjtrgTpFdhH0T7YqEpc=",
"owner": "nixpak",
"repo": "nixpak",
"rev": "eef08f1a7e871e3017edbc54d0374292a9b6f67a",
"rev": "9dd948303ea4c7d531e0775146b1b7fd969994c9",
"type": "github"
},
"original": {
@@ -879,29 +892,29 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"nixpkgs-unstable": {
"locked": {
"lastModified": 1691421349,
"narHash": "sha256-RRJyX0CUrs4uW4gMhd/X4rcDG8PTgaaCQM5rXEJOx6g=",
"owner": "NixOS",
"lastModified": 1695562663,
"narHash": "sha256-cnPZFTKQGldgFHWC9LHt8mDtJVTmj4WJxvKHF5uw5qA=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "011567f35433879aae5024fc6ec53f2a0568a6c4",
"rev": "82e02a1546fc59bc496f859e446ddcd412f09849",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"owner": "CHN-beta",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1689352711,
"narHash": "sha256-xWYFt8vWnstDIVsZ26y9mf6h3714lVmXd6l+hTQz6tw=",
"lastModified": 1692007866,
"narHash": "sha256-X8w0vPZjZxMm68VCwh/BHDoKRGp+BgzQ6w7Nkif6IVM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2047c642ce0f75307e8a0f2ec94715218c481184",
"rev": "de2b8ddf94d6cc6161b7659649594c79bd66c13b",
"type": "github"
},
"original": {
@@ -912,22 +925,6 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1686398752,
"narHash": "sha256-nGWNQVhSw4VSL+S0D0cbrNR9vs9Bq7rlYR+1K5f5j6w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a30520bf8eabf8a5c37889d661e67a2dbcaa59e6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1688322751,
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
@@ -943,29 +940,29 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1693843185,
"narHash": "sha256-/huFNnA50JSUyEg68v9uiC4xl8shVsS5LgtNRlzZvHo=",
"lastModified": 1695281058,
"narHash": "sha256-YQs/xiqOW081DCqkeVc+Eonapo0fBCUGwy/5SD1rKTI=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "e7e8dca748d5fa1a29b5bb231bf8aa727c29b89c",
"rev": "53bdd8bdc15e678f30e450f5be8ef3cee572b11a",
"type": "github"
},
"original": {
"owner": "CHN-beta",
"ref": "nixos-unstable",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1691559855,
"narHash": "sha256-UkXcNHsasO0sr8W8X8wGeM1bBuLC5tHEueryGSLaE+E=",
"lastModified": 1695048039,
"narHash": "sha256-zbJJylG0nrr6bP4+UXK10m2h9Kae5OUeYntU6rli02o=",
"owner": "nix-community",
"repo": "NUR",
"rev": "c987eac4f579d9e989d5a0cde93d688592bda990",
"rev": "e57ad2a4d59c577780da709180c36304a1d8106c",
"type": "github"
},
"original": {
@@ -980,14 +977,15 @@
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
],
"nvfetcher": "nvfetcher"
},
"locked": {
"lastModified": 1691561203,
"narHash": "sha256-GmujZtR1vlTkBMahLXLp3BXYYfC0vIczxkcd9XVt6/E=",
"lastModified": 1695017238,
"narHash": "sha256-JoGZyYAnWZnq8NPu+ptmydA9s/96kb518fY5Q56FcHE=",
"owner": "xddxdd",
"repo": "nur-packages",
"rev": "52a85ab474601e3661f30796aa0d7fe995fc0122",
"rev": "6e5f2de9db2dede7f1bf350b97adff4901209352",
"type": "github"
},
"original": {
@@ -1014,6 +1012,32 @@
"type": "github"
}
},
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-utils": [
"nur-xddxdd",
"flake-utils"
],
"nixpkgs": [
"nur-xddxdd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1693539235,
"narHash": "sha256-ACmCq1+RnVq+EB7yeN6fThUR3cCJZb6lKEfv937WG84=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "2bcf73dea96497ac9c36ed320b457caa705f9485",
"type": "github"
},
"original": {
"owner": "berberman",
"repo": "nvfetcher",
"type": "github"
}
},
"pnpm2nix-nzbr": {
"inputs": {
"flake-utils": "flake-utils_8",
@@ -1042,11 +1066,11 @@
]
},
"locked": {
"lastModified": 1691502026,
"narHash": "sha256-wGwoeLradgB38MqaUZrKQJIP5iPs4T15SxrVVtgORNo=",
"lastModified": 1693829707,
"narHash": "sha256-nBFIF+a1aqDIzmi+1Hue3zVXI4V4tK5R4aW2lyNXIXs=",
"owner": "Nix-QChem",
"repo": "NixOS-QChem",
"rev": "a03be624e055fc80d3b44619c9c179b4f96ab45a",
"rev": "ac7ffea07370d0df2c2b934ea582f0cc8acd0ae1",
"type": "github"
},
"original": {
@@ -1070,8 +1094,8 @@
"nixd": "nixd",
"nixos-cn": "nixos-cn",
"nixpak": "nixpak",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"nur-xddxdd": "nur-xddxdd",
"pnpm2nix-nzbr": "pnpm2nix-nzbr",
@@ -1086,15 +1110,15 @@
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
"nixpkgs"
]
},
"locked": {
"lastModified": 1690199016,
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
"lastModified": 1694495315,
"narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
"rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
"type": "github"
},
"original": {
@@ -1135,21 +1159,6 @@
"type": "github"
}
},
"systems_10": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@@ -1240,36 +1249,6 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"touchix": {
"inputs": {
"nixpkgs": [
@@ -1291,15 +1270,12 @@
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@@ -1310,7 +1286,7 @@
},
"utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1689068808,

239
flake.nix
View File

@@ -3,13 +3,13 @@
inputs =
{
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpkgs.url = "github:CHN-beta/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:CHN-beta/nixpkgs/nixos-unstable";
home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; };
sops-nix =
{
url = "github:Mic92/sops-nix";
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; };
inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs"; };
};
touchix = { url = "github:CHN-beta/touchix"; inputs.nixpkgs.follows = "nixpkgs"; };
aagl = { url = "github:ezKEa/aagl-gtk-on-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -17,11 +17,15 @@
nur.url = "github:nix-community/NUR";
nixos-cn = { url = "github:nixos-cn/flakes"; inputs.nixpkgs.follows = "nixpkgs"; };
nur-xddxdd = { url = "github:xddxdd/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; };
nix-vscode-extensions =
{
url = "github:nix-community/nix-vscode-extensions?rev=50c4bce16b93e7ca8565d51fafabc05e9f0515da";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-alien = { url = "github:thiagokokada/nix-alien"; inputs.nix-index-database.follows = "nix-index-database"; };
impermanence.url = "github:nix-community/impermanence";
qchem = { url = "github:Nix-QChem/NixOS-QChem"; inputs.nixpkgs.follows = "nixpkgs"; };
nixd.url = "github:nix-community/nixd";
nixd = { url = "github:nix-community/nixd"; inputs.nixpkgs.follows = "nixpkgs"; };
napalm = { url = "github:nix-community/napalm"; inputs.nixpkgs.follows = "nixpkgs"; };
nixpak = { url = "github:nixpak/nixpak"; inputs.nixpkgs.follows = "nixpkgs"; };
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
@@ -40,7 +44,7 @@
default = inputs.nixpkgs.legacyPackages.x86_64-linux.writeText "systems"
(builtins.concatStringsSep "\n" (builtins.map
(system: builtins.toString inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel)
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ]));
[ "pc" "vps6" "vps7" "nas" ]));
}
// (
builtins.listToAttrs (builtins.map
@@ -49,7 +53,7 @@
name = system;
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
})
[ "pc" "vps6" "vps4" "vps7" "nas" "xmupc1" "yoga" "pe" ])
[ "pc" "vps6" "vps7" "nas" "yoga" ])
);
nixosConfigurations = builtins.listToAttrs (builtins.map
(system:
@@ -62,8 +66,8 @@
modules = localLib.mkModules
(
[
(inputs: { config.nixpkgs.overlays = [(final: prev: { localPackages =
(import ./local/pkgs { inherit (inputs) lib; pkgs = final; });})]; })
(inputs: { config.nixpkgs.overlays = [(final: prev:
{ localPackages = (import ./local/pkgs { inherit (inputs) lib; pkgs = final; }); })]; })
./modules
]
++ system.value
@@ -122,14 +126,15 @@
keepOutputs = true;
};
nixpkgs = { march = "alderlake"; cudaSupport = true; };
gui.enable = true;
gui = { enable = true; preferred = true; };
kernel =
{
patches = [ "cjktty" "preempt" ];
modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
};
impermanence.enable = true;
networking = { hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; }; };
networking =
{ hostname = "pc"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
@@ -193,6 +198,7 @@
"debug.mirism.one" = "127.0.0.1";
"initrd.vps6.chn.moe" = "74.211.99.69";
"nix-store.chn.moe" = "127.0.0.1";
"initrd.nas.chn.moe" = "192.168.1.185";
};
};
};
@@ -207,14 +213,15 @@
};
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
nginx = { enable = true; transparentProxy.enable = false; };
nginx = { enable = true; transparentProxy.externalIp = [ "192.168.82.3" ]; };
misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
};
bugs =
[
"intel-hdmi" "suspend-hibernate-no-platform" "hibernate-iwlwifi" "suspend-lid-no-wakeup" "xmunet"
"suspend-hibernate-waydroid" "embree"
"suspend-hibernate-waydroid" "embree" "nvme"
];
};})
];
@@ -268,13 +275,21 @@
enable = true;
transparentProxy =
{
externalIp = "74.211.99.69";
externalIp = [ "74.211.99.69" "192.168.82.1" ];
map =
{
"ng01.mirism.one" = 7411;
"beta.mirism.one" = 9114;
"nix-store.chn.moe" = 7676;
"direct.xn--qbtm095lrg0bfka60z.chn.moe" = 7676;
};
};
streamProxy =
{
enable = true;
map =
{
"nix-store.chn.moe" = { upstream = "internal.pc.chn.moe:443"; rewriteHttps = true; };
"anchor.fm" = { upstream = "anchor.fm:443"; rewriteHttps = true; };
"podcasters.spotify.com" = { upstream = "podcasters.spotify.com:443"; rewriteHttps = true; };
};
};
};
@@ -285,52 +300,8 @@
};
coturn.enable = true;
synapse-proxy."synapse.chn.moe".upstream.address = "internal.vps7.chn.moe";
};
};})
];
"vps4" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
btrfs =
{
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "znver3";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
impermanence.enable = true;
networking.hostname = "vps4";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
packages.packageSet = "server";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
vaultwarden-proxy = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
beesd = { enable = false; instances.root = { device = "/"; hashTableSizeMB = 32; }; };
};
};})
];
@@ -380,15 +351,20 @@
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
sshd.enable = true;
rsshub.enable = true;
nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
nginx = { enable = true; transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ]; };
wallabag.enable = true;
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
synapse.enable = true;
synapse-proxy."synapse.chn.moe" = {};
xrdp = { enable = true; hostname = "vps7.chn.moe"; };
vaultwarden.enable = true;
vaultwarden-proxy.enable = true;
meilisearch.ioLimitDevice = "/dev/mapper/root";
beesd = { enable = false; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
};
};})
];
@@ -402,40 +378,90 @@
{
mount =
{
vfat."/dev/disk/by-uuid/13BC-F0C9" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/a6460ff0-b6aa-4c1c-a546-8ad0d495bcf8"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
"/dev/disk/by-uuid/0e184f3b-af6c-4f5d-926a-2559f2dc3063"."/boot" = "/boot";
"/dev/mapper/nix"."/nix" = "/nix";
"/dev/mapper/root1" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
};
};
};
decrypt.manual =
{
enable = true;
devices."/dev/disk/by-uuid/46e59fc7-7bb1-4534-bbe4-b948a9a8eeda" = { mapper = "root"; ssd = true; };
delayedMount = [ "/" ];
devices =
{
"/dev/disk/by-uuid/5cf1d19d-b4a5-4e67-8e10-f63f0d5bb649".mapper = "root1";
"/dev/disk/by-uuid/aa684baf-fd8a-459c-99ba-11eb7636cb0d".mapper = "root2";
"/dev/disk/by-uuid/a779198f-cce9-4c3d-a64a-9ec45f6f5495" = { mapper = "nix"; ssd = true; };
};
delayedMount = [ "/" "/nix" ];
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
rollingRootfs = { device = "/dev/mapper/root1"; path = "/nix/rootfs"; };
};
grub.installDevice = "/dev/disk/by-path/pci-0000:00:04.0";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
initrd =
{
network.enable = true;
sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
};
kernel.patches = [ "preempt" ];
grub.installDevice = "efi";
nixpkgs.march = "silvermont";
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "nas";
networking =
{ hostname = "nas"; nebula = { enable = true; lighthouse = "vps6.chn.moe"; useRelay = true; }; };
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
gui.enable = true;
};
packages.packageSet = "server";
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" ];
};
packages.packageSet = "desktop";
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
sshd.enable = true;
fontconfig.enable = true;
samba =
{
enable = true;
hostsAllowed = "192.168. 127.";
shares =
{
home.path = "/home";
root.path = "/";
};
};
sshd = { enable = true; passwordAuthentication = true; };
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
xrdp = { enable = true; hostname = [ "nas.chn.moe" "office.chn.moe" ]; };
groupshare.enable = true;
smartd.enable = true;
beesd =
{
enable = true;
instances =
{
root = { device = "/"; hashTableSizeMB = 2048; };
nix = { device = "/nix"; hashTableSizeMB = 128; };
};
};
};
users.users = [ "root" "chn" "xll" "zem" "yjq" "yxy" ];
};})
];
"xmupc1" =
@@ -620,63 +646,6 @@
};
};})
];
"pe" =
[
(inputs: { config.nixos =
{
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/A0F1-74E5" = "/boot/efi";
btrfs =
{
"/dev/disk/by-uuid/a7546428-1982-4931-a61f-b7eabd185097"."/boot" = "/boot";
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.auto."/dev/disk/by-uuid/0b800efa-6381-4908-bd63-7fa46322a2a9" =
{ mapper = "root"; ssd = true; };
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
grub.installDevice = "efiRemovable";
gui.enable = true;
nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
kernel.patches = [ "cjktty" "preempt" ];
impermanence.enable = true;
networking.hostname = "pe";
sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
};
hardware =
{
cpus = [ "intel" ];
gpus = [ "intel" "nvidia" ];
bluetooth.enable = true;
joystick.enable = true;
printer.enable = true;
sound.enable = true;
};
packages.packageSet = "desktop";
virtualization.docker.enable = true;
services =
{
snapper = { enable = true; configs.persistent = "/nix/persistent"; };
fontconfig.enable = true;
sshd.enable = true;
xrayClient =
{
enable = true;
serverAddress = "74.211.99.69";
serverName = "vps6.xserver.chn.moe";
dns.extraInterfaces = [ "docker0" ];
};
firewall.trustedInterfaces = [ "virbr0" ];
smartd.enable = true;
};
};})
];
}));
# sudo HTTPS_PROXY=socks5://127.0.0.1:10884 nixos-install --flake .#bootstrap --option substituters http://127.0.0.1:5000 --option require-sigs false --option system-features gccarch-silvermont
# nix-serve -p 5000
@@ -713,7 +682,7 @@
inputs.self.nixosConfigurations.${node};
};
})
[ "vps6" "vps4" "vps7" ]);
[ "vps6" "vps7" "nas" ]);
};
};
}

13
local/pkgs/concurrencpp/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec
{
pname = "concurrencpp";
version = "0.1.7";
src = fetchFromGitHub
{
owner = "David-Haim";
repo = "concurrencpp";
rev = "v.${version}";
sha256 = "4qT29YVjKEWcMrI5R5Ps8aD4grAAgz5VOxANjpp1oTo=";
};
nativeBuildInputs = [ cmake ];
}

19
local/pkgs/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs }: with pkgs;
{ lib, pkgs }: with pkgs; rec
{
typora = callPackage ./typora {};
upho = python3Packages.callPackage ./upho {};
@@ -7,7 +7,7 @@
oneapi = callPackage ./oneapi {};
send = callPackage ./send {};
rsshub = callPackage ./rsshub {};
misskey = callPackage ./misskey {};
misskey = callPackage ./misskey { vips = unstablePackages.vips; };
mk-meili-mgn = callPackage ./mk-meili-mgn {};
phonon-unfolding = callPackage ./phonon-unfolding {};
# vasp = callPackage ./vasp
@@ -16,7 +16,20 @@
# intel-mpi = pkgs.lmix-pkgs.intel-oneapi-mpi_2021_9_0;
# ifort = pkgs.lmix-pkgs.intel-oneapi-ifort_2021_9_0;
# };
vasp = callPackage ./vasp { openmp = llvmPackages.openmp; };
vasp = callPackage ./vasp
{
openmp = llvmPackages.openmp;
openmpi = pkgs.openmpi.override { cudaSupport = false; };
};
vaspkit = callPackage ./vaspkit { attrsToList = (import ../lib lib).attrsToList; };
# "12to11" = callPackage ./12to11 {};
huginn = callPackage ./huginn {};
v_sim = callPackage ./v_sim {};
concurrencpp = callPackage ./concurrencpp { stdenv = gcc13Stdenv; };
eigengdb = python3Packages.callPackage ./eigengdb {};
nodesoup = callPackage ./nodesoup {};
matplotplusplus = callPackage ./matplotplusplus { inherit nodesoup; };
zpp-bits = callPackage ./zpp-bits {};
eigen = callPackage ./eigen {};
nameof = callPackage ./nameof {};
}

12
local/pkgs/eigen/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, stdenv, fetchFromGitLab, cmake }: stdenv.mkDerivation rec
{
name = "eigen";
src = fetchFromGitLab
{
owner = "libeigen";
repo = name;
rev = "6d829e766ff1b1ab867d93631163cbc63ed5798f";
sha256 = "BXUnizcRPrOyiPpoyYJ4VVOjlG49aj80mgzPKmEYPKU=";
};
nativeBuildInputs = [ cmake ];
}

15
local/pkgs/eigengdb/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ lib, fetchFromGitHub, buildPythonPackage, numpy, gdb }: buildPythonPackage
{
name = "eigengdb";
src = fetchFromGitHub
{
owner = "dmillard";
repo = "eigengdb";
rev = "c741edef3f07f33429056eff48d79a62733ed494";
sha256 = "MTqOaWsKhWaPs3G5F/6bYZmQI5qS2hEGKGa3mwbgFaY=";
};
doCheck = false;
buildInputs = [ gdb ];
nativeBuildInputs = [ gdb ];
propagatedBuildInputs = [ numpy ];
}

29
local/pkgs/huginn/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, stdenv, bundlerEnv, fetchFromGitHub }:
let
pname = "huginn";
version = "20230723";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "huginn";
rev = "a02977ad420a01b6460634af19f714db4a8f8f36";
hash = "sha256-Ty2EDCIjbvcf3PzPupcV4s7ZfAFTuYEjSfy0m+Yt3j4=";
};
gems = bundlerEnv
{
name = "${pname}-${version}-gems";
gemdir = "${src}";
gemfile = "${src}/Gemfile";
lockfile = "${src}/Gemfile.lock";
gemset = "${src}/gemset.nix";
copyGemFiles = true;
};
in stdenv.mkDerivation
{
inherit pname version src;
buildInputs = [ gems gems.wrappedRuby ];
installPhase =
''
false
'';
}

22
local/pkgs/matplotplusplus/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
stdenv, fetchFromGitHub, cmake, pkg-config,
gnuplot, libjpeg, libtiff, zlib, libpng, lapack, blas, fftw, opencv, nodesoup, cimg
}: stdenv.mkDerivation rec
{
pname = "matplotplusplus";
version = "1.2.0";
src = fetchFromGitHub
{
owner = "alandefreitas";
repo = "matplotplusplus";
rev = "v${version}";
sha256 = "mYXAB1AbCtcd2rEuluJN6hDKE9+AowodjJt2pdyntes=";
};
cmakeFlags =
[
"-DBUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_SHARED_LIBS=ON" "-DMATPLOTPP_BUILD_EXAMPLES=OFF"
"-DMATPLOTPP_WITH_SYSTEM_NODESOUP=ON" "-DMATPLOTPP_WITH_SYSTEM_CIMG=ON"
];
buildInputs = [ gnuplot libjpeg libtiff zlib libpng lapack blas fftw opencv nodesoup cimg ];
nativeBuildInputs = [ cmake pkg-config ];
}

70
local/pkgs/misskey/default.nix
View File

@@ -1,16 +1,16 @@
{
lib, stdenv, mkPnpmPackage, fetchFromGitHub, nodejs_20, writeShellScript, buildFHSEnv,
lib, stdenv, mkPnpmPackage, fetchFromGitHub, fetchurl, nodejs_20, writeShellScript, buildFHSEnv,
bash, cypress, vips, pkg-config
}:
let
pname = "misskey";
version = "13.14.2";
version = "2023.9.3";
src = fetchFromGitHub
{
owner = "CHN-beta";
repo = "misskey";
rev = "e02ecb3819f6f05352d43b64ae59fa1bd683e2e0";
hash = "sha256-zsYM67LYUn+bI6kbdW9blftxw5TUxCdzlfaOOEgZz+Q=";
rev = "d88358090da8459ef6f3b01890b361ff44a007f7";
sha256 = "JeXMnFoJuudGGHhAEXhdBRMN8EHEbm4U1yXuoz8K4hU=";
fetchSubmodules = true;
};
originalPnpmPackage = mkPnpmPackage
@@ -26,14 +26,66 @@ let
export NODE_ENV=production
pnpm run migrateandstart
'';
re2 = stdenv.mkDerivation rec
{
pname = "re2";
version = "1.20.3";
srcs =
[
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-115.br";
sha256 = "0g2k0bki0zm0vaqpz25ww119qcs1flv63h6s5ib3103arpnzmb6d";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-115.gz";
sha256 = "1dr9zzzm67jknzvla1l5178lzmj6cfh8i1vsp5r4gkwdwbfh3ip0";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-108.br";
sha256 = "0wby987byhshb20np1gglj6y9ji7m7jza5jwa4hyxfxs1pkkmg1n";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-108.gz";
sha256 = "0q3dyxm63d2x0wxx23gdwym7r2gmaw4ahvmd35dgrj179ik290pi";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-93.br";
sha256 = "1wjmdni24353ppwfiyrv1zl9ci4g2habk0g2nz6b0sijagcy7bv3";
})
(fetchurl
{
url = "https://github.com/uhop/node-re2/releases/download/1.20.3/linux-x64-93.gz";
sha256 = "0rgkryjh412g2m7rfrl2krsb9137prkk2y9ga8akn7qp1bqsbq1i";
})
];
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/${version}
for i in $srcs
do
cp $i $out/${version}/''${i#*-}
done
'';
};
in
stdenv.mkDerivation
stdenv.mkDerivation rec
{
inherit version src pname;
nativeBuildInputs =
[ bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config ];
buildInputs =
[
bash nodejs_20 nodejs_20.pkgs.typescript nodejs_20.pkgs.pnpm nodejs_20.pkgs.gulp cypress vips pkg-config
];
nativeBuildInputs = buildInputs;
CYPRESS_RUN_BINARY = "${cypress}/bin/Cypress";
NODE_ENV = "production";
RE2_DOWNLOAD_MIRROR = "${re2}";
RE2_DOWNLOAD_SKIP_PATH = "true";
configurePhase =
''
export HOME=$NIX_BUILD_TOP # Some packages need a writable HOME
@@ -67,4 +119,8 @@ in
mkdir -p $out/files
runHook postInstall
'';
passthru =
{
inherit originalPnpmPackage startScript re2;
};
}

20
local/pkgs/nameof/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
{
pname = "nameof";
version = "0.10.3";
src = fetchFromGitHub
{
owner = "Neargye";
repo = pname;
rev = "v${version}";
sha256 = "eHG0Y/BQGbwTrBHjq9SeSiIXaVqWp7PxIq7vCIECYPk=";
};
phases = [ "installPhase" ];
installPhase =
''
runHook preInstall
mkdir -p $out
cp -r $src/include $out
runHook postInstall
'';
}

13
local/pkgs/nodesoup/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ stdenv, fetchFromGitHub, cmake, pkg-config, cairo, pcre2, xorg }: stdenv.mkDerivation rec
{
name = "nodesoup";
src = fetchFromGitHub
{
owner = "olvb";
repo = "nodesoup";
rev = "3158ad082bb0cd1abee75418b12b35522dbca74f";
sha256 = "tFLq6QC3U3uvcuWsdRy2wnwcmAfH2MkI2oMcAiUBHSo=";
};
buildInputs = [ cairo pcre2.dev xorg.libXdmcp.dev ];
nativeBuildInputs = [ cmake pkg-config ];
}

4
local/pkgs/rsshub/default.nix
View File

@@ -9,8 +9,8 @@ let
{
owner = "DIYgod";
repo = "RSSHub";
rev = "afcf9774260dc6505263cf0428970e890f2f7b1d";
hash = "sha256-BQFE0Z5DsFTf0tylQ0NN89hCdXT/Y2M+YPa/10ccOVg=";
rev = "46d32af2c57061a70114536d1f4514eb5b35dff2";
sha256 = "WvPE+WAvRSCPVwoz7sSH3KhC8GUC82wYmYKXb5F9xHI=";
};
originalPnpmPackage = mkPnpmPackage { inherit pname version src nodejs; };
nodeModules = originalPnpmPackage.nodeModules.overrideAttrs { PUPPETEER_SKIP_DOWNLOAD = true; };

28
local/pkgs/v_sim/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
stdenv, lib, fetchFromGitLab,
wrapGAppsHook, autoreconfHook, autoconf, libtool, intltool, gettext, automake, gtk-doc, pkg-config, gfortran, libxslt,
glib, gtk3, epoxy, libyaml
}:
stdenv.mkDerivation
{
pname = "v_sim";
version = "3.8.0_p20230824";
src = fetchFromGitLab
{
owner = "l_sim";
repo = "v_sim";
rev = "8abc67b56795c19a8e2357d442b556c71d2441cb";
sha256 = "KQNd3BGvkZVsfIPVLEEMBptiFQYeCbWGR28ds2Y+w2Y=";
};
buildInputs = [ glib gtk3 epoxy libyaml ];
nativeBuildInputs =
[
autoreconfHook wrapGAppsHook autoconf libtool intltool gettext automake pkg-config
gtk-doc gfortran libxslt.bin
];
enableParallelBuilding = true;
postPatch =
''
./autogen.sh
'';
}

12
local/pkgs/vesta/default.nix
View File

@@ -1,5 +1,5 @@
{
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook,
lib, stdenv, fetchurl, autoPatchelfHook, wrapGAppsHook, makeWrapper,
glib, gtk2, xorg, libGLU, gtk3, writeShellScript, gsettings-desktop-schemas, xdg-utils
}:
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec
sha256 = "Tq4AzQgde2KIWKA1k6JlxvdphGG9JluHMZjVw0fBUeQ=";
};
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook ];
nativeBuildInputs = [ autoPatchelfHook wrapGAppsHook makeWrapper ];
buildInputs = [ glib gtk2 xorg.libXxf86vm libGLU gtk3 xorg.libXtst ];
unpackPhase = "tar -xf ${src}";
@@ -35,13 +35,7 @@ stdenv.mkDerivation rec
cp -r VESTA-gtk3 $out/opt/VESTA-gtk3
mkdir -p $out/bin
tee $out/bin/vesta << EOF
#!${stdenv.shell}
export XDG_DATA_DIRS=$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS
export PATH="\$PATH\''${PATH:+:}${xdg-utils}/bin"
$out/opt/VESTA-gtk3/VESTA "\$@"
EOF
chmod +x $out/bin/vesta
makeWrapper $out/opt/VESTA-gtk3/VESTA $out/bin/vesta
patchelf --remove-needed libjawt.so $out/opt/VESTA-gtk3/PowderPlot/libswt-awt-gtk-3346.so
'';

18
local/pkgs/zpp-bits/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ stdenv, fetchFromGitHub }: stdenv.mkDerivation rec
{
pname = "zpp-bits";
version = "4.4.19";
src = fetchFromGitHub
{
owner = "eyalz800";
repo = "zpp_bits";
rev = "v${version}";
sha256 = "ejIwrvCFALuBQbQhTfzjBb11oMR/akKnboB60GWbjlQ=";
};
phases = [ "installPhase" ];
installPhase =
''
mkdir -p $out/include
cp $src/zpp_bits.h $out/include
'';
}

1
modules/bugs/default.nix
View File

@@ -75,6 +75,7 @@ inputs:
firefox.programs.firefox.enable = inputs.lib.mkForce false;
embree.nixpkgs.overlays =
[(final: prev: { embree = prev.embree.override { stdenv = final.genericPackages.stdenv; }; })];
nvme.boot.kernelParams = [ "nvme_core.default_ps_max_latency_us=0" ];
};
in
{

2
modules/hardware/default.nix
View File

@@ -101,7 +101,7 @@ inputs:
let
packages =
{
intel = [ intel-compute-runtime intel-media-driver intel-vaapi-driver libvdpau-va-gl ];
intel = [ intel-compute-runtime intel-media-driver libvdpau-va-gl ]; # intel-vaapi-driver
nvidia = [ vaapiVdpau ];
};
in

397
modules/packages/default.nix
View File

@@ -29,44 +29,164 @@ inputs:
[
# >= server
{
nixos.packages = with inputs.pkgs;
nixos =
{
_packages =
[
# shell
ksh
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
# lsxx
pciutils usbutils lshw util-linux lsof
# top
iotop iftop htop btop powertop s-tui
# editor
nano bat
# downloader
wget aria2 curl
# file manager
tree exa trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz rar upx unzip inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.zip lzip p7zip
# file system management
sshfs e2fsprogs adb-sync duperemove compsize
# disk management
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
# nix tools
nix-output-monitor nix-tree
# office
todo-txt-cli
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2
])];
packages = with inputs.pkgs;
{
_packages =
[
# shell
ksh
# basic tools
beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq zellij neofetch ipfetch
# lsxx
pciutils usbutils lshw util-linux lsof
# top
iotop iftop htop btop powertop s-tui
# editor
nano bat
# downloader
wget aria2 curl
# file manager
tree exa trash-cli lsd broot file xdg-ninja mlocate
# compress
pigz rar upx unzip zip lzip p7zip
# file system management
sshfs e2fsprogs adb-sync duperemove compsize
# disk management
smartmontools hdparm
# encryption and authentication
apacheHttpd openssl ssh-to-age gnupg age sops pam_u2f yubico-piv-tool
# networking
ipset iptables iproute2 dig nettools traceroute tcping-go whois tcpdump nmap inetutils
# nix tools
nix-output-monitor nix-tree
# office
todo-txt-cli
# development
gdb
] ++ (with inputs.config.boot.kernelPackages; [ cpupower usbip ]);
_pythonPackages = [(pythonPackages: with pythonPackages;
[
inquirerpy requests python-telegram-bot tqdm fastapi pypdf2 pandas matplotlib plotly gunicorn redis jinja2
certifi charset-normalizer idna orjson psycopg2 localPackages.eigengdb
])];
};
users.sharedModules =
[{
config.programs =
{
zsh =
{
enable = true;
initExtraBeforeCompInit =
''
# p10k instant prompt
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
function br
{
local cmd cmd_file code
cmd_file=$(mktemp)
if broot --outcmd "$cmd_file" "$@"; then
cmd=$(<"$cmd_file")
command rm -f "$cmd_file"
eval "$cmd"
else
code=$?
command rm -f "$cmd_file"
return "$code"
fi
}
alias todo="todo.sh"
'';
plugins =
[
{
file = "powerlevel10k.zsh-theme";
name = "powerlevel10k";
src = "${inputs.pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
}
{
file = "p10k.zsh";
name = "powerlevel10k-config";
src = ./p10k-config;
}
{
name = "zsh-lsd";
src = inputs.pkgs.fetchFromGitHub
{
owner = "z-shell";
repo = "zsh-lsd";
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
};
}
];
history =
{
extended = true;
save = 100000000;
size = 100000000;
share = true;
};
};
direnv = { enable = true; nix-direnv.enable = true; };
git =
{
enable = true;
lfs.enable = true;
extraConfig =
{
core.editor = if inputs.config.nixos.system.gui.preferred then "code --wait" else "vim";
advice.detachedHead = false;
merge.conflictstyle = "diff3";
diff.colorMoved = "default";
};
package = inputs.pkgs.gitFull;
delta =
{
enable = true;
options =
{
side-by-side = true;
navigate = true;
syntax-theme = "GitHub";
light = true;
zero-style = "syntax white";
line-numbers-zero-style = "#ffffff";
};
};
};
ssh =
{
enable = true;
controlMaster = "auto";
controlPersist = "1m";
compression = true;
};
vim =
{
enable = true;
defaultEditor = true;
packageConfigurable = inputs.config.programs.vim.package;
settings =
{
number = true;
expandtab = false;
shiftwidth = 2;
tabstop = 2;
};
extraConfig =
''
set clipboard=unnamedplus
colorscheme evening
'';
};
};
}];
};
programs =
{
@@ -116,80 +236,135 @@ inputs:
];
allowUnfree = true;
};
home-manager =
{
useGlobalPkgs = true;
useUserPackages = true;
};
}
# >= desktop
(
mkIf (builtins.elem inputs.config.nixos.packages.packageSet [ "desktop" "workstation" ] )
{
nixos.packages = with inputs.pkgs;
nixos =
{
_packages =
[
# system management
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
wayland-utils clinfo glxinfo vulkan-tools dracut etcher
# nix tools
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
# instant messager
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
cinny-desktop # nur-xddxdd.wine-wechat thunder
# browser
google-chrome
# networking
remmina putty mtr-gui
# password and key management
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
# download
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
# office
crow-translate zotero pandoc
# development
scrcpy
# media
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk
# text editor
localPackages.typora
# themes
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
arc-kde-theme materia-theme
# news
fluent-reader rssguard
# davinci-resolve playonlinux
weston cage
genymotion
(
vscode-with-extensions.override
packages = with inputs.pkgs;
{
_packages =
[
# system management
gparted snapper-gui libsForQt5.qtstyleplugin-kvantum wl-clipboard-x11 kio-fuse wl-mirror
wayland-utils clinfo glxinfo vulkan-tools dracut etcher unstablePackages.btrfs-assistant
# nix tools
ssh-to-age deploy-rs.deploy-rs nixpkgs-fmt
# instant messager
element-desktop telegram-desktop discord inputs.config.nur.repos.linyinfeng.wemeet # native
cinny-desktop # nur-xddxdd.wine-wechat thunder
# browser
google-chrome
# networking
remmina putty mtr-gui
# password and key management
bitwarden yubikey-manager yubikey-manager-qt yubikey-personalization yubikey-personalization-gui
# download
qbittorrent yt-dlp nur-xddxdd.baidupcs-go wgetpaste
# office
unstablePackages.crow-translate zotero pandoc
# development
scrcpy
# media
spotify yesplaymusic mpv nomacs simplescreenrecorder imagemagick gimp netease-cloud-music-gtk vlc
# text editor
localPackages.typora
# themes
orchis-theme tela-circle-icon-theme plasma-overdose-kde-theme materia-kde-theme graphite-kde-theme
arc-kde-theme materia-theme
# news
fluent-reader rssguard
# davinci-resolve playonlinux
weston cage openbox krita
genymotion hdfview
(
vscode-with-extensions.override
{
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
++ (with intellsmi; [ comment-translate deepl-translate ])
++ (with ms-python; [ isort python vscode-pylance ])
++ (with ms-toolsai;
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
])
++ (with ms-vscode;
[
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
test-adapter-converter
])
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
++ [
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans
oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug
hbenl.vscode-test-explorer
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode webfreak.debug
];
}
)
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
};
users.sharedModules =
[{
config =
{
programs =
{
vscodeExtensions = with nix-vscode-extensions.vscode-marketplace;
(with equinusocio; [ vsc-community-material-theme vsc-material-theme-icons ])
++ (with github; [ copilot copilot-chat copilot-labs github-vscode-theme ])
++ (with intellsmi; [ comment-translate deepl-translate ])
++ (with ms-python; [ isort python vscode-pylance ])
++ (with ms-toolsai;
chromium =
{
enable = true;
extensions =
[
jupyter jupyter-keymap jupyter-renderers vscode-jupyter-cell-tags vscode-jupyter-slideshow
])
++ (with ms-vscode;
[
cmake-tools cpptools cpptools-extension-pack cpptools-themes hexeditor remote-explorer
test-adapter-converter
])
++ (with ms-vscode-remote; [ remote-ssh remote-containers remote-ssh-edit ])
++ [
donjayamanne.githistory genieai.chatgpt-vscode fabiospampinato.vscode-diff cschlosser.doxdocgen
llvm-vs-code-extensions.vscode-clangd ms-ceintl.vscode-language-pack-zh-hans oderwat.indent-rainbow
twxs.cmake guyutongxue.cpp-reference znck.grammarly thfriedrich.lammps leetcode.vscode-leetcode
james-yu.latex-workshop gimly81.matlab affenwiesel.matlab-formatter ckolkman.vscode-postgres
yzhang.markdown-all-in-one pkief.material-icon-theme bbenoist.nix ms-ossdata.vscode-postgresql
redhat.vscode-xml dotjoshjohnson.xml jnoortheen.nix-ide xdebug.php-debug hbenl.vscode-test-explorer
jeff-hykin.better-cpp-syntax fredericbonnet.cmake-test-adapter mesonbuild.mesonbuild
hirse.vscode-ungit fortran-lang.linter-gfortran tboox.xmake-vscode ccls-project.ccls
feiskyer.chatgpt-copilot yukiuuh2936.vscode-modern-fortran-formatter wolframresearch.wolfram
njpipeorgan.wolfram-language-notebook brettm12345.nixfmt-vscode
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
];
}
)
] ++ (with inputs.lib; filter isDerivation (attrValues plasma5Packages.kdeGear));
};
obs-studio =
{
enable = true;
plugins = with inputs.pkgs.obs-studio-plugins;
[ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
};
};
home.file.".config/baloofilerc".text =
''
[Basic Settings]
Indexing-Enabled=false
'';
};
}];
};
programs =
{
@@ -202,7 +377,7 @@ inputs:
languagePacks = [ "zh-CN" "en-US" ];
nativeMessagingHosts.firefoxpwa = true;
};
vim.package = inputs.pkgs.vim-full;
vim.package = inputs.pkgs.genericPackages.vim-full;
};
nixpkgs.config.packageOverrides = pkgs:
{
@@ -224,7 +399,7 @@ inputs:
[
# nix tools
nix-template appimage-run nil nixd nix-alien nix-serve node2nix nix-prefetch-github prefetch-npm-deps
nix-prefetch-docker pnpm-lock-export
nix-prefetch-docker pnpm-lock-export bundix
# instant messager
zoom-us signal-desktop qq nur-xddxdd.wechat-uos slack # jail
# office
@@ -234,12 +409,12 @@ inputs:
# media
nur-xddxdd.svp obs-studio waifu2x-converter-cpp inkscape blender
# virtualization
wine virt-viewer bottles # wine64
wineWowPackages.stagingFull virt-viewer bottles # wine64
# text editor
appflowy notion-app-enhanced joplin-desktop standardnotes
# math, physics and chemistry
mathematica octave root ovito paraview localPackages.vesta qchem.quantum-espresso # vsim
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit
mathematica octaveFull root ovito paraview localPackages.vesta qchem.quantum-espresso
localPackages.vasp localPackages.phonon-unfolding localPackages.vaspkit jmol localPackages.v_sim
# news
newsflash newsboat
];
@@ -247,7 +422,11 @@ inputs:
[
phonopy tensorflow keras openai scipy scikit-learn
])];
_prebuildPackages = [ httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2 ];
_prebuildPackages =
[
httplib magic-enum xtensor boost cereal cxxopts ftxui yaml-cpp gfortran gcc10 python2
unstablePackages.gcc13Stdenv
];
};
programs =
{
@@ -411,4 +590,4 @@ inputs:
# x11-misc/optimus-manager
# x11-misc/unclutter-xfixes
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );
# ++ ( with inputs.pkgs.pkgsCross.mingwW64.buildPackages; [ gcc ] );

2
modules/users/p10k-config/p10k.zsh → modules/packages/p10k-config/p10k.zsh
View File

@@ -1686,7 +1686,7 @@
# - verbose: Enable instant prompt and print a warning when detecting console output during
# zsh initialization. Choose this if you've never tried instant prompt, haven't
# seen the warning, or if you are unsure what this all means.
typeset -g POWERLEVEL9K_INSTANT_PROMPT=verbose
typeset -g POWERLEVEL9K_INSTANT_PROMPT=quiet
# Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized.
# For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload

39
modules/services/acme.nix Normal file
View File

@@ -0,0 +1,39 @@
inputs:
{
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
certs = mkOption
{
type = types.listOf (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
default = [];
};
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) acme;
inherit (builtins) map listToAttrs;
in mkIf acme.enable
{
security.acme =
{
acceptTerms = true;
defaults.email = "chn@chn.moe";
certs = listToAttrs (map
(cert:
{
name = if builtins.typeOf cert == "string" then cert else builtins.elemAt cert 0;
value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
extraDomainNames = if builtins.typeOf cert == "string" then [] else builtins.tail cert;
};
})
acme.certs);
};
sops.secrets."acme/cloudflare.ini" = {};
};
}

50
modules/services/beesd.nix Normal file
View File

@@ -0,0 +1,50 @@
inputs:
{
options.nixos.services.beesd = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
instances = mkOption
{
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule { options =
{
device = mkOption { type = types.nonEmptyStr; };
hashTableSizeMB = mkOption { type = types.int; };
};})
]);
default = {};
};
};
config =
let
inherit (inputs.config.nixos.services) beesd;
inherit (inputs.lib) mkIf;
inherit (builtins) map listToAttrs;
inherit (inputs.localLib) attrsToList;
in mkIf beesd.enable
{
services.beesd.filesystems = listToAttrs (map
(instance:
{
inherit (instance) name;
value =
{
spec = instance.value.device or instance.value;
hashTableSizeMB = instance.value.hashTableSizeMB or 1024;
extraOptions = [ "--thread-count" "1" "--scan-mode" "3" ];
};
})
(attrsToList beesd.instances));
systemd.slices.system-beesd.sliceConfig =
{
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
Nice = 19;
};
};
}

1
modules/services/ca.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature

299
modules/services/default.nix
View File

@@ -13,65 +13,20 @@ inputs:
./synapse.nix
./phpfpm.nix
./xrdp.nix
# ./docker.nix
./groupshare.nix
./acme.nix
./samba.nix
./sshd.nix
./vaultwarden.nix
./frp.nix
./beesd.nix
./snapper.nix
];
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
snapper =
{
enable = mkOption { type = types.bool; default = false; };
configs = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
kmscon.enable = mkOption { type = types.bool; default = false; };
fontconfig.enable = mkOption { type = types.bool; default = false; };
samba =
{
enable = mkOption { type = types.bool; default = false; };
wsdd = mkOption { type = types.bool; default = false; };
private = mkOption { type = types.bool; default = false; };
hostsAllowed = mkOption { type = types.str; default = "127."; };
shares = mkOption
{
type = types.attrsOf (types.submodule { options =
{
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
path = mkOption { type = types.nonEmptyStr; };
};});
default = {};
};
};
sshd.enable = mkOption { type = types.bool; default = false; };
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
acme =
{
enable = mkOption { type = types.bool; default = false; };
certs = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
frpClient =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
user = mkOption { type = types.nonEmptyStr; };
tcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
};
}));
default = {};
};
};
frpServer =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
};
nix-serve =
{
enable = mkOption { type = types.bool; default = false; };
@@ -89,38 +44,6 @@ inputs:
inherit (builtins) map listToAttrs toString;
in mkMerge
[
(
mkIf services.snapper.enable
{
services.snapper.configs =
let
f = (config:
{
inherit (config) name;
value =
{
SUBVOLUME = config.value;
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800;
TIMELINE_LIMIT_HOURLY = "10";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "1";
TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
};
});
in
listToAttrs (map f (attrsToList services.snapper.configs));
nixpkgs.config.packageOverrides = pkgs:
{
snapper = pkgs.snapper.overrideAttrs (attrs:
{
patches = (if (attrs ? patches) then attrs.patches else []) ++ [ ./snapper.patch ];
});
};
}
)
(
mkIf services.kmscon.enable
{
@@ -137,7 +60,7 @@ inputs:
fonts =
{
fontDir.enable = true;
packages = with inputs.pkgs;
fonts = with inputs.pkgs;
[ noto-fonts source-han-sans source-han-serif source-code-pro hack-font jetbrains-mono nerdfonts ];
fontconfig.defaultFonts =
{
@@ -149,204 +72,7 @@ inputs:
};
}
)
(
mkIf services.samba.enable
{
# make shares visible for windows 10 clients
services =
{
samba-wsdd.enable = services.samba.wsdd;
samba =
{
enable = true;
openFirewall = !services.samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${services.samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
(share:
{
name = share.name;
value =
{
comment = if share.value.comment != null then share.value.comment else share.name;
path = share.value.path;
browseable = true;
writeable = true;
"create mask" = "664";
"force create mode" = "644";
"directory mask" = "2755";
"force directory mode" = "2755";
};
})
(attrsToList services.samba.shares));
};
};
}
)
(
mkIf services.sshd.enable
{
services.openssh =
{
enable = true;
settings =
{
X11Forwarding = true;
TrustedUserCAKeys = builtins.toString ./ca.pub;
ChallengeResponseAuthentication = false;
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
UsePAM = true;
};
};
}
)
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
(
mkIf services.acme.enable
{
security.acme =
{
acceptTerms = true;
defaults.email = "chn@chn.moe";
certs = listToAttrs (map
(name:
{
name = name; value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
};
})
services.acme.certs);
};
sops.secrets."acme/cloudflare.ini" = {};
}
)
(
mkIf (services.frpClient.enable)
{
systemd.services.frpc =
let
frpc = "${inputs.pkgs.frp}/bin/frpc";
config = inputs.config.sops.templates."frpc.ini";
in
{
description = "Frp Client Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "always";
RestartSec = "5s";
ExecStart = "${frpc} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frpc.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
(
{
common =
{
server_addr = services.frpClient.serverName;
server_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
user = services.frpClient.user;
tls_enable = true;
};
}
// (listToAttrs (map
(tcp:
{
name = tcp.name;
value =
{
type = "tcp";
local_ip = tcp.value.localIp;
local_port = tcp.value.localPort;
remote_port = tcp.value.remotePort;
use_compression = true;
};
})
(attrsToList services.frpClient.tcp))
)
);
};
secrets."frp/token" = {};
};
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
}
)
(
mkIf (services.frpServer.enable)
{
systemd.services.frps =
let
frps = "${inputs.pkgs.frp}/bin/frps";
config = inputs.config.sops.templates."frps.ini";
in
{
description = "Frp Server Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${frps} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frps.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
{
common = let cert = inputs.config.security.acme.certs.${services.frpServer.serverName}.directory; in
{
bind_port = 7000;
bind_udp_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
tls_cert_file = "${cert}/full.pem";
tls_key_file = "${cert}/key.pem";
tls_only = true;
user_conn_timeout = 30;
};
};
};
secrets."frp/token" = {};
};
nixos.services.acme = { enable = true; certs = [ services.frpServer.serverName ]; };
security.acme.certs.${services.frpServer.serverName}.group = "frp";
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
networking.firewall.allowedTCPPorts = [ 7000 ];
}
)
(
mkIf services.nix-serve.enable
{
@@ -357,7 +83,8 @@ inputs:
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
};
sops.secrets."store/signingKey" = {};
nixos.services.nginx.httpProxy.${services.nix-serve.hostname}.upstream = "http://127.0.0.1:5000";
nixos.services.nginx.httpProxy.${services.nix-serve.hostname} =
{ rewriteHttps = true; locations."/".upstream = "http://127.0.0.1:5000"; };
}
)
(mkIf services.smartd.enable { services.smartd.enable = true; })
@@ -444,8 +171,8 @@ inputs:
enable = true;
httpProxy."wallabag.chn.moe" =
{
upstream = "http://127.0.0.1:4398";
setHeaders.Host = "wallabag.chn.moe";
rewriteHttps = true;
locations."/" = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
};
};
postgresql.enable = true;

103
modules/services/docker.nix
View File

@@ -1,103 +0,0 @@
inputs:
{
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in
{
type = types.attrsOf (types.submodule (inputs: { options =
{
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
image = mkOption { type = types.package; };
imageName =
mkOption { type = types.nonEmptyStr; default = with inputs.image; (imageName + ":" + imageTag); };
ports = mkOption
{
type = types.listOf (types.oneOf
[
types.ints.unsigned
types.submodule (inputs: { options =
{
hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
hostPort = mkOption { type = types.ints.unsigned; };
containerPort = mkOption { type = types.ints.unsigned; };
protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
};})
]);
default = [];
};
environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
};}));
default = {};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (builtins) listToAttrs map concatLists;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) docker;
in mkMerge
[
{
virtualisation.oci-containers.containers = listToAttrs (map
(container:
{
name = "${container.name}";
value =
{
image = container.value.imageName;
imageFile = container.value.image;
ports = map
(port:
(
if builtins.typeOf port == "int" then "127.0.0.1::${toString port}"
else ("${port.value.hostIp}:${toString port.value.hostPort}"
+ ":${toString port.value.containerPort}/${port.value.protocol}")
))
container.value.ports;
extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
environmentFiles =
if builtins.typeOf container.value.environmentFile == "bool" && container.value.environmentFile
then [ inputs.config.sops.templates."${container.name}/env".path ]
else if builtins.typeOf container.value.environmentFile == "bool" then []
else [ container.value.environmentFile ];
};
})
(attrsToList docker));
systemd.services = listToAttrs (concatLists (map
(container:
[
{
name = "docker-${container.value.user}-daemon";
value =
{
wantedBy = [ "multi-user.target" ];
inherit (inputs.systemd.user.services.docker) description path;
serviceConfig = inputs.systemd.user.services.docker.serviceConfig //
{
User = container.value.user;
Group = container.value.user;
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
ExecStart = inputs.systemd.user.services.docker.serviceConfig.ExecStart
+ " -H unix:///var/run/docker-rootless/${container.value.user}.sock";
};
unitConfig = { inherit (inputs.systemd.user.services.docker.unitConfig) StartLimitInterval; };
};
}
{
name = "docker-${container.name}";
value =
{
requires = [ "docker-${container.value.user}-daemon.service" ];
after = [ "docker-${container.value.user}-daemon.service" ];
environment.DOCKER_HOST = "unix:///var/run/docker-rootless/${container.value.user}.sock";
serviceConfig = { User = container.value.user; Group = container.value.user; };
};
}
])
(attrsToList docker)));
}
(mkIf (docker != {})
{
systemd.tmpfiles.rules = [ "d /var/run/docker-rootless 0777" ];
nixos.virtualization.docker.enable = true;
})
];
}

154
modules/services/frp.nix Normal file
View File

@@ -0,0 +1,154 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
frpClient =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
user = mkOption { type = types.nonEmptyStr; };
tcp = mkOption
{
type = types.attrsOf (types.submodule (inputs:
{
options =
{
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
localPort = mkOption { type = types.ints.unsigned; };
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
};
}));
default = {};
};
};
frpServer =
{
enable = mkOption { type = types.bool; default = false; };
serverName = mkOption { type = types.nonEmptyStr; };
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) frpClient frpServer;
inherit (builtins) map listToAttrs;
in mkMerge
[
(
mkIf frpClient.enable
{
systemd.services.frpc =
let
frpc = "${inputs.pkgs.frp}/bin/frpc";
config = inputs.config.sops.templates."frpc.ini";
in
{
description = "Frp Client Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "always";
RestartSec = "5s";
ExecStart = "${frpc} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frpc.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
(
{
common =
{
server_addr = frpClient.serverName;
server_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
user = frpClient.user;
tls_enable = true;
};
}
// (listToAttrs (map
(tcp:
{
name = tcp.name;
value =
{
type = "tcp";
local_ip = tcp.value.localIp;
local_port = tcp.value.localPort;
remote_port = tcp.value.remotePort;
use_compression = true;
};
})
(attrsToList frpClient.tcp))
)
);
};
secrets."frp/token" = {};
};
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
}
)
(
mkIf frpServer.enable
{
systemd.services.frps =
let
frps = "${inputs.pkgs.frp}/bin/frps";
config = inputs.config.sops.templates."frps.ini";
in
{
description = "Frp Server Service";
after = [ "network.target" ];
serviceConfig =
{
Type = "simple";
User = "frp";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${frps} -c ${config.path}";
LimitNOFILE = 1048576;
};
wantedBy= [ "multi-user.target" ];
restartTriggers = [ config.file ];
};
sops =
{
templates."frps.ini" =
{
owner = inputs.config.users.users.frp.name;
group = inputs.config.users.users.frp.group;
content = inputs.lib.generators.toINI {}
{
common = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
{
bind_port = 7000;
bind_udp_port = 7000;
token = inputs.config.sops.placeholder."frp/token";
tls_cert_file = "${cert}/full.pem";
tls_key_file = "${cert}/key.pem";
tls_only = true;
user_conn_timeout = 30;
};
};
};
secrets."frp/token" = {};
};
nixos.services.acme = { enable = true; certs = [ frpServer.serverName ]; };
security.acme.certs.${frpServer.serverName}.group = "frp";
users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
networking.firewall.allowedTCPPorts = [ 7000 ];
}
)
];
}

37
modules/services/groupshare.nix Normal file
View File

@@ -0,0 +1,37 @@
inputs:
{
options.nixos.services.groupshare = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
# hard to read value from inputs.config.users.users.xxx.home, causing infinite recursion
mountPoints = mkOption { type = types.listOf types.str; default = []; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (builtins) listToAttrs map concatLists;
inherit (inputs.config.nixos.services) groupshare;
users = inputs.config.users.groups.groupshare.members;
in mkIf groupshare.enable
{
users.groups.groupshare = {};
systemd.tmpfiles.rules = [ "d /var/lib/groupshare" ]
++ (concatLists (map
(user:
[
"d /var/lib/groupshare/${user} 2750 ${user} groupshare"
# systemd 253 does not support 'X' bit, it should be manually set
# sudo setfacl -m 'xxx' dir
# ("a /var/lib/groupshare/${user} - - - - "
# + "d:u:${user}:rwX,u:${user}:rwX,d:g:groupshare:r-X,g:groupshare:r-X,d:o::---,o::---,d:m::r-x,m::r-x")
])
users));
fileSystems = listToAttrs (map
(mountPoint:
{
name = mountPoint;
value = { device = "/var/lib/groupshare"; options = [ "bind" ]; depends = [ "/home" "/var/lib" ]; };
})
groupshare.mountPoints);
};
}

23
modules/services/huginn.nix
View File

@@ -1,23 +0,0 @@
inputs:
{
options.nixos.services.huginn.enable = inputs.lib.mkOption { type = inputs.lib.types.bool; default = false; };
config = inputs.lib.mkIf inputs.config.nixos.services.huginn.enable
{
nixos.services =
{
docker.huginn =
{
image = inputs.pkgs.dockerTools.pullImage
{
imageName = "huginn/huginn";
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
sha256 = "0ls97k8ic7w5j54jlpwh8rrvj1y4pl4106j9pyap105r6p7dziiz";
finalImageName = "huginn/huginn";
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
};
ports = [ 3000 ];
environmentFile = true;
};
};
};
}

17
modules/services/meilisearch.nix
View File

@@ -11,6 +11,7 @@ inputs:
};}));
default = {};
};
ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
config =
let
@@ -37,7 +38,7 @@ inputs:
Group = inputs.config.users.users.${instance.value.user}.group;
ExecStart =
let
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
meilisearch = inputs.pkgs.unstablePackages.meilisearch.overrideAttrs (prev:
{
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
++ (
@@ -58,11 +59,17 @@ inputs:
IOSchedulingPriority = 4;
IOAccounting = true;
IOWeight = 1;
IOReadBandwidthMax = "/dev/mapper/root 20M";
IOWriteBandwidthMax = "/dev/mapper/root 20M";
Nice = 19;
Slice = "-.slice";
};
}
// (if meilisearch.ioLimitDevice != null then
{
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
# iostat -dx 1
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
} else {});
};
})
(attrsToList meilisearch.instances));
@@ -91,7 +98,7 @@ inputs:
env = "production"
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
log_level = "INFO"
max_indexing_memory = "8Gb"
max_indexing_memory = "16Gb"
max_indexing_threads = 1
'';
owner = inputs.config.users.users.misskey.name;

18
modules/services/misskey.nix
View File

@@ -54,6 +54,8 @@ inputs:
ExecStart = "${WorkingDirectory}/bin/misskey";
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
Restart = "always";
RuntimeMaxSec = "1d";
};
};
tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
@@ -63,12 +65,12 @@ inputs:
"/var/lib/misskey/work" =
{
device = "${inputs.pkgs.localPackages.misskey}";
options = [ "bind" ];
options = [ "bind" "private" "x-gvfs-hide" ];
};
"/var/lib/misskey/work/files" =
{
device = "/var/lib/misskey/files";
options = [ "bind" ];
options = [ "bind" "private" "x-gvfs-hide" ];
};
};
sops.templates."misskey/default.yml" =
@@ -138,10 +140,14 @@ inputs:
name = hostname;
value =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
rewriteHttps = true;
locations."/" =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList misskey-proxy));

156
modules/services/nginx.nix
View File

@@ -6,23 +6,47 @@ inputs:
transparentProxy =
{
enable = mkOption { type = types.bool; default = true; };
externalIp = mkOption { type = types.nonEmptyStr; };
externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
};
httpProxy = mkOption
{
type = types.attrsOf (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
rewriteHttps = mkOption { type = types.bool; default = false; };
websocket = mkOption { type = types.bool; default = false; };
http2 = mkOption { type = types.bool; default = true; };
setHeaders = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
addAuth = mkOption { type = types.bool; default = false; };
detectAuth = mkOption { type = types.bool; default = false; };
locations = mkOption
{
type = types.attrsOf (types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
websocket = mkOption { type = types.bool; default = false; };
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
};});
};
};});
default = {};
};
streamProxy =
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 5575; };
map = mkOption
{
type = types.attrsOf (types.oneOf
[
types.nonEmptyStr
(types.submodule { options =
{
upstream = mkOption { type = types.nonEmptyStr; };
rewriteHttps = mkOption { type = types.bool; default = false; };
};})
]);
default = {};
};
};
};
config =
let
@@ -65,37 +89,38 @@ inputs:
value =
{
serverName = site.name;
listen =
[
{ addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; }
{ addr = "0.0.0.0"; port = 80; }
];
listen = [ { addr = "127.0.0.1"; port = (if site.value.http2 then 443 else 3065); ssl = true; } ]
++ (if site.value.rewriteHttps then [ { addr = "0.0.0.0"; port = 80; } ] else []);
useACMEHost = site.name;
locations."/" =
{
proxyPass = site.value.upstream;
proxyWebsockets = site.value.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
basicAuthFile =
if site.value.detectAuth then
inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
else null;
extraConfig = concatStringsSep "\n"
(
(map
(header: "proxy_set_header ${header.name} ${header.value};")
(attrsToList site.value.setHeaders))
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
++ (
if site.value.addAuth then
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
else [])
);
};
addSSL = true;
locations = listToAttrs (map
(location:
{
inherit (location) name;
value =
{
proxyPass = location.value.upstream;
proxyWebsockets = location.value.websocket;
recommendedProxySettings = false;
recommendedProxySettingsNoHost = true;
extraConfig = concatStringsSep "\n"
(
(map
(header: ''proxy_set_header ${header.name} "${header.value}";'')
(attrsToList location.value.setHeaders))
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
++ (
if site.value.addAuth then
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
else [])
);
};
})
(attrsToList site.value.locations));
forceSSL = site.value.rewriteHttps;
http2 = site.value.http2;
basicAuthFile =
if site.value.detectAuth then inputs.config.sops.secrets."nginx/detectAuth/${site.name}".path
else null;
};
})
(attrsToList nginx.httpProxy));
@@ -123,6 +148,16 @@ inputs:
in
(inputs.pkgs.nginxMainline.override (prev: { modules = prev.modules ++ [ nginx-geoip2 ]; }))
.overrideAttrs (prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
streamConfig =
''
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
{
$geoip2_data_country_code country iso_code;
}
resolver 8.8.8.8;
'';
# todo: use host dns
resolver.addresses = [ "8.8.8.8" ];
};
geoipupdate =
{
@@ -178,13 +213,9 @@ inputs:
{
services.nginx.streamConfig =
''
geoip2 ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
{
$geoip2_data_country_code country iso_code;
}
log_format stream '[$time_local] $remote_addr-$geoip2_data_country_code "$ssl_preread_server_name"->$backend $bytes_sent $bytes_received';
access_log syslog:server=unix:/dev/log stream;
map $ssl_preread_server_name $backend
log_format transparent_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
'"$ssl_preread_server_name"->$transparent_proxy_backend $bytes_sent $bytes_received';
map $ssl_preread_server_name $transparent_proxy_backend
{
${concatStringsSep "\n" (map
(x: '' "${x.name}" 127.0.0.1:${toString x.value};'')
@@ -199,13 +230,14 @@ inputs:
}
server
{
listen ${nginx.transparentProxy.externalIp}:443;
${concatStringsSep "\n " (map (ip: "listen ${ip}:443;") nginx.transparentProxy.externalIp)}
ssl_preread on;
proxy_bind $remote_addr transparent;
proxy_pass $backend;
proxy_pass $transparent_proxy_backend;
proxy_connect_timeout 1s;
proxy_socket_keepalive on;
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log transparent_proxy;
}
'';
networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -260,5 +292,47 @@ inputs:
wantedBy= [ "multi-user.target" ];
};
})
(mkIf nginx.streamProxy.enable
{
services.nginx =
{
streamConfig =
''
log_format stream_proxy '[$time_local] $remote_addr-$geoip2_data_country_code '
'"$ssl_preread_server_name"->$stream_proxy_backend $bytes_sent $bytes_received';
map $ssl_preread_server_name $stream_proxy_backend
{
${concatStringsSep "\n" (map
(x: '' "${x.name}" "${x.value.upstream or x.value}";'')
(attrsToList nginx.streamProxy.map))}
}
server
{
listen 127.0.0.1:${toString nginx.streamProxy.port};
ssl_preread on;
proxy_pass $stream_proxy_backend;
proxy_connect_timeout 10s;
proxy_socket_keepalive on;
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log stream_proxy;
}
'';
virtualHosts = listToAttrs (map
(site:
{
inherit (site) name;
value =
{
serverName = site.name;
listen = [ { addr = "0.0.0.0"; port = 80; } ];
locations."/".return = "301 https://${site.name}$request_uri";
};
})
(filter (site: site.value.rewriteHttps or false) (attrsToList nginx.streamProxy.map)));
};
nixos.services.nginx.transparentProxy.map = listToAttrs (map
(site: { name = site.name; value = nginx.streamProxy.port; })
(attrsToList nginx.streamProxy.map));
})
];
}

5
modules/services/rsshub.nix
View File

@@ -62,8 +62,9 @@ inputs:
enable = true;
httpProxy.${rsshub.hostname} =
{
upstream = "http://127.0.0.1:${toString rsshub.port}";
setHeaders.Host = rsshub.hostname;
rewriteHttps = true;
locations."/" =
{ upstream = "http://127.0.0.1:${toString rsshub.port}"; setHeaders.Host = rsshub.hostname; };
};
};
};

67
modules/services/samba.nix Normal file
View File

@@ -0,0 +1,67 @@
inputs:
{
options.nixos.services.samba = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
wsdd = mkOption { type = types.bool; default = false; };
private = mkOption { type = types.bool; default = false; };
hostsAllowed = mkOption { type = types.str; default = "127."; };
shares = mkOption
{
type = types.attrsOf (types.submodule { options =
{
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
path = mkOption { type = types.nonEmptyStr; };
};});
default = {};
};
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) samba;
inherit (builtins) map listToAttrs;
in mkIf samba.enable
{
services =
{
# make shares visible for windows 10 clients
samba-wsdd.enable = samba.wsdd;
samba =
{
enable = true;
# TCP 139 445 UDP 137 138
openFirewall = !samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
(share:
{
name = share.name;
value =
{
comment = if share.value.comment != null then share.value.comment else share.name;
path = share.value.path;
browseable = true;
writeable = true;
"create mask" = "644";
"force create mode" = "644";
"directory mask" = "2755";
"force directory mode" = "2755";
};
})
(attrsToList samba.shares));
};
};
};
}

37
modules/services/snapper.nix Normal file
View File

@@ -0,0 +1,37 @@
inputs:
{
options.nixos.services.snapper = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
configs = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos) services;
inherit (builtins) map listToAttrs toString;
in mkIf services.snapper.enable
{
services.snapper.configs =
let
f = (config:
{
inherit (config) name;
value =
{
SUBVOLUME = config.value;
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800;
TIMELINE_LIMIT_HOURLY = "10";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "1";
TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
};
});
in
listToAttrs (map f (attrsToList services.snapper.configs));
};
}

13
modules/services/snapper.patch
View File

@@ -1,13 +0,0 @@
diff --git a/snapper/FileUtils.cc b/snapper/FileUtils.cc
index 9da572f..48f60fa 100644
--- a/snapper/FileUtils.cc
+++ b/snapper/FileUtils.cc
@@ -424,7 +424,7 @@ namespace snapper
v /= 62;
}
- int fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR);
+ int fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (fd >= 0)
return fd;
else if (errno != EEXIST)

27
modules/services/sshd.nix Normal file
View File

@@ -0,0 +1,27 @@
inputs:
{
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
passwordAuthentication = mkOption { type = types.bool; default = false; };
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) sshd;
in mkIf sshd.enable
{
services.openssh =
{
enable = true;
settings =
{
X11Forwarding = true;
ChallengeResponseAuthentication = false;
PasswordAuthentication = sshd.passwordAuthentication;
KbdInteractiveAuthentication = false;
UsePAM = true;
};
};
};
}

12
modules/services/synapse.nix
View File

@@ -133,10 +133,14 @@ inputs:
name = hostname;
value =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
rewriteHttps = true;
locations."/" =
{
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
else "http://${upstream.address}:${toString upstream.port}";
websocket = true;
setHeaders.Host = hostname;
};
};
})
(attrsToList synapse-proxy));

117
modules/services/vaultwarden.nix Normal file
View File

@@ -0,0 +1,117 @@
inputs:
{
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{
vaultwarden =
{
enable = mkOption { type = types.bool; default = false; };
autoStart = mkOption { type = types.bool; default = true; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
hostname = mkOption { type = types.str; default = "vaultwarden.chn.moe"; };
};
vaultwarden-proxy =
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "vaultwarden.chn.moe"; };
upstream = mkOption
{
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
{
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
port = mkOption { type = types.ints.unsigned; default = 8000; };
websocketPort = mkOption { type = types.ints.unsigned; default = 3012; };
};})];
default = {};
};
};
};
config =
let
inherit (inputs.config.nixos.services) vaultwarden vaultwarden-proxy;
inherit (builtins) listToAttrs;
inherit (inputs.lib) mkIf mkMerge;
in mkMerge
[
(
mkIf vaultwarden.enable
{
services.vaultwarden =
{
enable = true;
dbBackend = "postgresql";
config =
{
DATA_FOLDER = "/var/lib/vaultwarden";
WEB_VAULT_ENABLED = true;
WEBSOCKET_ENABLED = true;
ROCKET_PORT = vaultwarden.port;
WEBSOCKET_PORT = toString vaultwarden.websocketPort;
SIGNUPS_VERIFY = true;
DOMAIN = "https://${vaultwarden.hostname}";
SMTP_HOST = "mail.chn.moe";
SMTP_FROM = "bot@chn.moe";
SMTP_FROM_NAME = "vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_USERNAME = "bot@chn.moe";
};
environmentFile = inputs.config.sops.templates."vaultwarden.env".path;
};
sops =
{
templates."vaultwarden.env" =
let
serviceConfig = inputs.config.systemd.services.vaultwarden.serviceConfig;
placeholder = inputs.config.sops.placeholder;
in
{
owner = serviceConfig.User;
group = serviceConfig.Group;
content =
''
DATABASE_URL=postgresql://vaultwarden:${placeholder."postgresql/vaultwarden"}@localhost/vaultwarden
ADMIN_TOKEN=${placeholder."vaultwarden/admin_token"}
SMTP_PASSWORD=${placeholder."mail/bot"}
'';
};
secrets = listToAttrs (map
(secret: { name = secret; value = {}; })
[ "vaultwarden/admin_token" "mail/bot" ]);
};
systemd.services.vaultwarden =
{
enable = vaultwarden.autoStart;
after = [ "postgresql.service" ];
};
nixos.services.postgresql = { enable = true; instances.vaultwarden = {}; };
}
)
(
mkIf vaultwarden-proxy.enable
{
nixos.services.nginx =
{
enable = true;
httpProxy."${vaultwarden-proxy.hostname}" =
{
rewriteHttps = true;
locations = let upstream = vaultwarden-proxy.upstream; in (listToAttrs (map
(location: { name = location; value =
{
upstream = "http://${upstream.address or upstream}:${builtins.toString upstream.port or 8000}";
setHeaders = { Host = vaultwarden-proxy.hostname; Connection = ""; };
};})
[ "/" "/notifications/hub/negotiate" ]))
// { "/notifications/hub" =
{
upstream =
"http://${upstream.address or upstream}:${builtins.toString upstream.websocketPort or 3012}";
websocket = true;
setHeaders.Host = vaultwarden-proxy.hostname;
};};
};
};
}
)
];
}

6
modules/services/xray.nix
View File

@@ -269,6 +269,12 @@ inputs:
${iptables} -t mangle -N v2ray_mark -w
${iptables} -t mangle -A OUTPUT -j v2ray_mark -w
${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u v2ray) -j RETURN -w
${
if inputs.config.nixos.system.networking.nebula.enable then
let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User; in
"${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u ${user}) -j RETURN -w"
else ""
}
${iptables} -t mangle -A v2ray_mark -m set --match-set noproxy_src_net src -j RETURN -w
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1 -w
${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1 -w

26
modules/services/xrdp.nix
View File

@@ -4,14 +4,16 @@ inputs:
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 3389; };
hostname = mkOption { type = types.nullOr types.str; default = null; };
hostname = mkOption
{
type = types.nullOr (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
default = null;
};
};
config =
let
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.localLib) stripeTabs attrsToList;
inherit (inputs.config.nixos.services) xrdp;
inherit (builtins) map listToAttrs concatStringsSep toString filter attrValues;
in mkIf xrdp.enable (mkMerge
[
{
@@ -25,12 +27,18 @@ inputs:
}
(
mkIf (xrdp.hostname != null)
{
services.xrdp = let keydir = inputs.config.security.acme.certs.${xrdp.hostname}.directory; in
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
security.acme.certs.${xrdp.hostname}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
}
(
let
mainDomain = if builtins.typeOf xrdp.hostname == "string" then xrdp.hostname
else builtins.elemAt xrdp.hostname 0;
in
{
services.xrdp = let keydir = inputs.config.security.acme.certs.${mainDomain}.directory; in
{ sslCert = "${keydir}/full.pem"; sslKey = "${keydir}/key.pem"; };
nixos.services.acme = { enable = true; certs = [ xrdp.hostname ]; };
security.acme.certs.${mainDomain}.group = inputs.config.systemd.services.xrdp.serviceConfig.Group;
}
)
)
]);
}

4
modules/system/default.nix
View File

@@ -3,7 +3,7 @@ inputs:
imports = inputs.localLib.mkModules
[
./nix.nix
./fileSystems.nix
./fileSystems
./grub.nix
./initrd.nix
./kernel.nix
@@ -61,9 +61,11 @@ inputs:
defaultLocale = "C.UTF-8";
supportedLocales = [ "zh_CN.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "C.UTF-8/UTF-8" ];
};
users.mutableUsers = false;
# environment.pathsToLink = [ "/include" ];
# environment.variables.CPATH = "/run/current-system/sw/include";
# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
virtualisation.oci-containers.backend = "docker";
home-manager.sharedModules = [{ home.stateVersion = "22.11"; }];
};
}

20
modules/system/fileSystems.nix → modules/system/fileSystems/default.nix
View File

@@ -39,6 +39,11 @@ inputs:
});
default = {};
};
keyFile = mkOption
{
type = types.path;
default = ./. + "/${inputs.config.nixos.system.networking.hostname}.key";
};
delayedMount = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
@@ -79,7 +84,11 @@ inputs:
# mount.vfat
{
fileSystems = listToAttrs (map
(device: { name = device.value; value = { device = device.name; fsType = "vfat"; }; })
(device:
{
name = device.value;
value = { device = device.name; fsType = "vfat"; neededForBoot = true; };
})
(attrsToList fileSystems.mount.vfat));
}
# mount.btrfs
@@ -106,7 +115,8 @@ inputs:
# zstd:15 5m33s 7.16G
# zstd:8 54s 7.32G
# zstd:3 17s 7.52G
options = [ "compress-force=zstd" "subvol=${subvol.name}" ];
options = [ "compress-force=zstd" "subvol=${subvol.name}" "acl" ];
neededForBoot = true;
};
}
)
@@ -198,7 +208,7 @@ inputs:
# mdadm
(
mkIf (fileSystems.mdadm != null)
{ boot.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
{ boot.initrd.services.swraid = { enable = true; mdadmConf = fileSystems.mdadm; }; }
)
# swap
{ swapDevices = map (device: { device = device; }) fileSystems.swap; }
@@ -231,7 +241,9 @@ inputs:
mount ${device} /mnt -m
if [ -f /mnt${path}/current/.timestamp ]
then
mv /mnt${path}/current /mnt${path}/$(cat /mnt${path}/current/.timestamp)
timestamp=$(cat /mnt${path}/current/.timestamp)
mv /mnt${path}/current /mnt${path}/$timestamp
btrfs property set -ts /mnt${path}/$timestamp ro true
fi
btrfs subvolume create /mnt${path}/current
echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp

BIN
modules/system/fileSystems/nas.key Normal file
View File

Binary file not shown.

BIN
modules/system/fileSystems/vps6.key Normal file
View File

Binary file not shown.

BIN
modules/system/fileSystems/vps7.key Normal file
View File

Binary file not shown.

1
modules/system/gui.nix
View File

@@ -3,6 +3,7 @@ inputs:
options.nixos.system.gui = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
preferred = mkOption { type = types.bool; default = false; };
};
config =
let

21
modules/system/impermanence.nix
View File

@@ -41,10 +41,20 @@ inputs:
"${impermanence.root}" =
{
hideMounts = true;
directories = []
directories = [ "/var/lib/systemd/linger" ]
++ (if inputs.config.services.xserver.displayManager.sddm.enable then
[{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
};
}
// (if builtins.elem "chn" inputs.config.nixos.users.users then
{
users.chn =
{
directories =
[
".cache"
];
};
} else {});
"${impermanence.nodatacow}" =
{
hideMounts = true;
@@ -54,7 +64,12 @@ inputs:
[{ directory = "/var/lib/postgresql"; user = user.name; group = user.group; mode = "0750"; }]
else []
)
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else []);
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
++ (
if inputs.config.nixos.virtualization.kvmHost.enable then
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
else []
);
};
};
};

19
modules/system/kernel.nix
View File

@@ -25,22 +25,13 @@ inputs:
"ahci" "ata_piix" "bfq" "failover" "net_failover" "nls_cp437" "nls_iso8859-1" "nvme" "sdhci_acpi" "sd_mod"
"sr_mod" "usbcore" "usbhid" "usbip-core" "usb-common" "usb_storage" "vhci-hcd" "virtio" "virtio_blk"
"virtio_net" "virtio_pci" "xhci_pci" "virtio_ring" "virtio_scsi" "cryptd" "crypto_simd" "libaes"
# networking for nas
"igb"
] ++ kernel.modules.initrd;
extraModulePackages = (with inputs.config.boot.kernelPackages; [ v4l2loopback ]) ++ kernel.modules.install;
extraModprobeConfig = builtins.concatStringsSep "\n" kernel.modules.modprobeConfig;
kernelParams = [ "delayacct" "acpi_osi=Linux" ];
kernelPackages = inputs.pkgs.linuxPackagesFor (inputs.pkgs.linuxPackages_xanmod.kernel.override rec
{
src = inputs.pkgs.fetchFromGitHub
{
owner = "xanmod";
repo = "linux";
rev = modDirVersion;
sha256 = "sha256-rvSQJb9MIOXkGEjHOPt3x+dqp1AysvQg7n5yYsg95fk=";
};
version = "6.4.12";
modDirVersion = "6.4.12-xanmod1";
});
kernelPackages = inputs.pkgs.linuxPackages_xanmod_latest;
kernelPatches =
let
patches =
@@ -49,8 +40,8 @@ inputs:
{
patch = inputs.pkgs.fetchurl
{
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.3.patch";
sha256 = "sha256-QnsWruzhtiZnqzTUXkPk9Hb19Iddr4VTWXyV4r+iLvE=";
url = "https://raw.githubusercontent.com/zhmars/cjktty-patches/master/v6.x/cjktty-6.4.patch";
sha256 = "1kvmddg18pw22valbgx2vlxiasgxvszzm5lzkz096xm51sz72rm0";
};
extraStructuredConfig =
{ FONT_CJK_16x16 = inputs.lib.kernel.yes; FONT_CJK_32x32 = inputs.lib.kernel.yes; };

16
modules/system/networking/nebula/default.nix
View File

@@ -3,8 +3,9 @@ inputs:
options.nixos.system.networking.nebula = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
# null: is lighthouse, non-empty string: is not lighthouse, and use this string as lighthouse address.
# null: is lighthouse; non-empty string: is not lighthouse, and use this string as lighthouse address.
lighthouse = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
useRelay = mkOption { type = types.bool; default = false; };
};
config =
let
@@ -17,18 +18,19 @@ inputs:
{
enable = true;
ca = ./ca.crt;
# nebula-cert sign -name 1p9p -ip 192.168.82.4/24
cert = ./. + "/${inputs.config.nixos.system.networking.hostname}.crt";
key = inputs.config.sops.templates."nebula/key-template".path;
firewall.inbound = [ { host = "any"; port = "any"; proto = "any"; } ];
firewall.outbound = [ { host = "any"; port = "any"; proto = "any"; } ];
}
// (
if nebula.lighthouse == null then { isLighthouse = true; }
if nebula.lighthouse == null then { isLighthouse = true; isRelay = true; }
else
{
lighthouses = [ "192.168.82.1" ];
relays = if nebula.useRelay then [ "192.168.82.1" ] else [];
staticHostMap."192.168.82.1" = [ "${nebula.lighthouse}:4242" ];
listen.port = 0;
}
);
sops =
@@ -46,7 +48,11 @@ inputs:
};
secrets."nebula/key" = {};
};
networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
// (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
networking.firewall.trustedInterfaces = [ "nebula.nebula" ];
systemd.services."nebula@nebula" =
{
after = [ "network-online.target" ];
serviceConfig.Restart = "always";
};
};
}

6
modules/system/networking/nebula/nas.crt Normal file
View File

@@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE-----
CmEKA25hcxIKhKShhQyA/v//DyiRxoCoBjCv/sW2BjoghACiJywxa2n7Aki9/HEU
q2KpxFE+1Eshcgiy09UagFxKICju+bVGfbNKKrhV7SCNXhazgyVZYigGrzfpvHza
nafWEkDfhP5lh+/rFLPZslxaU+jy1swpr+oipToAnZ9Lw5Wlefpmxo/8mTBb4a8T
0jhdUC8x4ETwta6LbtWfo7uPinAJ
-----END NEBULA CERTIFICATE-----

1
modules/system/nix.nix
View File

@@ -26,7 +26,6 @@ inputs:
experimental-features = [ "nix-command" "flakes" ];
keep-outputs = nix.keepOutputs;
keep-failed = true;
auto-optimise-store = true;
substituters = if nix.substituters == null then [ "https://cache.nixos.org/" ] else nix.substituters;
trusted-public-keys = [ "chn:Cc+nowW1LIpe1kyXOZmNaznFDiH1glXmpb4A+WD/DTE=" ];
show-trace = true;

26
modules/system/nixpkgs.nix
View File

@@ -22,17 +22,30 @@ inputs:
{
config.allowUnfree = true;
config.cudaSupport = nixpkgs.cudaSupport;
overlays = [(final: prev: { genericPackages =
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };})];
overlays = [(final: prev:
{
genericPackages =
import inputs.topInputs.nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
waydroid = final.unstablePackages.waydroid;
})];
};
}
(
mkConditional (nixpkgs.march != null)
{
programs.ccache.enable = true;
nixpkgs =
{
hostPlatform = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
config = { qchem-config.optArch = nixpkgs.march; oneapiArch = nixpkgs.oneapiArch; };
overlays = [(final: prev:
{
unstablePackages = import inputs.topInputs.nixpkgs-unstable
{
localSystem = { system = "x86_64-linux"; gcc = { arch = nixpkgs.march; tune = nixpkgs.march; }; };
config.allowUnfree = true;
};
})];
};
boot.kernelPatches =
[{
@@ -56,7 +69,14 @@ inputs:
};
}];
}
{ nixpkgs.hostPlatform = "x86_64-linux"; }
{
nixpkgs =
{
hostPlatform = "x86_64-linux";
overlays = [(final: prev: { unstablePackages = import inputs.topInputs.nixpkgs-unstable
{ localSystem.system = "x86_64-linux"; config.allowUnfree = true; }; })];
};
}
)
];
}

7
modules/system/security.nix
View File

@@ -25,13 +25,6 @@ inputs:
"es256"
"+presence"
])
(builtins.concatStringsSep ","
[
"WgLCnlQcGP4uVHI8OZrJWoLK6ezHtl404NVGsfH2LXsq0TNVZ7l2OidGpbYqIJwTn5yKu6t0MI7KdHYD18T/HA=="
"GVPuwp38yb+A1Uur22hywW7mQJPOxuLXXKLlM9FU2bvVhpwdjWDvg+BB5YFAL9NjTW22V7Hy/a9UuSmZejs7dw=="
"es256"
"+presence"
])
])
]);
};

2
modules/system/systemd.nix
View File

@@ -14,6 +14,6 @@ inputs: { config =
services.systemd-tmpfiles-setup.environment.SYSTEMD_TMPFILES_FORCE_SUBVOL = "0";
# do not clean /tmp
timers.systemd-tmpfiles-clean.enable = false;
coredump.enable = false;
coredump = { enable = true; extraConfig = "Storage=none"; };
};
};}

526
modules/users/default.nix
View File

@@ -1,276 +1,276 @@
inputs:
{
config =
let
inherit (inputs.lib) listToAttrs mkMerge;
inherit (builtins) map;
inherit (inputs.localLib) stripeTabs;
in mkMerge
[
let
allUsers =
{
root =
{
users =
users.users.root =
{
users =
{
root =
{
shell = inputs.pkgs.zsh;
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
openssh.authorizedKeys.keys =
[
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
];
};
chn =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" ]
(builtins.attrNames inputs.config.users.groups);
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
};
};
mutableUsers = false;
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
openssh.authorizedKeys.keys =
[
(builtins.concatStringsSep ""
[
"sk-ssh-ed25519@openssh.com "
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
"chn@pc"
])
];
};
}
# (mkMerge (map (user:
# {
# sops.secrets."password/${user}".neededForUsers = true;
# users.users.${user}.passwordFile = inputs.config.sops.secrets."password/${user}".path;
# }) [ "root" "chn" ]))
{
home-manager =
home-manager.users.root =
{
useGlobalPkgs = true;
useUserPackages = true;
users =
let
normal = { gui ? false }: { pkgs, ...}:
imports = inputs.config.nixos.users.sharedModules;
config.programs.git =
{
extraConfig.core.editor = inputs.lib.mkForce "vim";
userName = "chn";
userEmail = "chn@chn.moe";
};
};
};
chn =
{
users.users.chn =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
(builtins.attrNames inputs.config.users.groups);
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
openssh.authorizedKeys.keys =
[
# ykman fido credentials list
# ykman fido credentials delete f2c1ca2d
# ssh-keygen -t ed25519-sk -O resident
# ssh-keygen -K
(builtins.concatStringsSep ""
[
"sk-ssh-ed25519@openssh.com "
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
"chn@pc"
])
];
};
home-manager.users.chn =
{
imports = inputs.config.nixos.users.sharedModules;
config =
{
programs =
{
git =
{
home.stateVersion = "22.11";
programs =
userName = "chn";
userEmail = "chn@chn.moe";
};
ssh.matchBlocks = builtins.listToAttrs
(
(builtins.map
(host:
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
}))
++ (builtins.map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions =
{
PubkeyAcceptedAlgorithms = "+ssh-rsa";
HostkeyAlgorithms = "+ssh-rsa";
SetEnv = "TERM=chn_unset_ls_colors:xterm-256color";
# in .bash_profile:
# if [[ $TERM == chn_unset_ls_colors* ]]; then
# export TERM=${TERM#*:}
# export CHN_LS_USE_COLOR=1
# fi
# in .bashrc
# [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
};
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
zsh =
{
enable = true;
initExtraBeforeCompInit =
''
# p10k instant prompt
typeset -g POWERLEVEL9K_INSTANT_PROMPT=off
P10K_INSTANT_PROMPT="$XDG_CACHE_HOME/p10k-instant-prompt-''${(%):-%n}.zsh"
[[ ! -r "$P10K_INSTANT_PROMPT" ]] || source "$P10K_INSTANT_PROMPT"
HYPHEN_INSENSITIVE="true"
export PATH=~/bin:$PATH
function br
{
local cmd cmd_file code
cmd_file=$(mktemp)
if broot --outcmd "$cmd_file" "$@"; then
cmd=$(<"$cmd_file")
command rm -f "$cmd_file"
eval "$cmd"
else
code=$?
command rm -f "$cmd_file"
return "$code"
fi
}
alias todo="todo.sh"
'';
plugins =
[
{
file = "powerlevel10k.zsh-theme";
name = "powerlevel10k";
src = "${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
}
{
file = "p10k.zsh";
name = "powerlevel10k-config";
src = ./p10k-config;
}
{
name = "zsh-lsd";
src = pkgs.fetchFromGitHub
{
owner = "z-shell";
repo = "zsh-lsd";
rev = "029a9cb0a9b39c9eb6c5b5100dd9182813332250";
sha256 = "sha256-oWjWnhiimlGBMaZlZB+OM47jd9hporKlPNwCx6524Rk=";
};
}
];
history =
{
extended = true;
save = 100000000;
size = 100000000;
share = true;
};
};
direnv = { enable = true; nix-direnv.enable = true; };
git =
{
enable = true;
lfs.enable = true;
userEmail = "chn@chn.moe";
userName = "chn";
extraConfig =
{
core.editor = if gui then "code --wait" else "vim";
advice.detachedHead = false;
merge.conflictstyle = "diff3";
diff.colorMoved = "default";
};
package = pkgs.gitFull;
delta =
{
enable = true;
options =
{
side-by-side = true;
navigate = true;
syntax-theme = "GitHub";
light = true;
zero-style = "syntax white";
line-numbers-zero-style = "#ffffff";
};
};
};
ssh =
{
enable = true;
controlMaster = "auto";
controlPersist = "1m";
compression = true;
matchBlocks = builtins.listToAttrs
(
(map
(host:
{
name = host.name;
value = { host = host.name; hostname = host.value; user = "chn"; };
})
(inputs.localLib.attrsToList
{
vps3 = "vps3.chn.moe";
vps4 = "vps4.chn.moe";
vps5 = "vps5.chn.moe";
vps6 = "vps6.chn.moe";
vps7 = "vps7.chn.moe";
nas = "192.168.1.188";
}))
++ (map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions = { PubkeyAcceptedAlgorithms = "+ssh-rsa"; HostkeyAlgorithms = "+ssh-rsa"; };
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 =
{
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
};
};
};
vim =
{
enable = true;
defaultEditor = true;
settings =
{
number = true;
expandtab = false;
shiftwidth = 2;
tabstop = 2;
};
extraConfig =
''
set clipboard=unnamedplus
colorscheme evening
'';
};
chromium =
{
package = inputs.topInputs.nixpkgs-stable.legacyPackages.x86_64-linux.chromium;
enable = inputs.config.programs.chromium.enable && gui;
extensions =
[
{ id = "mpkodccbngfoacfalldjimigbofkhgjn"; } # Aria2 Explorer
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # Bitwarden
{ id = "kbfnbcaeplbcioakkpcpgfkobkghlhen"; } # Grammarly
{ id = "ihnfpdchjnmlehnoeffgcbakfmdjcckn"; } # Pixiv Fanbox Downloader
{ id = "cimiefiiaegbelhefglklhhakcgmhkai"; } # Plasma Integration
{ id = "dkndmhgdcmjdmkdonmbgjpijejdcilfh"; } # Powerful Pixiv Downloader
{ id = "padekgcemlokbadohgkifijomclgjgif"; } # Proxy SwitchyOmega
{ id = "kefjpfngnndepjbopdmoebkipbgkggaa"; } # RSSHub Radar
{ id = "abpdnfjocnmdomablahdcfnoggeeiedb"; } # Save All Resources
{ id = "nbokbjkabcmbfdlbddjidfmibcpneigj"; } # SmoothScroll
{ id = "onepmapfbjohnegdmfhndpefjkppbjkm"; } # SuperCopy 超级复制
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # uBlock Origin
{ id = "gppongmhjkpfnbhagpmjfkannfbllamg"; } # Wappalyzer
{ id = "hkbdddpiemdeibjoknnofflfgbgnebcm"; } # YouTube™ 双字幕
{ id = "ekhagklcjbdpajgpjgmbionohlpdbjgc"; } # Zotero Connector
{ id = "ikhdkkncnoglghljlkmcimlnlhkeamad"; } # 划词翻译
{ id = "dhdgffkkebhmkfjojejmpbldmpobfkfo"; } # 篡改猴
{ id = "hipekcciheckooncpjeljhnekcoolahp"; } # Tabliss
];
};
obs-studio =
{
enable = true;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-nvfbc droidcam-obs obs-vkcapture ];
};
host = "xmupc1";
hostname = "office.chn.moe";
user = "chn";
port = 6007;
};
nas =
{
host = "nas";
hostname = "office.chn.moe";
user = "chn";
port = 5440;
};
xmupc1-ext =
{
host = "xmupc1-ext";
hostname = "vps3.chn.moe";
user = "chn";
port = 6007;
};
xmuhk =
{
host = "xmuhk";
hostname = "10.26.14.56";
user = "xmuhk";
# identityFile = "~/.ssh/xmuhk_id_rsa";
};
xmuhk2 =
{
host = "xmuhk2";
hostname = "183.233.219.132";
user = "xmuhk";
port = 62022;
};
};
in
{
root = normal { gui = false; };
chn = normal { gui = inputs.config.nixos.system.gui.enable; };
};
home.packages =
[
(
let
servers = builtins.filter
(system: system.value.enable)
(builtins.map
(system:
{
name = system.config.nixos.system.networking.hostname;
value = system.config.nixos.system.fileSystems.decrypt.manual;
})
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
cat = "${inputs.pkgs.coreutils}/bin/cat";
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
ssh = "${inputs.pkgs.openssh}/bin/ssh";
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
(
(builtins.map (system: builtins.concatStringsSep "\n"
[
"decrypt-${system.name}() {"
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
(builtins.concatStringsSep "\n" (builtins.map
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
+ (if device.value.ssd then "--allow-discards " else "")
+ "${device.name} ${device.value.mapper} -")
(inputs.localLib.attrsToList system.value.devices)))
"}"
])
servers)
++ [ "decrypt-$1" ]
))
)
];
};
};
}
];
}
nixos.services.groupshare.mountPoints = [ "/home/chn/groupshare" ];
};
xll =
{
users.users.xll =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/xll".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./xll_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/xll".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
};
zem =
{
users.users.zem =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/zem".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./zem_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/zem".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
};
yjq =
{
users.users.yjq =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/yjq".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./yjq_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/yjq".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
};
yxy =
{
users.users.yxy =
{
isNormalUser = true;
extraGroups = inputs.lib.intersectLists
[ "groupshare" "video" ]
(builtins.attrNames inputs.config.users.groups);
passwordFile = inputs.config.sops.secrets."users/yxy".path;
openssh.authorizedKeys.keys = [ (builtins.readFile ./yxy_id_rsa.pub) ];
shell = inputs.pkgs.zsh;
autoSubUidGidRange = true;
};
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
sops.secrets."users/yxy".neededForUsers = true;
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
};
};
in
{
options.nixos.users = let inherit (inputs.lib) mkOption types; in
{
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
};
config =
let
inherit (builtins) map attrNames;
inherit (inputs.lib) mkMerge mkIf;
inherit (inputs.config.nixos) users;
in mkMerge
[
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
];
}
# environment.persistence."/impermanence".users.chn =
# {
@@ -313,4 +313,4 @@ inputs:
# ".viminfo"
# ".zsh_history"
# ];
# };
# };

1
modules/users/xll_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ/jzUQ6QuAjnAryvpWk7TReS6pnHxhEXY9RonojKkurhfYSQO/IlxDMDq23TFXcgu8iZG4cS6MADgx/KNZD/MjuN9YNCIEGvMwzWvB0oM25BC6Vf3iKDmhH06rZKH6/g5GN+HWoCN4yE/+MhIpegFO3+YMpveXwEESlyoIjPvcW+RwmlNJevrHd83ETYDQ4AybWyJo6en5tz2ngr22HaK4MtxgrqnIN/KorY+nrzTNa7VBC7BaZc1tA5FLwUeCXtuzp2ibfrxoGUAiDig4FW09ijCk3Y77y7aNVI2nw5y28nCV5rgVMh5fejtNVqIqku7p+8qgjxvY6veATG0lYgZgw2ldnDGDNbEGxcCnKKmCgZMxok8zTRsniZ91KuHkcl2L7xUo7kdQYzBRwZyQ53eW+yPoqUya4yn272rscBEUMyZzmegfr1SXMqw/8zn+MZdr1KXEvrbfjX+2QL52GY3bfYUf3KFje+Sp88k688bRH0vrxj9BCOS7ovbyfe9BEU= xll@chn-PC

1
modules/users/yjq_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtnVhZQsJfbs2w9hFZkx4qDhIs++7no+6r5TifP3Dq7epJYd2QYx4dI66XxTNhKxZjN6a4Xn5nFlYLtQJXOvzBLC8IBf1W5GCH0k/jqzzskS0/Ix/70HzcBwJk8ihWDkyON5Ki1BRCx34RNxth1BIxWyc5QT+lou+D92x8iAu/uOvmcAL3Ua0OlZwxw03hLp/PpS4ZnUqFjc2JVtarY7eQu/i3RwOZUaK6nT2EL8RObzk4xnieqsU5PWwA3voVjetqZaDQ+P7dimQXz/FaucroKxCNyTiy1oG4fdQpm2UDrH6ZfPvdQLYrtet6FQabXOxhV7MuR3jYtxZjs1kDVZIseIZ6IwjetaUoMxvIouRfYjOSIEo9Ek9o0+Yhku4r0uWmPDrymWugU1raMmlRxSUwdlzW+C7mQwtGbs/MG4MN4GWkM6id5DKlY2vYKUfrTzmhY1swCtzKq20fjvyX8qhJdcytgVlOrBZnPje6Qd55sI0RjdgJrBsxT2SYquez7U8= yjq@chn-PC

1
modules/users/yxy_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3D1PKR7xwlFBT/XdvGl9JkKTR0opBOQwxokR0Ri+zy0a6PgFFE6/L2NhgbHLQZt96J4lHl9ZxPdRgQ8Tc4+rptJiEX5VvZaNXmOC5wa5fGZuSj93HPEUzrtOv1sFzh2WgAeWd2nf7r/DoSYY91W1Bpsjx1YaeI6KvTHMeqoidTd17CcrMkIcOuYlgAHDeZ+vnxljTOddjK17D+AsG1+ThbDNwd97AlRv/pRkL2BAnHHNvL1UXVKg47IV4+60guB0Xqr947mSdCAomW1Oe9XbYooVRZZaVov1cv6NTQ0dZ6ktV3i+s7VXZh8dNkp46Hw68gI+fHp0I3mze5MblffpaGo2f0qQrJOROQygOyj/ihK1eMkPNKfdJE0odQ0z+1mwnwq5bhP5UPBvz6Z11M9Ez+/VtX3MG27RdVPMtoLSgHV7XwvVsvJQ5V+O+TkdO95IIlPuA2+1wj9O+Tsz4u4IS5xC7XXr9Jo+Mj1gbYnZqmTSldyBIkSUuKRgDF6oC4Fs= yxy@chn-xmupc1

1
modules/users/zem_id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDn1pfGen7kjPTHsbb8AgrUJWOeFPHK5S4M97Lcj3tvdcjZi2SXN6PwHQfh8/xGhZbTLPz/40S9O9/Dn30xkUTfnONirKt790jp7VEbOtPnjQPOd/KRNWlS3VV0BELuq5p633Mi13rP6JZtdKmU2uSkvvaUBfCppy3JaWv/B7HLJ48f8IzkdiT1px3dN1eQ4SFoHOiVG0ci5TGG6wfMdoAAnM9R1aXI4gDxnYjLYujpaNZ4hBOta/6ZK/PV0JufoXdIAZjubgk1Hv04XHXLR2Z0UhRM6x7UrZIOdM/LlnKmcVk408ZKEj/9m1xRyDsNoZ24CF++cmnwfBHrp9I5nvDI7xOTdZlOhzkiiPM3f4i6s2Qjdv4vpZ6AeE3Qt1LVQyAr67b4UMjHuYqSi2KgyCO6My2Ov2eRoS74EKcb8ejJv3O+XInmYUgDgTgDFT3CgQgK2DG45HiV6nOkaE/6iKx2JSOiYZTFc7TRcePfXF9JQD7dXFde6qm3EbIVyJIpCJ8= zem@chn-PC

9
modules/virtualization/default.nix
View File

@@ -67,7 +67,14 @@ inputs:
};
virtualisation =
{
libvirtd = { enable = true; qemu.runAsRoot = false; onBoot = "ignore"; onShutdown = "shutdown"; };
libvirtd =
{
enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
parallelShutdown = 4;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with inputs.pkgs; [ qemu_full win-spice ] ++

34
secrets/nas.yaml
View File

@@ -1,5 +1,14 @@
xray-client:
uuid: ENC[AES256_GCM,data:0q37D3FVH95eSmw1KPuQSbt6zgzdt9iyO6Mnsk/CiDtp36BR,iv:V0sZLD4VAPF6LQg+mrWxpvnKfkCwQlmwGuJ86XEe8Ik=,tag:UEQAcpkv1LmuIBF50PL0lQ==,type:str]
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
nebula:
key: ENC[AES256_GCM,data:zWLXEH628ZVDZk7U/9zEXocJatCJr7hZrCmh/pifPlxVvVud5RQxLvgRvhQ=,iv:YFn7spiIcaW/l8dQZvGhsERi81L2RKLUE/55Bht0TMQ=,tag:fVdIRCMeT6o0lrGVDjCVlA==,type:str]
acme:
cloudflare.ini: ENC[AES256_GCM,data:/LpP1qoVS+CG+5ska6vtmagHNrhcgr5e1QRzDdbdCYGnDB8Nca/GmIogzHCXsogQY/rwGTCZoXLKKEGToYiThwk=,iv:R++I0ued2wrVsmM/vYvBVMOp9M7HyZIfDOVOlg7GALE=,tag:gYchPuh8MHk3EEnGb9g4WA==,type:str]
users:
xll: ENC[AES256_GCM,data:XLSsz6fZ23PPaJS1Y5C3FAOks3wzb2f+Pv8TgyKrDBfMeoLk1M37A00OGJ2wsYxkuR0JV6Uoh+hhRpTUjOQnmLfQrBxPxxP8DA==,iv:jxEZX/flxxduM1sdrYfGHfMtFMYduMg0Lr6hY1pkAPg=,tag:CYy0y1e2S2Txz1OSh+XDHA==,type:str]
zem: ENC[AES256_GCM,data:VCVLfGO9a06XhAOBciFf1u7A5jaQikAt2wZf+dCAi1BglXpM6Hof1yAunadYOwLOBFgGlP19kX53CBBlZtaqZFL2GRDzXP0woQ==,iv:AFYtHCCkzNrllN/fjQ8GKYs2TyV3uj3BsU5n1tBQAmM=,tag:5dP7c5N4yG2NS4T+Vg0Zpg==,type:str]
yjq: ENC[AES256_GCM,data:yn6eGrySCxlRsFioaE2p1qlTHkIGC9l64+edjuDvt232xc+iFeD03EYfuulyr0GxYFwnlAwtaJnyMi5eOrSd1W6HeV3Canzdbw==,iv:qTc6vA8uQza8CB+BvffEN9GqHkiwNM4h9RkqQR14ylk=,tag:UZ2GYCJLjcWLuVXlscLviw==,type:str]
yxy: ENC[AES256_GCM,data:71vjvwr29lfPCarnblpbW3WVyJK8EMV+cR4prc4AM3r0PG4z88P6i0IrzSy8XwkVPrEasfYXxn+vDbzXyi7kIWaWXrkjcyGTxg==,iv:LfkinvbIhchvgfgixIY8Wg6esrc+TOS4YWqRTJ0qfvw=,tag:mLPw6z8DOPrHsRpUHn3/gw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -9,14 +18,23 @@ sops:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbFR2bHMrRmdXWVVHTTlJ
VVFoMXNBWUU0MGkrOWl0bEphb3JlSTlsN25nCjE1NTZwTHM1b09ZeS9GQ09pRFB0
TFRPcW5MTGI1dTk0YXFsVmI1ZmVnTlUKLS0tIEpZNW1YMi9Gc0laRkxYbEw2TGd2
MVRPMDVCeHVlOTBnWVNJZ21kcmlBTFkKKbyR6MGaKRvk23toLEdD9s7deQN2Dp9U
fYn/X4SC7Wfm4atiDbLR3Jz6FhjRAN+s//lrojRb4yqoipa2AN5tPA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aWJSUVUwMnYwN01vSEJO
cHV3Ylkzb1Z6Z1E3a2NwZXdIVlpacHJDNWhBCkZXZWx5M21HKy94WkhuaDhkVEFL
M01MdUlza0VmK1hKTExmeFdUWDllbTAKLS0tIE8wR1F6ZVZPNVYwU1Y3ZFJaUkhT
a3B1UzdQSjlzTmxReVhWMzhTaVdTRDgKG76K16V6NAMaeyfne4LL/zwa5+lfPz/y
1SX1JOaWNpXqfOIGflZUF88lxCLR8ttEFea391x2vhoKPZKCvIDGHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-23T12:21:23Z"
mac: ENC[AES256_GCM,data:sUfKYYu4aQYa2hO09aRXDdlrxY9T8ePb4sMTf8hfHHZLRaxLubWy7JkzVdxlTDpCHEZIW5J5zpbcjpvE8ZC5G/m45iCLwJIqAM5teSoG5FW/hR2uzfSuRsF/5vh1xFREsGtMLYskBobvf9mssBwRXgaKOv4zAHzlBmEhTLTBFLg=,iv:TmjRAHISDSK1+M1WtrMYF20cdCPCqu05VhHl6/ipKB4=,tag:jwMdzZoFu1IOB3sg2/kxlg==,type:str]
- recipient: age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eXhkb1B3WXhGTTBLTDk2
ZmhTUDltWGk4ZU1PUk8vYkVaUkx0MDFEWUZNCjl2R25JR3Z0U3NKWWwzbjVsMXVq
NXMxOThGaFVHQ1ZacU4yUXVBVXNBNUkKLS0tIFkyUjhzMzlMVkM2WFZ1VUw5Zlcy
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-14T11:09:58Z"
mac: ENC[AES256_GCM,data:f6D4N+He7Zz0VA2FxUzTARfckidgVlDHE1hZrYW6jDf+v9ZK/c/JAj12zLNiCy9aG6rBz5K0jdWpnTsguMlTYCKUjLcD8MSW4KJErYmeVFLpfuiSBMr0+pcSVA9DpEmekaYl0GbnxrgQKrfEL0dthR6+9m5CsP/1bvEs34XcKGk=,iv:0YVxL5iVOvmFzThk7fua2Cqpty9lTX/tdKNii5gY/UA=,tag:d+NwYbpeDziniYXwQYVCdg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

6
secrets/pc.yaml
View File

@@ -7,8 +7,6 @@ frp:
store:
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
nginx:
#ENC[AES256_GCM,data:sHSfWhEO9PHWTY0r,iv:XSyOSkzEVOjMF/9vjEVpcuKH6B2mdE5D7l9VKrSILO0=,tag:2YkAoPW5GqOjFpPF5IvApg==,type:comment]
#ENC[AES256_GCM,data:Oaxg1nXYHLNOAF2V8lNF+4OtJz5bXOdEleXi89AW+dQvDgj0HMAAlxLiixlfhFW48Clcu+C+4opFZUk+4Q3GBePTQWeabgEFAZi+MgnVoiXzfizQpmve,iv:/NyV6W0vaXvS5qFKPw+7Iqe9po1VKQDLbHaC9Fa8Mto=,tag:JiCKJxhpAI9k11N9WxfZew==,type:comment]
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
postgresql:
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
@@ -42,8 +40,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:51:32Z"
mac: ENC[AES256_GCM,data:PlBRhBHJ067MzX77ZaG7XzQviTixWWEZboFM8h1ezmei+Pf2PY4oDxRfmEgAodXD2EpM0x4cao3NPzMeAYtJK0YUViZRzdSbya/60W6Xzv0nrbJHh3xvvJmLVsMXyD3KKMcafTOrBsxnCg0gRro778Z63XkN/S9tA2tZfdZLLcY=,iv:9N223T+lBjYt0WLvvERbAFE1Z30ejWwZNDjByFjlW98=,tag:iTD7+P5uFlwe/xEX80QgMg==,type:str]
lastmodified: "2023-09-18T12:02:13Z"
mac: ENC[AES256_GCM,data:cO1AngVyJaj+M91wUCG4mGLRjYDF57CdV1UyYeWBXozNl1VxgTWlUFfQJFC5gIGKohAXhGT0SERLGPRVIkacd0hvuHdeHHyp7kzrwQGZTkfxu6oknlvXEXNUdrIiwoers5aJQbbdlEHI6jKL794VRtkykp3bJs0tSeI+v4EA6kI=,iv:YE+oJN+ZJ+1zmze0+GOYG/G8UI7VrVGO1Iwut6mrBfg=,tag:gF8EQSIbVoAzbb4kmWB/uA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

6
secrets/vps6.yaml
View File

@@ -22,7 +22,9 @@ xray-server:
user7: ENC[AES256_GCM,data:7rxvmKbtYrDKBlo8kZIfd86KLd9EcSWB0ikasIRqfCZ24W0h,iv:Uplz4fnFymmBVZ9YTniHFFY3EVSrTYsg1+CTFqBu1WY=,tag:l3EPeYRHSeRsCyRhqFRrEg==,type:str]
#ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
user8: ENC[AES256_GCM,data:FNT3hHMwPJu3iI1LuOP1KvsoOonh+J/ecrNrRQO5TpunDPUq,iv:tTEB0MSUmQ39tNq9v1BTfaEcJY7Y59CPHRASMC1a4U8=,tag:klDm6Isk52hG8ubcFu6yHA==,type:str]
#ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
user9: ENC[AES256_GCM,data:4BD/4MXAVLhDm3EXdgTiEgPketf0WgflVPGb3/JMWXfycEKY,iv:jwE5sFVxZjORwoqCBdufP2EhetVtFGHyCP58AzJwle0=,tag:OCteA20hDBLI9zt1ET0tUQ==,type:str]
#ENC[AES256_GCM,data:U48hPlrJn2dF9g==,iv:W+6QEgemNa41VCT2OfBvEhuLAucLxfR+YZiDgdkkSnk=,tag:IhVstGnQ4EviT5ctMgyKiA==,type:comment]
user10: ENC[AES256_GCM,data:d9qxJQH9Jo8gJKUi5jjSdVwqzuHG+dj08Tk+TxhczJmlSaFT,iv:DS+9isZX2B9AYAyV4Yle4fpHzA/SHcR56B/GW8QdALw=,tag:9nUQ0OuMCuXGSZs2kjfnIQ==,type:str]
user11: ENC[AES256_GCM,data:RPIH0DudfPJwPsa0yFLNqUy2EMwQh1bIqkmhCfteVTkUQGWP,iv:NH0aGTZ6nVqz2nn+o1HQS0PKpqHTBMkAhy0oFeyX/8k=,tag:kgd5zkHXW+oxRFC9x2VTUg==,type:str]
user12: ENC[AES256_GCM,data:Q+XcMYPWWeHqXZZt3lf9OurlWwVQGBJWTnRwDUvg7np19g3+,iv:ybREjo5/SFRN5LMSyYdm0ygkYoq/G1uBv9K0iGPqrh4=,tag:g2y8IJeXtHW1XjelOvT+/A==,type:str]
@@ -86,8 +88,8 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:50:37Z"
mac: ENC[AES256_GCM,data:+w04X4hdgiBO3VpCI5tM2h+X13m3QOQeMdcmKGavqBoC9S+jx9dOoy2H9FdhjyYN/dkhglFqG5LMnHqEsdLGSwSxUsJDmHMm3MvFLJYIybvanNB+Gxb9+ooBNpC/e+d1iLg85mAUTXhLlezw5gaRHtwiQ4llOXZesE+c+Wnbbws=,iv:mM5lw8pFJoqYvz8uIi+oTqJFyIHq6HjspYTaEJp2xzY=,tag:9AqRnzwUxIV/ClJATxz95g==,type:str]
lastmodified: "2023-09-30T12:43:07Z"
mac: ENC[AES256_GCM,data:78zZudkrqLTqFy2B2G5hTj4y1e7ApVfKSWUPlx+7nojZb0PdyoRE7q0ZSdOv5qKi2dU5+DLxfwJIDLBOQyquQKHKaPSZ4kL9iY9dEH1ySAYUcSuVs/+kXB4SbLPEO9zcgJmI3BCu/A3dbnRCNB3yotjfwHQ4cwDp09k/8DcN/Gw=,iv:h2qx6Izx7N8tdEUD/rknauQ7Tn6eSNgJrXg/pIZsQpA=,tag:sz+LGutIsRx200hAbCeSOw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

7
secrets/vps7.yaml
View File

@@ -13,6 +13,7 @@ postgresql:
wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
misskey: ENC[AES256_GCM,data:OXKLrkPDgVTdsZolzLVOlkYswLVFy0LSXiGjohic4j3t9cTrMIfBa7LbA5J7VlLryO/ISzLpu8lt9aEsmjYSSw==,iv:V4n3MUkAnbLs5gBOOqCubHxuKJGvfH9dND1YgD1YgCs=,tag:RXiXeekS76pGHUz3oEPQ9w==,type:str]
synapse: ENC[AES256_GCM,data:Orfse2arRGMujA8MloqOp+iVr0+uCVtlMZJNAA36J3UCog5ExE8HE6G5wIvvoP0o/PNToYc9Jgn8T7iWdU6FIA==,iv:XQ6/bDfIRmvZ3VdTqH5Gaiu2emd5kV+q6RjNXDQEtkc=,tag:Yq+w9oxv2yhpsQfMRp4HaQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:Uz8GJMaLUTQ9pQbZyZLWS4bL5wmt9RvbAwNctAIDt9JrV3FaXxgKjE0MJSGklS55yj/Z/wbO6RCuCK2AWR2VKw==,iv:7hA8YcB88M1qCV8EhFYpHbfPmAZ/7xNqvTMJYZ/UcAY=,tag:mkDHJYmRoYZ/Ct0UmOp9FA==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:+oLR/0G6bjSz3jbZxeoGbLd7I4AiJDxodpc8DEHmHjYaNS6UrQEO50ekNSm3DpcK9+bqMJl4q+d1PWXgHRJbIw==,iv:rQcq7LksBhJr26D3112y41ryW3cEwnG6XLgiFhLv3d4=,tag:/PaX7MIERrtqJoayzdf/AA==,type:str]
rsshub:
@@ -32,6 +33,8 @@ synapse:
signing-key: ENC[AES256_GCM,data:ZCayvU2lElUnuyVDL05XjO3v2P78ha9i9PEcLvpBLgNeYkh7nH9Z4kIAP6Pmbw39ufaSJuo5tZZPmA==,iv:CfxqL7dJbmG/jEcdDe+Su8uxsA4dkOq/CCOGlb3EDIk=,tag:9728QS3GLnTcerzDgtQEWw==,type:str]
nebula:
key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
vaultwarden:
admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -56,8 +59,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-03T08:51:12Z"
mac: ENC[AES256_GCM,data:PKxrr1uONIi4ljjS6FFLApcvjVEda4lnsh005Ukmi4NF4fj5/Tyg/4+j85S3UGjgKlHUJsda9qit/23sZjb1IMGgQyL3HakOhEGc1JgbvlibcGm8ZE5LCznu9sp7BQ6hDnYmV1rAyWBDmO6zjNwdjT6NikZUY5o+KiXptLWaUYo=,iv:Gw07qLy4QijtdJa3e15YsbP9UhCS+hpJuApvkvIDc7c=,tag:zit2ySLqpJ7si+YrGINFmg==,type:str]
lastmodified: "2023-09-16T06:00:05Z"
mac: ENC[AES256_GCM,data:1+Uqp+nb1zIkKVQzQWlEVBv3hAiBknHJSiVdEPxj4IzAAWc1okSsh8QYRkTA5WR54BL6I7xerITLvaqAIF1cNnmkZJ/bbbgXuQgwrrRfqDKzxOmtblQDxFO6A815VreLTfWjZN6/h3oEzH4DW+xRtd+js4n5L+nyLMee1O9kOi8=,iv:s6QN07djU9PAA2WRZ4xw2O0iDKqzmaEqVyRmeRoHNXE=,tag:y/KjOdf0cXl2XQbibjrVPQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3